Cisco 300-375 Braindumps 2021

NEW QUESTION 1
An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which option must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS?

• A. local EAP
• B. authentication caching
• C. pre-authentication
• D. Cisco Centralized Key Management

Answer: A

Explanation:  

NEW QUESTION 2
Refer to the exhibit.

You are configuring a controller that runs Cisco IOS XE by using the CLI. Which three configuration options are used for 802.11w Protected Management Frames? (Choose three.)

• A. mandatory
• B. association-comeback
• C. SA teardown protection
• D. saquery-retry-time
• E. enable
• F. comeback-time

Answer: ABD

NEW QUESTION 3
An engineer ran the PCI report in Cisco Prime Infrastructure and received a warning on PCIDSS
Requirement 2.1.1 that the SNMP strings are set to default and must be changed. Which tab in the Cisco WLC can the engineer use to navigate to these settings?

• A. Management
• B. Security
• C. Controller
• D. Wireless

Answer: A

Explanation:  

NEW QUESTION 4
A customer wants to allow employees to easily onboard their devices to the wireless network. Which process can be configured on Cisco ISE to support this requirement?

• A. self registration guest portal
• B. client provisioning
• C. native supplicant provisioning
• D. local web auth

Answer: B

Explanation:  

NEW QUESTION 5
When a supplicant and AAA server are configured to use PEAP, which mechanism is used by the client to authenticate the AAA server in Phase One?

• A. PMK
• B. shared secret keys
• C. digital certificate
• D. PAC

Answer: C

Explanation:  

NEW QUESTION 6
Refer to the exhibit.

A WLAN with the SSID "Enterprise" is configured. Which rogue is marked as malicious?

• A. a rogue with two clients, broadcasting the SSID "Employee" heard at -50 dBm
• B. a rogue with no clients, broadcasting the SSID "Enterprise" heard at -50 dBm
• C. a rouge with two clients, broadcasting the SSID "Enterprise" heard at -80 dBm
• D. a rogue with two clients, broadcasting the SSID "Enterprise" heard at -50 dBm

Answer: C

Explanation:  

NEW QUESTION 7
DRAG DROP
A wireless engineer wants to schedule monthly security reports in Cisco Prime infrastructure. Drag and drop the report title from the left onto the expected results when the report is generated on the right.

Answer:

Explanation:
 

NEW QUESTION 8
Refer to the exhibit.

An engineer utilizing ISE as the wireless AAA service noticed that the accounting process on the server at 10.10.2.3 has failed, but authentication process is still functional.
Which ISE nodes receive WLC RADIUS traffic, using the CLI output and assuming the WLAN uses the servers in their indexed order?

• A. authentication to 10.10.2.4, accounting to 10.10.2.3.
• B. authentication to 10.10.2.3, accounting to 10.10.2.3.
• C. authentication to 10.10.2.4, accounting to 10.10.2.4.
• D. authentication to 10.10.2.3, accounting to 10.10.2.4.

Answer: B

Explanation:  

NEW QUESTION 9
Refer to the exhibit. You are configuring an autonomous AP for 802.1x access to a wired infrastructure. What does the command do?

• A. It enables the AP to override the authentication timeout on the RADIUS server.
• B. It configures how long the AP must wait for a client to reply to an EAP/dot1x message before the authentication fails.
• C. It enables the supplicant to override the authentication timeout on the client
• D. It configures how long the RADIUS server must wait for supplicant to reply to an EAP/dot1x message before the authentication fails.

Answer: C

Explanation:  

NEW QUESTION 10
Which option determines which RADIUS server is preferred the most by the Cisco WLC?

• A. the Server Index (Priority) drop-down list
• B. the server status
• C. the server IP address
• D. the port number

Answer: A

Explanation:  

NEW QUESTION 11
A customer is concerned about DOS attacks from a neighboring facility. Which feature can be enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN?

• A. PMF
• B. peer-to-peer blocking
• C. Cisco Centralized Key Management
• D. split tunnel

Answer: A

Explanation:  

NEW QUESTION 12
An engineer is securing the wireless network from vulnerabilities. Which four strategies are recommended for mitigation? (Choose four.)

• A. MFP
• B. identity-based networking
• C. rogue location
• D. EAP-TLS
• E. guest monitoring
• F. RF profiles
• G. rogue detection
• H. password policies

Answer: ACEG

Explanation:  

NEW QUESTION 13
An engineer is configuring an autonomous AP for RADIUS authentication. What two pieces of information must be known to configure the AP? (Choose two.)

• A. shared secret
• B. username and password
• C. RADIUS IP address
• D. group name
• E. PAC encryption key

Answer: AC

Explanation:
You identify RADIUS security servers by their host name or IP address, host name and specific UDP port numbers, or their IP address and specific UDP port numbers. The combination of the IP address and the UDP port number creates a unique identifier allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. This unique identifier enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_rad/configuration/xe-3se/3850/secusr- rad-xe-3se-3850-book/sec-rad-mult-udp-ports.html
 

NEW QUESTION 14
WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network through an ISE server. For security reasons, the network engineer wants to ensure only PEAP authentication can be used. The engineer sent instructions to clients on how to configure their supplicants, but
users are still in the ISE logs authentication using EAP-FAST. Which option describes the most efficient way the engineer can ensure these users cannot access the network unless the correct
authentication mechanism is configured?

• A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices.
• B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST.
• C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only when the EAP authentication method is PEAP.
• D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN.

Answer: C

Explanation:  

NEW QUESTION 15
An engineer is implementing SNMP v3 on a wireless LAN controller and wants to use the combination of authentication and privacy protocols with the highest security available. Which protocols must be configured?

• A. CFB-AES-128 with HMAC-MD5
• B. CBC-DES with HMAC SHA
• C. CFB-AES-128 with HMAC-SHA
• D. CBC-DES with HMAC-MD5

Answer: C

Explanation:  

NEW QUESTION 16
Which three commands are part of the requirements on Cisco Catalyst 3850 series Switch with Cisco IOX XE to create a RADIUS authentication server group? (Choose three.)

• A. authentication dot1x default local
• B. aaa session-idcommon
• C. dot1x system-auth-control
• D. aaa new-model
• E. local-auth wcm_eap_prof
• F. security dot1x

Answer: BCD

Explanation:  

NEW QUESTION 17
What is the maximum number of clients that a small branch deployment using a four-member Cisco Catalyst 3850 stack (acting as MC/MA) can support?

• A. 10000
• B. 1000
• C. 500
• D. 2000
• E. 5000

Answer: E

Explanation:  

NEW QUESTION 18
Which of the following user roles can access CMX Visitor Connect?

• A. Administrator
• B. Power User
• C. Guest User
• D. Super Administrator

Answer: A

Explanation: