350-401 Question #1142: Real Exam Question with Answer & Explanation

Question

Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality?

Options

• AMAC Authentication Bypass
• BMACsec
• Cprivate VLANs
• Dport security

Explanation

MAC Authentication Bypass (MAB) is a network access authentication mechanism used for endpoints that do not support 802.1X supplicant functionality, authenticating them against a AAA server using their MAC address.

Common mistakes.

• B. MACsec (Media Access Control Security) provides Layer 2 encryption and data integrity, but it is not an authentication mechanism against a AAA server for devices that don't support 802.1X.
• C. Private VLANs (PVLANs) segment a broadcast domain into smaller, isolated subdomains at Layer 2 for security and traffic control, but they are not an authentication mechanism for endpoints.
• D. Port security prevents MAC address spoofing and limits the number of MAC addresses on a port, but it is a security feature to control access after authentication or for basic access control, not a method to authenticate non-802.1X devices against a AAA server.

Concept tested. MAC Authentication Bypass (MAB)

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_h_client_authen/configuration/xe-16/sec-h-client-authen-xe-16-book/sec-h-client-authen-mac.html

No community discussion yet for this question.