Which of the following are correct about 802.1X access process? (Multiple choices)
- A . Throughout the authentication process, the terminal exchanges information through the server and EAP packets.
- B . The terminal exchanges EAP packets with the 802.1X switch. The 802.1X switch and the server use Radius packets exchange information.
- C . 802.1X authentication does not require security policy checks.
- D . Use MD5 algorithm to verify the information.
BYOD solution provide products and systems cover terminals, networks, security, application and management, include serialized BYOD devices, wireless network systems, network access security, VPN gateways, terminal security client software, authentication systems, mobile device management (MDM), mobile eSpace UC, etc.
- A . True
- B . False
Which of the following is correct for terminal Wi-Fi push order?
- A . 1-2-3-4
- B . 4-2-3-1
- C . 3-2-1-4
- D . 2-3-1-4
Which of the following options is correct for PKI process sequence?
A. 1-3-5-4-2-6-7-8
B. 1-3-5-6-7-4-8-2
C. 1-3-2-7-6-4-5-8
D. 1-3-2-4-8-6-5-7
Aopt user isolation technology in WLAN networking environment, which of the following statements is wrong?
- A . User isolation between groups means that users in different groups can’t communicate with each other, and internal users in the same group can communicate
- B . Isolation in user groups means that users in the same group can’t communicate with each other
- C . User isolation function means that Layer 2 packets associated with all wireless users on the same AP can’t forward packets to each other.
- D . Group isolation and isolation between groups can’t be used at the same time
When use local guest account authentication, Portal authentication is usually used to push the authentication page to the visitor.
Before the user authentication, when the access control device receives HTTP request from the user and the resource is not the Portal server authentication URL, how does the admission control device handle it?
- A . Drop the packet
- B . URL address redirect to Portal authentication page
- C . Direct release
- D . Send authentication information to the authentication server
The administrator issues notices to users through the form of announcements, such as the latest software and patch installation notices, etc. Which of the following options is wrong?
- A . You can issue an announcement by department.
- B . The endpoint must have proxy client installed to receive announcements.
- C . If the system issues an announcement and the proxy client is not online, it will not receive the announcement information after going online.
- D . You can issue an announcement by account number.
When manage guest accounts, you need to create guest account policy and set account creation method. Which of the following descriptions is incorrect for account creation?
- A . When you add accounts individually, you can select individual creation.
- B . If the number of users is large, you can create them in batches.
- C . If the number of users is large, you can choose database synchronization.
- D . Self-registration can be used to facilitate management and enhance the user experience.
In WIDS-enabled WLAN network, which of the following statements is correct regarding the determination of illegal devices?
- A . All Ad-hoc devices will be directly identified as illegal devices
- B . AP that are not connected to this AC are illegal AP
- C . STA that are not connected to this AC are illegal STA
- D . STA that are not connected to this AC must check whether the access AP is valid
When deploy wired 802.1X authentication, if the admission control device is deployed at the convergence layer, this deployment method has features such as high security performance, multiple management devices and complicated management.
- A . True
- B . False
Which of the following is correct for the roles of Portal authentication system?
- A . The client is Any Office software.
- B . The role of portal server is to receive the client authentication request, provide free portal service and authentication interface and interact with the access device to authenticate the client.
- C . The role of RADIUS server is to redirect all HTTP requests from users in the authentication network segment to the Portal server.
- D . The role of the admission control device is to complete the user’s authentication, authorization and accounting.
Which of the following correct for MAC authentication and MAC bypass authentication? (Multiple choices)
- A . MAC authentication is an authentication method that controls the user’s network access rights based on the interface and MAC address. It does not require the user to install any client software.
- B . MAC bypass authentication first 802.1X authentication is performed on the device that accesses the device. If the device does not respond to 802.1X authentication, the device uses MAC to authenticate the device.
- C . During the MAC authentication process, the user needs to manually enter the user name or password.
- D . MAC address is not used as the user name and password to automatically access the network during MAC bypass authentication.
Which of the following are correct about hardware SACG authentication deployment scenario? (Multiple choices)
- A . SACG authentication is generally used in stable network scenarios where wired admission control is performed.
- B . SACG authentication is generally used in scenarios where new networks are set up for wireless admission control.
- C . SACG is generally deployed in bypass mode without changing the original network topology.
- D . SACG essentially controls access to users through 802.1X technology.
The traditional network single strategy is difficult to deal with complex situations such as diverse users, diversified locations, diversified terminals, diversified applications and inexperienced experiences.
- A . True
- B . False
A network use Portal authentication, when the user accesses, he finds that the user name/password is not entered in the pushed Web page.
This fault may be caused by which reason?
- A . There is no corresponding user on Agile Controller-Campus.
- B . Switch AAA configured wrong.
- C . The switch does not enable Portal function.
- D . Push page error on portal server.
In agile network, before the user is authenticated, users may need to access servers such as DNS, DHCP and Portal. When the traffic from the user access the server pass through the firewall, the firewall queries the Agile controller-campus server for the agile security group information corresponding to the traffic. Because the user is not authenticated at this time, the Agile controller-campus server informs the firewall that the user belongs to the "unknown agile security group (Unknown)". This will cause the user’s traffic to match the "unknown agile security group" before the firewall refreshes the user identity.
After the user passes the authentication, the right authority can’t be obtained immediately. How to solve the problem?
- A . Turn off state detection on FW.
- B . Configure TSM on FW.
- C . Set the security pre-domain. When an unauthenticated user accesses a server in the pre-security domain, FW directly forwards the traffic.
- D . Release traffic to the server on FW.
Mobile smart phone and tablet users establish IPSec encryption tunnel with AE through Any Office client. After passing authentication and compliance checks, they access enterprise services.
- A . True
- B . False
Typical application scenarios of terminal security include desktop management, illegal outreach and computer peripheral management.
- A . True
- B . False
The standard 802.1X client that is provided by the Web client and operating system only has the identity authentication function. It does not support the implementation of inspection class policies and monitoring class policies. The Any Office client supports all inspection class policies and monitoring class policies.
- A . True
- B . False
MAC authentication means that in 802.1X authentication environment, when the terminal does not respond to 802.1X authentication request from the access control device after accessing the network, the access control device automatically obtains MAC address of the terminal and sends it to RADIUS server as a certificate for accessing the network.
- A . True
- B . False