642-736 - Implementing Advanced Cisco Unified Wireless Security (IAUWS)
Go back to Cisco
Which two statements about the EAP-FAST client-server authentication protocol are true? (Choose two.)
PAC can be distributed manually (out-of-band provisioning) or automatically (in-band provisioning).
EAP-FAST protocol uses PAC keys to establish secure encrypted tunnels between client and server.
What is the Cisco NAC Guest Server account management used for?
To deploy external guest management for billing purposes
Which two roles does the Cisco MSE serve in an Adaptive wIPS deployment? (Choose two.)
Forensics (packet capture) storage
Which two things should you verify if the Cisco NAC Guest Server is configured on the network and the client cannot access the guest network? (Choose two.)
The controller can ping Cisco NAC Guest Server.
AAA override is enabled on the guest WLAN.
Which APs support H-REAP?
CiscoAironet 1130, 1140, 1240, and 1250 series APs
Which function does a rogue detector access point perform?
Identifying a rogue AP on the wired network
Which three information items does Spectrum Expert provide to Cisco WCS about an interfering device? (Choose three.)
Type of interfering device
Bandwidth of the interferer
Power of the interferer
Which two configuration parameters does NAC OOB require on a SSID/WLAN? (Choose two.)
Open authentication on the WLAN
802.1x configuration on the WLAN
When troubleshooting clients on the Diagnostic channel, which two statements are true? (Choose two.)
When turning the Diagnostic channel on the WLAN, the WLAN becomes disabled.
Only clients with Cisco Compatible Extensions enabled can be used for troubleshooting on the Diagnostic channel.
Which two options are valid for configuring a controller IDS signature rule? (Choose two.)
When deploying guest WLAN access using the anchor controller, the foreign controller initiates the EoIP tunnel to the anchor controller through which interface?
Which Adaptive wIPS component is the central point or alarm aggregation from all controllers and their respective Adaptive wIPS monitor mode APs and is where the alarm information and forensic files are stored for archival purposes?
Which default port(s) are used for communications between the controller and the Cisco IPS Sensor?
TCP port 443
Which two 802.11 frame types can be used in a virtual carrier (big NAV) attack? (Choose two.)
Cisco Wireless LAN Controller web authentication can use which three databases? (Choose three.)
Local database of a controller
Cisco MFP is used to protect which types of class 3 management frames?
Disassociation,Deauthentication, QoS WMM action frames
When deploying guest WLAN access using the anchor controller, which is used to transport the guest data traffic between the foreign and anchor controllers?
IP protocol 97
As of controller release v5.2, which two statements about wired guest access support are true? (Choose two.)
It is not supported on the Cisco 2100 Series Controllers.
The wired guest access ports must be in the same Layer 2 network as the foreign controller.
What two configuration parameters are usually different on the foreign and anchor controllers? (Choose two.)
WLAN mobility anchor configuration
Interface mapped to the WLAN
What can prevent an eavesdropping attack?
Which IETF RADIUS attributes can be used for dynamic VLAN assignment?
64, 65, 81
Dynamic VLAN assignment can be done on a Cisco Wireless LAN Controller using which two attributes? (Choose two.)
RADIUS IETF attributes
Which two actions can controller lobby ambassadors perform? (Choose two.)
Create a guest user account.
Specify amount of time guest users remain active.
Which command tests the mobility ping over UDP?
Which two traits make a rogue the most dangerous in terms of security vulnerability? (Choose two.)
Rogue using open security
Rogue attached to the wired network
How does Cisco implement infrastructure MFP?
Using a digital signature mechanism to insert a MIC into 802.11 management frames
The basic EAP protocol consists of which packet types?
EAP request, EAP response, EAP success, EAP failure
An RF jamming attack can be mitigated with which tactic?
Which authentication protocol does H-REAP AP local authentication support?
The wireless client can roam faster on the Cisco Unified Wireless Network infrastructure when which condition is met?
Cisco Centralized Key Management is used for Fast Secure Roaming.
Which three 802.1x Authentication Modes can be configured with Cisco Secure Services Client supplicant? (Choose three.)
ACLs configured on the controller can be applied to which three options? (Choose three.)
What is the purpose of looking for anomalous behavior on a WLAN infrastructure?
Identifying new attack tools
Which two steps are required for creating a wired guest user? (Choose two.)
Select the managementinterface as the egress interface.
Select the interface you created as the guest LAN interface in the ingress interface menu.
Which WLAN security feature enables clients to securely roam from one access point to another without the need to reauthenticate to the RADIUS server?
For wireless NAC OOB implementation, the Cisco WLC is added on the Cisco NAC Appliance Manager as what kind of device?
OOB management device
Which two attacks are examples of Layer 2 denial of service attacks? (Choose two.)
Which configuration option can make the shared secret between the controller and the RADIUS server more secure?
AES key wrap
When implementing an Cisco IPS Sensor in a multi-controller network, what is the recommended configuration?
Add the Cisco IPS Sensor to one controller and ensure all controllers are in the same mobility group.
Which two options are supported when deploying wireless NAC out-of-band implementations? (Choose two.)
Cisco NAS in virtual gateway mode
Cisco NAC Guest Server integration with the Cisco NAM
Which two statements about the switch port tracing feature are true? (Choose two.)
Cisco WCS uses CDP to perform switch port tracing.
Switch port tracing has an option to trace the switch port or another option to shut down the switch port.
What is necessary for web authentication in a Cisco Wireless LAN Controller?
Layer 3 security feature
Where do the guest WLANs have to be configured when using the foreign and anchor controller approach?
Both foreign and anchor controllers
What does the Cisco Wireless LAN Controller allow AAA override configuration apply to the WLAN?
Configurations from the RADIUS server
When will the controller retrieve the shun list from the Cisco IP Sensor?
At regular configurable intervals
Why is the guest LAN configured on the foreign controller?
To support wired guest users
To assign Cisco Airespace vendor-specific attributes to a wireless client, the wireless controller needs to be defined as which type of AAA client in Cisco Secure ACS Server?
Which three items are needed to execute an effective hijacking attack? (Choose three.)
Rouge DHCP server
Which EAP types does Cisco Secure ACS support?
Cisco LEAP, EAP-Fast, EAP-TLS, PEAP
When adding a new Local Net User on the controller, what happens if the Guest User check box is selected?
The amount of time the guest user has access to the local network will be limited.