In the use of 802.1X access control, which three protocols are allowed through the switch
port before authentication takes place? Select three.
A.
Configure only trusted interfaces with root guard.
B.
Implement private VLANs (PVLANs) to carry only user traffic.
C.
Implement private VLANs (PVLANs) to carry only DHCP traffic.
D.
Configure only untrusted interfaces with root guard.
E.
Configure DHCP spoofing on all ports that connect untrusted clients.
F.
Configure DHCP snooping only on ports that connect trusted DHCP servers.
G.
None of the other alternatives apply
Explanation:
The IEEE 802.1x standard defines a port-based access control and authentication protocol
that restricts unauthorized workstations from connecting to a LAN through publicly
accessible switch ports. The authentication server authenticates each workstation that is
connected to a switch port before making available any services offered by the switch or the
LAN. Until the workstation is authenticated, 802.1x access control allows only Extensible
Authentication Protocol over LAN (EAPOL) traffic through the port to which the workstation is
connected. After authentication succeeds, normal traffic can pass through the port.
The Authentication server performs the actual authentication of the client. The authentication
server validates the identity of the client and notifies the switch whether or not the client is
authorized to access the LAN and switch services. Because the switch acts as the proxy, the
authentication service is transparent to the client. In this release, the Remote Authentication
Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol
(EAP) extensions is the only supported authentication server; it is available in Cisco Secure
Access Control Server version 3.0. RADIUS operates in a client/server model in whichsecure authentication information is exchanged between the RADIUS server and one or
more RADIUS clients.
Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm
to discover physical loops in a network and effect a logical loop-free topology. STP creates a
loop-free tree structure consisting of leaves and branches that span the entire Layer 2
network. The actual mechanics of how bridges communicate and how the STP algorithm
works will be discussed at length in the following topics. Note that the terms bridge and
switch are used interchangeably when discussing STP. In addition, unless otherwise
indicated, connections between switches are assumed to be trunks.
CDP is a Cisco proprietary protocol that operates at the Data Link layer. One unique feature
about operating at Layer 2 is that CDP functions regardless of what Physical layer media
you are using (UTP, fiber, and so on) and what Network layer routed protocols you are
running (IP, IPX, AppleTalk, and so on). CDP is enabled on all Cisco devices by default, and
is multicast every 60 seconds out of all functioning interfaces, enabling neighbor Cisco
devices to collect information about each other. Although this is a multicast message, Cisco
switches do not flood that out to all their neighbors as they do a normal multicast or broadcast.
For STP, CDP and EAP-over-LAN are allowed before Authentication.
wow….web admin…do you read your work?
Answers are not inherent with the question….
Choice E makes no sense “Configure DHCP spoofing on all ports that connect untrusted clients”
You do not configure DHCP spooFing as that is the type of attack. You configure DHCP snooPing to PREVENT DHCP spooFing
answer is: STP, CDP, EAPoL. It’s a shame they are not available choices 😉
Took the 300-115 exam yesterday, passed with 955/1000 points!
Got 40 questions in total, a lot of new questions, LABs: LACP, AAAdot1x and HSRP.
I got all questions from passleader 300-115 exam dumps (got vce and pdf files from: https://tr.im/gMzjr), all new questions were same as my exam, still valid until now!
Here are some new questions that appeared in my exam:
Q1
When SDM templates are configured, which action must be performed for the configuration to take effect?
A. reload
B. shutdown
C. write memory
D. backup config
Q2
Which statement about the MAC address sticky entries in the switch when the copy run start command is entered is true?
A. A sticky MAC address is retained when the switch reboots.
B. A sticky MAC address can be a unicast or multicast address.
C. A sticky MAC address is lost when the switch reboots.
D. A sticky MAC address ages out of the MAC address table after 600 seconds.
Q3
Enablement of which feature puts the port into err-disabled state when the port has PortFast enabled and it receives BPDUs?
A. BPDU filtering
B. BackboneFast
C. EtherChannel
D. BPDU guard
Q4
Interfaces are assigned to a VLAN, and then the VLAN is deleted. Which state are these interfaces in after the VLAN is deleted?
A. They remain up, but they are reassigned to the default VLAN.
B. They go down until they are reassigned to a VLAN.
C. They go down, but they are reassigned to the default VLAN.
D. They remain up, but they are reassigned to the native VLAN.
Q5
Which feature is automatically configured when an administrator enables a voice VLAN?
A. 802.1Q trunking
B. PortFast
C. QoS
D. private VLANs
Q6
Which statement describes one major issue that VTP can cause in an enterprise network when a new switch is introduced in the network in VTP mode server?
A. It can cause network access ports to go into err-disabled state.
B. It can cause a network-wide VLAN configuration change if the revision number on the new switch is higher.
C. It can cause a network-wide VLAN configuration change if the revision number on the new switch is lower.
D. It can cause routing loops.
Good Luck To You!
[Update]
New 300-115 Exam Questions and Answers Updated Recently (7/Feb/2016):
NEW QUESTION 1
Refer to the exhibit, which statement abort the current configuration on port GigabitEthernet2/0/1 is true?
!
interface GigabitEthernet2/0/1
switchport access vlan 700
switchport trunk allowed vlan 200,300,700
switchport mode trunk
end
!
A. It is an access port configured for a phone and a PC
B. It is a trunk port and the native VLAN is VLAN1
C. It is a trunk port and the natrve VL AN m VLAN 700
D. It is an access port in VLAN 700
Answer: B
NEW QUESTION 2
Which two statements about default FHRP behavior are true? (Choose two.)
A. A backup GLBP active virtual gateway can become active only if the current active virtual gateway fails.
B. Preemption is enabled by default.
C. Unless specifically Configured, the priority of an HSRP router is 200.
D. A standby HSRP router becomes active if it has a higher priority than the priority of the current active router.
E. A VRRP backup virtual router becomes the master router if its priority is higher than the priority of the current master router.
Answer: DE
NEW QUESTION 3
If StormControl is enabled on a port and the traffic reachesthe configured level, which two actions can be configured to occur? (Choose two.)
A. Trap
B. notify admin
C. redirect traffic
D. log
E. shut down
Answer: AC
NEW QUESTION 4
Which two options are advantages of deploying VTPv3? (Choose two.)
A. It stores the VTP domain password securely as a SHA-1 hash.
B. It adds an FCS field at the end of each VTP frame for consistency checking.
C. It supports the propagation of private VLANs.
D. It supports the use of AES to encrypt VTP messaging.
E. It can be configured to allow only one VTP server to make changes to the VTP domain.
Answer: DE
NEW QUESTION 5
Which statement about HSRP, GLBP, and VRRP is true?
A. VRRP group members communicate using multicast address 224.0.0.102.
B. MAC address 0000.0c07.acOc indicates that default gateway redundancy is provided through GLBP.
C. HSRP group members communicate using multicast address 224.0.0.18.
D. GLBP uses UDP port 3222 (source and destination) for hello messages.
Answer: A
NEW QUESTION 6
……
P.S. These New 300-115 Exam Questions Were Just Updated From The Real 300-115 Exam, You Can Get The Newest 300-115 Dumps In PDF And VCE From — http://www.passleader.com/300-115.html (242q VCE and PDF)
Good Luck!
By the way, that new 242Q 300-115 Dumps are Available here for Free:
https://drive.google.com/open?id=0B-ob6L_QjGLpV1dGa2Q3czNVNG8
Best Regards!