certifyme - gratis exam · explanation: "pass any exam. any time." - 4 cisco 642-737...

CertifyMe

Number: 642-737Passing Score: 800Time Limit: 120 minFile Version: 28.9

http://www.gratisexam.com/

CISCO 642-737 EXAM QUESTIONS & ANSWERS

Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0

Sections1. 12. 23. 34. 45. 56. 6

Test-Papers

QUESTION 1Which statement describes the major difference between PEAP and EAP-FAST client authentication?

A. EAP-FAST requires a backend AAA server, and PEAP does not.B. EAP-FAST is a Cisco-only proprietary protocol, whereas PEAP is an industry-standard protocol.C. PEAP requires a server-side certificate, while EAP-FAST does not require certificates.D. PEAP authentication protocol requires a client certificate, and EAP-FAST requires a secure password.

Correct Answer: CSection: 1Explanation

Explanation/Reference:Explanation:

QUESTION 2Which one best describes the EAP Identity Request frame when a wireless client is connecting to a Cisco WLCv7.0-based AP WLAN?

A. sourced from the Cisco ACS Server to the clientB. sourced from the client to the Cisco ACS ServerC. sourced from the WLC to the clientD. sourced from the client to the WLCE. sourced from the AP to the clientF. sourced from the client to the AP



QUESTION 3What are the four packet types that are used by EAP? (Choose four.)

A. EAP TypeB. EAP RequestC. EAP IdentityD. EAP Response

"Pass Any Exam. Any Time." - www.actualtests.com 2 Cisco 642-737 ExamE. EAP SuccessF. EAP FailureG. EAP Authentication

Correct Answer: BDEFSection: 1Explanation


QUESTION 4

Which EAP types are supported by MAC 10.7 for authentication to a Cisco Unified Wireless Network?

A. LEAP and EAP-Fast onlyB. EAP-TLS and PEAP onlyC. LEAP, EAP-TLS, and PEAP onlyD. LEAP, EAP-FAST, EAP-TLS, and PEAP

Correct Answer: DSection: 1Explanation


QUESTION 5What are two of the benefits that the Cisco AnyConnect v3.0 provides to the administrator for client WLANsecurity configuration? (Choose two.)


"Pass Any Exam. Any Time." - www.actualtests.com 3 Cisco 642-737 Exam

A. Provides a reporting mechanism for rouge APsB. Prevents a user from adding any WLANsC. Hides the complexity of 802.1X and EAP configurationD. Supports centralized or distributed client architecturesE. Provides concurrent wired and wireless connectivityF. Allows users to modify but not delete admin-created profiles

Correct Answer: CDSection: 1Explanation


QUESTION 6Which two parameters can directly affect client roaming decisions? (Choose two.)

A. SNRB. RSSIC. MFP statusD. RF fingerprintingE. RRM

Correct Answer: ABSection: 1Explanation

Explanation/Reference:

Explanation:


QUESTION 7Which three parameters can be communicated between a Cisco WLC v7.0 and Cisco Compatible Extensionsv4-enabled client to improve a secure roaming connection? (Choose three.)

A. minimum SNRB. transition timeC. scan thresholdD. hysteresisE. PERF. MIC errors

Correct Answer: BCDSection: 1Explanation


QUESTION 8Employees are allowed to start bringing their own wireless devices to work for use on the 802.11a/b/g/n WLANwhen using their existing credentials. However, they are experiencing issues. Which two items are the mostprobable cause of these issues? (Choose two.)

A. incorrect IP addressB. supplicant or driverC. incorrect user nameD. wrong wireless bandE. application issues

Correct Answer: BESection: 1Explanation


QUESTION 9Employees adjust their wireless laptop for work at the office and when away from the office. What are the twomost likely security issues for an employee laptop when connected at the corporate WLAN? (Choose two.)

A. loading a freeware customer contact applicationB. configuring a static IP addressC. updating the driverD. adding a coffee shop wireless HotSpot

Correct Answer: ACSection: 1Explanation


QUESTION 10When configuring the WLC for single sign-on for the NAC, which device is used for the RADIUS accounting IPaddress?

A. Cisco NAC Appliance ManagerB. Cisco NAC Appliance ServerC. Cisco NAC Guest ServerD. Cisco ACSE. Cisco WCS

Correct Answer: ASection: 1Explanation


QUESTION 11Which option verifies that a wireless client has authenticated to a WLAN when performing NAC using the CiscoNAC Appliance Manager and Server?

A. Cisco CAM OOB Management > Devices > Discovered ClientsB. Cisco CAS OOB Management > Devices > Discovered ClientsC. Cisco CAM Monitor > View Online UsersD. Cisco CAS Monitor > View Online Users




QUESTION 12Client Management Frame Protection is supported on which Cisco Compatible Extensions version clients?

A. v2 and laterB. v3 and laterC. v4 and later

"Pass Any Exam. Any Time." - www.actualtests.com 10 Cisco 642-737 ExamD. v5 only



QUESTION 13Which three WLAN polices can be controlled by using the Cisco IBNS on the Cisco WLC and Cisco SecureACS? (Choose three.)

A. QoS settingB. VLANC. EAP typeD. ACLE. authentication priority orderF. NAC state

Correct Answer: ABDSection: 2Explanation


QUESTION 14"Pass Any Exam. Any Time." - www.actualtests.com 11 Cisco 642-737 ExamWhich attribute on the Cisco WLC v7.0 does RADIUS IETF attribute "Tunnel-Private-Group ID" assign?

A. ACLB. DSCPC. QoSD. VLAN



QUESTION 15The Cisco WLC v7.0 is configured for external authentication of the management access to the WLC itselfusing the Cisco Secure ACS v4.2. The management user is limited to read access for all menu options exceptfor full read/write access to the WLAN menu options.

Which two items are required in the Cisco Secure ACS network configuration to enable correct AAA? (Choosetwo.)

A. AP IP addressB. WLC virtual IP addressC. WLC management IP addressD. WLC AP management IP addressE. hostname matching the WLC case-sensitive nameF. authentication using RADIUSG. authentication using TACACS+

Correct Answer: CGSection: 2Explanation


QUESTION 16When implementing certificates through the use of a CA, how is the certificate of client A validated by client B

when received?

A. verifying the client A certificate using the client A private keyB. verifying the client A certificate using the client A public keyC. verifying the client A certificate using the client B private keyD. verifying the client A certificate using the client B public keyE. verifying the client A certificate using the CA private keyF. verifying the client A certificate using the CA public key

Correct Answer: FSection: 2Explanation


QUESTION 17Refer to the exhibit.

What does this Cisco Secure ACS v4.2 log indicate?

A. The WLC is not configured as a client in the Cisco Secure ACS.B. The WLC is not configured as a server in the Cisco Secure ACS.C. Incorrect authentication exists between the WLC and Cisco Secure ACS.D. The wireless client is not configured as a client in the Cisco Secure ACS.E. Incorrect authentication exists between the wireless client and Cisco Secure ACS.




QUESTION 18Authentication is failing between a client and the RADIUS server. Which WLC troubleshooting command setmight be useful to assist in troubleshooting the issue?

A. show local-authB. debug ldapC. debug aaa local-authD. debug dot1X event



QUESTION 19The Cisco NAC Guest Server is configured as which kind of device on the wireless controller?

A. external web authentication serverB. RADIUS serverC. SNMP trap receiverD. anchor controllerE. AAA client

Correct Answer: BSection: 2Explanation


QUESTION 20Which two statements about the sponsor accounts on the Cisco NAC Guest Server are true? (Choose two.)

A. The sponsor login to the Cisco NAC Guest Server is at https://NGS-IP-Address/admin to create, view, andedit guest accounts."Pass Any Exam. Any Time." - www.actualtests.com 15 Cisco 642-737 Exam

B. The Cisco NAC Guest Server can authenticate the sponsors using the local database or via MicrosoftActive Directory or LDAP or RADIUS servers.

C. Sponsoring user groups is the method by which to assign permissions to the sponsors.D. Guest roles provide a way to give different levels of access to different sponsor accounts.E. Sponsor accounts require admin privileges to generate reports.

Correct Answer: BCSection: 2Explanation


QUESTION 21Which two statements are true about configuring a wired guest LAN feature? (Choose two.)

A. Create a WLAN on the anchor controller onlyB. Select the management interface as the egress interface to reach the anchor controllerC. Require an anchor controller to implementD. Select the interface that you created as the guest LAN interface in the ingress interface menuE. Configure on any controller from version 5.2 forward

Correct Answer: BDSection: 2Explanation



"Pass Any Exam. Any Time." - www.actualtests.com 16 Cisco 642-737 ExamWhat is the 1.1.1.1 IP address?

A. the controller virtual interface IP addressB. the controller management IP addressC. the controller AP-manager IP addressD. the RADIUS server IP addressE. the lightweight AP IP addressF. the wireless client IP address



QUESTION 23When configuring guest WLAN access, which two statements are true? (Choose two.)

A. The SSID that is defined for the guest WLAN on the foreign controllers must be the same as that defined onthe anchor controller.

B. The foreign controllers must be defined with an ingress interface and an egress interface in the guestWLAN.

C. The foreign and anchor controllers must be configured in a mobility group for the foreign controllers to beable to initiate EoIP tunnels to one or more anchor controllers.

D. The mobility domain name of the anchor controller should be the same as what is configured for the foreigncontrollers.



QUESTION 24Which statement correctly describes the relationship between the foreign and anchor controllers when used forguest access?

A. The foreign controller will load balance in round-robin fashion starting with the highest IP address anchorcontroller to the lowest IP address anchor controller.

B. The foreign controller will load balance in round-robin fashion starting with the lowest IP address anchorcontroller to the highest IP address anchor controller.

C. The foreign controller will load balance in round-robin fashion starting with the highest MAC "Pass AnyExam. Any Time." - www.actualtests.com 17 Cisco 642-737 Examaddress anchor controller to the lowest MAC address anchor controller.

D. The foreign controller will load balance in round-robin fashion starting with the lowest MAC address anchorcontroller to the highest MAC address anchor controller.



QUESTION 25Which two descriptions of mpings and epings are true? (Choose two.)

A. mpings run over UDP port 16666.B. mpings run over UDP port 16667, and epings run over port 16666.C. epings run over EoIP.D. mpings test mobility data packet reachability, and epings test mobility control packet reachability.E. mpings run over the management interface, and epings run over the virtual interface.F. mpings and epings are useful tools for troubleshooting WLC-to-AP communications.



QUESTION 26Which two firewall ports must be opened for the anchor controller to operate properly with a foreign controllerfor guest access? (Choose two.)

A. ports 16666 and 16667 for controller trafficB. port 97 for EoIP traffic

C. port 80 for HTTP trafficD. port 69 for TFTP traffic

Correct Answer: ABSection: 2Explanation


QUESTION 27"Pass Any Exam. Any Time." - www.actualtests.com 18 Cisco 642-737 ExamWhich one of the options is responsible for multiple requirements for account data protection such as withcredit cards?

A. ISOB. IEEEC. IETFD. Wi-Fi AllianceE. PCIF. HIPAAG. GLBA

Correct Answer: ESection: 3Explanation


QUESTION 28Which one of the following best describes the implementation of VLAN pooling on a Cisco WLC v7.0?

A. Allows a single WLAN ID to be mapped to multiple SSIDsB. Allows a single SSID to be mapped to multiple WLAN IDsC. Allows a single WLAN ID to be mapped to multiple interfacesD. Allows a single interface to be mapped to multiple WLAN IDs



QUESTION 29A Cisco WLC v7.0 has been only initially configured through the console setup CLI wizard. A new AP has justfinished association with the controller. What is the default mode of remote access to the AP?

A. HTTPSB. HTTPC. SSHD. TelnetE. access is disabled




QUESTION 30Which two tools help to provide PCI compliance reports? (Choose two.)

A. WLCB. WCSC. MSED. Ekahau Site SurveyE. AirMagnet WiFi Analyzer

Correct Answer: BESection: 3Explanation


QUESTION 31Which four attack categories can the Cisco WLC v7.0 IDS detect using the 17 standard signatures? (Choosefour.)

A. broadcast deauthentication attacksB. Wellenreiter and NetStumbler attacksC. management frame floods and EAPOL floodsD. fragmentation attacksE. NULL probe response attacksF. RF jamming attacks

Correct Answer: ABCESection: 3Explanation


QUESTION 32The Cisco Unified Wireless Network solution, which is based on version 7.0, provides which three wired-sidetracing techniques? (Choose three.)


A. switch port tracingB. adaptive wIPSC. RLDPD. autocontainmentE. rogue detectorF. H-REAP

Correct Answer: ACESection: 3Explanation



What is the effect of setting Client Exclusion to Enabled and set to a Timeout Value of 0 seconds in a CiscoWLC v7.0?

A. Excluded clients must be manually removed from the excluded list.B. Client exclusion will not occur.C. Client exclusion timeout will be determined by the IDS module.D. Clients will only be disconnected and not excluded.




QUESTION 34

Which wireless attack can cause most client wireless adapters to lock up?

A. management frame floodB. NULL probe responseC. EAPOL floodD. RF jammingE. disassociation floodF. deauthentication flood



QUESTION 35The NetStumbler tool is an example of which wireless attack type?

A. denial of serviceB. information gatheringC. hijackingD. eavesdropping



QUESTION 36Which device performs the definition of rules and requirements for posture assessment of a wireless clientwhen implementing a NAC appliance solution?

A. Cisco NAC Guest ServerB. Cisco Secure Access Control SystemC. Cisco 802.1X supplicantD. Cisco NAC Appliance AgentE. Cisco NAC Appliance ManagerF. Cisco NAC Appliance ServerG. Cisco IPS Appliance




QUESTION 37Which NAC component performs device compliance checks as users attempt to access the network?

A. Cisco NAC Guest Server

B. Cisco Secure Access Control SystemC. Cisco 802.1X supplicantD. Cisco NAC Appliance AgentE. Cisco NAC Appliance ManagerF. Cisco NAC Appliance ServerG. Cisco IPS Appliance



QUESTION 38Which protocol port(s) need open access when deploying NAC appliances to communicate with the Cisco WLCv7.0 to move an authenticated user from the quarantine VLAN to the access VLAN?

A. UDP 16666B. UDP 514C. UDP 5246 and 5247D. UDP 161 and 162E. TCP 443



QUESTION 39Which two firewall protocol port(s) need open access for secure management access to an anchor

"Pass Any Exam. Any Time." - www.actualtests.com 23 Cisco 642-737 ExamWLC for guest access? (Choose two.)

A. TCP 22B. TCP 23C. TCP 80D. TCP 8080E. TCP 443F. UDP 123

Correct Answer: AESection: 3Explanation


QUESTION 40An IPS appliance is being integrated into the Cisco Unified Wireless Network solution in promiscuous mode.Which two parameters are required when configuring a Cisco WLC v7.0 for the addition of the IPS applianceservices? (Choose two.)


A. WLAN > AAA Override is enabledB. WLAN > P2P Blocking is enabledC. WLAN > Client Exclusion is enabledD. WLAN > NAC State is enabledE. Security > RADIUS accounting IP addressF. Security > Sensors IP address

Correct Answer: CFSection: 3Explanation


QUESTION 41How is the MSE enabled to support wIPS service?

A. CLI console or SSH session with the MSEB. HTTPS with the MSEC. HTTPS with the Cisco WCS to enable the MSE and WLC(s)D. HTTPS with WLC(s) to enable locally and the IP address of MSE


Explanation/Reference:"Pass Any Exam. Any Time." - www.actualtests.com 24 Cisco 642-737 Exam

Explanation:

QUESTION 42A wireless client has finished 802.1X and EAP using WPA2 with a controller-based AP network using a centralAAA server. How is unicast encryption implemented on the client?

A. The client uses the PMK that is sent from the AAA server that is derived from EAP authentication.B. The client uses the PTK that is sent from the WLC, which was derived from the PMK that is sent from the

AAA server.C. The client uses the PTK that is derived from EAP authentication.D. The client uses the PMK that is derived from a four-way handshake with the AP.E. The client uses the PTK that is derived from a four-way handshake with the AP.



QUESTION 43Which key is used to encrypt unicast traffic between the supplicant and the AP after EAP authentication hascompleted?

A. PMKB. GTKC. PTKD. OKCE. PSK



QUESTION 44What does the Cisco WLC v7.0 use to encrypt broadcast and multicast frames that are sent to a wirelessclient?


A. PMKB. GTKC. PTKD. OKCE. PSK



QUESTION 45When using the Microsoft WLAN AutoConfig feature, which 802.1X authentication method is not supportednatively by Windows 7?

A. EAP-TLSB. EAP-FASTC. PEAP with MS-CHAPv2D. PEAP with GTC



QUESTION 46

Many employees are bringing their own devices to work such as those running Apple iOS for iPhones andiPads. Which three statements correctly describe authentication for these devices? (Choose three.)

A. supports only broadcast networksB. supports broadcast and hidden networksC. supports only pre-shared key (pass phrase)D. supports most EAP types such as EAP-FAST, EAP-TLS, and PEAPE. supports WPA onlyF. supports WEP, WPA, and WPA2

Correct Answer: BDFSection: 3Explanation



QUESTION 47What are the three methods that a Cisco AnyConnect v3.0 profile can be applied to a client device? (Choosethree.)

A. Cisco ASA version 8.2 and later can instruct users to open a specific page on the ASA web interface, fromwhere NAM and user profiles can be downloaded.

B. The DHCP option for using a TFTP server automates where NAM and user profiles can be downloaded.C. The administrator can manually copy the profile to the correct location on the client PC.D. The administrator can also use the predeploy installer (MSI on Windows) with the generated profiles.E. When loaded, the Posture Module can verify and request the user to load the latest profile.F. The administrator can use the Cisco AnyConnect v3.0 server feature to allow clients to authenticate with the

AAA server and then download the appropriate profile to their client PC.

Correct Answer: ACDSection: 4Explanation


QUESTION 48Which two statements describe the use of NAM by the Cisco AnyConnect v3.0? (Choose two.)

A. removes Cisco Secure Services Client v5.X but retains the configuration for NAMB. removes Cisco Secure Services Client v5.X software and configuration for a clean installC. installs on Windows, Mac, and LinuxD. installs on Windows onlyE. requires a licenseF. requires a profile editor to allow a user to add WLANs

Correct Answer: ADSection: 4Explanation


QUESTION 49Which two statements describe the secure roaming process of a client between APs that are controlled by aCisco WLC v7.0? (Choose two.)


A. determined by client algorithmsB. determined by the WLC and AP infrastructureC. the WLC can only request a client roam using Cisco Compatible Extensions v3 and aboveD. the WLC can only request a client roam using Cisco Compatible Extensions v4 and aboveE. only implemented for VoWLAN



QUESTION 50Which two fast roaming algorithms will allow a WLAN client to roam to a new AP and re-establish a newsession key without a full reauthentication of the WLAN client? (Choose two.)

A. PMKB. PTKC. MICD. GTKE. CKMF. PKC

Correct Answer: EFSection: 4Explanation


QUESTION 51Which statement correctly describes the usage of the debug command in a Cisco Unified Wireless Network?

A. Debug is enabled until manual shut off.B. Debug is available on the WLC serial console and web interface.C. Debug is a restricted command and is not available in the AP CLI.D. Debug is a message logging severity 7.




QUESTION 52Which Cisco WLC v7.0 CLI family of commands helps to verify the PAC status for client association whenusing local-EAP?

A. debug groupB. debug dot1XC. show local-authD. debug aaaE. debug capwap



QUESTION 53Employees are allowed to starting bringing their own laptops to work. Which option can help provide a temporaluser device vulnerability check when using the Java applet or ActiveX?

A. Cisco NAC ServerB. Cisco NAC Guest ServerC. Cisco NAC ManagerD. Cisco NAC Windows AgentE. Cisco NAC Web AgentF. Cisco ACS



QUESTION 54Employees are allowed to starting bringing their own laptops to work. Which option can help provide apersistent user device check against unexpected issues of security risk application and lack of appropriatepatches or updates inclusive of registry keys?

A. Cisco NAC ServerB. Cisco NAC Guest ServerC. Cisco NAC Manager

"Pass Any Exam. Any Time." - www.actualtests.com 29 Cisco 642-737 ExamD. Cisco NAC Windows AgentE. Cisco NAC Web AgentF. Cisco ACS



QUESTION 55When deploying wireless Cisco NAC OOB operations, which device signals the WLC to switch a user from aquarantine VLAN to an access VLAN?




QUESTION 56When do NAC out-of-band deployments require user traffic to traverse through the Cisco NAC Server?

A. posture assessment onlyB. 802.1X and EAP authentication and remediationC. posture assessment and remediationD. 802.1X and EAP authentication, posture assessment, and remediation



QUESTION 57For wireless NAC out-of-band operations, which protocol is used between the Cisco NAC

"Pass Any Exam. Any Time." - www.actualtests.com 30 Cisco 642-737 ExamAppliance Manager and the wireless controller to switch the wireless client from the quarantine VLAN to theaccess VLAN after the client has passed the NAC authentication and posture assessment process?

A. RADIUSB. TACACS+C. SNMPD. SSLE. EAP



QUESTION 58When configuring the WLC for NAC out-of-band, which device will be used for SNMP trap receiver IP addressentries?




QUESTION 59Which three of the items listed are required configuration parameters for the WLC to enable NAC out-of-bandsingle sign-on when implementing NAC appliances? (Choose three.)

A. EAP authenticationB. web authenticationC. SNMPD. RADIUS accountingE. WLAN > SNMP NAC enabledF. WLAN > RADIUS NAC enabled


Correct Answer: CDESection: 4Explanation


QUESTION 60Which option verifies that a wireless client has associated but is not yet authenticated to a WLAN whenperforming NAC using the Cisco NAC Appliance Manager and Server?

A. Cisco CAM OOB Management > Devices > Discovered ClientsB. Cisco CAS OOB Management > Devices > Discovered ClientsC. Cisco CAM Monitor > View Online UsersD. Cisco CAS Monitor > View Online Users



QUESTION 61Which EAP protocol(s) can be used by a controller-based AP on Ethernet for 802.1X authentication to aswitch?

A. EAP-LEAPB. EAP-FASTC. EAP-PEAP

D. EAP-TLSE. 802.1X and EAP are not supported on AP-wired Ethernet



QUESTION 62Which option correctly lists the EAP protocol(s) that can be configured on an autonomous AP for localauthentication?

A. MAC"Pass Any Exam. Any Time." - www.actualtests.com 32 Cisco 642-737 Exam

B. LEAP and EAP-FASTC. MAC, LEAP, and EAP-FASTD. MAC, EAP-FAST, EAP-PEAP, and EAP-TLS



QUESTION 63Which two statements best describe the local authentication configuration options for a H-REAP using H-REAPgroups in the Cisco WLC v7.0? (Choose two.)

A. LEAP and EAP-FAST onlyB. LEAP, EAP-FAST, EAP-PEAP, and EAP-TLS onlyC. LEAP, EAP-FAST, EAP-PEAP, EAP-TLS, and EAP-MD5D. EAP-FAST with PAC provision onlyE. EAP-FAST with PAC or certificate provision



QUESTION 64Cisco Client MFP is supported on which modes of LWAPP and CAPWAP APs?

A. Local, H-REAP, and BridgeB. Local, H-REAP, and MonitorC. Local, H-REAP, and Rogue DetectorD. Sniffer, H-REAP, and Bridge



QUESTION 65Which three RADIUS IETF attributes should be enabled on the Cisco Secure ACS v4.2 when implementing IBNfor VLAN assignment to the Cisco WLC v7.0? (Choose three.)


A. [064] Tunnel-TypeB. [065] Tunnel-Medium-TypeC. [066] Tunnel-Client-EndpointD. [067] Tunnel-Server-EndpointE. [069] Tunnel-PasswordF. [081] Tunnel-Private-Group-IDG. [082] Tunnel-Private-User-ID

Correct Answer: ABFSection: 4Explanation


QUESTION 66Which answer best describes the implementation of IBN using the Cisco WLC v7.0 and Cisco Secure ACSv4.2?

A. Configure the ACS for AAA override and attributes. Configure the WLC for RADIUS server.B. Configure the ACS for AAA override and attributes. Configure the WLC for RADIUS server and attributes.C. Configure the ACS for attributes. Configure the WLC for RADIUS server and AAA override.D. Configure the ACS for attributes. Configure the WLC for RADIUS server, AAA override, and attributes.



QUESTION 67How should the Cisco Secure ACS v4.2 and the Cisco WLC v7.0 be configured to support wireless clientauthentication?

A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace)B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF)C. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace)D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS)


Explanation/Reference:

Explanation:

QUESTION 68When using a controller-based AP network, which type of entry is configured in the Cisco Secure ACS?

A. AAA client using the AP IP addressB. AAA server using the AP IP addressC. AAA client using the WLC IP addressD. AAA server using the WLC IP address



QUESTION 69Which two entries can be used in the Cisco Secure ACS AAA network configuration setup for IP address192.168.1.1 to provide RADIUS authentication for the network node? (Choose two.)


A. 192.168.1.1-10B. 192.168.1.0C. 192.168.1.0 0.0.0.255D. 192.168.1.255E. 192.168.1.*

Correct Answer: AESection: 5Explanation


QUESTION 70Which two EAP type(s) require a client certificate? (Choose two.)

A. LEAPB. PEAPC. EAP-FASTD. EAP-TLSE. EAP-MD5

Correct Answer: CDSection: 5Explanation


QUESTION 71"Pass Any Exam. Any Time." - www.actualtests.com 36 Cisco 642-737 ExamWhat is the maximum number of ACLs that can be applied to a Cisco WLC v7.0 interface?

A. 1B. 16C. 32D. 64



QUESTION 72"Pass Any Exam. Any Time." - www.actualtests.com 37 Cisco 642-737 ExamRefer to the exhibit.

Why is the client failing to authenticate with the AAA server?

A. excessive number of authentication attempts for usernameB. incorrect read/write credentials for usernameC. incorrect IP address being sent by clientD. incorrect authentication for username

Correct Answer: DSection: 5

Explanation


QUESTION 73The Cisco NAC Guest Server has integration with which two other Cisco devices to support guest services?(Choose two.)

A. Cisco NAC Appliance AgentB. Cisco NAC Appliance ServerC. Cisco NAC Appliance ManagerD. Cisco NAC ProfilerE. Cisco WLCF. Cisco WCS

Correct Answer: CESection: 5Explanation



QUESTION 74A wireless client has a browser with a manually configured proxy. The Cisco WLC v7.0 has been configured forbasic WLAN Layer 3 web pass through with the remaining default configuration. Which two statements are truewhen the client attempts to connect to a WLAN for guest access using web authentication? (Choose two.)


A. The WLC allows access if the client is requesting a globally resolvable DNS address.B. The WLC allows access if it is configured for WebAuth Proxy.C. The WLC allows access for a client request to ports 80 or 8080 only.D. Access requires DHCP with option 252.E. Access requires DHCP with option 150.

Correct Answer: BDSection: 5Explanation


QUESTION 75Which two things should you verify if the Cisco NAC Guest Server is configured on the network and the clientcannot access the guest network? (Choose two.)

A. The controller can ping the Cisco NAC Guest Server.B. The controller can mping and eping the Cisco NAC Guest Server.C. AAA override is enabled on the guest WLAN.D. Controllers and the Cisco NAC Guest Server are in the same mobility group.

Correct Answer: AC

Section: 5Explanation


QUESTION 76Which three products are required to produce Cisco Clean Air Security reports? (Choose three.)

A. WLC v7.0B. WCS v7.0C. MSE v7.0D. Spectrum Expert v4.0E. 1260 APF. 3500 AP

Correct Answer: ABFSection: 6Explanation



QUESTION 77Which four conditions can be used in rules to classify rogue APs on a Cisco WLC v7.0? (Choose four.)

A. managed SSIDB. RSSIC. EAP typeD. no encryptionE. encryption methodF. duration

Correct Answer: ABDFSection: 6Explanation


QUESTION 78Which two situations permit the Cisco WCS v7.0 to successfully trace a rogue to a switch port? (Choose two.)

A. The rogue is broadcasting an infrastructure SSID.B. The rogue has a client that is associated.C. The wired MAC address of the rogue is equal to or +1/-1 of the wireless MAC address of the rogue.D. The rogue is on the same switch as a CAPWAP AP.E. The rogue has been identified using RLDP.

Correct Answer: BCSection: 6Explanation


QUESTION 79Which device provides IDS and IPS protection in a Cisco Unified Wireless Network against wireless clients withviruses and worms?

A. Cisco NAC Guest ServerB. Cisco Secure Access Control SystemC. Cisco WLCD. Cisco WCSE. Cisco NAC Appliance ManagerF. Cisco NAC Appliance ServerG. Cisco IPS Appliance

Correct Answer: GSection: 6Explanation


QUESTION 80IPS appliance traffic monitoring has been configured in a Cisco WLC v7.0 with default parameters. Whichstatement correctly describes the results when malicious traffic is detected from a wireless client?

A. The WLC immediately notifies the IPS appliance.B. The IPS appliance immediately notifies the WLC.C. The WLC polls the IPS for the status every 60 seconds.D. The IPS initiates updates to the WLC every 60 seconds.




certifyme - gratis exam · explanation: "pass any exam. any time." - 4 cisco 642-737...

Documents