Cisco Actualtests Exam Questions & Answers

Transcription

1 Cisco Actualtests Exam Questions & Answers Number: Passing Score: 800 Time Limit: 120 min File Version: Sections Cisco Exam Questions & Answers Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0 For Full Set of Questions please visit:

2 Actualtests QUESTION 1 Which statement describes the major difference between PEAP and EAP-FAST client authentication? A. EAP-FAST requires a backend AAA server, and PEAP does not. B. EAP-FAST is a Cisco-only proprietary protocol, whereas PEAP is an industry-standard protocol. C. PEAP requires a server-side certificate, while EAP-FAST does not require certificates. D. PEAP authentication protocol requires a client certificate, and EAP-FAST requires a secure password. Correct Answer: C Section: 1 /Reference: : QUESTION 2 Which one best describes the EAP Identity Request frame when a wireless client is connecting to a Cisco WLC v7.0-based AP WLAN? A. sourced from the Cisco ACS Server to the client B. sourced from the client to the Cisco ACS Server C. sourced from the WLC to the client D. sourced from the client to the WLC E. sourced from the AP to the client F. sourced from the client to the AP Correct Answer: C Section: 1 /Reference: : QUESTION 3 What are the four packet types that are used by EAP? (Choose four.) A. EAP Type B. EAP Request C. EAP Identity D. EAP Response E. EAP Success F. EAP Failure G. EAP Authentication Correct Answer: BDEF Section: 1 /Reference: : QUESTION 4 When a supplicant and AAA server are configured to use PEAP, which mechanism is used by the client to

3 authenticate the AAA server in Phase One? A. PMK B. shared secret keys C. digital certificate D. PAC Correct Answer: C Section: 1 /Reference: : QUESTION 5 What are two of the benefits that the Cisco AnyConnect v3.0 provides to the administrator for client WLAN security configuration? (Choose two.) A. Provides a reporting mechanism for rouge APs B. Prevents a user from adding any WLANs C. Hides the complexity of 802.1X and EAP configuration D. Supports centralized or distributed client architectures E. Provides concurrent wired and wireless connectivity F. Allows users to modify but not delete admin-created profiles Correct Answer: CD Section: 1 /Reference: : QUESTION 6 When using the Standalone Profile Editor in the Cisco AnyConnect v3.0 to create a new NAM profile, which two statements describe the profile becoming active? (Choose two.) A. selects the new profile from NAM B. selects "Network Repair" from NAM C. becomes active after a save of the profile name D. ensures use of "configuration.xml" as the profile name E. ensures use of "config.xml" as the profile name F. ensures use of "nam.xml" as the profile name Correct Answer: BD Section: 1

4 /Reference: : QUESTION 7 Which two parameters can directly affect client roaming decisions? (Choose two.) A. SNR B. RSSI C. MFP status D. RF fingerprinting E. RRM Correct Answer: AB Section: 1 /Reference: : "Pass Any Exam. Any Time." Cisco Exam QUESTION 8 Which three parameters can be communicated between a Cisco WLC v7.0 and Cisco Compatible Extensions v4-enabled client to improve a secure roaming connection? (Choose three.) A. minimum SNR B. transition time C. scan threshold D. hysteresis E. PER F. MIC errors Correct Answer: BCD Section: 1 /Reference: : QUESTION 9 Which three Cisco WLC v7.0 CLI family of commands would be appropriate to troubleshoot a wireless client failure for connection to an AP? (Choose three.) A. debug capwap B. debug mac addr C. debug ccxdiag D. debug dhcp E. debug ap F. debug dtls G. debug aaa Correct Answer: BDG Section: 1

5 /Reference: : QUESTION 10 Employees are allowed to start bringing their own wireless devices to work for use on the a/b/g/n WLAN when using their existing credentials. However, they are experiencing issues. Which two items are the most probable cause of these issues? (Choose two.) A. incorrect IP address B. supplicant or driver C. incorrect user name D. wrong wireless band E. application issues Correct Answer: BE Section: 1 /Reference: : QUESTION 11 Employees adjust their wireless laptop for work at the office and when away from the office. What are the two most likely security issues for an employee laptop when connected at the corporate WLAN? (Choose two.) A. loading a freeware customer contact application B. configuring a static IP address C. updating the driver D. adding a coffee shop wireless HotSpot Correct Answer: AC Section: 1 /Reference: : QUESTION 12 Which two options are supported when deploying wireless NAC out-of-band implementations? (Choose two.) A. Cisco NAS in virtual gateway mode B. WLANs with allow AAA override enabled C. Cisco NAC Guest Server integration with the Cisco NAM D. dynamic VLAN mappings on the Cisco NAS, which is based on the returned RADIUS attributes from the Cisco Secure ACS E. autonomous APs Correct Answer: AC Section: 1 /Reference: : QUESTION 13 Wireless NAC single sign-on uses which type of RADIUS records to notify the Cisco NAC Appliance Manager

6 about the authenticated wireless clients? A. accounting records B. authentication records C. authentication and accounting records D. preauthentication records Correct Answer: A Section: 1 /Reference: "Pass Any Exam. Any Time." Cisco Exam : QUESTION 14 Refer to the exhibit. Viewing the Controller > Interfaces configuration screen, which statement about the nac-vlan interface configuration is true? A. Wireless client traffic that is outbound on VLAN 176 will be switched to the trusted interface on the Cisco

7 NAC Appliance Server. B. Wireless client traffic that is outbound on VLAN 175 will be switched to the trusted interface on the Cisco NAC Appliance Server. C is the IP address of the trusted interface on the Cisco NAC Appliance Server. D is the IP address of the untrusted interface on the Cisco NAC Appliance Server. E. VLAN 175 is the access VLAN. F. VLAN 176 traffic from the client will bypass the Cisco NAC Appliance Server. Correct Answer: E Section: 1 /Reference: : QUESTION 15 When configuring the WLC for single sign-on for the NAC, which device is used for the RADIUS accounting IP address? A. Cisco NAC Appliance Manager B. Cisco NAC Appliance Server C. Cisco NAC Guest Server D. Cisco ACS E. Cisco WCS Correct Answer: A Section: 1 /Reference: : QUESTION X AP supplicant credentials have been enabled and configured on a Cisco WLC v7.0 in both the respective Wireless>AP>Global Configuration location and AP>Credentials tab locations. What describes the 802.1X AP authentication process when connected via Ethernet to a switch? A. Only WLC AP global credentials are used. B. Only AP credentials are used. C. WLC global AP credentials are used first; upon failure, the AP credentials are used. D. AP credentials are used first; upon failure, the WLC global credentials are used. Correct Answer: B Section: 1 /Reference: : QUESTION 17 Which two statements best describe the local authentication configuration options for a Cisco WLC v7.0 and local mode AP? (Choose two.) A. LEAP and EAP-FAST only B. LEAP, EAP-FAST, EAP-PEAP, and EAP-TLS only

8 C. LEAP, EAP-FAST, EAP-PEAP, EAP-TLS, and EAP-MD5 D. EAP-FAST with PAC provision only E. EAP-FAST with PAC or certificate provision Correct Answer: BE Section: 2 /Reference: : QUESTION 18 Which three items must be configured on a Cisco WLC v7.0 to allow implementation of isolated bonding network? (Choose three.) A. RADIUS server IP address B. DHCP IP address C. SNMP trap receiver IP address D. interface name E. SNMP community name F. ACL name Correct Answer: ADF Section: 2 /Reference: : QUESTION 19 Which three WLAN polices can be controlled by using the Cisco IBNS on the Cisco WLC and Cisco Secure ACS? (Choose three.) A. QoS setting B. VLAN C. EAP type D. ACL E. authentication priority order F. NAC state Correct Answer: ABD Section: 2 /Reference: : QUESTION 20 How do you configure the Cisco Secure ACS v4.2 and Cisco WLC v7.0 to provide the most flexibility for the management of authorized access on the WLC? A. Local management user defined on the WLC B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace) C. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF)

9 D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace) E. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS) Correct Answer: E Section: 2 /Reference: : QUESTION 21 The Cisco WLC v7.0 is configured for external 802.1X and EAP by using the WPA2 association of wireless clients when using the Cisco Secure ACS v4.2. Which two items are required in the Cisco Secure ACS network configuration to enable correct AAA? (Choose two.) A. AP IP address B. WLC virtual IP address C. WLC management IP address D. WLC AP management IP address E. hostname matching the WLC case-sensitive name F. authentication using RADIUS G. authentication using TACACS+ Correct Answer: CF Section: 2 /Reference: : QUESTION 22 Configuring the Cisco Secure ACS with a self-signed certificate supports which requirement? A. when no user certificate is required B. when a CA-signed certificate is required for the user C. when a self-signed certificate Class 4 is required for the user D. when a self-signed certificate Class 0 is required for the user Correct Answer: A Section: 2 /Reference: : "Pass Any Exam. Any Time." Cisco Exam QUESTION 23 When implementing certificates through the use of a CA, how is the certificate of client A validated by client B when received? A. verifying the client A certificate using the client A private key B. verifying the client A certificate using the client A public key C. verifying the client A certificate using the client B private key D. verifying the client A certificate using the client B public key

10 E. verifying the client A certificate using the CA private key F. verifying the client A certificate using the CA public key Correct Answer: F Section: 2 /Reference: : QUESTION 24 Refer to the exhibit. What does this Cisco Secure ACS v4.2 log indicate? A. The WLC is not configured as a client in the Cisco Secure ACS. B. The WLC is not configured as a server in the Cisco Secure ACS. C. Incorrect authentication exists between the WLC and Cisco Secure ACS. D. The wireless client is not configured as a client in the Cisco Secure ACS. E. Incorrect authentication exists between the wireless client and Cisco Secure ACS. "Pass Any Exam. Any Time." Cisco Exam Correct Answer: A Section: 2 /Reference: : QUESTION 25 Authentication is failing between a client and the RADIUS server. Which WLC troubleshooting command set might be useful to assist in troubleshooting the issue?

11 A. show local-auth B. debug ldap C. debug aaa local-auth D. debug dot1x event Correct Answer: D Section: 2 /Reference: : QUESTION 26 Which two statements about the sponsor accounts on the Cisco NAC Guest Server are true? (Choose two.) A. The sponsor login to the Cisco NAC Guest Server is at to create, view, and edit guest accounts. B. The Cisco NAC Guest Server can authenticate the sponsors using the local database or via Microsoft Active Directory or LDAP or RADIUS servers. C. Sponsoring user groups is the method by which to assign permissions to the sponsors. D. Guest roles provide a way to give different levels of access to different sponsor accounts. E. Sponsor accounts require admin privileges to generate reports. Correct Answer: BC Section: 2 /Reference: : QUESTION 27 Which two statements are true about configuring a wired guest LAN feature? (Choose two.) A. Create a WLAN on the anchor controller only B. Select the management interface as the egress interface to reach the anchor controller C. Require an anchor controller to implement D. Select the interface that you created as the guest LAN interface in the ingress interface menu E. Configure on any controller from version 5.2 forward Correct Answer: BD Section: 2 /Reference: : QUESTION 28 When configuring guest WLAN access, which two statements are true? (Choose two.) A. The SSID that is defined for the guest WLAN on the foreign controllers must be the same as that defined on the anchor controller. B. The foreign controllers must be defined with an ingress interface and an egress interface in the guest WLAN. C. The foreign and anchor controllers must be configured in a mobility group for the foreign controllers to be able to initiate EoIP tunnels to one or more anchor controllers.

12 D. The mobility domain name of the anchor controller should be the same as what is configured for the foreign controllers. Correct Answer: AC Section: 2 /Reference: : QUESTION 29 Which statement correctly describes the relationship between the foreign and anchor controllers when used for guest access? A. The foreign controller will load balance in round-robin fashion starting with the highest IP address anchor controller to the lowest IP address anchor controller. B. The foreign controller will load balance in round-robin fashion starting with the lowest IP address anchor controller to the highest IP address anchor controller. C. The foreign controller will load balance in round-robin fashion starting with the highest MAC "Pass Any Exam. Any Time." Cisco Exam address anchor controller to the lowest MAC address anchor controller. D. The foreign controller will load balance in round-robin fashion starting with the lowest MAC address anchor controller to the highest MAC address anchor controller. Correct Answer: B Section: 2 /Reference: : QUESTION 30 Which two firewall ports must be opened for the anchor controller to operate properly with a foreign controller for guest access? (Choose two.) A. ports and for controller traffic B. port 97 for EoIP traffic C. port 80 for HTTP traffic D. port 69 for TFTP traffic Correct Answer: AB Section: 2 /Reference: : QUESTION 31 Which one of the options is responsible for multiple requirements for account data protection such as with credit cards? A. ISO B. IEEE C. IETF D. Wi-Fi Alliance E. PCI

13 F. HIPAA G. GLBA Correct Answer: E Section: 3 /Reference: : QUESTION 32 Which one of the following best describes the implementation of VLAN pooling on a Cisco WLC v7.0? A. Allows a single WLAN ID to be mapped to multiple SSIDs B. Allows a single SSID to be mapped to multiple WLAN IDs C. Allows a single WLAN ID to be mapped to multiple interfaces D. Allows a single interface to be mapped to multiple WLAN IDs Correct Answer: C Section: 3 /Reference: : QUESTION 33 Which four attack categories can the Cisco WLC v7.0 IDS detect using the 17 standard signatures? (Choose four.) A. broadcast deauthentication attacks B. Wellenreiter and NetStumbler attacks C. management frame floods and EAPOL floods D. fragmentation attacks E. NULL probe response attacks F. RF jamming attacks Correct Answer: ABCE Section: 3 /Reference: : QUESTION 34 The Cisco Unified Wireless Network solution, which is based on version 7.0, provides which three wired-side tracing techniques? (Choose three.) A. switch port tracing B. adaptive wips C. RLDP D. autocontainment E. rogue detector F. H-REAP

14 Correct Answer: ACE Section: 3 /Reference: : QUESTION 35 Which wireless attack can cause most client wireless adapters to lock up? A. management frame flood B. NULL probe response C. EAPOL flood D. RF jamming E. disassociation flood F. deauthentication flood Correct Answer: B Section: 3 /Reference: : QUESTION 36 The NetStumbler tool is an example of which wireless attack type? A. denial of service B. information gathering C. hijacking D. eavesdropping Correct Answer: B Section: 3 /Reference: : QUESTION 37 Which device performs the definition of rules and requirements for posture assessment of a wireless client when implementing a NAC appliance solution? A. Cisco NAC Guest Server B. Cisco Secure Access Control System C. Cisco 802.1X supplicant D. Cisco NAC Appliance Agent E. Cisco NAC Appliance Manager F. Cisco NAC Appliance Server G. Cisco IPS Appliance Correct Answer: E Section: 3

15 /Reference: : QUESTION 38 Which protocol port(s) need open access when deploying NAC appliances to communicate with the Cisco WLC v7.0 to move an authenticated user from the quarantine VLAN to the access VLAN? A. UDP B. UDP 514 C. UDP 5246 and 5247 D. UDP 161 and 162 E. TCP 443 Correct Answer: D Section: 3 /Reference: : QUESTION 39 Which two firewall protocol port(s) need open access for secure management access to an anchor WLC for guest access? (Choose two.) A. TCP 22 B. TCP 23 C. TCP 80 D. TCP 8080 E. TCP 443 F. UDP 123 Correct Answer: AE Section: 3 /Reference: : QUESTION 40 How is the MSE enabled to support wips service? A. CLI console or SSH session with the MSE B. HTTPS with the MSE C. HTTPS with the Cisco WCS to enable the MSE and WLC(s) D. HTTPS with WLC(s) to enable locally and the IP address of MSE Correct Answer: C Section: 3 /Reference: "Pass Any Exam. Any Time." Cisco Exam :

16 QUESTION 41 A wireless client has finished 802.1X and EAP using WPA2 with a controller-based AP network using a central AAA server. How is unicast encryption implemented on the client? A. The client uses the PMK that is sent from the AAA server that is derived from EAP authentication. B. The client uses the PTK that is sent from the WLC, which was derived from the PMK that is sent from the AAA server. C. The client uses the PTK that is derived from EAP authentication. D. The client uses the PMK that is derived from a four-way handshake with the AP. E. The client uses the PTK that is derived from a four-way handshake with the AP. Correct Answer: E Section: 3 /Reference: : QUESTION 42 Which key is used to encrypt unicast traffic between the supplicant and the AP after EAP authentication has completed? A. PMK B. GTK C. PTK D. OKC E. PSK Correct Answer: C Section: 3 /Reference: : QUESTION 43 What does the Cisco WLC v7.0 use to encrypt broadcast and multicast frames that are sent to a wireless client? A. PMK B. GTK C. PTK D. OKC E. PSK Correct Answer: B Section: 3 /Reference: : QUESTION 44 Many employees are bringing their own devices to work such as those running Apple ios for iphones and ipads. Which three statements correctly describe authentication for these devices? (Choose three.)

17 A. supports only broadcast networks B. supports broadcast and hidden networks C. supports only pre-shared key (pass phrase) D. supports most EAP types such as EAP-FAST, EAP-TLS, and PEAP E. supports WPA only F. supports WEP, WPA, and WPA2 Correct Answer: BDF Section: 3 /Reference: : "Pass Any Exam. Any Time." Cisco Exam QUESTION 45 What are the three methods that a Cisco AnyConnect v3.0 profile can be applied to a client device? (Choose three.) A. Cisco ASA version 8.2 and later can instruct users to open a specific page on the ASA web interface, from where NAM and user profiles can be downloaded. B. The DHCP option for using a TFTP server automates where NAM and user profiles can be downloaded. C. The administrator can manually copy the profile to the correct location on the client PC. D. The administrator can also use the predeploy installer (MSI on Windows) with the generated profiles. E. When loaded, the Posture Module can verify and request the user to load the latest profile. F. The administrator can use the Cisco AnyConnect v3.0 server feature to allow clients to authenticate with the AAA server and then download the appropriate profile to their client PC. Correct Answer: ACD Section: 4 /Reference: : QUESTION 46 Which two statements describe the secure roaming process of a client between APs that are controlled by a Cisco WLC v7.0? (Choose two.) A. determined by client algorithms B. determined by the WLC and AP infrastructure C. the WLC can only request a client roam using Cisco Compatible Extensions v3 and above D. the WLC can only request a client roam using Cisco Compatible Extensions v4 and above E. only implemented for VoWLAN Correct Answer: AD Section: 4 /Reference: : QUESTION 47

18 Which two fast roaming algorithms will allow a WLAN client to roam to a new AP and re-establish a new session key without a full reauthentication of the WLAN client? (Choose two.) A. PMK B. PTK C. MIC D. GTK E. CKM F. PKC Correct Answer: EF Section: 4 /Reference: : QUESTION 48 Which statement correctly describes the usage of the debug command in a Cisco Unified Wireless Network? A. Debug is enabled until manual shut off. B. Debug is available on the WLC serial console and web interface. C. Debug is a restricted command and is not available in the AP CLI. D. Debug is a message logging severity 7. Correct Answer: D Section: 4 /Reference: : "Pass Any Exam. Any Time." Cisco Exam QUESTION 49 Employees are allowed to starting bringing their own laptops to work. Which option can help provide a temporal user device vulnerability check when using the Java applet or ActiveX? A. Cisco NAC Server B. Cisco NAC Guest Server C. Cisco NAC Manager D. Cisco NAC Windows Agent E. Cisco NAC Web Agent F. Cisco ACS Correct Answer: E Section: 4 /Reference: : QUESTION 50 Employees are allowed to starting bringing their own laptops to work. Which option can help provide a persistent user device check against unexpected issues of security risk application and lack of appropriate

19 patches or updates inclusive of registry keys? A. Cisco NAC Server B. Cisco NAC Guest Server C. Cisco NAC Manager D. Cisco NAC Windows Agent E. Cisco NAC Web Agent F. Cisco ACS Correct Answer: D Section: 4 /Reference: : QUESTION 51 When do NAC out-of-band deployments require user traffic to traverse through the Cisco NAC Server? A. posture assessment only B X and EAP authentication and remediation C. posture assessment and remediation D X and EAP authentication, posture assessment, and remediation Correct Answer: C Section: 4 /Reference: : QUESTION 52 For wireless NAC out-of-band operations, which protocol is used between the Cisco NAC Appliance Manager and the wireless controller to switch the wireless client from the quarantine VLAN to the access VLAN after the client has passed the NAC authentication and posture assessment process? A. RADIUS B. TACACS+ C. SNMP D. SSL E. EAP Correct Answer: C Section: 4 /Reference: :

20 QUESTION 53 When configuring the WLC for NAC out-of-band, which device will be used for SNMP trap receiver IP address entries? A. Cisco NAC Appliance Manager B. Cisco NAC Appliance Server C. Cisco NAC Guest Server D. Cisco ACS E. Cisco WCS Correct Answer: A Section: 4 /Reference: : QUESTION 54 Which option verifies that a wireless client has associated but is not yet authenticated to a WLAN when performing NAC using the Cisco NAC Appliance Manager and Server? A. Cisco CAM OOB Management > Devices > Discovered Clients B. Cisco CAS OOB Management > Devices > Discovered Clients C. Cisco CAM Monitor > View Online Users D. Cisco CAS Monitor > View Online Users Correct Answer: A Section: 4 /Reference: : QUESTION 55 Which EAP protocol(s) can be used by a controller-based AP on Ethernet for 802.1X authentication to a switch? A. EAP-LEAP B. EAP-FAST C. EAP-PEAP D. EAP-TLS E X and EAP are not supported on AP-wired Ethernet Correct Answer: B Section: 4

21 /Reference: : QUESTION 56 Which option correctly lists the EAP protocol(s) that can be configured on an autonomous AP for local authentication? A. MAC B. LEAP and EAP-FAST C. MAC, LEAP, and EAP-FAST D. MAC, EAP-FAST, EAP-PEAP, and EAP-TLS Correct Answer: C Section: 4 /Reference: : QUESTION 57 Which two statements best describe the local authentication configuration options for a H-REAP using H-REAP groups in the Cisco WLC v7.0? (Choose two.) A. LEAP and EAP-FAST only B. LEAP, EAP-FAST, EAP-PEAP, and EAP-TLS only C. LEAP, EAP-FAST, EAP-PEAP, EAP-TLS, and EAP-MD5 D. EAP-FAST with PAC provision only E. EAP-FAST with PAC or certificate provision Correct Answer: AD Section: 4 /Reference: : QUESTION 58 Cisco Client MFP is supported on which modes of LWAPP and CAPWAP APs? A. Local, H-REAP, and Bridge B. Local, H-REAP, and Monitor C. Local, H-REAP, and Rogue Detector D. Sniffer, H-REAP, and Bridge Correct Answer: A Section: 4 /Reference: : QUESTION 59 Which three RADIUS IETF attributes should be enabled on the Cisco Secure ACS v4.2 when implementing IBN for VLAN assignment to the Cisco WLC v7.0? (Choose three.)

22 A. [064] Tunnel-Type B. [065] Tunnel-Medium-Type C. [066] Tunnel-Client-Endpoint D. [067] Tunnel-Server-Endpoint E. [069] Tunnel-Password F. [081] Tunnel-Private-Group-ID G. [082] Tunnel-Private-User-ID Correct Answer: ABF Section: 4 /Reference: : QUESTION 60 Which answer best describes the implementation of IBN using the Cisco WLC v7.0 and Cisco Secure ACS v4.2? A. Configure the ACS for AAA override and attributes. Configure the WLC for RADIUS server. B. Configure the ACS for AAA override and attributes. Configure the WLC for RADIUS server and attributes. C. Configure the ACS for attributes. Configure the WLC for RADIUS server and AAA override. D. Configure the ACS for attributes. Configure the WLC for RADIUS server, AAA override, and attributes. Correct Answer: D Section: 4 /Reference: : QUESTION 61 How should the Cisco Secure ACS v4.2 and the Cisco WLC v7.0 be configured to support wireless client authentication? A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace) B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF) C. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace) D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS) Correct Answer: A Section: 5 /Reference: : QUESTION 62 When using a controller-based AP network, which type of entry is configured in the Cisco Secure ACS? A. AAA client using the AP IP address B. AAA server using the AP IP address C. AAA client using the WLC IP address D. AAA server using the WLC IP address

23 Correct Answer: A Section: 5 /Reference: : QUESTION 63 Which two entries can be used in the Cisco Secure ACS AAA network configuration setup for IP address to provide RADIUS authentication for the network node? (Choose two.) A B C D E * Correct Answer: AE Section: 5 /Reference: : QUESTION 64 In which three places can certificates be used in a WLAN to provide secure communications? (Choose three.) A. between client and AP B. between AP and WLC C. between client and WLC D. between client and RADIUS server E. between WLC and RADIUS server Correct Answer: BCD Section: 5 /Reference: : QUESTION 65 What is the maximum number of ACLs that can be applied to a Cisco WLC v7.0 interface? A. 1 B. 16 C. 32 D. 64 Correct Answer: A Section: 5 /Reference: :

24 QUESTION 66 Refer to the exhibit. What does this Cisco Secure ACS v4.2 log indicate? A. The WLC is not configured as a client in the Cisco Secure ACS. B. The WLC is not configured as a server in the Cisco Secure ACS. C. Incorrect authentication exists between the WLC and Cisco Secure ACS. D. The wireless client is not configured as a client in the Cisco Secure ACS. E. Incorrect authentication exists between the wireless client and Cisco Secure ACS. Correct Answer: C Section: 5 /Reference: : QUESTION 67 The Cisco NAC Guest Server has integration with which two other Cisco devices to support guest services? (Choose two.) A. Cisco NAC Appliance Agent B. Cisco NAC Appliance Server C. Cisco NAC Appliance Manager D. Cisco NAC Profiler E. Cisco WLC F. Cisco WCS Correct Answer: CE Section: 5

25 /Reference: : "Pass Any Exam. Any Time." Cisco Exam QUESTION 68 Which statement about the Cisco NAC Guest Server that is deployed in wireless guest access implementations is true? A. The Cisco NAC Guest Server integrates with the Cisco WCS through the RADIUS protocol. B. The Cisco NAC Guest Server can be used in place of Cisco WCS Lobby Ambassador functionality for guest provisioning and reporting. The Cisco WCS is still needed for WLAN management. C. The Cisco WLC acts as the guest accounts provisioning portal, and the Cisco NAC Guest Server acts as the captive portal capturing web requests from preassigned "guest ports" and requesting authentication. D. Guest accounts on the Cisco NAC Guest Server can be created using the Cisco WCS Lobby Ambassador feature. Correct Answer: B Section: 5 /Reference: : QUESTION 69 What is the default authentication protocol that is used for web authentication? A. MD5-CHAP B. CHAP C. PAP D. LEAP Correct Answer: C Section: 5 /Reference: : QUESTION 70 Which statement correctly describes a wireless client connection to the Cisco WLC v7.0 that is configured for web guest access? A. The client associates to the anchor controller and authenticates to the anchor controller. B. The client associates to the anchor controller and authenticates to the foreign controller. C. The client associates to the foreign controller and authenticates to the anchor controller. D. The client associates to the foreign controller and authenticates to the foreign controller. Correct Answer: C Section: 5 /Reference: :

26 QUESTION 71 How many tunnels can a Cisco WLC v7.0 anchor? A. 63 B. 64 C. 71 D. 72 E. 253 F. 254 Correct Answer: C Section: 5 /Reference: : QUESTION 72 What does the eping mobility_peer_ip_address command do? A. It tests EoIP connectivity via port 97 though the management interface. B. It tests EoIP connectivity via port 97 though the AP manager interface. C. It tests UDP connectivity via port through the management interface. D. It tests UDP connectivity via port through the AP manager interface. Correct Answer: A Section: 5 /Reference: : QUESTION 73 Which one of the options is related to U.S. Federal Trade Commission safeguard rules for financial institutions to protect customer information? A. ISO B. IEEE C. IETF D. Wi-Fi Alliance E. PCI F. HIPAA G. GLBA Correct Answer: G Section: 5 /Reference: : "Pass Any Exam. Any Time." Cisco Exam QUESTION 74 A network administrator is assigning a one-to-one association for VLAN to wireless WLAN or SSID. Given the

27 implementation of a Cisco 2500 Series controller using v7.0, how many WLANs can be created? A. 8 B. 16 C. 32 D. 64 E. 128 F. 254 G. 512 Correct Answer: B Section: 5 /Reference: : QUESTION 75 Given a proper configuration of the Cisco WLC v7.0, what is the default username, password, and enable password to remotely access an associated AP? A. admin, admin, and Cisco B. admin, cisco, and Cisco C. none, cisco, and Cisco D. none, Cisco, and Cisco E. Cisco, Cisco, and Cisco F. lightweight APs do not allow remote access Correct Answer: E Section: 6 /Reference: : QUESTION 76 What is the default security level that is used for syslog messages to a Cisco WLC v7.0-buffered log? A. Alerts B. Errors C. Warnings D. Notification E. Informational F. Disabled Correct Answer: B Section: 6 /Reference: : QUESTION 77 Which four conditions can be used in rules to classify rogue APs on a Cisco WLC v7.0? (Choose four.)

28 A. managed SSID B. RSSI C. EAP type D. no encryption E. encryption method F. duration Correct Answer: ABDF Section: 6 /Reference: : QUESTION 78 Refer to the exhibit. A WLAN with the SSID "Enterprise" is configured. Which rogue will be marked as malicious? A. a rogue with no clients, broadcasting the SSID "Enterprise" heard at -50dBm B. a rogue with two clients, broadcasting the SSID "Employee" heard at -50dBm C. a rogue with two clients, broadcasting the SSID "Enterprise" heard at -50dBm D. a rouge with two clients, broadcasting the SSID "Enterprise" heard at -80dBm Correct Answer: C Section: 6 /Reference: :

29 QUESTION 79 Which two attacks represent a social engineering attack? (Choose two.) A. using AirMagnet Wi-Fi Analyzer to search for hidden SSIDs B. calling the IT helpdesk and asking for network information C. spoofing the MAC address of an employee device D. entering a business and posing as IT support staff Correct Answer: BD Section: 6 /Reference: : "Pass Any Exam. Any Time." Cisco Exam QUESTION 80 Which type of attack is characterized by an evil twin? A. DoS B. man in the middle C. jamming D. eavesdropping Correct Answer: B Section: 6 /Reference: : QUESTION 81 Which device provides IDS and IPS protection in a Cisco Unified Wireless Network against wireless clients with viruses and worms? A. Cisco NAC Guest Server B. Cisco Secure Access Control System C. Cisco WLC D. Cisco WCS E. Cisco NAC Appliance Manager F. Cisco NAC Appliance Server G. Cisco IPS Appliance Correct Answer: G Section: 6 /Reference: : QUESTION 82 Which protocol port needs open access for the Cisco WLC v7.0 using an external AAA server for checking administrative privileges for menu access?

30 A. UDP 1812 B. UDP 1813 C. UDP 1645 D. UDP 1646 E. TCP 49 F. TCP 443 Correct Answer: E Section: 6 /Reference: : QUESTION 83 IPS appliance traffic monitoring has been configured in a Cisco WLC v7.0 with default parameters. Which statement correctly describes the results when malicious traffic is detected from a wireless client? A. The WLC immediately notifies the IPS appliance. B. The IPS appliance immediately notifies the WLC. C. The WLC polls the IPS for the status every 60 seconds. D. The IPS initiates updates to the WLC every 60 seconds. Correct Answer: C Section: 6 /Reference: : QUESTION 84 When deploying wips, which protocol is used to communicate between the Cisco WLC v7.0 and the MSE? A. SNMP B. HTTPS C. CAPWAP D. SOAP and XML E. NMSP Correct Answer: E Section: 6 /Reference: : "Pass Any Exam. Any Time." Cisco Exam QUESTION 85 DRAG DROP Drop Click and drag the communication method on the left to its correct usage on right for Adaptive WIPS Operations.

31 A. B. C. D. Correct Answer: Section: 6 /Reference: :

32