Cisco 300-375 Dumps
Exam: Securing Cisco Wireless Enterprise Networks
|300-375 Premium VCE File|
|300-375.vce - Exam-Labs Verified - Instant Download
Get Latest & Verified 300-375 Exam Questions with 30-Days Free Updates
99 Questions & Answers
Free 300-375 Exam Questions in VCE Format
Cisco 300-375 Exam Tutorial
Question No : 1
Refer to the exhibit.
A WLAN with the SSID "Enterprise" is configured. Which rogue is marked as malicious?
A. a rogue with two clients, broadcasting the SSID "Employee" heard at -50 dBm
B. a rogue with no clients, broadcasting the SSID "Enterprise" heard at -50 dBm
C. a rouge with two clients, broadcasting the SSID "Enterprise" heard at -80 dBm
D. a rogue with two clients, broadcasting the SSID "Enterprise" heard at -50 dBm
Question No : 2
An engineer is considering an MDM integration with Cisco ISE to assist with security for
lost devices. Which two functions of MDM increase security for lost devices that access
data from the network? (Choose two.)
A. PIN enforcement
B. Jailbreak/root detection
C. data wipe
D. data encryption
E. data loss prevention
Question No : 3
An engineer must enable EAP on a new WLAN and is ensuring that the necessary
components are available. Which component uses EAP and 802.1x to pass user
authentication to the authenticator?
B. AAA server
Question No : 4
On which two ports does the RADIUS server maintain a database and listen for incoming
authentication and accounting requests? (Choose two.)
A. UDP 1900
B. UDP port 1812
C. TCP port 1812
D. TCP port 1813
E. UDP port 1813
Question No : 5
Which EAP type requires the use of device certificates?
Question No : 6
MFP is enabled globally on a WLAN with default settings on single controller wireless
network. Older client devices are disconnected from the network during a deauthentication
attack. What is the cause of this issue?
A. The client devices do not support WPA.
B. The client devices do not support CCXv5.
C. The MFP on the WLAN is set to optional
D. The NTP server is not configured on the controller.
Question No : 7
Question No : 8
Refer to the exhibit.
A customer is having problems with clients associating to me wireless network. Based on
the configuration, which option describes the most likely cause of the issue?
A. Both AES and TKIP must be enabled
B. SA Query Timeout is set too low
C. Comeback timer is set too low
D. PME is set to "required"
E. MAC Filtering must be enabled
Question No : 9
Which two options are types of MFP that can be performed? (Choose two.)
A. message integrity check
Question No : 10
Which security method does a Cisco guest wireless deployment that relies on Cisco ISE
guest portal for user authentication use?
A. Layer 2 and Layer 3
B. Layer 2 only
C. No security methods are needed to deploy CWA
D. Layer 3 only
Question No : 11
Which two considerations must a network engineer have when planning for voice over
wireless roaming? (Choose two.)
A. Roaming with only 802.1x authentication requires full reauthentication.
B. Full reauthentication introduces gaps in a voice conversation.
C. Roaming occurs when e phone has seen at least four APs.
D. Roaming occurs when the phone has reached -80 dBs or below.
Question No : 12
During the EAP process and specifically related to the logon session, which encrypted key
is sent from the RADIUS server to the access point?
A. WPA key
B. encryption key
C. session key
D. shared secret key
Question No : 13
A customer is concerned about DOS attacks from a neighboring facility. Which feature can
be enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN?
B. peer-to-peer blocking
C. Cisco Centralized Key Management
D. split tunnel
Question No : 14
A customer is concerned that radar is impacting the access point that service the wireless
network in an office located near an airport. On which type of channel should you conduct
spectrum analysis to identify if radar is impacting the wireless network?
A. UNII-3 channels
B. UNII-1 channels
C. 802.11b channels
D. 2.4 GHz channels
E. UMII-2 channels
F. Channels 1, 5, 9, 13
Question No : 15
WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network
through an ACS server. For security reasons, the network engineer wants to ensure only
PEAP authentication can be used. The engineer sent instructions to clients on how to
configure their supplicants, but users are still in the ACS logs authentication using EAP-
FAST. Which option describes the most efficient way the engineer can ensure these users
cannot access the network unless the correct authentication mechanism is configured?
A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices.
B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST.
C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only when the EAP authentication method is PEAP.
D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN.
Question No : 16
An engineer has determined that the source of an authentication issue is the client laptop.
Which three items must be verified for EAP-TLS authentication? (Choose three.)
A. The client certificate is formatted as X 509 version 3
B. The validate server certificate option is disabled.
C. The client certificate has a valid expiration date.
D. The user account is the same in the certificate.
E. The supplicant is configured correctly.
F. The subject key identifier is configured correctly.
Question No : 17
A customer wants to allow employees to easily onboard their devices to the wireless
network. Which process can be configured on Cisco ISE to support this requirement?
A. self registration guest portal
B. client provisioning
C. native supplicant provisioning
D. local web auth
Question No : 18
An engineer configures the wireless LAN controller to perform 802.1x user authentication.
Which option must be enabled to ensure that client devices can connect to the wireless,
even when WLC cannot communicate with the RADIUS?
A. local EAP
B. authentication caching
D. Cisco Centralized Key Management
Question No : 19
Which option determines which RADIUS server is preferred the most by the Cisco WLC?
A. the Server Index (Priority) drop-down list
B. the server status
C. the server IP address
D. the port number
Question No : 20
An engineer is configuring client MFP. What WLAN Layer 2 security must be selected to
use client MFP?
A. Static WEP
D. 802 1x
300-375 Training Products
300-375 Premium File
- 99 Questions & Answers
- Instant Download