CertifyMe. CISCO EXAM QUESTIONS & ANSWERS

Similar documents
Cisco Exactexams Questions & Answers

Cisco Questions & Answers

Cisco Actualtests Exam Questions & Answers

Certkiller q. Cisco Implementing Advanced Cisco Unified Wireless Security v2.0

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Cisco Exam Questions & Answers

ITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

TestsDumps. Latest Test Dumps for IT Exam Certification

COPYRIGHTED MATERIAL. Contents

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Cisco Exam Questions & Answers

Securing Wireless LAN Controllers (WLCs)

Securing Cisco Wireless Enterprise Networks ( )

FortiNAC. Cisco Airespace Wireless Controller Integration. Version: 8.x. Date: 8/28/2018. Rev: B

Deployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

P ART 3. Configuring the Infrastructure

Cisco EXAM Implementing Cisco Unified Wireless Networking Essentials (IUWNE) Buy Full Product.

Configuring FlexConnect Groups

PrepKing. PrepKing

Q&As. Implementing Cisco Unified Wireless Voice Networks (IUWVN) v2.0. Pass Cisco Exam with 100% Guarantee

Cisco Passguide Exam Questions & Answers

Configuring OfficeExtend Access Points

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Real4Test. Real IT Certification Exam Study materials/braindumps

Configuring Hybrid REAP

Configuring FlexConnect Groups

Configuring Layer2 Security

ISE Primer.

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Secure Access Solutions. Version: Demo

Template information can be overridden on individual devices.

DumpsFree. DumpsFree provide high-quality Dumps VCE & dumps demo free download

Template information can be overridden on individual devices.

Numerics INDEX. AAA AAA mode active sessions AP/MSE Authorization 9-91 General 9-84 LDAP Servers 9-87

CISCO EXAM QUESTIONS & ANSWERS

Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Deploying Cisco Wireless Enterprise Networks. Version 1.

CertifyMe. CertifyMe

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Cisco Exam Securing Wireless Enterprise Networks Version: 7.0 [ Total Questions: 53 ]

Cisco Deploying Basic Wireless LANs

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

Configuring Client Profiling

The following chart provides the breakdown of exam as to the weight of each section of the exam.

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Securing Wireless Enterprise Networks.

Troubleshooting Web Authentication on a Wireless LAN Controller (WLC)

Index Numerics Cisco Wireless Control System Configuration Guide OL IN-1

CCIE Wireless v3 Lab Video Series 1 Table of Contents

Managing Rogue Devices

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Secure Wireless LAN Design and Deployment

Per-WLAN Wireless Settings

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

Central Web Authentication on the WLC and ISE Configuration Example

ISE Version 1.3 Self Registered Guest Portal Configuration Example

Architecting Network for Branch Offices with Cisco Unified Wireless

Wireless LAN Controller (WLC) Design and Features FAQ

Vendor: Aruba. Exam Code: ACMP_6.1. Exam Name: Aruba Certified Mobility Professional 6.1. Version: Demo

Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth Sr. Technical Marketing Engineer

Cisco Certification Exam

Cisco.Actualtests v by.Ralph.174.vce

Exam Questions CWSP-205

Symbols. Numerics I N D E X

Cisco Exam Questions & Answers

Cisco.Actualtests v by.Ralph.174.vce

Guest Access User Interface Reference

I N D E X 9-2 Numerics , ,

Cisco Network Admission Control (NAC) Solution

Introduction to 802.1X Operations for Cisco Security

FortiNAC. Aerohive Wireless Access Point Integration. Version 8.x 8/28/2018. Rev: E

FAQ on Cisco Aironet Wireless Security

Support Device Access

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Cisco Wireless LAN Controller Configuration Guide

Cisco Exam Implementing Cisco unified Wireless Voice Networks (IUWVN) v2.0 Version: 10.0 [ Total Questions: 188 ]

CISCO EXAM QUESTIONS & ANSWERS

2012 Cisco and/or its affiliates. All rights reserved. 1

Cisco Exam Troubleshooting Cisco Wireless Enterprise Networks Version: 7.0 [ Total Questions: 60 ]

Number: Passing Score: 800 Time Limit: 120 min File Version: Vendor: Cisco. Exam Code:

Managing Rogue Devices

RADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions

CertifyMe. CertifyMe

Implementing Cisco Unified Wireless Networking Essentials Volume 1

Wireless LAN Controller Web Authentication Configuration Example

PrepKing. PrepKing

Universal Wireless Controller Configuration for Cisco Identity Services Engine. Secure Access How-To Guide Series

Fundamentals of Network Security v1.1 Scope and Sequence

Standard For IIUM Wireless Networking

Securing Wireless LANs

Configuring Auto-Anchor Mobility

CertKiller q

Deploying Cisco Wireless Enterprise Networks

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Cisco Troubleshooting Cisco Wireless Enterprise Networks WITSHOOT v1.1

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

Transcription:

CertifyMe Number: 642-737 Passing Score: 800 Time Limit: 120 min File Version: 28.9 http://www.gratisexam.com/ CISCO 642-737 EXAM QUESTIONS & ANSWERS Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0 Sections 1. 1 2. 2 3. 3 4. 4 5. 5 6. 6

Test-Papers QUESTION 1 Which statement describes the major difference between PEAP and EAP-FAST client authentication? A. EAP-FAST requires a backend AAA server, and PEAP does not. B. EAP-FAST is a Cisco-only proprietary protocol, whereas PEAP is an industry-standard protocol. C. PEAP requires a server-side certificate, while EAP-FAST does not require certificates. D. PEAP authentication protocol requires a client certificate, and EAP-FAST requires a secure password. Correct Answer: C Section: 1 /Reference: QUESTION 2 Which one best describes the EAP Identity Request frame when a wireless client is connecting to a Cisco WLC v7.0-based AP WLAN? A. sourced from the Cisco ACS Server to the client B. sourced from the client to the Cisco ACS Server C. sourced from the WLC to the client D. sourced from the client to the WLC E. sourced from the AP to the client F. sourced from the client to the AP Correct Answer: C Section: 1 /Reference: QUESTION 3 What are the four packet types that are used by EAP? (Choose four.) A. EAP Type B. EAP Request C. EAP Identity D. EAP Response "Pass Any Exam. Any Time." - www.actualtests.com 2 Cisco 642-737 Exam E. EAP Success F. EAP Failure G. EAP Authentication Correct Answer: BDEF Section: 1 /Reference: QUESTION 4

Which EAP types are supported by MAC 10.7 for authentication to a Cisco Unified Wireless Network? http://www.gratisexam.com/ A. LEAP and EAP-Fast only B. EAP-TLS and PEAP only C. LEAP, EAP-TLS, and PEAP only D. LEAP, EAP-FAST, EAP-TLS, and PEAP Correct Answer: D Section: 1 /Reference: QUESTION 5 What are two of the benefits that the Cisco AnyConnect v3.0 provides to the administrator for client WLAN security configuration? (Choose two.) "Pass Any Exam. Any Time." - www.actualtests.com 3 Cisco 642-737 Exam A. Provides a reporting mechanism for rouge APs B. Prevents a user from adding any WLANs C. Hides the complexity of 802.1X and EAP configuration D. Supports centralized or distributed client architectures E. Provides concurrent wired and wireless connectivity F. Allows users to modify but not delete admin-created profiles Correct Answer: CD Section: 1 /Reference: QUESTION 6 Which two parameters can directly affect client roaming decisions? (Choose two.) A. SNR B. RSSI C. MFP status D. RF fingerprinting E. RRM Correct Answer: AB Section: 1

/Reference: http://www.gratisexam.com/ "Pass Any Exam. Any Time." - www.actualtests.com 4 Cisco 642-737 Exam QUESTION 7 Which three parameters can be communicated between a Cisco WLC v7.0 and Cisco Compatible Extensions v4-enabled client to improve a secure roaming connection? (Choose three.) A. minimum SNR B. transition time C. scan threshold D. hysteresis E. PER F. MIC errors Correct Answer: BCD Section: 1 /Reference: QUESTION 8 Which three Cisco WLC v7.0 CLI family of commands would be appropriate to troubleshoot a wireless client failure for connection to an AP? (Choose three.) A. debug capwap B. debug mac addr C. debug ccxdiag D. debug dhcp E. debug ap F. debug dtls G. debug aaa Correct Answer: BDG Section: 1 /Reference: QUESTION 9 Employees are allowed to start bringing their own wireless devices to work for use on the 802.11a/b/g/n WLAN when using their existing credentials. However, they are experiencing issues. Which two items are the most probable cause of these issues? (Choose two.) A. incorrect IP address

B. supplicant or driver C. incorrect user name D. wrong wireless band E. application issues Correct Answer: BE Section: 1 /Reference: QUESTION 10 Employees adjust their wireless laptop for work at the office and when away from the office. What are the two most likely security issues for an employee laptop when connected at the corporate WLAN? (Choose two.) A. loading a freeware customer contact application B. configuring a static IP address C. updating the driver D. adding a coffee shop wireless HotSpot Correct Answer: AC Section: 1 /Reference: QUESTION 11 "Pass Any Exam. Any Time." - www.actualtests.com 6 Cisco 642-737 Exam Which two options are supported when deploying wireless NAC out-of-band implementations? (Choose two.) A. Cisco NAS in virtual gateway mode B. WLANs with allow AAA override enabled C. Cisco NAC Guest Server integration with the Cisco NAM D. dynamic VLAN mappings on the Cisco NAS, which is based on the returned RADIUS attributes from the Cisco Secure ACS E. autonomous APs Correct Answer: AC Section: 1 /Reference: QUESTION 12 Wireless NAC single sign-on uses which type of RADIUS records to notify the Cisco NAC Appliance Manager about the authenticated wireless clients? A. accounting records B. authentication records C. authentication and accounting records D. preauthentication records

Correct Answer: A Section: 1 /Reference: "Pass Any Exam. Any Time." - www.actualtests.com 7 Cisco 642-737 Exam QUESTION 13 When configuring the WLC for single sign-on for the NAC, which device is used for the RADIUS accounting IP address? A. Cisco NAC Appliance Manager B. Cisco NAC Appliance Server C. Cisco NAC Guest Server D. Cisco ACS E. Cisco WCS Correct Answer: A Section: 1 /Reference: QUESTION 14 Which option verifies that a wireless client has authenticated to a WLAN when performing NAC using the Cisco NAC Appliance Manager and Server? A. Cisco CAM OOB Management > Devices > Discovered Clients B. Cisco CAS OOB Management > Devices > Discovered Clients C. Cisco CAM Monitor > View Online Users D. Cisco CAS Monitor > View Online Users Correct Answer: C Section: 1 /Reference: "Pass Any Exam. Any Time." - www.actualtests.com 9 Cisco 642-737 Exam QUESTION 15 Which two statements best describe the local authentication configuration options for a Cisco WLC v7.0 and local mode AP? (Choose two.) A. LEAP and EAP-FAST only B. LEAP, EAP-FAST, EAP-PEAP, and EAP-TLS only C. LEAP, EAP-FAST, EAP-PEAP, EAP-TLS, and EAP-MD5 D. EAP-FAST with PAC provision only E. EAP-FAST with PAC or certificate provision Correct Answer: BE Section: 2

/Reference: QUESTION 16 Client Management Frame Protection is supported on which Cisco Compatible Extensions version clients? A. v2 and later B. v3 and later C. v4 and later "Pass Any Exam. Any Time." - www.actualtests.com 10 Cisco 642-737 Exam D. v5 only Correct Answer: D Section: 2 /Reference: QUESTION 17 Which three WLAN polices can be controlled by using the Cisco IBNS on the Cisco WLC and Cisco Secure ACS? (Choose three.) A. QoS setting B. VLAN C. EAP type D. ACL E. authentication priority order F. NAC state Correct Answer: ABD Section: 2 /Reference: QUESTION 18 "Pass Any Exam. Any Time." - www.actualtests.com 11 Cisco 642-737 Exam Which attribute on the Cisco WLC v7.0 does RADIUS IETF attribute "Tunnel-Private-Group ID" assign? A. ACL B. DSCP C. QoS D. VLAN Correct Answer: D Section: 2 /Reference:

QUESTION 19 How do you configure the Cisco Secure ACS v4.2 and Cisco WLC v7.0 to provide the most flexibility for the management of authorized access on the WLC? A. Local management user defined on the WLC B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace) C. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF) D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace) E. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS) Correct Answer: E Section: 2 /Reference: QUESTION 20 The Cisco WLC v7.0 is configured for external 802.1X and EAP by using the WPA2 association of wireless clients when using the Cisco Secure ACS v4.2. Which two items are required in the Cisco Secure ACS network configuration to enable correct AAA? (Choose two.) A. AP IP address B. WLC virtual IP address C. WLC management IP address D. WLC AP management IP address "Pass Any Exam. Any Time." - www.actualtests.com 12 Cisco 642-737 Exam E. hostname matching the WLC case-sensitive name F. authentication using RADIUS G. authentication using TACACS+ Correct Answer: CF Section: 2 /Reference: QUESTION 21 The Cisco WLC v7.0 is configured for external authentication of the management access to the WLC itself using the Cisco Secure ACS v4.2. The management user is limited to read access for all menu options except for full read/write access to the WLAN menu options. Which two items are required in the Cisco Secure ACS network configuration to enable correct AAA? (Choose two.) A. AP IP address B. WLC virtual IP address C. WLC management IP address D. WLC AP management IP address E. hostname matching the WLC case-sensitive name F. authentication using RADIUS G. authentication using TACACS+

Correct Answer: CG Section: 2 /Reference: QUESTION 22 Configuring the Cisco Secure ACS with a self-signed certificate supports which requirement? A. when no user certificate is required B. when a CA-signed certificate is required for the user C. when a self-signed certificate Class 4 is required for the user D. when a self-signed certificate Class 0 is required for the user Correct Answer: A Section: 2 /Reference: "Pass Any Exam. Any Time." - www.actualtests.com 13 Cisco 642-737 Exam QUESTION 23 When implementing certificates through the use of a CA, how is the certificate of client A validated by client B when received? A. verifying the client A certificate using the client A private key B. verifying the client A certificate using the client A public key C. verifying the client A certificate using the client B private key D. verifying the client A certificate using the client B public key E. verifying the client A certificate using the CA private key F. verifying the client A certificate using the CA public key Correct Answer: F Section: 2 /Reference: QUESTION 24 Refer to the exhibit.

What does this Cisco Secure ACS v4.2 log indicate? A. The WLC is not configured as a client in the Cisco Secure ACS. B. The WLC is not configured as a server in the Cisco Secure ACS. C. Incorrect authentication exists between the WLC and Cisco Secure ACS. D. The wireless client is not configured as a client in the Cisco Secure ACS. E. Incorrect authentication exists between the wireless client and Cisco Secure ACS. "Pass Any Exam. Any Time." - www.actualtests.com 14 Cisco 642-737 Exam Correct Answer: A Section: 2 /Reference: QUESTION 25 Authentication is failing between a client and the RADIUS server. Which WLC troubleshooting command set might be useful to assist in troubleshooting the issue? A. show local-auth B. debug ldap C. debug aaa local-auth D. debug dot1x event Correct Answer: D Section: 2 /Reference:

QUESTION 26 The Cisco NAC Guest Server is configured as which kind of device on the wireless controller? A. external web authentication server B. RADIUS server C. SNMP trap receiver D. anchor controller E. AAA client Correct Answer: B Section: 2 /Reference: QUESTION 27 Which two statements about the sponsor accounts on the Cisco NAC Guest Server are true? (Choose two.) A. The sponsor login to the Cisco NAC Guest Server is at https://ngs-ip-address/admin to create, view, and edit guest accounts. "Pass Any Exam. Any Time." - www.actualtests.com 15 Cisco 642-737 Exam B. The Cisco NAC Guest Server can authenticate the sponsors using the local database or via Microsoft Active Directory or LDAP or RADIUS servers. C. Sponsoring user groups is the method by which to assign permissions to the sponsors. D. Guest roles provide a way to give different levels of access to different sponsor accounts. E. Sponsor accounts require admin privileges to generate reports. Correct Answer: BC Section: 2 /Reference: QUESTION 28 Which two statements are true about configuring a wired guest LAN feature? (Choose two.) A. Create a WLAN on the anchor controller only B. Select the management interface as the egress interface to reach the anchor controller C. Require an anchor controller to implement D. Select the interface that you created as the guest LAN interface in the ingress interface menu E. Configure on any controller from version 5.2 forward Correct Answer: BD Section: 2 /Reference: QUESTION 29 Refer to the exhibit.

"Pass Any Exam. Any Time." - www.actualtests.com 16 Cisco 642-737 Exam What is the 1.1.1.1 IP address? A. the controller virtual interface IP address B. the controller management IP address C. the controller AP-manager IP address D. the RADIUS server IP address E. the lightweight AP IP address F. the wireless client IP address Correct Answer: A Section: 2 /Reference: QUESTION 30 When configuring guest WLAN access, which two statements are true? (Choose two.) A. The SSID that is defined for the guest WLAN on the foreign controllers must be the same as that defined on the anchor controller. B. The foreign controllers must be defined with an ingress interface and an egress interface in the guest WLAN. C. The foreign and anchor controllers must be configured in a mobility group for the foreign controllers to be able to initiate EoIP tunnels to one or more anchor controllers. D. The mobility domain name of the anchor controller should be the same as what is configured for the foreign controllers. Correct Answer: AC Section: 2 /Reference: QUESTION 31 Which statement correctly describes the relationship between the foreign and anchor controllers when used for guest access? A. The foreign controller will load balance in round-robin fashion starting with the highest IP address anchor

controller to the lowest IP address anchor controller. B. The foreign controller will load balance in round-robin fashion starting with the lowest IP address anchor controller to the highest IP address anchor controller. C. The foreign controller will load balance in round-robin fashion starting with the highest MAC "Pass Any Exam. Any Time." - www.actualtests.com 17 Cisco 642-737 Exam address anchor controller to the lowest MAC address anchor controller. D. The foreign controller will load balance in round-robin fashion starting with the lowest MAC address anchor controller to the highest MAC address anchor controller. Correct Answer: B Section: 2 /Reference: QUESTION 32 Which two descriptions of mpings and epings are true? (Choose two.) A. mpings run over UDP port 16666. B. mpings run over UDP port 16667, and epings run over port 16666. C. epings run over EoIP. D. mpings test mobility data packet reachability, and epings test mobility control packet reachability. E. mpings run over the management interface, and epings run over the virtual interface. F. mpings and epings are useful tools for troubleshooting WLC-to-AP communications. Correct Answer: AC Section: 2 /Reference: QUESTION 33 Which two firewall ports must be opened for the anchor controller to operate properly with a foreign controller for guest access? (Choose two.) A. ports 16666 and 16667 for controller traffic B. port 97 for EoIP traffic C. port 80 for HTTP traffic D. port 69 for TFTP traffic Correct Answer: AB Section: 2 /Reference: QUESTION 34 "Pass Any Exam. Any Time." - www.actualtests.com 18 Cisco 642-737 Exam Which one of the options is responsible for multiple requirements for account data protection such as with credit cards? A. ISO

B. IEEE C. IETF D. Wi-Fi Alliance E. PCI F. HIPAA G. GLBA Correct Answer: E /Reference: QUESTION 35 Which one of the following best describes the implementation of VLAN pooling on a Cisco WLC v7.0? A. Allows a single WLAN ID to be mapped to multiple SSIDs B. Allows a single SSID to be mapped to multiple WLAN IDs C. Allows a single WLAN ID to be mapped to multiple interfaces D. Allows a single interface to be mapped to multiple WLAN IDs Correct Answer: C /Reference: QUESTION 36 A Cisco WLC v7.0 has been only initially configured through the console setup CLI wizard. A new AP has just finished association with the controller. What is the default mode of remote access to the AP? A. HTTPS B. HTTP C. SSH D. Telnet E. access is disabled "Pass Any Exam. Any Time." - www.actualtests.com 19 Cisco 642-737 Exam Correct Answer: E /Reference: QUESTION 37 Which two tools help to provide PCI compliance reports? (Choose two.) A. WLC B. WCS C. MSE D. Ekahau Site Survey

E. AirMagnet WiFi Analyzer Correct Answer: BE /Reference: QUESTION 38 Which four attack categories can the Cisco WLC v7.0 IDS detect using the 17 standard signatures? (Choose four.) A. broadcast deauthentication attacks B. Wellenreiter and NetStumbler attacks C. management frame floods and EAPOL floods D. fragmentation attacks E. NULL probe response attacks F. RF jamming attacks Correct Answer: ABCE /Reference: QUESTION 39 The Cisco Unified Wireless Network solution, which is based on version 7.0, provides which three wired-side tracing techniques? (Choose three.) "Pass Any Exam. Any Time." - www.actualtests.com 20 Cisco 642-737 Exam A. switch port tracing B. adaptive wips C. RLDP D. autocontainment E. rogue detector F. H-REAP Correct Answer: ACE /Reference: QUESTION 40 Refer to the exhibit.

What is the effect of setting Client Exclusion to Enabled and set to a Timeout Value of 0 seconds in a Cisco WLC v7.0? A. Excluded clients must be manually removed from the excluded list. B. Client exclusion will not occur. C. Client exclusion timeout will be determined by the IDS module. D. Clients will only be disconnected and not excluded. Correct Answer: A /Reference: "Pass Any Exam. Any Time." - www.actualtests.com 21 Cisco 642-737 Exam QUESTION 41 Which wireless attack can cause most client wireless adapters to lock up? A. management frame flood B. NULL probe response C. EAPOL flood D. RF jamming E. disassociation flood F. deauthentication flood

Correct Answer: B /Reference: QUESTION 42 The NetStumbler tool is an example of which wireless attack type? A. denial of service B. information gathering C. hijacking D. eavesdropping Correct Answer: B /Reference: QUESTION 43 Which device performs the definition of rules and requirements for posture assessment of a wireless client when implementing a NAC appliance solution? A. Cisco NAC Guest Server B. Cisco Secure Access Control System C. Cisco 802.1X supplicant D. Cisco NAC Appliance Agent E. Cisco NAC Appliance Manager F. Cisco NAC Appliance Server G. Cisco IPS Appliance "Pass Any Exam. Any Time." - www.actualtests.com 22 Cisco 642-737 Exam Correct Answer: E /Reference: QUESTION 44 Which NAC component performs device compliance checks as users attempt to access the network? A. Cisco NAC Guest Server B. Cisco Secure Access Control System C. Cisco 802.1X supplicant D. Cisco NAC Appliance Agent E. Cisco NAC Appliance Manager F. Cisco NAC Appliance Server G. Cisco IPS Appliance

Correct Answer: D /Reference: QUESTION 45 Which protocol port(s) need open access when deploying NAC appliances to communicate with the Cisco WLC v7.0 to move an authenticated user from the quarantine VLAN to the access VLAN? A. UDP 16666 B. UDP 514 C. UDP 5246 and 5247 D. UDP 161 and 162 E. TCP 443 Correct Answer: D /Reference: QUESTION 46 Which two firewall protocol port(s) need open access for secure management access to an anchor "Pass Any Exam. Any Time." - www.actualtests.com 23 Cisco 642-737 Exam WLC for guest access? (Choose two.) A. TCP 22 B. TCP 23 C. TCP 80 D. TCP 8080 E. TCP 443 F. UDP 123 Correct Answer: AE /Reference: QUESTION 47 An IPS appliance is being integrated into the Cisco Unified Wireless Network solution in promiscuous mode. Which two parameters are required when configuring a Cisco WLC v7.0 for the addition of the IPS appliance services? (Choose two.) A. WLAN > AAA Override is enabled B. WLAN > P2P Blocking is enabled C. WLAN > Client Exclusion is enabled D. WLAN > NAC State is enabled E. Security > RADIUS accounting IP address F. Security > Sensors IP address

Correct Answer: CF /Reference: QUESTION 48 How is the MSE enabled to support wips service? A. CLI console or SSH session with the MSE B. HTTPS with the MSE C. HTTPS with the Cisco WCS to enable the MSE and WLC(s) D. HTTPS with WLC(s) to enable locally and the IP address of MSE Correct Answer: C /Reference: "Pass Any Exam. Any Time." - www.actualtests.com 24 Cisco 642-737 Exam QUESTION 49 A wireless client has finished 802.1X and EAP using WPA2 with a controller-based AP network using a central AAA server. How is unicast encryption implemented on the client? A. The client uses the PMK that is sent from the AAA server that is derived from EAP authentication. B. The client uses the PTK that is sent from the WLC, which was derived from the PMK that is sent from the AAA server. C. The client uses the PTK that is derived from EAP authentication. D. The client uses the PMK that is derived from a four-way handshake with the AP. E. The client uses the PTK that is derived from a four-way handshake with the AP. Correct Answer: E /Reference: QUESTION 50 Which key is used to encrypt unicast traffic between the supplicant and the AP after EAP authentication has completed? A. PMK B. GTK C. PTK D. OKC E. PSK Correct Answer: C

/Reference: QUESTION 51 What does the Cisco WLC v7.0 use to encrypt broadcast and multicast frames that are sent to a wireless client? "Pass Any Exam. Any Time." - www.actualtests.com 25 Cisco 642-737 Exam A. PMK B. GTK C. PTK D. OKC E. PSK Correct Answer: B /Reference: QUESTION 52 When using the Microsoft WLAN AutoConfig feature, which 802.1X authentication method is not supported natively by Windows 7? A. EAP-TLS B. EAP-FAST C. PEAP with MS-CHAPv2 D. PEAP with GTC Correct Answer: B /Reference: QUESTION 53 Many employees are bringing their own devices to work such as those running Apple ios for iphones and ipads. Which three statements correctly describe authentication for these devices? (Choose three.) A. supports only broadcast networks B. supports broadcast and hidden networks C. supports only pre-shared key (pass phrase) D. supports most EAP types such as EAP-FAST, EAP-TLS, and PEAP E. supports WPA only F. supports WEP, WPA, and WPA2 Correct Answer: BDF

/Reference: "Pass Any Exam. Any Time." - www.actualtests.com 26 Cisco 642-737 Exam QUESTION 54 What are the three methods that a Cisco AnyConnect v3.0 profile can be applied to a client device? (Choose three.) A. Cisco ASA version 8.2 and later can instruct users to open a specific page on the ASA web interface, from where NAM and user profiles can be downloaded. B. The DHCP option for using a TFTP server automates where NAM and user profiles can be downloaded. C. The administrator can manually copy the profile to the correct location on the client PC. D. The administrator can also use the predeploy installer (MSI on Windows) with the generated profiles. E. When loaded, the Posture Module can verify and request the user to load the latest profile. F. The administrator can use the Cisco AnyConnect v3.0 server feature to allow clients to authenticate with the AAA server and then download the appropriate profile to their client PC. Correct Answer: ACD Section: 4 /Reference: QUESTION 55 Which two statements describe the use of NAM by the Cisco AnyConnect v3.0? (Choose two.) A. removes Cisco Secure Services Client v5.x but retains the configuration for NAM B. removes Cisco Secure Services Client v5.x software and configuration for a clean install C. installs on Windows, Mac, and Linux D. installs on Windows only E. requires a license F. requires a profile editor to allow a user to add WLANs Correct Answer: AD Section: 4 /Reference: QUESTION 56 Which two statements describe the secure roaming process of a client between APs that are controlled by a Cisco WLC v7.0? (Choose two.) "Pass Any Exam. Any Time." - www.actualtests.com 27 Cisco 642-737 Exam A. determined by client algorithms B. determined by the WLC and AP infrastructure C. the WLC can only request a client roam using Cisco Compatible Extensions v3 and above D. the WLC can only request a client roam using Cisco Compatible Extensions v4 and above E. only implemented for VoWLAN Correct Answer: AD

Section: 4 /Reference: QUESTION 57 Which two fast roaming algorithms will allow a WLAN client to roam to a new AP and re-establish a new session key without a full reauthentication of the WLAN client? (Choose two.) A. PMK B. PTK C. MIC D. GTK E. CKM F. PKC Correct Answer: EF Section: 4 /Reference: QUESTION 58 Which statement correctly describes the usage of the debug command in a Cisco Unified Wireless Network? A. Debug is enabled until manual shut off. B. Debug is available on the WLC serial console and web interface. C. Debug is a restricted command and is not available in the AP CLI. D. Debug is a message logging severity 7. Correct Answer: D Section: 4 /Reference: "Pass Any Exam. Any Time." - www.actualtests.com 28 Cisco 642-737 Exam QUESTION 59 Which Cisco WLC v7.0 CLI family of commands helps to verify the PAC status for client association when using local-eap? A. debug group B. debug dot1x C. show local-auth D. debug aaa E. debug capwap Correct Answer: D Section: 4

/Reference: QUESTION 60 Employees are allowed to starting bringing their own laptops to work. Which option can help provide a temporal user device vulnerability check when using the Java applet or ActiveX? A. Cisco NAC Server B. Cisco NAC Guest Server C. Cisco NAC Manager D. Cisco NAC Windows Agent E. Cisco NAC Web Agent F. Cisco ACS Correct Answer: E Section: 4 /Reference: QUESTION 61 Employees are allowed to starting bringing their own laptops to work. Which option can help provide a persistent user device check against unexpected issues of security risk application and lack of appropriate patches or updates inclusive of registry keys? A. Cisco NAC Server B. Cisco NAC Guest Server C. Cisco NAC Manager "Pass Any Exam. Any Time." - www.actualtests.com 29 Cisco 642-737 Exam D. Cisco NAC Windows Agent E. Cisco NAC Web Agent F. Cisco ACS Correct Answer: D Section: 4 /Reference: QUESTION 62 When deploying wireless Cisco NAC OOB operations, which device signals the WLC to switch a user from a quarantine VLAN to an access VLAN? A. Cisco NAC Appliance Manager B. Cisco NAC Appliance Server C. Cisco NAC Guest Server D. Cisco ACS E. Cisco WCS Correct Answer: A Section: 4

/Reference: QUESTION 63 When do NAC out-of-band deployments require user traffic to traverse through the Cisco NAC Server? A. posture assessment only B. 802.1X and EAP authentication and remediation C. posture assessment and remediation http://www.gratisexam.com/ D. 802.1X and EAP authentication, posture assessment, and remediation Correct Answer: C Section: 4 /Reference: QUESTION 64 For wireless NAC out-of-band operations, which protocol is used between the Cisco NAC "Pass Any Exam. Any Time." - www.actualtests.com 30 Cisco 642-737 Exam Appliance Manager and the wireless controller to switch the wireless client from the quarantine VLAN to the access VLAN after the client has passed the NAC authentication and posture assessment process? A. RADIUS B. TACACS+ C. SNMP D. SSL E. EAP Correct Answer: C Section: 4 /Reference: QUESTION 65 When configuring the WLC for NAC out-of-band, which device will be used for SNMP trap receiver IP address entries? A. Cisco NAC Appliance Manager B. Cisco NAC Appliance Server C. Cisco NAC Guest Server D. Cisco ACS E. Cisco WCS

Correct Answer: A Section: 4 /Reference: QUESTION 66 Which three of the items listed are required configuration parameters for the WLC to enable NAC out-of-band single sign-on when implementing NAC appliances? (Choose three.) A. EAP authentication B. web authentication C. SNMP D. RADIUS accounting E. WLAN > SNMP NAC enabled F. WLAN > RADIUS NAC enabled "Pass Any Exam. Any Time." - www.actualtests.com 31 Cisco 642-737 Exam Correct Answer: CDE Section: 4 /Reference: QUESTION 67 Which option verifies that a wireless client has associated but is not yet authenticated to a WLAN when performing NAC using the Cisco NAC Appliance Manager and Server? A. Cisco CAM OOB Management > Devices > Discovered Clients B. Cisco CAS OOB Management > Devices > Discovered Clients C. Cisco CAM Monitor > View Online Users D. Cisco CAS Monitor > View Online Users Correct Answer: A Section: 4 /Reference: QUESTION 68 Which EAP protocol(s) can be used by a controller-based AP on Ethernet for 802.1X authentication to a switch? A. EAP-LEAP B. EAP-FAST C. EAP-PEAP D. EAP-TLS E. 802.1X and EAP are not supported on AP-wired Ethernet Correct Answer: B Section: 4

/Reference: QUESTION 69 Which option correctly lists the EAP protocol(s) that can be configured on an autonomous AP for local authentication? A. MAC "Pass Any Exam. Any Time." - www.actualtests.com 32 Cisco 642-737 Exam B. LEAP and EAP-FAST C. MAC, LEAP, and EAP-FAST D. MAC, EAP-FAST, EAP-PEAP, and EAP-TLS Correct Answer: C Section: 4 /Reference: QUESTION 70 Which two statements best describe the local authentication configuration options for a H-REAP using H-REAP groups in the Cisco WLC v7.0? (Choose two.) A. LEAP and EAP-FAST only B. LEAP, EAP-FAST, EAP-PEAP, and EAP-TLS only C. LEAP, EAP-FAST, EAP-PEAP, EAP-TLS, and EAP-MD5 D. EAP-FAST with PAC provision only E. EAP-FAST with PAC or certificate provision Correct Answer: AD Section: 4 /Reference: QUESTION 71 Cisco Client MFP is supported on which modes of LWAPP and CAPWAP APs? A. Local, H-REAP, and Bridge B. Local, H-REAP, and Monitor C. Local, H-REAP, and Rogue Detector D. Sniffer, H-REAP, and Bridge Correct Answer: A Section: 4 /Reference: QUESTION 72 Which three RADIUS IETF attributes should be enabled on the Cisco Secure ACS v4.2 when implementing IBN

for VLAN assignment to the Cisco WLC v7.0? (Choose three.) "Pass Any Exam. Any Time." - www.actualtests.com 33 Cisco 642-737 Exam A. [064] Tunnel-Type B. [065] Tunnel-Medium-Type C. [066] Tunnel-Client-Endpoint D. [067] Tunnel-Server-Endpoint E. [069] Tunnel-Password F. [081] Tunnel-Private-Group-ID G. [082] Tunnel-Private-User-ID Correct Answer: ABF Section: 4 /Reference: QUESTION 73 Which answer best describes the implementation of IBN using the Cisco WLC v7.0 and Cisco Secure ACS v4.2? A. Configure the ACS for AAA override and attributes. Configure the WLC for RADIUS server. B. Configure the ACS for AAA override and attributes. Configure the WLC for RADIUS server and attributes. C. Configure the ACS for attributes. Configure the WLC for RADIUS server and AAA override. D. Configure the ACS for attributes. Configure the WLC for RADIUS server, AAA override, and attributes. Correct Answer: D Section: 4 /Reference: QUESTION 74 What are the two must commonly used RADIUS (Cisco Airespace) attributes that are configured in the Cisco Secure ACS v4.2 for IBN implementation with the Cisco WLC v7.0? (Choose two.) A. QoS level B. DSCP C. 802.1P tag D. security type E. ACL name F. EAP type G. NAC state "Pass Any Exam. Any Time." - www.actualtests.com 34 Cisco 642-737 Exam Correct Answer: AE Section: 5 /Reference:

QUESTION 75 How should the Cisco Secure ACS v4.2 and the Cisco WLC v7.0 be configured to support wireless client authentication? A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace) B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF) C. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace) D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS) Correct Answer: A Section: 5 /Reference: QUESTION 76 When using a controller-based AP network, which type of entry is configured in the Cisco Secure ACS? A. AAA client using the AP IP address B. AAA server using the AP IP address C. AAA client using the WLC IP address D. AAA server using the WLC IP address Correct Answer: A Section: 5 /Reference: QUESTION 77 Which two entries can be used in the Cisco Secure ACS AAA network configuration setup for IP address 192.168.1.1 to provide RADIUS authentication for the network node? (Choose two.) "Pass Any Exam. Any Time." - www.actualtests.com 35 Cisco 642-737 Exam A. 192.168.1.1-10 B. 192.168.1.0 C. 192.168.1.0 0.0.0.255 D. 192.168.1.255 E. 192.168.1.* Correct Answer: AE Section: 5 /Reference: QUESTION 78 In which three places can certificates be used in a WLAN to provide secure communications? (Choose three.) A. between client and AP B. between AP and WLC

C. between client and WLC D. between client and RADIUS server E. between WLC and RADIUS server Correct Answer: BCD Section: 5 /Reference: QUESTION 79 Which two EAP type(s) require a client certificate? (Choose two.) A. LEAP B. PEAP C. EAP-FAST D. EAP-TLS E. EAP-MD5 Correct Answer: CD Section: 5 /Reference: QUESTION 80 "Pass Any Exam. Any Time." - www.actualtests.com 36 Cisco 642-737 Exam What is the maximum number of ACLs that can be applied to a Cisco WLC v7.0 interface? A. 1 B. 16 C. 32 D. 64 Correct Answer: A Section: 5 /Reference: QUESTION 81 Refer to the exhibit.

What does this Cisco Secure ACS v4.2 log indicate? A. The WLC is not configured as a client in the Cisco Secure ACS. B. The WLC is not configured as a server in the Cisco Secure ACS. C. Incorrect authentication exists between the WLC and Cisco Secure ACS. D. The wireless client is not configured as a client in the Cisco Secure ACS. E. Incorrect authentication exists between the wireless client and Cisco Secure ACS. Correct Answer: C Section: 5 /Reference: QUESTION 82 "Pass Any Exam. Any Time." - www.actualtests.com 37 Cisco 642-737 Exam Refer to the exhibit.

Why is the client failing to authenticate with the AAA server? A. excessive number of authentication attempts for username B. incorrect read/write credentials for username C. incorrect IP address being sent by client D. incorrect authentication for username Correct Answer: D Section: 5 /Reference: QUESTION 83 The Cisco NAC Guest Server has integration with which two other Cisco devices to support guest services? (Choose two.) A. Cisco NAC Appliance Agent B. Cisco NAC Appliance Server C. Cisco NAC Appliance Manager D. Cisco NAC Profiler E. Cisco WLC F. Cisco WCS

Correct Answer: CE Section: 5 /Reference: "Pass Any Exam. Any Time." - www.actualtests.com 38 Cisco 642-737 Exam QUESTION 84 Which statement about the Cisco NAC Guest Server that is deployed in wireless guest access implementations is true? A. The Cisco NAC Guest Server integrates with the Cisco WCS through the RADIUS protocol. B. The Cisco NAC Guest Server can be used in place of Cisco WCS Lobby Ambassador functionality for guest provisioning and reporting. The Cisco WCS is still needed for WLAN management. C. The Cisco WLC acts as the guest accounts provisioning portal, and the Cisco NAC Guest Server acts as the captive portal capturing web requests from preassigned "guest ports" and requesting authentication. D. Guest accounts on the Cisco NAC Guest Server can be created using the Cisco WCS Lobby Ambassador feature. Correct Answer: B Section: 5 /Reference: QUESTION 85 What is the default authentication protocol that is used for web authentication? A. MD5-CHAP B. CHAP C. PAP D. LEAP Correct Answer: C Section: 5 /Reference: QUESTION 86 A wireless client has a browser with a manually configured proxy. The Cisco WLC v7.0 has been configured for basic WLAN Layer 3 web pass through with the remaining default configuration. Which two statements are true when the client attempts to connect to a WLAN for guest access using web authentication? (Choose two.) "Pass Any Exam. Any Time." - www.actualtests.com 39 Cisco 642-737 Exam A. The WLC allows access if the client is requesting a globally resolvable DNS address. B. The WLC allows access if it is configured for WebAuth Proxy. C. The WLC allows access for a client request to ports 80 or 8080 only. D. Access requires DHCP with option 252. E. Access requires DHCP with option 150.

Correct Answer: BD Section: 5 /Reference: QUESTION 87 "Pass Any Exam. Any Time." - www.actualtests.com 40 Cisco 642-737 Exam What does the eping mobility_peer_ip_address command do? A. It tests EoIP connectivity via port 97 though the management interface. B. It tests EoIP connectivity via port 97 though the AP manager interface. C. It tests UDP connectivity via port 16666 through the management interface. D. It tests UDP connectivity via port 16666 through the AP manager interface. Correct Answer: A Section: 5 /Reference: QUESTION 88 Which two things should you verify if the Cisco NAC Guest Server is configured on the network and the client cannot access the guest network? (Choose two.) A. The controller can ping the Cisco NAC Guest Server. B. The controller can mping and eping the Cisco NAC Guest Server. C. AAA override is enabled on the guest WLAN. D. Controllers and the Cisco NAC Guest Server are in the same mobility group. Correct Answer: AC Section: 5 /Reference: QUESTION 89 Given a proper configuration of the Cisco WLC v7.0, what is the default username, password, and enable password to remotely access an associated AP? "Pass Any Exam. Any Time." - www.actualtests.com 42 Cisco 642-737 Exam A. admin, admin, and Cisco B. admin, cisco, and Cisco C. none, cisco, and Cisco D. none, Cisco, and Cisco E. Cisco, Cisco, and Cisco F. lightweight APs do not allow remote access Correct Answer: E Section: 6

/Reference: QUESTION 90 Which three products are required to produce Cisco Clean Air Security reports? (Choose three.) A. WLC v7.0 B. WCS v7.0 C. MSE v7.0 D. Spectrum Expert v4.0 E. 1260 AP F. 3500 AP Correct Answer: ABF Section: 6 /Reference: "Pass Any Exam. Any Time." - www.actualtests.com 43 Cisco 642-737 Exam QUESTION 91 Which four conditions can be used in rules to classify rogue APs on a Cisco WLC v7.0? (Choose four.) A. managed SSID B. RSSI C. EAP type D. no encryption E. encryption method F. duration Correct Answer: ABDF Section: 6 /Reference: QUESTION 92 Refer to the exhibit.

"Pass Any Exam. Any Time." - www.actualtests.com 44 Cisco 642-737 Exam A WLAN with the SSID "Enterprise" is configured. Which rogue will be marked as malicious? A. a rogue with no clients, broadcasting the SSID "Enterprise" heard at -50dBm B. a rogue with two clients, broadcasting the SSID "Employee" heard at -50dBm C. a rogue with two clients, broadcasting the SSID "Enterprise" heard at -50dBm D. a rouge with two clients, broadcasting the SSID "Enterprise" heard at -80dBm Correct Answer: C Section: 6 /Reference: QUESTION 93 Which two situations permit the Cisco WCS v7.0 to successfully trace a rogue to a switch port? (Choose two.) A. The rogue is broadcasting an infrastructure SSID. B. The rogue has a client that is associated. C. The wired MAC address of the rogue is equal to or +1/-1 of the wireless MAC address of the rogue. D. The rogue is on the same switch as a CAPWAP AP. E. The rogue has been identified using RLDP. Correct Answer: BC Section: 6 /Reference: QUESTION 94 Which device performs the enforcement of posture assessment for a wireless client when implementing a NAC

appliance solution? A. Cisco NAC Guest Server B. Cisco Secure Access Control System C. Cisco 802.1X supplicant D. Cisco NAC Appliance Agent E. Cisco NAC Appliance Manager F. Cisco NAC Appliance Server G. Cisco IPS Appliance "Pass Any Exam. Any Time." - www.actualtests.com 46 Cisco 642-737 Exam Correct Answer: F Section: 6 /Reference: QUESTION 95 Which device provides IDS and IPS protection in a Cisco Unified Wireless Network against wireless clients with viruses and worms? A. Cisco NAC Guest Server B. Cisco Secure Access Control System C. Cisco WLC D. Cisco WCS E. Cisco NAC Appliance Manager F. Cisco NAC Appliance Server G. Cisco IPS Appliance Correct Answer: G Section: 6 /Reference: QUESTION 96 Which protocol port(s) need open access for communication between the MSE and WLC? A. UDP 16666 and 16667 B. UDP 5247 and 5264 C. UDP 161 and 162 D. UDP 16113 E. TCP 16113 Correct Answer: E Section: 6 /Reference: QUESTION 97

IPS appliance traffic monitoring has been configured in a Cisco WLC v7.0 with default parameters. Which statement correctly describes the results when malicious traffic is detected from a wireless client? A. The WLC immediately notifies the IPS appliance. B. The IPS appliance immediately notifies the WLC. C. The WLC polls the IPS for the status every 60 seconds. D. The IPS initiates updates to the WLC every 60 seconds. Correct Answer: C Section: 6 /Reference: QUESTION 98 When deploying wips, which protocol is used to communicate between the Cisco WLC v7.0 and the MSE? A. SNMP B. HTTPS C. CAPWAP D. SOAP and XML E. NMSP Correct Answer: E Section: 6 /Reference: "Pass Any Exam. Any Time." - www.actualtests.com 48 Cisco 642-737 Exam QUESTION 99 DRAG DROP Drop Click and drag the WLAN Qos level on the left to its intended usage on the right. A. B. C. D.

Correct Answer: Section: 6 /Reference: QUESTION 100 DRAG DROP Drop Click and drag the communication method on the left to its correct usage on right for Adaptive WIPS Operations. A. B.

C. D. Correct Answer: Section: 6 /Reference: "Pass Any Exam. Any Time." - www.actualtests.com 50 Cisco 642-737 Exam http://www.gratisexam.com/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback