What should Bob do to prevent unauthorized student access to the wired network?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

What should Bob do to prevent unauthorized student access to the wired network?

Explanation:
The concept being tested is controlling access to a wired network at the point of entry through port-based authentication. 802.1X creates a guard on each switch port: the device attempting to connect (the supplicant) must be authenticated by an authentication server (usually via RADIUS) before that port is allowed to carry traffic. Until authentication succeeds, the port remains in a restricted state, blocking normal access. This means only devices and users that prove their identity can join the network, which is exactly what’s needed to prevent unauthorized students from plugging in. Why this is the best choice: it provides active validation of who or what is connecting, scales well in environments with many users and devices, and can enforce policies like placing unauthenticated devices in a restricted VLAN or blocking them entirely until credentials or certificates are verified. It’s specifically designed for wired access control and reduces the risk of rogue devices gaining network access, compared to approaches that don’t verify identity. Why the others aren’t as effective: disabling all switch ports is impractical and disruptive for legitimate users; MAC address filtering can be defeated by spoofing and doesn’t authenticate the user or device; static IP addressing doesn’t verify identity or prevent new devices from connecting once a link is established.

The concept being tested is controlling access to a wired network at the point of entry through port-based authentication. 802.1X creates a guard on each switch port: the device attempting to connect (the supplicant) must be authenticated by an authentication server (usually via RADIUS) before that port is allowed to carry traffic. Until authentication succeeds, the port remains in a restricted state, blocking normal access. This means only devices and users that prove their identity can join the network, which is exactly what’s needed to prevent unauthorized students from plugging in.

Why this is the best choice: it provides active validation of who or what is connecting, scales well in environments with many users and devices, and can enforce policies like placing unauthenticated devices in a restricted VLAN or blocking them entirely until credentials or certificates are verified. It’s specifically designed for wired access control and reduces the risk of rogue devices gaining network access, compared to approaches that don’t verify identity.

Why the others aren’t as effective: disabling all switch ports is impractical and disruptive for legitimate users; MAC address filtering can be defeated by spoofing and doesn’t authenticate the user or device; static IP addressing doesn’t verify identity or prevent new devices from connecting once a link is established.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy