A network administrator is implementing multifactor authentication for employees who travel and use company devices remotely by using the company VPN. Which of the following would provide the required level of authentication?
Even i fell answer should be D.
A. 802.1x is Port-Based Network Access Control. Have not heard of any implementation of 802.1x over VPN technologies i know of.
B. Redundant - Not valid answer.
C. RBAC does not make sense in this Context.
So I vote D to be the best answer.
802.1x VPN does exist, the presumption is you've already logged into your workstation.
Juniper for example has a VPN client that could be configured to work with 802.1x using a certificate to validate identity and not prompting for additional credentials as you've already "logged" into the workstation using credentials.
The problem is a certificate is something you have, and the OTP will require something you have as well - Token, Phone, etc.
Answer: A
802.1x is a port-based authentication and I have not seen to be mentioned as an authentication factor. If, let's say, we consider it an authentication factor, it will be something you have: your device with an authorized MAC/port + OTP (something you have based o a token) is not multifactor auth
username/pass + TOTP = something you know + something you have = 2FA
IDK if this will help anyone... but OTP is not in the Acronyms list on CompTias site.
So, yea, just throwing that out there that I think the answer is D based off the answer and the fact that OTP is not "officially" on the exam to know list.
A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors. Time-based one-time passwords are commonly used for two-factor authentication and have seen growing adoption by cloud application providers.
Answer is D
Totp is a one time token used as something you have and password/un is something you remember
The problem with A is these are both things you'd "have".
For 802.1x you'd require a certificate which you "have" installed on the workstation. The OTP would require a hard token, or device to receive the OTP.
D. Actually fits the requirements of MFA or in this case 2FA - Something you know, Something you have. If there was a 3rd layer it would become MFA - Something you are - Finger print, facial, etc.
Hard to argue with the network gods themselves.
"The VPN Access Control Using 802.1X Authentication feature allows enterprise employees to access their enterprise networks from home while allowing other household members to access only the Internet."
https://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_8021x/configuration/15-0m/sec-vpn-ac-802-1x.html
The home access router provides connectivity to the corporate network through a Virtual Private Network (VPN) tunnel through the Internet. The feature uses the IEEE 802.1X protocol framework to achieve the VPN access control
"TOTP (Time-based, One-Time Password) is a form of MFA that uses a randomly generated code as an additional authentication token. TOTP MFA codes are generally created via a smartphone app (e.g. Google Authenticator), so it falls under the “something you have” classification."
plus the question is talking about the use of VPN, from my knowledge username/password with TOTP to connect to the VPN is extremely common with companies.
So sorry, I read wrong. 802.1x refers to port-based Network Access Control, so basically you require a device that needs a LAN connectivity to the internet and in order to connect to the vpn, you need a OTP device to access the company's VPN, so I still believe best answer is A
As it doesn’t make sense to implement a password as well as a one time password, the network protocol that allows for authentication, as well as the authentication itself (otp) is needed. The provided answer is correct.
Lots of things use a password and then a one time password for authentication. A password is something you know and a time-based onetime-password/secure token is something you have.
802.1x is RADIUS. It is also Multifactor authentication, correct? As it also needs a username and password plus the OTP. Confusing
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AllenFox
Highly Voted 4 years, 10 months agoPaulie_D
4 years, 5 months agoxkjhbsdhfber
4 years, 3 months ago[Removed]
4 years, 2 months agoskuppper_12
4 years agoJosePulickal
4 years, 5 months agoindianjones
4 years, 1 month agoKJ44
4 years, 2 months agoKudojikuto
Highly Voted 4 years, 10 months agoKudojikuto
4 years, 10 months agoReactsean
Most Recent 3 years, 10 months agofonka
3 years, 10 months agofonka
3 years, 10 months agoStickyMac
4 years agoindianjones
4 years, 1 month agoloophole
4 years, 1 month agoKJ44
4 years, 2 months agoCindan
4 years, 2 months agoseanccna
4 years, 3 months agoGroove120
4 years, 4 months agoyalight
4 years, 5 months agoHanzero
4 years, 8 months agockkid
4 years, 7 months agoSvendZ
4 years, 10 months agoIbrahim_aj
4 years, 9 months agocaps
4 years, 10 months agocaps
4 years, 10 months agoAerials
4 years, 10 months agoDookyBoots
4 years, 8 months agoDante_Dan
4 years, 10 months ago