Forum

  • PC Flash card 36:
    Q: "Which organization creates standards for networking communications?"
    A: "IETF."

    I think you missed a couple ;-)

  • PC Flash Card 62:
    Q: "What security technology involves client posturing..."

    Should be "polling?"

  • Page 271. Figure 7.16:

    I don't interpret the figure as matching the description. The lines seem to show messages going directly from the client to the target AP. To me, the arch over the vertical line for the original AP indicates that the lines cross on paper, but the represented transactions do not involve the original AP.

    This is confirmed by the line for the reassociation request, which travels directly to the target AP.

    Slide 8.22 in the Course Guide explains it much better.

  • [quote]PC Flash Card 2:
    Q: "...what is a byproduct of 802.1X/EAP type with mutual authentication?"
    A: "Dynamic encryption key generation."

    Word "mutual" is extraneous and misleading. It implies that EAP types that don't do mutual authentication don't lead to dynamic key generation. [/quote]

    The question is fine according to the info in the book. Only EAP types supporting mutual authentication allow for dynamic key generation. EAP-MD5 is the example given of an EAP type that doesn't support mutual authentication and therefore can only be used with WEP and not TKIP or CCMP.

  • [quote]Chapter 4. page 147. Figure 4.27.
    Step 5 says "real username." Should say... something else. Step 2 says the suplicant gives the authenticator a "bogus username." It doesn't say if that bogus username is passed on by the authenticator. The text just says the authenticator tells the AS that "a supplicant wants to be validated." Perhaps it depends on the PEAP type. [/quote]

    I have a similar question on this? My guess is that for Phase 1 the "bogus username" should be used for step5(instead of "real username")?

    Can a Guru either confirm or deny if my guess is correct or not?

  • Larry,

    You are spot on and I would agree with your statement. The real user name isnt sent until the TLS tunnel is constructed.

  • There is also Chapter 4 - Question 12 :

    WHILE TALKING WITH A CLIENT'S FIREWALL ADMINISTRATOR ABOUT A NEW SECURE WiFi  ROLLOUT , SHE ASKS YOU IF YOU NEED UDP PORTS 1812 AND 1813 OPEN.   WHAT ARE THESE PORTS USED FOR ?

    a.  1812 is Radius accounting, 1813 is Radius authentication

    b. xxxxxxxxxxxxxxx

    c. xxxxxxxxxxxxxxx

    d.  1812 is Radius authentication , 1813 is Radius accounting .  

    The answer in book is A.   That should be D .  1812 is Auth and 1813 is acct.  

  • There is also Chapter 4 - Question 12 :

    WHILE TALKING WITH A CLIENT'S FIREWALL ADMINISTRATOR ABOUT A NEW SECURE WiFi  ROLLOUT , SHE ASKS YOU IF YOU NEED UDP PORTS 1812 AND 1813 OPEN.   WHAT ARE THESE PORTS USED FOR ?

    a.  1812 is Radius accounting, 1813 is Radius authentication

    b. xxxxxxxxxxxxxxx

    c. xxxxxxxxxxxxxxx

    d.  1812 is Radius authentication , 1813 is Radius accounting .  

    The answer in book is A.   That should be D .  1812 is Auth and 1813 is acct.  

  • There is also Chapter 4 - Question 12 :

    WHILE TALKING WITH A CLIENT'S FIREWALL ADMINISTRATOR ABOUT A NEW SECURE WiFi  ROLLOUT , SHE ASKS YOU IF YOU NEED UDP PORTS 1812 AND 1813 OPEN.   WHAT ARE THESE PORTS USED FOR ?

    a.  1812 is Radius accounting, 1813 is Radius authentication

    b. xxxxxxxxxxxxxxx

    c. xxxxxxxxxxxxxxx

    d.  1812 is Radius authentication , 1813 is Radius accounting .  

    The answer in book is A.   That should be D .  1812 is Auth and 1813 is acct.  

Page 2 of 2