Which three options are valid client profile probes in Cisco ISE? (Choose three.)
A.
DHCP
B.
802.1X
C.
CCX
D.
NetFlow
E.
TACACS
F.
HTTP
Explanation:
Valid client probes in ISE are:
NetFlow Probe
DHCP Probe
DHCP SPAN Probe
HTTP Probe
RADIUS Probe
DNS Probe
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html
Hello Guys, Anyone is preparing for exam 300-375 now? Can we exchange study materials with each other?
I got some new 300-375 exam questions today and share here with you:
QUESTION
Which attribute on the Cisco WLC v7.0 does RADIUS IETF attribute “Tunnel-Private-Group ID” assign?
A. ACL
B. DSCP
C. QoS
D. VLAN
Answer: D
QUESTION
Which three WLAN polices can be controlled by using the Cisco IBNS on the Cisco WLC and Cisco Secure ACS? (Choose three.)
A. QoS setting
B. VLAN
C. EAP type
D. ACL
E. authentication priority order
F. NAC state
Answer: ABD
QUESTION
An engineer is securing the wireless network from vulnerabilities. Which four strategies are recommended for mitigation? (Choose four.)
A. MFP
B. identity-based networking
C. rogue location
D. EAP-TLS
E. guest monitoring
F. RF profiles
G. rogue detection
H. password policies
Answer: ACEG
QUESTION
Refer to the exhibit. A client reports being unable to log into the wireless network, which uses PEAPv2. Which two issues appear in the output? (Choose two.)
A. There is a problem with the client supplicant.
B. The AP has the incorrect RADIUS server address.
C. The AP has lost IP connectivity to the authentication server.
D. The EAP client timeout value should be increased.
E. The authentication server is misconfigured on the controller.
F. The authentication server is misconfigured in the WLAN.
Answer: AD
QUESTION
When using the Standalone Profile Editor in the Cisco AnyConnect v3.0 to create a new NAM profile, which two statements describe the profile becoming active? (Choose two.)
A. selects the new profile from NAM
B. selects “Network Repair” from NAM
C. becomes active after a save of the profile name
D. ensures use of “configuration.xml” as the profile name
E. ensures use of “config.xml” as the profile name
F. ensures use of “nam.xml” as the profile name
Answer: BD
QUESTION
Which feature should an engineer select to implement the use of VLAN tagging, QoS, and ACLs to clients based on RADIUS attributes?
A. per-WLAN RADIUS source support
B. client profiling
C. AAA override
D. captive bypassing
E. identity-based networking
Answer: C
QUESTION
How should the Cisco Secure ACS v4.2 and the Cisco WLC v7.0 be configured to support wireless client authentication?
A. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (Cisco Airespace)
B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS (IETF)
C. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco Airespace)
D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for TACACS+ (Cisco IOS)
Answer: A
QUESTION
Clients are failing EAP authentication. A debug shows that an EAPOL start is sent and the clients are then de-authenticated. Which two issues can cause this problem? (Choose two.)
A. The WLC certificate has changed.
B. The WLAN is not configured for the correct EAP supplicant type.
C. The shared secret of the WLC and RADIUS server do not match.
D. The WLC has not been added to the RADIUS server as a client.
E. The clients are configured for machine authentication, but the RADIUS server is configured for user authentication.
Answer: CD
And i got these new questions from:https://drive.google.com/drive/folders/0B75b5xYLjSSNR21JWVIyUWFaTWM?usp=sharing
This guy share some new questions there.
Wish more people can give some 300-375 exam pass experience here!
0
0
Beside, someone recommend me to use the following 300-375 PDF and VCE:https://www.braindump2go.com/300-375.html (2017 77Q&As Version)
He told me this dumps is valid enough for 300-375 exam passing…
so anyone here used braindump2go’s pdf or vce before?
Valid enough for passing?
1
0
New 300-375 Exam Questions (Updated 29th/January/2018):
QUESTION 47
On which two ports does the RADIUS server maintain a database and listen for incoming authentication and accounting requests? (Choose two.)
A. UDP 1900
B. UDP port 1812
C. TCP port 1812
D. TCP port 1813
E. UDP port 1813
Answer: BE
QUESTION 48
An engineer must enable EAP on a new WLAN and is ensuring that the necessary components are available. Which component uses EAP and 802.1x to pass user authentication to the authenticator?
A. AP
B. AAA server
C. supplicant
D. controller
Answer: D
QUESTION 49
A corporation has recently implemented a BYOD policy at their HQ. Which three risks should the security director be concerned about? (Choose three.)
A. unauthorized users
B. rogue ad-hocs
C. software piracy
D. lost and stolen devices
E. malware
F. keyloggers
Answer: ACE
QUESTION 50
Which client roam is considered the fastest in a wireless deployment using Cisco IOS XE mobility controllers and mobility agents?
A. Roam within stack members
B. Inlet-SPG roam
C. Interdomain roam
D. Intermobility roam
E. lntra-SPG roam
Answer: E
QUESTION 51
WPA2 Enterprise with 802.1x is being used for clients to authenticate to a wireless network through an ACS server. For security reasons, the network engineer wants to ensure only PEAP authentication can be used. The engineer sent instructions to clients on how to configure their supplicants, but users are still in the ACS logs authentication using EAP- FAST. Which option describes the most efficient way the engineer can ensure these users cannot access the network unless the correct authentication mechanism is configured?
A. Enable AAA override on the SSID, gather the usernames of these users, and disable their RADIUS accounts until they make sure they correctly configured their devices.
B. Enable AAA override on the SSID and configure an access policy in ACS that denies access to the list of MACs that have used EAP-FAST.
C. Enable AAA override on the SSID and configure an access policy in ACS that allows access only when the EAP authentication method is PEAP.
D. Enable AAA override on the SSID and configure an access policy in ACS that puts clients that authenticated using EAP-FAST into a quarantine VLAN.
Answer: D
QUESTION 52
An engineer is configuring a BYOD deployment strategy and prefers a single SSID model. Which technology is required to accomplish this configuration?
A. mobility service engine
B. wireless control system
C. identify service engine
D. Prime Infrastructure
Answer: C
0
0