Cisco 300-375 Free Practice Questions

NEW QUESTION 1
When a network engineer plans to implement the client MFP, which three settings should be supported by the client? (Choose three)

• A. WPA2 with AES
• B. Short Preamble check box
• C. WPA2 with TKIP
• D. WEP
• E. WPA with TKIP
• F. Cisco Compatible Extensions v5

Answer: ACF

NEW QUESTION 2
An engineer is configuring an autonomous AP for RADIUS authentication. What two pieces of information must be known to configure the AP? (Choose two.)

• A. shared secret
• B. username and password
• C. RADIUS IP address
• D. group name
• E. PAC encryption key

Answer: AC

Explanation:

You identify RADIUS security servers by their host name or IP address, host name and specific UDP port numbers, or their IP address and specific UDP port numbers. The combination of the IP address and the UDP port number creates a unique identifier allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. This unique identifier enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_rad/configuration/xe-3se/3850/secusr- rad-xe-3se-3850-book/sec-rad-mult-udp-ports.html

NEW QUESTION 3
Which three options are valid client profile probes m Cisco ISE? (Choose three.)

• A. DHCP
• B. 802.1X
• C. CCX
• D. NetFlow
• E. TACACS
• F. HTTP

Answer: ADF

NEW QUESTION 4
An engineer is configuring a new mobility anchor for a WLAN on the CLI with the config wlan mobility anchor add 3 10.10.10.10 command, but the command is failing. Which two conditions must be met to be able to enter this command? (Choose two.)

• A. The anchor controller IP address must be within the management interface subnet.
• B. The anchor controller must be in the same mobility group.
• C. The WLAN must be enabled.
• D. The mobility group keepalive must be configured.
• E. The indicated WLAN ID must be present on the controlle

Answer: AB

NEW QUESTION 5
Which two statements describe the requirements for EAP-TLS?

• A. It requires client-side and server-side certificates.
• B. It uses PAC on the client.
• C. It requires PKI.
• D. It requires a server side digital certificate on only the RADIUS server
• E. It must use AES for encryption and cannot use TKIP for encryptio

Answer: AB

NEW QUESTION 6
A network engineer must segregate all iPads on the guest WLAN to a separate VLAN. How does the engineer accomplish this task without using ISE?

• A. Use 802.1x authentication to profile the devices.
• B. Create a local policy on the WLC.
• C. Use an mDNS profile for the iPad device.
• D. Enable RADIUS DHCP profiling on the WLAN.

Answer: B

NEW QUESTION 7
Refer to the exhibit.

A WLAN with the SSID "Enterprise" is configured. Which rogue is marked as malicious?

• A. a rogue with two clients, broadcasting the SSID "Employee" heard at -50 dBm
• B. a rogue with no clients, broadcasting the SSID "Enterprise" heard at -50 dBm
• C. a rouge with two clients, broadcasting the SSID "Enterprise" heard at -80 dBm
• D. a rogue with two clients, broadcasting the SSID "Enterprise" heard at -50 dBm

Answer: C

NEW QUESTION 8
An engineer is adding APs to an existing VoWLAN to allow for location based services. Which option
will the primary change be to the network?

• A. increased transmit power on all APs
• B. moving to a bridging model
• C. AP footprint
• D. cell overlap would decrease
• E. triangulation of devices

Answer: C

NEW QUESTION 9
An engineer configures 802.1 X authentication for the access points using the config ap 802.1Xuser add username admin password secret AP_01 command.
Which EAP method does the access point use to authenticate?

• A. EAP-TLS
• B. MS-CHAPv2 PEAP
• C. LEAP
• D. EAP-FAST

Answer: D

Explanation:

Enables or disables Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) authentication.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/cmdref/b_cr80/config_commands_a_to_i.html

NEW QUESTION 10
After receiving an alert regarding a rogue AP, a network engineer logs into Cisco Prime and looks at the floor map where the AP that detected the rogue is located. The map is synchronized with a mobility services engine that determines the rogue device is actually inside the campus. The engineer determines the rogue to be a security threat and decides to stop it from broadcasting inside the enterprise wireless network. What is the fastest way to disable the rogue?

• A. Go to the location the rogue device is indicated to be and disable the power.
• B. Create an SSID on WLAN controller resembling the SSID of the rogue to spoof it and disable clients from connecting to it.
• C. Classify the rogue as malicious in Cisco Prime.
• D. Update the status of the rogue in Cisco Prime to containe

Answer: C

NEW QUESTION 11
An engineer with ID 338860948 is implementing Cisco Identity-Based Networking on a Cisco AireOS
controller. The engineer has two ACLs on the controller. The first ACL, named BASE_ACL, is applied to the corporate_clients interface on the WLC, which is used for all corporate clients. The second ACL, named HR_ACL, is referenced by ISE in the Human Resources group policy.
Which option is the resulting ACL when a Human Resources user connects?

• A. HR_ACL only
• B. HR_ACL appended with BASE_ACL
• C. BASE_ACL appended with HR_ACL
• D. BASE_ACL only

Answer: A

NEW QUESTION 12
802.1X AP supplicant credentials have been enabled and configured on a Cisco WLC v7.0 in both the respective Wireless>AP>Global Configuration location and AP>Credentials tab locations. What describes the 802.1X AP authentication process when connected via Ethernet to a switch?

• A. Only WLC AP global credentials are used.
• B. Only AP credentials are used.
• C. WLC global AP credentials are used first; upon failure, the AP credentials are used.
• D. AP credentials are used first; upon failure, the WLC global credentials are use

Answer: B

NEW QUESTION 13
Which attribute on the Cisco WLC v7.0 does RADIUS IETF attribute "Tunnel-Private-Group ID" assign?

• A. ACL
• B. DSCP
• C. QoS
• D. VLAN

Answer: D

NEW QUESTION 14
Which client roam is considered the fastest in a wireless deployment using Cisco IOS XE mobility controllers and mobility agents?

• A. Roam within stack members
• B. Inter-SPG roam
• C. Interdomain roam
• D. Intermobility roam
• E. lntra-SPG roam

Answer: B

Explanation:

• Inter-SPG, Intra-subdomain roaming?The client roaming between mobility agents in different SPGs
within the same subdomain. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/system_m anagement/configuration_guide/b_sm_3se_3850_cg/b_sm_3se_3850_cg_chapter_0111.pdf

NEW QUESTION 15
An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which option must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS?

• A. local EAP
• B. authentication caching
• C. pre-authentication
• D. Cisco Centralized Key Management

Answer: A

NEW QUESTION 16
When a supplicant and AAA server are configured to use PEAP, which mechanism is used by the client to authenticate the AAA server in Phase One?

• A. PMK
• B. shared secret keys
• C. digital certificate
• D. PAC

Answer: C

NEW QUESTION 17
Which EAP method can an AP use to authenticate to the wired network?

• A. EAP-GTC
• B. EAP-MD5
• C. EAP-TLS
• D. EAP-FAST

Answer: C

NEW QUESTION 18
Regarding the guidelines for using MFP, under what circumstances will a client without Cisco compatible Extensions v5 be able to associate to a WLAN?

• A. The DHCP Required box is unchecked.
• B. AAA override is configured for the WLAN
• C. Client MFP is disabled or optional.
• D. WPA2 is enabled with TKIP or AE

Answer: D

NEW QUESTION 19
When a wireless client uses WPA2 AES, which keys are created at the end of the four way handshake process between the client and the access point?

• A. AES key, TKIP key, WEP key
• B. AES key, WPA2 key, PMK
• C. KCK, KEK, TK
• D. KCK, KEK, MIC key

Answer: A

NEW QUESTION 20
An engineer has configured central web authentication on the wireless network, but clients are receiving untrusted certificate errors on their internet browsers when directed to the guest splash page. Which file must be provided to an approved trusted certificate authority to fix this issue?

• A. EAP-TLS certificate generate by WLC
• B. CSR generated by identity Service Engine
• C. CSR generated by the WLC
• D. EAP-TLS certificate generated by the access point

Answer: B

NEW QUESTION 21
Which method does a Cisco switch use to authenticate a Cisco lightweight access point that is acting as a 802.1x supplicant?

• A. 802.1X
• B. EAP-FAST with anonymous PAC provisioning
• C. a password only
• D. a username and password

Answer: B

NEW QUESTION 22
......