Which of the following options describe the 802.1X access process correctly? (Multiple Choice)
- A . During the whole authentication process, the terminal exchanges information with the server through EAP packets.
- B . The terminal and the 802.1X switch exchange EAP packets, and the 802.1X switch and the server use Radius packets to exchange information.
- C . 802.1X authentication does not require security policy checking.
- D . Use the MD5 algorithm to verify the information.
The products and systems provided by BYOD solutions cover many fields such as terminal, network, security, application, and management, including: serialized BYOD equipment, wireless network system, network access security, VPN gateway, terminal security client software, Authentication system, mobile device management (MDM), mobile eSpace UC, etc.
- A . True
- B . False
The products and systems provided by BYOD solutions cover many fields such as terminal, network, security, application, and management, including: serialized BYOD equipment, wireless network system, network access security, VPN gateway, terminal security client software, Authentication system, mobile device management (MDM), mobile eSpace UC, etc.
- A . True
- B . False
The products and systems provided by BYOD solutions cover many fields such as terminal, network, security, application, and management, including: serialized BYOD equipment, wireless network system, network access security, VPN gateway, terminal security client software, Authentication system, mobile device management (MDM), mobile eSpace UC, etc.
- A . True
- B . False
The products and systems provided by BYOD solutions cover many fields such as terminal, network, security, application, and management, including: serialized BYOD equipment, wireless network system, network access security, VPN gateway, terminal security client software, Authentication system, mobile device management (MDM), mobile eSpace UC, etc.
- A . True
- B . False
The products and systems provided by BYOD solutions cover many fields such as terminal, network, security, application, and management, including: serialized BYOD equipment, wireless network system, network access security, VPN gateway, terminal security client software, Authentication system, mobile device management (MDM), mobile eSpace UC, etc.
- A . True
- B . False
The terminal automatically connects to the enterprise Wi-Fi.
- A . 1-2-3-4
- B . 4-2-3-1
- C . 3-2-1-4
- D . 2-3-1-4
The terminal automatically connects to the enterprise Wi-Fi.
- A . 1-2-3-4
- B . 4-2-3-1
- C . 3-2-1-4
- D . 2-3-1-4
The terminal automatically connects to the enterprise Wi-Fi.
- A . 1-2-3-4
- B . 4-2-3-1
- C . 3-2-1-4
- D . 2-3-1-4
The terminal automatically connects to the enterprise Wi-Fi.
- A . 1-2-3-4
- B . 4-2-3-1
- C . 3-2-1-4
- D . 2-3-1-4
The terminal automatically connects to the enterprise Wi-Fi.
- A . 1-2-3-4
- B . 4-2-3-1
- C . 3-2-1-4
- D . 2-3-1-4
The terminal automatically connects to the enterprise Wi-Fi.
- A . 1-2-3-4
- B . 4-2-3-1
- C . 3-2-1-4
- D . 2-3-1-4
The terminal automatically connects to the enterprise Wi-Fi.
- A . 1-2-3-4
- B . 4-2-3-1
- C . 3-2-1-4
- D . 2-3-1-4
The terminal automatically connects to the enterprise Wi-Fi.
- A . 1-2-3-4
- B . 4-2-3-1
- C . 3-2-1-4
- D . 2-3-1-4
The terminal automatically connects to the enterprise Wi-Fi.
- A . 1-2-3-4
- B . 4-2-3-1
- C . 3-2-1-4
- D . 2-3-1-4
The CA receives the certificate registration request message from the PKI entity.
- A . 1-3-5-4-2-6-7-8
- B . 1-3-5-6-7-4-8-2
- C . 1-3-2-7-6-4-5-8
- D . 1-3-2-4-8-6-5-7
Regarding the use of user isolation technology in a WLAN networking environment, which of the following statements is false?
- A . User isolation between groups means that users in different groups cannot communicate, but internal users in the same group can communicate
- B . Isolation within a user group means that users within the same group cannot communicate with each other
- C . The user isolation function means that the Layer 2 packets between all wireless users associated with the same AP cannot be forwarded to each other
- D . Intra-group isolation and inter-group isolation cannot be used at the same time
When using local guest account authentication, Portal authentication is usually used to push the authentication page to the guest.
Before user authentication, when the admission control device receives the HTTP request sent by the user for a resource other than the Portal server authentication URL, how does the admission control device handle it?
- A . Discard packets
- B . The URL address redirects to the Portal authentication page
- C . Direct release
- D . Send the authentication information to the authentication server
The administrator issues notices to users in the form of announcements, such as the latest software and patch installation notices, etc. Which of the following options for announcements is false?
- A . Announcements can be issued by department.
- B . Terminals must have a proxy client installed to receive announcements.
- C . If the system issues an announcement and the proxy client is not online, it will not receive the announcement information after going online in the future.
- D . Announcements can be issued by account.
When managing guest accounts, you need to create a guest account policy and set the account creation method. For the account creation method, which of the following descriptions is wrong?
- A . When adding accounts individually, you can choose to create them individually.
- B . If there are many users, you can choose to create them in batches.
- C . If the number of users is relatively large, you can choose database synchronization.
- D . In order to facilitate management and improve user experience, self-registration can be used.
In the WLAN network with the WIDS function enabled, which of the following statements are correct regarding the determination of illegal devices? (Multiple Choice)
- A . All Ad-hoc devices will be directly judged as illegal devices
- B . APs not connected to this AC are illegal APs
- C . STAs not accessed by this AC are illegal STAs
- D . It is not the STA that the AC accesses, and it is necessary to check whether the access AP is legal.
When deploying wired 802.1X authentication, if the admission control device is deployed at the aggregation layer, this deployment method has the characteristics of high security performance, many management devices, and complex management.
- A . True
- B . False
Which of the following options is correct for describing the effect of each role in the Portal authentication system?
- A . The client is Any Office software.
- B . The role of the Portal server is to receive client authentication requests, provide free portal services and authentication interfaces, and exchange client authentication information with the access device.
- C . The role of the RADIUS server is to redirect all HTTP requests from users in the authentication network segment to the Portal server.
- D . The role of the admission control device is to complete user authentication, authorization and accounting.
Which of the following options are correct for the description of MAC authentication and MAC bypass authentication? (Multiple Choice)
- A . MAC authentication is an authentication method that controls users’ network access rights based on interfaces and MAC addresses. It does not require users to install any client software.
- B . MAC bypass authentication first performs 802.1X authentication on the access authentication device. If the device does not respond to 802.1X authentication, MAC authentication is used to verify the legitimacy of the device.
- C . During the MAC authentication process, the user needs to manually enter the username or password.
- D . During the MAC bypass authentication process, the MAC address is not used as the username and password to automatically access the network.
Regarding the deployment scenarios of hardware SACG certification, which of the following descriptions are correct? (Multiple Choice)
- A . SACG authentication is generally used in the scenarios where a stable network is used for wired access control.
- B . SACG authentication is generally used in the scenario of wireless admission control of a new network.
- C . SACG is generally deployed in a bypass mode without changing the original network topology.
- D . SACG essentially controls access users through 802.1X technology.
It is difficult for a single traditional network strategy to cope with the current complex situations such as user diversification, location diversification, terminal diversification, application diversification, and insecure experience.
- A . True
- B . False
A network uses Portal authentication, and the user finds that there is no place to enter the username/password in the pushed Web page when accessing.
This failure may be caused by which of the following reasons?
- A . There is no corresponding user on Agile Controller-Campus.
- B . The switch AAA configuration is incorrect.
- C . The switch does not enable the Portal function.
- D . Push page error on Portal server.
In an agile network, users may need to access servers such as DNS, DHCP, and Portal before authentication. When the traffic of the user accessing the server passes through the firewall, the firewall queries the Agile controller-campus server for information about the agile security group corresponding to the traffic. Since the user has not passed the authentication at this time, the Agile controller-campus server will inform the firewall that the user belongs to the "Unknown Agile Security Group (Unknown)", which will cause the user’s traffic to match the "Unknown Agile Security Group (Unknown)" before the firewall refreshes the user’s identity.
As a result, the correct permissions cannot be obtained immediately after the user authentication is passed. How to solve this problem?
- A . Turn off state detection on the FW.
- B . Configure TSM on the FW.
- C . Set up the security front domain. When an unauthenticated user accesses the server in the pre-security domain, the FW directly forwards the traffic.
- D . Allow traffic to the server on the FW.
Mobile smartphone and tablet users establish an IPSec encrypted tunnel with AE through the Any Office client. After passing the authentication and compliance check, they can access the enterprise business.
- A . True
- B . False
Typical application scenarios of terminal security include: desktop management, illegal outreach and computer peripheral management.
- A . True
- B . False
The standard 802.1X client that comes with the Web client and the operating system only has the function of identity authentication, and does not support the execution of inspection-type policies and monitoring-type policies. Any Office client supports all inspection-type policies and monitoring-type policies.
- A . True
- B . False
MAC authentication means that in the 802.1X authentication environment, when the terminal does not respond to the 802.1X authentication request from the access control device after accessing the network, the access control device automatically obtains the terminal’s MAC address and sends it as a credential for accessing the network to the RADIUS server for verification.
- A . True
- B . False
When allocating various services according to the user group, account and terminal IP address range, if the same service (except the announcement service) is allocated to the user group, account and terminal IP address range, the business assigned to the highest priority will take effect.
Which of the following is true about the order of priority?
- A . Account > User Group > Terminal IP Address Range
- B . Terminal IP Address Range > Account > User Group
- C . Account > Terminal IP Address Range > User Group
- D . User Group > Terminal IP Address Range > Account
The multi-level defense system is mainly reflected in the network level and the system level. Which of the following options are used for the security defense at the network level? (Multiple Choice)
- A . Software SACG
- B . Hardware SACG
- C . 802.1X switch
- D . Authentication Server
Site refers to the terminal environment when the end user uses the AC-Campus to access the controlled network for office work.
Which of the following options is correct about the site?
- A . Different sites can have different security policies.
- B . LSite has nothing to do with safety.
- C . There can only be one site within the company.
- D . site and location have nothing to do with it.
Identity authentication determines whether to allow access by identifying the identity of the access device or user.
- A . True
- B . False
For the description of the account blacklist, which of the following options is incorrect?
- A . The automatic account lockout and manual account lockout functions cannot be enabled at the same time.
- B . For automatic account lockout, within a limited time, the account will be automatically locked if the number of incorrect passwords entered by the end user during authentication exceeds the limit.
- C . For a manually locked account, the administrator needs to manually add the account to the list of locked accounts.
- D . If the manually locked account is deleted from the list, the lock of the account will be released.
All components of Agile Controller-Campus support Windows system and Linux system.
- A . True
- B . False
Free Mobility determines access rights and QoS policies according to the 5W1H conditions of user access. For 5W1H, which of the following descriptions are correct? (Multiple Choice)
- A . Who, determine the ownership of the access device (company standard, BYOD, etc.)
- B . Whose, determine the identity of the access person (employee, visitor, etc.).
- C . How, determine the access method (wired, wireless, etc.).
- D . What, determine the access device (PC, iOS, etc.)
Which of the following network security threats exist only in WLAN networks?
- A . Brute-force cracking
- B . Pan-squeeze attack
- C . DoS Denial of Service Attack
- D . Weak IV attack
After the user is authenticated successfully, which of the following actions can be performed on the user on the Agile Controller-Campus? (Multiple Choice)
- A . Provide remote assistance to users who use Any Office access.
- B . Force users to go offline.
- C . Audit the user’s online and offline records.
- D . Deactivate/disable and assign roles to mobile certificate accounts.
In Portal authentication, which of the following parameters must be configured on the switch? (Multiple Choice)
- A . Portal server IP
- B . Portal page URL
- C . shared-key
- D . Portal protocol version
The terminal uses Portal authentication to access the network, but cannot jump to the authentication page. The possible reasons do not include which of the following options?
- A . The Portal authentication parameters configured on the Agile Controller-Campus are inconsistent with the access control device.
- B . The authentication port number configured in the Portal template of the access device is 50100, which is the default on the Agile Controller-Campus.
- C . SC does not start.
- D . When the page is customized, the preset template is used.
Which of the following options describes the SACG launch process incorrectly?
- A . The communication between the terminal and the Agile Controller-Campus server adopts SSL encryption
- B . Authentication fails, end users can only access resources in the domain before authentication
- C . If the security check is passed, the Agile Controller-Campus server notifies SACG to switch the IP address of the end user to the isolation domain
- D . The message from the Agile Controller-Campus server to the SACG carries the domain parameters
The traditional access authority control strategy is implemented through ACI or VLAN, which cannot be decoupled from the IP address, and the maintenance workload is heavy when the IP address changes. The agile network can achieve decoupling from IP addresses because of the introduction of the concept of security groups.
- A . True
- B . False
When using the test-aaa command on the access control device to test the connectivity with the Radius server, the running result shows a timeout, which may be caused by incorrect account or password configuration.
- A . True
- B . False
When the Agile Controller-Campus acts as a RADIUS server for authentication, what ports need to be configured for authentication on the admission control device?
- A . 1812
- B . 1813
- C . 8443
- D . 8080
Which of the following options is not a challenge posed by mobile office?
- A . The mobile office platform is safe, reliable and quick to go online.
- B . Users can access the network safely and quickly.
- C . Unified management of terminals and refined control.
- D . Deployment of Network Gateways.
In the Windows environment, after the Agile Controller-Campus is successfully installed, how to manually start the Management Center (MC)? (Multiple Choices)
- A . Double-click the "Start Server" shortcut on the desktop to start it.
- B . Choose Start > All Programs > Huawei > MCServer > Start Server.
- C . Choose Start > All Programs > Huawei > Agile Controller > Server Startup Config to manually start the required components.
- D . Choose Start > All Programs > Huawei > MCServer > Server Startup Config to manually start the required components.
When configuring the antivirus software policy, if you set the "Violation Level of Antivirus Software Required for Not Installed or Not Running" to "Normal", and check the "Prohibit access to the network if serious violations occur" option.
When a user uses Any office for authentication and the authentication is passed, but the security check shows that the anti-virus software is not enabled, can the user access the network?
- A . Can access the network and access network resources.
- B . Can not access the network.
- C . The network can be accessed, but it needs to be repaired before accessing network resources.
- D . Can access the network, but requires re-authentication to access network resources.
Which of the following methods can be used for enterprise terminal security to be protected?
- A . Admission Control
- B . Encrypted Access
- C . Business isolation
- D . Audit Billing
Which of the following options is the main function of the SC component in Agile Controller-Campus?
- A . As the management center of the Agile Controller-Campus, it is responsible for formulating the overall strategy.
- B . As the management interface of Agile Controller-Campus, configure and monitor the system.
- C . It is integrated with standard RADIUS server, Porta server, etc., responsible for linking with network access devices to implement user-based network access control policies.
- D . As the security defense server of Agile Controller-Campus, it is responsible for analyzing and calculating the security events reported by iRadar.