Cisco Questions & Answers

Similar documents
Cisco Exactexams Questions & Answers

Cisco Actualtests Exam Questions & Answers

CertifyMe. CISCO EXAM QUESTIONS & ANSWERS

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo

Certkiller q. Cisco Implementing Advanced Cisco Unified Wireless Security v2.0

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Cisco Exam Questions & Answers

ITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!

Securing Cisco Wireless Enterprise Networks ( )

Cisco Exam Questions & Answers

FortiNAC. Cisco Airespace Wireless Controller Integration. Version: 8.x. Date: 8/28/2018. Rev: B

Deployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1

Vendor: Cisco. Exam Code: Exam Name: Implementing Cisco Secure Access Solutions. Version: Demo

Cisco EXAM Implementing Cisco Unified Wireless Networking Essentials (IUWNE) Buy Full Product.

COPYRIGHTED MATERIAL. Contents

P ART 3. Configuring the Infrastructure

Configuring FlexConnect Groups

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

DumpsFree. DumpsFree provide high-quality Dumps VCE & dumps demo free download

Configuring FlexConnect Groups

Securing Wireless LAN Controllers (WLCs)

ISE Primer.

Configuring Hybrid REAP

TestsDumps. Latest Test Dumps for IT Exam Certification

PrepKing. PrepKing

Template information can be overridden on individual devices.

Real4Test. Real IT Certification Exam Study materials/braindumps

Configuring OfficeExtend Access Points

ISE Version 1.3 Self Registered Guest Portal Configuration Example

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

Symbols. Numerics I N D E X

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

LAB: Configuring LEAP. Learning Objectives

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Template information can be overridden on individual devices.

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Cisco Exam Securing Wireless Enterprise Networks Version: 7.0 [ Total Questions: 53 ]

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Cisco Passguide Exam Questions & Answers

Troubleshooting Web Authentication on a Wireless LAN Controller (WLC)

Secure Wireless LAN Design and Deployment

Numerics INDEX. AAA AAA mode active sessions AP/MSE Authorization 9-91 General 9-84 LDAP Servers 9-87

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Securing Wireless Enterprise Networks.

Configuring Layer2 Security

CCIE Wireless v3 Lab Video Series 1 Table of Contents

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Deploying Cisco Wireless Enterprise Networks. Version 1.

Wireless LAN Controller Web Authentication Configuration Example

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

CertifyMe. CertifyMe

FAQ on Cisco Aironet Wireless Security

Cisco Exam Questions & Answers

Cisco Exam Troubleshooting Cisco Wireless Enterprise Networks Version: 7.0 [ Total Questions: 60 ]

Cisco ISE Ports Reference

Guest Access User Interface Reference

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Juniper Exam JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC) Version: 7.0 [ Total Questions: 222 ]

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

Architecting Network for Branch Offices with Cisco Unified Wireless Karan Sheth Sr. Technical Marketing Engineer

Cisco ISE Ports Reference

Cisco Certification Exam

Managing Rogue Devices

Configuring NAC Out-of-Band Integration

Index Numerics Cisco Wireless Control System Configuration Guide OL IN-1

Cisco ISE Ports Reference

Cisco.Actualtests v by.Ralph.174.vce

I N D E X 9-2 Numerics , ,

CertKiller q

Cisco Network Admission Control (NAC) Solution

Securing Wireless LANs

CISCO EXAM QUESTIONS & ANSWERS

PrepKing. PrepKing

Cisco Deploying Basic Wireless LANs

RADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions

Cisco.Actualtests v by.Ralph.174.vce

Configuring the WMIC for the First Time

Architecting Network for Branch Offices with Cisco Unified Wireless

Wireless LAN Security & Threat Mitigation

Support Device Access

Cisco Exam Questions & Answers

Number: Passing Score: 800 Time Limit: 120 min File Version: Vendor: Cisco. Exam Code:

Central Web Authentication on the WLC and ISE Configuration Example

Wireless LAN Controller (WLC) Design and Features FAQ

CiscoWorks Wireless LAN Solution Engine Express 2.13

Cisco Wireless LAN Controller Configuration Guide

Integrating Meraki Networks with

Implementing Cisco Unified Wireless Networking Essentials Volume 1

ForeScout CounterACT. Configuration Guide. Version 1.8

Support Device Access

Mobility Groups. Information About Mobility

Q&As. Implementing Cisco Unified Wireless Voice Networks (IUWVN) v2.0. Pass Cisco Exam with 100% Guarantee

FortiNAC. Aerohive Wireless Access Point Integration. Version 8.x 8/28/2018. Rev: E

The following chart provides the breakdown of exam as to the weight of each section of the exam.

CertifyMe. CertifyMe

CISCO EXAM QUESTIONS & ANSWERS

2012 Cisco and/or its affiliates. All rights reserved. 1

Transcription:

Cisco 642-737 Questions & Answers Number: 642-737 Passing Score: 800 Time Limit: 120 min File Version: 25.6 http://www.gratisexam.com/ Cisco 642-737 Questions & Answers Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0 For Full Set of Questions please visit: http://www.certkey.com/642-737.html Sections 1. 1 2. 2 3. 3 4. 4 5. 5 6. 6

Certkey QUESTION 1 Which statement describes the major difference between PEAP and EAP-FAST client authentication? A. EAP-FAST requires a backend AAA server, and PEAP does not. B. EAP-FAST is a Cisco-only proprietary protocol, whereas PEAP is an industry-standard protocol. C. PEAP requires a server-side certificate, while EAP-FAST does not require certificates. D. PEAP authentication protocol requires a client certificate, and EAP-FAST requires a secure password. Correct Answer: C /Reference: : QUESTION 2 What are the four packet types that are used by EAP? (Choose four.) A. EAP Type B. EAP Request C. EAP Identity D. EAP Response E. EAP Success F. EAP Failure G. EAP Authentication Correct Answer: BDEF /Reference: : QUESTION 3 When a supplicant and AAA server are configured to use PEAP, which mechanism is used by the client to authenticate the AAA server in Phase One? A. PMK B. shared secret keys C. digital certificate D. PAC Correct Answer: C /Reference: : QUESTION 4 What are two of the benefits that the Cisco AnyConnect v3.0 provides to the administrator for client WLAN security configuration? (Choose two.)

A. Provides a reporting mechanism for rouge APs B. Prevents a user from adding any WLANs C. Hides the complexity of 802.1X and EAP configuration D. Supports centralized or distributed client architectures E. Provides concurrent wired and wireless connectivity F. Allows users to modify but not delete admin-created profiles Correct Answer: CD /Reference: : QUESTION 5 When using the Standalone Profile Editor in the Cisco AnyConnect v3.0 to create a new NAM profile, which two statements describe the profile becoming active? (Choose two.) http://www.gratisexam.com/ A. selects the new profile from NAM B. selects "Network Repair" from NAM C. becomes active after a save of the profile name D. ensures use of "configuration.xml" as the profile name E. ensures use of "config.xml" as the profile name F. ensures use of "nam.xml" as the profile name Correct Answer: BD /Reference: : QUESTION 6 Which three parameters can be communicated between a Cisco WLC v7.0 and Cisco Compatible Extensions v4-enabled client to improve a secure roaming connection? (Choose three.) A. minimum SNR B. transition time C. scan threshold D. hysteresis E. PER F. MIC errors Correct Answer: BCD

/Reference: : QUESTION 7 Which three Cisco WLC v7.0 CLI family of commands would be appropriate to troubleshoot a wireless client failure for connection to an AP? (Choose three.) A. debug capwap B. debug mac addr C. debug ccxdiag D. debug dhcp E. debug ap F. debug dtls G. debug aaa Correct Answer: BDG /Reference: : QUESTION 8 What is the best method to verify AP parameters that are seen from a wireless client? A. WCS debug commands B. ACS log files C. WCS show commands D. AP debug commands E. packet analyzers Correct Answer: E /Reference: : QUESTION 9 Employees are allowed to start bringing their own wireless devices to work for use on the 802.11a/b/g/n WLAN when using their existing credentials. However, they are experiencing issues. Which two items are the most probable cause of these issues? (Choose two.) A. incorrect IP address B. supplicant or driver C. incorrect user name D. wrong wireless band E. application issues Correct Answer: BE /Reference:

: QUESTION 10 Which two options are supported when deploying wireless NAC out-of-band implementations? (Choose two.) A. Cisco NAS in virtual gateway mode B. WLANs with allow AAA override enabled C. Cisco NAC Guest Server integration with the Cisco NAM D. dynamic VLAN mappings on the Cisco NAS, which is based on the returned RADIUS attributes from the Cisco Secure ACS E. autonomous APs Correct Answer: AC /Reference: : QUESTION 11 When deploying wireless Cisco NAC OOB operations, which appliance performs VLAN mappings to map the quarantine VLANs to the access VLANs? A. Cisco NAC Appliance Manager B. Cisco NAC Appliance Server C. Cisco NAC Guest Server D. Cisco Wireless LAN Controller E. the Layer 3 switch that connects the Cisco WLC to the Cisco NAC appliances Correct Answer: B /Reference: : QUESTION 12 Refer to the exhibit.

Viewing the Controller > Interfaces configuration screen, which statement about the nac-vlan interface configuration is true? A. Wireless client traffic that is outbound on VLAN 176 will be switched to the trusted interface on the Cisco NAC Appliance Server. B. Wireless client traffic that is outbound on VLAN 175 will be switched to the trusted interface on the Cisco NAC Appliance Server. C. 10.10.175.1 is the IP address of the trusted interface on the Cisco NAC Appliance Server. D. 10.10.175.1 is the IP address of the untrusted interface on the Cisco NAC Appliance Server. E. VLAN 175 is the access VLAN. F. VLAN 176 traffic from the client will bypass the Cisco NAC Appliance Server. Correct Answer: E /Reference: : QUESTION 13 Which option verifies that a wireless client has authenticated to a WLAN when performing NAC using the Cisco NAC Appliance Manager and Server? A. Cisco CAM OOB Management > Devices > Discovered Clients

B. Cisco CAS OOB Management > Devices > Discovered Clients C. Cisco CAM Monitor > View Online Users D. Cisco CAS Monitor > View Online Users Correct Answer: C /Reference: : QUESTION 14 802.1X AP supplicant credentials have been enabled and configured on a Cisco WLC v7.0 in both the respective Wireless>AP>Global Configuration location and AP>Credentials tab locations. What describes the 802.1X AP authentication process when connected via Ethernet to a switch? A. Only WLC AP global credentials are used. B. Only AP credentials are used. C. WLC global AP credentials are used first; upon failure, the AP credentials are used. D. AP credentials are used first; upon failure, the WLC global credentials are used. Correct Answer: B /Reference: : QUESTION 15 Client Management Frame Protection is supported on which Cisco Compatible Extensions version clients? A. v2 and later B. v3 and later C. v4 and later D. v5 only Correct Answer: D Section: 2 /Reference: : QUESTION 16 Which three items must be configured on a Cisco WLC v7.0 to allow implementation of isolated bonding network? (Choose three.) A. RADIUS server IP address B. DHCP IP address C. SNMP trap receiver IP address D. interface name E. SNMP community name F. ACL name Correct Answer: ADF

Section: 2 /Reference: : QUESTION 17 How do you configure the Cisco Secure ACS v4.2 and Cisco WLC v7.0 to provide the most flexibility for the management of authorized access on the WLC? A. Local management user defined on the WLC B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace) C. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF) D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace) E. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS) Correct Answer: E Section: 2 /Reference: : QUESTION 18 The Cisco WLC v7.0 is configured for external 802.1X and EAP by using the WPA2 association of wireless clients when using the Cisco Secure ACS v4.2. Which two items are required in the Cisco Secure ACS network configuration to enable correct AAA? (Choose two.) A. AP IP address B. WLC virtual IP address C. WLC management IP address D. WLC AP management IP address E. hostname matching the WLC case-sensitive name F. authentication using RADIUS G. authentication using TACACS+ Correct Answer: CF Section: 2 /Reference: : QUESTION 19 Configuring the Cisco Secure ACS with a self-signed certificate supports which requirement? A. when no user certificate is required B. when a CA-signed certificate is required for the user C. when a self-signed certificate Class 4 is required for the user D. when a self-signed certificate Class 0 is required for the user Correct Answer: A Section: 2

/Reference: : QUESTION 20 Refer to the exhibit. What does this Cisco Secure ACS v4.2 log indicate? A. The WLC is not configured as a client in the Cisco Secure ACS. B. The WLC is not configured as a server in the Cisco Secure ACS. C. Incorrect authentication exists between the WLC and Cisco Secure ACS. D. The wireless client is not configured as a client in the Cisco Secure ACS. E. Incorrect authentication exists between the wireless client and Cisco Secure ACS. Correct Answer: A Section: 2 /Reference: : QUESTION 21 Authentication is failing between a client and the RADIUS server. Which WLC troubleshooting command set might be useful to assist in troubleshooting the issue? A. show local-auth B. debug ldap C. debug aaa local-auth D. debug dot1x event Correct Answer: D Section: 2

/Reference: : QUESTION 22 Which two statements about the sponsor accounts on the Cisco NAC Guest Server are true? (Choose two.) A. The sponsor login to the Cisco NAC Guest Server is at https://ngs-ip-address/admin to create, view, and edit guest accounts. B. The Cisco NAC Guest Server can authenticate the sponsors using the local database or via Microsoft Active Directory or LDAP or RADIUS servers. C. Sponsoring user groups is the method by which to assign permissions to the sponsors. D. Guest roles provide a way to give different levels of access to different sponsor accounts. E. Sponsor accounts require admin privileges to generate reports. Correct Answer: BC Section: 2 /Reference: : QUESTION 23 Which two statements are true about configuring a wired guest LAN feature? (Choose two.) A. Create a WLAN on the anchor controller only B. Select the management interface as the egress interface to reach the anchor controller C. Require an anchor controller to implement D. Select the interface that you created as the guest LAN interface in the ingress interface menu E. Configure on any controller from version 5.2 forward Correct Answer: BD Section: 2 /Reference: : QUESTION 24 Refer to the exhibit.

What is the 1.1.1.1 IP address? A. the controller virtual interface IP address B. the controller management IP address C. the controller AP-manager IP address D. the RADIUS server IP address E. the lightweight AP IP address F. the wireless client IP address Correct Answer: A Section: 2 /Reference: : QUESTION 25 Which two descriptions of mpings and epings are true? (Choose two.) A. mpings run over UDP port 16666. B. mpings run over UDP port 16667, and epings run over port 16666. C. epings run over EoIP. D. mpings test mobility data packet reachability, and epings test mobility control packet reachability. E. mpings run over the management interface, and epings run over the virtual interface. F. mpings and epings are useful tools for troubleshooting WLC-to-AP communications. Correct Answer: AC Section: 2 /Reference: : QUESTION 26 Which one of the options is responsible for multiple requirements for account data protection such as with credit cards? A. ISO B. IEEE C. IETF D. Wi-Fi Alliance E. PCI F. HIPAA G. GLBA Correct Answer: E Section: 3 /Reference: : QUESTION 27 A Cisco WLC v7.0 has been only initially configured through the console setup CLI wizard. A new AP has just

finished association with the controller. What is the default mode of remote access to the AP? A. HTTPS B. HTTP C. SSH D. Telnet E. access is disabled Correct Answer: E Section: 3 /Reference: : QUESTION 28 The Cisco Unified Wireless Network solution, which is based on version 7.0, provides which three wired-side tracing techniques? (Choose three.) A. switch port tracing B. adaptive wips C. RLDP D. autocontainment E. rogue detector F. H-REAP Correct Answer: ACE Section: 3 /Reference: : QUESTION 29 Which wireless attack can cause most client wireless adapters to lock up? A. management frame flood B. NULL probe response C. EAPOL flood D. RF jamming E. disassociation flood F. deauthentication flood Correct Answer: B Section: 3 /Reference: : QUESTION 30 Which device performs the definition of rules and requirements for posture assessment of a wireless client when implementing a NAC appliance solution? A. Cisco NAC Guest Server

B. Cisco Secure Access Control System C. Cisco 802.1X supplicant D. Cisco NAC Appliance Agent E. Cisco NAC Appliance Manager F. Cisco NAC Appliance Server G. Cisco IPS Appliance Correct Answer: E Section: 3 /Reference: : QUESTION 31 Which NAC component performs device compliance checks as users attempt to access the network? A. Cisco NAC Guest Server B. Cisco Secure Access Control System C. Cisco 802.1X supplicant D. Cisco NAC Appliance Agent E. Cisco NAC Appliance Manager F. Cisco NAC Appliance Server G. Cisco IPS Appliance Correct Answer: D Section: 3 /Reference: : QUESTION 32 Which two firewall protocol port(s) need open access for secure management access to an anchor WLC for guest access? (Choose two.) A. TCP 22 B. TCP 23 C. TCP 80 D. TCP 8080 E. TCP 443 F. UDP 123 Correct Answer: AE Section: 3 /Reference: : QUESTION 33 How is the MSE enabled to support wips service? A. CLI console or SSH session with the MSE

B. HTTPS with the MSE C. HTTPS with the Cisco WCS to enable the MSE and WLC(s) D. HTTPS with WLC(s) to enable locally and the IP address of MSE Correct Answer: C Section: 3 /Reference: : QUESTION 34 Which key is used to encrypt unicast traffic between the supplicant and the AP after EAP authentication has completed? A. PMK B. GTK C. PTK D. OKC E. PSK Correct Answer: C Section: 3 /Reference: : QUESTION 35 When using the Microsoft WLAN AutoConfig feature, which 802.1X authentication method is not supported natively by Windows 7? A. EAP-TLS B. EAP-FAST C. PEAP with MS-CHAPv2 D. PEAP with GTC Correct Answer: B Section: 3 /Reference: : QUESTION 36 What are the three methods that a Cisco AnyConnect v3.0 profile can be applied to a client device? (Choose three.) A. Cisco ASA version 8.2 and later can instruct users to open a specific page on the ASA web interface, from where NAM and user profiles can be downloaded. B. The DHCP option for using a TFTP server automates where NAM and user profiles can be downloaded. C. The administrator can manually copy the profile to the correct location on the client PC. D. The administrator can also use the predeploy installer (MSI on Windows) with the generated profiles. E. When loaded, the Posture Module can verify and request the user to load the latest profile. F. The administrator can use the Cisco AnyConnect v3.0 server feature to allow clients to authenticate with the

AAA server and then download the appropriate profile to their client PC. Correct Answer: ACD Section: 4 /Reference: : QUESTION 37 Which statement correctly describes the usage of the debug command in a Cisco Unified Wireless Network? A. Debug is enabled until manual shut off. B. Debug is available on the WLC serial console and web interface. C. Debug is a restricted command and is not available in the AP CLI. D. Debug is a message logging severity 7. Correct Answer: D Section: 4 /Reference: : http://www.gratisexam.com/ QUESTION 38 Employees are allowed to starting bringing their own laptops to work. Which option can help provide a temporal user device vulnerability check when using the Java applet or ActiveX? A. Cisco NAC Server B. Cisco NAC Guest Server C. Cisco NAC Manager D. Cisco NAC Windows Agent E. Cisco NAC Web Agent F. Cisco ACS Correct Answer: E Section: 4 /Reference: : QUESTION 39 When deploying wireless Cisco NAC OOB operations, which device signals the WLC to switch a user from a quarantine VLAN to an access VLAN? A. Cisco NAC Appliance Manager

B. Cisco NAC Appliance Server C. Cisco NAC Guest Server D. Cisco ACS E. Cisco WCS Correct Answer: A Section: 4 /Reference: : QUESTION 40 When do NAC out-of-band deployments require user traffic to traverse through the Cisco NAC Server? A. posture assessment only B. 802.1X and EAP authentication and remediation C. posture assessment and remediation D. 802.1X and EAP authentication, posture assessment, and remediation Correct Answer: C Section: 4 /Reference: : QUESTION 41 For wireless NAC out-of-band operations, which protocol is used between the Cisco NAC Appliance Manager and the wireless controller to switch the wireless client from the quarantine VLAN to the access VLAN after the client has passed the NAC authentication and posture assessment process? A. RADIUS B. TACACS+ C. SNMP D. SSL E. EAP Correct Answer: C Section: 4 /Reference: : QUESTION 42 Which option verifies that a wireless client has associated but is not yet authenticated to a WLAN when performing NAC using the Cisco NAC Appliance Manager and Server? A. Cisco CAM OOB Management > Devices > Discovered Clients B. Cisco CAS OOB Management > Devices > Discovered Clients C. Cisco CAM Monitor > View Online Users D. Cisco CAS Monitor > View Online Users Correct Answer: A

Section: 4 /Reference: : QUESTION 43 Which option correctly lists the EAP protocol(s) that can be configured on an autonomous AP for local authentication? A. MAC B. LEAP and EAP-FAST C. MAC, LEAP, and EAP-FAST D. MAC, EAP-FAST, EAP-PEAP, and EAP-TLS Correct Answer: C Section: 4 /Reference: : QUESTION 44 Cisco Client MFP is supported on which modes of LWAPP and CAPWAP APs? A. Local, H-REAP, and Bridge B. Local, H-REAP, and Monitor C. Local, H-REAP, and Rogue Detector D. Sniffer, H-REAP, and Bridge Correct Answer: A Section: 4 /Reference: : QUESTION 45 What are the two must commonly used RADIUS (Cisco Airespace) attributes that are configured in the Cisco Secure ACS v4.2 for IBN implementation with the Cisco WLC v7.0? (Choose two.) A. QoS level B. DSCP C. 802.1P tag D. security type E. ACL name F. EAP type G. NAC state Correct Answer: AE Section: 5 /Reference: :

QUESTION 46 How should the Cisco Secure ACS v4.2 and the Cisco WLC v7.0 be configured to support wireless client authentication? A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace) B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF) C. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace) D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS) Correct Answer: A Section: 5 /Reference: : QUESTION 47 In which three places can certificates be used in a WLAN to provide secure communications? (Choose three.) A. between client and AP B. between AP and WLC C. between client and WLC D. between client and RADIUS server E. between WLC and RADIUS server Correct Answer: BCD Section: 5 /Reference: : QUESTION 48 Which two EAP type(s) require a client certificate? (Choose two.) A. LEAP B. PEAP C. EAP-FAST D. EAP-TLS E. EAP-MD5 Correct Answer: CD Section: 5 /Reference: : QUESTION 49 Refer to the exhibit.

Why is the client failing to authenticate with the AAA server? A. excessive number of authentication attempts for username B. incorrect read/write credentials for username C. incorrect IP address being sent by client D. incorrect authentication for username Correct Answer: D Section: 5 /Reference: : QUESTION 50 Which statement about the Cisco NAC Guest Server that is deployed in wireless guest access implementations is true? A. The Cisco NAC Guest Server integrates with the Cisco WCS through the RADIUS protocol. B. The Cisco NAC Guest Server can be used in place of Cisco WCS Lobby Ambassador functionality for guest provisioning and reporting. The Cisco WCS is still needed for WLAN management. C. The Cisco WLC acts as the guest accounts provisioning portal, and the Cisco NAC Guest Server acts as the captive portal capturing web requests from preassigned "guest ports" and requesting authentication. D. Guest accounts on the Cisco NAC Guest Server can be created using the Cisco WCS Lobby Ambassador feature.

Correct Answer: B Section: 5 /Reference: : QUESTION 51 What is the default authentication protocol that is used for web authentication? A. MD5-CHAP B. CHAP C. PAP D. LEAP Correct Answer: C Section: 5 /Reference: : QUESTION 52 Which statement correctly describes a wireless client connection to the Cisco WLC v7.0 that is configured for web guest access? A. The client associates to the anchor controller and authenticates to the anchor controller. B. The client associates to the anchor controller and authenticates to the foreign controller. C. The client associates to the foreign controller and authenticates to the anchor controller. D. The client associates to the foreign controller and authenticates to the foreign controller. Correct Answer: C Section: 5 /Reference: : QUESTION 53 Which two things should you verify if the Cisco NAC Guest Server is configured on the network and the client cannot access the guest network? (Choose two.) A. The controller can ping the Cisco NAC Guest Server. B. The controller can mping and eping the Cisco NAC Guest Server. C. AAA override is enabled on the guest WLAN. D. Controllers and the Cisco NAC Guest Server are in the same mobility group. Correct Answer: AC Section: 5 /Reference: : QUESTION 54

A network administrator is assigning a one-to-one association for VLAN to wireless WLAN or SSID. Given the implementation of a Cisco 2500 Series controller using v7.0, how many WLANs can be created? A. 8 B. 16 C. 32 D. 64 E. 128 F. 254 G. 512 Correct Answer: B Section: 5 /Reference: : QUESTION 55 Given a proper configuration of the Cisco WLC v7.0, what is the default username, password, and enable password to remotely access an associated AP? A. admin, admin, and Cisco B. admin, cisco, and Cisco C. none, cisco, and Cisco D. none, Cisco, and Cisco E. Cisco, Cisco, and Cisco F. lightweight APs do not allow remote access Correct Answer: E Section: 6 /Reference: : QUESTION 56 What is the default security level that is used for syslog messages to a Cisco WLC v7.0-buffered log? A. Alerts B. Errors C. Warnings D. Notification E. Informational F. Disabled Correct Answer: B Section: 6 /Reference: : QUESTION 57

Refer to the exhibit. A WLAN with the SSID "Enterprise" is configured. Which rogue will be marked as malicious? A. a rogue with no clients, broadcasting the SSID "Enterprise" heard at -50dBm B. a rogue with two clients, broadcasting the SSID "Employee" heard at -50dBm C. a rogue with two clients, broadcasting the SSID "Enterprise" heard at -50dBm D. a rouge with two clients, broadcasting the SSID "Enterprise" heard at -80dBm Correct Answer: C Section: 6 /Reference: : QUESTION 58 Which two attacks represent a social engineering attack? (Choose two.) A. using AirMagnet Wi-Fi Analyzer to search for hidden SSIDs B. calling the IT helpdesk and asking for network information C. spoofing the MAC address of an employee device D. entering a business and posing as IT support staff Correct Answer: BD Section: 6 /Reference: : QUESTION 59 Which type of attack is a result of a WLAN being overwhelmed by 802.1X authentication requests?

A. NetStumbler attack B. EAPOL flood signature C. management flood signatures D. broadcast deauthentication frame signatures E. NULL probe response signatures Correct Answer: B Section: 6 /Reference: : QUESTION 60 Which device performs the enforcement of posture assessment for a wireless client when implementing a NAC appliance solution? A. Cisco NAC Guest Server B. Cisco Secure Access Control System C. Cisco 802.1X supplicant D. Cisco NAC Appliance Agent E. Cisco NAC Appliance Manager F. Cisco NAC Appliance Server G. Cisco IPS Appliance Correct Answer: F Section: 6 /Reference: : QUESTION 61 Which protocol port needs open access for the Cisco WLC v7.0 using an external AAA server for checking administrative privileges for menu access? A. UDP 1812 B. UDP 1813 C. UDP 1645 D. UDP 1646 E. TCP 49 F. TCP 443 Correct Answer: E Section: 6 /Reference: : QUESTION 62 When deploying wips, which protocol is used to communicate between the Cisco WLC v7.0 and the MSE?

A. SNMP B. HTTPS C. CAPWAP D. SOAP and XML E. NMSP Correct Answer: E Section: 6 /Reference: : http://www.gratisexam.com/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback