nerdexam
EC-Council

312-50V10 · Question #35

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Etherne

The correct answer is C. Use the 802.1x protocol. IEEE 802.1X provides port-based Network Access Control, requiring devices to authenticate before gaining network access regardless of physical port availability.

Hacking Web Servers

Question

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

Options

  • ADisable unused ports in the switches
  • BSeparate students in a different VLAN
  • CUse the 802.1x protocol
  • DAsk students to use the wireless network

How the community answered

(22 responses)
  • A
    9% (2)
  • B
    5% (1)
  • C
    73% (16)
  • D
    14% (3)

Why each option

IEEE 802.1X provides port-based Network Access Control, requiring devices to authenticate before gaining network access regardless of physical port availability.

ADisable unused ports in the switches

Disabling unused ports is a partial hardening measure but does not authenticate users on active ports, and re-enabling ports for legitimate users would require manual intervention each time.

BSeparate students in a different VLAN

Placing students in a separate VLAN only segments traffic after they are already connected - it does not prevent unauthorized initial network access.

CUse the 802.1x protocolCorrect

802.1X is a port-based Network Access Control (NAC) standard that requires a supplicant (the connecting device) to authenticate via an authentication server (typically RADIUS) before the switch grants access to the network. This ensures that even if a student plugs into an available Ethernet port, they cannot access the network without valid credentials, making it the correct technical enforcement mechanism.

DAsk students to use the wireless network

Asking students to use wireless is an administrative request with no technical enforcement and can be ignored, providing no real access control.

Concept tested: 802.1X port-based network access control

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-17/sec-usr-8021x-xe-17-book/config-ieee-802x-pba.html

Topics

#802.1x#port-based NAC#unauthorized access#network access control

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice