Cisco 300-430 Practice Test - Questions Answers, Page 13
Question list
List of questions
Related questions
A wireless engineer must configure access control on a WLC using a TACACS+ server for a company that is implementing centralized authentication on network devices. Which role value must be configured under the shell profile on the TACACS+ server for a user with read-only permissions?
ADMIN
MANAGEMENT
MONITOR
READ
The CTO of an organization wants to ensure that all Android devices are placed into a separate VLAN on their wireless network. However, the CTO does not want to deploy ISE. Which feature must be implemented on the Cisco WLC?
WLAN local policy
RADIUS server overwrite interface
AAA override
custom AVC profile
Refer to the exhibit.
A wireless engineer has integrated the wireless network with a RADIUS server. Although the configuration on the RADIUS is correct, users are reporting that they are unable to connect. During troubleshooting, the engineer notices that the authentication requests are being dropped. Which action will resolve the issue?
Allow connectivity from the wireless controller to the IP of the RADIUS server.
Provide a valid client username that has been configured on the RADIUS server.
Configure the shared-secret keys on the controller and the RADIUS server.
Authenticate the client using the same EAP type that has been set up on the RADIUS server.
What must be configured on the Global Configuration page of the WLC for an AP to use 802.1x to authenticate to the wired infrastructure?
local access point credentials
RADIUS shared secret
TACACS server IP address
supplicant credentials
For security purposes, an engineer enables CPU ACL and chooses an ACL on the Security > Access Control Lists > CPU Access Control Lists menu. Which kind of traffic does this change apply to as soon as the change is made?
wireless traffic only
wired traffic only
VPN traffic
wireless and wired traffic
Refer to the exhibit.
An engineer is creating an ACL to restrict some traffic to the WLC CPU. Which selection must be made from the direction drop- down list?
It must be Inbound because traffic goes to the WLC.
Packet direction has no significance; it is always Any.
It must be Outbound because it is traffic that is generated from the WLC.
To have the complete list of options, the CPU ACL must be created only by the CLI.
An engineer must implement a CPU ACL that blocks web management traffic to the controller, but they also must allow guests to reach a Web Authentication Redirect page. To which IP address is guest client HTTPS traffic allowed for this to work?
DNS server IP
controller management IP
virtual interface IP
client interface IP
An engineer needs to configure an autonomous AP for 802.1x authentication. To achieve the highest security an authentication server is used for user authentication. During testing, the AP fails to pass the user authentication request to the authentication server. Which two details need to be configured on the AP to allow communication between the server and the AP? (Choose two.)
username and password
PAC encryption key
RADIUS IP address
shared secret
group name
A customer wants the APs in the CEO’s office to have different usernames and passwords for administrative support than the other APs deployed throughout the facility. Which feature must be enabled on the WLC and APs to achieve this goal?
local management users
HTTPS access
802.1X supplicant credentials
override global credentials
An engineer configured a Cisco AireOS controller with two TACACS+ servers. The engineer notices that when the primary TACACS+ server fails, the WLC starts using the secondary server as expected, but the WLC does not use the primary server again until the secondary server fails or the controller is rebooted. Which cause of this issue is true?
Fallback is enabled
Fallback is disabled
DNS query is disabled
DNS query is enabled
Question