Cisco 300-375 Dumps

Exam: Securing Cisco Wireless Enterprise Networks

300-375 Premium VCE File
300-375.vce - Exam-Labs Verified - Instant Download
Get Latest & Verified 300-375 Exam Questions with 30-Days Free Updates
99 Questions & Answers

Free 300-375 Exam Questions in VCE Format
File Votes Size Last comment
1 2.44 MB  
Play Cisco 300-375 VCE files with Avanset VCE Simulator

Cisco 300-375 Exam Tutorial

Showing 1-20 of 53 Questions   (Page 1 out of 3)

Question No : 1

Refer to the exhibit.
Cisco 300-375 question 1
A WLAN with the SSID "Enterprise" is configured. Which rogue is marked as malicious?

A. a rogue with two clients, broadcasting the SSID "Employee" heard at -50 dBm
B. a rogue with no clients, broadcasting the SSID "Enterprise" heard at -50 dBm
C. a rouge with two clients, broadcasting the SSID "Enterprise" heard at -80 dBm
D. a rogue with two clients, broadcasting the SSID "Enterprise" heard at -50 dBm

Question No : 2

An engineer is considering an MDM integration with Cisco ISE to assist with security for
lost devices. Which two functions of MDM increase security for lost devices that access
data from the network? (Choose two.)

A. PIN enforcement
B. Jailbreak/root detection
C. data wipe
D. data encryption
E. data loss prevention

Question No : 3

An engineer must enable EAP on a new WLAN and is ensuring that the necessary
components are available. Which component uses EAP and 802.1x to pass user
authentication to the authenticator?

B. AAA server
C. supplicant
D. controller

Question No : 4

On which two ports does the RADIUS server maintain a database and listen for incoming
authentication and accounting requests? (Choose two.)

A. UDP 1900
B. UDP port 1812
C. TCP port 1812
D. TCP port 1813
E. UDP port 1813

Question No : 5

Which EAP type requires the use of device certificates?


Question No : 6

MFP is enabled globally on a WLAN with default settings on single controller wireless
network. Older client devices are disconnected from the network during a deauthentication
attack. What is the cause of this issue?

A. The client devices do not support WPA.
B. The client devices do not support CCXv5.
C. The MFP on the WLAN is set to optional
D. The NTP server is not configured on the controller.

Question No : 7

Cisco 300-375 question 7
Cisco 300-375 question 7
Cisco 300-375 question 7
Cisco 300-375 question 7
Cisco 300-375 question 7
Cisco 300-375 question 7
Cisco 300-375 question 7
Cisco 300-375 question 7
Cisco 300-375 question 7
Cisco 300-375 question 7
Cisco 300-375 question 7
Cisco 300-375 question 7

Question No : 8

Refer to the exhibit.
Cisco 300-375 question 8
A customer is having problems with clients associating to me wireless network. Based on
the configuration, which option describes the most likely cause of the issue?

A. Both AES and TKIP must be enabled
B. SA Query Timeout is set too low
C. Comeback timer is set too low
D. PME is set to "required"
E. MAC Filtering must be enabled

Question No : 9

Which two options are types of MFP that can be performed? (Choose two.)

A. message integrity check
B. infrastructure
C. client

Question No : 10

Which security method does a Cisco guest wireless deployment that relies on Cisco ISE
guest portal for user authentication use?

A. Layer 2 and Layer 3
B. Layer 2 only
C. No security methods are needed to deploy CWA
D. Layer 3 only

Question No : 11

Which two considerations must a network engineer have when planning for voice over
wireless roaming? (Choose two.)

A. Roaming with only 802.1x authentication requires full reauthentication.
B. Full reauthentication introduces gaps in a voice conversation.
C. Roaming occurs when e phone has seen at least four APs.
D. Roaming occurs when the phone has reached -80 dBs or below.

Question No : 12

During the EAP process and specifically related to the logon session, which encrypted key
is sent from the RADIUS server to the access point?

A. WPA key
B. encryption key
C. session key
D. shared secret key

Question No : 13

A customer is concerned about DOS attacks from a neighboring facility. Which feature can
be enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN?

B. peer-to-peer blocking
C. Cisco Centralized Key Management
D. split tunnel

Question No : 14

A customer is concerned that radar is impacting the access point that service the wireless
network in an office located near an airport. On which type of channel should you conduct
spectrum analysis to identify if radar is impacting the wireless network?

A. UNII-3 channels
B. UNII-1 channels
C. 802.11b channels
D. 2.4 GHz channels
E. UMII-2 channels
F. Channels 1, 5, 9, 13

Question No : 15

WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network
through an ACS server. For security reasons, the network engineer wants to ensure only
PEAP authentication can be used. The engineer sent instructions to clients on how to
configure their supplicants, but users are still in the ACS logs authentication using EAP-
FAST. Which option describes the most efficient way the engineer can ensure these users
cannot access the network unless the correct authentication mechanism is configured?

A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices.
B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST.
C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only when the EAP authentication method is PEAP.
D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN.

Question No : 16

An engineer has determined that the source of an authentication issue is the client laptop.
Which three items must be verified for EAP-TLS authentication? (Choose three.)

A. The client certificate is formatted as X 509 version 3
B. The validate server certificate option is disabled.
C. The client certificate has a valid expiration date.
D. The user account is the same in the certificate.
E. The supplicant is configured correctly.
F. The subject key identifier is configured correctly.

Question No : 17

A customer wants to allow employees to easily onboard their devices to the wireless
network. Which process can be configured on Cisco ISE to support this requirement?

A. self registration guest portal
B. client provisioning
C. native supplicant provisioning
D. local web auth

Question No : 18

An engineer configures the wireless LAN controller to perform 802.1x user authentication.
Which option must be enabled to ensure that client devices can connect to the wireless,
even when WLC cannot communicate with the RADIUS?

A. local EAP
B. authentication caching
C. pre-authentication
D. Cisco Centralized Key Management

Question No : 19

Which option determines which RADIUS server is preferred the most by the Cisco WLC?

A. the Server Index (Priority) drop-down list
B. the server status
C. the server IP address
D. the port number

Question No : 20

An engineer is configuring client MFP. What WLAN Layer 2 security must be selected to
use client MFP?

A. Static WEP
D. 802 1x

Showing 1-20 of 53 Questions   (Page 1 out of 3)

300-375 Training Products

300-375 Premium File

  • 99 Questions & Answers
  • Instant Download
  • $39.99

Site Search:



Exam-Labs PREMIUM Files

Get 30% Discount on all PREMIUM files!

Enter Your Email Address to Receive Your 30% Discount Code

A Confirmation Link will be sent to this email address to verify your login

We value your privacy.
We will not rent or sell your email address

Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.