Cisco 300-375

Securing Wireless Enterprise Networks

(Page 1 out of 4)
Showing 15 of 53 Questions
Exam Version: 7.0
Question No : 1 -

Refer to the exhibit.

A WLAN with the SSID "Enterprise" is configured. Which rogue is marked as malicious?

  • A. a rogue with two clients, broadcasting the SSID "Employee" heard at -50 dBm
  • B. a rogue with no clients, broadcasting the SSID "Enterprise" heard at -50 dBm
  • C. a rouge with two clients, broadcasting the SSID "Enterprise" heard at -80 dBm
  • D. a rogue with two clients, broadcasting the SSID "Enterprise" heard at -50 dBm

Answer : C

Question No : 2 -

An engineer is considering an MDM integration with Cisco ISE to assist with security for
lost devices. Which two functions of MDM increase security for lost devices that access
data from the network? (Choose two.)

  • A. PIN enforcement
  • B. Jailbreak/root detection
  • C. data wipe
  • D. data encryption
  • E. data loss prevention

Answer : A,C

Question No : 3 -

An engineer must enable EAP on a new WLAN and is ensuring that the necessary
components are available. Which component uses EAP and 802.1x to pass user
authentication to the authenticator?

  • A. AP
  • B. AAA server
  • C. supplicant
  • D. controller

Answer : D

Question No : 4 -

On which two ports does the RADIUS server maintain a database and listen for incoming
authentication and accounting requests? (Choose two.)

  • A. UDP 1900
  • B. UDP port 1812
  • C. TCP port 1812
  • D. TCP port 1813
  • E. UDP port 1813

Answer : B,E

Question No : 5 -

Which EAP type requires the use of device certificates?

  • A. EAP-TLS
  • C. EAP-SSL
  • D. PEAP
  • E. LEAP

Answer : A

Question No : 6 -

MFP is enabled globally on a WLAN with default settings on single controller wireless
network. Older client devices are disconnected from the network during a deauthentication
attack. What is the cause of this issue?

  • A. The client devices do not support WPA.
  • B. The client devices do not support CCXv5.
  • C. The MFP on the WLAN is set to optional
  • D. The NTP server is not configured on the controller.

Answer : C

Question No : 7 -

Answer : Please refer the link below in Explanation to configure this simulation. // config-wpa2-psk-00.html

Question No : 8 -

Refer to the exhibit.

A customer is having problems with clients associating to me wireless network. Based on
the configuration, which option describes the most likely cause of the issue?

  • A. Both AES and TKIP must be enabled
  • B. SA Query Timeout is set too low
  • C. Comeback timer is set too low
  • D. PME is set to "required"
  • E. MAC Filtering must be enabled

Answer : E

Question No : 9 -

Which two options are types of MFP that can be performed? (Choose two.)

  • A. message integrity check
  • B. infrastructure
  • C. client
  • E. RSN

Answer : B,C

Question No : 10 -

Which security method does a Cisco guest wireless deployment that relies on Cisco ISE
guest portal for user authentication use?

  • A. Layer 2 and Layer 3
  • B. Layer 2 only
  • C. No security methods are needed to deploy CWA
  • D. Layer 3 only

Answer : B

Question No : 11 -

Which two considerations must a network engineer have when planning for voice over
wireless roaming? (Choose two.)

  • A. Roaming with only 802.1x authentication requires full reauthentication.
  • B. Full reauthentication introduces gaps in a voice conversation.
  • C. Roaming occurs when e phone has seen at least four APs.
  • D. Roaming occurs when the phone has reached -80 dBs or below.

Answer : A,B

Question No : 12 -

During the EAP process and specifically related to the logon session, which encrypted key
is sent from the RADIUS server to the access point?

  • A. WPA key
  • B. encryption key
  • C. session key
  • D. shared secret key

Answer : C

Question No : 13 -

A customer is concerned about DOS attacks from a neighboring facility. Which feature can
be enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN?

  • A. PMF
  • B. peer-to-peer blocking
  • C. Cisco Centralized Key Management
  • D. split tunnel

Answer : A

Question No : 14 -

A customer is concerned that radar is impacting the access point that service the wireless
network in an office located near an airport. On which type of channel should you conduct
spectrum analysis to identify if radar is impacting the wireless network?

  • A. UNII-3 channels
  • B. UNII-1 channels
  • C. 802.11b channels
  • D. 2.4 GHz channels
  • E. UMII-2 channels
  • F. Channels 1, 5, 9, 13

Answer : E

Question No : 15 -

WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network
through an ACS server. For security reasons, the network engineer wants to ensure only
PEAP authentication can be used. The engineer sent instructions to clients on how to
configure their supplicants, but users are still in the ACS logs authentication using EAP-
FAST. Which option describes the most efficient way the engineer can ensure these users
cannot access the network unless the correct authentication mechanism is configured?

  • A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices.
  • B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST.
  • C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only when the EAP authentication method is PEAP.
  • D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN.

Answer : D

(Page 1 out of 4)
Showing of 53 Questions
Exam Version: 7.0