Cisco 300-375 Online Practice Questions and Exam Preparation

Cisco 300-375 Online Questions & Answers

• Question 61:

  An engineer must ensure that SNMP traffic to the Cisco WLC is as secure as possible. Which SNMP configuration option should be considered?

  A. IPsec shared secret
  B. HMAC-SHA Authentication Protocol
  C. IP mask
  D. CBC-DES Privacy Protocol
  D. CBC-DES Privacy Protocol

• Question 62:

  An engineer is securing the wireless network from vulnerabilities. Which four strategies are recommended for mitigation? (Choose four.)

  A. MFP
  B. identity-based networking
  C. rogue location
  D. EAP-TLS
  E. guest monitoring
  F. RF profiles
  G. rogue detection
  H. password policies
  A. MFP
  C. rogue location
  E. guest monitoring
  G. rogue detection

• Question 63:

  A WLAN on the WLC is configured for web authentication as the Layer 3 Security policy with the web-auth type External. Which two elements are required as part of the configuration? (Choose two.)

  A. WLAN being not present in the default AP group
  B. IP address assigned to the virtual interface on the WLC, which is not routable
  C. preauth ACL to allow access to the external web server
  D. HTTPS redirection enabled
  E. web-auth secure web option enabled
  C. preauth ACL to allow access to the external web server
  E. web-auth secure web option enabled

• Question 64:

  A customer is concerned about DOS attacks from a neighboring facility. Which feature can be enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN?

  A. PMF
  B. peer-to-peer blocking
  C. Cisco Centralized Key Management
  D. split tunnel
  A. PMF

  ---

  Reference: https://www.gigawave.com/2016/05/10/techtip-802-11w-protected-management-frames/

• Question 65:

  A wireless engineer must configure a corporate wireless network that meets the latest standards and best practices in wireless security. Which two statements are true about the secure authentication process on a wireless network? (Choose two.)

  A. EAPOL is used between the authenticator and the authentication server.
  B. RADIUS and TACACS+ are used between the authenticator and the authentication server.
  C. RADIUS and TACACS+ are used between the supplicant and the authenticator.
  D. EAPOL is not used during a secure authentication process.
  E. EAPOL is used between the supplicant and the authenticator.
  B. RADIUS and TACACS+ are used between the authenticator and the authentication server.
  E. EAPOL is used between the supplicant and the authenticator.

• Question 66:

  Which Cisco feature must an engineer configure on a Cisco WLC to enable PCI specification compliance for communication of neighbor radio information?

  A. RF Grouping
  B. MFP
  C. Rogue Access Point Detection
  D. RRM NDP
  E. Off Channel Scanning
  D. RRM NDP

  ---

  Explanation: The Cisco Neighbor Discovery Packet (NDP) is the fundamental tool for RRM and other wireless applications that provides information about the neighbor radio information. You can configure the Cisco WLC to encrypt neighbor discovery packets. This feature enables you to be compliant with the PCI specifications.

  Reference: http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01111111.html

• Question 67:

  A customer requests a list of users who are authenticated using PEAP during the last two weeks on a specific Cisco lightweight AP. Which Cisco Prime Infrastructure report gathers the requested data?

  A. PCI DSS Summary
  B. Client Sessions
  C. End User Summary
  D. AP Utilization
  B. Client Sessions

• Question 68:

  MFP is enabled globally on a WLAN with default settings on a single controller wireless network. Older client devices are disconnected from the network during a deauthentication attack.

  What is the cause of this issue?

  A. The client devices do not support WPA
  B. The client devices do not support CCXv5.
  C. The MFP on the WLAN is set to optional.
  D. The NTP server is not configured on the controller.
  C. The MFP on the WLAN is set to optional.

  ---

  Explanation: Client MFP shields authenticated clients from spoofed frames, which prevents the effectiveness of many of the common attacks against wireless LANs. Most attacks, such as deauthentication attacks, revert to simply degraded

  performance when they contend with valid clients.

  Specifically, client MFP encrypts management frames sent between access points and CCXv5 clients so that both access points and clients can take preventive action and drop spoofed class 3 management frames (that is, management

  frames passed between an access point and a client that is authenticated and associated). Client MFP leverages the security mechanisms defined by IEEE 802.11i to protect these types of class 3 unicast management frames: disassociation,

  deauthentication, and QoS (WMM) action. Client MFP can protect a client-access point session from the most common type of denial-of-service attack. It protects class 3 management frames with the same encryption method used for the

  data frames of the session. If a frame received by the access point or client fails decryption, it is dropped, and the event is reported to the controller.

  In order to use client MFP, clients must support CCXv5 MFP and must negotiate WPA2 with either TKIP or AES-CCMP. EAP or PSK can be used to obtain the PMK. CCKM and controller mobility management are used to distribute session

  keys between access points or Layer 2 and Layer 3 fast roaming.

  Reference: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/82196-mfp.html

• Question 69:

  A wireless engineer wants to view how many wIPS alerts have been detected in Cisco Prime. Which lab does the engineer select in the wireless dashboard?

  A. Security
  B. Context Aware
  C. Mesh
  D. CleanAir
  A. Security

  ---

  Security Index, including the top security issues Adaptive WIPS Rogue classification graph Rogue containment graph Attacks detected Malicious, unclassified, friendly, and custom rogue APs CleanAir security Adhoc rogues Security https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/user/guide/pi_ug/view-dash.html

• Question 70:

  Which of the following user roles can access CMX Visitor Connect?

  A. Connect
  B. Power User
  C. Guest User
  D. Super Administrator
  D. Super Administrator

  ---

  Reference: https://www.cisco.com/c/en/us/td/docs/wireless/mse/7-6/CMX_Dashboard/Guide/Cisco_CMX_Dashboard_Config_Guide/CMX_Dashboard_Visitor_Connect.pdf