ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security administrator is tasked with preventing rogue laptops from gaining any access when plugged into an empty Ethernet jack in a conference room. The solution must authenticate the user and device before even a DHCP lease is issued, and must integrate with an existing RADIUS server for credential checks. Which control satisfies these requirements?
Apply static MAC address filters to each switchport for all approved endpoints
Assign all unused switch ports to an isolated "black-hole" VLAN with no gateway
Enable IEEE 802.1X port-based authentication on access switches and use the RADIUS server for credential validation
Configure DHCP snooping to permit IP leases only from trusted servers
IEEE 802.1X enforces port-based network access control by requiring endpoints to complete an Extensible Authentication Protocol (EAP) exchange before the switch ever transitions the port to an active forwarding state. The switch (acting as the authenticator) relays the user or device credentials to a back-end RADIUS server, which grants or denies access. Because network connectivity- including DHCP requests- is blocked until authentication succeeds, unauthorized or rogue devices are prevented from joining the network.
DHCP snooping only validates DHCP transactions; it does not verify user or device identity and cannot stop an attacker who statically configures an IP address. MAC address filtering is labor-intensive and easily bypassed through spoofing. Moving unused ports to an isolated VLAN keeps them from reaching production networks but does not authenticate devices, and misconfiguration can still leave ports active. Therefore, enabling 802.1X with RADIUS is the most effective NAC control for the stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does IEEE 802.1X do in network security?
Open an interactive chat with Bash
What is the role of a RADIUS server in IEEE 802.1X authentication?
Open an interactive chat with Bash
Why is DHCP snooping insufficient for rogue device prevention?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .