Download Securing Wireless Enterprise Networks.actualtests.300-375.2019-12-04.1e.79q.vcex

Download Exam

File Info

Exam Securing Wireless Enterprise Networks
Number 300-375
File Name Securing Wireless Enterprise Networks.actualtests.300-375.2019-12-04.1e.79q.vcex
Size 2.57 Mb
Posted December 04, 2019
Downloads 15
Download Securing Wireless Enterprise Networks.actualtests.300-375.2019-12-04.1e.79q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 



Demo Questions

Question 1

Which two considerations must a network engineer have when planning for voice over wireless roaming? (Choose two.)

  • A: Roaming with only 802.1x authentication requires full reauthentication.
  • B: Roaming time increases when using 802.1x + Cisco Centralized Key Management.
  • C: Full reauthentication introduces gaps in a voice conversation.
  • D: Roaming occurs when the phone has reached -80 dBs or below.
  • E: Roaming occurs when the phone has seen at least four APs.

Correct Answer: AC

In the absence of CCKM, a WPA/WPA2 client must perform a full EAP authentication to a remote AAA/RADIUS server, followed by a WPA/WPA2 4-way handshake whenever it roams. This process can take more than one second. With CCKM, the roaming client and WLC can use pre-established keying material to immediately establish a PTK—normally within a few ten of milliseconds.




Question 2

Which mobility mode must a Cisco 5508 Wireless Controller version 8.0 be in to use the MA functionality on a Cisco Catalyst 3850 Series Switch with a Cisco 5508 Wireless Controller as an MC?

  • A: classic mobility
  • B: new mobility
  • C: converged access mobility
  • D: auto-anchor mobility

Correct Answer: B

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/configuring_new_mobility.html




Question 3

An engineer is configuring a BYOD deployment strategy and prefers a single SSID model. Which technology is required to accomplish this configuration?

  • A: mobility service engine
  • B: wireless control system
  • C: identity service engine
  • D: Prime Infrastructure

Correct Answer: C

Please refer to the section “Single SSID Wireless BYOD Self Registration” of the below mentioned link. 
Reference: http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-61-BYOD-Onboarding_Registering_and_Provisioning.pdf




Question 4

When you configure BYOD access to the network, you face increased security risks and challenges. Which challenge is resolved by deploying digital client certificates?

  • A: managing the increase in connected devices
  • B: ensuring wireless LAN performance and reliability
  • C: providing device choice and support
  • D: enforcing company usage policies

Correct Answer: D

Deploying digital certificates to endpoint devices requires a network infrastructure that provides the security and flexibility to enforce different security policies, regardless of where the connection originates. This solution focuses on providing digital certificate enrollment and provisioning while enforcing different permission levels. 
Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html




Question 5

Refer to the exhibit. 

  

What is the 1.1.1.1 IP address?

  • A: the wireless client IP address
  • B: the RADIUS server IP address
  • C: the controller management IP address
  • D: the lightweight AP IP address
  • E: the controller AР-manager IP address
  • F: the controller virtual interface IP address

Correct Answer: F

Web Authentication Process 
This is what occurs when a user connects to a WLAN configured for web authentication:
The user opens a web browser and enters a URL, for example, http://www.cisco.com. The client sends out a DNS request for this URL to get the IP for the destination. The WLC bypasses the DNS request to the DNS server and the DNS server responds back with a DNS reply, which contains the IP address of the destination www.cisco.com. This, in turn, is forwarded to the wireless clients.
The client then tries to open a TCP connection with the destination IP address. It sends out a TCP SYN packet destined to the IP address of www.cisco.com. 
The WLC has rules configured for the client and hence can act as a proxy for www.cisco.com. It sends back a TCP SYN-ACK packet to the client with source as the IP address of www.cisco.com. The client sends back a TCP ACK packet in order to complete the three way TCP handshake and the TCP connection is fully established. 
The client sends an HTTP GET packet destined to www.cisco.com. The WLC intercepts this packet and sends it for redirection handling. The HTTP application gateway prepares a HTML body and sends it back as the reply to the HTTP GET requested by the client. This HTML makes the client go to the default webpage URL of the WLC, for example, http://<Virtual-Server-IP>/login.html.
The client closes the TCP connection with the IP address, for example, www.cisco.com. 
Now the client wants to go to http://1.1.1.1/login.html. Therefore, the client tries to open a TCP connection with the virtual IP address of the WLC. It sends a TCP SYN packet for 1.1.1.1 to the WLC.
The WLC responds back with a TCP SYN-ACK and the client sends back a TCP ACK to the WLC in order to complete the handshake. 
The client sends a HTTP GET for /login.html destined to 1.1.1.1 in order to request for the login page. 
This request is allowed up to the Web Server of the WLC, and the server responds back with the default login page. The client receives the login page on the browser window where the user can go ahead and log in. 
Reference: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html#backinfo




Question 6

A customer is concerned about denial of service attacks that impair the stable operation of the corporate wireless network. The customer wants to purchase mobile devices that will operate on the corporate wireless network. 
Which IEEE standard should the mobile devices support to address the customer concerns?

  • A: 802.11w
  • B: 802.11k
  • C: 802.11r
  • D: 802.11h

Correct Answer: A

The IEEE goal with 802.11w is to protect management frames in 802.11 networks. This therefore provides wireless networks within organisations the protection against numerous DoS attacks targeted at the Media Access Control (MAC) layer 2. The 802.11w standard will look to provide protection in the following ways: 
Protecting unicast management frames from forgery and disclosure attacks by encrypting the unicast management frames between an access point and the client. • Protecting broadcast management frames from forgery attacks.  
Protecting broadcast deauthentication and disassociation frames from forgery attacks. 
Reference: https://www.sans.org/reading-room/whitepapers/wireless/80211-denial-service-attacks-mitigation-2108 (Please refer to section “802.11w to the rescue”)




Question 7

After receiving an alert regarding a rogue AP, a network engineer logs into Cisco Prime and looks at the floor map where the AP that detected the rogue is located. The map is synchronized with a mobility services engine that determines the rogue device is actually inside the campus. The engineer determines the rogue to be a security threat and decides to stop it from broadcasting inside the enterprise wireless network. What is the fastest way to disable the rogue?

  • A: Go to the location the rogue device is indicated to be and disable the power.
  • B: Create an SSID on the WLAN controller resembling the SSID of the rogue to spoof it and disable clients from connecting to it.
  • C: Classify the rogue as malicious in Cisco Prime.
  • D: Update the status of the rogue in Cisco Prime to contained.

Correct Answer: C

Please refer to the step 10 of the topic “Configuring Rouge Detection” of the reference link. 
Reference: http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0111101.pdf




Question 8

An engineer is configuring client MFP. What WLAN Layer 2 security must be selected to use client MFP?

  • A: Static WEP
  • B: CKIP
  • C: WPA + WPA2
  • D: 802.1x

Correct Answer: C

In 802.11, management frames such as (de)authentication, (dis)association, beacons, and probes are always unauthenticated and unencrypted. In other words, 802.11 management frames are always sent in an unsecured manner, unlike the data traffic, which are encrypted with protocols such as WPA, WPA2, or, at least, WEP, and so forth. 
Reference: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/82196-mfp.html#climfp




Question 9

Which CLI command do you use on Cisco IOS XE Software to put the AP named Floor1_AP1 back in the default AP group?

  • A: ap Floor1_AP1 ap-groupname default-group
  • B: ap name Floor1_AP1 apgroup default-group
  • C: ap name Floor1_AP1 ap-groupname default-group
  • D: ap name Floor1_AP1 ap-groupname default

Correct Answer: C

  

Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_multibook_config_guide_wireless_3850_chapter_0110.html




Question 10

A customer has deployed PEAP authentication with a Novell eDirectory LDAP Server. Which authentication method must be configured on the client to support this deployment?

  • A: PEAP(EAP-MSCHAPv2)
  • B: РЕAР(EAP-TTLS)
  • C: РЕAР(ЕAР-GTC)
  • D: PEAP(EAP-WPA)

Correct Answer: C

PEAP-GTC is the current authentication requirement for the majority of the K-12 schools. WLC does not support MSCHAPv2 for Local EAP Authentication. As a result, you must choose GTC for the EAP Authentication type on the client. 
Reference: http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112137-novell-edirectory-00.html










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files