802.1X is an IEEE standard for network access control (NAC). Which of the following statements is correct? (Wentz QOTD)
A. Messages between the authenticator and authentication server are encapsulated by 802.1X.
B. Switch hubs and wireless access points are supplicants that use EAP-based authentication.
C. The security posture of the authenticator determines if a network access request is granted.
D. A supplicant doesn’t authenticate to the RADIUS server directly.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. A supplicant doesn’t authenticate to the RADIUS server directly.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
- A supplicant doesn’t authenticate to the RADIUS server directly. It authenticates to the authenticator; the authentication request is then forwarded to the authentication server using RADIUS.
- Messages between the authenticator and authentication server are typically encapsulated by RADUS.
- Switch hubs and wireless access points are authenticators that use EAP-based authentication.
- The security posture of a supplicant determines if a network access request is granted. A supplicant can be isolated for remediation are quarantine networks and captive portals because of lacking timely system patches or antivirus updates.
Reference
802.1X 是網絡訪問控制 (NAC) 的 IEEE 標準。 以下哪項敍述是正確的? (Wentz QOTD)
A. 身份驗證器和身份驗證服務器之間的消息由 802.1X 封裝。
B. 交換機集線器和無線接入點是使用基於 EAP 的身份驗證的請求者。
C. 身份驗證器的安全狀態確定是否允許網絡訪問請求。
D. 請求者不直接向 RADIUS 服務器進行身份驗證。