Tested 300-375 Dumps Questions 2021

NEW QUESTION 1
MFP is enabled globally on a WLAN with default settings on single controller wireless network. Older client devices are disconnected from the network during a deauthentication attack. What is the
cause of this issue?

• A. The client devices do not support WPA.
• B. The client devices do not support CCXv5.
• C. The MFP on the WLAN is set to optional
• D. The NTP server is not configured on the controlle

Answer: C

Explanation:  

NEW QUESTION 2
WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network through
an ACS server. For security reasons, the network engineer wants to ensure only PEAP authentication can be used. The engineer sent instructions to clients on how to configure their supplicants, but users are still in the ACS logs authentication using EAP-FAST. Which option describes the most efficient way the engineer can ensure these users cannot access the network unless the correct authentication mechanism is configured?

• A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices.
• B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST.
• C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only when the EAP authentication method is PEAP.
• D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN.

Answer: D

Explanation:  

NEW QUESTION 3
An engineer has configured the wireless controller to authenticate clients on the employee SSID against Microsoft Active Directory using PEAP authentication. Which protocol does the controller use to communicate with the authentication server?

• A. EAP
• B. 802.1x
• C. RADIUS
• D. WPA2

Answer: A

Explanation:
Define the Layer 2 Authentication as WPA2 so that the clients perform EAP-based authentication (PEAP-MS-CHAP v2 in this example) and use the advanced encryption standard (AES) as the encryption mechanism. Leave all other values at their defaults. https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115988-nps-wlc-config-000.html
 

NEW QUESTION 4
After receiving an alert regarding a rogue AP, a network engineer logs into Cisco Prime and looks at the floor map where the AP that detected the rogue is located. The map is synchronized with a mobility services engine that determines the rogue device is actually inside the campus. The engineer determines the rogue to be a security threat and decides to stop it from broadcasting inside the enterprise wireless network. What is the fastest way to disable the rogue?

• A. Go to the location the rogue device is indicated to be and disable the power.
• B. Create an SSID on WLAN controller resembling the SSID of the rogue to spoof it and disable clients from connecting to it.
• C. Classify the rogue as malicious in Cisco Prime.
• D. Update the status of the rogue in Cisco Prime to containe

Answer: C

Explanation:  

NEW QUESTION 5
Which command is an SNMPv3-specific command that an engineer can use only in Cisco IOS XE?

• A. snmp-server user remoteuser1 group1 remote 10.12.0.4
• B. snmp-server host 172.16.1.33 public
• C. snmp-server community comaccess ro 4
• D. snmp-server enable traps wireless

Answer: A

Explanation:  

NEW QUESTION 6
During the EAP process and specifically related to the logon session, which encrypted key is sent from the RADIUS server to the access point?

• A. WPA key
• B. encryption key
• C. session key
• D. shared secret key

Answer: C

Explanation:  

NEW QUESTION 7
You are configuring a Cisco WLC version 8.0. Which two options do you find on the Layer 3 Security tab? (Choose two.)

• A. 802.1x
• B. Authentication
• C. Passthrough
• D. CKIP
• E. WPA+WPA2

Answer: BC

Explanation:
From the Layer 3 Security drop-down list, choose one of the following: None?Layer 3 security is disabled.
Web Authentication?Causes users to be prompted for a username and password when connecting to the wireless network. This is the default value.
Web Passthrough?Allows users to access the network without entering a username and password. https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-3/configguide/b_cg83/b_cg83_chapter_0100111.html
 

NEW QUESTION 8
An engineer is trying to determine if an existing configuration deviates from the Cisco defaults while enabling PMF on a WLAN. Which set represents the default timer configuration for PMF?

• A. security pmf association-comeback 1 security pmf mandatory security pmf saquery-retry-time 100
• B. security pmf association-comeback 20 security pmf mandatory security pmf saquery-retry-time 600
• C. security pmf association-comeback 15 security pmf mandatory security pmf saquery-retry-time 200
• D. security pmf association-comeback 1 security pmf mandatory security pmf saquery-retry-time 200

Answer: D

Explanation:  

NEW QUESTION 9
Which Cisco feature must an engineer configure on a cisco WLC to enable PCI specification compliance for communication of neighbor radio information?

• A. RF Grouping
• B. MFP
• C. Rogue Access Point Detection
• D. RRM NDP
• E. Off Channel Scanning

Answer: D

Explanation:  

NEW QUESTION 10
Refer to the exhibit.

A client reports being unable to log into the wireless network, which uses PEAPv2. Which two issues appear in the output? (Choose two.)

• A. There is a problem with the client supplicant.
• B. The AP has the incorrect RADIUS server address.
• C. The AP has lost IP connectivity to the authentication server.
• D. The EAP client timeout value should be increased.
• E. The authentication server is misconfigured on the controller.
• F. The authentication server is misconfigured in the WLA

Answer: AD

Explanation:  

NEW QUESTION 11
Which EAP type requires the use of device certificates?

• A. EAP-TLS
• B. EAP-FAST
• C. EAP-SSL
• D. PEAP
• E. LEAP

Answer: A

Explanation:  

NEW QUESTION 12
Refer to the exhibit.

What is the 1.1.1.1 IP address?

• A. the wireless client IP address
• B. the RADIUS server IP address
• C. the controller management IP address
• D. the lightweight IP address
• E. the controller AP-manager IP address
• F. the controller virtual interface IP address

Answer: F

Explanation:  

NEW QUESTION 13
How should the Cisco Secure ACS v4.2 and the Cisco WLC v7.0 be configured to support wireless client authentication?

• A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace)
• B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF)
• C. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace)
• D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS)

Answer: A

Explanation:  

NEW QUESTION 14
When a network engineer plans to implement the client MFP, which three settings should be supported by the client? (Choose three)

• A. WPA2 with AES
• B. Short Preamble check box
• C. WPA2 with TKIP
• D. WEP
• E. WPA with TKIP
• F. Cisco Compatible Extensions v5

Answer: ACF

Explanation:  

NEW QUESTION 15
An engineer is configuring a wireless network for local FlexConnect authentication. What three configurations are required for the WLC with WLAN 1 and AP Cisco? (Choose three.)

• A. config ap filexconnect vlan enable Cisco
• B. config wlan filexconnect vlan-central-switching 1 enable
• C. config ap filexconnect vlan wlan 1 Cisco
• D. config wlan filexconnect local-switching 1 enable
• E. config wlan filexconnect ap-auth 1 enable
• F. config ap mode filexconnect Cisco

Answer: ACD

Explanation:  

NEW QUESTION 16
A customer wants the access points in the CEO’s office to have different usernames and passwords for administrative support than the other access points deployed throughout the facility. Which feature can be enabled on the WLC and access points to achieve this criteria?

• A. Override global credentials
• B. HTTPS access
• C. 802.1x supplicant credentials
• D. local management users

Answer: D

Explanation:
You can configure administrator usernames and passwords to prevent unauthorized users from reconfiguring the switch and viewing configuration information. This section provides instructions for initial configuration and for password recovery.
You can also set administrator usernames and passwords to manage and configure one or more access points that are associated with the switch. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/16-1/configuration_guide/b_161_consolidated_3650_cg/b_161_consolidated_3650_cg_chapter_01010 111.pdf
 

NEW QUESTION 17
Which method does a Cisco switch use to authenticate a Cisco lightweight access point that is acting as a 802.1x supplicant?

• A. 802.1X
• B. EAP-FAST with anonymous PAC provisioning
• C. a password only
• D. a username and password

Answer: B

Explanation:  

NEW QUESTION 18
An engineer is troubleshooting rogue access points that are showing up in Cisco Prime Infrastructure. What is the maximum number of Aps the engineer can use to contain an identified rogue access point in the WLC?

• A. 3
• B. 4
• C. 6
• D. 5

Answer: B

Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010 111001.html