Cisco 300-375 Class 2021

NEW QUESTION 1
Refer to the exhibit.

What is the 1.1.1.1 IP address?

• A. the wireless client IP address
• B. the RADIUS server IP address
• C. the controller management IP address
• D. the lightweight IP address
• E. the controller AP-manager IP address
• F. the controller virtual interface IP address

Answer: F

NEW QUESTION 2
Which attribute on the Cisco WLC v7.0 does RADIUS IETF attribute "Tunnel-Private-Group ID" assign?

• A. ACL
• B. DSCP
• C. QoS
• D. VLAN

Answer: D

NEW QUESTION 3
Refer to the exhibit.

In this IBN topology, which device acts as the RADIUS server?

• A. directory server
• B. Cisco ISE
• C. Cisco UCS
• D. Cisco Catalyst 3850 Series Switch

Answer: D

NEW QUESTION 4
An engineer must change the wireless authentication from WPA2-Personal to WPA2-Enterprise. Which three requirements are necessary? (Choose three.)

• A. EAP
• B. 802.1x
• C. RADIUS
• D. per-shared key
• E. 802.11u
• F. fast secure roaming
• G. 802.11i

Answer: ACG

NEW QUESTION 5
During the EAP process and specifically related to the logon session, which encrypted key is sent from the RADIUS server to the access point?

• A. WPA key
• B. encryption key
• C. session key
• D. shared secret key

Answer: C

NEW QUESTION 6
A network engineer must segregate all iPads on the guest WLAN to a separate VLAN. How does the engineer accomplish this task without using ISE?

• A. Use 802.1x authentication to profile the devices.
• B. Create a local policy on the WLC.
• C. Use an mDNS profile for the iPad device.
• D. Enable RADIUS DHCP profiling on the WLAN.

Answer: B

NEW QUESTION 7
Which three commands are part of the requirements on Cisco Catalyst 3850 series Switch with Cisco IOX XE to create a RADIUS authentication server group? (Choose three.)

• A. authentication dot1x default local
• B. aaa session-idcommon
• C. dot1x system-auth-control
• D. aaa new-model
• E. local-auth wcm_eap_prof
• F. security dot1x

Answer: BCD

NEW QUESTION 8
An engineer has determined that the source of an authentication issue is the client laptop. Which three items must be verified for EAP-TLS authentication? (Choose three.)

• A. The client certificate is formatted as X 509 version 3
• B. The validate server certificate option is disabled.
• C. The client certificate has a valid expiration date.
• D. The user account is the same in the certificate.
• E. The supplicant is configured correctly.
• F. The subject key identifier is configured correctl

Answer: ADF

NEW QUESTION 9
An engineer with ID 338860948 is implementing Cisco Identity-Based Networking on a Cisco AireOS
controller. The engineer has two ACLs on the controller. The first ACL, named BASE_ACL, is applied to the corporate_clients interface on the WLC, which is used for all corporate clients. The second ACL, named HR_ACL, is referenced by ISE in the Human Resources group policy.
Which option is the resulting ACL when a Human Resources user connects?

• A. HR_ACL only
• B. HR_ACL appended with BASE_ACL
• C. BASE_ACL appended with HR_ACL
• D. BASE_ACL only

Answer: A

NEW QUESTION 10
An engineer has configured passive fallback mode for RADIUS with default timer settings. What will occur when the primary RADIUS fails then recovers?

• A. RADIUS requests will be sent to the secondary RADIUS server until the secondary fails to respond.
• B. The controller will immediately revert back after it receives a RADIUS probe from the primary server.
• C. After the inactive time expires the controller will send RADIUS to the primary.
• D. Once RADIUS probe messages determine the primary controller is active the controller will revert back to the primary RADIUS.

Answer: C

NEW QUESTION 11
When using the Standalone Profile Editor in the Cisco AnyConnect v3.0 to create a new NAM profile, which two statements describe the profile becoming active? (Choose two.)

• A. selects the new profile from NAM
• B. selects "Network Repair" from NAM
• C. becomes active after a save of the profile name
• D. ensures use of "configuration.xml" as the profile name
• E. ensures use of "config.xml" as the profile name
• F. ensures use of "nam.xml" as the profile name

Answer: BD

NEW QUESTION 12
Access points at branch sites for a company are in FlexConncct mode and perform local switching, but they authenticate to the central RADIUS at headquarters. VPN connections to the headquarters have gone down, but each branch site has a local authentication server. Which three features on the wireless controller can be configured to maintain network operations if this situation reoccurs? (Choose three.)

• A. Put APs in FlexConnect Group for Remote Branches.
• B. Set Branch RADIUS as Primary.
• C. Put APs in AP Group Per Branch.
• D. Put APs in FlexConnect Group Per Branch.
• E. Set Branch RADIUS OS Secondary.
• F. Set HQ RADIUS a-s primar

Answer: AEF

NEW QUESTION 13
Which mobility mode must a Cisco 5508 wireless Controller be in to use the MA functionality on a cisco catalyst 3850 series switch with a cisco 550 Wireless Controller as an MC?

• A. classic mobility
• B. new mobility
• C. converged access mobility
• D. auto-anchor mobility

Answer: C

NEW QUESTION 14
An engineer is configuring client MFP. What WLAN Layer 2 security must be selected to use client MFP?

• A. Static WEP
• B. CKIP
• C. WPA+WPA2
• D. 802 1x

Answer: C

NEW QUESTION 15
Scenario
Local Web Auth has been configured on the East-WLC-2504A, but it is not working. Determine which actions must be taken to restore the Local Web Auth service. The Local Web Auth service must operate only with the Contractors WLAN.
Contractors WLAN ID – 10 Employees WLAN ID - 2
Note, not all menu items, text boxes, or radio buttons are active.

Virtual Terminal





Which four changes must be made to configuration parameters to restore the Local Web Auth feature on the East-WLC-2504A? Assume the passwords are correctly entered as “ciscotest”. (Choose four.)

• A. Remove the existing Local Net User Bill Smith and add a New Local Net User “Bill Smith” password “ciscotest’, WLAN Profile “Contractors”.
• B. Remove WLAN 10 and WLAN 2, replace WLAN 10 with Profile Name Employees and SSID Contractors;replace WLAN 2 with Profile Name Employees and SSID Employees.
• C. Remove WLAN 10 and WLAN 2, replace WLAN 10 with Profile Name Contractors and SSID Contractors, replace WLAN 2 with Profile Name Employees and SSID Employees.
• D. Change the Layer 2 security to None on the Contractors WLAN.
• E. Under Layer 3 Security, change the Layer 3 Security to Web Policy on the Contractors WLAN.
• F. Under Security Local Net Users add a New Local Net User “Bill Smith” password “Cisco”, interface/ Interface Group “east-wing”.
• G. Change the Layer 2 Security to None + EAP Pass-through on the Contractors WLAN.
• H. Under WLANs > Edit “Contractors “change the interface/Interface group to “east-wing”.

Answer: CEFG

NEW QUESTION 16
A wireless engineer must implement a corporate wireless network for a large company with ID 338860948 in the most efficient way possible. The wireless network must support a total of 32 VLANS for 300 employees in different departments.
What is the best configuration option in this scenario?

• A. Configure a second WLC to support half of the APs in the deployment.
• B. Configure different AP groups to support different VLANs, so that all of the WLANs can be broadcast on both radios.
• C. Configure 16 WLANs to be broadcast on the 2.4-GHz band and 16 WLANs to be broadcast on the 5.0-GHz band.
• D. Configure one single SSID and implement Cisco ISE VLLAN assignment according to different user roles.

Answer: B

NEW QUESTION 17
WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network through
an ACS server. For security reasons, the network engineer wants to ensure only PEAP authentication can be used. The engineer sent instructions to clients on how to configure their supplicants, but users are still in the ACS logs authentication using EAP-FAST. Which option describes the most efficient way the engineer can ensure these users cannot access the network unless the correct authentication mechanism is configured?

• A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices.
• B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST.
• C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only when the EAP authentication method is PEAP.
• D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN.

Answer: D

NEW QUESTION 18
An engineer is configuring a wireless network for local FlexConnect authentication. What three configurations are required for the WLC with WLAN 1 and AP Cisco? (Choose three.)

• A. config ap filexconnect vlan enable Cisco
• B. config wlan filexconnect vlan-central-switching 1 enable
• C. config ap filexconnect vlan wlan 1 Cisco
• D. config wlan filexconnect local-switching 1 enable
• E. config wlan filexconnect ap-auth 1 enable
• F. config ap mode filexconnect Cisco

Answer: ACD

NEW QUESTION 19
Client Management Frame Protection is supported on which Cisco Compatible Extensions version clients?

• A. v2 and later
• B. v3 and later
• C. v4 and later
• D. v5 only

Answer: D

NEW QUESTION 20
When you configure BYOD access to the network, you face increased security risks and challenges. Which challenge is resolved by deploying digital client certificates?

• A. managing the increase connected devices
• B. ensuring wireless LAN performance and reliability
• C. providing device choice and support
• D. enforcing company usage policies

Answer: D

NEW QUESTION 21
An engineer has configured central web authentication on the wireless network, but clients are receiving untrusted certificate errors on their internet browsers when directed to the guest splash page. Which file must be provided to an approved trusted certificate authority to fix this issue?

• A. EAP-TLS certificate generate by WLC
• B. CSR generated by identity Service Engine
• C. CSR generated by the WLC
• D. EAP-TLS certificate generated by the access point

Answer: B

NEW QUESTION 22
When a supplicant and AAA server are configured to use PEAP, which mechanism is used by the client to authenticate the AAA server in Phase One?

• A. PMK
• B. shared secret keys
• C. digital certificate
• D. PAC

Answer: C

NEW QUESTION 23
An engineer is deploying EAP-TLS as the authentication mechanism for an 802.1X-enabled wireless network. Which network device is responsible for applying the digital signature to a certificate to ensure that the certificate is trusted and valid?

• A. supplicant
• B. CA server
• C. wireless controller
• D. authentication server

Answer: B

NEW QUESTION 24
Which three items must be configured on a Cisco WLC v7.0 to allow implementation of isolated bonding network? (Choose three.)

• A. RADIUS server IP address
• B. DHCP IP address
• C. SNMP trap receiver IP address
• D. interface name
• E. SNMP community name
• F. ACL name

Answer: ADF

NEW QUESTION 25
......