350-401 802.1X and TrustSec • Complete Question Bank
Complete 350-401 802.1X and TrustSec question bank — all 0 questions with answers and detailed explanations.
A network engineer runs the following command on switch SW1:
SW1# show authentication sessions interface GigabitEthernet1/0/1 Interface: GigabitEthernet1/0/1
MAC Address: 0011.2233.4455
IP Address: 192.168.1.100
Status: Authz Success Domain: DATA Oper host mode: multi-auth Oper control dir: both Session timeout: N/A Common Session ID: 0A1B2C3D4E5F6G7H8I9J Acct Session ID: 0x0000000A Handle: 0x00000001
Current Method List: mab Method: MAB State: Authz Success
Based on this output, what can be concluded?
A network engineer runs the following command on switch SW2:
SW2# show cts role-based sgt-map
Active IPv4-SGT Mapping Table:
IP Address SGT 192.168.1.10 10 192.168.1.20 20 192.168.1.30 30
Total number of entries: 3
Based on this output, what can be concluded?
A network engineer runs the following command on switch SW3:
SW3# show cts role-based permissions
IPv4 Role-based permissions:
Source Group Dest Group Action 10 20 PERMIT 10 30 DENY 20 30 PERMIT
Based on this output, what can be concluded?
A network engineer runs the following command on switch SW4:
SW4# show cts environment-data
CTS Environment Data:
Device ID: SW4.cisco.com Device Name: SW4 CTS Capabilities: SGT, SXP, CTSD, CTSA SGT: 100 SXP Node: Enabled SXP Connection: 10.1.1.1:64999
Based on this output, what can be concluded?
A network engineer runs the following command on switch SW5:
SW5# show cts sxp connections
SXP Connections:
Peer IP Source IP Conn Status Duration
10.1.1.1 10.1.1.2 Up 2d3h 10.1.1.3 10.1.1.2 Down 0d0h
Based on this output, what can be concluded?
A network engineer runs the following command on switch SW6:
SW6# show cts role-based counters
Role-based counters:
Source Group Dest Group Packets Sent Bytes Sent Packets Denied Bytes Denied 10 20 1500 120000 0 0 10 30 0 0 500 40000
Based on this output, what can be concluded?
A network engineer runs the following command on switch SW7:
SW7# show authentication registrations
Authentication Method Registrations:
Method Priority Type dot1x 10 Interface mab 20 Interface webauth 30 Interface
Based on this output, what can be concluded?
A network engineer runs the following command on switch SW8:
SW8# show cts role-based sgt-map 192.168.1.10 IP Address: 192.168.1.10
SGT: 10 Source: SXP
Based on this output, what can be concluded?
A network engineer runs the following command on switch SW9:
SW9# show cts role-based policy
Role-based policy:
Source Group Dest Group Action 10 20 PERMIT 10 30 DENY 20 30 PERMIT
Based on this output, what can be concluded?
Consider the following configuration on a Cisco IOS-XE switch:
interface GigabitEthernet1/0/1 switchport mode access
authentication port-control auto dot1x pae authenticator dot1x timeout tx-period 5
spanning-tree portfast
What is the effect of this configuration?
Examine the following configuration snippet:
interface GigabitEthernet1/0/2 switchport mode access
authentication port-control auto mab dot1x pae authenticator dot1x timeout tx-period 10
Which statement about this configuration is true?
Consider the following TrustSec configuration on a Cisco switch:
cts role-based enforcement
interface GigabitEthernet1/0/3
cts manual sap pmk 0123456789ABCDEF mode-list both
What is the purpose of this configuration?
Examine the following configuration:
aaa new-model aaa authentication dot1x default group radius
dot1x system-auth-control
interface GigabitEthernet1/0/4 switchport mode access
authentication port-control auto dot1x pae authenticator dot1x timeout quiet-period 30
What is the effect of the 'dot1x timeout quiet-period 30' command?
Consider this configuration for TrustSec on a Cisco switch:
cts role-based enforcement
interface GigabitEthernet1/0/5
cts manual sap pmk AABBCCDDEEFF00112233445566778899 mode-list both propagate sgt
What is the purpose of the 'propagate sgt' command under the interface?
Examine the following configuration on a Cisco IOS-XE switch:
interface GigabitEthernet1/0/6 switchport mode access
authentication port-control auto dot1x pae authenticator dot1x timeout tx-period 3 dot1x max-req 3 dot1x timeout supp-timeout 10
What is the total time the switch will wait for a supplicant to respond before failing authentication?