Securing Wireless Enterprise Networks 試験
Question No : 1
An engineer is preparing to implement a BYOD SSID at remote offices using local switching and wants to ensure that Wi-Fi Direct clients can communicate after the SSID is deployed. The engineer is planning on implementing the config wlan wifldlrect allow 1 command.
Which Wi-Fi Direct Policy consideration is applicable?
Question No : 2
The following 5 questions without answers, only supplies as reference.
A wireless engineer wants to schedule monthly security reports in Cisco Prime infrastructure. Drag and drop the report the from the left onto the expected results when the report is generated on the right.
Question No : 3
You are configuring the social login for a guest network.
Which three options are configurable social connectors in Cisco CMX Visitor Connect? (Choose three)
In this section we create an example Facebook application that can be used as a social authenticator with a splash page. While it is possible to use a Google+ app login and/or LinkedIn app, they are not covered as part of this version of the CMX guide. To get started with a Facebook App, log in to the Facebook developer portal at the following URL with your Facebook ID:
Question No : 4
A wireless engineer want to how many wlPS alerts have been detected in CISCO Prime.
Which tab does the engineer select in the windows dashboard?
Security Index, including the top security issues Adaptive WIPS Rogue classification graph Rogue containment graph Attacks detected Malicious, unclassified, friendly, and custom rogue APs CleanAir security Adhoc rogues Security
Question No : 5
Drag the EAP Authentication type on the left to the accurate description provided on the right
Question No : 6
An engineer is configuring an autonomous AP for RADIUS authentication.
What two pieces of information must be known to configure the AP? (Choose two.)
You identify RADIUS security servers by their host name or IP address, host name and specific UDP port numbers, or their IP address and specific UDP port numbers. The combination of the IP address and the UDP port number creates a unique identifier allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. This unique identifier enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address.
Question No : 7
An engineer is configuring a BYOD provisioning WLAN.
Which two advanced WLAN settings are required? (Choose two)
Allow AAA Override: Enabled
NAC State: Radius NAC (selected)
Question No : 8
Which client roam is considered the fastest in a wireless deployment using Cisco IOS XE mobility controllers and mobility agents?
• Inter-SPG, Intra-subdomain roaming―The client roaming between mobility agents in different SPGs
within the same subdomain.
Question No : 9
While deploying PEAP authentication on a customer laptop with the native Windows supplicant, the PEAP security options do not appear.
Which option describes what must be done?
Question No : 10
Which configuration step is necessary to enable Visitor Connect on an SSID?
The Pre-Authentication Flex Connect ACL is required for flex mode deployments. For more information, see the Configuring FlexConnect ACLs.
Question No : 11
An engineer is confining EAP-TLS with a client trusting server model and has configured a public root certification authority.
Which action does this allow?
This part will help you understand the concept of AAA server trust model. Specific configuration information is given in Section 6 of this document.
To support EAP-TLS, the AAA server (for example, Cisco Secure ACS) must have a certificate. Either a public certification authority or a private certification authority can be used to issue the AAA server certificate. The AAA server will trust a client certificate that was issued from the same root certification authority that issued its certificate.
Question No : 12
Refer to the exhibit.
The security team has configured an IBN profile on ISE for the guest wireless network to provide captive service.
Where must the network engineer configure the ACL and portal for the Cisco AireOS controller?
The flow would be the following:
-User associate to the Web Auth SSID
-User starts its browser
-The WLC Redirect to the guest portal (ISE/NGS)
-The user authenticate on the portal
-The Guest Portal redirect back to the WLC with the credentials entered
-The WLC Authenticate the guest user via Radius
-The WLC Redirects back to the original URL.
Question No : 13
You are configuring a Cisco WLC version 8.0.
Which two options do you find on the Layer 3 Security tab? (Choose two)
From the Layer 3 Security drop-down list, choose one of the following:
None―Layer 3 security is disabled.
Web Authentication―Causes users to be prompted for a username and password when connecting to the wireless network. This is the default value.
Web Passthrough―Allows users to access the network without entering a username and password.
Question No : 14
An engineer is designing a high availability wireless network.
What mechanism should be the focus for high availability?
Describe basic RF deployment considerations related to site survey design of data or VoWLAN applications, common RF interference sources such as devices, building material, AP location, and basic RF site survey design related to channel reuse, signal strength, and cell overlap
Question No : 15
An engineer is trying to determine if an existing configuration deviates from the Cisco defaults while enabling PMF on a WLAN.
Which set represents the default timer configuration for PMF?