Cisco 300-430 Online Practice Questions and Exam Preparation

Cisco 300-430 Online Questions & Answers

• Question 101:

  A network administrator wants to receive an email notification whenever their wireless network detects a rogue AP that is stronger than -65 dBm. To accomplish this, Cisco Prime Infrastructure must be used to create and install configuration templates that establish a rogue AP rule.

  Which rule configuration must be used?

  A. Set to Rule Type "Email", Notify "All", and include condition "RSSI" with a value of "?5 dBm."
  B. Set to Rule Type "Malicious," Notify "All", and include condition "RSSI" with a value of "?5 dBm."
  C. Set to Rule Type "Malicious," Notify "Email", and include condition "RSSI" with a value of "?5 dBm."
  D. Set to Rule Type "Malicious," Notify "Enabled", and include condition "RSSI" with a value of ?5 dBm."
  C. Set to Rule Type "Malicious," Notify "Email", and include condition "RSSI" with a value of "?5 dBm."

• Question 102:

  An engineer must configure Cisco OEAPs for three executives. As soon as the NAT address is configured on the management interface, it is noticed that the WLC is not responding for APs that are trying to associate to the internal IP

  management address.

  Which command should be used to reconcile this?

  A. config flexconnect office-extend nat-ip-only disable
  B. config network ap-discovery nap-ip-only enable
  C. config flexconnect office-extend nat-ip-only enable
  D. config network ap-discovery nat-ip-only disable
  D. config network ap-discovery nat-ip-only disable

  ---

  Explanation Explanation/Reference:https://community.cisco.com/t5/wireless/office-extend-ap-and-external- addresses/td-p/3742395

• Question 103:

  WPA2 Enterprise with 802.1X is being used for clients to authenticate to a wireless network through a Cisco ISE server. For security reasons, the network engineer wants to ensure that only PEAP authentication is used. The engineer sent instructions to clients on how to configure the supplicants, but the ISE logs still show users authenticating using EAP-FAST. Which action ensures that access to the network is restricted for these users unless the correct authentication mechanism is configured?

  A. Enable AAA override on the SSID, gather the usernames of these users, and disable the RADIUS accounts until the devices are correctly configured.
  B. Enable AAA override on the SSID and configure an ACL on the WLC that allows access to users with IP addresses from a specific subnet.
  C. Enable AAA override on the SSID and configure an access policy in Cisco ISE that denies access to the list of MACs that have used EAP-FAST.
  D. Enable AAA override on the SSID and configure an access policy in Cisco ISE that allows access only when the EAP authentication method is PEAP.
  D. Enable AAA override on the SSID and configure an access policy in Cisco ISE that allows access only when the EAP authentication method is PEAP.

• Question 104:

  An engineer has implemented 802.1x authentication on the wireless network utilizing the internal database of a RADIUS server. Some clients reported that they are unable to connect. After troubleshooting, it is found that PEAP authentication is failing. A debug showed the server is sending an Access-Reject message. Which action must be taken to resolve authentication?

  A. Use the user password that is configured on the server.
  B. Disable the server certificate to be validated on the client.
  C. Update the client certificate to match the user account.
  D. Replace the client certificates from the CA with the server certificate.
  D. Replace the client certificates from the CA with the server certificate.

  ---

  Explanation Explanation/Reference:https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_troubleshooting.html

• Question 105:

  A wireless engineer must configure IEEE 802.1X authentication on a WLAN that supports new and legacy wireless devices. Which condition must be met for the legacy clients to be able to associate and authenticate without issues?

  A. The authenticator and the authentication server must support the same authentication protocol.
  B. The client and the authenticator must support the same authentication protocol.
  C. The client and the controller must support the same authentication protocol.
  D. The client and the authentication server must support the same authentication protocol.
  B. The client and the authenticator must support the same authentication protocol.

• Question 106:

  An engineer deploys APs to a branch office. All AP control and management-related traffic must be tunneled to a centralized WLC via CAPWAP. All user traffic must utilize the local Internet line. What should be configured?

  A. wireless mesh network
  B. centrally switched FlexConnect
  C. locally switched FlexConnect
  D. a WLC in local mode
  C. locally switched FlexConnect

• Question 107:

  Refer to the exhibit.

  

  An engineer implemented the CPU ACL on your Cisco 5520 Series Wireless LAN Controller, and the controller is no longer manageable via the network. What must be changes on this CPU ACL to enable it to manage the controller again?

  A. Line 1 must be set to a destination port of HTTP
  B. Permit statements must be added to the top of the ACL in both directions, which specify the network to be managed from and the virtual interface of the controller.
  C. Line 1 must be set to the inbound direction. 2
  D. Permit statements must be added to the top of the ACL, which specify the network to be managed from
  B. Permit statements must be added to the top of the ACL in both directions, which specify the network to be managed from and the virtual interface of the controller.

• Question 108:

  More people are working from home, so an engineer must configure OEAPs to support the users. The security team already configured NAT with a public IP address that points to the internal WLC IP address. The APs also have been configured with the public WLC IP address, but APs cannot join the controller yet. Which action resolves this issue?

  A. Configure the internal WLC IP address on the OEAPs.
  B. Create an ACL in WLC to accept the OEAPs.
  C. Enable NAT on the WLC to configure the public IP address.
  D. Configure the public WLC IP address on the home router.
  C. Enable NAT on the WLC to configure the public IP address.

• Question 109:

  An engineer is configuring location services with a Cisco CMX 10.6.2 solution. The engineer must strengthen interferer filtering so that Cisco CMX is protected from bursts of short-lived interferes. Which two interferer-filtering parameters must be configured to meet the requirement? (Choose two.)

  A. Intensity Cutoff
  B. Severity Cutoff
  C. Duty Cycle Cutoff
  D. RSSI Maximum
  E. Utilization Maximum
  A. Intensity Cutoff
  C. Duty Cycle Cutoff

• Question 110:

  After installing and configuring Cisco CMX, an administrator must change the NTP server on the Cisco CMX server. Which action accomplishes this task?

  A. Manually edit /etc/ntp.conf using an XML editor before restarting the server by using service restart all services.
  B. Log in to the Cisco CMX CLI and issue set ntp server NTP IP where NTP IP is the IP of the NTP server.
  C. Manually edit /etc/ntp.conf as the admin user before restarting ntpd by using service ntpd restart.
  D. Log in to the Cisco CMX GUI as the administrator and type the IP address of the NTP server in System tab > Settings> TimeZone/NTP.
  C. Manually edit /etc/ntp.conf as the admin user before restarting ntpd by using service ntpd restart.

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/support/docs/wireless/connected-mobile-experiences/200906-Troubleshooting-CMX-connectivity-with-WL.pdf