Cisco 300-375 Online Practice
Questions and Exam Preparation
300-375 Exam Details
Exam Code
:300-375
Exam Name
:Securing Wireless Enterprise Networks
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:181 Q&As
Last Updated
:Dec 13, 2021
Cisco 300-375 Online Questions &
Answers
Question 171:
Which three methods are valid for guest wireless using web authentication? (Choose three.)
A. SSL B. LDAP C. local D. TLS E. EAP-TLS F. RADIUS
B. LDAP C. local F. RADIUS
There are three ways to authenticate users when you use web authentication. Local authentication allows you to authenticate the user in the Cisco WLC. You can also use an external RADIUS server or a LDAP server as a backend database in order to authenticate the users.
An AP receives a spoofed request from an attacker. Which description of 802.1x SA-Query timeout is true?
A. It confirms the legitimate client source address value by sending an encrypted ARP request B. It triggers a re-authentication for the user. C. It confirms that the previous four-way handshake done with a legitimate client is still valid D. It confirms that the client security association has not timed out.
B. It triggers a re-authentication for the user.
Question 173:
Refer to the exhibit. An engineer is designing a guest portal on Cisco ISE using the default configuration. During the testing phase, the engineer receives a warning when displaying the guest portal. Which issue is occuring?
A. The server that is providing the portal has an expired certificate B. The server that is providing the portal has a self-signed certificate C. The connection is using an unsupported protocol D. The connection is using an unsupported browser
A. The server that is providing the portal has an expired certificate
Question 174:
An engineer is adding APs to an existing VoWLAN to allow for location based services. Which option will the primary change be to the network?
A. increased transmit power on all APs B. moving to a bridging model C. AP footprint D. cell overlap would decrease E. triangulation of devices
C. AP footprint
Question 175:
Client Management Frame Protection is supported on which Cisco Compatible Extensions version clients?
A. v2 and later B. v3 and later C. v4 and later D. v5 only
D. v5 only
Question 176:
When implementing secure PCI wireless networks, which two options are specific recommendations in the PCI DSS? (Choose two.)
A. Segment logging events with other networking devices within the organization. B. Use VLAN based segmentation with MAC filters. C. Implement strong wireless authentication. D. Use a minimum 12-character random passphrase with WPA. E. Change default settings.
C. Implement strong wireless authentication. E. Change default settings.
Wireless networks that are part of the CDE must comply with all PCI DSS requirements. This includes using a firewall (requirement 1.2.3) and making sure that additional rogue wireless devices have not been added to the CDE (requirement 11.1). In addition, PCI DSS compliance for systems that include WLANs as a part of the CDE requires extra attention to WLAN specific technologies and processes such as: A. Physical security of wireless devices, B. Changing default passwords and settings on wireless devices, C. Logging of wireless access and intrusion prevention, D. Strong wireless authentication and encryption, E. Use of strong cryptography and security protocols, and F. Development and enforcement of wireless usage policies. This section will cover each of these requirements sequentially. https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guidelines.pdf
Question 177:
On which two ports does the RADIUS server maintain a database and listen for incoming authentication and accounting requests? (Choose two.)
A. UDP 1900 B. UDP port 1812 C. TCP port 1812 D. TCP port 1813 E. UDP port 1813
B. UDP port 1812 E. UDP port 1813
Explanation: RADIUS messages are sent as User Datagram Protocol (UDP) messages. UDP port 1812 is used for RADIUS authentication messages and UDP port 1813 is used for RADIUS accounting messages. Some network access servers might use UDP port 1645 for RADIUS authentication messages and UDP port 1646 for RADIUS accounting messages. By default, IAS supports receiving RADIUS messages destined to both sets of UDP ports.
You plan to implement Cisco Identity Based Networking Services on a Cisco Catalyst 3850 Series Switch. Which switch command is required when configuring downloadable ACLs?
A. authentication display new-style B. ip device tracking C. dot1x system-auth-control D. aaa session-id common
A wireless engineer wants to schedule monthly security reports in Cisco Prime Infrastructure. Drag and drop the report title from the left onto the expected results when the report is generated on the right.
Select and Place:
Question 180:
How should the Cisco Secure ACS v4.2 and the Cisco WLC v7.0 be configured to support wireless client authentication?
A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace) B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF) C. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace) D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS)
A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace)
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 300-375 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.