juniper认证考试
A system administrator wants to configure 802.1X on an Ethernet switch to enable access to specific parts of the network based on group memberships.How can the administrator accomplish this goal?()A、Configure roles based on departments and assign access b
题目
A system administrator wants to configure 802.1X on an Ethernet switch to enable access to specific parts of the network based on group memberships.How can the administrator accomplish this goal?()
- A、Configure roles based on departments and assign access based on source IP address.
- B、Configure roles based on the user's manager and assign access based on the user's MAC address
- C、Configure roles based on group memberships and assign a specific VLAN to the role.
- D、Configure roles based on RADIUS request attribute and assign a specific VLAN to the role.
相似问题和答案
第1题:
A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?
A. BPDU
B. Port security
C. RSTP
D. STP
E. VTP
F. Blocking mode
B 解析:Explanation:
Understanding How Port Security Works:
You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that port. Alternatively, you can use port security to filter traffic destined to or received from a specific host based on the host MAC address.
When a secure port receives a packet, the source MAC address of the packet is compared to the list of secure source addresses that were manually configured or autoconfigured (learned) on the port. If a MAC address of a device attached to the port differs from the list of secure addresses, the port either shuts down permanently (default mode), shuts down for the time you have specified, or drops incoming packets from the insecure host.
The port's behavior. depends on how you configure it to respond to a security violation. If a security violation occurs, the Link LED for that port turns orange, and a link-down trap is sent to the Simple Network Management Protocol (SNMP) manager. An SNMP trap is not sent if you configure the port for restrictive violation mode. A trap is sent only if you configure the port to shut down during a security violation.
第2题:
A.The network administrator can apply port security to dynamic access ports
B.The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
C.The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
D.The network administrator can apply port security to EtherChannels.
E.When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.
第3题:
Your network contains an Active Directory domain. The domain contains a member server that runs Windows Server 2008 R2.You have a folder named Data that is located on the C drive. The folder has the default NTFS permissions configured.A support technician shares C:\Data by using the File Sharing Wizard and specifies the default settings.Users report that they cannot access the shared folder.You need to ensure that all domain users can access the share.What should you do?()
A. Enable access-based enumeration (ABE) on the share.
B. Assign the Read NTFS permission to the Domain Users group.
C. From the Network and Sharing Center, enable public folder sharing.
D. From the File Sharing Wizard, configure the Read permission level for the Domain Users group.
第4题:
A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?()
- A、BPDU
- B、Port security
- C、RSTP
- D、STP
- E、VTP
- F、Blocking mode
正确答案:B
第5题:
Why would a network administrator configure port security on a switch?()
- A、to prevent unauthorized Telnet access to a switch port
- B、to limit the number of Layer 2 broadcasts on a particular switch port
- C、to prevent unauthorized hosts from accessing the LAN
- D、to protect the IP and MAC address of the switch and associated ports
- E、to block unauthorized access to the switch management interfaces over common TCP ports
正确答案:C
第6题:
A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?()
A. Configure port Fa0/1 to accept connections only from the static IP address of the server.
B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
C. Configure the MAC address of the server as a static entry associated with port Fa0/1.
D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
第7题:
You are the network administrator of a small Layer 2 network with 50 users. Lately, users have been complaining that the network is very slow. While troubleshooting, you notice that the CAM table of your switch is full, although it supports up to 12,000 MAC addresses. How can you solve this issue and prevent it from happening in the future?()
- A、Upgrade the switches
- B、Configure BPDU guard
- C、Configure VLAN access lists
- D、Configure port security
- E、Configure Dynamic ARP inspection
正确答案:D
第8题:
The network administrator has configured port security on a Ezonexam switch. Why would a network administrator configure port security on this Ezonexam device?
A.To prevent unauthorized hosts from getting access to the LAN
B.To limit the number of Layer 2 broadcasts on a particular switch port
C.To prevent unauthorized Telnet or SSH access to a switch port
D.To prevent the IP and MAC address of the switch and associated ports
E.None of the above
解析:Explanation:
You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the workstation attached to that port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC addresses is reached, when the MAC address of a station attempting to access the port is different from any of the identified secure MAC addresses, a security violation occurs. Also, if a station with a secure MAC address configured or learned on one secure port attempts to access another secure port, a violation is flagged.
第9题:
A network administrator needs to configure port security on a switch.which two statements are true?()
- A、The network administrator can apply port security to dynamic access ports
- B、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
- C、The sticky learning feature allows the addition of dynamically learned addresses to the runningconfiguration.
- D、The network administrator can apply port security to EtherChannels.
- E、When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.
正确答案:C,E
第10题:
The network administrator wants to enable an EtherChannel between two switches in "on" mode. The administrator connects the cables and enables the interfaces, but while configuring the EtherChannel in the first switch,a spanning-tree loop was detected. Which two of these procedures can avoid this problem?()
- A、Configure the EtherChannel as "desirable" first.
- B、Assign all interfaces to the same VLAN.
- C、Disable PortFast on the interfaces in the EtherChannels.
- D、Disable all interfaces first.
- E、Fast Ethernet and Gigabit Ethernet ports cannot be assigned to the same EtherChannel.
- F、Fix cabling problems.
正确答案:A,D