Chapter 65 · Quiz

Port Security Quiz

10 questions covering EAP, IEEE 802.1X, the three-component model, EAP methods, and centralized authentication integration.

Question 1 of 6
An organization wants to prevent unauthorized devices from connecting to its network by requiring authentication at the switch port level. Which protocol framework provides the flexible, extensible authentication mechanism that works with IEEE 802.1X to enforce this requirement?
Question 2 of 6
In an IEEE 802.1X authentication exchange, which component is the device requesting access to the network — the one that must provide credentials before the port opens?
Question 3 of 6
An employee plugs a laptop into a corporate switch port. The switch sends an EAP-Request/Identity to the laptop, receives an EAP-Response, forwards the credentials to the RADIUS server, and then opens the port when the RADIUS server returns Access-Accept. Which 802.1X role is the switch performing?
Question 4 of 6
A security architect requires that only company-issued devices can authenticate to the corporate network — not just any device with a valid user password. Which EAP method enforces device-level identity by requiring both the client device and the authentication server to present digital certificates?
Question 5 of 6
During 802.1X authentication, the RADIUS server verifies the supplicant's credentials against Active Directory and returns an Access-Accept message to the switch. What does the switch do next?
Question 6 of 6
IEEE 802.1X is formally described as which type of network access control mechanism?

Matching

Match each description to the 802.1X or EAP concept it best represents.

1. The client device in an 802.1X exchange — the one that must provide credentials before the port opens for normal network traffic
2. The switch or wireless access point in an 802.1X exchange — it relays credentials to the authentication server and enforces the server's access decision, but never validates credentials itself
3. The back-end RADIUS-based server in an 802.1X exchange — the only component that verifies whether credentials are valid and returns Access-Accept or Access-Reject
4. The EAP method that uses only a server-side certificate to create a TLS outer tunnel, then carries MSCHAPv2 username/password authentication inside the tunnel — most widely deployed enterprise Wi-Fi authentication method
A. Supplicant
B. Authenticator
C. Authentication Server
D. PEAP