300-430 | ExamData

Question#41

A corporation has recently implemented a BYOD policy at their HQ. Which two risks should the security director be concerned about? (Choose two.)

A. network analyzers
B. malware
C. lost and stolen devices
D. keyloggers
E. unauthorized users

Discover Answer

BC

Question#42

When implementing self-registration for guest/BYOD devices, what happens when an employee tries to connect four devices to the network at the same time?

A. The last device is removed and the newly added device is updated as active device.
B. The registration is allowed, but only one device is connected at any given time.
C. All devices are allowed on the network simultaneously.
D. Purge time dictates how long a device is registered to the portal.

Discover Answer

B

Question#43

What is an important consideration when implementing a dual SSID design for BYOD?

A. After using the provisioning SSID, an ACL that used to make the client switch SSIDs forces the user to associate and traverse the network by MAC filtering.
B. If multiple WLCs are used, the WLAN IDs must be exact for the clients to be provisioned and traverse the network correctly.
C. SSIDs for this setup must be configured with NAC State-RADIUS NAC for the clients to authenticate with Cisco ISE, or with NAC State-ISE NAC for Cisco ISE to associate the client.
D. One SSID is for provisioning and the other SSID is for gaining access to the network. The use of an ACL should not be enforced to make the client connect to the REAL SSID after provisioning.

Discover Answer

D

Question#44

Refer to the exhibit. A network administrator deploys the DHCP profiler service in two ISE servers: 10.3.10.101 and 10.3.10.102. All BYOD devices connecting to
WLAN on VLAN63 have been incorrectly profiled and are assigned as unknown profiled endpoints. Which action efficiently rectifies the issue according to Cisco recommendations?

A. Nothing needed to be added on the Cisco WLC or VLAN interface. The ISE configuration must be fixed.
B. Disable DHCP proxy on the Cisco WLC.
C. Disable DHCP proxy on the Cisco WLC and run the ip helper-address command under the VLAN interface to point to DHCP and the two ISE servers.
D. Keep DHCP proxy enabled on the Cisco WLC and define helper-address under the VLAN interface to point to the two ISE servers.

Discover Answer

C

Question#45

Where is a Cisco OEAP enabled on a Cisco Catalyst 9800 Series Wireless Controller?

A. RF Profile
B. Flex Profile
C. Policy Profile
D. AP Join Profile

Discover Answer

B
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/flexconnect.html

Question#46

When configuring a Cisco WLC, which CLI command adds a VLAN with VLAN ID of 30 to a FlexConnect group named BranchA-FCG?

A. config flexconnect BranchA-FCG vlan 30 add
B. config flexconnect BranchA-FCG vlan add 30
C. config flexconnect group BranchA-FCG vlan 30 add
D. config flexconnect group BranchA-FCG vlan add 30

Discover Answer

D

Question#47

Refer to the exhibit. A customer has implemented Cisco FlexConnect deployments with different WLANs around the globe and is opening a new branch in a different location. The engineer's task is to execute all the wireless configuration and to suggest how to configure the switch ports for new APs. Which configuration must the switching team use on the switch port?

A. trunk mode
B. access mode
C. single VLAN
D. multiple VLAN

Discover Answer

A

Question#48

A corporation is spread across different countries and uses MPLS to connect the offices. The senior management wants to utilize the wireless network for all the employees. To ensure strong connectivity and minimize delays, an engineer needs to control the amount of traffic that is traversing between the APs and the central WLC. Which configuration should be used to accomplish this goal?

A. FlexConnect mode with central switching enabled
B. FlexConnect mode with central authentication
C. FlexConnect mode with OfficeExtend enabled
D. FlexConnect mode with local authentication

Discover Answer

D

Question#49

An engineer must implement a BYOD policy with these requirements:
✑ Onboarding unknown machines
✑ Easily scalable
✑ Low overhead on the wireless network
Which method satisfies these requirements?

A. triple SSID
B. single SSID
C. open SSID
D. dual SSID

Discover Answer

B

Question#50

A company has a single WLAN configured for 802.1x authentication with the QoS set to Silver. This WLAN supports all corporate and BYOD access. A decision has been made to allow users to install Cisco Jabber on their personal mobile devices. Users report poor voice quality when using Jabber. QoS is being applied only as best effort. What must be configured to ensure that the WLAN remains on the Silver class and to ensure Platinum class for Jabber?

A. Configure QoS on the mobile devices that have Jabber installed.
B. Enable Cisco Centralized Key Management on the WLAN so that the Jabber-enabled devices will connect.
C. Configure the WLAN to broadcast on 5 GHz radios only and allow Jabber users to connect.
D. Configure an AVC profile for the Jabber traffic and apply it to the WLAN.

Discover Answer

D