Cisco 300-375 Free Practice Questions

NEW QUESTION 1
When you configure BYOD access to the network, you face increased security risks and challenges. Which challenge is resolved by deploying digital client certificates?

• A. managing the increase connected devices
• B. ensuring wireless LAN performance and reliability
• C. providing device choice and support
• D. enforcing company usage policies

Answer: D

Explanation:  

NEW QUESTION 2
Refer to the exhibit.

A WLAN with the SSID "Enterprise" is configured. Which rogue is marked as malicious?

• A. a rogue with two clients, broadcasting the SSID "Employee" heard at -50 dBm
• B. a rogue with no clients, broadcasting the SSID "Enterprise" heard at -50 dBm
• C. a rouge with two clients, broadcasting the SSID "Enterprise" heard at -80 dBm
• D. a rogue with two clients, broadcasting the SSID "Enterprise" heard at -50 dBm

Answer: C

Explanation:  

NEW QUESTION 3
An engineer is configuring a BYOD deployment strategy and prefers a single SSID model. Which technology is required to accomplish this configuration?

• A. mobility service engine
• B. wireless control system
• C. identify service engine
• D. Prime Infrastructure

Answer: C

Explanation:  

NEW QUESTION 4
Which method does a Cisco switch use to authenticate a Cisco lightweight access point that is acting as a 802.1x supplicant?

• A. 802.1X
• B. EAP-FAST with anonymous PAC provisioning
• C. a password only
• D. a username and password

Answer: B

Explanation:  

NEW QUESTION 5
A network engineer is implementing a wireless network and is considering deploying a single SSID for device onboarding. Winch option is a benefit of using dual SSIDs with a captive portal on the onboard SSID compared to a single SSID solution?

• A. limit of a single device per user
• B. restrict allowed devices types
• C. allow multiple devices per user
• D. minimize client configuration errors

Answer: B

Explanation:  

NEW QUESTION 6
Which three WLAN polices can be controlled by using the Cisco IBNS on the Cisco WLC and Cisco Secure ACS? (Choose three.)

• A. QoS setting
• B. VLAN
• C. EAP type
• D. ACL
• E. authentication priority order
• F. NAC state

Answer: ABD

Explanation:  

NEW QUESTION 7
Refer to the exhibit. What do the red circles represent in the exhibit?

• A. detected interferes
• B. RSSI cutoff
• C. wIPs attackers
• D. zones of impact

Answer: C

Explanation:  

NEW QUESTION 8
An engineer is trying to determine if an existing configuration deviates from the Cisco defaults while enabling PMF on a WLAN. Which set represents the default timer configuration for PMF?

• A. security pmf association-comeback 1 security pmf mandatory security pmf saquery-retry-time 100
• B. security pmf association-comeback 20 security pmf mandatory security pmf saquery-retry-time 600
• C. security pmf association-comeback 15 security pmf mandatory security pmf saquery-retry-time 200
• D. security pmf association-comeback 1 security pmf mandatory security pmf saquery-retry-time 200

Answer: D

Explanation:  

NEW QUESTION 9
WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network through
an ACS server. For security reasons, the network engineer wants to ensure only PEAP authentication can be used. The engineer sent instructions to clients on how to configure their supplicants, but users are still in the ACS logs authentication using EAP-FAST. Which option describes the most efficient way the engineer can ensure these users cannot access the network unless the correct authentication mechanism is configured?

• A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices.
• B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST.
• C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only when the EAP authentication method is PEAP.
• D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN.

Answer: D

Explanation:  

NEW QUESTION 10
Refer to the exhibit.

A customer is having problems with clients associating to me wireless network. Based on the configuration, which option describes the most likely cause of the issue?

• A. Both AES and TKIP must be enabled
• B. SA Query Timeout is set too low
• C. Comeback timer is set too low
• D. PME is set to "required"
• E. MAC Filtering must be enabled

Answer: E

Explanation:  

NEW QUESTION 11
You are configuring the social login for a guest network. Which three options are configurable social connect in Cisco CMS visitor connect? (Choose three.)

• A. Linkedin
• B. Pinterest
• C. Medium
• D. Google+
• E. Facebook
• F. MySpace

Answer: ADE

Explanation:  

NEW QUESTION 12
A company is deploying wireless PCs on forklifts within its new 10,000-square-foot (3048-squaremeter) facility. The clients are configured for PEAP-MS-CHAPv2 with WPA TKIP. Users report that applications frequently drop when the clients roam between access points on the floor. A
professional site survey was completed. Which configuration change is recommended to improve the speed of client roaming?

• A. EAP-FAST
• B. EAP-TLS
• C. WPA AES
• D. WPA2 AES

Answer: D

Explanation:
Although the controller and APs support WLAN with SSID using WiFi Protected Access (WPA) and WPA2 simultaneously, it is common that some wireless client drivers cannot handle complex SSID settings. Whenever possible, Cisco recommends WPA2 only with Advanced Encryption Standard (AES). However, due to standards and mandatory WiFi Alliance certification process, TKIP support is required across future software versions. Keep the security policies simple for any SSID. Use a separate WLAN/SSID with WPA and Temporal Key Integrity Protocol (TKIP), and a separate one with WPA2 and Advanced Encryption Standard (AES). Since TKIP is being deprecated, Cisco recommends to use TKIP together with WEP, or to migrate out of TKIP completely and use PEAP, if possible.
 

NEW QUESTION 13
A customer wants the access points in the CEO’s office to have different usernames and passwords for administrative support than the other access points deployed throughout the facility. Which feature can be enabled on the WLC and access points to achieve this criteria?

• A. Override global credentials
• B. HTTPS access
• C. 802.1x supplicant credentials
• D. local management users

Answer: D

Explanation:
You can configure administrator usernames and passwords to prevent unauthorized users from reconfiguring the switch and viewing configuration information. This section provides instructions for initial configuration and for password recovery.
You can also set administrator usernames and passwords to manage and configure one or more access points that are associated with the switch. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/16-1/configuration_guide/b_161_consolidated_3650_cg/b_161_consolidated_3650_cg_chapter_01010 111.pdf
 

NEW QUESTION 14
802.1X AP supplicant credentials have been enabled and configured on a Cisco WLC v7.0 in both the respective Wireless>AP>Global Configuration location and AP>Credentials tab locations. What describes the 802.1X AP authentication process when connected via Ethernet to a switch?

• A. Only WLC AP global credentials are used.
• B. Only AP credentials are used.
• C. WLC global AP credentials are used first; upon failure, the AP credentials are used.
• D. AP credentials are used first; upon failure, the WLC global credentials are use

Answer: B

Explanation:  

NEW QUESTION 15
An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which option must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS?

• A. local EAP
• B. authentication caching
• C. pre-authentication
• D. Cisco Centralized Key Management

Answer: A

Explanation:  

NEW QUESTION 16
An engineer is implementing SNMP v3 on a Cisco 5700 Series WLC. Which three commands are the
minimum needed to configure SNMP v3? (Choose three.)

• A. snmp-server enable traps
• B. snmp-server group
• C. snmp-server user
• D. snmp-server community
• E. snmp-server context
• F. snmp-server engineID

Answer: BCF

Explanation:  

NEW QUESTION 17
Which two events are possible outcomes of a successful RF jamming attack? (Choose two.)

• A. unauthentication association
• B. deauthentication multicast
• C. deauthentication broadcast
• D. disruption of WLAN services
• E. physical damage to AP hardware

Answer: DE

Explanation:  

NEW QUESTION 18
Refer to the exhibit. You are configuring an autonomous AP for 802.1x access to a wired infrastructure. What does the command do?

• A. It enables the AP to override the authentication timeout on the RADIUS server.
• B. It configures how long the AP must wait for a client to reply to an EAP/dot1x message before the authentication fails.
• C. It enables the supplicant to override the authentication timeout on the client
• D. It configures how long the RADIUS server must wait for supplicant to reply to an EAP/dot1x message before the authentication fails.

Answer: C

Explanation:  

NEW QUESTION 19
A customer is concerned about DOS attacks from a neighboring facility. Which feature can be enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN?

• A. PMF
• B. peer-to-peer blocking
• C. Cisco Centralized Key Management
• D. split tunnel

Answer: A

Explanation: