Page 1

Pass Cisco 300-375 Exam with Real Questions Cisco 300-375 Exam

Securing Wireless Enterprise Networks

https://www.passquestion.com/300-375.html

35% OFF on All, Including Cisco 300-375 Questions and Answers

Pass 300-375 Exam with PassQuestion Cisco 300-375 questions and answers in the first attempt.

https://www.passquestion.com/


The safer , easier way to help you pass any IT exams.

Exam

: 300-375

Title

: Securing Wireless Enterprise Networks

Version : V11.02

1 / 20


The safer , easier way to help you pass any IT exams.

1.Which two considerations must a network engineer have when planning for voice over wireless roaming? (Choose two.) A. Roaming with only 802.1x authentication requires full reauthentication. B. Full reauthentication introduces gaps in a voice conversation. C. Roaming occurs when e phone has seen at least four APs. D. Roaming occurs when the phone has reached -80 dBs or below. Answer: A,B 2.Which two 802.11 methods can be configured to protect card holder data? (Choose two.) A. CCMP B. WEP C. SSL D. TKIP E. VPN Answer: C,E 3.An engineer is changing the authentication method of a wireless network from EAP-FAST to EAPTLS. Which two changes are necessary? (Choose two.) A. Cisco Secure ACS is required. B. A Cisco NAC server is required. C. All authentication clients require their own certificates. D. The authentication server now requires a certificate. E. The users require the Cisco AnyConnect client. Answer: C,D 4.Which mobility mode must a Cisco 5508 wireless Controller be in to use the MA functionality on a cisco catalyst 3850 series switch with a cisco 550 Wireless Controller as an MC? A. classic mobility B. new mobility C. converged access mobility D. auto-anchor mobility Answer: C 5.WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network through an ACS server. For security reasons, the network engineer wants to ensure only PEAP authentication can be used. The engineer sent instructions to clients on how to configure their supplicants, but users are still in the ACS logs authentication using EAP-FAST. Which option describes the most efficient way the engineer can ensure these users cannot access the network unless the correct authentication mechanism is configured? A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices. B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST. C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only when

2 / 20


The safer , easier way to help you pass any IT exams.

the EAP authentication method is PEAP. D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN. Answer: D 6.An engineer is configuring a BYOD deployment strategy and prefers a single SSID model. Which technology is required to accomplish this configuration? A. mobility service engine B. wireless control system C. identify service engine D. Prime Infrastructure Answer: C 7.When you configure BYOD access to the network, you face increased security risks and challenges. Which challenge is resolved by deploying digital client certificates? A. managing the increase connected devices B. ensuring wireless LAN performance and reliability C. providing device choice and support D. enforcing company usage policies Answer: D 8.Scenario

TOPOLOGY

3 / 20


The safer , easier way to help you pass any IT exams.

MONITOR

WLAMS

4 / 20


The safer , easier way to help you pass any IT exams.

CONTROLLER

WIRELESS

SECURITY

Which configuration changes need to be made to allow WPA2 + PSK to operate property on the East-WLC-2504A controller? (Choose four.) A. Disable Dynamic AP Management. B. Click on the Status Enabled radio button. C. Change the Layer 3 Security to Web Policy. D. Change the WPA + WPA2 Parameters to WPA2 Policy-AES. E. Change the PSK Format to HEX. F. Change the WLAN ID.

5 / 20


The safer , easier way to help you pass any IT exams.

G. Change the VLAN Identifier. H. Change the IP Address of the Virtual interface. I. Change the SSID name of the WLAN. J. Click on the PSK radio button and add the password in the text box. Answer: B,F,I,J 9.Refer to the exhibit.

What is the 1.1.1.1 IP address? A. the wireless client IP address B. the RADIUS server IP address C. the controller management IP address D. the lightweight IP address E. the controller AP-manager IP address F. the controller virtual interface IP address Answer: F 10.A Customer is concerned about denial of service attacks that impair the stable operation of the corporate wireless network. The customer wants to purchase mobile devices that will operate on the corporate wireless network. Which IEEE standard should the mobile devices support to address the customer concerns? A. 802.11w B. 802.11k C. 802.11r D. 802.11h Answer: A 11.After receiving an alert regarding a rogue AP, a network engineer logs into Cisco Prime and looks at the floor map where the AP that detected the rogue is located. The map is synchronized with a mobility services engine that determines the rogue device is actually inside the campus. The engineer determines the rogue to be a security threat and decides to stop it from broadcasting inside the enterprise wireless network. What is the fastest way to disable the rogue? A. Go to the location the rogue device is indicated to be and disable the power. B. Create an SSID on WLAN controller resembling the SSID of the rogue to spoof it and disable clients

6 / 20


The safer , easier way to help you pass any IT exams.

from connecting to it. C. Classify the rogue as malicious in Cisco Prime. D. Update the status of the rogue in Cisco Prime to contained. Answer: C 12.An engineer is configuring client MFP. What WLAN Layer 2 security must be selected to use client MFP? A. Static WEP B. CKIP C. WPA+WPA2 D. 802 1x Answer: C 13.Which two events are possible outcomes of a successful RF jamming attack? (Choose two.) A. unauthentication association B. deauthentication multicast C. deauthentication broadcast D. disruption of WLAN services E. physical damage to AP hardware Answer: D,E 14.Which CLI command do you use on Cisco IOS XE Software to put the AP named Floor1_AP1 back in the default AP group? A. ap Floor1_AP1 ap-groupname default-group B. ap name Floor1_AP1 apgroup default-group C. ap name Floor1_AP1 ap-groupname default-group D. ap name Floor1_AP1 ap-groupname default Answer: C 15.An engineer is configuring a new mobility anchor for a WLAN on the CLI with the config wlan mobility anchor add 3 10.10.10.10 command, but the command is failing. Which two conditions must be met to be able to enter this command? (Choose two.) A. The anchor controller IP address must be within the management interface subnet. B. The anchor controller must be in the same mobility group. C. The WLAN must be enabled. D. The mobility group keepalive must be configured. E. The indicated WLAN ID must be present on the controller. Answer: A,B 16.A customer has deployed PEAP authentication with a Novell eDirectory LDAP Server. Which authentication method must be configured on the client to support this deployment? A. PEAP(EAP-MSCHAPv2) B. PEAP(EAP-TTLS) C. PEAP(EAP-GTC)

7 / 20


The safer , easier way to help you pass any IT exams.

D. PEAP(EAP-WPA) Answer: C 17.Access points at branch sites for a company are in FlexConncct mode and perform local switching, but they authenticate to the central RADIUS at headquarters. VPN connections to the headquarters have gone down, but each branch site has a local authentication server. Which three features on the wireless controller can be configured to maintain network operations if this situation reoccurs? (Choose three.) A. Put APs in FlexConnect Group for Remote Branches. B. Set Branch RADIUS as Primary. C. Put APs in AP Group Per Branch. D. Put APs in FlexConnect Group Per Branch. E. Set Branch RADIUS OS Secondary. F. Set HQ RADIUS a-s primary. Answer: A,E,F 18.Which security method does a Cisco guest wireless deployment that relies on Cisco ISE guest portal for user authentication use? A. Layer 2 and Layer 3 B. Layer 2 only C. No security methods are needed to deploy CWA D. Layer 3 only Answer: B 19.Which two options are types of MFP that can be performed? (Choose two.) A. message integrity check B. infrastructure C. client D. AES-CCMP E. RSN Answer: B,C 20.An engineer has determined that the source of an authentication issue is the client laptop. Which three items must be verified for EAP-TLS authentication? (Choose three.) A. The client certificate is formatted as X 509 version 3 B. The validate server certificate option is disabled. C. The client certificate has a valid expiration date. D. The user account is the same in the certificate. E. The supplicant is configured correctly. F. The subject key identifier is configured correctly. Answer: A,D,F 21.An engineer requires authentication for WPA2 that will use fast rekeying to enable clients to roam from one access point to another without going through the controller.

8 / 20


The safer , easier way to help you pass any IT exams.

Which security option should be configured? A. PSK B. AES C. Cisco Centralized key Management D. 802.1x Answer: C 22.Refer to the exhibit.

A customer is having problems with clients associating to me wireless network. Based on the configuration, which option describes the most likely cause of the issue? A. Both AES and TKIP must be enabled B. SA Query Timeout is set too low C. Comeback timer is set too low D. PME is set to "required" E. MAC Filtering must be enabled Answer: E 23.CORRECT TEXT

9 / 20


The safer , easier way to help you pass any IT exams.

10 / 20


The safer , easier way to help you pass any IT exams.

11 / 20


The safer , easier way to help you pass any IT exams.

12 / 20


The safer , easier way to help you pass any IT exams.

Answer: Please refer the link below in Explanation to configure this simulation. Explanation: Use this link to configure all the steps for this simulation: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116880-configwpa2-psk-00.html 24.Which Cisco feature must an engineer configure on a cisco WLC to enable PCI specification compliance for communication of neighbor radio information? A. RF Grouping B. MFP C. Rogue Access Point Detection D. RRM NDP E. Off Channel Scanning Answer: D

13 / 20


The safer , easier way to help you pass any IT exams.

25.MFP is enabled globally on a WLAN with default settings on single controller wireless network. Older client devices are disconnected from the network during a deauthentication attack. What is the cause of this issue? A. The client devices do not support WPA. B. The client devices do not support CCXv5. C. The MFP on the WLAN is set to optional D. The NTP server is not configured on the controller. Answer: C 26.An engineer must enable EAP on a new WLAN and is ensuring that the necessary components are available. Which component uses EAP and 802.1x to pass user authentication to the authenticator? A. AP B. AAA server C. supplicant D. controller Answer: D 27.Which three configuration steps are necessary on the WLC when implementing central web authentication in conjunction with Cisco ISE. (Choose three.) A. Set P2P Blocking Action to Drop. B. Enable Security Layer 3 Web Policy. C. Set NAC state to SNMP NAC. D. Enable Allow AAA override. E. Enable Security Layer 2 MAC Filtering. F. Set NAC state to RADIUS NAC. Answer: D,E,F 28.Refer to the exhibit.

A WLAN with the SSID "Enterprise" is configured. Which rogue is marked as malicious? A. a rogue with two clients, broadcasting the SSID "Employee" heard at -50 dBm B. a rogue with no clients, broadcasting the SSID "Enterprise" heard at -50 dBm

14 / 20


The safer , easier way to help you pass any IT exams.

C. a rouge with two clients, broadcasting the SSID "Enterprise" heard at -80 dBm D. a rogue with two clients, broadcasting the SSID "Enterprise" heard at -50 dBm Answer: C 29.Which option describes the purpose of configuring switch peer groups? A. enforces RF profiles B. enables location services C. restricts roaming traffic to certain switches D. allows template based configuration changes Answer: C 30.Which of the following user roles can access CMX Visitor Connect? A. Administrator B. Power User C. Guest User D. Super Administrator Answer: A 31.On which two ports does the RADIUS server maintain a database and listen for incoming authentication and accounting requests? (Choose two.) A. UDP 1900 B. UDP port 1812 C. TCP port 1812 D. TCP port 1813 E. UDP port 1813 Answer: B,E 32.Which command is an SNMPv3-specific command that an engineer can use only in Cisco IOS XE? A. snmp-server user remoteuser1 group1 remote 10.12.0.4 B. snmp-server host 172.16.1.33 public C. snmp-server community comaccess ro 4 D. snmp-server enable traps wireless Answer: A 33.An engineer must provide a graphical trending report of the total number of wireless clients on the network. Winch report provides the required data? A. Client Summary B. Posture Status Count C. Client Traffic Stream Metrics D. Mobility Client Summary Answer: D 34.When a wireless client uses WPA2 AES, which keys are created at the end of the four way handshake

15 / 20


The safer , easier way to help you pass any IT exams.

process between the client and the access point? A. AES key, TKIP key, WEP key B. AES key, WPA2 key, PMK C. KCK, KEK, TK D. KCK, KEK, MIC key Answer: A 35.Which customizable security report on Cisco Prime Infrastructure would show rogue APs detected since a point in time? A. New Rogue APs B. Rogue AP Events C. Rogue APs D. Rogue AP Count Summary E. Network Summary Answer: C 36.A customer is concerned that radar is impacting the access point that service the wireless network in an office located near an airport. On which type of channel should you conduct spectrum analysis to identify if radar is impacting the wireless network? A. UNII-3 channels B. UNII-1 channels C. 802.11b channels D. 2.4 GHz channels E. UMII-2 channels F. Channels 1, 5, 9, 13 Answer: E 37.An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which option must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS? A. local EAP B. authentication caching C. pre-authentication D. Cisco Centralized Key Management Answer: A 38.What is the maximum number of clients that a small branch deployment using a four-member Cisco Catalyst 3850 stack (acting as MC/MA) can support? A. 10000 B. 1000 C. 500 D. 2000 E. 5000

16 / 20


The safer , easier way to help you pass any IT exams.

Answer: E 39.A corporation has recently implemented a BYOD policy at their HQ. Which three risks should the security director be concerned about? (Choose three.) A. unauthorized users B. rogue ad-hocs C. software piracy D. lost and stolen devices E. malware F. keyloggers Answer: A,C,E 40.Which three options are valid client profile probes m Cisco ISE? (Choose three.) A. DHCP B. 802.1X C. CCX D. NetFlow E. TACACS F. HTTP Answer: A,D,F 41.A customer is concerned about DOS attacks from a neighboring facility. Which feature can be enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN? A. PMF B. peer-to-peer blocking C. Cisco Centralized Key Management D. split tunnel Answer: A 42.An engineer is considering an MDM integration with Cisco ISE to assist with security for lost devices. Which two functions of MDM increase security for lost devices that access data from the network? (Choose two.) A. PIN enforcement B. Jailbreak/root detection C. data wipe D. data encryption E. data loss prevention Answer: A,C 43.An engineer must change the wireless authentication from WPA2-Personal to WPA2-Enterprise. Which three requirements are necessary? (Choose three.) A. EAP B. 802.1x C. RADIUS

17 / 20


The safer , easier way to help you pass any IT exams.

D. per-shared key E. 802.11u F. fast secure roaming G. 802.11i Answer: A,C,G 44.A network engineer is implementing a wireless network and is considering deploying a single SSID for device onboarding. Winch option is a benefit of using dual SSIDs with a captive portal on the onboard SSID compared to a single SSID solution? A. limit of a single device per user B. restrict allowed devices types C. allow multiple devices per user D. minimize client configuration errors Answer: B 45.How many mobility peers can a Cisco Catalyst 3850-MC node have? A. 8 B. 2 C. 6 D. 16 E. 4 Answer: A 46.Which client roam is considered the fastest in a wireless deployment using Cisco IOS XE mobility controllers and mobility agents? A. Roam within stack members B. Inter-SPG roam C. Interdomain roam D. Intermobility roam E. lntra-SPG roam Answer: B • Inter-SPG, Intra-subdomain roamingThe client roaming between mobility agents in different SPGswithin the same subdomain. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/ system_management/configuration_guide/b_sm_3se_3850_cg/b_sm_3se_3850_cg_chapter_011 1.pdf 47.During the EAP process and specifically related to the logon session, which encrypted key is sent from the RADIUS server to the access point? A. WPA key B. encryption key C. session key D. shared secret key Answer: C

18 / 20


The safer , easier way to help you pass any IT exams.

48.A customer wants to allow employees to easily onboard their devices to the wireless network. Which process can be configured on Cisco ISE to support this requirement? A. self registration guest portal B. client provisioning C. native supplicant provisioning D. local web auth Answer: B 49.An engineer is deploying EAP-TLS as the authentication mechanism for an 802.1X-enabled wireless network. Which network device is responsible for applying the digital signature to a certificate to ensure that the certificate is trusted and valid? A. supplicant B. CA server C. wireless controller D. authentication server Answer: B 50.Which EAP type requires the use of device certificates? A. EAP-TLS B. EAP-FAST C. EAP-SSL D. PEAP E. LEAP Answer: A 51.Which option determines which RADIUS server is preferred the most by the Cisco WLC? A. the Server Index (Priority) drop-down list B. the server status C. the server IP address D. the port number Answer: A 52.A Cisco WLC has been added to the network and Cisco ISE as a network device, but authentication is failing. Which configuration within the network device configuration should be verified? A. shared secret B. device ID C. SNMP RO community D. device interface credentials Answer: A 53.Which three commands are part of the requirements on Cisco Catalyst 3850 series Switch with Cisco

19 / 20


The safer , easier way to help you pass any IT exams.

IOX XE to create a RADIUS authentication server group? (Choose three.) A. authentication dot1x default local B. aaa session-idcommon C. dot1x system-auth-control D. aaa new-model E. local-auth wcm_eap_prof F. security dot1x Answer: B,C,D 54.When a supplicant and AAA server are configured to use PEAP, which mechanism is used by the client to authenticate the AAA server in Phase One? A. PMK B. shared secret keys C. digital certificate D. PAC Answer: C 55.Which EAP types are supported by MAC 10.7 for authentication to a Cisco Unified Wireless Network? A. LEAP and EAP-Fast only B. EAP-TLS and PEAP only C. LEAP, EAP-TLS, and PEAP only D. LEAP, EAP-FAST, EAP-TLS, and PEAP Answer: D

20 / 20


Top 50 Exam Questions | PassQuestion Free download PassQuestion 1Y0-204 real questions Free download PassQuestion 1Z0-808 real questions Free download PassQuestion 200-105 real questions Free download PassQuestion 200-125 real questions Free download PassQuestion 200-150 real questions Free download PassQuestion 200-355 real questions Free download PassQuestion 210-060 real questions Free download PassQuestion 210-065 real questions Free download PassQuestion 70-741 real questions Free download PassQuestion PEGAPCSA80V1_2019 real questions Free download PassQuestion 2V0-21.19 real questions Free download PassQuestion 300-101 real questions Free download PassQuestion 300-115 real questions Free download PassQuestion C1000-016 real questions Free download PassQuestion C1000-020 real questions Free download PassQuestion C1000-021 real questions Free download PassQuestion C1000-022 real questions Free download PassQuestion NACE-CIP1-001 real questions Free download PassQuestion NACE-CIP2-001 real questions Free download PassQuestion 700-150 real questions Free download PassQuestion CAMS real questions Free download PassQuestion CWNA-107 real questions Free download PassQuestion E05-001 real questions Free download PassQuestion 2V0-01.19 real questions Free download PassQuestion H12-221-ENU real questions Free download PassQuestion H12-224-ENU real questions Free download PassQuestion H12-261-ENU real questions Free download PassQuestion H12-311-ENU real questions Free download PassQuestion H12-722-ENU real questions Free download PassQuestion H13-621-ENU real questions Free download PassQuestion H13-622-ENU real questions Free download PassQuestion H20-681-ENU real questions Free download PassQuestion 72200X real questions Free download PassQuestion MB-300 real questions Free download PassQuestion MB-200 real questions Free download PassQuestion SY0-501 real questions Free download PassQuestion 78200X real questions Free Download PassQuestion 210-451 real questions Free Download PassQuestion 300-320 real questions Free Download PassQuestion 400-101 real questions

Profile for passquestions

Download CCNP Wireless 300-375 Free Questions V11.02 From PassQuestion  

Now you can download CCNP Wireless 300-375 Free Questions V11.02 from PassQuestion to check the high-quality of 300-375 exam questions. Real...

Download CCNP Wireless 300-375 Free Questions V11.02 From PassQuestion  

Now you can download CCNP Wireless 300-375 Free Questions V11.02 from PassQuestion to check the high-quality of 300-375 exam questions. Real...

Advertisement