300-375 Free Questions – Securing Wireless Enterprise Networks V11.02 – PassQuestion Free Questions To Test Online

1. Which Cisco feature must an engineer configure on a cisco WLC to enable PCI specification compliance for communication of neighbor radio information?

RF Grouping

MFP

Rogue Access Point Detection

RRM NDP

Off Channel Scanning

2. Which three configuration steps are necessary on the WLC when implementing central web authentication in conjunction with Cisco ISE. (Choose three.)

Set P2P Blocking Action to Drop.

Enable Security Layer 3 Web Policy.

Set NAC state to SNMP NAC.

Enable Allow AAA override.

Enable Security Layer 2 MAC Filtering.

Set NAC state to RADIUS NAC.

3. An engineer requires authentication for WPA2 that will use fast rekeying to enable clients to roam from one access point to another without going through the controller.
Which security option should be configured?

PSK

AES

Cisco Centralized key Management

802.1x

4. An engineer has determined that the source of an authentication issue is the client laptop.
Which three items must be verified for EAP-TLS authentication? (Choose three.)

The client certificate is formatted as X 509 version 3

The validate server certificate option is disabled.

The client certificate has a valid expiration date.

The user account is the same in the certificate.

The supplicant is configured correctly.

The subject key identifier is configured correctly.

5. Which two options are types of MFP that can be performed? (Choose two.)

message integrity check

infrastructure

client

AES-CCMP

RSN

6. Access points at branch sites for a company are in FlexConncct mode and perform local switching, but they authenticate to the central RADIUS at headquarters. VPN connections to the headquarters have gone down, but each branch site has a local authentication server.
Which three features on the wireless controller can be configured to maintain network operations if this situation reoccurs? (Choose three.)

Put APs in FlexConnect Group for Remote Branches.

Set Branch RADIUS as Primary.

Put APs in AP Group Per Branch.

Put APs in FlexConnect Group Per Branch.

Set Branch RADIUS OS Secondary.

Set HQ RADIUS a-s primary.

7. A customer has deployed PEAP authentication with a Novell eDirectory LDAP Server.
Which authentication method must be configured on the client to support this deployment?

PEAP(EAP-MSCHAPv2)

PEAP(EAP-TTLS)

PEAP(EAP-GTC)

PEAP(EAP-WPA)

8. Which security method does a Cisco guest wireless deployment that relies on Cisco ISE guest portal for user authentication use?

Layer 2 and Layer 3

Layer 2 only

No security methods are needed to deploy CWA

Layer 3 only

9. Which CLI command do you use on Cisco IOS XE Software to put the AP named Floor1_AP1 back in the default AP group?

ap Floor1_AP1 ap-groupname default-group

ap name Floor1_AP1 apgroup default-group

ap name Floor1_AP1 ap-groupname default-group

ap name Floor1_AP1 ap-groupname default

10. Which two events are possible outcomes of a successful RF jamming attack? (Choose two.)

unauthentication association

deauthentication multicast

deauthentication broadcast

disruption of WLAN services

physical damage to AP hardware

11. An engineer is configuring client MFP.
What WLAN Layer 2 security must be selected to use client MFP?

Static WEP

CKIP

WPA+WPA2

802 1x

12. An engineer is configuring a new mobility anchor for a WLAN on the CLI with the config wlan mobility anchor add 3 10.10.10.10 command, but the command is failing.
Which two conditions must be met to be able to enter this command? (Choose two.)

The anchor controller IP address must be within the management interface subnet.

The anchor controller must be in the same mobility group.

The WLAN must be enabled.

The mobility group keepalive must be configured.

The indicated WLAN ID must be present on the controller.

13. After receiving an alert regarding a rogue AP, a network engineer logs into Cisco Prime and looks at the floor map where the AP that detected the rogue is located. The map is synchronized with a mobility services engine that determines the rogue device is actually inside the campus. The engineer determines the rogue to be a security threat and decides to stop it from broadcasting inside the enterprise wireless network.
What is the fastest way to disable the rogue?

Go to the location the rogue device is indicated to be and disable the power.

Create an SSID on WLAN controller resembling the SSID of the rogue to spoof it and disable clients from connecting to it.

Classify the rogue as malicious in Cisco Prime.

Update the status of the rogue in Cisco Prime to contained.

14. A Customer is concerned about denial of service attacks that impair the stable operation of the corporate wireless network. The customer wants to purchase mobile devices that will operate on the corporate wireless network.
Which IEEE standard should the mobile devices support to address the customer concerns?

802.11w

802.11k

802.11r

802.11h

15. An engineer is configuring a BYOD deployment strategy and prefers a single SSID model.
Which technology is required to accomplish this configuration?

mobility service engine

wireless control system

identify service engine

Prime Infrastructure

16. WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network through an ACS server. For security reasons, the network engineer wants to ensure only PEAP authentication can be used. The engineer sent instructions to clients on how to configure their supplicants, but users are still in the ACS logs authentication using EAP-FAST.
Which option describes the most efficient way the engineer can ensure these users cannot access the network unless the correct authentication mechanism is configured?

Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices.

Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST.

Enable AAA override on the SSID and configure an access policy in ACS that allows access only when the EAP authentication method is PEAP.

Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN.

17. When you configure BYOD access to the network, you face increased security risks and challenges.
Which challenge is resolved by deploying digital client certificates?

managing the increase connected devices

ensuring wireless LAN performance and reliability

providing device choice and support

enforcing company usage policies

18. Which mobility mode must a Cisco 5508 wireless Controller be in to use the MA functionality on a cisco catalyst 3850 series switch with a cisco 550 Wireless Controller as an MC?

classic mobility

new mobility

converged access mobility

auto-anchor mobility

19. An engineer is changing the authentication method of a wireless network from EAP-FAST to EAP¬TLS.
Which two changes are necessary? (Choose two.)

Cisco Secure ACS is required.

A Cisco NAC server is required.

All authentication clients require their own certificates.

The authentication server now requires a certificate.

The users require the Cisco AnyConnect client.

20. Which two 802.11 methods can be configured to protect card holder data? (Choose two.)

CCMP

WEP

SSL

TKIP

VPN

300-375 Free Questions – Securing Wireless Enterprise Networks V11.02

300-375 Free Questions – Securing Wireless Enterprise Networks V11.02

Leave a Reply Cancel reply