Implementing Advanced Cisco Unified Wireless Security v2.0 v9.0 (642-737)

Page:    1 / 14   
Total 214 questions

When do NAC out-of-band deployments require user traffic to traverse through the Cisco
NAC Server?

  • A. posture assessment only
  • B. 802.1X and EAP authentication and remediation
  • C. posture assessment and remediation
  • D. 802.1X and EAP authentication, posture assessment, and remediation


Answer : C

How should the Cisco Secure ACS v4.2 and the Cisco WLC v7.0 be configured to support wireless client authentication?

  • A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace)
  • B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF)
  • C. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace)
  • D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS)


Answer : A

Which protocol port needs open access for the Cisco WLC v7.0 using an external AAA server for checking administrative privileges for menu access?

  • A. UDP 1812
  • B. UDP 1813
  • C. UDP 1645
  • D. UDP 1646
  • E. TCP 49
  • F. TCP 443


Answer : E

When configuring the WLC for single sign-on for the NAC, which device is used for the
RADIUS accounting IP address?

  • A. Cisco NAC Appliance Manager
  • B. Cisco NAC Appliance Server
  • C. Cisco NAC Guest Server
  • D. Cisco ACS
  • E. Cisco WCS


Answer : A




Answer :

Which statement correctly describes a wireless client connection to the Cisco WLC v7.0 that is configured for web guest access?

  • A. The client associates to the anchor controller and authenticates to the anchor controller.
  • B. The client associates to the anchor controller and authenticates to the foreign controller.
  • C. The client associates to the foreign controller and authenticates to the anchor controller.
  • D. The client associates to the foreign controller and authenticates to the foreign controller.


Answer : C

Which two attacks represent a social engineering attack? (Choose two.)

  • A. using AirMagnet Wi-Fi Analyzer to search for hidden SSIDs
  • B. calling the IT helpdesk and asking for network information
  • C. spoofing the MAC address of an employee device
  • D. entering a business and posing as IT support staff


Answer : B,D

A new MSE with wIPS service has been installed and no alarm information appears to be reaching the MSE from controllers. What protocol must be allowed to reach the MSE from the controllers?

  • A. CAPWAP
  • B. NMSP
  • C. SNMP
  • D. SOAP/XML


Answer : B

When deploying wireless Cisco NAC OOB operations, which device signals the WLC to switch a user from a quarantine VLAN to an access VLAN?

  • A. Cisco NAC Appliance Manager
  • B. Cisco NAC Appliance Server
  • C. Cisco NAC Guest Server
  • D. Cisco ACS
  • E. Cisco WCS


Answer : A

A network engineer is troubleshooting connectivity issues within the Cisco WCS. Which message level setting is recommended to collect the most detailed logs?

  • A. error
  • B. trace
  • C. debug
  • D. all
  • E. informational
  • F. diag


Answer : B

A company has installed 27 Cisco CAS devices across their network and administration has become difficult. What Cisco NAC component could ease administration?

  • A. CAM
  • B. NAA
  • C. NAC Web Agent
  • D. Super CAM


Answer : D

An engineer is troubleshooting failing authentication on a controller using an external
RADIUS server. What family of commands is used to troubleshoot the issue?

  • A. debug ldap
  • B. debug aaa
  • C. debug aaa local-auth
  • D. debug dot1x


Answer : B

Refer to the exhibit.


Why is the client failing to authenticate with the AAA server?

  • A. excessive number of authentication attempts for username
  • B. incorrect read/write credentials for username
  • C. incorrect IP address being sent by client
  • D. incorrect authentication for username


Answer : D

An engineer configures Locally Switched FlexConnect APs to perform 802.1x user authentication to a local Cisco ACS providing RADIUS authentication. Each AP is configured with the ACS's IP address, the port number on which the radius service is running, and the shared secret; however, valid users are failing to authenticate. What action will ensure that users can successfully authenticate with the local ACS/RADIUS?

  • A. configure the APs for central switching
  • B. configure the APs in ACS Authentication
  • C. enable FlexConnect standalone mode
  • D. configure hybrid reap groups on the WLC


Answer : B

Refer to the exhibit.


A client reports being unable to log into the wireless network. According to the output, which network information should be verified?

  • A. the Failed Attempts log on the authentication server
  • B. that the client certificate is installed and configured correctly
  • C. that the AP has IP connectivity to the authentication server
  • D. that the authentication service is running and functional
  • E. that the authentication and accounting configuration are correct
  • F. that the user has an account on the authentication server


Answer : A

Page:    1 / 14   
Total 214 questions