Cisco 300-375 Free Practice Questions

NEW QUESTION 1
A Cisco WLC has been added to the network and Cisco ISE as a network device, but authentication is failing. Which configuration within the network device configuration should be verified?

• A. shared secret
• B. device ID
• C. SNMP RO community
• D. device interface credentials

Answer: A

Explanation:  

NEW QUESTION 2
Which EAP method can an AP use to authenticate to the wired network?

• A. EAP-GTC
• B. EAP-MD5
• C. EAP-TLS
• D. EAP-FAST

Answer: C

Explanation:  

NEW QUESTION 3
An engineer ran the PCI report in Cisco Prime Infrastructure and received a warning on PCIDSS
Requirement 2.1.1 that the SNMP strings are set to default and must be changed. Which tab in the Cisco WLC can the engineer use to navigate to these settings?

• A. Management
• B. Security
• C. Controller
• D. Wireless

Answer: A

Explanation:  

NEW QUESTION 4
A Customer is concerned about denial of service attacks that impair the stable operation of the corporate wireless network. The customer wants to purchase mobile devices that will operate on the corporate wireless network. Which IEEE standard should the mobile devices support to address the customer concerns?

• A. 802.11w
• B. 802.11k
• C. 802.11r
• D. 802.11h

Answer: A

Explanation:  

NEW QUESTION 5
Which mobility mode must a Cisco 5508 wireless Controller be in to use the MA functionality on a cisco catalyst 3850 series switch with a cisco 550 Wireless Controller as an MC?

• A. classic mobility
• B. new mobility
• C. converged access mobility
• D. auto-anchor mobility

Answer: C

Explanation:  

NEW QUESTION 6
Which two 802.11 methods can be configured to protect card holder data? (Choose two.)

• A. CCMP
• B. WEP
• C. SSL
• D. TKIP
• E. VPN

Answer: CE

Explanation:  

NEW QUESTION 7
Which client roam is considered the fastest in a wireless deployment using Cisco IOS XE mobility controllers and mobility agents?

• A. Roam within stack members
• B. Inter-SPG roam
• C. Interdomain roam
• D. Intermobility roam
• E. lntra-SPG roam

Answer: B

Explanation:
• Inter-SPG, Intra-subdomain roaming?The client roaming between mobility agents in different SPGs
within the same subdomain. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/system_m anagement/configuration_guide/b_sm_3se_3850_cg/b_sm_3se_3850_cg_chapter_0111.pdf
 

NEW QUESTION 8
Clients are failing EAP authentication. A debug shows that an EAPOL start is sent and the clients are then de-authenticated. Which two issues can cause this problem? (Choose two.)

• A. The WLC certificate has changed.
• B. The WLAN is not configured for the correct EAP supplicant type.
• C. The shared secret of the WLC and RADIUS server do not match.
• D. The WLC has not been added to the RADIUS server as a client.
• E. The clients are configured for machine authentication, but the RADIUS server is configured for user authentication.

Answer: CD

Explanation:  

NEW QUESTION 9
An engineer configures 802.1 X authentication for the access points using the config ap 802.1Xuser add username admin password secret AP_01 command.
Which EAP method does the access point use to authenticate?

• A. EAP-TLS
• B. MS-CHAPv2 PEAP
• C. LEAP
• D. EAP-FAST

Answer: D

Explanation:
Enables or disables Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) authentication.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/cmdref/b_cr80/config_commands_a_to_i.html
 

NEW QUESTION 10
Which of the following user roles can access CMX Visitor Connect?

• A. Administrator
• B. Power User
• C. Guest User
• D. Super Administrator

Answer: A

Explanation:  

NEW QUESTION 11
Which three authentication methods correctly describe digital certificate requirements when using EAP-TLS authentication? (Choose three)

• A. The client does not need the corresponding private key.
• B. The EAP-TLS is sent in cleartext when the root certificate is not installed.
• C. The certificate has to be X 509 Version 3.
• D. EAP-TLS requires a root certificate but not a user certificate.
• E. The certificate must be installed when the requested user is logged in to the machine.
• F. The subject name in the certificate must correspond to the user account name

Answer: CDE

Explanation: https://www.cisco.com/en/US/tech/ CK7 22/ CK8 09/technologies_white_paper09186a008 009256b.shtml
The certificate has to be X.509 Version 3
EAP-TLS Machine Authentication requires both Active Directory and an Enterprise root C
A. In order
to acquire a certificate for EAP-TLS machine authentication,
For a client (using Windows XP professional, for example) to authenticate using EAP-TLS, the client must obtain a personal client certificate. This certificate must meet several requirements: Figure 5-1. Client Certificate and the Enhanced Key Usage Field. • The certificate has to be installed when the requested user is logged
https://www.cisco.com/en/US/tech/ CK7 22/ CK8 09/technologies_white_paper09186a008009256b.sht ml
 

NEW QUESTION 12
Client Management Frame Protection is supported on which Cisco Compatible Extensions version clients?

• A. v2 and later
• B. v3 and later
• C. v4 and later
• D. v5 only

Answer: D

Explanation:  

NEW QUESTION 13
Which EAP types are supported by MAC 10.7 for authentication to a Cisco Unified Wireless Network?

• A. LEAP and EAP-Fast only
• B. EAP-TLS and PEAP only
• C. LEAP, EAP-TLS, and PEAP only
• D. LEAP, EAP-FAST, EAP-TLS, and PEAP

Answer: D

Explanation:  

NEW QUESTION 14
Which two requirements must be met to ensure that Cisco ISE can join the Active Directory domain of the company. (Choose two.)

• A. If a firewall exists between Cisco ISE and Active Directory domain server, these ports are allowed through UDP 69, 123, and 389; and TCP 88, 389, 445, 464, 636, 3268, and 3269.
• B. The hostname of Cisco ISE is less than 20 characters in length.
• C. An account has been created in Active Directory for Cisco ISE that has the necessary permissions.
• D. The DNS name is configured on Cisco ISE and resolved on the Active Directory domain server
• E. Time synchronization between Cisco ISE and Active Directory must be within 10 minute

Answer: CD

Explanation:  

NEW QUESTION 15
Scenario
Local Web Auth has been configured on the East-WLC-2504A, but it is not working. Determine which actions must be taken to restore the Local Web Auth service. The Local Web Auth service must operate only with the Contractors WLAN.
Contractors WLAN ID – 10 Employees WLAN ID - 2
Note, not all menu items, text boxes, or radio buttons are active.

Virtual Terminal





Which four changes must be made to configuration parameters to restore the Local Web Auth feature on the East-WLC-2504A? Assume the passwords are correctly entered as “ciscotest”. (Choose four.)

• A. Remove the existing Local Net User Bill Smith and add a New Local Net User “Bill Smith” password “ciscotest’, WLAN Profile “Contractors”.
• B. Remove WLAN 10 and WLAN 2, replace WLAN 10 with Profile Name Employees and SSID Contractors;replace WLAN 2 with Profile Name Employees and SSID Employees.
• C. Remove WLAN 10 and WLAN 2, replace WLAN 10 with Profile Name Contractors and SSID Contractors, replace WLAN 2 with Profile Name Employees and SSID Employees.
• D. Change the Layer 2 security to None on the Contractors WLAN.
• E. Under Layer 3 Security, change the Layer 3 Security to Web Policy on the Contractors WLAN.
• F. Under Security Local Net Users add a New Local Net User “Bill Smith” password “Cisco”, interface/ Interface Group “east-wing”.
• G. Change the Layer 2 Security to None + EAP Pass-through on the Contractors WLAN.
• H. Under WLANs > Edit “Contractors “change the interface/Interface group to “east-wing”.

Answer: CEFG

Explanation:  

NEW QUESTION 16
Which three items must be configured on a Cisco WLC v7.0 to allow implementation of isolated bonding network? (Choose three.)

• A. RADIUS server IP address
• B. DHCP IP address
• C. SNMP trap receiver IP address
• D. interface name
• E. SNMP community name
• F. ACL name

Answer: ADF

Explanation:  

NEW QUESTION 17
When a wireless client uses WPA2 AES, which keys are created at the end of the four way handshake process between the client and the access point?

• A. AES key, TKIP key, WEP key
• B. AES key, WPA2 key, PMK
• C. KCK, KEK, TK
• D. KCK, KEK, MIC key

Answer: A

Explanation:  

NEW QUESTION 18
WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network through an ISE server. For security reasons, the network engineer wants to ensure only PEAP authentication can be used. The engineer sent instructions to clients on how to configure their supplicants, but
users are still in the ISE logs authentication using EAP-FAST. Which option describes the most efficient way the engineer can ensure these users cannot access the network unless the correct
authentication mechanism is configured?

• A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices.
• B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST.
• C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only when the EAP authentication method is PEAP.
• D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN.

Answer: C

Explanation:  

NEW QUESTION 19
Which two attacks represent a social engineering attack? (Choose two.)

• A. using AirMagnet Wi-Fi Analyzer to search for hidden SSIDs
• B. calling the IT helpdesk and asking for network information
• C. spoofing the MAC address of an employee device
• D. entering a business and posing as IT support staff

Answer: BD

Explanation: