300-375 | Cisco 300-375 Guidance 2019
Our pass rate is high to 98.9% and the similarity percentage between our 300-375 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Cisco 300-375 exam in just one try? I am currently studying for the Cisco 300-375 exam. Latest Cisco 300-375 Test exam practice questions and answers, Try Cisco 300-375 Brain Dumps First.
NEW QUESTION 1
A network engineer is implementing a wireless network and is considering deploying a single SSID for device onboarding. Winch option is a benefit of using dual SSIDs with a captive portal on the onboard SSID compared to a single SSID solution?
- A. limit of a single device per user
- B. restrict allowed devices types
- C. allow multiple devices per user
- D. minimize client configuration errors
NEW QUESTION 2
An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which option must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS?
- A. local EAP
- B. authentication caching
- C. pre-authentication
- D. Cisco Centralized Key Management
NEW QUESTION 3
Which EAP method can an AP use to authenticate to the wired network?
- A. EAP-GTC
- B. EAP-MD5
- C. EAP-TLS
- D. EAP-FAST
NEW QUESTION 4
An engineer ran the PCI report in Cisco Prime Infrastructure and received a warning on PCIDSS
Requirement 2.1.1 that the SNMP strings are set to default and must be changed. Which tab in the Cisco WLC can the engineer use to navigate to these settings?
- A. Management
- B. Security
- C. Controller
- D. Wireless
NEW QUESTION 5
Which two statements describe the requirements for EAP-TLS?
- A. It requires client-side and server-side certificates.
- B. It uses PAC on the client.
- C. It requires PKI.
- D. It requires a server side digital certificate on only the RADIUS server
- E. It must use AES for encryption and cannot use TKIP for encryptio
NEW QUESTION 6
802.1X AP supplicant credentials have been enabled and configured on a Cisco WLC v7.0 in both the respective Wireless>AP>Global Configuration location and AP>Credentials tab locations. What describes the 802.1X AP authentication process when connected via Ethernet to a switch?
- A. Only WLC AP global credentials are used.
- B. Only AP credentials are used.
- C. WLC global AP credentials are used first; upon failure, the AP credentials are used.
- D. AP credentials are used first; upon failure, the WLC global credentials are use
NEW QUESTION 7
While deploying PEAP authentication on a customer laptop with the native Windows supplicant, the PEAP security options do not appear. Which option describes what must be done?
- A. Enable automatic connection to the WLAN.
- B. Enable static DNS on the WLAN.
- C. Enable AES on the WLAN settings.
- D. Enable WLAN autoconfig services on the P
NEW QUESTION 8
A Customer is concerned about denial of service attacks that impair the stable operation of the corporate wireless network. The customer wants to purchase mobile devices that will operate on the corporate wireless network. Which IEEE standard should the mobile devices support to address the customer concerns?
- A. 802.11w
- B. 802.11k
- C. 802.11r
- D. 802.11h
NEW QUESTION 9
An engineer is deploying EAP-TLS as the authentication mechanism for an 802.1X-enabled wireless network. Which network device is responsible for applying the digital signature to a certificate to ensure that the certificate is trusted and valid?
- A. supplicant
- B. CA server
- C. wireless controller
- D. authentication server
NEW QUESTION 10
WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network through an ISE server. For security reasons, the network engineer wants to ensure only PEAP authentication can be used. The engineer sent instructions to clients on how to configure their supplicants, but
users are still in the ISE logs authentication using EAP-FAST. Which option describes the most efficient way the engineer can ensure these users cannot access the network unless the correct
authentication mechanism is configured?
- A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices.
- B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST.
- C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only when the EAP authentication method is PEAP.
- D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN.
NEW QUESTION 11
Clients are failing EAP authentication. A debug shows that an EAPOL start is sent and the clients are then de-authenticated. Which two issues can cause this problem? (Choose two.)
- A. The WLC certificate has changed.
- B. The WLAN is not configured for the correct EAP supplicant type.
- C. The shared secret of the WLC and RADIUS server do not match.
- D. The WLC has not been added to the RADIUS server as a client.
- E. The clients are configured for machine authentication, but the RADIUS server is configured for user authentication.
NEW QUESTION 12
An engineer configures 802.1 X authentication for the access points using the config ap 802.1Xuser add username admin password secret AP_01 command.
Which EAP method does the access point use to authenticate?
- A. EAP-TLS
- B. MS-CHAPv2 PEAP
- C. LEAP
- D. EAP-FAST
Enables or disables Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) authentication.
NEW QUESTION 13
Refer to the exhibit. You are configuring an autonomous AP for 802.1x access to a wired infrastructure. What does the command do?
- A. It enables the AP to override the authentication timeout on the RADIUS server.
- B. It configures how long the AP must wait for a client to reply to an EAP/dot1x message before the authentication fails.
- C. It enables the supplicant to override the authentication timeout on the client
- D. It configures how long the RADIUS server must wait for supplicant to reply to an EAP/dot1x message before the authentication fails.
NEW QUESTION 14
An engineer has configured passive fallback mode for RADIUS with default timer settings. What will occur when the primary RADIUS fails then recovers?
- A. RADIUS requests will be sent to the secondary RADIUS server until the secondary fails to respond.
- B. The controller will immediately revert back after it receives a RADIUS probe from the primary server.
- C. After the inactive time expires the controller will send RADIUS to the primary.
- D. Once RADIUS probe messages determine the primary controller is active the controller will revert back to the primary RADIUS.
NEW QUESTION 15
An engineer must provide a graphical trending report of the total number of wireless clients on the network. Winch report provides the required data?
- A. Client Summary
- B. Posture Status Count
- C. Client Traffic Stream Metrics
- D. Mobility Client Summary
NEW QUESTION 16
A customer is concerned that radar is impacting the access point that service the wireless network in an office located near an airport. On which type of channel should you conduct spectrum analysis to identify if radar is impacting the wireless network?
- A. UNII-3 channels
- B. UNII-1 channels
- C. 802.11b channels
- D. 2.4 GHz channels
- E. UMII-2 channels
- F. Channels 1, 5, 9, 13
NEW QUESTION 17
Which security method does a Cisco guest wireless deployment that relies on Cisco ISE guest portal for user authentication use?
- A. Layer 2 and Layer 3
- B. Layer 2 only
- C. No security methods are needed to deploy CWA
- D. Layer 3 only
NEW QUESTION 18
How many mobility peers can a Cisco Catalyst 3850-MC node have?
- A. 8
- B. 2
- C. 6
- D. 16
- E. 4
NEW QUESTION 19
Refer to the exhibit.
In this IBN topology, which device acts as the RADIUS server?
- A. directory server
- B. Cisco ISE
- C. Cisco UCS
- D. Cisco Catalyst 3850 Series Switch
NEW QUESTION 20
Local Web Auth has been configured on the East-WLC-2504A, but it is not working. Determine which actions must be taken to restore the Local Web Auth service. The Local Web Auth service must operate only with the Contractors WLAN.
Contractors WLAN ID – 10 Employees WLAN ID - 2
Note, not all menu items, text boxes, or radio buttons are active.
Which four changes must be made to configuration parameters to restore the Local Web Auth feature on the East-WLC-2504A? Assume the passwords are correctly entered as “ciscotest”. (Choose four.)
- A. Remove the existing Local Net User Bill Smith and add a New Local Net User “Bill Smith” password “ciscotest’, WLAN Profile “Contractors”.
- B. Remove WLAN 10 and WLAN 2, replace WLAN 10 with Profile Name Employees and SSID Contractors;replace WLAN 2 with Profile Name Employees and SSID Employees.
- C. Remove WLAN 10 and WLAN 2, replace WLAN 10 with Profile Name Contractors and SSID Contractors, replace WLAN 2 with Profile Name Employees and SSID Employees.
- D. Change the Layer 2 security to None on the Contractors WLAN.
- E. Under Layer 3 Security, change the Layer 3 Security to Web Policy on the Contractors WLAN.
- F. Under Security Local Net Users add a New Local Net User “Bill Smith” password “Cisco”, interface/ Interface Group “east-wing”.
- G. Change the Layer 2 Security to None + EAP Pass-through on the Contractors WLAN.
- H. Under WLANs > Edit “Contractors “change the interface/Interface group to “east-wing”.
NEW QUESTION 21
An engineer is configuring central web authentication using a Cisco 5508 wireless controller and the Cisco identity Service Engine. Which two attributes must be configured on Cisco ISE to add the controller as a network device? (Choose two.)
- A. authentication protocol
- B. RADIUS shared secret
- C. out-of-band SGA PAC
- D. controller IP address
- E. controller software version
NEW QUESTION 22
An engineer is configuring an autonomous AP for RADIUS authentication. What two pieces of information must be known to configure the AP? (Choose two.)
- A. shared secret
- B. username and password
- C. RADIUS IP address
- D. group name
- E. PAC encryption key
You identify RADIUS security servers by their host name or IP address, host name and specific UDP port numbers, or their IP address and specific UDP port numbers. The combination of the IP address and the UDP port number creates a unique identifier allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. This unique identifier enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_rad/configuration/xe-3se/3850/secusr- rad-xe-3se-3850-book/sec-rad-mult-udp-ports.html
NEW QUESTION 23
An engineer is configuring a new mobility anchor for a WLAN on the CLI with the config wlan mobility anchor add 3 10.10.10.10 command, but the command is failing. Which two conditions must be met to be able to enter this command? (Choose two.)
- A. The anchor controller IP address must be within the management interface subnet.
- B. The anchor controller must be in the same mobility group.
- C. The WLAN must be enabled.
- D. The mobility group keepalive must be configured.
- E. The indicated WLAN ID must be present on the controlle
NEW QUESTION 24
Recommend!! Get the Full 300-375 dumps in VCE and PDF From Simply pass, Welcome to Download: https://www.simply-pass.com/Cisco-exam/300-375-dumps.html (New 124 Q&As Version)