642-737 - Implementing Advanced Cisco Unified Wireless Security
Go back to Cisco
Which option verifies that a wireless client has authenticated to a WLAN when performing NAC using the Cisco NAC Appliance Manager and Server?
Cisco CAM Monitor > View Online Users
Which statement correctly describes a wireless client connection to the Cisco WLC v7.0 that is configured for web guest access?
The client associates to the foreign controller and authenticates to the anchor controller.
Which two EAP type(s) require a client certificate? (Choose two.)
When configuring the WLC for NAC out-of-band, which device will be used for SNMP trap receiver IP address entries?
Cisco NAC Appliance Manager
In which three places can certificates be used in a WLAN to provide secure communications? (Choose three.)
between AP and WLC
between client and WLC
between client and RADIUS server
Which two things should you verify if the Cisco NAC Guest Server is configured on the network and the client cannot access the guest network? (Choose two.)
The controller can ping the Cisco NAC Guest Server.
AAA override is enabled on the guest WLAN.
An engineer is configuring 802.1x authentication on an autonomous AP. What two configuration commands must be included on the AP if the RADIUS server IP is 10.9.4.9? (Choose two.)
radius-server host 10.9.4.9 auth-port 1812 acct-port 1813 key Cisco123
When deploying wireless Cisco NAC OOB operations, which device signals the WLC to switch a user from a quarantine VLAN to an access VLAN?
Cisco NAC Appliance Manager
Which answer best describes the implementation of IBN using the Cisco WLC v7.0 and Cisco Secure ACS v4.2?
Configure the ACS for attributes. Configure the WLC for RADIUS server, AAA override, and attributes.
A wireless client has a browser with a manually configured proxy. The Cisco WLC v7.0 has been configured for basic WLAN Layer 3 web pass through with the remaining default configuration. Which two statements are true when the client attempts to connect to a WLAN for guest access using web authentication? (Choose two.)
The WLC allows access if it is configured for WebAuth Proxy.
Access requires DHCP with option 252.
What does the Cisco WLC v7.0 use to encrypt broadcast and multicast frames that are sent to a wireless client?
Which two tools help to provide PCI compliance reports? (Choose two.)
AirMagnet WiFi Analyzer
Which two statements are true about configuring a wired guest LAN feature? (Choose two.)
Select the management interface as the egress interface to reach the anchor controller
Select the interface that you created as the guest LAN interface in the ingress interface menu
Wireless NAC single sign-on uses which type of RADIUS records to notify the Cisco NAC Appliance Manager about the authenticated wireless clients?
Which type of attack is a result of a WLAN being overwhelmed by 802.1X authentication requests?
EAPOL flood signature
Which protocol port(s) need open access when deploying NAC appliances to communicate with the Cisco WLC v7.0 to move an authenticated user from the quarantine VLAN to the access VLAN?
UDP 161 and 162
When deploying wireless Cisco NAC OOB operations, which appliance performs VLAN mappings to map the quarantine VLANs to the access VLANs?
Cisco NAC Appliance Server
Employees are allowed to start bringing their own wireless devices to work for use on the 802.11a/b/g/n WLAN when using their existing credentials. However, they are experiencing issues. Which two items are the most probable cause of these issues? (Choose two.)
supplicant or driver
Which two statements best describe the local authentication configuration options for a Cisco WLC v7.0 and local mode AP? (Choose two.)
LEAP, EAP-FAST, EAP-PEAP, and EAP-TLS only
EAP-FAST with PAC or certificate provision
For wireless NAC out-of-band operations, which protocol is used between the Cisco NAC Appliance Manager and the wireless controller to switch the wireless client from the quarantine VLAN to the access VLAN after the client has passed the NAC authentication and posture assessment process?
When using a controller-based AP network, which type of entry is configured in the Cisco Secure ACS?
AAA client using the AP IP address
Authentication is failing between a client and the RADIUS server. Which WLC troubleshooting command set might be useful to assist in troubleshooting the issue?
debug dot1X event
How is the MSE enabled to support wIPS service?
HTTPS with the Cisco WCS to enable the MSE and WLC(s)
What is the maximum number of ACLs that can be applied to a Cisco WLC v7.0 interface?
Which EAP protocol(s) can be used by a controller-based AP on Ethernet for 802.1X authentication to a switch?
Which statement about the Cisco NAC Guest Server that is deployed in wireless guest access implementations is true?
The Cisco NAC Guest Server can be used in place of Cisco WCS Lobby Ambassador functionality for guest provisioning and reporting. The Cisco WCS is still needed for WLAN management.
Which two attacks represent a social engineering attack? (Choose two.)
calling the IT helpdesk and asking for network information
entering a business and posing as IT support staff
Which two options are supported when deploying wireless NAC out-of-band implementations? (Choose two.)
Cisco NAS in virtual gateway mode
Cisco NAC Guest Server integration with the Cisco NAM
Which option correctly lists the EAP protocol(s) that can be configured on an autonomous AP for local authentication?
MAC, LEAP, and EAP-FAST
Which Cisco WLC v7.0 CLI family of commands helps to verify the PAC status for client association when using local-EAP?
Which two situations permit the Cisco WCS v7.0 to successfully trace a rogue to a switch port? (Choose two.)
The rogue has a client that is associated.
The wired MAC address of the rogue is equal to or +1/-1 of the wireless MAC address of the rogue.
Which key is used to encrypt unicast traffic between the supplicant and the AP after EAP authentication has completed?
Which two statements about the sponsor accounts on the Cisco NAC Guest Server are true? (Choose two.)
The Cisco NAC Guest Server can authenticate the sponsors using the local database or via Microsoft Active Directory or LDAP or RADIUS servers.
Sponsoring user groups is the method by which to assign permissions to the sponsors.
802.1X AP supplicant credentials have been enabled and configured on a Cisco WLC v7.0 in both the respective Wireless>AP>Global Configuration location and AP>Credentials tab locations. What describes the 802.1X AP authentication process when connected via Ethernet to a switch?
Only AP credentials are used.
The NetStumbler tool is an example of which wireless attack type?
What does the eping mobility_peer_IP_address command do?
It tests EoIP connectivity via port 97 though the management interface.
How do you configure the Cisco Secure ACS v4.2 and Cisco WLC v7.0 to provide the most flexibility for the management of authorized access on the WLC?
The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS)
Which one of the following best describes the implementation of VLAN pooling on a Cisco WLC v7.0?
Allows a single WLAN ID to be mapped to multiple interfaces
Which two firewall ports must be opened for the anchor controller to operate properly with a foreign controller for guest access? (Choose two.)
ports 16666 and 16667 for controller traffic
port 97 for EoIP traffic
Which statement describes the major difference between PEAP and EAP-FAST client authentication?
PEAP requires a server-side certificate, while EAP-FAST does not require certificates.
Client Management Frame Protection is supported on which Cisco Compatible Extensions version clients?
An engineer has found that many PCs on the network are still using Windows XP. What wireless security feature would be missing from the base operating system?
When configuring guest WLAN access, which two statements are true? (Choose two.)
The SSID that is defined for the guest WLAN on the foreign controllers must be the same as that defined on the anchor controller.
The foreign and anchor controllers must be configured in a mobility group for the foreign controllers to be able to initiate EoIP tunnels to one or more anchor controllers.
When deploying wIPS, which protocol is used to communicate between the Cisco WLC v7.0 and the MSE?
When a supplicant and AAA server are configured to use PEAP, which mechanism is used by the client to authenticate the AAA server in Phase One?
A Cisco WLC v7.0 has been only initially configured through the console setup CLI wizard. A new AP has just finished association with the controller. What is the default mode of remote access to the AP?
access is disabled
Which two parameters can directly affect client roaming decisions? (Choose two.)
Configuring the Cisco Secure ACS with a self-signed certificate supports which requirement?
when no user certificate is required
Employees adjust their wireless laptop for work at the office and when away from the office. What are the two most likely security issues for an employee laptop when connected at the corporate WLAN? (Choose two.)
loading a freeware customer contact application
updating the driver
When using the Microsoft WLAN AutoConfig feature, which 802.1X authentication method is not supported natively by Windows 7?