Enterasys Networks 2B0-019ES Policy Enabled NetworkingVersion 1.0

QUESTION NO: 1 Role-based administration:

A. Makes no allowance for non-employee trafficB. Uses ACLs to determine user network accessC. Can model the business in softwareD. Allows IT to determine how resources are allocated

Answer: C

QUESTION NO: 2 Persistent policy assignment:

A. Cannot be used on uplink portsB. Can be effective in an incremental deployment of acceptable use policyC. Is deployed based on user authenticationD. Is dependent upon a RADIUS back-end configuration

Answer: B

QUESTION NO: 3 What is the function of the Filter-ID when configuring a RADIUS server for use within a policy-enabled network?

A. It filters unwanted BPDUs from flooding the RADIUS serverB. It filters or blocks users who are not registered with the RADIUS serverC. It matches a MAC address with a specific user and updates an active-edge switchs forwarding databaseD. It passes policy information to a policy-enabled switch when a user successfully authenticates

Answer: D

QUESTION NO: 4 What is the difference between a Controlled port and an Uncontrolled port in 802.1X?

A. A controlled port passes all PDUs (protocol data units) while an uncontrolled port must be in an Active stateB. The controlled port only allows for the exchange of PDUs if its current state is authorized, while the uncontrolled port will pass PDUs regardless of its authorization stateC. The controlled port must always be in an active state while an uncontrolled port must notD. A controlled port is a physical port while an uncontrolled port is virtual

Answer: B

QUESTION NO: 5 In Secure Application Provisioning, the Enterprise Access role:

A. Is assigned based on the users subnet addressB. Provides only courtesy web accessC. Facilitates network troubleshootingD. Includes the Acceptable Use Policy service group

Answer: D

QUESTION NO: 6 The traditional approach to Secure Guest Access has been:

A. To control access using Layer 4 classification rulesB. Based on Application Level GatewaysC. VLAN containmentD. Protocol-based containment

Answer: C

QUESTION NO: 7 All of the following are services which make up the pre-configured Acceptable Use Policy service group EXCEPT:

A. Protocol Priority Access ControlB. Deny SpoofingC. Limit Exposure to DoS attacksD. Permit Legacy Protocols

Answer: D

QUESTION NO: 8 Network security policy should:

A. Be documented as a formal statementB. Contain policies that are enforceableC. All of the aboveD. Define users access rights and privileges

Answer: C

QUESTION NO: 9 Selecting Active/Default Role in the Port Configuration Wizard:

A. Causes the user to inherit the ports default role if authentication failsB. Assigns the ports default role to the user upon authentication successC. Is an unsupported configuration optionD. Discards traffic from an unauthenticated user

Answer: A

QUESTION NO: 10 The classification type having the highest precedence value is:

A. IP protocol typeB. Source MAC addressC. Source IP address exact matchD. Destination MAC address

Answer: B

QUESTION NO: 11 Enterasys Secure Guest Access solution:

A. Allows only specifically-defined protocolsB. All of the aboveC. Provides guest access without compromising securityD. Prevents guests from seeing each others traffic

Answer: B

QUESTION NO: 12 EAP-TLS:

A. Does not require a Public Key InfrastructureB. Utilizes uni-directional authenticationC. Is regarded as a weak authentication methodD. Generates keying material for use in WEP encryption

Answer: D

QUESTION NO: 13 Classification precedence rules:

A. Gives highest precedence to IP protocol-based rulesB. May be configured by the administratorC. Apply only to Layer 3 classification rulesD. Are applied when multiple rules are deployed on a port

Answer: D

QUESTION NO: 14 The Port Web Authentication URL in NetSight Atlas Policy Manager:

A. Is an interactive HTML page which is stored locally on the switchB. Is accessed automatically via the users NT loginC. Must use secureharbour as the http:// addressD. Is a link to an internet proxy server

Answer: A

QUESTION NO: 15 Regarding roles in NetSight Atlas Policy Manager, which of the following is true?

A. A ports default role and current role must matchB. A ports default role takes precedence over its current roleC. Users may inherit a ports default role if authentication failsD. Newly created roles must be associated with a default VLAN

Answer: C

QUESTION NO: 16 The pre-configured Demo.pmd database file in NetSight Atlas Policy Manager includes:

A. A Trusted Employee RoleB. A VLAN for each user groupC. No bandwidth rate limitersD. Services which deny administrative and legacy protocols

Answer: D

QUESTION NO: 17 Classification rules may be written based on all of the following EXCEPT:

A. Logical addressB. PHY and PMD sub-layersC. Hardware addressD. TCP/UDP port number

Answer: B

QUESTION NO: 18 Enterasys policy-enabled network solution:

A. Can dynamically assign policies based on user authenticationB. Requires client software on users PCsC. Assigns only VLAN membership upon authenticationD. Is supported on all Enterasys Networks products

Answer: A

QUESTION NO: 19 When configuring RADIUS parameters in NetSight Atlas Policy Manager, a 16-byte (hex) shared secret is used to enable:

A. Communication between a RADIUS client and a RADIUS serverB. NetSight Atlas Policy Manager to communicate with end stationsC. NetSight Atlas Policy Manager to communicate with a devices authentication functionalityD. NetSight Atlas Policy Manager to communicate with a RADIUS server

Answer: C

QUESTION NO: 20 The Application Shared Secret value in NetSight Atlas Policy Manager:

A. Must be the same as the shared secret configured on the RADIUS server and clientB. Permits the application to communicate with the RADIUS serverC. Is an alpha-numeric string of any lengthD. Is not necessary when using SNMPv3

Answer: D

QUESTION NO: 21 The RoamAbout R2 WAP supports policy-enabled networking:

A. By forwarding unauthorized traffic to a Discard VLANB. By mapping MAC addresses to virtual portsC. Regardless of firmware versionD. By assigning the same policy to all authenticated users

Answer: B

QUESTION NO: 22 When services are added to an existing .pmd file:

A. They may only contain permit/deny rulesB. The new service can be written only to devices individually selected by the administratorC. They must immediately be applied to a roleD. The service is not effective until enforced

Answer: D

QUESTION NO: 23 In the Enterasys policy-enabled network model, on-demand policy assignment:

A. Requires the use of 802.1X authentication mechanismsB. Is overridden by a ports default roleC. Makes use of the Filter-ID parameterD. Is the result of a manual configuration

Answer: C

QUESTION NO: 24 In the three-level policy model, Enterasys maps:

A. The business/network level to classification rulesB. The device level to classification rulesC. All of the aboveD. The service-provisioning level to roles

Answer: B

QUESTION NO: 25 Populating NetSight Atlas Policy Managers device list:

A. Allows the user to input a manually-created list of addressesB. Can be automated by first running the MAC Locator utilityC. Can be accomplished by reading information from a .csv fileD. Is accomplished using the applications discovery function

Answer: A

QUESTION NO: 26 When potentially damaging traffic is introduced at the network edge:

A. (a) and (c)B. Policy Manager must contact an IDS in order to determine the source IP address of the malicious trafficC. A new .pmd file must be opened and enforced to each device in the active edgeD. Classification rules which discard the unwanted traffic can be pushed to the edge switches quickly

Answer: D

QUESTION NO: 27 The Active Edge consists of:

A. Core routersB. SAP serversC. User resourcesD. Policy-enabled switches

Answer: D

QUESTION NO: 28 Selecting Active/Discard in the Port Configuration Wizard:

A. Drops traffic if authentication failsB. Assigns a role with limited network accessC. Sets backplane ports by defaultD. Applies only to a devices Host Data port

Answer: A

QUESTION NO: 29 Directory-enabled Networks (DEN):

A. Used directories as data repositoriesB. Had no effect on the development of policy-based networkingC. Was introduced originally by NovellD. Is the current standard for policy-based networking

Answer: A

QUESTION NO: 30 Enterasys Port Web Authentication:

A. Provides guest networking by assigning unauthenticated users to a secure VLANB. Is no longer supported in the Enterasys product lineC. Allows users to log in via an interactive HTML pageD. Supports on-demand policy assignment only

Answer: C

QUESTION NO: 31 In an 802.1X environment, if an end-station does not support authentication, then:

A. The authenticators controlled port will remain in an unauthorized state, preventing the user from accessing network resourcesB. The authenticator provides a temporary virtual connection to the RADIUS server in case the station is a valid userC. It makes no difference because the switch will authenticate the station by defaultD. The switch will give the user a Guest role with limited network access

Answer: A

QUESTION NO: 32 Certificate services must be installed when using:

A. PWAB. EAP-TLSC. EAP-MD5D. MAC authentication

Answer: B

QUESTION NO: 33 Enterasys products support all the following authentication methods EXCEPT:

A. KerberosB. MACC. HybridD. PEAP

Answer: A

QUESTION NO: 34 A distinguishing characteristic of PEAP is:

A. It creates keying material using the Pseudo-Random FunctionB. It adds security by running over a VPN tunnelC. It uses salt encryptionD. It requires that only the supplicant present a certificate

Answer: A

QUESTION NO: 35 All of the following are true regarding a RADIUS server EXCEPT:

A. Uses a shared secret to enhance securityB. Consists of Authentication, Authorization and Accounting componentsC. Communicates Accept or Reject responses directly to the userD. Supports PAP or CHAP

Answer: C

QUESTION NO: 36 Within the Demo.pmd file, the Administrator role:

A. Denies the use of legacy protocolsB. Is available to any userC. Allows the use of SNMPD. Contains CoS restrictions to prevent congestion

Answer: C

QUESTION NO: 37 EAPoL (Extensible Authentication Protocol Over LANs) frames:

A. Are VLAN-taggedB. Cannot be encryptedC. Are used by a NAS to communicate with a RADIUS serverD. Are not VLAN-tagged

Answer: D

QUESTION NO: 38 Importing .pmd files:

A. Requires that the entire .pmd file be importedB. Allows the user to select data elements to be importedC. Causes data corruption due to rule conflictsD. Is currently an unsupported functionality

Answer: B

QUESTION NO: 39 Acceptable Use Policy:

A. Requires the use of an authentication methodB. Should reflect the formal network security policyC. Prevents users from sharing informationD. Is based on VLAN membership

Answer: B

QUESTION NO: 40 Authentication is used in Secure Application Provisioning to:

A. Persistently apply policyB. provide additional network accessC. Allow configuration of a switch's host data portD. Quarantine malicious traffic

Answer: B

QUESTION NO: 41 Key elements of a common policy architecture include:

A. Both (a) and (b)B. A policy enforcement pointC. A policy termination pointD. A policy decision point

Answer: A

QUESTION NO: 42 Spoofing is a technique in which an:

A. Intruder masquerades as a legitimate network userB. Authorized user attempts to disable a routers ACLsC. Intruder tries to determine which TCP/UDP ports are in use on a network by scanning a range of port numbersD. Unauthorized user attempts to gain network access using an invalid username/password combination

Answer: A

QUESTION NO: 43 After configuration changes have been made in NetSight Atlas Policy Manager, what must be done before the changes take effect on the devices?

A. Nothing the changes take effect immediatelyB. The NMS must be rebootedC. The changes must be enforcedD. The changes must be verified

Answer: C

QUESTION NO: 44 Classification rules can deter attacks by:

A. Only allowing authentication over a controlled portB. Shooting down hack attempts which use known signaturesC. Not allowing ICMP echo responses to egress the switchD. Randomly changing community name passwords

Answer: C

QUESTION NO: 45 NetSight Atlas Policy Manager can assure consistent QoS across a routed network environment by:

A. Avoiding the use of bandwidth rate limitersB. Writing the priority bits of the 802.1Q tag to the IP ToS fieldC. Giving high priority to all allowed network trafficD. Mapping VLANs to subnets

Answer: B

QUESTION NO: 46 Components of the Enterasys policy-enabled network do NOT include:

A. Role-Based AdministrationB. Active EdgeC. AuthenticationD. Core-Based Dynamic VLAN Registration

Answer: D

QUESTION NO: 47 A phased approach to policy implementation:

A. Is not advisable because of the unnecessary delay introducedB. Is based upon an implicit deny modelC. Allows for a low-risk deploymentD. Requires the creation of a customized database

Answer: C

QUESTION NO: 48 The Enterasys approach to Policy-Enabled Networking:

A. Treats all traffic in the same wayB. Allows full or restricted access to resourcesC. None of the aboveD. Allows only permit/deny rules

Answer: B

QUESTION NO: 49 Saving a NetSight Atlas Policy Manager configuration to a .pmd file:

A. Allows for multiple configurations to be stored on the NMSB. Temporarily disables communication between all RADIUS clients until the save is completeC. Writes the configuration to NVRAM on the switchesD. Notifies the RADIUS server that new policies have been created

Answer: A

QUESTION NO: 50 In the policy-enabled network environment, decisions on what resources a user is allowed to access are:

A. Determined by IP header informationB. Made by a RADIUS clientC. Based on the users function within the organizationD. Totally MAC-layer dependent

Answer: C

QUESTION NO: 51 The Enforce function in NetSight Atlas Policy Manager:

A. Takes place automatically when the application is closedB. Provides system-level administrationC. Writes information to a switchs flash memoryD. Is used to save .pmd file information

Answer: B

QUESTION NO: 52 Maximum scalability is achieved by deploying classification rules based on:

A. Layer 2 informationB. Layer 1 informationC. Layer 3 informationD. Layer 4 information

Answer: D

QUESTION NO: 53 Secure Application Provisioning:

A. Limits scalabilityB. Assigns guest users to a common VLANC. Does not address the issue of QoSD. Provides levels of service based on business policy

Answer: D