PdfPrep.com

Which two steps can you take to avoid this sort of rogue behavior?

A sneaky employee using an Android phone on your network has disabled DHCP, enabled its firewall, and modified its Http user-agent header to fool ISE into profiling it as a windows 10 machine connected to the wireless network. this user can now get authorization for unrestricted network access using his Active Directory credentials because your policy states that a windows device using AD credentials should be able to get full network access.

However, an Android device should only get access to the web proxy.

Which two steps can you take to avoid this sort of rogue behavior? Choose two)
A . Modify the authorization policy to allow only Windows machines that have passed machine authentication to get full network access.
B . Create an authentication rule that allows only a session with a specific Http user-agent header
C . Allow only certificate-based authentication from Windows end points, such as EAP-TLS or PEAP-TL
D . If the end point uses MSCHAPv2(EAP or PEAP), the user is given only restricted access
E . Chain an authorization policy to the windows authorization policy that performs additional NMAP scans to verify the machine type before access is allowed
F . Add an authorization policy before the windows authorization policy that redirects a user with a static IP to a web portal for authentication
G . Perform CoA to push a restricted access when the machine is acquiring address using DHC

Answer: A, C



Exit mobile version