Securing Wireless Enterprise Networks v8.0 (300-375)

Page:    1 / 5   
Total 70 questions

An engineer is configuring a BYOD deployment strategy and prefers a single SSID model.
Which technology is required to accomplish this configuration?

  • A. mobility service engine
  • B. wireless control system
  • C. identify service engine
  • D. Prime Infrastructure

Answer : C

After receiving an alert regarding a rogue AP, a network engineer logs into Cisco Prime and looks at the floor map where the AP that detected the rogue is located. The map is synchronized with a mobility services engine that determines the rogue device is actually inside the campus. The engineer determines the rogue to be a security threat and decides to stop it from broadcasting inside the enterprise wireless network. What is the fastest way to disable the rogue?

  • A. Go to the location the rogue device is indicated to be and disable the power.
  • B. Create an SSID on WLAN controller resembling the SSID of the rogue to spoof it and disable clients from connecting to it.
  • C. Classify the rogue as malicious in Cisco Prime.
  • D. Update the status of the rogue in Cisco Prime to contained.

Answer : C

An engineer must enable EAP on a new WLAN and is ensuring that the necessary components are available. Which component uses EAP and 802.1x to pass user authentication to the authenticator?

  • A. AP
  • B. AAA server
  • C. supplicant
  • D. controller

Answer : D

An engineer is deploying EAP-TLS as the authentication mechanism for an 802.1X- enabled wireless network. Which network device is responsible for applying the digital signature to a certificate to ensure that the certificate is trusted and valid?

  • A. supplicant
  • B. CA server
  • C. wireless controller
  • D. authentication server

Answer : B

802.1X AP supplicant credentials have been enabled and configured on a Cisco WLC v7.0 in both the respective Wireless>AP>Global Configuration location and AP>Credentials tab locations. What describes the 802.1X AP authentication process when connected via
Ethernet to a switch?

  • A. Only WLC AP global credentials are used.
  • B. Only AP credentials are used.
  • C. WLC global AP credentials are used first; upon failure, the AP credentials are used.
  • D. AP credentials are used first; upon failure, the WLC global credentials are used.

Answer : B

When a wireless client uses WPA2 AES, which keys are created at the end of the four way handshake process between the client and the access point?

  • A. AES key, TKIP key, WEP key
  • B. AES key, WPA2 key, PMK
  • C. KCK, KEK, TK
  • D. KCK, KEK, MIC key

Answer : A

A customer is concerned about DOS attacks from a neighboring facility. Which feature can be enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN?

  • A. PMF
  • B. peer-to-peer blocking
  • C. Cisco Centralized Key Management
  • D. split tunnel

Answer : A

Refer to the exhibit.

A client reports being unable to log into the wireless network, which uses PEAPv2. Which two issues appear in the output? (Choose two.)

  • A. There is a problem with the client supplicant.
  • B. The AP has the incorrect RADIUS server address.
  • C. The AP has lost IP connectivity to the authentication server.
  • D. The EAP client timeout value should be increased.
  • E. The authentication server is misconfigured on the controller.
  • F. The authentication server is misconfigured in the WLAN.

Answer : A,D

A Customer is concerned about denial of service attacks that impair the stable operation of the corporate wireless network. The customer wants to purchase mobile devices that will operate on the corporate wireless network. Which IEEE standard should the mobile devices support to address the customer concerns?

  • A. 802.11w
  • B. 802.11k
  • C. 802.11r
  • D. 802.11h

Answer : A

Which three configuration steps are necessary on the WLC when implementing central web authentication in conjunction with Cisco ISE. (Choose three.)

  • A. Set P2P Blocking Action to Drop.
  • B. Enable Security Layer 3 Web Policy.
  • C. Set NAC state to SNMP NAC.
  • D. Enable Allow AAA override.
  • E. Enable Security Layer 2 MAC Filtering.
  • F. Set NAC state to RADIUS NAC.

Answer : D,E,F

An engineer must change the wireless authentication from WPA2-Personal to WPA2-
Enterprise. Which three requirements are necessary? (Choose three.)

  • A. EAP
  • B. 802.1x
  • D. per-shared key
  • E. 802.11u
  • F. fast secure roaming
  • G. 802.11i

Answer : A,C,G

Which option describes the purpose of configuring switch peer groups?

  • A. enforces RF profiles
  • B. enables location services
  • C. restricts roaming traffic to certain switches
  • D. allows template based configuration changes

Answer : C

An engineer has configured passive fallback mode for RADIUS with default timer settings.
What will occur when the primary RADIUS fails then recovers?

  • A. RADIUS requests will be sent to the secondary RADIUS server until the secondary fails to respond.
  • B. The controller will immediately revert back after it receives a RADIUS probe from the primary server.
  • C. After the inactive time expires the controller will send RADIUS to the primary.
  • D. Once RADIUS probe messages determine the primary controller is active the controller will revert back to the primary RADIUS.

Answer : C

An engineer is considering an MDM integration with Cisco ISE to assist with security for lost devices. Which two functions of MDM increase security for lost devices that access data from the network? (Choose two.)

  • A. PIN enforcement
  • B. Jailbreak/root detection
  • C. data wipe
  • D. data encryption
  • E. data loss prevention

Answer : A,C

During the EAP process and specifically related to the logon session, which encrypted key is sent from the RADIUS server to the access point?

  • A. WPA key
  • B. encryption key
  • C. session key
  • D. shared secret key

Answer : C

Page:    1 / 5   
Total 70 questions