Comptia Security Plus Mock Test Q47

While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens?

A. Log Analysis
B. VLAN Management
C. Network separation
D. 802.1x

Correct Answer: D
Section: Network Security

Explanation:
802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connectionmanagement systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System Plus (TACACS +), and Network Access Control (NAC).

Incorrect Answers:
A: Log analysis is the art and science of reviewing audit trails, log fi les, or other forms of computer-generated records for evidence of policy violations, malicious events, downtimes,
bottlenecks, or other issues of concern.

B: VLAN management is the use of VLANs to control traffic for security or performance reasons.

C: Bridging between networks can be a desired feature of network design. Network bridging is self-configuring, is inexpensive, maintains collision-domain isolation, is transparent to
Layer 3+ protocols, and avoids the 5-4-3 rule’s Layer 1 limitations. However, network bridging isn’t always desirable. It doesn’t limit or divide broadcast domains, doesn’t scale well, can
cause latency, and can result in loops. In order to eliminate these problems, you can implement network separation or segmentation. There are two means to accomplish this. First, if
communication is necessary between network segments, you can implement IP subnets and use routers. Second, you can create physically separate networks that don’t need to
communicate. This can also be accomplished later using firewalls instead of routers to implement secured filtering and traffic management.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 23, 25, 26