Professional Documents
Culture Documents
Vendor: Cisco Exam Code: 300-375 Exam Name: Securing Wireless Enterprise Networks
Vendor: Cisco Exam Code: 300-375 Exam Name: Securing Wireless Enterprise Networks
Version: 19.041
Important Notice
Product
Our Product Manager keeps an eye for Exam updates by Vendors. Free update is available within
One year after your purchase.
You can login member center and download the latest product anytime. (Product downloaded
from member center is always the latest.)
PS: Ensure you can pass the exam, please check the latest product in 2-3 days before the exam
again.
Feedback
We devote to promote the product quality and the grade of service to ensure customers interest.
If you have any questions about our product, please provide Exam Number, Version, Page
Number, Question Number, and your Login Account to us, please contact us at
support@passleader.com and our technical experts will provide support in 24 hours.
Copyright
The product of each order has its own encryption code, so you should use it independently.
If anyone who share the file we will disable the free update and account access.
Any unauthorized changes will be inflicted legal punishment. We will reserve the right of final
explanation for this statement.
A. Client Summary
B. Posture Status Count
C. Client Traffic Stream Metrics
D. Mobility Client Summary
Answer: D
Explanation:
QUESTION 2
When a wireless client uses WPA2 AES, which keys are created at the end of the four way
handshake process between the client and the access point?
Answer: A
Explanation:
Technically Answer C would be right, but maybe cisco logic wants Answer A.
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 2
http://www.passleader.com
QUESTION 3
Scenario
TOPOLOGY
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 3
http://www.passleader.com
MONITOR
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 4
http://www.passleader.com
WLAMS
CONTROLLER
WIRELESS
SECURITY
Which configuration changes need to be made to allow WPA2 + PSK to operate property on the
East-WLC-2504A controller? (Choose four.)
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 5
http://www.passleader.com
B. Click on the Status Enabled radio button.
C. Change the Layer 3 Security to Web Policy.
D. Change the WPA + WPA2 Parameters to WPA2 Policy-AES.
E. Change the PSK Format to HEX.
F. Change the WLAN ID.
G. Change the VLAN Identifier.
H. Change the IP Address of the Virtual interface.
I. Change the SSID name of the WLAN.
J. Click on the PSK radio button and add the password in the text box.
Answer: BFIJ
QUESTION 4
Which CLI command do you use on Cisco IOS XE Software to put the AP named Floor1_AP1
back in the default AP group?
Answer: C
Explanation:
QUESTION 5
Refer to the exhibit. A WLAN with the SSID "Enterprise" is configured.
Which rogue is marked as malicious?
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 6
http://www.passleader.com
A. a rogue with two clients, broadcasting the SSID "Employee" heard at -50 dBm
B. a rogue with no clients, broadcasting the SSID "Enterprise" heard at -50 dBm
C. a rouge with two clients, broadcasting the SSID "Enterprise" heard at -80 dBm
D. a rogue with two clients, broadcasting the SSID "Enterprise" heard at -50 dBm
Answer: D
Explanation:
As minimum RSSI is -70, and anything heard greater than that is considered malicious. Since it is
a negative value dbm. Answer should be D.
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 7
http://www.passleader.com
QUESTION 6
Which three options are valid client profile probes m Cisco ISE? (Choose three.)
A. DHCP
B. 802.1X
C. CCX
D. NetFlow
E. TACACS
F. HTTP
Answer: ADF
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 8
http://www.passleader.com
QUESTION 7
An engineer is changing the authentication method of a wireless network from EAP-FAST to
EAP-TLS. Which two changes are necessary? (Choose two.)
Answer: CD
Explanation:
QUESTION 8
What is the maximum number of clients that a small branch deployment using a four- member
Cisco Catalyst 3850 stack (acting as MC/MA) can support?
A. 10000
B. 1000
C. 500
D. 2000
E. 5000
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 9
http://www.passleader.com
Answer: E
Explanation:
A four-member Catalyst 3850 stack can handle max 8000 clients 10000 is too high 5000 is too
low but is the best answer, so Answer E 5000.
QUESTION 9
Refer to the exhibit. A customer is having problems with clients associating to me wireless
network. Based on the configuration, which option describes the most likely cause of the issue?
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 10
http://www.passleader.com
D. PME is set to "required"
E. MAC Filtering must be enabled
Answer: D
Explanation:
Answer E is wrong, never found anything regarding PMF and MAC Filtering
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 11
http://www.passleader.com
QUESTION 10
Which of the following user roles can access CMX Visitor Connect?
A. Administrator
B. Power User
C. Guest User
D. Super Administrator
Answer: A
Explanation:
QUESTION 11
A Customer is concerned about denial of service attacks that impair the stable operation of the
corporate wireless network. The customer wants to purchase mobile devices that will operate on
the corporate wireless network. Which IEEE standard should the mobile devices support to
address the customer concerns?
A. 802.11w
B. 802.11k
C. 802.11r
D. 802.11h
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 12
http://www.passleader.com
Answer: A
Explanation:
QUESTION 12
Scenario
TOPOLOGY
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 13
http://www.passleader.com
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 14
http://www.passleader.com
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 15
http://www.passleader.com
Answer:
Step-by-Step:
Step 1 Create the WLAN
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 16
http://www.passleader.com
In WLANs > New
Profilename: Employees
Type WLAN
SSID: Employees
ID: 11
Klick Button Apply
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 17
http://www.passleader.com
Klick Button Apply
Lab finished
QUESTION 13
Which EAP type requires the use of device certificates?
A. EAP-TLS
B. EAP-FAST
C. EAP-SSL
D. PEAP
E. LEAP
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 18
http://www.passleader.com
Answer: A
Explanation:
QUESTION 14
An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which
option must be enabled to ensure that client devices can connect to the wireless, even when
WLC cannot communicate with the RADIUS?
A. local EAP
B. authentication caching
C. pre-authentication
D. Cisco Centralized Key Management
Answer: A
QUESTION 15
During the EAP process and specifically related to the logon session, which encrypted key is sent
from the RADIUS server to the access point?
A. WPA key
B. encryption key
C. session key
D. shared secret key
Answer: C
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 19
http://www.passleader.com
QUESTION 16
Which security method does a Cisco guest wireless deployment that relies on Cisco ISE guest
portal for user authentication use?
Answer: D
Explanation:
Answer D should be the right answer as MAB is configured on switch.
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 20
http://www.passleader.com
QUESTION 17
Which command is an SNMPv3-specific command that an engineer can use only in Cisco IOS
XE?
Answer: A
Explanation:
QUESTION 18
A customer wants to allow employees to easily onboard their devices to the wireless network.
Which process can be configured on Cisco ISE to support this requirement?
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 21
http://www.passleader.com
A. self registration guest portal
B. client provisioning
C. native supplicant provisioning
D. local web auth
Answer: B
Explanation:
QUESTION 19
Which two events are possible outcomes of a successful RF jamming attack? (Choose two.)
A. unauthentication association
B. deauthentication multicast
C. deauthentication broadcast
D. disruption of WLAN services
E. physical damage to AP hardware
Answer: DE
Explanation:
QUESTION 20
Which customizable security report on Cisco Prime Infrastructure would show rogue APs
detected since a point in time?
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 22
http://www.passleader.com
Answer: C
Explanation:
A is wrong - New Rogue Aps is not customizable
based on event time definition
B is wrong
based on last seen time definition
C is right
D is wrong - Rogue AP Count Summary is not customizable
QUESTION 21
After receiving an alert regarding a rogue AP, a network engineer logs into Cisco Prime and looks
at the floor map where the AP that detected the rogue is located. The map is synchronized with a
mobility services engine that determines the rogue device is actually inside the campus. The
engineer determines the rogue to be a security threat and decides to stop it from broadcasting
inside the enterprise wireless network. What is the fastest way to disable the rogue?
A. Go to the location the rogue device is indicated to be and disable the power.
B. Create an SSID on WLAN controller resembling the SSID of the rogue to spoof it and disable clients
from connecting to it.
C. Classify the rogue as malicious in Cisco Prime.
D. Update the status of the rogue in Cisco Prime to contained.
Answer: A
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 23
http://www.passleader.com
As MSE is used and location of Rogue is identified, the fastest way to disable the rogue is to
disable the power.
Option C is incorrect because if Rogue is identified as malicious then it just sends a "ALERT"
alarm in cisco prime, but the rogue is not disabled.
QUESTION 22
An engineer has determined that the source of an authentication issue is the client laptop.
Which three items must be verified for EAP-TLS authentication? (Choose three.)
Answer: ADF
Explanation:
QUESTION 23
Which three configuration steps are necessary on the WLC when implementing central web
authentication in conjunction with Cisco ISE. (Choose three.)
Answer: DEF
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 24
http://www.passleader.com
QUESTION 24
A customer has deployed PEAP authentication with a Novell eDirectory LDAP Server. Which
authentication method must be configured on the client to support this deployment?
A. PEAP(EAP-MSCHAPv2)
B. PEAP(EAP-TTLS)
C. PEAP(EAP-GTC)
D. PEAP(EAP-WPA)
Answer: C
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 25
http://www.passleader.com
QUESTION 25
An engineer is considering an MDM integration with Cisco ISE to assist with security for lost
devices. Which two functions of MDM increase security for lost devices that access data from the
network? (Choose two.)
A. PIN enforcement
B. Jailbreak/root detection
C. data wipe
D. data encryption
E. data loss prevention
Answer: AC
Explanation:
QUESTION 26
An engineer must change the wireless authentication from WPA2-Personal to WPA2- Enterprise.
Which three requirements are necessary? (Choose three.)
A. EAP
B. 802.1x
C. RADIUS
D. per-shared key
E. 802.11u
F. fast secure roaming
G. 802.11i
Answer: ACG
QUESTION 27
Which two considerations must a network engineer have when planning for voice over wireless
roaming? (Choose two.)
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 26
http://www.passleader.com
Answer: AB
Explanation:
QUESTION 28
Refer to the exhibit. What is the 1.1.1.1 IP address?
Answer: F
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 27
http://www.passleader.com
QUESTION 29
An engineer is deploying EAP-TLS as the authentication mechanism for an 802.1X- enabled
wireless network. Which network device is responsible for applying the digital signature to a
certificate to ensure that the certificate is trusted and valid?
A. supplicant
B. CA server
C. wireless controller
D. authentication server
Answer: B
Explanation:
QUESTION 30
An engineer is configuring a new mobility anchor for a WLAN on the CLI with the config wlan
mobility anchor add 3 10.10.10.10 command, but the command is failing. Which two conditions
must be met to be able to enter this command? (Choose two.)
A. The anchor controller IP address must be within the management interface subnet.
B. The anchor controller must be in the same mobility group.
C. The WLAN must be enabled.
D. The mobility group keepalive must be configured.
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 28
http://www.passleader.com
E. The indicated WLAN ID must be present on the controller.
Answer: BE
Explanation:
QUESTION 31
Which two options are types of MFP that can be performed? (Choose two.)
Answer: BC
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 29
http://www.passleader.com
QUESTION 32
Which three commands are part of the requirements on Cisco Catalyst 3850 series Switch with
Cisco IOX XE to create a RADIUS authentication server group? (Choose three.)
Answer: BCD
Explanation:
QUESTION 33
Which option describes the purpose of configuring switch peer groups?
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 30
http://www.passleader.com
A. enforces RF profiles
B. enables location services
C. restricts roaming traffic to certain switches
D. allows template based configuration changes
Answer: C
Explanation:
QUESTION 34
A customer is concerned that radar is impacting the access point that service the wireless
network in an office located near an airport. On which type of channel should you conduct
spectrum analysis to identify if radar is impacting the wireless network?
A. UNII-3 channels
B. UNII-1 channels
C. 802.11b channels
D. 2.4 GHz channels
E. UMII-2 channels
F. Channels 1, 5, 9, 13
Answer: E
Explanation:
QUESTION 35
A customer is concerned about DOS attacks from a neighboring facility. Which feature can be
enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN?
A. PMF
B. peer-to-peer blocking
C. Cisco Centralized Key Management
D. split tunnel
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 31
http://www.passleader.com
Answer: A
Explanation:
QUESTION 36
A network engineer is implementing a wireless network and is considering deploying a single
SSID for device onboarding. Winch option is a benefit of using dual SSIDs with a captive portal
on the onboard SSID compared to a single SSID solution?
Answer: B
Explanation:
QUESTION 37
Which mobility mode must a Cisco 5508 wireless Controller be in to use the MA functionality on a
cisco catalyst 3850 series switch with a cisco 550 Wireless Controller as an MC?
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 32
http://www.passleader.com
A. classic mobility
B. new mobility
C. converged access mobility
D. auto-anchor mobility
Answer: C
Explanation:
QUESTION 38
MFP is enabled globally on a WLAN with default settings on single controller wireless network.
Older client devices are disconnected from the network during a deauthentication attack. What is
the cause of this issue?
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 33
http://www.passleader.com
C. The MFP on the WLAN is set to optional
D. The NTP server is not configured on the controller.
Answer: C
Explanation:
QUESTION 39
An engineer is configuring client MFP. What WLAN Layer 2 security must be selected to use
client MFP?
A. Static WEP
B. CKIP
C. WPA+WPA2
D. 802 1x
Answer: C
Explanation:
QUESTION 40
Access points at branch sites for a company are in FlexConncct mode and perform local
switching, but they authenticate to the central RADIUS at headquarters. VPN connections to the
headquarters have gone down, but each branch site has a local authentication server. Which
three features on the wireless controller can be configured to maintain network operations if this
situation reoccurs? (Choose three.)
Answer: AEF
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 34
http://www.passleader.com
QUESTION 41
When you configure BYOD access to the network, you face increased security risks and
challenges. Which challenge is resolved by deploying digital client certificates?
Answer: D
Explanation:
QUESTION 42
Which option determines which RADIUS server is preferred the most by the Cisco WLC?
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 35
http://www.passleader.com
A. the Server Index (Priority) drop-down list
B. the server status
C. the server IP address
D. the port number
Answer: A
Explanation:
QUESTION 43
Which two 802.11 methods can be configured to protect card holder data? (Choose two.)
A. CCMP
B. WEP
C. SSL
D. TKIP
E. VPN
Answer: CE
Explanation:
SSL and VPN are technics to encrypt data traffic
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 36
http://www.passleader.com
QUESTION 44
An engineer requires authentication for WPA2 that will use fast rekeying to enable clients to roam
from one access point to another without going through the controller. Which security option
should be configured?
A. PSK
B. AES
C. Cisco Centralized key Management
D. 802.1x
Answer: C
Explanation:
QUESTION 45
A Cisco WLC has been added to the network and Cisco ISE as a network device, but
authentication is failing. Which configuration within the network device configuration should be
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 37
http://www.passleader.com
verified?
A. shared secret
B. device ID
C. SNMP RO community
D. device interface credentials
Answer: A
Explanation:
A shared secret is used in authentication process
B,C,D are not involved in device authentication process of WLC/ISE
QUESTION 46
How many mobility peers can a Cisco Catalyst 3850-MC node have?
A. 8
B. 2
C. 6
D. 16
E. 4
Answer: A
Explanation:
QUESTION 47
On which two ports does the RADIUS server maintain a database and listen for incoming
authentication and accounting requests? (Choose two.)
A. UDP 1900
B. UDP port 1812
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 38
http://www.passleader.com
C. TCP port 1812
D. TCP port 1813
E. UDP port 1813
Answer: BE
Explanation:
QUESTION 48
An engineer must enable EAP on a new WLAN and is ensuring that the necessary components
are available. Which component uses EAP and 802.1x to pass user authentication to the
authenticator?
A. AP
B. AAA server
C. supplicant
D. controller
Answer: D
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 39
http://www.passleader.com
QUESTION 49
A corporation has recently implemented a BYOD policy at their HQ. Which three risks should the
security director be concerned about? (Choose three.)
A. unauthorized users
B. rogue ad-hocs
C. software piracy
D. lost and stolen devices
E. malware
F. keyloggers
Answer: ADE
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 40
http://www.passleader.com
QUESTION 50
Which client roam is considered the fastest in a wireless deployment using Cisco IOS XE mobility
controllers and mobility agents?
Answer: E
Explanation:
QUESTION 51
WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network
through an ACS server. For security reasons, the network engineer wants to ensure only PEAP
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 41
http://www.passleader.com
authentication can be used. The engineer sent instructions to clients on how to configure their
supplicants, but users are still in the ACS logs authentication using EAP- FAST. Which option
describes the most efficient way the engineer can ensure these users cannot access the network
unless the correct authentication mechanism is configured?
A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS
accounts until they make sure they correctly configured their devices.
B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the
list of MACs that have used EAP-FAST.
C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only
when the EAP authentication method is PEAP.
D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that
authenticated using EAP-FAST into a quarantine VLAN.
Answer: C
QUESTION 52
An engineer is configuring a BYOD deployment strategy and prefers a single SSID model. Which
technology is required to accomplish this configuration?
Answer: C
Explanation:
QUESTION 53
Which Cisco feature must an engineer configure on a cisco WLC to enable PCI specification
compliance for communication of neighbor radio information?
A. RF Grouping
B. MFP
C. Rogue Access Point Detection
D. RRM NDP
E. Off Channel Scanning
Answer: D
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 42
http://www.passleader.com
QUESTION 54
The Cisco NAC Guest Server is configured as which kind of device on the wireless controller?
Answer: B
Explanation:
QUESTION 55
Which two statements about the sponsor accounts on the Cisco NAC Guest Server are true?
(Choose two.)
A. The sponsor login to the Cisco NAC Guest Server is at https://NGS-IP-Address/admin to create,
view, and edit guest accounts.
B. The Cisco NAC Guest Server can authenticate the sponsors using the local database or via
Microsoft Active Directory or LDAP or RADIUS servers.
C. Sponsoring user groups is the method by which to assign permissions to the sponsors.
D. Guest roles provide a way to give different levels of access to different sponsor accounts.
E. Sponsor accounts require admin privileges to generate reports.
Answer: BC
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 43
http://www.passleader.com
QUESTION 56
Which two statements are true about configuring a wired guest LAN feature? (Choose two.)
Answer: BD
Explanation:
QUESTION 57
When configuring guest WLAN access, which two statements are true? (Choose two.)
A. The SSID that is defined for the guest WLAN on the foreign controllers must be the same as that
defined on the anchor controller.
B. The foreign controllers must be defined with an ingress interface and an egress interface in the
guest WLAN.
C. The foreign and anchor controllers must be configured in a mobility group for the foreign
controllers to be able to initiate EoIP tunnels to one or more anchor controllers.
D. The mobility domain name of the anchor controller should be the same as what is configured for
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 44
http://www.passleader.com
the foreign controllers.
Answer: AC
Explanation:
QUESTION 58
Which statement correctly describes the relationship between the foreign and anchor controllers
when used for guest access?
A. The foreign controller will load balance in round-robin fashion starting with the highest IP address
anchor controller to the lowest IP address anchor controller.
B. The foreign controller will load balance in round-robin fashion starting with the lowest IP address
anchor controller to the highest IP address anchor controller.
C. The foreign controller will load balance in round-robin fashion starting with the highest MAC
address anchor controller to the lowest MAC address anchor controller.
D. The foreign controller will load balance in round-robin fashion starting with the lowest MAC
address anchor controller to the highest MAC address anchor controller.
Answer: B
Explanation:
QUESTION 59
Which two firewall protocol port(s) need open access for secure management access to an
anchor WLC for guest access? (Choose two.)
A. TCP 22
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 45
http://www.passleader.com
B. TCP 23
C. TCP 80
D. TCP 8080
E. TCP 443
F. UDP 123
Answer: AE
Explanation:
QUESTION 60
Which two EAP type(s) require a client certificate? (Choose two.)
A. LEAP
B. PEAP
C. EAP-FAST
D. EAP-TLS
E. EAP-MD5
Answer: CD
Explanation:
QUESTION 61
Which attribute on the Cisco WLC v7.0 does RADIUS IETF attribute "Tunnel-Private-Group ID"
assign?
A. ACL
B. DSCP
C. QoS
D. VLAN
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 46
http://www.passleader.com
Answer: D
Explanation:
QUESTION 62
Which three WLAN polices can be controlled by using the Cisco IBNS on the Cisco WLC and
Cisco Secure ACS? (Choose three.)
A. QoS setting
B. VLAN
C. EAP type
D. ACL
E. authentication priority order
F. NAC state
Answer: ABD
Explanation:
QUESTION 63
An engineer is securing the wireless network from vulnerabilities. Which four strategies are
recommended for mitigation? (Choose four.)
A. MFP
B. identity-based networking
C. rogue location
D. EAP-TLS
E. guest monitoring
F. RF profiles
G. rogue detection
H. password policies
Answer: ACEG
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 47
http://www.passleader.com
QUESTION 64
Refer to the exhibit. A client reports being unable to log into the wireless network, which uses
PEAPv2. Which two issues appear in the output? (Choose two.)
Answer: AD
QUESTION 65
When using the Standalone Profile Editor in the Cisco AnyConnect v3.0 to create a new NAM
profile, which two statements describe the profile becoming active? (Choose two.)
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 48
http://www.passleader.com
A. selects the new profile from NAM
B. selects "Network Repair" from NAM
C. becomes active after a save of the profile name
D. ensures use of "configuration.xml" as the profile name
E. ensures use of "config.xml" as the profile name
F. ensures use of "nam.xml" as the profile name
Answer: BD
Explanation:
QUESTION 66
Which feature should an engineer select to implement the use of VLAN tagging, QoS, and ACLs
to clients based on RADIUS attributes?
Answer: C
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 49
http://www.passleader.com
QUESTION 67
How should the Cisco Secure ACS v4.2 and the Cisco WLC v7.0 be configured to support
wireless client authentication?
A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco
Airespace)
B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF)
C. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco
Airespace)
D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco
IOS)
Answer: A
Explanation:
QUESTION 68
Clients are failing EAP authentication. A debug shows that an EAPOL start is sent and the clients
are then de-authenticated. Which two issues can cause this problem? (Choose two.)
Answer: CD
Explanation:
QUESTION 69
What are two of the benefits that the Cisco AnyConnect v3.0 provides to the administrator for
client WLAN security configuration? (Choose two.)
Answer: CD
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 50
http://www.passleader.com
QUESTION 70
When a supplicant and AAA server are configured to use PEAP, which mechanism is used by the
client to authenticate the AAA server in Phase One?
A. PMK
B. shared secret keys
C. digital certificate
D. PAC
Answer: C
QUESTION 71
Which EAP types are supported by MAC 10.7 for authentication to a Cisco Unified Wireless
Network?
Answer: D
QUESTION 72
Which two attacks represent a social engineering attack? (Choose two.)
Answer: BD
QUESTION 73
Client Management Frame Protection is supported on which Cisco Compatible Extensions
version clients?
A. v2 and later
B. v3 and later
C. v4 and later
D. v5 only
Answer: D
QUESTION 74
Which three items must be configured on a Cisco WLC v7.0 to allow implementation of isolated
bonding network? (Choose three.)
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 51
http://www.passleader.com
B. DHCP IP address
C. SNMP trap receiver IP address
D. interface name
E. SNMP community name
F. ACL name
Answer: ADF
QUESTION 75
802.1X AP supplicant credentials have been enabled and configured on a Cisco WLC v7.0 in
both the respective Wireless>AP>Global Configuration location and AP>Credentials tab
locations. What describes the 802.1X AP authentication process when connected via Ethernet to
a switch?
Answer: B
QUESTION 76
An engineer has configured passive fallback mode for RADIUS with default timer settings.
What will occur when the primary RADIUS fails then recovers?
A. RADIUS requests will be sent to the secondary RADIUS server until the secondary fails to
respond.
B. The controller will immediately revert back after it receives a RADIUS probe from the primary
server.
C. After the inactive time expires the controller will send RADIUS to the primary.
D. Once RADIUS probe messages determine the primary controller is active the controller will revert
back to the primary RADIUS.
Answer: C
QUESTION 77
What two actions must be taken by an engineer configuring wireless Identity-Based Networking
for a WLAN to enable VLAN tagging? (Choose two.)
Answer: AC
QUESTION 78
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 52
http://www.passleader.com
Which method does a Cisco switch use to authenticate a Cisco lightweight access point that is
acting as an 802.1X supplicant?
A. 802 M
B. EAP-FAST with anonymous PAC provisioning
C. a password only
D. a username and password
Answer: B
QUESTION 79
An engineer is implementing SNMP v3 on a wireless LAN controller and wants to use the
combination of authentication and privacy protocols with the highest security available.
Which protocols must be configured?
Answer: C
QUESTION 80
Which three properties are used for client profiling of wireless clients? (Choose three)
A. MAC OUI
B. IP address
C. HTTP user agent
D. DHCP
E. hostname
F. OS version
Answer: ACD
QUESTION 81
A company wants to switch to BYOD to reduce IT support costs for the company. Which option is
an impact of BYOD should be considered?
Answer: A
QUESTION 82
Refer the exhibit. In this IBN topology, device acts as the RADIUS server?
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 53
http://www.passleader.com
A. directory sewer
B. Cisco ISE
C. Cisco UCS
D. Cisco Catalyst 3850 Series Switch
Answer: B
QUESTION 83
Regarding the guidelines for using MFP, under what circumstances will a client without Cisco
Compatible Extensions v5 be able to associate to a WLAN?
Answer: D
Explanation:
QUESTION 84
An engineer is working on a remote site that is configured using FlexConnect. They are worried
that the access points will not send RADIUS request directly to the authentication sever in
standalone mode. Which command ensures direct authentication using the default ports as
defined on the WIC?
A. config flexconnect group Remote radius server acct add primary 10.10.10.10 1813 Ciseo123
B. config flexconnect group Remote radius server auth add primary 10,10.10.10 1813 Cisco123
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 54
http://www.passleader.com
C. config flexconnect group Remote radius server acct add primary 10.10.10.10 1812 Cisco123
D. config flexconnect group Remote radius server auth add primary 10.10.10.10 1812 Cisco123
Answer: D
Explanation:
UDP 1812 = auth
UDP 1813 = Acct
QUESTION 85
Which three authentication methods correctly describe digital certificate requirements when using
EAP-TLS authentication? (Choose three)
Answer: CEF
Explanation:
See other EAP-TLS certificate requirements explanation.
QUESTION 86
Which two requirements must be met to ensure that Cisco ISE can join the Active Directory
domain of the company. (Choose two.)
A. If a firewall exists between Cisco ISE and Active Directory domain server, these ports are allowed
through UDP 69, 123, and 389; and TCP 88, 389, 445, 464, 636, 3268, and 3269.
B. The hostname of Cisco ISE is less than 20 characters in length.
C. An account has been created in Active Directory for Cisco ISE that has the necessary
permissions.
D. The DNS name is configured on Cisco ISE and resolved on the Active Directory domain server
E. Time synchronization between Cisco ISE and Active Directory must be within 10 minutes.
Answer: CD
Explanation:
A is wrong see used ports table
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 55
http://www.passleader.com
It is important to limit Cisco ISE hostnames to 15 characters or less in length if you use Active
Directory on your network
E.is wrong, see following:
Use the Network Time Protocol (NTP) server settings to synchronize the time between the Cisco
server and Active Directory. You can configure NTP settings from Cisco CLI.
QUESTION 87
Refer to the exhibit. What do the red circles represent in the exhibit?
A. detected interferers
B. RSSI cutoff
C. wIPs attackers
D. zones of impact
Answer: D
Explanation:
The question was, what does the red circles represent and not the symbol
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 56
http://www.passleader.com
QUESTION 88
An engineer is configuring central web authentication using a Cisco 5508 wireless controller and
the Cisco Identity Service Engine.
Which two attributes must be configured on Cisco ISE to add the controller as a network device?
(Choose two.)
A. authentication protocol
B. RADIUS shared secret
C. a out-of-band SGA PAC
D. controller IP address
E. controller software version
Answer: BD
Explanation:
As per question it is "must be configured". and configuring software version is optional whereas
configuring IP address is mandatory.
QUESTION 89
Refer to the exhibit. You are configuring an autonomous AP for 802.1x access to a wired
infrastructure.
What does the command do?
Answer: A
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 57
http://www.passleader.com
https://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3/configuration/guide/cg15-3-
3/cg15-3 -3-chap11-authtypes.html
QUESTION 90
A company is deploying wireless PCs on forklifts within its new 10,000-square-foot (3048-square-
rneter) facility. The clients are configured for PEAP-MS-CHAPv2 with WPA TKIP. Users report
that applications frequently drop when the clients roam between access points on the floor. A
professional site survey was completed.
Which configuration change is recommended to improve the speed of client roaming?
A. EAP-FAST
B. EAP-TLS
C. WPA AES
D. WPA2 AES
Answer: D
Explanation:
Although the controller and APs support WLAN with SSID using WiFi Protected Access (WPA)
and WPA2 simultaneously, it is common that some wireless client drivers cannot handle complex
SSID settings. Whenever possible, Cisco recommends WPA2 only with Advanced Encryption
Standard (AES). However, due to standards and mandatory WiFi Alliance certification process,
TKIP support is required across future software versions. Keep the security policies simple for
any SSID. Use a separate WLAN/SSID with WPA and Temporal Key Integrity Protocol (TKIP),
and a separate one with WPA2 and Advanced Encryption Standard (AES). Since TKIP is being
deprecated, Cisco recommends to use TKIP together with WEP, or to migrate out of TKIP
completely and use PEAP, if possible.
QUESTION 91
An engineer is troubleshooting rogue access points that are showing up in Cisco Prime
Infrastructure. What is maximum number of APS the engineer can use to contain an identified
rogue access point in the WLC?
A. 3
B. 4
C. 6
D. 5
Answer: B
Explanation:
Enter the maximum number of Cisco APs to actively contain the rogue client [1-4].
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-
controllers/112045-handlin g-rogue-cuwn-00.html
QUESTION 92
When a network engineer plans to implement the client MFP, which three settings should be
supported by the client? (Choose three)
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 58
http://www.passleader.com
E. WPA with TKIP
F. Cisco Compatible Extensions v5
Answer: ACF
Explanation:
Client MFP is supported for use only with CCXv5 clients using WPA2 with TKIP or
https://learningnetwork.cisco.com/thread/6528
QUESTION 93
An engineer has configured central web authentication on the wireless network, but clients are
receiving untrusted certificate errors on their internet browsers when directed to the guest splash
page. Which file must be provided to an approved trusted certificate authority to fix this issue?
Answer: B
QUESTION 94
Which three methods are valid for guest wireless using web authentication? (Choose three.)
A. LDAP
B. SSL
C. local
D. TLS
E. EAP-TLS
F. RADIUS
Answer: FCA
Explanation:
There are three ways to authenticate users when you use web authentication. Local
authentication allows you to authenticate the user in the Cisco WLC. You can also use an
external RADIUS server or a LDAP server as a backend database in order to authenticate the
users. https://www.sslshopper.com/ssl-certificate-not-trusted-error.html
QUESTION 95
Which two statements describe the requirements for EAP-TLS? (Choose two)
Answer: AC
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 59
http://www.passleader.com
QUESTION 96
An engineer has configured the wireless controller to authenticate clients on the employee SSID
against Microsoft Active Directory using PEAP authentication.
Which protocol does the controller use to communicate with the authentication server?
A. EAP
B. 802.1X
C. RADIUS
D. WPA2
Answer: C
Explanation:
EAP is exchanged between supplicant and authenticator and RADIUS Is used between
authenticator and Auth server.
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 60
http://www.passleader.com
QUESTION 97
An engineer configures 802.1 X authentication for the access points using the config ap
802.1Xuser add username admin password secret AP_01 command.
Which EAP method does the access point use to authenticate?
A. EAP-TLS
B. MS-CHAPv2 PEAP
C. LEAP
D. EAP-FAST
Answer: D
Explanation:
Enables or disables Extensible Authentication Protocol-Flexible Authentication via Secure
Tunneling (EAP-FAST) authentication.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/cmd-
ref/b_cr80/config_commands_a_to_i.h tml
QUESTION 98
When implementing secure PCI wireless networks, which two are specific recommendations in
the PCI DSS? (Choose two)
Answer: ED
Explanation:
Wireless networks that are part of the CDE must comply with all PCI DSS requirements. This
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 61
http://www.passleader.com
includes using a firewall (requirement 1.2.3) and making sure that additional rogue wireless
devices have not been added to the CDE (requirement 11.1). In addition, PCI DSS compliance
for systems that include WLANs as a part of the CDE requires extra attention to WLAN specific
technologies and processes such as: A. Physical security of wireless devices, B. Changing
default passwords and settings on wireless devices, C. Logging of wireless access and intrusion
prevention, D. Strong wireless authentication and encryption, E. Use of strong cryptography and
security protocols, and F. Development and enforcement of wireless usage policies. This section
will cover each of these requirements sequentially.
https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guidelines.pdf
QUESTION 99
A customer wants the access points in the CEO's office to have different usernames and
passwords for administrative support than the other access points deployed throughout facility.
Which feature can be enabled on the WLC and access points to achieve this criteria?
Answer: A
Explanation:
Explanation:
Question specifically asks regarding different username/password on access points in one area
compared to other.
SO answer should be overriding global credentials by adding username password per AP in that
area.
Local management users is impacted globally, that username password will be applicable for all
the Access points.
QUESTION 100
WPA2 Enterprise with 802 1x is being used for clients to authenticate to a wireless network an
ISE server. For security reasons, the network engineer wants to ensure only PEAP authentication
can be used. The engineer sent Instructions to clients on how to configure their supplicants, but
users are still in the ISE logs authenticating EAP-FAST.
Which option describes the efficient can ensure these users cannot the network unless the
correct authentication mechanism is configured?
A. Enable AAA override on the SSID, gather the usernames of these users, and disable their
RADIUS accounts they make sure they correctly configured their devices
B. Enable AAA override on the SSID and configure an ACL on the WLC that will allow access to
users with ip address from a specific subnet
C. Enable AAA override on the SSID and configure an access policy in ISE that allows access when
the EAP authentication method is PEAP
D. Enable AAA override on the SSID and configure an access policy in ISE that denies access to the
list of MACs that have used EAP-FAST
Answer: C
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 62
http://www.passleader.com
QUESTION 101
A network engineer must segregate all iPads on the guest WLAN. How does the engineer
accomplish this task with without using ISE?
Answer: B
QUESTION 102
An engineer is trying to determine if an existing configuration deviates from the Cisco defaults
while enabling PMF on a WLAN.
Which set represents the default timer configuration for PMF?
A. security pmf association-comeback 1 security pmf mandatory security pmf saquery-retry-time 100
B. security pmf association-comeback 20 security pmf mandatory security pmf saquery-retry-time
600
C. security pmf association-comeback 15 security pmf mandatory security pmf saquery-retry-time
200
D. security pmf association-comeback 1 security pmf mandatory security pmf saquery-retry-time 200
Answer: D
Explanation:
http://wirelessccie.blogspot.kr/2016/01/80211w-aka-pmf.html
QUESTION 103
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 63
http://www.passleader.com
An engineer is designing a high availability wireless network. What mechanism should be the
focus for high availability?
A. SNR
B. channel reuse
C. RSSI
D. cell overlap
Answer: B
Explanation:
Describe basic RF deployment considerations related to site survey design of data or VoWLAN
applications, common RF interference sources such as devices, building material, AP location,
and basic RF site survey design related to channel reuse, signal strength, and cell overlap.
QUESTION 104
You are configuring a Cisco WLC version 8.0.
Which two options do you find on the Layer 3 Security tab? (Choose two)
A. 802.1x
B. Authentication
C. Passthrough
D. CKIP
E. WPA+WPA2
Answer: BC
Explanation:
From the Layer 3 Security drop-down list, choose one of the following:
None--Layer 3 security is disabled.
Web Authentication--Causes users to be prompted for a username and password when
connecting to the wireless network. This is the default value.
Web Passthrough--Allows users to access the network without entering a username and
password.
QUESTION 105
Refer to the exhibit. The security team has configured an IBN profile on ISE for the guest wireless
network to provide captive service.
Where must the network engineer configure the ACL and portal for the Cisco AireOS controller?
Answer: C
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 64
http://www.passleader.com
The flow would be the following:
-User associate to the Web Auth SSID
-User starts its browser
-The WLC Redirect to the guest portal (ISE/NGS)
-The user authenticate on the portal
-The Guest Portal redirect back to the WLC with the credentials entered -The WLC Authenticate
the guest user via Radius
-The WLC Redirects back to the original URL.
https://supportforums.cisco.com/t5/wireless-mobility-documents/central-web-authentication-cwa-
for-guest s-with-ise/ta-p/3121101
QUESTION 106
An engineer is confining EAP-TLS with a client trusting server model and has configured a public
root certification authority.
Which action does this allow?
Answer: D
Explanation:
This part will help you understand the concept of AAA server trust model. Specific configuration
information is given in Section 6 of this document.
To support EAP-TLS, the AAA server (for example, Cisco Secure ACS) must have a certificate.
Either a public certification authority or a private certification authority can be used to issue the
AAA server certificate. The AAA server will trust a client certificate that was issued from the same
root certification authority that issued its certificate.
https://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a008009256b.sht
ml
QUESTION 107
Which configuration step is necessary to enable Visitor Connect on an SSID?
Answer: A
Explanation:
The Pre-Authentication Flex Connect ACL is required for flex mode deployments. For more
information, see the Configuring FlexConnect ACLs.
https://www.cisco.com/c/en/us/td/docs/wireless/mse/7-6/CMX_Dashboard/Guide/
QUESTION 108
While deploying PEAP authentication on a customer laptop with the native Windows supplicant,
the PEAP security options do not appear.
Which option describes what must be done?
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 65
http://www.passleader.com
A. Enable automatic connection to the WLAN.
B. Enable DNS on WLAN.
C. Enable AES on WLAN settings
D. Enable WLAN autoconfig services on the PC
Answer: C
QUESTION 109
Which client roam is considered the fastest in a wireless deployment using Cisco IOS XE mobility
controllers and mobility agents?
A. Inter-SPG roam
B. Interdomain roam
C. Roam within stack members
D. Intermobility roam
Answer: A
Explanation:
Inter-SPG, Intra-subdomain roaming--The client roaming between mobility agents in different
SPGs within the same subdomain.
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/system_m
anagem ent/configuration_guide/b_sm_3se_3850_cg/b_sm_3se_3850_cg_chapter_0111.pdf
QUESTION 110
An engineer is configuring a BYOD provisioning WLAN.
Which two advanced WLAN settings are required? (Choose two)
A. DHCP profiling
B. DHCP address assignment
C. passive client
D. RADIUS NAC
E. AAA override
Answer: DE
Explanation:
Allow AAA Override: Enabled
NAC State: Radius NAC (selected)
https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113476-
wireless-b yod-ise-00.html
QUESTION 111
An engineer is configuring an autonomous AP for RADIUS authentication. What two pieces of
information must be known to configure the AP? (Choose two.)
A. shared secret
B. username and password
C. RADIUS IP address
D. group name
E. PAC encryption key
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 66
http://www.passleader.com
Answer: AC
Explanation:
You identify RADIUS security servers by their host name or IP address, host name and specific
UDP port numbers, or their IP address and specific UDP port numbers. The combination of the IP
address and the UDP port number creates a unique identifier allowing different ports to be
individually defined as RADIUS hosts providing a specific AAA service. This unique identifier
enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_rad/configuration/xe-3se/3850/sec-
usr-rad-xe -3se-3850-book/sec-rad-mult-udp-ports.html
QUESTION 112
A wireless engineer want to how many wlPS alerts have been detected in CISCO Prime. Which
tab does the engineer select in the windows dashboard?
A. Security
B. CleanAir
C. Context Aware
D. Mesh
Answer: A
Explanation:
Security Index, including the top security issues Security Adaptive WIPS
Rogue classification graph
Rogue containment graph
Attacks detected
Malicious, unclassified, friendly, and custom rogue APs CleanAir security
Adhoc rogues
https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/view-
dash.html
QUESTION 113
You are configuring the social login for a guest network. Which three options are configurable
social connectors in Cisco CMX Visitor Connect? (Choose three)
A. LinkedIn
B. Pinterest
C. Medium
D. Google+
E. Facebook
F. Myspace
Answer: ADE
Explanation:
In this section we create an example Facebook application that can be used as a social
authenticator with a splash page. While it is possible to use a Google+ app login and/or LinkedIn
app, they are not covered as part of this version of the CMX guide. To get started with a
Facebook App, log in to the Facebook developer portal at the following URL with your Facebook
ID:
QUESTION 114
An engineer is preparing to implement a BYOD SSID at remote offices using local switching and
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 67
http://www.passleader.com
wants to ensure that Wi-Fi Direct clients can communicate after the SSID is deployed. The
engineer is planning on implementing the config wlan wifldlrect allow 1 command.
Which Wi-Fi Direct Policy consideration is applicable?
Answer: D
Explanation:
QUESTION 115
An engineer is configuring a wireless network for local FlexConnect authentication.
What three configurations are required for the WLC with WLAN 1 and AP Cisco? (Choose three.)
Answer: DEF
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 68
http://www.passleader.com
QUESTION 116
Drag and Drop Question
Drag the EAP Authentication type on the left to the accurate description provided on the right.
Answer:
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 69
http://www.passleader.com
QUESTION 117
Drag and Drop Question
A wireless engineer wants to schedule monthly security reports in Cisco Prime infrastructure.
Drag and drop the report the from the left onto the expected results when the report is generated
on the right.
Answer:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 70
http://www.passleader.com
Explanation:
QUESTION 118
What snmpv3 commands are needed for configure snmp server?
A. snmp-server group
B. snmp group-ID server
C. snmp-server engineID
D. snmp group user
E. snmp-server community
F. snmp-server user
Answer: ACF
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 71
http://www.passleader.com
QUESTION 119
Testlet- Local Web Auth
Scenario
Local web auth is not working. What has to be changed for User Bill Smith can access
Contractors WLAN requirements shown in Topology.
Local web auth should work on WLAN Contractors only.(Choose 4)
Topology
On WLC
Controller>Interfaces>Vlans
WLANS>wlans
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 72
http://www.passleader.com
WLAN 2 and WLAN 10 Security Tab
Layer 2
WLAN 2
WLAN 10
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 73
http://www.passleader.com
WLAN 2/10 Layer 3 Security Tab
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 74
http://www.passleader.com
A. Delete User Bill Smith. Add new User Bill Smith with WLAN Profile Contractors
B. Delete WLAN 2 and WLAN 10. Create new WLAN 2 and WLAN 10, assign SSID WLAN 2 Contractors
and SSID WLAN 10 Employees
C. Delete WLAN 2 and WLAN 10. Create new WLAN 2 and WLAN 10, assign SSID WLAN 2 Employees
and SSID WLAN 10 Contractors
D. Set Layer 2 Security to None
E. Set Layer 3 Security to None and Web Policy
F. Put AP EAST-WING in EAST AP-Group
G. Create new User Bill Smith with WLAN Profile Employees
H. Set WLAN 10 to vlan interface Employees
Answer: ACDE
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 75
http://www.passleader.com
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 76
http://www.passleader.com
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 77
http://www.passleader.com
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 78
http://www.passleader.com
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 79
http://www.passleader.com
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 80
http://www.passleader.com
QUESTION 120
Scenario
Local Web Auth has been configured on the East-WLC-2504A, but it is not working. Determine
which actions must be taken to restore the Local Web Auth service. The Local Web Auth service
must operate only with the Contractors WLAN.
Contractors WLAN ID - 10
Employees WLAN ID - 2
Note, not all menu items, text boxes, or radio buttons are active.
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 81
http://www.passleader.com
Virtual Terminal
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 82
http://www.passleader.com
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 83
http://www.passleader.com
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 84
http://www.passleader.com
Which four changes must be made to configuration parameters to restore the Local Web Auth
feature on the East-WLC-2504A? Assume the passwords are correctly entered as "ciscotest".
(Choose four.)
A. Remove the existing Local Net User Bill Smith and add a New Local Net User "Bill Smith"
password "ciscotest', WLAN Profile "Contractors".
B. Remove WLAN 10 and WLAN 2, replace WLAN 10 with Profile Name Employees and SSID
Contractors;
replace WLAN 2 with Profile Name Employees and SSID Employees.
C. Remove WLAN 10 and WLAN 2, replace WLAN 10 with Profile Name Contractors and SSID
Contractors,
replace WLAN 2 with Profile Name Employees and SSID Employees.
D. Change the Layer 2 security to None on the Contractors WLAN.
E. Under Layer 3 Security, change the Layer 3 Security to Web Policy on the Contractors WLAN.
F. Under Security Local Net Users add a New Local Net User "Bill Smith" password "Cisco",
interface/ Interface Group "east-wing".
G. Change the Layer 2 Security to None + EAP Pass-through on the Contractors WLAN.
H. Under WLANs > Edit "Contractors "change the interface/Interface group to "east-wing".
Answer: ACDE
QUESTION 121
An engineer is implementing SNMP v3 on a Cisco 5700 Series WLC. Which three commands are
the minimum needed to configure SNMP v3? (Choose three.)
Answer: BCF
QUESTION 122
Refer to the exhibit. An engineer has configured a BYOD policy that allows for printing on the
WLAN utilizing Bonjour services. However, the engineer cannot get printing working. The WLC
firmware is 8.x. the printer is connected on the wired network where a few of the access points
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 85
http://www.passleader.com
are also connected. Which reason that printing is not working is true?
Answer: C
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 86
http://www.passleader.com
QUESTION 123
Which two fast roaming algorithms will allow a WLAN client to roam to a new AP and re-establish
a new session key without a full reauthentication of the WLAN client? (Choose two.)
A. PKC
B. GTK
C. PMK
D. PTK
E. CKM
Answer: AE
QUESTION 124
A new MSE with wIPS service has been installed and no alarm information appears to be
reaching the MSE from controllers.
What protocol must be allowed to reach the MSE from the controllers?
A. NMSP
B. SOAP/XML
C. SNMP
D. CAPWAP
Answer: A
Explanation:
QUESTION 125
Which condition introduce security risk to a BYOD policy?
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 87
http://www.passleader.com
Answer: B
QUESTION 126
An engineer ran the PCI report in Cisco Prime Infrastructure and received a warning on PCIDSS
Requirement 2.1.1 that the SNMP strings are set to default and must be changed. Which tab in
the Cisco WLC can the engineer use to navigate to these settings?
A. Management
B. Security
C. Controller
D. Wireless
Answer: A
QUESTION 127
Refer to the exhibit. A network engineer must configure a WLAN on a Cisco IOS-XE controller to
support corporate devices (using VLAN 30) and BYOD (using VLAN 40) on the same secure
SSID. The security team has built an ISE deployment to be used for VLAN assignment and to
restrict access based on policy and posture compliance.
Given the existing WLAN configuration, which configuration change must be made?
Answer: B
QUESTION 128
Which EAP method can an AP use to authenticate to the wired network?
A. EAP-GTC
B. EAP-MD5
C. EAP-TLS
D. EAP-FAST
Answer: D
Explanation:
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 88
http://www.passleader.com
Enables or disables Extensible Authentication Protocol-Flexible Authentication via Secure
Tunneling (EAP-FAST) authentication.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/cmd-
ref/b_cr80/config_commands_a_to_i.h tml
QUESTION 129
A wireless engineer must implement a corporate wireless network for a large company with ID
338860948 in the most efficient way possible. The wireless network must support a total of 32
VLANS for 300 employees in different departments.
What is the best configuration option in this scenario?
Answer: B
QUESTION 130
An engineer with ID 338860948 is implementing Cisco Identity-Based Networking on a Cisco
AireOS controller. The engineer has two ACLs on the controller. The first ACL, named
BASE_ACL, is applied to the corporate_clients interface on the WLC, which is used for all
corporate clients. The second ACL, named HR_ACL, is referenced by ISE in the Human
Resources group policy. Which option is the resulting ACL when a Human Resources user
connects?
A. HR_ACL only
B. HR_ACL appended with BASE_ACL
C. BASE_ACL appended with HR_ACL
D. BASE_ACL only
Answer: A
QUESTION 131
An engineer is adding APs to an existing VoWLAN to allow for location based services. Which
option will the primary change be to the network?
Answer: C
QUESTION 132
Refer to the exhibit. An engineer utilizing ISE as the wireless AAA service noticed that the
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 89
http://www.passleader.com
accounting process on the server at 10.10.2.3 has failed, but authentication process is still
functional. Which ISE nodes receive WLC RADIUS traffic, using the CLI output and assuming the
WLAN uses the servers in their indexed order?
Answer: B
QUESTION 133
Refer to the exhibit. You are configuring a controller that runs Cisco IOS XE by using the CLI.
Which three configuration options are used for 802.11w Protected Management Frames?
(Choose three.)
A. mandatory
B. association-comeback
C. SA teardown protection
D. saquery-retry-time
E. enable
F. comeback-time
Answer: ABD
Get Latest & Actual 300-375 Exam's Question and Answers from Passleader. 90
http://www.passleader.com