View
5
Download
0
Category
Tags:
Preview:
DESCRIPTION
braindumps, examdumps, prepration material
Citation preview
Demo Edition
© 2014 - 2015 Troy Tec, LTD All Rights Reserved
Implementing Advanced Cisco Unified Wireless Security v2.0
Exam: 642-737
642-737
1 http://www.troytec.com
QUESTION: 1
Which protocol port(s) need open access for communication between the MSE and
WLC?
A. UDP 16666 and 16667
B. UDP 5247 and 5264
C. UDP 161 and 162
D. UDP 16113
E. TCP 16113
Answer: E
QUESTION: 2
When do NAC out-of-band deployments require user traffic to traverse through the Cisco
NAC Server?
A. posture assessment only
B. 802.1X and EAP authentication and remediation
C. posture assessment and remediation
D. 802.1X and EAP authentication, posture assessment, and remediation
Answer: C
QUESTION: 3
What three items can be found on the Wireless Control System PCI DSS Compliance
Report? (Choose three.)
A. all authentication and encryption violations
B. all ACL violations and reports
C. all IDS threats
D. detailed association history for clients connected to the network
E. all SSIDs not using Client Exclusion
F. all access points that have rogue detection enabled
Answer: A, C, D
QUESTION: 4
The Cisco WLC v7.0 is configured for external 802.1X and EAP by using the WPA2
association of wireless clients when using the Cisco Secure ACS v4.2. Which two items
are required in the Cisco Secure ACS network configuration to enable correct AAA?
642-737
2 http://www.troytec.com
(Choose two.)
A. AP IP address
B. WLC virtual IP address
C. WLC management IP address
D. WLC AP management IP address
E. hostname matching the WLC case-sensitive name
F. authentication using RADIUS
G. authentication using TACACS+
Answer: C, F
QUESTION: 5
How do you configure the Cisco Secure ACS v4.2 and Cisco WLC v7.0 to provide the
most flexibility for the management of authorized access on the WLC?
A. Local management user defined on the WLC
B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS
(Cisco Airespace)
C. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS
(IETF)
D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for
TACACS+ (Cisco Airespace)
E. The WLC configured for TACACS+ and the Cisco Secure ACS configured for
TACACS+ (Cisco IOS)
Answer: E
QUESTION: 6
A network administrator is assigning a one-to-one association for VLAN to wireless
WLAN or SSID. Given the implementation of a Cisco 2500 Series controller using v7.0,
how many WLANs can be created?
A. 8
B. 16
C. 32
D. 64
E. 128
F. 254
G. 512
642-737
3 http://www.troytec.com
Answer: B
QUESTION: 7
Refer to the exhibit.
What is the effect of setting Client Exclusion to Enabled and set to a Timeout Value of 0
seconds in a Cisco WLC v7.0?
A. Excluded clients must be manually removed from the excluded list.
B. Client exclusion will not occur.
C. Client exclusion timeout will be determined by the IDS module.
D. Clients will only be disconnected and not excluded.
Answer: A
QUESTION: 8
DRAG DROP
642-737
4 http://www.troytec.com
Answer:
Exhibit
QUESTION: 9
An engineer is configuring IDS signatures and sets Bcast deauth to enabled and
immediately begins to see Broadcast deauthentication frame alerts. What Cisco
recommended solution would resolve this issue?
A. disable Bcast deauth
B. disable Broadcast SSID on the WLAN
C. enable MFP on the WLAN
D. locate and disable the attacker
Answer: C
642-737
5 http://www.troytec.com
QUESTION: 10
Which one of the options is related to U.S. Federal Trade Commission safeguard rules for
financial institutions to protect customer information?
A. ISO
B. IEEE
C. IETF
D. Wi-Fi Alliance
E. PCI
F. HIPAA
G. GLBA
Answer: G
QUESTION: 11
Which three parameters can be communicated between a Cisco WLC v7.0 and Cisco
Compatible Extensions v4-enabled client to improve a secure roaming connection?
(Choose three.)
A. minimum SNR
B. transition time
C. scan threshold
D. hysteresis
E. PER
F. MIC errors
Answer: B, C, D
QUESTION: 12
When deploying wireless Cisco NAC OOB operations, which device signals the WLC to
switch a user from a quarantine VLAN to an access VLAN?
A. Cisco NAC Appliance Manager
B. Cisco NAC Appliance Server
C. Cisco NAC Guest Server
D. Cisco ACS
E. Cisco WCS
Answer: A
642-737
6 http://www.troytec.com
QUESTION: 13
Which statement correctly describes the usage of the debug command in a Cisco Unified
Wireless Network?
A. Debug is enabled until manual shut off.
B. Debug is available on the WLC serial console and web interface.
C. Debug is a restricted command and is not available in the AP CLI.
D. Debug is a message logging severity 7.
Answer: D
QUESTION: 14
Which option correctly lists the EAP protocol(s) that can be configured on an
autonomous AP for local authentication?
A. MAC
B. LEAP and EAP-FAST
C. MAC, LEAP, and EAP-FAST
D. MAC, EAP-FAST, EAP-PEAP, and EAP-TLS
Answer: C
QUESTION: 15
When deploying wireless Cisco NAC OOB operations, which appliance performs VLAN
mappings to map the quarantine VLANs to the access VLANs?
A. Cisco NAC Appliance Manager
B. Cisco NAC Appliance Server
C. Cisco NAC Guest Server
D. Cisco Wireless LAN Controller
E. the Layer 3 switch that connects the Cisco WLC to the Cisco NAC appliances
Answer: B
QUESTION: 16
Wireless NAC single sign-on uses which type of RADIUS records to notify the Cisco
NAC Appliance Manager about the authenticated wireless clients?
642-737
7 http://www.troytec.com
A. accounting records
B. authentication records
C. authentication and accounting records
D. preauthentication records
Answer: A
QUESTION: 17
Which type of attack is a result of a WLAN being overwhelmed by 802.1X
authentication requests?
A. NetStumbler attack
B. EAPOL flood signature
C. management flood signatures
D. broadcast deauthentication frame signatures
E. NULL probe response signatures
Answer: B
QUESTION: 18
An engineer is configuring the anchor controller for a guest network. What setting in the
guest WLAN can be different from the foreign controllers?
A. VLAN
B. radio policy
C. QOS setting
D. WLAN advanced settings
Answer: A
QUESTION: 19
Which two things should you verify if the Cisco NAC Guest Server is configured on the
network and the client cannot access the guest network? (Choose two.)
A. The controller can ping the Cisco NAC Guest Server.
B. The controller can mping and eping the Cisco NAC Guest Server.
C. AAA override is enabled on the guest WLAN.
D. Controllers and the Cisco NAC Guest Server are in the same mobility group.
642-737
8 http://www.troytec.com
Answer: A, C
QUESTION: 20
A lobby ambassador is creating guest access accounts. At which two locations can the
accounts be stored? (Choose two.)
A. NAC guest server
B. Active directory
C. WLAN controller
D. WCS
E. ACS
Answer: C, D
642-737
9 http://www.troytec.com
Recommended