Cisco 300-375 Free Practice Questions 2021

NEW QUESTION 1
Client Management Frame Protection is supported on which Cisco Compatible Extensions version clients?

• A. v2 and later
• B. v3 and later
• C. v4 and later
• D. v5 only

Answer: D

Explanation:  

NEW QUESTION 2
Which configuration step is necessary to enable Visitor Connect on an SSID?

• A. A preauthentication ACL must be defined.
• B. Local client profiling must be enabled.
• C. The SSID must use MAC filtering.
• D. A passive client must be enabled.

Answer: A

Explanation:
The Pre-Authentication Flex Connect ACL is required for filex mode deployments. For more information, see the Configuring FlexConnect ACLs. https://www.cisco.com/c/en/us/td/docs/wireless/mse/7-6/CMX_Dashboard/Guide/
 

NEW QUESTION 3
An engineer is configuring a BYOD deployment strategy and prefers a single SSID model. Which technology is required to accomplish this configuration?

• A. mobility service engine
• B. wireless control system
• C. identify service engine
• D. Prime Infrastructure

Answer: C

Explanation:  

NEW QUESTION 4
An engineer has configured central web authentication on the wireless network, but clients are receiving untrusted certificate errors on their internet browsers when directed to the guest splash page. Which file must be provided to an approved trusted certificate authority to fix this issue?

• A. EAP-TLS certificate generate by WLC
• B. CSR generated by identity Service Engine
• C. CSR generated by the WLC
• D. EAP-TLS certificate generated by the access point

Answer: B

Explanation:  

NEW QUESTION 5
When a wireless client uses WPA2 AES, which keys are created at the end of the four way handshake process between the client and the access point?

• A. AES key, TKIP key, WEP key
• B. AES key, WPA2 key, PMK
• C. KCK, KEK, TK
• D. KCK, KEK, MIC key

Answer: A

Explanation:  

NEW QUESTION 6
An engineer is configuring EAP-TLS with a client trusting server model and has configured a public root certification authority. Which action does this allow?

• A. specifies a second certification authority to trust
• B. utilizes two subcertification authority servers
• C. creates a PKI infrastructure
• D. validates the AAA server

Answer: D

Explanation:
To support EAP-TLS, the AAA server (for example, Cisco Secure ACS) must have a certificate. Either a public certification authority or a private certification authority can be used to issue the AAA server certificate. The AAA server will trust a client certificate that was issued from the same root
certification authority that issued its certificate.
https://www.cisco.com/en/US/tech/ CK7 22/ CK8 09/technologies_white_paper09186a008009256b.sht ml
 

NEW QUESTION 7
An engineer must provide a graphical trending report of the total number of wireless clients on the network. Winch report provides the required data?

• A. Client Summary
• B. Posture Status Count
• C. Client Traffic Stream Metrics
• D. Mobility Client Summary

Answer: D

Explanation:  

NEW QUESTION 8
Which client roam is considered the fastest in a wireless deployment using Cisco IOS XE mobility controllers and mobility agents?

• A. Roam within stack members
• B. Inter-SPG roam
• C. Interdomain roam
• D. Intermobility roam
• E. lntra-SPG roam

Answer: B

Explanation:
• Inter-SPG, Intra-subdomain roaming?The client roaming between mobility agents in different SPGs
within the same subdomain. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/system_m anagement/configuration_guide/b_sm_3se_3850_cg/b_sm_3se_3850_cg_chapter_0111.pdf
 

NEW QUESTION 9
A wireless engineer must implement a corporate wireless network for a large company with ID 338860948 in the most efficient way possible. The wireless network must support a total of 32 VLANS for 300 employees in different departments.
What is the best configuration option in this scenario?

• A. Configure a second WLC to support half of the APs in the deployment.
• B. Configure different AP groups to support different VLANs, so that all of the WLANs can be broadcast on both radios.
• C. Configure 16 WLANs to be broadcast on the 2.4-GHz band and 16 WLANs to be broadcast on the 5.0-GHz band.
• D. Configure one single SSID and implement Cisco ISE VLLAN assignment according to different user roles.

Answer: B

Explanation:  

NEW QUESTION 10
An engineer must enable EAP on a new WLAN and is ensuring that the necessary components are available. Which component uses EAP and 802.1x to pass user authentication to the authenticator?

• A. AP
• B. AAA server
• C. supplicant
• D. controller

Answer: D

Explanation:  

NEW QUESTION 11
A corporation has recently implemented a BYOD policy at their HQ. Which three risks should the security director be concerned about? (Choose three.)

• A. unauthorized users
• B. rogue ad-hocs
• C. software piracy
• D. lost and stolen devices
• E. malware
• F. keyloggers

Answer: ACE

Explanation:  

NEW QUESTION 12
Refer to the exhibit.

In this IBN topology, which device acts as the RADIUS server?

• A. directory server
• B. Cisco ISE
• C. Cisco UCS
• D. Cisco Catalyst 3850 Series Switch

Answer: D

Explanation:  

NEW QUESTION 13
A network engineer is implementing a wireless network and is considering deploying a single SSID for device onboarding. Winch option is a benefit of using dual SSIDs with a captive portal on the onboard SSID compared to a single SSID solution?

• A. limit of a single device per user
• B. restrict allowed devices types
• C. allow multiple devices per user
• D. minimize client configuration errors

Answer: B

Explanation:  

NEW QUESTION 14
An engineer is changing the authentication method of a wireless network from EAP-FAST to EAP-TLS. Which two changes are necessary? (Choose two.)

• A. Cisco Secure ACS is required.
• B. A Cisco NAC server is required.
• C. All authentication clients require their own certificates.
• D. The authentication server now requires a certificate.
• E. The users require the Cisco AnyConnect clien

Answer: CD

Explanation:  

NEW QUESTION 15
Which security method does a Cisco guest wireless deployment that relies on Cisco ISE guest portal for user authentication use?

• A. Layer 2 and Layer 3
• B. Layer 2 only
• C. No security methods are needed to deploy CWA
• D. Layer 3 only

Answer: B

Explanation:  

NEW QUESTION 16
An engineer has configured passive fallback mode for RADIUS with default timer settings. What will occur when the primary RADIUS fails then recovers?

• A. RADIUS requests will be sent to the secondary RADIUS server until the secondary fails to respond.
• B. The controller will immediately revert back after it receives a RADIUS probe from the primary server.
• C. After the inactive time expires the controller will send RADIUS to the primary.
• D. Once RADIUS probe messages determine the primary controller is active the controller will revert back to the primary RADIUS.

Answer: C

Explanation:  

NEW QUESTION 17
Regarding the guidelines for using MFP, under what circumstances will a client without Cisco compatible Extensions v5 be able to associate to a WLAN?

• A. The DHCP Required box is unchecked.
• B. AAA override is configured for the WLAN
• C. Client MFP is disabled or optional.
• D. WPA2 is enabled with TKIP or AE

Answer: D

Explanation:  

NEW QUESTION 18
Which two statements describe the requirements for EAP-TLS?

• A. It requires client-side and server-side certificates.
• B. It uses PAC on the client.
• C. It requires PKI.
• D. It requires a server side digital certificate on only the RADIUS server
• E. It must use AES for encryption and cannot use TKIP for encryptio

Answer: AB

Explanation: