2b0-019 1-0
DESCRIPTION
5hTRANSCRIPT
Enterasys Networks 2B0-019ES Policy Enabled NetworkingVersion 1.0
QUESTION NO: 1 Role-based administration:
A. Makes no allowance for non-employee trafficB. Uses ACLs to determine user network accessC. Can model the business in softwareD. Allows IT to determine how resources are allocated
Answer: C
QUESTION NO: 2 Persistent policy assignment:
A. Cannot be used on uplink portsB. Can be effective in an incremental deployment of acceptable use policyC. Is deployed based on user authenticationD. Is dependent upon a RADIUS back-end configuration
Answer: B
QUESTION NO: 3 What is the function of the Filter-ID when configuring a RADIUS server for use within a policy-enabled network?
A. It filters unwanted BPDUs from flooding the RADIUS serverB. It filters or blocks users who are not registered with the RADIUS serverC. It matches a MAC address with a specific user and updates an active-edge switchs forwarding databaseD. It passes policy information to a policy-enabled switch when a user successfully authenticates
Answer: D
QUESTION NO: 4 What is the difference between a Controlled port and an Uncontrolled port in 802.1X?
A. A controlled port passes all PDUs (protocol data units) while an uncontrolled port must be in an Active stateB. The controlled port only allows for the exchange of PDUs if its current state is authorized, while the uncontrolled port will pass PDUs regardless of its authorization stateC. The controlled port must always be in an active state while an uncontrolled port must notD. A controlled port is a physical port while an uncontrolled port is virtual
Answer: B
QUESTION NO: 5 In Secure Application Provisioning, the Enterprise Access role:
A. Is assigned based on the users subnet addressB. Provides only courtesy web accessC. Facilitates network troubleshootingD. Includes the Acceptable Use Policy service group
Answer: D
QUESTION NO: 6 The traditional approach to Secure Guest Access has been:
A. To control access using Layer 4 classification rulesB. Based on Application Level GatewaysC. VLAN containmentD. Protocol-based containment
Answer: C
QUESTION NO: 7 All of the following are services which make up the pre-configured Acceptable Use Policy service group EXCEPT:
A. Protocol Priority Access ControlB. Deny SpoofingC. Limit Exposure to DoS attacksD. Permit Legacy Protocols
Answer: D
QUESTION NO: 8 Network security policy should:
A. Be documented as a formal statementB. Contain policies that are enforceableC. All of the aboveD. Define users access rights and privileges
Answer: C
QUESTION NO: 9 Selecting Active/Default Role in the Port Configuration Wizard:
A. Causes the user to inherit the ports default role if authentication failsB. Assigns the ports default role to the user upon authentication successC. Is an unsupported configuration optionD. Discards traffic from an unauthenticated user
Answer: A
QUESTION NO: 10 The classification type having the highest precedence value is:
A. IP protocol typeB. Source MAC addressC. Source IP address exact matchD. Destination MAC address
Answer: B
QUESTION NO: 11 Enterasys Secure Guest Access solution:
A. Allows only specifically-defined protocolsB. All of the aboveC. Provides guest access without compromising securityD. Prevents guests from seeing each others traffic
Answer: B
QUESTION NO: 12 EAP-TLS:
A. Does not require a Public Key InfrastructureB. Utilizes uni-directional authenticationC. Is regarded as a weak authentication methodD. Generates keying material for use in WEP encryption
Answer: D
QUESTION NO: 13 Classification precedence rules:
A. Gives highest precedence to IP protocol-based rulesB. May be configured by the administratorC. Apply only to Layer 3 classification rulesD. Are applied when multiple rules are deployed on a port
Answer: D
QUESTION NO: 14 The Port Web Authentication URL in NetSight Atlas Policy Manager:
A. Is an interactive HTML page which is stored locally on the switchB. Is accessed automatically via the users NT loginC. Must use secureharbour as the http:// addressD. Is a link to an internet proxy server
Answer: A
QUESTION NO: 15 Regarding roles in NetSight Atlas Policy Manager, which of the following is true?
A. A ports default role and current role must matchB. A ports default role takes precedence over its current roleC. Users may inherit a ports default role if authentication failsD. Newly created roles must be associated with a default VLAN
Answer: C
QUESTION NO: 16 The pre-configured Demo.pmd database file in NetSight Atlas Policy Manager includes:
A. A Trusted Employee RoleB. A VLAN for each user groupC. No bandwidth rate limitersD. Services which deny administrative and legacy protocols
Answer: D
QUESTION NO: 17 Classification rules may be written based on all of the following EXCEPT:
A. Logical addressB. PHY and PMD sub-layersC. Hardware addressD. TCP/UDP port number
Answer: B
QUESTION NO: 18 Enterasys policy-enabled network solution:
A. Can dynamically assign policies based on user authenticationB. Requires client software on users PCsC. Assigns only VLAN membership upon authenticationD. Is supported on all Enterasys Networks products
Answer: A
QUESTION NO: 19 When configuring RADIUS parameters in NetSight Atlas Policy Manager, a 16-byte (hex) shared secret is used to enable:
A. Communication between a RADIUS client and a RADIUS serverB. NetSight Atlas Policy Manager to communicate with end stationsC. NetSight Atlas Policy Manager to communicate with a devices authentication functionalityD. NetSight Atlas Policy Manager to communicate with a RADIUS server
Answer: C
QUESTION NO: 20 The Application Shared Secret value in NetSight Atlas Policy Manager:
A. Must be the same as the shared secret configured on the RADIUS server and clientB. Permits the application to communicate with the RADIUS serverC. Is an alpha-numeric string of any lengthD. Is not necessary when using SNMPv3
Answer: D
QUESTION NO: 21 The RoamAbout R2 WAP supports policy-enabled networking:
A. By forwarding unauthorized traffic to a Discard VLANB. By mapping MAC addresses to virtual portsC. Regardless of firmware versionD. By assigning the same policy to all authenticated users
Answer: B
QUESTION NO: 22 When services are added to an existing .pmd file:
A. They may only contain permit/deny rulesB. The new service can be written only to devices individually selected by the administratorC. They must immediately be applied to a roleD. The service is not effective until enforced
Answer: D
QUESTION NO: 23 In the Enterasys policy-enabled network model, on-demand policy assignment:
A. Requires the use of 802.1X authentication mechanismsB. Is overridden by a ports default roleC. Makes use of the Filter-ID parameterD. Is the result of a manual configuration
Answer: C
QUESTION NO: 24 In the three-level policy model, Enterasys maps:
A. The business/network level to classification rulesB. The device level to classification rulesC. All of the aboveD. The service-provisioning level to roles
Answer: B
QUESTION NO: 25 Populating NetSight Atlas Policy Managers device list:
A. Allows the user to input a manually-created list of addressesB. Can be automated by first running the MAC Locator utilityC. Can be accomplished by reading information from a .csv fileD. Is accomplished using the applications discovery function
Answer: A
QUESTION NO: 26 When potentially damaging traffic is introduced at the network edge:
A. (a) and (c)B. Policy Manager must contact an IDS in order to determine the source IP address of the malicious trafficC. A new .pmd file must be opened and enforced to each device in the active edgeD. Classification rules which discard the unwanted traffic can be pushed to the edge switches quickly
Answer: D
QUESTION NO: 27 The Active Edge consists of:
A. Core routersB. SAP serversC. User resourcesD. Policy-enabled switches
Answer: D
QUESTION NO: 28 Selecting Active/Discard in the Port Configuration Wizard:
A. Drops traffic if authentication failsB. Assigns a role with limited network accessC. Sets backplane ports by defaultD. Applies only to a devices Host Data port
Answer: A
QUESTION NO: 29 Directory-enabled Networks (DEN):
A. Used directories as data repositoriesB. Had no effect on the development of policy-based networkingC. Was introduced originally by NovellD. Is the current standard for policy-based networking
Answer: A
QUESTION NO: 30 Enterasys Port Web Authentication:
A. Provides guest networking by assigning unauthenticated users to a secure VLANB. Is no longer supported in the Enterasys product lineC. Allows users to log in via an interactive HTML pageD. Supports on-demand policy assignment only
Answer: C
QUESTION NO: 31 In an 802.1X environment, if an end-station does not support authentication, then:
A. The authenticators controlled port will remain in an unauthorized state, preventing the user from accessing network resourcesB. The authenticator provides a temporary virtual connection to the RADIUS server in case the station is a valid userC. It makes no difference because the switch will authenticate the station by defaultD. The switch will give the user a Guest role with limited network access
Answer: A
QUESTION NO: 32 Certificate services must be installed when using:
A. PWAB. EAP-TLSC. EAP-MD5D. MAC authentication
Answer: B
QUESTION NO: 33 Enterasys products support all the following authentication methods EXCEPT:
A. KerberosB. MACC. HybridD. PEAP
Answer: A
QUESTION NO: 34 A distinguishing characteristic of PEAP is:
A. It creates keying material using the Pseudo-Random FunctionB. It adds security by running over a VPN tunnelC. It uses salt encryptionD. It requires that only the supplicant present a certificate
Answer: A
QUESTION NO: 35 All of the following are true regarding a RADIUS server EXCEPT:
A. Uses a shared secret to enhance securityB. Consists of Authentication, Authorization and Accounting componentsC. Communicates Accept or Reject responses directly to the userD. Supports PAP or CHAP
Answer: C
QUESTION NO: 36 Within the Demo.pmd file, the Administrator role:
A. Denies the use of legacy protocolsB. Is available to any userC. Allows the use of SNMPD. Contains CoS restrictions to prevent congestion
Answer: C
QUESTION NO: 37 EAPoL (Extensible Authentication Protocol Over LANs) frames:
A. Are VLAN-taggedB. Cannot be encryptedC. Are used by a NAS to communicate with a RADIUS serverD. Are not VLAN-tagged
Answer: D
QUESTION NO: 38 Importing .pmd files:
A. Requires that the entire .pmd file be importedB. Allows the user to select data elements to be importedC. Causes data corruption due to rule conflictsD. Is currently an unsupported functionality
Answer: B
QUESTION NO: 39 Acceptable Use Policy:
A. Requires the use of an authentication methodB. Should reflect the formal network security policyC. Prevents users from sharing informationD. Is based on VLAN membership
Answer: B
QUESTION NO: 40 Authentication is used in Secure Application Provisioning to:
A. Persistently apply policyB. provide additional network accessC. Allow configuration of a switch's host data portD. Quarantine malicious traffic
Answer: B
QUESTION NO: 41 Key elements of a common policy architecture include:
A. Both (a) and (b)B. A policy enforcement pointC. A policy termination pointD. A policy decision point
Answer: A
QUESTION NO: 42 Spoofing is a technique in which an:
A. Intruder masquerades as a legitimate network userB. Authorized user attempts to disable a routers ACLsC. Intruder tries to determine which TCP/UDP ports are in use on a network by scanning a range of port numbersD. Unauthorized user attempts to gain network access using an invalid username/password combination
Answer: A
QUESTION NO: 43 After configuration changes have been made in NetSight Atlas Policy Manager, what must be done before the changes take effect on the devices?
A. Nothing the changes take effect immediatelyB. The NMS must be rebootedC. The changes must be enforcedD. The changes must be verified
Answer: C
QUESTION NO: 44 Classification rules can deter attacks by:
A. Only allowing authentication over a controlled portB. Shooting down hack attempts which use known signaturesC. Not allowing ICMP echo responses to egress the switchD. Randomly changing community name passwords
Answer: C
QUESTION NO: 45 NetSight Atlas Policy Manager can assure consistent QoS across a routed network environment by:
A. Avoiding the use of bandwidth rate limitersB. Writing the priority bits of the 802.1Q tag to the IP ToS fieldC. Giving high priority to all allowed network trafficD. Mapping VLANs to subnets
Answer: B
QUESTION NO: 46 Components of the Enterasys policy-enabled network do NOT include:
A. Role-Based AdministrationB. Active EdgeC. AuthenticationD. Core-Based Dynamic VLAN Registration
Answer: D
QUESTION NO: 47 A phased approach to policy implementation:
A. Is not advisable because of the unnecessary delay introducedB. Is based upon an implicit deny modelC. Allows for a low-risk deploymentD. Requires the creation of a customized database
Answer: C
QUESTION NO: 48 The Enterasys approach to Policy-Enabled Networking:
A. Treats all traffic in the same wayB. Allows full or restricted access to resourcesC. None of the aboveD. Allows only permit/deny rules
Answer: B
QUESTION NO: 49 Saving a NetSight Atlas Policy Manager configuration to a .pmd file:
A. Allows for multiple configurations to be stored on the NMSB. Temporarily disables communication between all RADIUS clients until the save is completeC. Writes the configuration to NVRAM on the switchesD. Notifies the RADIUS server that new policies have been created
Answer: A
QUESTION NO: 50 In the policy-enabled network environment, decisions on what resources a user is allowed to access are:
A. Determined by IP header informationB. Made by a RADIUS clientC. Based on the users function within the organizationD. Totally MAC-layer dependent
Answer: C
QUESTION NO: 51 The Enforce function in NetSight Atlas Policy Manager:
A. Takes place automatically when the application is closedB. Provides system-level administrationC. Writes information to a switchs flash memoryD. Is used to save .pmd file information
Answer: B
QUESTION NO: 52 Maximum scalability is achieved by deploying classification rules based on:
A. Layer 2 informationB. Layer 1 informationC. Layer 3 informationD. Layer 4 information
Answer: D
QUESTION NO: 53 Secure Application Provisioning:
A. Limits scalabilityB. Assigns guest users to a common VLANC. Does not address the issue of QoSD. Provides levels of service based on business policy
Answer: D