642-736

Cisco 642-736

642-736 Implementing Advanced Cisco UnifiedWireless Security (IAUWS)

Practice TestVersion 1.1

Actua

lTests

.com

QUESTION NO: 1

What is the purpose of looking for anomalous behavior on a WLAN infrastructure?

A. Identifying new attack toolsB. Auditing employee's bandwidth usageC. Identifying attacks using signature matchingD. Improving performance by load balancing

Answer: A

QUESTION NO: 2

As of controller release v5.2, which two statements about wired guest access support are true?(Choose two.)

A. It is not supported on the Cisco 2100 Series Controllers.B. No more than three wired guest access LANs can be configured on a controller.C. Layer 3 web authentication and passthrough are not supported.D. Wired guest access cannot be configured in a dual-controller configuration that uses an anchorcontroller and a foreign controller.E. The wired guest access ports must be in the same Layer 2 network as the foreign controller.

Answer: A,E

QUESTION NO: 3

The wireless client can roam faster on the Cisco Unified Wireless Network infrastructure whenwhich condition is met?

A. EAP-FAST is used for client authentication on the wireless network.B. Cisco Centralized Key Management is used for Fast Secure Roaming.C. QoS is being used on the WLAN to control which client packets get through the network faster.D. RRM protocol is used between multiple APs that the client associates to while roaming.

Answer: B

QUESTION NO: 4

Which option best describes an evil twin attack?

A. A rouge access point broadcasting a trusted SSID

Cisco 642-736: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com 2

Actua

lTests

.com

B. A rogue access point broadcasting any SSIDC. A rouge ad-hoc with the SSID "Free WiFi"D. A rouge access point spreading malware upon client connection

Answer: A

QUESTION NO: 5

Which two configuration parameters does NAC OOB require on a SSID/WLAN? (Choose two.)

A. WMM enabled on the WLANB. Open authentication on the WLANC. AAA override configuration on the WLAND. 802.1x configuration on the WLAN

Answer: B,D

QUESTION NO: 6

Which two 802.11 frame types can be used in a virtual carrier (big NAV) attack? (Choose two.)

A. AssociationB. ACKC. CTSD. BeaconE. De-authentication

Answer: B,C

QUESTION NO: 7

When adding the foreign controller as a mobility group member in the guest anchor controller,which statement is true?

A. The mobility group name on the guest anchor controller must match the mobility group name onthe foreign controller.B. The mobility group member IP address and MAC address belong to the management interfaceof the foreign controller.C. To successfully add the foreign controller as a mobility group member in the guest anchorcontroller, all the parameters defined in the WLAN Security, QoS, and Advanced tabs must beconfigured identically in both the anchor and foreign controller.



Actua

lTests

.com

D. In the guest anchor controller GUI, WLANs > Mobility Anchors page, use the Switch IP Address(Anchor) drop-down menu to select the IP address corresponding to the management interface ofthe anchor controller.

Answer: B

QUESTION NO: 8 DRAG DROP

Drop Click and drag the WLAN Qos level on the left to its intended usage on the right.

Answer:

Explanation:

QUESTION NO: 9

For wireless NAC out-of-band operations, which protocol is used between the Cisco NACAppliance Manager and the wireless controller to switch the wireless client from the quarantine



Actua

lTests

.com

VLAN to the access VLAN after the client passed the NAC authentication/posture assessmentprocess?

A. RADIUSB. TACACS+C. SNMPD. SSLE. EAP

Answer: C

QUESTION NO: 10

Which WLAN option, when enabled, allows different wireless clients to be connected to differentVLANs based on the returned RADIUS attributes from the AAA server?

A. H-REAPB. Override interface ACLC. NAC stateD. Cisco CKME. Auth-proxyF. Allow AAA override

Answer: F

QUESTION NO: 11

Which two statements about the EAP-FAST client-server authentication protocol are true?(Choose two.)

A. EAP-FAST establishes secure tunnel between the client and the server using certificates.B. PAC can be distributed manually (out-of-band provisioning) or automatically (in-bandprovisioning).C. EAP-FAST protocol uses PAC keys to establish secure encrypted tunnels between client andserver.

D. Secure passwords are used to generate PAC key for creating secure TTLS tunnel between theclient and the server.

Answer: B,C



Actua

lTests

.com

QUESTION NO: 12

When deploying guest WLAN access using the anchor controller, which is used to transport theguest data traffic between the foreign and anchor controllers?

A. UDP port 16666B. UDP port 16667C. IP protocol 97D. UDP port 161E. UDP port 162

Answer: C

QUESTION NO: 13

What are the configuration steps, in order, for implementing wireless guest users using the foreignand anchor controllers approach?

A. 1) RF mobility group2) lobby ambassador3) SSIDB. 1) mobility domain name2) mobility group3) web portalC. 1) anchor controller2) WLAN3) local guest server4) lobby administratorD. 1) anchor controller2) mobility group3) guest WLAN4) guest account management

Answer: D

QUESTION NO: 14

When troubleshooting clients on the Diagnostic channel, which two statements are true? (Choosetwo.)

A. When turning the Diagnostic channel on the WLAN, the WLAN becomes disabled.B. Only clients with Cisco Compatible Extensions enabled can be used for troubleshooting on theDiagnostic channel.



Actua

lTests

.com

C. Up to two WLAN can be turned on with Diagnostic channel at the same time.D. Only Cisco-manufactured wireless cards are available for the Diagnostic channeltroubleshooting.

Answer: A,B

QUESTION NO: 15

Which ports are used by CAPWAP?

A. UDP 12222 and 12223B. UDP 5246 and 5247C. UDP 16666 and 16667D. UDP 161 and 162E. TCP 12222 and 12223F. TCP 16666 and 16667

Answer: B

QUESTION NO: 16

What can prevent an eavesdropping attack?

A. AES encryptionB. WEP encryptionC. Not broadcasting an SSIDD. Reduced output power on the APE. Reduced output power on the AP and client

Answer: A

QUESTION NO: 17

Which two things should you verify if the Cisco NAC Guest Server is configured on the networkand the client cannot access the guest network? (Choose two.)

A. The controller can ping Cisco NAC Guest Server.B. The controller can mping and eping Cisco NAC Guest Server.C. AAA override is enabled on the guest WLAN.D. Controllers and Cisco NAC Guest Server are in the same mobility group.



Actua

lTests

.com

Answer: A,C

QUESTION NO: 18

To assign Cisco Airespace vendor-specific attributes to a wireless client, the wireless controllerneeds to be defined as which type of AAA client in Cisco Secure ACS Server?

A. TACACS+B. RADIUS (IETF)C. RADIUS (Cisco Aironet)D. RADIUS (Cisco Airespace)

Answer: D

QUESTION NO: 19

Which two statements about EAP-FAST operation are true when the Cisco Secure ACS isconfigured to support anonymous in-band PAC provisioning? (Choose two.)

A. An anonymous Diffie-Hellman TLS handshake will be used between the wireless client and theCisco Secure ACS.B. A digital certificate will be required on the client and on the Cisco Secure ACS.C. EAP-MSCHAP will be used as the only inner method in phase zero to authenticate the client.D. Cisco Secure ACS will provision the wireless client with a PAC using a TLS tunnel.E. Cisco Secure ACS will verify the user identity by doing a binary comparison of the end-usercertificate to the user certificate stored in Active Directory.

Answer: A,C

QUESTION NO: 20

Which WLAN security feature enables clients to securely roam from one access point to anotherwithout the need to reauthenticate to the RADIUS server?

A. CKIPB. TKIPC. CCKMD. 802.1xE. WPA2

Answer: C



Actua

lTests

.com

QUESTION NO: 21

Which configuration option can make the shared secret between the controller and the RADIUSserver more secure?

A. RFC 3576 Dynamic Authorization Extensions supportB. AES key wrapC. IPsecD. single connectE. 3DES encryption

Answer: B

QUESTION NO: 22

Which wireless attack can cause most client wireless adapters to lock up?

A. Management frame floodB. Null probe responseC. EAPOL floodD. RF jammingE. Disassociation floodF. Deauthentication flood

Answer: B

QUESTION NO: 23

When is local EAP authentication on the controller used?

A. To authenticate the APs that act as 802.1X supplicantsB. As a backup in case the APs cannot reach the controllersC. As a backup in case the RADIUS servers are not reachableD. When deploying guest access using the anchor controller

Answer: C

QUESTION NO: 24



Actua

lTests

.com

What must the client have to be able to use client MFP?

A. Cisco Secure Services ClientB. Diagnostic channels enabledC. Support for broadcast management frames (such as disassociation, deauthentication, or action)D. Cisco Compatible Extensions v5 support and must use either TKIP or AES-CCMP

Answer: D

QUESTION NO: 25

Which controller GUI screen can be used to check the current NAC state of a client?

A. WLANs > Edit > AdvancedB. Controller > Interfaces > EditC. Management > User SessionsD. Monitor > Clients > DetailsE. Security > AAA > Local Net Users

Answer: D

QUESTION NO: 26

Why would the network administrator enable TACACS+ server(s) on the Cisco wireless controllersrather than RADIUS server(s)?

A. To support IBN (AAA overrides)B. To support EAP-FASTC. To support H-REAP APsD. To provide more robust accounting servicesE. To provide more extensive management users authorization services

Answer: E

QUESTION NO: 27

The administrator account on the Cisco NAC Guest Server can be authenticated using which twomethods? (Choose two.)

A. Local DatabaseB. LDAP



Actua

lTests

.com

C. Active DirectoryD. RADIUSE. TACACS+F. Active Directory single sign-on

Answer: A,D

QUESTION NO: 28

Which command tests the mobility ping over UDP?

A. Mping mobility_peer_IP_addressB. Mping port 16666C. Eping mobility_peer_IP_addressD. Eping port 97

Answer: A

QUESTION NO: 29

When implementing an Cisco IPS Sensor in a multi-controller network, what is the recommendedconfiguration?

A. Add the Cisco IPS Sensor to each controller.B. Add the Cisco IPS Sensor to one controller and ensure all controllers are in the same mobilitygroup.C. Add the Cisco IPS Sensor to each controller and ensure all controllers are in the same mobilitygroup.D. Add the Cisco IPS Sensor to one controller and ensure all controllers are on the same Layer 2broadcast domain.

Answer: B

QUESTION NO: 30

The Cisco NAC Guest Server can authenticate the "sponsors" using which four methods?(Choose four.)

A. Authenticates the sponsor accounts directly on the Cisco NAC Guest ServerB. Authenticates sponsors against an existing ADC. Authenticates sponsors against an existing LDAP server



Actua

lTests

.com

D. Authenticates sponsors against a TACACS+ serverE. Authenticates sponsors against a RADIUS serverF. Authenticates the sponsor accounts against the Cisco WCS

Answer: A,B,C,E

QUESTION NO: 31

When using the foreign and anchor controllers for WLAN guest access, which two things shouldyou do if the guest cannot access the web login page? (Choose two.)

A. Verify correct ports are allowed on the firewall.B. Verify the anchor and foreign controllers are in the same subnet.C. Verify the firewall is configured for static one-to-one NAT and not PAT.D. Verify that the client account was created on the anchor controller and the foreign controller.

Answer: A,C

QUESTION NO: 32

What two configuration parameters are usually different on the foreign and anchor controllers?(Choose two.)

A. Guest WLAN SSIDB. Guest WLAN Layer 2 and 3 security policiesC. WLAN mobility anchor configurationD. Interface mapped to the WLAN

Answer: C,D

QUESTION NO: 33

Which three items are needed to execute an effective hijacking attack? (Choose three.)

A. Rogue APB. Rouge DHCP serverC. Operating system of the victimD. RF jammerE. Layer 3 address of the victim

Answer: A,B,D



Actua

lTests

.com


Drop Match the EAP method on the left to its correct description on the right.

Answer:

Explanation:


DropClick and drag the communication method on the left to its correct usage on right for AdaptiveWIPS Operations.

Answer:



Actua

lTests

.com

Explanation:

QUESTION NO: 36

Which three information items does Spectrum Expert provide to Cisco WCS about an interferingdevice? (Choose three.)

A. Type of interfering deviceB. Bandwidth of the interfererC. Power of the interfererD. Exact location of the interfererE. Spectrum capture of the device's transmission

Answer: A,B,C

QUESTION NO: 37

Which two statements about the switch port tracing feature are true? (Choose two.)

A. Cisco WLC performs switch port tracing using the Rogue Location Discovery Protocol.B. Cisco WCS uses CDP to perform switch port tracing.C. Switch port tracing has an option to trace the switch port or another option to shut down theswitch port.D. The detecting AP connects as a client to the rogue AP to track down the switch port the rougeAP is connected to.



Actua

lTests

.com

E. Switch port tracing uses the detected RF characteristics and known properties of the managedRF network to locate the switch port the rogue AP is connected to.

Answer: B,C

QUESTION NO: 38

When management frame protection is enabled, what does the AP add?

A. Cisco PMK keysB. Cisco Aironet extensions to control framesC. Frame Check Sequence to each management frameD. Message integrity check information element to each management frame

Answer: D

QUESTION NO: 39

Which Adaptive wIPS component is the central point or alarm aggregation from all controllers andtheir respective Adaptive wIPS monitor mode APs and is where the alarm information and forensicfiles are stored for archival purposes?

A. Cisco WCSB. Cisco IPS applianceC. Cisco MSED. Cisco MARS applianceE. Cisco Secure ACS

Answer: C


DropClick and drag the security solution on the left to its correct description to the right.



Actua

lTests

.com

Answer:

Explanation:

QUESTION NO: 41

What is required on the controller for performing local EAP-TLS authentication?

A. Protected access credentialsB. 802.1x supplicantC. Access to the RADIUS serverD. Access to an external LDAP databaseE. A Cisco-installed or vendor-specific device digital certificate



Actua

lTests

.com

Answer: E

QUESTION NO: 42

Which level of rogue location capability is available on Cisco WCS when no context-aware orlocation server is implemented?

A. Real-time rogue location by floor onlyB. Real-time rogue location for one rogue onlyC. On-demand rogue location by floor onlyD. On-demand rogue location for one rogue only

Answer: D

QUESTION NO: 43

Which two situations permit Cisco WCS to successfully trace a rogue to a switch port? (Choosetwo.)

A. The rogue is broadcasting an infrastructure SSID.B. The rogue has a client associated.C. The rogue's wired MAC address is equal to or +1/-1 of the rogue's wireless MAC address.D. The rogue is on the same switch as a CAPWAP AP.E. The rogue has been identified using RLDP.

Answer: B,C

QUESTION NO: 44

When deploying Cisco Unified Wireless Network solutions, what is typically connected to theenterprise's firewall DMZ?

A. Cisco NAC Appliance ServerB. Cisco NAC Appliance ManagerC. Foreign controllerD. Anchor controllerE. Cisco IPS SensorF. Cisco MSE

Answer: D



Actua

lTests

.com

QUESTION NO: 45

When adding a new Local Net User on the controller, what happens if the Guest User check box isselected?

A. Web authentication will be enabled on the guest account.B. The amount of time the guest user has access to the local network will be limited.C. The controller will authenticate the guest account using the Cisco NAC Guest Server.D. The guest user traffic will be associated to the guest VLAN.E. 802.1x authentication will be disabled on the guest account.

Answer: B

QUESTION NO: 46

Referring to the debug aaa all enable output shown, which statement is true?

A. The permit and/or deny statements within the "User1" ACL have been configured on the CiscoSecure ACS.



Actua

lTests

.com

B. The wireless client failed the LEAP authentication.C. The wireless client will not have a successful network connection since the Cisco Secure ACSis not returning the AVPs for sending the VLAN information to the controller.D. The wireless client will not have a successful network connection since the Cisco Secure ACSis not returning the AVPs for sending the Interface information to the controller.E. The wireless client traffic will be restricted by the "User1" ACL on the controller.F. AAA override has been enabled on the WLAN causing the wireless client to be authenticatedusing the local user database on the controller.

Answer: E

QUESTION NO: 47

Which two traits make a rogue the most dangerous in terms of security vulnerability? (Choosetwo.)

A. Rogue using open securityB. Rogue on the same channel as infrastructure APsC. Rogue having a strong RSSID. Rogue attached to the wired networkE. Rogue broadcasting an SSID

Answer: A,D

QUESTION NO: 48

An RF jamming attack can be mitigated with which tactic?

A. Access point MFPB. Access point and client-side MFPC. 802.11iD. Changing channels

Answer: D

QUESTION NO: 49

Why is the guest LAN configured on the foreign controller?

A. To support wired guest usersB. To support web guest access



Actua

lTests

.com

C. To support wireless guest usersD. To support anchor controllers

Answer: A

QUESTION NO: 50

Which two attacks are examples of Layer 2 denial of service attacks? (Choose two.)

A. RF jammingB. CTS floodC. TCP reset floodingD. EAPOL-Logoff floodE. PING flood

Answer: B,D

QUESTION NO: 51

Which authentication protocol does H-REAP AP local authentication support?

A. TTLSB. EAP-TLSC. EAP-PEAPD. LEAP

Answer: D

QUESTION NO: 52

Cisco Wireless LAN Controller web authentication can use which three databases? (Choosethree.)

A. LDAPB. TACACS+C. RADIUSD. Local database of a controller

Answer: A,C,D



Actua

lTests

.com

QUESTION NO: 53

Which two options are supported when deploying wireless NAC out-of-band implementations?(Choose two.)

A. Cisco NAS in virtual gateway modeB. WLANs with allow AAA overide enabledC. Cisco NAC Guest Server integration with the Cisco NAMD. Dynamic VLAN mappings on the Cisco NAS based on the returned RADIUS attributes fromCisco Secure ACSE. Autonomous APs

Answer: A,C

QUESTION NO: 54

ACLs configured on the controller can be applied to which three options? (Choose three.)

A. InterfacesB. Mobility groupsC. WLANsD. PortsE. CPU

Answer: A,C,E

QUESTION NO: 55

Which IETF RADIUS attributes can be used for dynamic VLAN assignment?

A. 27, 28B. 28, 65, 81C. 64, 65, 81D. 81, 82, 83

Answer: C

QUESTION NO: 56

For wireless NAC OOB implementation, the Cisco WLC is added on the Cisco NAC ApplianceManager as what kind of device?



Actua

lTests

.com

A. RADIUS clientB. RADIUS serverC. SNMP trap receiverD. OOB management deviceE. OOB virtual gateway

Answer: D

QUESTION NO: 57

What does the Cisco Wireless LAN Controller allow AAA override configuration apply to theWLAN?

A. Layer 2 security policiesB. Layer 3 security policiesC. Configurations from the RADIUS serverD. Cisco Aironet Information Elements

Answer: C

QUESTION NO: 58

When will the controller retrieve the shun list from the Cisco IP Sensor?

A. Whenever a signature is triggered at the Cisco IP SensorB. Whenever a signature is triggered at the controllerC. When the controller receives an SNMP trap from the Cisco IP SensorD. When rogue APs or wireless clients have been detectedE. At regular configurable intervals

Answer: E

QUESTION NO: 59

Which communication method is used between the Cisco WLC and the Cisco Security MARSAppliance?

A. SYSLOGB. SSHC. SNMPD. FTP



Actua

lTests

.com

E. SSLF. RADIUS

Answer: C

QUESTION NO: 60

Which default port(s) are used for communications between the controller and the Cisco IPSSensor?

A. TCP port 80B. TCP port 443C. UDP ports 16666 and 16667D. UDP ports 161 and 162E. UDP ports 5246 and 5247

Answer: B

QUESTION NO: 61

Which method is available for authentication of Cisco lightweight access points before they areallowed to connect to the wired network?

A. ACLB. TACACS+ authentication/authorizationC. NAC in-bandD. NAC out-of-bandE. 802.1x EAP-FASTF. Local authentication on the controller

Answer: E

QUESTION NO: 62

What is the function of the "Passthrough" configuration under WLANs > Edit > Security > WebPolicy?

A. Guest authentication is passed through to the Cisco NAC Guest Server and it will contain theuser database to authenticate the guest user.B. Enable the controller to redirect the web authentication to an external web authenticationserver.



Actua

lTests

.com

C. Enable the controller to redirect the web authentication to the Cisco NAC Guest Server, whichacts as an external web authentication server.D. Bypass user authentication and allow open access with an option for a user to enter an emailaddress before connecting.

Answer: D

QUESTION NO: 63

When will you need to enable AP local authentication and add local users on the AP?

A. When the Cisco WLC cannot communicate with the RADIUS server(s)B. When enabling local EAP authentication on the Cisco WLCC. When using 801.X authentication on the APD. When deploying the AP in H-REAP modeE. When enabling fast secure roaming with Cisco CKM or PKC

Answer: D

QUESTION NO: 64

Which two actions can controller lobby ambassadors perform? (Choose two.)

A. Create a guest user account.B. Limit the total amount of guest accounts.C. Specify amount of time guest users remain active.D. Set the time when the guest user account expires.

Answer: A,C

QUESTION NO: 65

What must be enabled on the WLAN to support IBN?

A. NAC stateB. Allow AAA overrideC. Override interface ACLD. Local EAP authenticationE. H-REAP local switching

Answer: B



Actua

lTests

.com

QUESTION NO: 66

Which two roles does the Cisco MSE serve in an Adaptive wIPS deployment? (Choose two.)

A. Packet by packet processing for triggering attack alarmsB. Alarm archivalC. Rogue detectionD. Forensics (packet capture) storage

Answer: B,D

QUESTION NO: 67

Which function does a rogue detector access point perform?

A. RLDPB. Switch port tracingC. Rogue AP containmentD. Identifying a rogue AP on the wired network

Answer: D

QUESTION NO: 68

Which APs support H-REAP?

A. Cisco Aironet 1400 series APsB. Cisco Aironet 1500 series APsC. Cisco Aironet 1230 and 1120 series APsD. Cisco Aironet 1130, 1140, 1240, and 1250 series APs

Answer: D

QUESTION NO: 69

Which EAP types does Cisco Secure ACS support?

A. Cisco 802.1x, Cisco EAPB. Cisco LEAP, Cisco Webauth



Actua

lTests

.com

C. Cisco LEAP, EAP-Fast, EAP-TLS, PEAPD. Cisco LEAP, EAP-Fast, EAP-TTLS, PEAP

Answer: C

QUESTION NO: 70

Cisco MFP is used to protect which types of class 3 management frames?

A. Control, Authentication, AssociationB. Association, Authentication, Clear-to-sendC. Disassociation, Deauthentication, QoS WMM action framesD. Acknowledgement, Authentication, Contention Free End

Answer: C

QUESTION NO: 71

Dynamic VLAN assignment can be done on a Cisco Wireless LAN Controller using which twoattributes? (Choose two.)

A. TACACS+ attributesB. RADIUS IETF attributesC. Cisco Airespace VSAD. RADIUS Cisco Aironet

Answer: B,C

QUESTION NO: 72

The basic EAP protocol consists of which packet types?

A. EAP pass-thru, EAPOLB. EAP failure, EAP successC. EAP acknowledge, EAP successD. EAP request, EAP response, EAP success, EAP failure

Answer: D

QUESTION NO: 73



Actua

lTests

.com

The Cisco Unified wireless solution provides which three wired-side tracing techniques? (Choosethree.)

A. Switch port tracingB. Adaptive wIPSC. RLDPD. Auto ContainmentE. Rogue DetectorF. H-REAP

Answer: A,C,E

QUESTION NO: 74

Where do the guest WLANs have to be configured when using the foreign and anchor controllerapproach?

A. Anchor controllers onlyB. Both foreign and anchor controllersC. Every controller in the mobility groupD. Foreign controllers only that manage AP with guest access

Answer: B

QUESTION NO: 75

When deploying guest WLAN access using the anchor controller, the foreign controller initiates theEoIP tunnel to the anchor controller through which interface?

A. Any interfaceB. Ap-manager interfaceC. Management interfaceD. Virtual interface

Answer: C

QUESTION NO: 76

What is necessary for web authentication in a Cisco Wireless LAN Controller?

A. Layer 2 security feature



Actua

lTests

.com

B. Layer 3 security featureC. WPAD. WPA2 enabledE. 802.1x authentication enabled

Answer: B

QUESTION NO: 77

Refer to the exhibit. This topology diagram is for wireless NAC out-of-band operations. Whenconfiguring the interface on the controller to support the NAC-enabled WLAN, which VLAN is thequarantine VLAN and which VLAN is the access VLAN?

A. VLAN 176 is the quarantine VLAN and VLAN 175 is the access VLAN.B. VLAN 176 is the quarantine VLAN and VLAN 11 is the access VLAN.C. VLAN 175 is the quarantine VLAN and VLAN 176 is the access VLAN.D. VLAN 175 is the quarantine VLAN and VLAN 11 is the access VLAN.E. VLAN 75 is the quarantine VLAN and VLAN 175 is the access VLAN.F. VLAN 75 is the quarantine VLAN and VLAN 176 is the access VLAN.

Answer: A

QUESTION NO: 78

If DHCP services are implemented on the anchor controller, what is locally populated in theprimary DHCP server field?

A. DHCP relay IP addressB. Next-hop router IP addressC. Firewall DMZ interface IP address



Actua

lTests

.com

D. Management IP address of the controller

Answer: D

QUESTION NO: 79

How does Cisco implement infrastructure MFP?

A. Encrypting the management frames sent between APs and Cisco Compatible Extensions v5clientsB. Using a digital signature mechanism to insert a MIC into 802.11 management framesC. Using a secured EoIP management tunnel between the APs and controllersD. Using AES to encrypt all management frames between the clients, aps, and controllersE. Using 802.1X to authentication the APs

Answer: B

QUESTION NO: 80

What is the Cisco NAC Guest Server account management used for?

A. To deploy external guest management for billing purposesB. To allow guests to roam across controllersC. To allow lobby ambassadors to manage more than 2,000 guest usersD. To have more than one lobby administratorE. To allow web authentication via external portal

Answer: A

QUESTION NO: 81

Which two options are valid for configuring a controller IDS signature rule?(Choose two.)

A. Quiet timeB. Mac frequencyC. Source addressD. Destination addressE. Frequency band

Answer: A,B



Actua

lTests

.com

QUESTION NO: 82

Which two descriptions of mpings and epings are true? (Choose two.)

A. mpings run over UDP port 16666.B. mpings run over UDP port 16667 and epings run over port 16666.C. epings run over EoIP.D. mpings test mobility data packet reachability and epings test mobility control packetreachability.E. mpings run over the management interface and epings run over the virtual interface.F. mpings and epings are useful tools for troubleshooting the lightweight APs.

Answer: A,C

QUESTION NO: 83

Which three 802.1x Authentication Modes can be configured with Cisco Secure Services Clientsupplicant? (Choose three.)

A. EAP-FASTB. EAP-TLSC. EAP-TTLSD. LEAP-GTCE. PEAP-TLS

Answer: A,B,C

QUESTION NO: 84

Which two steps are required for creating a wired guest user? (Choose two.)

A. Create WLAN on the anchor controller only.B. Select the management interface as the egress interface.C. Create the management interface in the egress interface.D. Select the interface you created as the guest LAN interface in the ingress interface menu.

Answer: B,D

QUESTION NO: 85



Actua

lTests

.com

When using Cisco Secure Services Client to configure a wireless LAN connection that uses EAP-FAST, which three options are available as the inner authentication method? (Choose three.)

A. GTCB. PACC. MSChapV2D. TLSE. PAPF. Pre-shared key

Answer: A,C,D



642-736

Documents

onthe foreign controller

guest anchor controller

dualcontroller configuration

wlan answer

b question

controller release v5

guest anchorcontroller

wired guest access support