312-50V13 Question #67: Real Exam Question with Answer & Explanation

Question

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

Options

• ADisable unused ports in the switches
• BSeparate students in a different VLAN
• CUse the 802.1x protocol
• DAsk students to use the wireless network

Explanation

To prevent unauthorized devices, like student notebooks, from gaining network access via wired Ethernet ports, a robust authentication mechanism is required before network connectivity is granted. The 802.1X protocol provides port-based network access control, authenticating devices attempting to connect to a switch port before allowing them onto the network.

Common mistakes.

• A. Disabling unused ports in switches is a good security practice to reduce the attack surface, but it does not prevent unauthorized access on ports that must remain enabled for legitimate users.
• B. Separating students into a different VLAN might segment network traffic, but it does not prevent unauthorized devices from connecting to a wired port that belongs to a different, potentially more privileged, VLAN.
• D. Asking students to use the wireless network is an administrative policy, not a technical control, and it does not prevent them from attempting to bypass this policy by connecting to wired ports.

Concept tested. 802.1X network access control

Reference. https://learn.microsoft.com/en-us/windows-server/networking/technologies/802-1x/802-1x-authentication-overview

No community discussion yet for this question.