Demo Edition

© 2014 - 2015 Troy Tec, LTD All Rights Reserved

Implementing Advanced Cisco Unified Wireless Security v2.0

Exam: 642-737

642-737

1 http://www.troytec.com

QUESTION: 1

Which protocol port(s) need open access for communication between the MSE and

WLC?

A. UDP 16666 and 16667

B. UDP 5247 and 5264

C. UDP 161 and 162

D. UDP 16113

E. TCP 16113

Answer: E

QUESTION: 2

When do NAC out-of-band deployments require user traffic to traverse through the Cisco

NAC Server?

A. posture assessment only

B. 802.1X and EAP authentication and remediation

C. posture assessment and remediation

D. 802.1X and EAP authentication, posture assessment, and remediation

Answer: C

QUESTION: 3

What three items can be found on the Wireless Control System PCI DSS Compliance

Report? (Choose three.)

A. all authentication and encryption violations

B. all ACL violations and reports

C. all IDS threats

D. detailed association history for clients connected to the network

E. all SSIDs not using Client Exclusion

F. all access points that have rogue detection enabled

Answer: A, C, D

QUESTION: 4

The Cisco WLC v7.0 is configured for external 802.1X and EAP by using the WPA2

association of wireless clients when using the Cisco Secure ACS v4.2. Which two items

are required in the Cisco Secure ACS network configuration to enable correct AAA?

642-737

2 http://www.troytec.com

(Choose two.)

A. AP IP address

B. WLC virtual IP address

C. WLC management IP address

D. WLC AP management IP address

E. hostname matching the WLC case-sensitive name

F. authentication using RADIUS

G. authentication using TACACS+

Answer: C, F

QUESTION: 5

How do you configure the Cisco Secure ACS v4.2 and Cisco WLC v7.0 to provide the

most flexibility for the management of authorized access on the WLC?

A. Local management user defined on the WLC

B. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS

(Cisco Airespace)

C. The WLC configured for RADIUS and the Cisco Secure ACS configured for RADIUS

(IETF)

D. The WLC configured for TACACS+ and the Cisco Secure ACS configured for

TACACS+ (Cisco Airespace)

E. The WLC configured for TACACS+ and the Cisco Secure ACS configured for

TACACS+ (Cisco IOS)

Answer: E

QUESTION: 6

A network administrator is assigning a one-to-one association for VLAN to wireless

WLAN or SSID. Given the implementation of a Cisco 2500 Series controller using v7.0,

how many WLANs can be created?

A. 8

B. 16

C. 32

D. 64

E. 128

F. 254

G. 512

642-737

3 http://www.troytec.com

Answer: B

QUESTION: 7

Refer to the exhibit.

What is the effect of setting Client Exclusion to Enabled and set to a Timeout Value of 0

seconds in a Cisco WLC v7.0?

A. Excluded clients must be manually removed from the excluded list.

B. Client exclusion will not occur.

C. Client exclusion timeout will be determined by the IDS module.

D. Clients will only be disconnected and not excluded.

Answer: A

QUESTION: 8

DRAG DROP

642-737

4 http://www.troytec.com

Answer:

Exhibit

QUESTION: 9

An engineer is configuring IDS signatures and sets Bcast deauth to enabled and

immediately begins to see Broadcast deauthentication frame alerts. What Cisco

recommended solution would resolve this issue?

A. disable Bcast deauth

B. disable Broadcast SSID on the WLAN

C. enable MFP on the WLAN

D. locate and disable the attacker

Answer: C

642-737

5 http://www.troytec.com

QUESTION: 10

Which one of the options is related to U.S. Federal Trade Commission safeguard rules for

financial institutions to protect customer information?

A. ISO

B. IEEE

C. IETF

D. Wi-Fi Alliance

E. PCI

F. HIPAA

G. GLBA

Answer: G

QUESTION: 11

Which three parameters can be communicated between a Cisco WLC v7.0 and Cisco

Compatible Extensions v4-enabled client to improve a secure roaming connection?

(Choose three.)

A. minimum SNR

B. transition time

C. scan threshold

D. hysteresis

E. PER

F. MIC errors

Answer: B, C, D

QUESTION: 12

When deploying wireless Cisco NAC OOB operations, which device signals the WLC to

switch a user from a quarantine VLAN to an access VLAN?

A. Cisco NAC Appliance Manager

B. Cisco NAC Appliance Server

C. Cisco NAC Guest Server

D. Cisco ACS

E. Cisco WCS

Answer: A

642-737

6 http://www.troytec.com

QUESTION: 13

Which statement correctly describes the usage of the debug command in a Cisco Unified

Wireless Network?

A. Debug is enabled until manual shut off.

B. Debug is available on the WLC serial console and web interface.

C. Debug is a restricted command and is not available in the AP CLI.

D. Debug is a message logging severity 7.

Answer: D

QUESTION: 14

Which option correctly lists the EAP protocol(s) that can be configured on an

autonomous AP for local authentication?

A. MAC

B. LEAP and EAP-FAST

C. MAC, LEAP, and EAP-FAST

D. MAC, EAP-FAST, EAP-PEAP, and EAP-TLS

Answer: C

QUESTION: 15

When deploying wireless Cisco NAC OOB operations, which appliance performs VLAN

mappings to map the quarantine VLANs to the access VLANs?

A. Cisco NAC Appliance Manager

B. Cisco NAC Appliance Server

C. Cisco NAC Guest Server

D. Cisco Wireless LAN Controller

E. the Layer 3 switch that connects the Cisco WLC to the Cisco NAC appliances

Answer: B

QUESTION: 16

Wireless NAC single sign-on uses which type of RADIUS records to notify the Cisco

NAC Appliance Manager about the authenticated wireless clients?

642-737

7 http://www.troytec.com

A. accounting records

B. authentication records

C. authentication and accounting records

D. preauthentication records

Answer: A

QUESTION: 17

Which type of attack is a result of a WLAN being overwhelmed by 802.1X

authentication requests?

A. NetStumbler attack

B. EAPOL flood signature

C. management flood signatures

D. broadcast deauthentication frame signatures

E. NULL probe response signatures

Answer: B

QUESTION: 18

An engineer is configuring the anchor controller for a guest network. What setting in the

guest WLAN can be different from the foreign controllers?

A. VLAN

B. radio policy

C. QOS setting

D. WLAN advanced settings

Answer: A

QUESTION: 19

Which two things should you verify if the Cisco NAC Guest Server is configured on the

network and the client cannot access the guest network? (Choose two.)

A. The controller can ping the Cisco NAC Guest Server.

B. The controller can mping and eping the Cisco NAC Guest Server.

C. AAA override is enabled on the guest WLAN.

D. Controllers and the Cisco NAC Guest Server are in the same mobility group.

642-737

8 http://www.troytec.com

Answer: A, C

QUESTION: 20

A lobby ambassador is creating guest access accounts. At which two locations can the

accounts be stored? (Choose two.)

A. NAC guest server

B. Active directory

C. WLAN controller

D. WCS

E. ACS

Answer: C, D

642-737

9 http://www.troytec.com