Share your IAUWS Experience

nshazgui @ ebttikar . com

Desmond (Above) There are no new questions shared here. The 60Q dump is old and incorrect.

Yes, these dumps are old and a good portion of the answers are just crazy wrong. It doesn’t even matter if the answers are correct, though – if someone can simply supply up-to-date questions we can all go over them here/and research them together, which is an excellent way to learn.

hi guys … i have pass leader exam its a good solution we can go over them here & and try to correct the answers lets start ??

@nour , could you share the Pass Leader Exam so we can try to correct the answers.

Sure, Nour – But I am thinking it’s still out-of-date. Put up three questions and let’s go over them together.

I can help too, let’s do it

Afer receiving an alert regardinga rogueAP, a network engineer logs into Cisco Prime and looks at
the floor map where the AP that detected the rogue is located. The map is synchrioized with a
mobility services engine that determioes the rogue device is actually inside the campus. The
engineer determines the rogue to be a security threat and decides to stop it from broadcasting insidethe enterprise wireless network.
What is the fastest way ti disable the rigue?

A. Go to the location the rogue device is indicated to be and disable the power.
B. Create an SSID on WLAN controller resembling the SSID if the rigue ti spiif it and disable clients
frim connectingti it.
C. Classify the rogue as malicious in Cisco Prime.
D. Update the status if the rogue to Cisco Prime to contained

What’s the hell ? Classify the rogue as malicious will disable the rogue and avoid it to broadcast the SSID ?

Which two considerations must a network engineer have when planning for voice over wireless
roaming? (Choose two.)
A.
Roaming with only 802.1x authentication requires full reauthentication.
B.
Roaming time increases when using 802.1x + Cisco Centralized Key Management.
C.
Full reauthentication introduces gaps in a voice conversation.
D.
Roaming occurs when the phone has reached -80 dBs or below.
E.
Roaming occurs when the phone has seen at least four APs.
Answer: A,C

So of these two, here is my input:

First question: classifying the AP as rogue is the only answer that makes sense to me, as this is the most expedient way for disabling the AP. So I think C is the most logical answer there.

Second question: Answers A and C are clearly correct, as B is obviously not true.

Here’s two of my questions:

1. An Engineer is configuring EAP_TLS in a client-trusting server model and has configured a public root certificate authority. Which action does this allow?

2. Which configuration step is necessary to enable Visitor Connect on an SSID?

I Just failed 300-375 exam Today !!!

I bought exam at Pass Leader 300-375. This dumps are INVALID !!!!!

An engineer requires authentication for WPA2 that will use fast rekeying to enable clients to roam from one access point to another without going through the WLC. Which security option should be configured ?
A. PSK
B. AES
C. Cisco Centralized Key Management
D. 802.1X
Answer : C
Correct, during normal operation, EAP-enabled clients mutually authenticate with a new access point by performing a complete EAP authentication, including communication with the main RADIUS server. However, when you configure your wireless LAN for CCKM fast secure roaming, EAP-enabled clients securely roam from one access point to another without the need to reauthenticate with the RADIUS server.

Source : https://supportforums.cisco.com/document/11086/what-cckm-and-how-does-it-affect-fast-and-secure-roaming

Which three configuration steps are necessary on the WLC when implementing central web authentication in ocnjuction with Cisco ISE (Choose three):

A. Set P2P Blocking Action to Drop.
B. Enable Security Layer 3 Web Policy.
C. Set NAC state to SNMP NAC.
D. Enable Allow AAA override.
E. Enable Security Layer 2 MAC Filtering.
F. Set NAC state to RADIUS NAC
Answer : DEF

Correct

A customer is concerned that radar is impacting the access point that service the wireless network in an office located near an airport. On which type of channel should you conduct spectrum analysis to identify if radar is impacting the wireless network ?
A. UNII-3 channels
B. UNII-1 channels
C. 802.11b channels
D. 2.4 GHz channels
E. UNII-2 channels
F. Channels 1, 5, 9, 13
Answer : E
Correct, radar belong to UNI-2 channels

A customer is concerned about DOS attacks from a neighboring facility. Which feature can be enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN?
A. PMF
B. peer-to-peer blocking
C. Cisco Centralized Key Management
D. Split tunnel
Answer : A
Correct, PMF (802.11W) is used to fight against DOS attacks

Which EAP type requires the use if device certfcates?

A. EAP-TLS
B. EAP-FAST
C. EAP-SSL
D. PEAP
E. LEAP
Answer : A
Correct, only EAP-TLS uses device certificates (+ server certificate)

A corporation has recently implemented a BYOD policy at their HQ. Which three risks should the
security director be concerned about? (Choose three.)
A.
unauthorized users
B.
rogue ad-hocs
C.
software piracy
D.
lost and stolen devices
E.
malware
F.
keyloggers
Answer: A,C,E

What you think?

Which three options are valid client profile probes in Cisco ISE? (Choose three.)
A.
DHCP
B.
802.1X
C.
CCX
D.
NetFlow
E.
TACACS
F.
HTTP
Answer: A,D,F

lets start guys

QUESTION 1 An engineer must provide a graphical trending report of the total number of wireless clients on the network. Winch report provides the required data?
A. Client Summary
B. Posture Status Count
C. Client Traffic Stream Metrics
D. Mobility Client Summary
Answer: D

QUESTION 2 When a wireless client uses WPA2 AES, which keys are created at the end of the four way handshake process between the client and the access point?
A. AES key, TKIP key, WEP key
B. AES key, WPA2 key, PMK
C. KCK, KEK, TK
D. KCK, KEK, MIC key
Answer: A

3///
Which configuration changes need to be made to allow WPA2 + PSK to operate property on the East-WLC-2504A controller? (Choose four.)
B. Click on the Status Enabled radio button.
C. Change the Layer 3 Security to Web Policy.
D. Change the WPA + WPA2 Parameters to WPA2 Policy-AES.
E. Change the PSK Format to HEX.
F. Change the WLAN ID.
G. Change the VLAN Identifier.
H. Change the IP Address of the Virtual interface. I. Change the SSID name of the WLAN. J. Click on the PSK radio button and add the password in the text box.
Answer: BFIJ

QUESTION 6 Which three options are valid client profile probes m Cisco ISE? (Choose three.)
A. DHCP
B. 802.1X
C. CCX
D. NetFlow
E. TACACS
F. HTTP
Answer: ADF

QUESTION 1 An engineer must provide a graphical trending report of the total number of wireless clients on the network. Which report provides the required data?
A. Client Summary
B. Posture Status Count
C. Client Traffic Stream Metrics
D. Mobility Client Summary
Answer: D
Not correct, I tested it on the prime and the answer A is providing the total number of wireless clients.
QUESTION 2 When a wireless client uses WPA2 AES, which keys are created at the end of the four way handshake process between the client and the access point?
A. AES key, TKIP key, WEP key
B. AES key, WPA2 key, PMK
C. KCK, KEK, TK
D. KCK, KEK, MIC key
Answer: A
Not correct, the 3 keys generated at the end of the 4-way handshake are KCK, KEK and TK (Answer C)
3///
Which configuration changes need to be made to allow WPA2 + PSK to operate property on the East-WLC-2504A controller? (Choose four.)
B. Click on the Status Enabled radio button.
C. Change the Layer 3 Security to Web Policy.
D. Change the WPA + WPA2 Parameters to WPA2 Policy-AES.
E. Change the PSK Format to HEX.
F. Change the WLAN ID.
G. Change the VLAN Identifier.
H. Change the IP Address of the Virtual interface. I. Change the SSID name of the WLAN. J. Click on the PSK radio button and add the password in the text box.
Answer: BFIJ
Correct, this is a lab, you have to connect to the management console and check what’s happening on the WLC

QUESTION 6 Which three options are valid client profile probes m Cisco ISE? (Choose three.)
A. DHCP
B. 802.1X
C. CCX
D. NetFlow
E. TACACS
F. HTTP
Answer: ADF
For me it’s correct, according to the following link : http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html

3///
Which configuration changes need to be made to allow WPA2 + PSK to operate property on the East-WLC-2504A controller? (Choose four.)
B. Click on the Status Enabled radio button.
C. Change the Layer 3 Security to Web Policy.
D. Change the WPA + WPA2 Parameters to WPA2 Policy-AES.
E. Change the PSK Format to HEX.
F. Change the WLAN ID.
G. Change the VLAN Identifier.
H. Change the IP Address of the Virtual interface. I. Change the SSID name of the WLAN. J. Click on the PSK radio button and add the password in the text box.
Answer: BFIJ
Correct, this is a lab, you have to connect to the management console and check what’s happening on the WLC

In WLC you cannot change wlan id

Which option describes the purpose of configuring switch peer groups ?

A. enforces RF profiles
B. enables location services
C. restricts roaming traffic to certain switches
D. allows template based configuration changes
Answer : C

As I know this is correct. Switch peer group: The converged access deployment defines a switch peer group (SPG) as a logical group of mobility agents within one mobility controller (or mobility subdomain). The main advantage of configuring SPGs is to restrict the roaming traffic to the switches within the SPG

Source : http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/deployment_guide_c07-727067.html#_Toc350855333

Can anyone who already applied the exam confirm if these questions are on the exam?

A customer is concerned about DOS attacks from a neighboring facility. Which feature can be
enabled to help alleviate these concerns and mitigate DOS attacks on a WLAN?
A.
PMF
B.
peer-to-peer blocking
C.
Cisco Centralized Key Management
D.
split tunnel
Answer: A

An engineer is considering an MDM integration with Cisco ISE to assist with security for lost
devices. Which two functions of MDM increase security for lost devices that access data from the
network? (Choose two.)
A.
PIN enforcement
B.
jailbreak/root detection
C.
data wipe
D.
data encryption
E.
data loss prevention
Answer: A,C

QUESTION 7
An engineer is changing the authentication method of a wireless network from EAP-FAST to EAP-TLS. Which two changes are necessary? (Choose two.)
A. Cisco Secure ACS is required.
B. A Cisco NAC server is required.
C. All authentication clients require their own certificates.
D. The authentication server now requires a certificate.
E. The users require the Cisco AnyConnect client.
Answer: CD
QUESTION 8 What is the maximum number of clients that a small branch deployment using a four- member Cisco Catalyst 3850 stack (acting as MC/MA) can support?
A. 10000
B. 1000
C. 500
D. 2000
E. 5000
Answer: E

QUESTION 9 Refer to the exhibit. A customer is having problems with clients associating to me wireless network. Based on the configuration, which option describes the most likely cause of the issue?
A. Both AES and TKIP must be enabled
B. SA Query Timeout is set too low
C. Comeback timer is set too low
D. PME is set to “required”
E. MAC Filtering must be enabled
Answer: E
QUESTION 10 Which of the following user roles can access CMX Visitor Connect?
A. Administrator
B. Power User
C. Guest User
D. Super Administrator
Answer: A

QUESTION 11 A Customer is concerned about denial of service attacks that impair the stable operation of the corporate wireless network. The customer wants to purchase mobile devices that will operate on the corporate wireless network. Which IEEE standard should the mobile devices support to
address the customer concerns?
A. 802.11w
B. 802.11k
C. 802.11r
D. 802.11h
Answer: A

QUESTION 7
An engineer is changing the authentication method of a wireless network from EAP-FAST to EAP-TLS. Which two changes are necessary? (Choose two.)
A. Cisco Secure ACS is required.
B. A Cisco NAC server is required.
C. All authentication clients require their own certificates.
D. The authentication server now requires a certificate.
E. The users require the Cisco AnyConnect client.
Answer: CD
This is correct. EAP-TLS requires a certificate on the AAA server and supplicant
//
QUESTION 8 What is the maximum number of clients that a small branch deployment using a four- member Cisco Catalyst 3850 stack (acting as MC/MA) can support?
A. 10000
B. 1000
C. 500
D. 2000
E. 5000
Answer: E
Already clarified, 2000 clients maximum, so answer is D.
//
QUESTION 9 Refer to the exhibit. A customer is having problems with clients associating to me wireless network. Based on the configuration, which option describes the most likely cause of the issue?
A. Both AES and TKIP must be enabled
B. SA Query Timeout is set too low
C. Comeback timer is set too low
D. PME is set to “required”
E. MAC Filtering must be enabled
Answer: E
Wrong, already clarified, PME is set to required, that means all clients who not support PMF will not be able to connect
//
QUESTION 10 Which of the following user roles can access CMX Visitor Connect?
A. Administrator
B. Power User
C. Guest User
D. Super Administrator
Answer: A
I guess this is correct, correct me if I’m wrong
//
QUESTION 11 A Customer is concerned about denial of service attacks that impair the stable operation of the corporate wireless network. The customer wants to purchase mobile devices that will operate on the corporate wireless network. Which IEEE standard should the mobile devices support to
address the customer concerns?
A. 802.11w
B. 802.11k
C. 802.11r
D. 802.11h
Answer: A
Correct, 802.11w (PMF) is used to fight against DoS attacks on Management frames

Some of these are…many have been weeded out. Lots of new questions.

Answer #2 is incorrect above.

Hamsun, you mean this?

QUESTION 2 When a wireless client uses WPA2 AES, which keys are created at the end of the four way handshake process between the client and the access point?
A. AES key, TKIP key, WEP key
B. AES key, WPA2 key, PMK
C. KCK, KEK, TK
D. KCK, KEK, MIC key
Answer: A

I think the right one is C. Key Confirmation Key, Key Encryption Key and Temporal Key

QUESTION 12

Which option determines which RADIUS server is preferred the most by the Cisco WLC?
A.
the Server Index (Priority) drop-down list
B.
the server status
C.
the server IP address
D.
the port number
Answer: A

QUESTION 13

A Cisco WLC has been added to the network and Cisco ISE as a network device, but
authentication is failing. Which configuration within the network device configuration should be
verified?
A.
shared secret
B.
device ID
C.
SNMP RO community
D.
device interface credentials
Answer: A

QUESTION 14

Which three commands are part of the requirements on a Cisco Catalyst 3850 Series Switch with
Cisco IOS XE to create a RADIUS authentication server group? (Choose three.)

A. authentication dot1x default local
B. aaa session-idcommon
C. dot1x system-auth-control
D. aaa new-model
E. local-auth wcm_eap_prof
F. security dot1x
Answer: B,C,D

Benny — all answers correct…unfortunately, these questions are a little dated. Some are on the exam while others are not.

some of these were on the old test

QUESTION 15

Which two considerations must a network engineer have when planning for voice over wireless
roaming? (Choose two.)
A. Roaming with only 802.1x authentication requires full reauthentication.
B. Roaming time increases when using 802.1x + Cisco Centralized Key Management.
C. Full reauthentication introduces gaps in a voice conversation.
D. Roaming occurs when the phone has reached -80 dBs or below.
E. Roaming occurs when the phone has seen at least four APs.
Answer: A,C

QUESTION 16

Which two 802.11 methods can be configured to protect card holder data? (Choose two.)
A. CCMP
B. WEP
C. SSL
D. TKIP
E. VPN
Answer: C,E

QUESTION 17

An engineer is changing the authentication method of a wireless network from EAP-FAST to EAPTLS.
Which two changes are necessary? (Choose two.)
A. Cisco Secure ACS is required.
B. A Cisco NAC server is required.
C. All authenticating clients require their own certificates.
D. The authentication server now requires a certificate.
E. The users require the Cisco AnyConnect client.
Answer: C,D

QUESTION 18

Which mobility mode must a Cisco 5508 Wireless Controller be in to use the MA functionality on a
Cisco Catalyst 3850 Series Switch with a Cisco 5508 Wireless Controller as an MC?
A. classic mobility
B. new mobility
C. converged access mobility
D. auto-anchor mobility
Answer: C

QUESTION 18
Which mobility mode must a Cisco 5508 Wireless Controller be in to use the MA functionality on a
Cisco Catalyst 3850 Series Switch with a Cisco 5508 Wireless Controller as an MC?
A. classic mobility
B. new mobility
C. converged access mobility
D. auto-anchor mobility
Answer: C
Wrong, the answer is B New mobility.

Benny — think about how you answered question 16. Does that answer really make sense? If so, why? SSL and VPN??

Again, most of these questions are outdated. You’re delving into old study guides.

Passed 300-375 exam yesterday! 9xx/1000 marks!!

Learned most of questions from PassLeader 300-375 dumps (60q), 100% valid for passing!

You can get part of that PL 300-375 dumps here:

http://www.ciscobraindump.com/?s=300-375

Good Luck!!!

An engineer is considering an MDM integration with Cisco ISE to assist with security for lost
devices. Which two functions of MDM increase security for lost devices that access data from the
network? (Choose two.)
A. PIN enforcement
B. jailbreak/root detection
C. data wipe
D. data encryption
E. data loss prevention
Answer: A,C

Wrong, according to the link below, this could be BE :
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/at_a_glance_c45-726284.pdf

But according to this link : http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/Managing_Lost_or_Stolen_Device.pdf

AC are the good answers…

http://online.it-training.pro/it-testing-skills-vce/Online-Test-Actual-Questions-Premium-for-Cisco-CCNA-Wireless-200-355-WIFUND

This is the cheapest and latest valid dumps:
http://rebrand.ly/ccnac9d34

Just passed it ! 930/1000 !
Good luck guys !

No, CCIE expert. Those are dated. All dated questions. And wrong answers.