Testking offers free demo for 300-375 exam. "Securing Cisco Wireless Enterprise Networks", also known as 300-375 exam, is a Cisco Certification. This set of posts, Passing the Cisco 300-375 exam, will help you answer those questions. The 300-375 Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco 300-375 exams and revised by experts!

NEW QUESTION 1
Refer to the exhibit. You are configuring an autonomous AP for 802.1x access to a wired infrastructure. What does the command do?
300-375 dumps exhibit

  • A. It enables the AP to override the authentication timeout on the RADIUS server.
  • B. It configures how long the AP must wait for a client to reply to an EAP/dot1x message before the authentication fails.
  • C. It enables the supplicant to override the authentication timeout on the client
  • D. It configures how long the RADIUS server must wait for supplicant to reply to an EAP/dot1x message before the authentication fails.

Answer: C

NEW QUESTION 2
Regarding the guidelines for using MFP, under what circumstances will a client without Cisco compatible Extensions v5 be able to associate to a WLAN?

  • A. The DHCP Required box is unchecked.
  • B. AAA override is configured for the WLAN
  • C. Client MFP is disabled or optional.
  • D. WPA2 is enabled with TKIP or AE

Answer: D

NEW QUESTION 3
How should the Cisco Secure ACS v4.2 and the Cisco WLC v7.0 be configured to support wireless client authentication?

  • A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace)
  • B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF)
  • C. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace)
  • D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS)

Answer: A

NEW QUESTION 4
An engineer is configuring EAP-TLS with a client trusting server model and has configured a public root certification authority. Which action does this allow?

  • A. specifies a second certification authority to trust
  • B. utilizes two subcertification authority servers
  • C. creates a PKI infrastructure
  • D. validates the AAA server

Answer: D

Explanation:

To support EAP-TLS, the AAA server (for example, Cisco Secure ACS) must have a certificate. Either a public certification authority or a private certification authority can be used to issue the AAA server certificate. The AAA server will trust a client certificate that was issued from the same root
certification authority that issued its certificate.
https://www.cisco.com/en/US/tech/ CK7 22/ CK8 09/technologies_white_paper09186a008009256b.sht ml

NEW QUESTION 5
An engineer is trying to determine if an existing configuration deviates from the Cisco defaults while enabling PMF on a WLAN. Which set represents the default timer configuration for PMF?

  • A. security pmf association-comeback 1 security pmf mandatory security pmf saquery-retry-time 100
  • B. security pmf association-comeback 20 security pmf mandatory security pmf saquery-retry-time 600
  • C. security pmf association-comeback 15 security pmf mandatory security pmf saquery-retry-time 200
  • D. security pmf association-comeback 1 security pmf mandatory security pmf saquery-retry-time 200

Answer: D

NEW QUESTION 6
An engineer is securing the wireless network from vulnerabilities. Which four strategies are recommended for mitigation? (Choose four.)

  • A. MFP
  • B. identity-based networking
  • C. rogue location
  • D. EAP-TLS
  • E. guest monitoring
  • F. RF profiles
  • G. rogue detection
  • H. password policies

Answer: ACEG

NEW QUESTION 7
Which two statements describe the requirements for EAP-TLS?

  • A. It requires client-side and server-side certificates.
  • B. It uses PAC on the client.
  • C. It requires PKI.
  • D. It requires a server side digital certificate on only the RADIUS server
  • E. It must use AES for encryption and cannot use TKIP for encryptio

Answer: AB

NEW QUESTION 8
An engineer is adding APs to an existing VoWLAN to allow for location based services. Which option
will the primary change be to the network?

  • A. increased transmit power on all APs
  • B. moving to a bridging model
  • C. AP footprint
  • D. cell overlap would decrease
  • E. triangulation of devices

Answer: C

NEW QUESTION 9
A Customer is concerned about denial of service attacks that impair the stable operation of the corporate wireless network. The customer wants to purchase mobile devices that will operate on the corporate wireless network. Which IEEE standard should the mobile devices support to address the customer concerns?

  • A. 802.11w
  • B. 802.11k
  • C. 802.11r
  • D. 802.11h

Answer: A

NEW QUESTION 10
An engineer is configuring a BYOD deployment strategy and prefers a single SSID model. Which technology is required to accomplish this configuration?

  • A. mobility service engine
  • B. wireless control system
  • C. identify service engine
  • D. Prime Infrastructure

Answer: C

NEW QUESTION 11
An engineer has configured the wireless controller to authenticate clients on the employee SSID against Microsoft Active Directory using PEAP authentication. Which protocol does the controller use to communicate with the authentication server?

  • A. EAP
  • B. 802.1x
  • C. RADIUS
  • D. WPA2

Answer: A

Explanation:

Define the Layer 2 Authentication as WPA2 so that the clients perform EAP-based authentication (PEAP-MS-CHAP v2 in this example) and use the advanced encryption standard (AES) as the encryption mechanism. Leave all other values at their defaults. https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115988-nps-wlc-config-000.html

NEW QUESTION 12
What two actions must be taken by an engineer configuring wireless Identity-Based Networking for a WLAN to enable VLAN tagging? (Choose two.)

  • A. enable AAA override on the WLAN
  • B. create and apply the appropriate ACL to the WLAN
  • C. update the RADIUS server attributes for tunnel type 64, medium type 65, and tunnel private group type 81
  • D. configure RADIUS server with WLAN subnet and VLAN ID
  • E. enable VLAN Select on the wireless LAN controller and the WLAN

Answer: AC

NEW QUESTION 13
An engineer must enable EAP on a new WLAN and is ensuring that the necessary components are available. Which component uses EAP and 802.1x to pass user authentication to the authenticator?

  • A. AP
  • B. AAA server
  • C. supplicant
  • D. controller

Answer: D

NEW QUESTION 14
An engineer is configuring a new mobility anchor for a WLAN on the CLI with the config wlan mobility anchor add 3 10.10.10.10 command, but the command is failing. Which two conditions must be met to be able to enter this command? (Choose two.)

  • A. The anchor controller IP address must be within the management interface subnet.
  • B. The anchor controller must be in the same mobility group.
  • C. The WLAN must be enabled.
  • D. The mobility group keepalive must be configured.
  • E. The indicated WLAN ID must be present on the controlle

Answer: AB

NEW QUESTION 15
An engineer with ID 338860948 is implementing Cisco Identity-Based Networking on a Cisco AireOS
controller. The engineer has two ACLs on the controller. The first ACL, named BASE_ACL, is applied to the corporate_clients interface on the WLC, which is used for all corporate clients. The second ACL, named HR_ACL, is referenced by ISE in the Human Resources group policy.
Which option is the resulting ACL when a Human Resources user connects?

  • A. HR_ACL only
  • B. HR_ACL appended with BASE_ACL
  • C. BASE_ACL appended with HR_ACL
  • D. BASE_ACL only

Answer: A

NEW QUESTION 16
Refer to the exhibit.
300-375 dumps exhibit
An engineer has configured a BYOD policy that allows for printing on the WLAN utilizing Bonjour
services. However, the engineer cannot get printing working. The WLC firmware is 8.x. the printer is connected on the wired network where a few of the access points are also connected.
Which reason that printing is not working is true?

  • A. Location-specific service is not enabled on the WLC.
  • B. Secure Web Mode Cipher-Option SSLv2 is not enabled.
  • C. mBNS and IGMP snooping is not enabled on the WLC.
  • D. IGMP Query Interval value is too low.
  • E. The number of mDNS services exceeds firmware limits.

Answer: A

NEW QUESTION 17
During the EAP process and specifically related to the logon session, which encrypted key is sent from the RADIUS server to the access point?

  • A. WPA key
  • B. encryption key
  • C. session key
  • D. shared secret key

Answer: C

NEW QUESTION 18
An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which option must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS?

  • A. local EAP
  • B. authentication caching
  • C. pre-authentication
  • D. Cisco Centralized Key Management

Answer: A

NEW QUESTION 19
An engineer is designing a high availability wireless network. What mechanism should be the focus for high availability?

  • A. SNR
  • B. channel reuse
  • C. RSSI
  • D. cell overlap

Answer: B

Explanation:

Describe basic RF deployment considerations related to site survey design of data or VoWLAN applications, common RF interference sources such as devices, building material, AP location, and basic RF site survey design related to channel reuse, signal strength, and cell overlap

NEW QUESTION 20
You are configuring the social login for a guest network. Which three options are configurable social connect in Cisco CMS visitor connect? (Choose three.)

  • A. Linkedin
  • B. Pinterest
  • C. Medium
  • D. Google+
  • E. Facebook
  • F. MySpace

Answer: ADE

NEW QUESTION 21
How many mobility peers can a Cisco Catalyst 3850-MC node have?

  • A. 8
  • B. 2
  • C. 6
  • D. 16
  • E. 4

Answer: A

NEW QUESTION 22
A network engineer must segregate all iPads on the guest WLAN to a separate VLAN. How does the engineer accomplish this task without using ISE?

  • A. Use 802.1x authentication to profile the devices.
  • B. Create a local policy on the WLC.
  • C. Use an mDNS profile for the iPad device.
  • D. Enable RADIUS DHCP profiling on the WLAN.

Answer: B

NEW QUESTION 23
......

Thanks for reading the newest 300-375 exam dumps! We recommend you to try the PREMIUM Certshared 300-375 dumps in VCE and PDF here: https://www.certshared.com/exam/300-375/ (124 Q&As Dumps)