Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

300-430Free trial

By cisco

Verified

25Q per page

Question 26

What is the maximum time range that can be viewed on the Cisco DNA Center issues and alarms page?

A: 3 hours
B: 24 hours
C: 3 days
D: 7 days

—

Question 27

A wireless engineer must configure access control on a WLC using a TACACS+ server for a company that is implementing centralized authentication on network devices. Which role value must be configured under the shell profile on the TACACS+ server for a user with read-only permissions?

A: ADMIN
B: MANAGEMENT
C: MONITOR
D: READ

—

Question 28

The CTO of an organization wants to ensure that all Android devices are placed into a separate VLAN on their wireless network. However, the CTO does not want to deploy ISE. Which feature must be implemented on the Cisco WLC?

A: WLAN local policy
B: RADIUS server overwrite interface
C: AAA override
D: custom AVC profile

—

Question 29

Refer to the exhibit. A wireless engineer has integrated the wireless network with a RADIUS server. Although the configuration on the RADIUS is correct, users are reporting that they are unable to connect. During troubleshooting, the engineer notices that the authentication requests are being dropped. Which action will resolve the issue?

A: Allow connectivity from the wireless controller to the IP of the RADIUS server.
B: Provide a valid client username that has been configured on the RADIUS server.
C: Configure the shared-secret keys on the controller and the RADIUS server.
D: Authenticate the client using the same EAP type that has been set up on the RADIUS server.

—

Question 30

What must be configured on the Global Configuration page of the WLC for an AP to use 802.1x to authenticate to the wired infrastructure?

A: local access point credentials
B: RADIUS shared secret
C: TACACS server IP address
D: supplicant credentials

—

Question 31

For security purposes, an engineer enables CPU ACL and chooses an ACL on the Security > Access Control Lists > CPU Access Control Lists menu. Which kind of traffic does this change apply to as soon as the change is made?

A: wireless traffic only
B: wired traffic only
C: VPN traffic
D: wireless and wired traffic

—

Question 32

Refer to the exhibit. An engineer is creating an ACL to restrict some traffic to the WLC CPU. Which selection must be made from the direction drop-down list?

A: It must be Inbound because traffic goes to the WLC.
B: Packet direction has no significance; it is always Any.
C: It must be Outbound because it is traffic that is generated from the WLC.
D: To have the complete list of options, the CPU ACL must be created only by the CLI.

—

Question 33

An engineer must implement a CPU ACL that blocks web management traffic to the controller, but they also must allow guests to reach a Web Authentication
Redirect page. To which IP address is guest client HTTPS traffic allowed for this to work?

A: DNS server IP
B: controller management IP
C: virtual interface IP
D: client interface IP

—

Question 34

An engineer needs to configure an autonomous AP for 802.1x authentication. To achieve the highest security an authentication server is used for user authentication. During testing, the AP fails to pass the user authentication request to the authentication server. Which two details need to be configured on the AP to allow communication between the server and the AP? (Choose two.)

A: username and password
B: PAC encryption key
C: RADIUS IP address
D: shared secret
E: group name

—

Question 35

An engineer must implement Cisco Identity-Based Networking Services at a remote site using ISE to dynamically assign groups of users to specific IP subnets. If the subnet assigned to a client is available at the remote site, then traffic must be offloaded locally, and subnets are unavailable at the remote site must be tunneled back to the WLC. Which feature meets these requirements?

A: learn client IP address
B: FlexConnect local authentication
C: VLAN-based central switching
D: central DHCP processing

—

Question 36

A customer wants the APs in the CEO's office to have different usernames and passwords for administrative support than the other APs deployed throughout the facility. Which feature must be enabled on the WLC and APs to achieve this goal?

A: local management users
B: HTTPS access
C: 802.1X supplicant credentials
D: override global credentials

—

Question 37

An engineer configured a Cisco AireOS controller with two TACACS+ servers. The engineer notices that when the primary TACACS+ server fails, the WLC starts using the secondary server as expected, but the WLC does not use the primary server again until the secondary server fails or the controller is rebooted. Which cause of this issue is true?

A: Fallback is enabled
B: Fallback is disabled
C: DNS query is disabled
D: DNS query is enabled

—

Question 38

An engineer is implementing RADIUS to restrict administrative control to the network with the WLC management IP address of 192.168.1.10 and an AP subnet of
192.168.2.0/24. Which entry does the engineer define in the RADIUS server?

A: administrative access defined on the WLC and the network range 192.168.2.0/255.255.254.0
B: NAS entry of the virtual interface and the network range 192.168.2.0/255.255.255.0
C: shared secret defined on the WLC and the network range 192.168.1.0/255.255.254.0
D: WLC roles for commands and the network range 192.168.1.0/255.255.255.0

—

Question 39

A customer requires wireless traffic from the branch to be routed through the firewall at corporate headquarters. A RADIUS server is in each branch location.
Which Cisco FlexConnect configuration must be used?

A: central authentication and local switching
B: central authentication and central switching
C: local authentication and local switching
D: local authentication and central switching

—

Question 40

Refer to the exhibit.

An engineer must restrict some subnets to have access to the WLC. When the CPU ACL function is enabled, no ACLs in the drop-down list are seen. What is the cause of the problem?

A: The ACL does not have a rule that is specified to the Management interface.
B: No ACLs have been created under the Access Control List tab.
C: When the ACL is created, it must be specified that it is a CPU ACL.
D: This configuration must be performed through the CLI and not though the web GUI.

—

Question 41

An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which configuration must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS?

A: pre-authentication
B: local EAP
C: authentication caching
D: Cisco Centralized Key Management

—

Question 42

An IT team is growing quickly and needs a solution for management device access. The solution must authenticate users from an external repository instead of the current local on the WLC, and it must also identify the user and determine what level of access users should have. Which protocol do you recommend to achieve these goals?

A: network policy server
B: RADIUS
C: TACACS+
D: LDAP

—

Question 43

Refer to the exhibit. An engineer must connect a fork lift via a WGB to a wireless network and must authenticate the WGB certificate against the RADIUS server.
Which three steps are required for this configuration? (Choose three.)

A: Configure the certificate, WLAN, and radio interface on WGB.
B: Configure the certificate on the WLC.
C: Configure WLAN to authenticate using ISE.
D: Configure the access point with the root certificate from ISE.
E: Configure WGB as a network device in ISE.
F: Configure a policy on ISE to allow devices to connect that validate the certificate.

—

Question 44

During the EAP process and specifically related to the client authentication session, which encrypted key is sent from the RADIUS server to the access point?

A: WPA key
B: session key
C: encryption key
D: shared-secret key

—

Question 45

A network is set up to support wired and wireless clients. Both types must authenticate using 802.1X before connecting to the network. Different types of client authentication must be separated on a Cisco ISE deployment. Which two configuration items achieve this task? (Choose two.)

A: device profiles
B: policy sets
C: separate networks
D: policy groups
E: policy results

—

Question 46

An engineer must configure Cisco OEAPs for three executives. As soon as the NAT address is configured on the management interface, it is noticed that the WLC is not responding for APs that are trying to associate to the internal IP management address. Which command should be used to reconcile this?

A: config flexconnect office-extend nat-ip-only disable
B: config network ap-discovery nap-ip-only enable
C: config flexconnect office-extend nat-ip-only enable
D: config network ap-discovery nat-ip-only disable

—

Question 47

An engineer is troubleshooting a Cisco CMX high-availability deployment and notices that the primary and backup Cisco CMX servers are both considered primary. Which command must the engineer run on the backup server?

A: cmxha convert backup
B: cmxha backup convert
C: cmxha secondary convert
D: cmxha convert secondary

—

Question 48

A network administrator managing a Cisco Catalyst 9800-80 WLC must place all iOS connected devices to the guest SSID on VLAN 101. The rest of the clients must connect on VLAN 102 distribute load across subnets. To achieve this configuration, the administrator configures a local policy on the WLC. Which two configurations are required? (Choose two.)

A: Assign a policy map under global security policy settings.
B: Add local profiling policy under global security policy settings.
C: Create a service template.
D: Allow HTTP and DHCP profiling under policy map.
E: Enable device classification on global wireless settings.

—

Question 49

An engineer is assembling a PCI report for compliance purposes and must include missed best practices that are related to WLAN controllers. The engineer has access to all WLCs, Cisco MSE, and Cisco Prime Infrastructure. Which method most efficiently displays a summary of inconsistencies?

A: WLC running-config
B: Cisco Prime Infrastructure monitoring
C: Cisco Prime Infrastructure reporting
D: WLC logs

—

Question 50

An engineer is ensuring that, on the IEEE 802.1X wireless network, clients authenticate using a central repository and local credentials on the Cisco WLC. Which two configuration elements must be completed on the WLAN? (Choose two.)

A: TACACS+
B: MAC authentication
C: local EAP enabled
D: web authentication
E: LDAP server

—

Page 2 of 12 • Questions 26-50 of 283

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!