Enterasys Networks 2B0-019

ES Policy Enabled Networking

Version 1.0

QUESTION NO: 1
Role-based administration:

A. Makes no allowance for non-employee traffic

B. Uses ACLs to determine user network access
C. Can model the business in software
D. Allows IT to determine how resources are allocated

Answer: C

QUESTION NO: 2
Persistent policy assignment:

A. Cannot be used on uplink ports

B. Can be effective in an incremental deployment of acceptable use policy
C. Is deployed based on user authentication
D. Is dependent upon a RADIUS back-end configuration

Answer: B

QUESTION NO: 3
What is the function of the Filter-ID when configuring a RADIUS server for use within
a policy-enabled network?

A. It filters unwanted BPDUs from flooding the RADIUS server

B. It filters or blocks users who are not registered with the RADIUS server
C. It matches a MAC address with a specific user and updates an active-edge
switchs forwarding database
D. It passes policy information to a policy-enabled switch when a user successfully
authenticates

Answer: D

QUESTION NO: 4
What is the difference between a Controlled port and an Uncontrolled port in
802.1X?

A. A controlled port passes all PDUs (protocol data units) while an uncontrolled port
must be in an Active state
B. The controlled port only allows for the exchange of PDUs if its current state is
authorized, while the uncontrolled port will pass PDUs regardless of its authorization
state
C. The controlled port must always be in an active state while an uncontrolled port
must not
D. A controlled port is a physical port while an uncontrolled port is virtual

Answer: B

QUESTION NO: 5
In Secure Application Provisioning, the Enterprise Access role:

A. Is assigned based on the users subnet address

B. Provides only courtesy web access
C. Facilitates network troubleshooting
D. Includes the Acceptable Use Policy service group

Answer: D

QUESTION NO: 6
The traditional approach to Secure Guest Access has been:

A. To control access using Layer 4 classification rules

B. Based on Application Level Gateways
C. VLAN containment
D. Protocol-based containment

Answer: C

QUESTION NO: 7
All of the following are services which make up the pre-configured Acceptable Use
Policy service group EXCEPT:

A. Protocol Priority Access Control

B. Deny Spoofing
C. Limit Exposure to DoS attacks

D. Permit Legacy Protocols

Answer: D

QUESTION NO: 8
Network security policy should:

A. Be documented as a formal statement

B. Contain policies that are enforceable
C. All of the above
D. Define users access rights and privileges

Answer: C

QUESTION NO: 9
Selecting Active/Default Role in the Port Configuration Wizard:

A. Causes the user to inherit the ports default role if authentication fails
B. Assigns the ports default role to the user upon authentication success
C. Is an unsupported configuration option
D. Discards traffic from an unauthenticated user

Answer: A

QUESTION NO: 10
The classification type having the highest precedence value is:

A. IP protocol type
B. Source MAC address
C. Source IP address exact match
D. Destination MAC address

Answer: B

QUESTION NO: 11
Enterasys Secure Guest Access solution:

A. Allows only specifically-defined protocols

B. All of the above
C. Provides guest access without compromising security
D. Prevents guests from seeing each others traffic

Answer: B

QUESTION NO: 12
EAP-TLS:

A. Does not require a Public Key Infrastructure

B. Utilizes uni-directional authentication
C. Is regarded as a weak authentication method
D. Generates keying material for use in WEP encryption

Answer: D

QUESTION NO: 13
Classification precedence rules:

A. Gives highest precedence to IP protocol-based rules

B. May be configured by the administrator
C. Apply only to Layer 3 classification rules
D. Are applied when multiple rules are deployed on a port

Answer: D

QUESTION NO: 14
The Port Web Authentication URL in NetSight Atlas Policy Manager:

A. Is an interactive HTML page which is stored locally on the switch

B. Is accessed automatically via the users NT login
C. Must use secureharbour as the http:// address
D. Is a link to an internet proxy server

Answer: A

QUESTION NO: 15
Regarding roles in NetSight Atlas Policy Manager, which of the following is true?

A. A ports default role and current role must match

B. A ports default role takes precedence over its current role
C. Users may inherit a ports default role if authentication fails
D. Newly created roles must be associated with a default VLAN

Answer: C

QUESTION NO: 16
The pre-configured Demo.pmd database file in NetSight Atlas Policy Manager
includes:

A. A Trusted Employee Role

B. A VLAN for each user group
C. No bandwidth rate limiters
D. Services which deny administrative and legacy protocols

Answer: D

QUESTION NO: 17
Classification rules may be written based on all of the following EXCEPT:

A. Logical address
B. PHY and PMD sub-layers
C. Hardware address
D. TCP/UDP port number

Answer: B

QUESTION NO: 18
Enterasys policy-enabled network solution:

A. Can dynamically assign policies based on user authentication

B. Requires client software on users PCs
C. Assigns only VLAN membership upon authentication
D. Is supported on all Enterasys Networks products

Answer: A

QUESTION NO: 19
When configuring RADIUS parameters in NetSight Atlas Policy Manager, a 16-byte
(hex) shared secret is used to enable:

A. Communication between a RADIUS client and a RADIUS server

B. NetSight Atlas Policy Manager to communicate with end stations

C. NetSight Atlas Policy Manager to communicate with a devices authentication
functionality
D. NetSight Atlas Policy Manager to communicate with a RADIUS server

Answer: C

QUESTION NO: 20
The Application Shared Secret value in NetSight Atlas Policy Manager:

A. Must be the same as the shared secret configured on the RADIUS server and
client
B. Permits the application to communicate with the RADIUS server
C. Is an alpha-numeric string of any length
D. Is not necessary when using SNMPv3

Answer: D

QUESTION NO: 21
The RoamAbout R2 WAP supports policy-enabled networking:

A. By forwarding unauthorized traffic to a Discard VLAN

B. By mapping MAC addresses to virtual ports
C. Regardless of firmware version
D. By assigning the same policy to all authenticated users

Answer: B

QUESTION NO: 22
When services are added to an existing .pmd file:

A. They may only contain permit/deny rules

B. The new service can be written only to devices individually selected by the
administrator
C. They must immediately be applied to a role
D. The service is not effective until enforced

Answer: D

QUESTION NO: 23
In the Enterasys policy-enabled network model, on-demand policy assignment:

A. Requires the use of 802.1X authentication mechanisms

B. Is overridden by a ports default role
C. Makes use of the Filter-ID parameter
D. Is the result of a manual configuration

Answer: C

QUESTION NO: 24
In the three-level policy model, Enterasys maps:

A. The business/network level to classification rules

B. The device level to classification rules
C. All of the above
D. The service-provisioning level to roles

Answer: B

QUESTION NO: 25
Populating NetSight Atlas Policy Managers device list:

A. Allows the user to input a manually-created list of addresses

B. Can be automated by first running the MAC Locator utility
C. Can be accomplished by reading information from a .csv file
D. Is accomplished using the applications discovery function

Answer: A

QUESTION NO: 26
When potentially damaging traffic is introduced at the network edge:

A. (a) and (c)

B. Policy Manager must contact an IDS in order to determine the source IP address
of the malicious traffic
C. A new .pmd file must be opened and enforced to each device in the active edge
D. Classification rules which discard the unwanted traffic can be pushed to the edge
switches quickly

Answer: D

QUESTION NO: 27
The Active Edge consists of:

A. Core routers
B. SAP servers
C. User resources
D. Policy-enabled switches

Answer: D

QUESTION NO: 28
Selecting Active/Discard in the Port Configuration Wizard:

A. Drops traffic if authentication fails

B. Assigns a role with limited network access
C. Sets backplane ports by default
D. Applies only to a devices Host Data port

Answer: A

QUESTION NO: 29
Directory-enabled Networks (DEN):

A. Used directories as data repositories

B. Had no effect on the development of policy-based networking
C. Was introduced originally by Novell
D. Is the current standard for policy-based networking

Answer: A

QUESTION NO: 30
Enterasys Port Web Authentication:

A. Provides guest networking by assigning unauthenticated users to a secure VLAN

B. Is no longer supported in the Enterasys product line
C. Allows users to log in via an interactive HTML page
D. Supports on-demand policy assignment only

Answer: C

QUESTION NO: 31
In an 802.1X environment, if an end-station does not support authentication, then:

A. The authenticators controlled port will remain in an unauthorized state,

preventing the user from accessing network resources
B. The authenticator provides a temporary virtual connection to the RADIUS server
in case the station is a valid user
C. It makes no difference because the switch will authenticate the station by default
D. The switch will give the user a Guest role with limited network access

Answer: A

QUESTION NO: 32
Certificate services must be installed when using:

A. PWA
B. EAP-TLS
C. EAP-MD5
D. MAC authentication

Answer: B

QUESTION NO: 33
Enterasys products support all the following authentication methods EXCEPT:

A. Kerberos
B. MAC
C. Hybrid
D. PEAP

Answer: A

QUESTION NO: 34
A distinguishing characteristic of PEAP is:

A. It creates keying material using the Pseudo-Random Function

B. It adds security by running over a VPN tunnel
C. It uses salt encryption
D. It requires that only the supplicant present a certificate

Answer: A

QUESTION NO: 35
All of the following are true regarding a RADIUS server EXCEPT:

A. Uses a shared secret to enhance security

B. Consists of Authentication, Authorization and Accounting components
C. Communicates Accept or Reject responses directly to the user
D. Supports PAP or CHAP

Answer: C

QUESTION NO: 36
Within the Demo.pmd file, the Administrator role:

A. Denies the use of legacy protocols

B. Is available to any user
C. Allows the use of SNMP
D. Contains CoS restrictions to prevent congestion

Answer: C

QUESTION NO: 37
EAPoL (Extensible Authentication Protocol Over LANs) frames:

A. Are VLAN-tagged
B. Cannot be encrypted
C. Are used by a NAS to communicate with a RADIUS server
D. Are not VLAN-tagged

Answer: D

QUESTION NO: 38
Importing .pmd files:

A. Requires that the entire .pmd file be imported

B. Allows the user to select data elements to be imported
C. Causes data corruption due to rule conflicts
D. Is currently an unsupported functionality

Answer: B

QUESTION NO: 39
Acceptable Use Policy:

A. Requires the use of an authentication method

B. Should reflect the formal network security policy
C. Prevents users from sharing information
D. Is based on VLAN membership

Answer: B

QUESTION NO: 40
Authentication is used in Secure Application Provisioning to:

A. Persistently apply policy

B. provide additional network access

C. Allow configuration of a switch's host data port
D. Quarantine malicious traffic

Answer: B

QUESTION NO: 41
Key elements of a common policy architecture include:

A. Both (a) and (b)

B. A policy enforcement point
C. A policy termination point
D. A policy decision point

Answer: A

QUESTION NO: 42
Spoofing is a technique in which an:

A. Intruder masquerades as a legitimate network user

B. Authorized user attempts to disable a routers ACLs
C. Intruder tries to determine which TCP/UDP ports are in use on a network by
scanning a range of port numbers
D. Unauthorized user attempts to gain network access using an invalid
username/password combination

Answer: A

QUESTION NO: 43
After configuration changes have been made in NetSight Atlas Policy Manager, what
must be done before the changes take effect on the devices?

A. Nothing the changes take effect immediately

B. The NMS must be rebooted
C. The changes must be enforced
D. The changes must be verified

Answer: C

QUESTION NO: 44
Classification rules can deter attacks by:

A. Only allowing authentication over a controlled port

B. Shooting down hack attempts which use known signatures
C. Not allowing ICMP echo responses to egress the switch
D. Randomly changing community name passwords

Answer: C

QUESTION NO: 45
NetSight Atlas Policy Manager can assure consistent QoS across a routed network
environment by:

A. Avoiding the use of bandwidth rate limiters

B. Writing the priority bits of the 802.1Q tag to the IP ToS field
C. Giving high priority to all allowed network traffic
D. Mapping VLANs to subnets

Answer: B

QUESTION NO: 46
Components of the Enterasys policy-enabled network do NOT include:

A. Role-Based Administration
B. Active Edge
C. Authentication
D. Core-Based Dynamic VLAN Registration

Answer: D

QUESTION NO: 47
A phased approach to policy implementation:

A. Is not advisable because of the unnecessary delay introduced

B. Is based upon an implicit deny model

C. Allows for a low-risk deployment
D. Requires the creation of a customized database

Answer: C

QUESTION NO: 48
The Enterasys approach to Policy-Enabled Networking:

A. Treats all traffic in the same way

B. Allows full or restricted access to resources
C. None of the above
D. Allows only permit/deny rules

Answer: B

QUESTION NO: 49
Saving a NetSight Atlas Policy Manager configuration to a .pmd file:

A. Allows for multiple configurations to be stored on the NMS

B. Temporarily disables communication between all RADIUS clients until the save is
complete
C. Writes the configuration to NVRAM on the switches
D. Notifies the RADIUS server that new policies have been created

Answer: A

QUESTION NO: 50
In the policy-enabled network environment, decisions on what resources a user is
allowed to access are:

A. Determined by IP header information

B. Made by a RADIUS client
C. Based on the users function within the organization
D. Totally MAC-layer dependent

Answer: C

QUESTION NO: 51
The Enforce function in NetSight Atlas Policy Manager:

A. Takes place automatically when the application is closed

B. Provides system-level administration
C. Writes information to a switchs flash memory
D. Is used to save .pmd file information

Answer: B

QUESTION NO: 52

Maximum scalability is achieved by deploying classification rules based on:

A. Layer 2 information
B. Layer 1 information
C. Layer 3 information
D. Layer 4 information

Answer: D

QUESTION NO: 53
Secure Application Provisioning:

A. Limits scalability
B. Assigns guest users to a common VLAN
C. Does not address the issue of QoS
D. Provides levels of service based on business policy

Answer: D