cisco 300-430 practice test
Implementing Cisco Enterprise Wireless Networks (ENWLSI)
Question 1 Topic 8
Topic 8
An engineer is implementing RADIUS to restrict administrative control to the network with the WLC management IP address
of 192.168.1.10 and an AP subnet of 192.168.2.0/24. Which entry does the engineer define in the RADIUS server?
- A. administrative access defined on the WLC and the network range 192.168.2.0/255.255.254.0
- B. NAS entry of the virtual interface and the network range 192.168.2.0/255.255.255.0
- C. shared secret defined on the WLC and the network range 192.168.1.0/255.255.254.0
- D. WLC roles for commands and the network range 192.168.1.0/255.255.255.0
Answer:
A
Question 2 Topic 8
Topic 8
An engineer configured a Cisco AireOS controller with two TACACS+ servers. The engineer notices that when the primary
TACACS+ server fails, the WLC starts using the secondary server as expected, but the WLC does not use the primary
server again until the secondary server fails or the controller is rebooted. Which cause of this issue is true?
- A. Fallback is enabled
- B. Fallback is disabled
- C. DNS query is disabled
- D. DNS query is enabled
Answer:
B
Question 3 Topic 8
Topic 8
A customer wants the APs in the CEOs office to have different usernames and passwords for administrative support than
the other APs deployed throughout the facility. Which feature must be enabled on the WLC and APs to achieve this goal?
- A. local management users
- B. HTTPS access
- C. 802.1X supplicant credentials
- D. override global credentials
Answer:
C
Question 4 Topic 8
Topic 8
An engineer needs to configure an autonomous AP for 802.1x authentication. To achieve the highest security an
authentication server is used for user authentication. During testing, the AP fails to pass the user authentication request to
the authentication server. Which two details need to be configured on the AP to allow communication between the server
and the AP? (Choose two.)
- A. username and password
- B. PAC encryption key
- C. RADIUS IP address
- D. shared secret
- E. group name
Answer:
C D
Question 5 Topic 8
Topic 8
An engineer must implement a CPU ACL that blocks web management traffic to the controller, but they also must allow
guests to reach a Web Authentication Redirect page. To which IP address is guest client HTTPS traffic allowed for this to
work?
- A. DNS server IP
- B. controller management IP
- C. virtual interface IP
- D. client interface IP
Answer:
C
Question 6 Topic 8
Topic 8
Refer to the exhibit. An engineer is creating an ACL to restrict some traffic to the WLC CPU. Which selection must be made
from the direction drop-down list?
- A. It must be Inbound because traffic goes to the WLC.
- B. Packet direction has no significance; it is always Any.
- C. It must be Outbound because it is traffic that is generated from the WLC.
- D. To have the complete list of options, the CPU ACL must be created only by the CLI.
Answer:
A
Question 7 Topic 8
Topic 8
For security purposes, an engineer enables CPU ACL and chooses an ACL on the Security > Access Control Lists > CPU
Access Control Lists menu. Which kind of traffic does this change apply to as soon as the change is made?
- A. wireless traffic only
- B. wired traffic only
- C. VPN traffic
- D. wireless and wired traffic
Answer:
A
Question 8 Topic 8
Topic 8
What must be configured on the Global Configuration page of the WLC for an AP to use 802.1x to authenticate to the wired
infrastructure?
- A. local access point credentials
- B. RADIUS shared secret
- C. TACACS server IP address
- D. supplicant credentials
Answer:
B
Question 9 Topic 8
Topic 8
Refer to the exhibit. A wireless engineer has integrated the wireless network with a RADIUS server. Although the
configuration on the RADIUS is correct, users are reporting that they are unable to connect.
During troubleshooting, the engineer notices that the authentication requests are being dropped. Which action will resolve
the issue?
- A. Allow connectivity from the wireless controller to the IP of the RADIUS server.
- B. Provide a valid client username that has been configured on the RADIUS server.
- C. Configure the shared-secret keys on the controller and the RADIUS server.
- D. Authenticate the client using the same EAP type that has been set up on the RADIUS server.
Answer:
C
Question 10 Topic 8
Topic 8
The CTO of an organization wants to ensure that all Android devices are placed into a separate VLAN on their wireless
network. However, the CTO does not want to deploy ISE. Which feature must be implemented on the Cisco WLC?
- A. WLAN local policy
- B. RADIUS server overwrite interface
- C. AAA override
- D. custom AVC profile
Answer:
A