Download Securing Wireless Enterprise Networks.passit4sure.300-375.2018-10-01.1e.61q.vcex

Download Exam

File Info

Exam Securing Wireless Enterprise Networks
Number 300-375
File Name Securing Wireless Enterprise Networks.passit4sure.300-375.2018-10-01.1e.61q.vcex
Size 2.56 Mb
Posted October 01, 2018
Downloads 48
Download Securing Wireless Enterprise Networks.passit4sure.300-375.2018-10-01.1e.61q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 



Demo Questions

Question 1

Which two options are types of MFP that can be performed? (Choose two.)

  • A: message integrity check
  • B: infrastructure
  • C: client
  • D: AES-CCMP
  • E: RSN

Correct Answer: BC

Reference: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/82196-mfp.html#climfp




Question 2

An engineer has determined that the source of an authentication issue is the client laptop. Which three items must be verified for EAP-TLS authentication? (Choose three.)

  • A: The client certificate is formatted as X.509 version 3.
  • B: The validate server certificate option is disabled.
  • C: The client certificate has a valid expiration date.
  • D: The user account is the same in the certificate.
  • E: The supplicant is configured correctly.
  • F: The subject key identifier is configured correctly.

Correct Answer: ADF

Reference: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a008009256b.shtml




Question 3

An engineer requires authentication for WPA2 that will use fast rekeying to enable clients to roam from one access point to another without going through the controller. 
Which security option should be configured?

  • A: PSK
  • B: AES
  • C: Cisco Centralized Key Management
  • D: 802.1x

Correct Answer: C

Cisco Centralized Key Management (CCKM) is the first fast-secure roaming method developed and implemented on enterprise WLANs, created by Cisco as the solution used in order to mitigate the delays explained thus far, when 802.1X/EAP security is used on the WLAN. As this is a Cisco proprietary protocol, it is only supported by Cisco WLAN infrastructure devices and wireless clients (from multiple vendors) that are Cisco Compatible Extension (CCX)-compatible for CCKM. 
CCKM can be implemented with all of the different encryption methods available for WLANs, to include: WEP, TKIP, and AES. It is also supported with most of the 802.1X/EAP authentication methods used for WLANs, dependent upon the CCX version supported by the devices.
Reference: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116493-technote-technology-00.html#anc8




Question 4

Refer to the exhibit. 

  

A customer is having problems with clients associating to the wireless network. 
Based on the configuration, which option describes the most likely cause of the issue?

  • A: Both AES and TKIP must be enabled.
  • B: SA Query Timeout is set too low.
  • C: Comeback timer is set too low.
  • D: PMF is set to “required”.
  • E: MAC Filtering must be enabled.

Correct Answer: E




Question 5

Scenario 
Refer to the exhibit. Configure the WLC to support WPA+WPA2 with PSK. Create a new WLAN ID 11. The SSID and Profile Name should be the same. The Controller Management interface has been preconfigured for you. The Client Laptop will automatically connect to the WLAN if your configuration is correct. Verify your configuration by using the Cisco 2504 WLC screens when you have completed the configuration. 
Note, not all menu items, text boxes, or radio buttons are active. 

  

  

  

  

  

  

  • A: See the explanation below

Correct Answer: 1

Please refer to this link to configure new WLC: 
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116880-config-wpa2-psk-00.html




Question 6

Which Cisco feature must an engineer configure on a Cisco WLC to enable PCI specification compliance for communication of neighbor radio information?

  • A: RF Grouping
  • B: MFP
  • C: Rogue Access Point Detection
  • D: RRM NDP
  • E: Off Channel Scanning

Correct Answer: D

The Cisco Neighbor Discovery Packet (NDP) is the fundamental tool for RRM and other wireless applications that provides information about the neighbor radio information. You can configure the Cisco WLC to encrypt neighbor discovery packets. This feature enables you to be compliant with the PCI specifications. 
Reference: http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01111111.html




Question 7

MFP is enabled globally on a WLAN with default settings on a single controller wireless network. Older client devices are disconnected from the network during a deauthentication attack. What is the cause of this issue?

  • A: The client devices do not support WPA
  • B: The client devices do not support CCXv5.
  • C: The MFP on the WLAN is set to optional.
  • D: The NTP server is not configured on the controller.

Correct Answer: C

Client MFP shields authenticated clients from spoofed frames, which prevents the effectiveness of many of the common attacks against wireless LANs. Most attacks, such as deauthentication attacks, revert to simply degraded performance when they contend with valid clients. 
Specifically, client MFP encrypts management frames sent between access points and CCXv5 clients so that both access points and clients can take preventive action and drop spoofed class 3 management frames (that is, management frames passed between an access point and a client that is authenticated and associated). Client MFP leverages the security mechanisms defined by IEEE 802.11i to protect these types of class 3 unicast management frames: disassociation, deauthentication, and QoS (WMM) action. Client MFP can protect a client-access point session from the most common type of denial-of-service attack. It protects class 3 management frames with the same encryption method used for the data frames of the session. If a frame received by the access point or client fails decryption, it is dropped, and the event is reported to the controller.
In order to use client MFP, clients must support CCXv5 MFP and must negotiate WPA2 with either TKIP or AES-CCMP. EAP or PSK can be used to obtain the PMK. CCKM and controller mobility management are used to distribute session keys between access points or Layer 2 and Layer 3 fast roaming. 
Reference: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/82196-mfp.html




Question 8

An engineer must enable EAP on a new WLAN and is ensuing that the necessary components are available. 
Which component uses EАР and 802.1x to pass user authentication to the authenticator?

  • A: AP
  • B: AAA server
  • C: supplicant
  • D: controller

Correct Answer: D




Question 9

Which three configuration steps are necessary on the WLC when implementing central web authentication in conjunction with Cisco ISE. (Choose three.)

  • A: Set P2P Blocking Action to Drop.
  • B: Enable Security Layer 3 Web Policy.
  • C: Set NAC state to SNMP NAC.
  • D: Enable Allow AAA override.
  • E: Enable Security Layer 2 Mac Filtering.
  • F: Set NAC state to RADIUS NAC.

Correct Answer: DEF

  

  

  

  

  

Reference: https://supportforums.cisco.com/document/110031/central-web-authentication-cwa-guests-ise




Question 10

Refer to the exhibit. 

  

A WLAN with the SSID ‘‘Enterprise" is configured. Which rogue is marked as malicious?

  • A: a rogue with two clients, broadcasting the SSID “Employee” heard at -50 dBm
  • B: a rogue with no clients, broadcasting the SSID “Enterprise” heard at -50 dBm
  • C: a rouge with two clients, broadcasting the SSID “Enterprise” heard at -80 dBm
  • D: a rogue with two clients, broadcasting the SSID “Enterprise” heard at -50 dBm

Correct Answer: C

RSSI — Requires that the rogue access point have a minimum received signal strength indication (RSSI) value. For example, if the rogue access point has an RSSI that is greater than the configured value, then the access point could be classified as malicious. If you choose this option, enter the minimum RSSI value in the Minimum RSSI text box. The valid range is –95 to –50 dBm (inclusive), and the default value is 0 dBm. 
Reference: http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0111110.html#ID4397










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files