Cisco 300-375 Online Practice Questions and Exam Preparation

Cisco 300-375 Online Questions & Answers

• Question 91:

  

  Refer to the exhibit. Which method list do you use to enable the Dot1x System Auth Control?

  A. Authentication
  B. Accounting
  C. Authorization
  D. General
  A. Authentication

• Question 92:

  Which three WLAN polices can be controlled by using the Cisco IBNS on the Cisco WLC and Cisco Secure ACS? (Choose three.)

  A. QoS setting
  B. VLAN
  C. EAP type
  D. ACL
  E. authentication priority order
  F. NAC state
  A. QoS setting
  B. VLAN
  D. ACL

• Question 93:

  An engineer has configured MAC filtering on an employee WLAN and wants clients that fail MAC filtering to attempt to be authenticated via the RADIUS server before denying network access. Which functionality must be enabled on the WLAN to achieve this goal?

  A. MAC authentication failover to 802.1X authentication
  B. EAP-TLS failover to 802.11r authentication
  C. WPA2 AES failover to RADIUS authentication
  D. 802.1x failover to WPA2 AES authentication
  A. MAC authentication failover to 802.1X authentication

  ---

  Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-8/config-guide/b_cg88/wlan_security.html

• Question 94:

  A wireless engineer has performed a Wireshark capture on an 802.1x authentication process to troubleshoot a connectivity issue. Which two types of packet does the EAP contain? (Choose two.)

  A. EAP complete
  B. EAP response
  C. EAP failure
  D. EAP request
  E. EAP reply
  B. EAP response
  D. EAP request

• Question 95:

  An engineer is configuring EAP-TLS with a client trusting server model and has configured a public root certification authority. Which action does this allow?

  A. utilizes two subcertification servers
  B. validates the AAA server
  C. creates a PKI infrastructure
  D. specifies a second certification authority to trust
  B. validates the AAA server

  ---

  To support EAP-TLS, the AAA server (for example, Cisco Secure ACS) must have a certificate. Either a public certification authority or a private certification authority can be used to issue the AAA server certificate. The AAA server will trust a client certificate that was issued from the same root certification authority that issued its certificate. https://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a008009256b.shtml

• Question 96:

  A corporation has recently implemented a BYOD policy at their HQ. Which three risks should the security director be concerned about? (Choose three.)

  A. unauthorized users
  B. rogue ad-hocs
  C. software piracy
  D. lost and stolen devices
  E. malware
  F. keyloggers
  A. unauthorized users
  C. software piracy
  E. malware

• Question 97:

  A company is deploying wireless PCs on forklifts within its new 10,000-square-foot (3048-square- meter) facility. The clients are configured for PEAP-MS-CHAPv2 with WPA TKIP. Users report that applications frequently drop when the clients roam between access points on the floor. A professional site survey was completed. Which configuration change is recommended to improve the speed of client roaming?

  A. EAP-FAST
  B. EAP-TLS
  C. WPA AES
  D. WPA2 AES
  D. WPA2 AES

  ---

  Although the controller and APs support WLAN with SSID using WiFi Protected Access (WPA) and WPA2 simultaneously, it is common that some wireless client drivers cannot handle complex SSID settings. Whenever possible, Cisco recommends WPA2 only with Advanced Encryption Standard (AES). However, due to standards and mandatory WiFi Alliance certification process, TKIP support is required across future software versions. Keep the security policies simple for any SSID. Use a separate WLAN/SSID with WPA and Temporal Key Integrity Protocol (TKIP), and a separate one with WPA2 and Advanced Encryption Standard (AES). Since TKIP is being deprecated, Cisco recommends to use TKIP together with WEP, or to migrate out of TKIP completely and use PEAP, if possible.

• Question 98:

  An engineer is configuring an autonomous AP for RADIUS authentication.

  What two pieces of information must be known to configure the AP? (Choose two.)

  A. username and password
  B. shared secret
  C. RADIUS IP address
  D. group name
  E. PAC encryption key
  B. shared secret
  C. RADIUS IP address

  ---

  You identify RADIUS security servers by their host name or IP address, host name and specific UDP port numbers, or their IP address and specific UDP port numbers. The combination of the IP address and the UDP port number creates a unique identifier allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. This unique identifier enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_rad/configuration/xe-3se/3850/sec- usr-rad-xe-3se-3850-book/sec-rad-mult-udp-ports.html

• Question 99:

  An administrator receives reports of many interferers in the wireless network and wants to get the location of these interferers from the maps in Cisco Prime Infrastructure. When looking at the floor plans/maps, the administrator does not see any interferers, but can see all wireless clients located successfully. Which two statements define the cause of the issue? (Choose two.)

  A. MSE is not added to Cisco Prime infrastructure and synchronized.
  B. Interferer tracking is not enabled on the MSE.
  C. SNMP between Cisco Prime Infrastructure and the WLC is failing.
  D. Context Aware Service tracking limit has already been reached with tracking other elements.
  E. NSMP communication is inactive with the WLC.
  A. MSE is not added to Cisco Prime infrastructure and synchronized.
  B. Interferer tracking is not enabled on the MSE.

  ---

  Reference: https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112139-cleanair-uwn-guide-00.html

• Question 100:

  A network engineer is implementing a wireless network and is considering deploying a single SSID for device onboarding. Which option is a benefit of using dual SSIDs with a captive portal on the onboard SSID compared to a single SSID solution?

  A. limit of a single device per user
  B. restrict allowed devices types
  C. allow multiple devices per user
  D. minimize client configuration errors
  B. restrict allowed devices types