QUESTION 67
How should the Cisco Secure ACS v4.2 and the Cisco WLC v7.0 be configured to support wireless client authentication?
A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace)
B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF)
C. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace)
D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS)
Answer: A
Explanation:
QUESTION 68
Clients are failing EAP authentication. A debug shows that an EAPOL start is sent and the clients are then de-authenticated. Which two issues can cause this problem? (Choose two.)
A. The WLC certificate has changed.
B. The WLAN is not configured for the correct EAP supplicant type.
C. The shared secret of the WLC and RADIUS server do not match.
D. The WLC has not been added to the RADIUS server as a client.
E. The clients are configured for machine authentication, but the RADIUS server is configured for user authentication.
Answer: CD
Explanation:
QUESTION 69
What are two of the benefits that the Cisco AnyConnect v3.0 provides to the administrator for client WLAN security configuration? (Choose two.)
A. Provides a reporting mechanism for rouge APs
B. Prevents a user from adding any WLANs
C. Hides the complexity of 802.1X and EAP configuration
D. Supports centralized or distributed client architectures
E. Provides concurrent wired and wireless connectivity
F. Allows users to modify but not delete admin-created profiles
Answer: CD
QUESTION 70
When a supplicant and AAA server are configured to use PEAP, which mechanism is used by the client to authenticate the AAA server in Phase One?
A. PMK
B. shared secret keys
C. digital certificate
D. PAC
Answer: C
QUESTION 71
Which EAP types are supported by MAC 10.7 for authentication to a Cisco Unified Wireless Network?
A. LEAP and EAP-Fast only
B. EAP-TLS and PEAP only
C. LEAP, EAP-TLS, and PEAP only
D. LEAP, EAP-FAST, EAP-TLS, and PEAP
Answer: D
QUESTION 72
Which two attacks represent a social engineering attack? (Choose two.)
A. using AirMagnet Wi-Fi Analyzer to search for hidden SSIDs
B. calling the IT helpdesk and asking for network information
C. spoofing the MAC address of an employee device
D. entering a business and posing as IT support staff
Answer: BD
QUESTION 73
Client Management Frame Protection is supported on which Cisco Compatible Extensions version clients?
A. v2 and later
B. v3 and later
C. v4 and later
D. v5 only
Answer: D
QUESTION 74
Which three items must be configured on a Cisco WLC v7.0 to allow implementation of isolated bonding network? (Choose three.)
A. RADIUS server IP address
B. DHCP IP address
C. SNMP trap receiver IP address
D. interface name
E. SNMP community name
F. ACL name
Answer: ADF
QUESTION 75
802.1X AP supplicant credentials have been enabled and configured on a Cisco WLC v7.0 in both the respective Wireless>AP>Global Configuration location and AP>Credentials tab locations. What describes the 802.1X AP authentication process when connected via Ethernet to a switch?
A. Only WLC AP global credentials are used.
B. Only AP credentials are used.
C. WLC global AP credentials are used first; upon failure, the AP credentials are used.
D. AP credentials are used first; upon failure, the WLC global credentials are used.
Answer: B
QUESTION 76
An engineer has configured passive fallback mode for RADIUS with default timer settings.
What will occur when the primary RADIUS fails then recovers?
A. RADIUS requests will be sent to the secondary RADIUS server until the secondary fails to respond.
B. The controller will immediately revert back after it receives a RADIUS probe from the primary server.
C. After the inactive time expires the controller will send RADIUS to the primary.
D. Once RADIUS probe messages determine the primary controller is active the controller will revert back to the primary RADIUS.
Answer: C
QUESTION 77
What two actions must be taken by an engineer configuring wireless Identity-Based Networking for a WLAN to enable VLAN tagging? (Choose two.)
A. enable AAA override on the WLAN
B. create and apply the appropriate ACL to the WLAN
C. update the RADIUS server attributes for tunnel type 64, medium type 65, and tunnel private group type 81
D. configure RADIUS server with WLAN subnet and VLAN ID
E. enable VLAN Select on the wireless LAN controller and the WLAN
Answer: AC
!!!RECOMMEND!!!