Cisco 300-375 Free Practice Questions

NEW QUESTION 1
Which three methods are valid for guest wireless using web authentication? (Choose three.)

• A. LDAP
• B. SSL
• C. local
• D. TLS
• E. EAP-TLS
• F. RADIUS

Answer: ACF

Explanation:
There are three ways to authenticate users when you use web authentication. Local authentication allows you to authenticate the user in the Cisco WLC. You can also use an external RADIUS server or a LDAP server as a backend database in order to authenticate the users.
https://www.sslshopper.com/ssl-certificate-not-trusted-error.html
 

NEW QUESTION 2
During the EAP process and specifically related to the logon session, which encrypted key is sent from the RADIUS server to the access point?

• A. WPA key
• B. encryption key
• C. session key
• D. shared secret key

Answer: C

Explanation:  

NEW QUESTION 3
Which option determines which RADIUS server is preferred the most by the Cisco WLC?

• A. the Server Index (Priority) drop-down list
• B. the server status
• C. the server IP address
• D. the port number

Answer: A

Explanation:  

NEW QUESTION 4
Refer to the exhibit. The security team has configured an IBN profile on ISE for the guest wireless network to provide captive portal service. Where must the network engineer configure the ACL and portal for the Cisco AireOS controller?

• A. GuestPreLogin downloadable ACL on ISE, login portal on ISE
• B. GuestPreLogin local ACL on WLC, login portal on WLC
• C. GuestPreLogin downloadable ACL on ISE, login portal on WLC
• D. GuestPreLogin local ACL on WLC, login portal on ISE

Answer: C

Explanation:
The flow would be the following:
-User associate to the Web Auth SSID
-User starts its browser
-The WLC Redirect to the guest portal (ISE/NGS)
-The user authenticate on the portal
-The Guest Portal redirect back to the WLC with the credentials entered
-The WLC Authenticate the guest user via Radius
-The WLC Redirects back to the original URL.
https://supportforums.cisco.com/t5/wireless-mobility-documents/central-web-authentication-cwafor- guests-with-ise/ta-p/3121101
 

NEW QUESTION 5
What are two of the benefits that the Cisco AnyConnect v3.0 provides to the administrator for client WLAN security configuration? (Choose two.)

• A. Provides a reporting mechanism for rouge APs
• B. Prevents a user from adding any WLANs
• C. Hides the complexity of 802.1X and EAP configuration
• D. Supports centralized or distributed client architectures
• E. Provides concurrent wired and wireless connectivity
• F. Allows users to modify but not delete admin-created profiles

Answer: CD

Explanation:  

NEW QUESTION 6
An engineer is deploying EAP-TLS as the authentication mechanism for an 802.1X-enabled wireless network. Which network device is responsible for applying the digital signature to a certificate to ensure that the certificate is trusted and valid?

• A. supplicant
• B. CA server
• C. wireless controller
• D. authentication server

Answer: B

Explanation:  

NEW QUESTION 7
A wireless engineer must implement a corporate wireless network for a large company with ID 338860948 in the most efficient way possible. The wireless network must support a total of 32 VLANS for 300 employees in different departments.
What is the best configuration option in this scenario?

• A. Configure a second WLC to support half of the APs in the deployment.
• B. Configure different AP groups to support different VLANs, so that all of the WLANs can be broadcast on both radios.
• C. Configure 16 WLANs to be broadcast on the 2.4-GHz band and 16 WLANs to be broadcast on the 5.0-GHz band.
• D. Configure one single SSID and implement Cisco ISE VLLAN assignment according to different user roles.

Answer: B

Explanation:  

NEW QUESTION 8
When a network engineer plans to implement the client MFP, which three settings should be supported by the client? (Choose three)

• A. WPA2 with AES
• B. Short Preamble check box
• C. WPA2 with TKIP
• D. WEP
• E. WPA with TKIP
• F. Cisco Compatible Extensions v5

Answer: ACF

Explanation:  

NEW QUESTION 9
Scenario

TOPOLOGY

MONITOR

WLAMS

CONTROLLER

WIRELESS

SECURITY

Which configuration changes need to be made to allow WPA2 + PSK to operate property on the East- WLC-2504A controller? (Choose four.)

• A. Disable Dynamic AP Management.
• B. Click on the Status Enabled radio button.
• C. Change the Layer 3 Security to Web Policy.
• D. Change the WPA + WPA2 Parameters to WPA2 Policy-AES.
• E. Change the PSK Format to HEX.
• F. Change the WLAN ID.
• G. Change the VLAN Identifier.
• H. Change the IP Address of the Virtual interface.
• I. Change the SSID name of the WLAN.
• J. Click on the PSK radio button and add the password in the text bo

Answer: BFIJ

Explanation:  

NEW QUESTION 10
Which command is an SNMPv3-specific command that an engineer can use only in Cisco IOS XE?

• A. snmp-server user remoteuser1 group1 remote 10.12.0.4
• B. snmp-server host 172.16.1.33 public
• C. snmp-server community comaccess ro 4
• D. snmp-server enable traps wireless

Answer: A

Explanation:  

NEW QUESTION 11
When using the Standalone Profile Editor in the Cisco AnyConnect v3.0 to create a new NAM profile, which two statements describe the profile becoming active? (Choose two.)

• A. selects the new profile from NAM
• B. selects "Network Repair" from NAM
• C. becomes active after a save of the profile name
• D. ensures use of "configuration.xml" as the profile name
• E. ensures use of "config.xml" as the profile name
• F. ensures use of "nam.xml" as the profile name

Answer: BD

Explanation:  

NEW QUESTION 12
When implementing secure PCI wireless networks, which two are specific recommendations in the PCI DSS? (Choose two)

• A. Use a minimum 12-character random passphrase with WPA
• B. Segment logging events with other networking devices within the organization.
• C. Use VLAN based segmentation with MAC filters.
• D. Change default settings.
• E. Implement strong wireless authentication

Answer: DE

Explanation:
Wireless networks that are part of the CDE must comply with all PCI DSS requirements. This includes using a firewall (requirement 1.2.3) and making sure that additional rogue wireless devices have not been added to the CDE (requirement 11.1). In addition, PCI DSS compliance for systems that include WLANs as a part of the CDE requires extra attention to WLAN specific technologies and processes such as:
A. Physical security of wireless devices, B. Changing default passwords and settings on wireless devices, C. Logging of wireless access and intrusion prevention, D. Strong wireless authentication and encryption, E. Use of strong cryptography and security protocols, and F. Development and enforcement of wireless usage policies. This section will cover each of these requirements sequentially. https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guidelines.pdf
 

NEW QUESTION 13
Which two fast roaming algorithms will allow a WLAN client to roam to a new AP and re-establish a new session key without a full reauthentication of the WLAN client? (Choose two.)

• A. PKC
• B. GTK
• C. PMK
• D. PTK
• E. CKM

Answer: AE

Explanation:  

NEW QUESTION 14
Access points at branch sites for a company are in FlexConncct mode and perform local switching, but they authenticate to the central RADIUS at headquarters. VPN connections to the headquarters have gone down, but each branch site has a local authentication server. Which three features on the wireless controller can be configured to maintain network operations if this situation reoccurs? (Choose three.)

• A. Put APs in FlexConnect Group for Remote Branches.
• B. Set Branch RADIUS as Primary.
• C. Put APs in AP Group Per Branch.
• D. Put APs in FlexConnect Group Per Branch.
• E. Set Branch RADIUS OS Secondary.
• F. Set HQ RADIUS a-s primar

Answer: AEF

Explanation:  

NEW QUESTION 15
Refer to the exhibit.

What is the 1.1.1.1 IP address?

• A. the wireless client IP address
• B. the RADIUS server IP address
• C. the controller management IP address
• D. the lightweight IP address
• E. the controller AP-manager IP address
• F. the controller virtual interface IP address

Answer: F

Explanation:  

NEW QUESTION 16
Which two considerations must a network engineer have when planning for voice over wireless roaming? (Choose two.)

• A. Roaming with only 802.1x authentication requires full reauthentication.
• B. Full reauthentication introduces gaps in a voice conversation.
• C. Roaming occurs when e phone has seen at least four APs.
• D. Roaming occurs when the phone has reached -80 dBs or belo

Answer: AB

Explanation:  

NEW QUESTION 17
An engineer is preparing to implement a BYOD SSID at remote offices using local switching and wants to ensure that Wi-Fi Direct clients can communicate after the SSID is deployed. The engineer is planning on implementing the config wlan wifidirect allow 1 command. Which Wi-Fi Direct Client Policy consideration is applicable?

• A. Policy is applicable only with central switched WLANs on FlexConnect Aps.
• B. Policy is applicable only when P2P is set to disabled.
• C. Policy is applicable only to APs in FlexConnect mode only.
• D. Policy is applicable only on WLANs that have APs in local mode onl

Answer: A

Explanation:  

NEW QUESTION 18
An engineer is configuring a wireless network for local FlexConnect authentication. What three configurations are required for the WLC with WLAN 1 and AP Cisco? (Choose three.)

• A. config ap filexconnect vlan enable Cisco
• B. config wlan filexconnect vlan-central-switching 1 enable
• C. config ap filexconnect vlan wlan 1 Cisco
• D. config wlan filexconnect local-switching 1 enable
• E. config wlan filexconnect ap-auth 1 enable
• F. config ap mode filexconnect Cisco

Answer: ACD

Explanation:  

NEW QUESTION 19
A wireless engineer want to how many wlPS alerts have been detected in CISCO Prime. Which tab does the engineer select in the windows dashboard?

• A. Security
• B. CleanAir
• C. Context Aware
• D. Mesh

Answer: A

Explanation:
Security Index, including the top security issues Adaptive WIPS Rogue classification graph Rogue containment graph Attacks detected Malicious, unclassified, friendly, and custom rogue APs CleanAir security Adhoc rogues Security https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-
1/user/guide/pi_ug/view-dash.html