MACsec, which is defined in 802.1AE, provides MAC-layer encryption over wired networks.
Which two statements about MACsec are true? (Choose two.)
MACsec (Media Access Control Security) is a security technology that provides confidentiality and integrity of data over Ethernet links. It is defined in the IEEE 802.1AE standard and is used to secure communication between network devices, including switches, routers, and endpoint devices.
The two statements that are true about MACsec are:
C. MACsec manages the encryption keys that the MKA protocol uses. MACsec uses the MKA (MACsec Key Agreement) protocol to establish keys for encrypting and decrypting MACsec frames. MKA provides a secure and automated way of distributing keys between MACsec-capable devices. The MKA protocol uses the EAPOL (Extensible Authentication Protocol over LAN) framework to exchange keying material and authenticate the devices.
D. A switch that uses MACsec accepts either MACsec or non-MACsec frames, depending on the policy that is associated with the client. MACsec-capable switches can accept both MACsec and non-MACsec frames. The switch can be configured to apply MACsec encryption to frames that are sent to a specific endpoint device or to all frames on a specific port. The switch can also be configured to allow non-MACsec frames to pass through to a specific endpoint device or to block all non-MACsec frames.
A. Only links between network access devices and endpoint devices can be secured by using MACsec is not a true statement. MACsec can be used to secure any Ethernet link between two MACsec-capable devices. This includes links between switches, routers, and endpoint devices. The security policy that is applied to the link depends on the configuration of the devices and the policy that is associated with the client.
B. MACsec is designed to support communications between network devices only is not a true statement. MACsec can be used to secure communication between any two MACsec-capable devices, including endpoint devices. The encryption and decryption of MACsec frames are done at the MAC layer, which makes it transparent to higher-layer protocols and applications.