Securing Wireless Enterprise Networks 300-375 WISECURE Dumps Questions

1. Which two considerations must a network engineer have when planning for voice over wireless roaming? (Choose two.)

2. Which two 802.11 methods can be configured to protect card holder data? (Choose two.)

3. An engineer is changing the authentication method of a wireless network from EAP-FAST to EAP­TLS.

Which two changes are necessary? (Choose two.)

4. Which mobility mode must a Cisco 5508 wireless Controller be in to use the MA functionality on a cisco catalyst 3850 series switch with a cisco 550 Wireless Controller as an MC?

5. WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network through an ACS server. For security reasons, the network engineer wants to ensure only PEAP authentication can be used. The engineer sent instructions to clients on how to configure their supplicants, but users are still in the ACS logs authentication using EAP-FAST.

Which option describes the most efficient way the engineer can ensure these users cannot access the network unless the correct authentication mechanism is configured?

6. An engineer is configuring a BYOD deployment strategy and prefers a single SSID model.

Which technology is required to accomplish this configuration?

7. When you configure BYOD access to the network, you face increased security risks and challenges.

Which challenge is resolved by deploying digital client certificates?

8. Scenario

TOPOLOGY

MONITOR

WLAMS

CONTROLLER

WIRELESS

SECURITY

Which configuration changes need to be made to allow WPA2 + PSK to operate property on the East-WLC-2504A controller? (Choose four.)

9. Refer to the exhibit.

What is the 1.1.1.1 IP address?

10. A Customer is concerned about denial of service attacks that impair the stable operation of the corporate wireless network. The customer wants to purchase mobile devices that will operate on the corporate wireless network.

Which IEEE standard should the mobile devices support to address the customer concerns?

11. After receiving an alert regarding a rogue AP, a network engineer logs into Cisco Prime and looks at the floor map where the AP that detected the rogue is located. The map is synchronized with a mobility services engine that determines the rogue device is actually inside the campus. The engineer determines the rogue to be a security threat and decides to stop it from broadcasting inside the enterprise wireless network.

What is the fastest way to disable the rogue?

12. An engineer is configuring client MFP.

What WLAN Layer 2 security must be selected to use client MFP?

13. Which two events are possible outcomes of a successful RF jamming attack? (Choose two.)

14. Which CLI command do you use on Cisco IOS XE Software to put the AP named Floor1_AP1 back in the default AP group?

15. An engineer is configuring a new mobility anchor for a WLAN on the CLI with the config wlan mobility anchor add 3 10.10.10.10 command, but the command is failing.

Which two conditions must be met to be able to enter this command? (Choose two.)

16. A customer has deployed PEAP authentication with a Novell eDirectory LDAP Server.

Which authentication method must be configured on the client to support this deployment?

17. Access points at branch sites for a company are in FlexConncct mode and perform local switching, but they authenticate to the central RADIUS at headquarters. VPN connections to the headquarters have gone down, but each branch site has a local authentication server.

Which three features on the wireless controller can be configured to maintain network operations if this situation reoccurs? (Choose three.)

18. Which security method does a Cisco guest wireless deployment that relies on Cisco ISE guest portal for user authentication use?

19. Which two options are types of MFP that can be performed? (Choose two.)

20. An engineer has determined that the source of an authentication issue is the client laptop.

Which three items must be verified for EAP-TLS authentication? (Choose three.)

21. An engineer requires authentication for WPA2 that will use fast rekeying to enable clients to roam from one access point to another without going through the controller.

Which security option should be configured?

22. Refer to the exhibit.

A customer is having problems with clients associating to me wireless network.

Based on the configuration, which option describes the most likely cause of the issue?

23. CORRECT TEXT

24. Which Cisco feature must an engineer configure on a cisco WLC to enable PCI specification compliance for communication of neighbor radio information?

25. MFP is enabled globally on a WLAN with default settings on single controller wireless network. Older client devices are disconnected from the network during a deauthentication attack.

What is the cause of this issue?

26. An engineer must enable EAP on a new WLAN and is ensuring that the necessary components are available.

Which component uses EAP and 802.1x to pass user authentication to the authenticator?

27. Which three configuration steps are necessary on the WLC when implementing central web authentication in conjunction with Cisco ISE. (Choose three.)

28. Refer to the exhibit.

A WLAN with the SSID "Enterprise" is configured.

Which rogue is marked as malicious?

29. Which option describes the purpose of configuring switch peer groups?

30. Which of the following user roles can access CMX Visitor Connect?

31. On which two ports does the RADIUS server maintain a database and listen for incoming authentication and accounting requests? (Choose two.)

32. Which command is an SNMPv3-specific command that an engineer can use only in Cisco IOS XE?

33. An engineer must provide a graphical trending report of the total number of wireless clients on the network.

Winch report provides the required data?

34. When a wireless client uses WPA2 AES, which keys are created at the end of the four way handshake process between the client and the access point?

35. Which customizable security report on Cisco Prime Infrastructure would show rogue APs detected since a point in time?

36. A customer is concerned that radar is impacting the access point that service the wireless network in an office located near an airport.

On which type of channel should you conduct spectrum analysis to identify if radar is impacting the wireless network?

37. An engineer configures the wireless LAN controller to perform 802.1x user authentication.

Which option must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS?

38. What is the maximum number of clients that a small branch deployment using a four-member Cisco Catalyst 3850 stack (acting as MC/MA) can support?

39. A corporation has recently implemented a BYOD policy at their HQ.

Which three risks should the security director be concerned about? (Choose three.)

40. Which three options are valid client profile probes m Cisco ISE? (Choose three.)

41. A customer is concerned about DOS attacks from a neighboring facility.

Which feature can be enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN?

42. An engineer is considering an MDM integration with Cisco ISE to assist with security for lost devices.

Which two functions of MDM increase security for lost devices that access data from the network? (Choose two.)

43. An engineer must change the wireless authentication from WPA2-Personal to WPA2-Enterprise.

Which three requirements are necessary? (Choose three.)

44. A network engineer is implementing a wireless network and is considering deploying a single SSID for device onboarding.

Winch option is a benefit of using dual SSIDs with a captive portal on the onboard SSID compared to a single SSID solution?

45. How many mobility peers can a Cisco Catalyst 3850-MC node have?

46. Which client roam is considered the fastest in a wireless deployment using Cisco IOS XE mobility controllers and mobility agents?

47. During the EAP process and specifically related to the logon session, which encrypted key is sent from the RADIUS server to the access point?

48. A customer wants to allow employees to easily onboard their devices to the wireless network.

Which process can be configured on Cisco ISE to support this requirement?

49. An engineer is deploying EAP-TLS as the authentication mechanism for an 802.1X-enabled wireless network.

Which network device is responsible for applying the digital signature to a certificate to ensure that the certificate is trusted and valid?

50. Which EAP type requires the use of device certificates?

51. Which option determines which RADIUS server is preferred the most by the Cisco WLC?

52. A Cisco WLC has been added to the network and Cisco ISE as a network device, but authentication is failing.

Which configuration within the network device configuration should be verified?

53. Which three commands are part of the requirements on Cisco Catalyst 3850 series Switch with Cisco IOX XE to create a RADIUS authentication server group? (Choose three.)

54. When a supplicant and AAA server are configured to use PEAP, which mechanism is used by the client to authenticate the AAA server in Phase One?

55. Which EAP types are supported by MAC 10.7 for authentication to a Cisco Unified Wireless Network?

56. What are two of the benefits that the Cisco AnyConnect v3.0 provides to the administrator for client WLAN security configuration? (Choose two.)

57. When using the Standalone Profile Editor in the Cisco AnyConnect v3.0 to create a new NAM profile, which two statements describe the profile becoming active? (Choose two.)

58. Which two attacks represent a social engineering attack? (Choose two.)

59. An engineer has configured passive fallback mode for RADIUS with default timer settings.

What will occur when the primary RADIUS fails then recovers?