Question 6 of 53
An engineer is configuring a BYOD deployment strategy and prefers a single SSID model. Which technology is required to accomplish this configuration?
Answer

Suggested Answer

The suggested answer is C.

Please refer to the section "Single SSID Wireless BYOD Self Registration" of the below mentioned link.
Reference: http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-61-BYOD-Onboarding_Registering_and_Provisioning.pdf
Question 7 of 53
When you configure BYOD access to the network, you face increased security risks and challenges. Which challenge is resolved by deploying digital client certificates?
Answer

Suggested Answer

The suggested answer is D.

Deploying digital certificates to endpoint devices requires a network infrastructure that provides the security and flexibility to enforce different security policies, regardless of where the connection originates. This solution focuses on providing digital certificate enrollment and provisioning while enforcing different permission levels.
Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html
Question 8 of 53
Scenario -
Refer to the exhibit. The East-WLC-2504A controller has been configured for WPA2 + PSK, although it isnt working properly. Refer to the exhibit to resolve the configuration issues.

WLAN ID: 11 -

Profile Name: Contractors -

SSID: Contractors -

VLAN: 2 -
Note, not all menu items, text boxes, or radio buttons are active.

Topology -
Exam 300-375: Question 8 - Image 1

Virtual Terminal -
Exam 300-375: Question 8 - Image 2
Exam 300-375: Question 8 - Image 3
Exam 300-375: Question 8 - Image 4
Exam 300-375: Question 8 - Image 5
Exam 300-375: Question 8 - Image 6
Which configuration changes need to be made to allow WPA2 + PSK to operate properly on the East-WLC-2504A controller? (Choose four.)
Answer

Suggested Answer

The suggested answer is B, F, J.

Question 9 of 53
Refer to the exhibit.
Exam 300-375: Question 9 - Image 1
What is the 1.1.1.1 IP address?
Answer

Suggested Answer

The suggested answer is F.

Web Authentication Process -
This is what occurs when a user connects to a WLAN configured for web authentication:
✑ The user opens a web browser and enters a URL, for example, http://www.cisco.com. The client sends out a DNS request for this URL to get the IP for the destination. The WLC bypasses the DNS request to the DNS server and the DNS server responds back with a DNS reply, which contains the IP address of the destination www.cisco.com. This, in turn, is forwarded to the wireless clients.
✑ The client then tries to open a TCP connection with the destination IP address. It sends out a TCP SYN packet destined to the IP address of www.cisco.com.
✑ The WLC has rules configured for the client and hence can act as a proxy for www.cisco.com. It sends back a TCP SYN-ACK packet to the client with source as the IP address of www.cisco.com. The client sends back a TCP ACK packet in order to complete the three way TCP handshake and the TCP connection is fully established.
✑ The client sends an HTTP GET packet destined to www.cisco.com. The WLC intercepts this packet and sends it for redirection handling. The HTTP application gateway prepares a HTML body and sends it back as the reply to the HTTP GET requested by the client. This HTML makes the client go to the default webpage URL of the WLC, for example, http://<Virtual-Server-IP>/login.html.
✑ The client closes the TCP connection with the IP address, for example, www.cisco.com.
✑ Now the client wants to go to http://1.1.1.1/login.html. Therefore, the client tries to open a TCP connection with the virtual IP address of the WLC. It sends a
TCP SYN packet for 1.1.1.1 to the WLC.
✑ The WLC responds back with a TCP SYN-ACK and the client sends back a TCP ACK to the WLC in order to complete the handshake.
✑ The client sends a HTTP GET for /login.html destined to 1.1.1.1 in order to request for the login page.
✑ This request is allowed up to the Web Server of the WLC, and the server responds back with the default login page. The client receives the login page on the browser window where the user can go ahead and log in.
Reference: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html#backinfo
Question 10 of 53
A customer is concerned about denial of service attacks that impair the stable operation of the corporate wireless network. The customer wants to purchase mobile devices that will operate on the corporate wireless network. Which IEEE standard should the mobile devices support to address the customer concerns?
Answer

Suggested Answer

The suggested answer is A.

The IEEE goal with 802.11w is to protect management frames in 802.11 networks. This therefore provides wireless networks within organisations the protection against numerous DoS attacks targeted at the Media Access Control (MAC) layer 2. The 802.11w standard will look to provide protection in the following ways:
Protecting unicast management frames from forgery and disclosure attacks by encrypting the unicast management frames between an access point and the client. Protecting broadcast management frames from forgery attacks.
Protecting broadcast deauthentication and disassociation frames from forgery attacks.
Reference: https://www.sans.org/reading-room/whitepapers/wireless/80211-denial-service-attacks-mitigation-2108 (Please refer to section "802.11w to the rescue")