New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

300-430 Implementing Cisco Enterprise Wireless Networks (300-430 ENWLSI) Questions and Answers

Questions 4

What is the maximum time range that can be viewed on the Cisco DNA Center issues and alarms page?

Options:

A.

3 hours

B.

24 hours

C.

3 days

D.

7 days

Buy Now
Questions 5

An engineer has successfully implemented 10 active RFID tags in an office environment. The tags are not visible when the location accuracy is tested on the Cisco CMX Detect and Locate window. Which setting on Cisco CMX allows the engineer to view the tags?

Options:

A.

Enable RFID tags in tracking options.

B.

Enable probing clients for active tags.

C.

Define an RFID group globally and add the tags.

D.

Enable hyperlocation services for RFID.

Buy Now
Questions 6

An engineer has configured the wireless controller to authenticate clients on the employee SSID against Microsoft Active Directory using PEAP authentication.

Which protocol does the controller use to communicate with the authentication server?

Options:

A.

EAP

B.

802.1X

C.

RADIUS

D.

WPA2

Buy Now
Questions 7

Refer to the exhibit.

Which COS to DSCP map must be modified to ensure that voice traffic is tagged correctly as it traverses the network?

Options:

A.

COS of 6 to DSCP 46

B.

COS of 3 to DSCP 26

C.

COS of 7 to DSCP 48

D.

COS of 5 to DSCP 46

Buy Now
Questions 8

Which AP model of the Cisco Aironet Active Sensor is used with Cisco DNA Center?

Options:

A.

1800s

B.

3600e

C.

3800s

D.

4800i

Buy Now
Questions 9

A wireless network has been implemented to enable multicast video to be streamed reliably over the wireless link to the wireless users. After a client reports that the video is unable to stream, the administrator determines that the client is connecting at a data rate of 12 Mbps and is trying to stream to a valid multicast address on the network. Which two actions must be applied? (Choose two.)

Options:

A.

Turn off IGMP snooping for all the configured WLANs on the controller.

B.

Implement video-stream for the multicast video on the controller.

C.

Allow multicast-direct to work correctly and multicast-direct to be enabled globally.

D.

Change the WLAN QoS value to Bronze for the WLAN that multicast will be enabled.

E.

Allow RTSP to stream the video due to wireless multicast not using acknowledgements.

Buy Now
Questions 10

In a Cisco WLAN deployment, it is required that all Aps from branch1 remain operational even if the control plane CAPWAP tunnel is down because of a WAN failure to headquarters. Which operational mode must be configured on the APs?

Options:

A.

disconnected

B.

standalone

C.

lightweight

D.

connected

Buy Now
Questions 11

Refer to the exhibit.

An engineer has deployed the Cisco CMX solution to track and detect the number of users who visit the office each day. The CMX dashboard is not showing any data. Which action resolves this issue?

Options:

A.

Configure Single Sign-On authentication.

B.

Add the WLCs to CMX.

C.

Copy the exported Maps from CMX server to PI using SCP.

D.

Install an evaluation license to CMX server.

Buy Now
Questions 12

A customer requires wireless traffic from the branch to be routed through the firewall at corporate headquarters. A RADIUS server is in each branch location. Which Cisco FlexConnect configuration must be used?

Options:

A.

central authentication and local switching

B.

central authentication and central switching

C.

local authentication and local switching

D.

local authentication and central switching

Buy Now
Questions 13

An engineer is setting up a WLAN to work with a Cisco ISE as the AAA server. The company policy requires that all users be denied access to any resources until they pass the validation. Which component must be configured to achieve this stipulation?

Options:

A.

WPA2 passkey

B.

AAA override

C.

CPU ACL

D.

preauthentication ACL

Buy Now
Questions 14

An engineer is implementing a FlexConnect group for access points at a remote location using local switching but central DHCP. Which client feature becomes available only if this configuration is changed?

Options:

A.

multicast

B.

static IP

C.

fast roaming

D.

mDNS

Buy Now
Questions 15

A network administrator managing a Cisco Catalyst 9800-80 WLC must place all iOS connected devices to the guest SSID on VLAN 101. The rest of the clients must connect on VLAN 102 distribute load across subnets. To achieve this configuration, the administrator configures a local policy on the WLC. Which two configurations are required? (Choose two.)

Options:

A.

Assign a policy map under global security policy settings.

B.

Add local profiling policy under global security policy settings.

C.

Create a service template.

D.

Allow HTTP and DHCP profiling under policy map.

E.

Enable device classification on global wireless settings.

Buy Now
Questions 16

Which condition introduce security risk to a BYOD policy?

Options:

A.

enterprise-managed MDM platform used for personal devices

B.

access to LAN without implementing MDM solution

C.

enforcement of BYOD access to internet only network

D.

enterprise life-cycle enforcement of personal device refresh

Buy Now
Questions 17

An engineer is configuring a new wireless network for guest access. The Facebook page of the company must be viewed by the guest users before they get access to the network. A Cisco MSE is used as a wireless component. Which URL must be used in the configuration as the external redirection URL?

Options:

A.

http:// :8083/visitor/login.do

B.

http:// :8083/fbwifi/forward

C.

http:// :8084/visitor/login.do

D.

http:// :8084/fbwifi/forward

Buy Now
Questions 18

A corporation has employees working from their homes. A wireless engineer must connect 1810 OEAP at remote teleworker locations. All configuration has been completed on the controller side, but the network readiness is pending. Which two configurations must be performed on the firewall to allow the AP to join the controller? (Choose two.)

Options:

A.

Block UDP ports 1812 and 1813 on the firewall.

B.

Enable NAT Address on the 5520 with an Internet-routable IP address.

C.

Configure a static IP on the OEAP 1810.

D.

Allow UDP ports 5246 and UDP port 5247 on the firewall.

E.

Allow UDP ports 12222 and 12223 on the firewall.

Buy Now
Questions 19

An engineer configures a Cisco Aironet 600 Series OfficeExtend AP for a user who works remotely. What is configured on the Cisco WLC to allow the user to print a printer on his home network?

Options:

A.

split tunneling

B.

SE-connect

C.

FlexConnect

D.

AP failover priority

Buy Now
Questions 20

A network administrator managing a Cisco Catalyst 9800-80 WLC must place all iOS connected devices to the guest SSID on VLAN 101. The rest of the clients must connect on VLAN 102 distribute load across subnets. To achieve this configuration, the administrator configures a local policy on the WLC. Which two configurations are required? (Choose two.)

Options:

A.

Assign a policy map under global security policy settings.

B.

Add local profiling policy under global security policy settings.

C.

Create a service template.

D.

Allow HTTP and DHCP profiling under policy map.

E.

Enable device classification on global wireless settings.

Buy Now
Questions 21

A corporation has a wireless network where all access points are configured in FlexConnect. The WLC has a Data WLAN and a VoWiFi WLAN implemented where centrally-switched SSID is configured for the APs. Which QoS configuration must be implemented for the wireless packets to maintain the marking across the wired and wireless network?

Options:

A.

Set QoS to Platinum.

B.

Enable CAC.

C.

Allow WMM.

D.

Trust DSCP.

Buy Now
Questions 22

An enterprise started using WebEx as a virtual meeting solution. There is a concern that the existing wireless network will not be able to support the increased amount of traffic as a result of using WebEx. An engineer needs to remark the QoS value for this application to ensure high quality in meetings. What must be implemented to accomplish this task?

Options:

A.

QoS preferred call index

B.

UP to DSCP map

C.

AVC profiles

D.

WLAN quality of service profile

Buy Now
Questions 23

A Cisco 8540 WLC manages Cisco Aironet 4800 Series Aps and sends AoA data to a Cisco CMX 3375 Appliance for Hyperlocation. The load from the WLC is distributed to another virtual CMX server using CMX grouping. The virtual CMX server shows location RSSI data and not Hyperlocation. No AoA metrics are shown on the metrics page of the CMX virtual appliance under System > Metrics > Location Metrics. How must the network administrator resolve this issue?

Options:

A.

Enable Wireless > Access Points > Global Configuration> Enable Hyperlocation on the WLC.

B.

Enable the HALO module on the CMX appliance for the data collection.

C.

Allow port 2003 for AoA packets to flow through between the CMX appliances.

D.

Use one Hyperlocation-enabled WLC and CMX for AoA data.

Buy Now
Questions 24

An engineer must enable LSS for the AppleTV mDNS service only when ORIGIN is set to Wired. Which action meets this requirement?

Options:

A.

Set ORIGIN to Wired. Enable LSS by using the config mdns service Iss All command.

B.

Set ORIGIN to Wired. Enable LSS by using the config mdns service Iss AppleTV command.

C.

Set ORIGIN to either Wireless or All. Enable LSS by using the config mdns service Iss All command.

D.

Set ORIGIN to either Wireless or All. Enable LSS by using the config mdns service Iss enable AppleTV command.

Buy Now
Questions 25

What is the default IEEE 802.1x AP authentication configuration on a Cisco Catalyst 9800 Series Wireless Controller?

Options:

A.

EAP-PEAP with 802.1x port authentication

B.

EAP-TLS with 802.1x port authentication

C.

EAP-FAST with CAPWAP DTLS + port authentication

D.

EAP-FAST with CAPWAP DTLS

Buy Now
Questions 26

A company wants to switch to BYOD to reduce IT support costs for the company. Which option is an impact of BYOD should be considered?

Options:

A.

increased VPN connections

B.

restricted device enforcement

C.

increased phishing attacks

D.

decreased support calls

Buy Now
Questions 27

Which two steps are needed to complete integration of the MSE to Cisco Prime Infrastructure to track the location of clients/rogues on maps? (Choose two.)

Options:

A.

Synchronize access points with the MSE.

B.

Add the MSE to Cisco Prime Infrastructure using the CLI credentials.

C.

Add the MSE to Cisco Prime Infrastructure using the Cisco Prime Infrastructure communication credentials.

D.

Apply a valid license for Wireless Intrusion Prevention System.

E.

Apply a valid license for location tracking.

Buy Now
Questions 28

An engineer is using Cisco Prime Infrastructure reporting to monitor the state of security on the WLAN. Which output is produced when the Adaptive wIPS Top 10 AP report is run?

Options:

A.

last 10 wIPS events from monitor mode APs

B.

last 10 wIPS events from sniffer mode APs

C.

last of 10 sniffer mode APs with the most wIPS events

D.

last of 10 monitor mode APs with the most wIPS events

Buy Now
Questions 29

The security learn is concerned about the access to all network devices, including the Cisco WLC. To permit only the admin subnet to have access to management, a CPU ACL is created and applied. However, guest users cannot get to the web portal. What must be configured to permit only admins to have access?

Options:

A.

The guest portal must be configured on the CPU ACLs on the Cisco WLC.

B.

Access to Cisco ISE must be allowed on the pre authentication ACL.

C.

Management traffic from the guest network must be configured on the ACL rules. D. Traffic toward the virtual interface must be permitted.

Buy Now
Questions 30

An IT administrator deploys Cisco 2802i APs in all office locations, including main campus and branch offices. The WLC that manages the APs is located at the data center on the main campus. The APs on the main campus are configured to use Local mode and the APs in the branches use FlexConnect mode. Which configuration must be applied to the APs for corporate devices on the main campus to be mapped to the local LAN switch on different VLANs according to the VLAN tag ID and WLAN?

Options:

A.

Enable Central DHCP Processing.

B.

Disable FlexConnect Local Auth

C.

Enable FlexConnect Local Switching.

D.

Disable VLAN-based Central Switching.

Buy Now
Questions 31

An engineer must use Cisco AVC on a Cisco WLC to prioritize Cisco IP cameras that use the wireless network. Which element do you configure in a rule?

Options:

A.

permit-ACL

B.

WMM required

C.

mark

D.

rate-limit

Buy Now
Questions 32

A controller shows that an AP in your environment is detecting interference, but the AP health score in Cisco DNA Center is unaffected. What are two reasons that Cisco DNA Center is ignoring the interference? (Choose two.)

Options:

A.

The interference is less than or equal to 30% on the 2.4 GHz radio.

B.

The interference is less than or equal to 50% on the 2.4 GHz radio.

C.

Cisco DNA Center includes only Cisco CleanAir interferers in the AP health score.

D.

The interference is less than or equal to 30% on the 5 GHz radio.

E.

Cisco DNA Center does not include interference in the AP health score.

Buy Now
Questions 33

What is the Cisco recommended configuration for a Cisco switch port connected to an AP in local mode for optimal voice over WLAN performance with an 8821 wireless phone?

Options:

A.

switchport encapsulation dot1q

switchport mode trunk

mls qos trust device cisco-phone

B.

switchport mode access

mls qos trust device cisco-phone

C.

switchport mode access mls qos trust cos

D.

switchport mode access mls qos trust dscp

Buy Now
Questions 34

Where is a Cisco OEAP enabled on a Cisco Catalyst 9800 Series Wireless Controller?

Options:

A.

RF Profile

B.

Flex Profile

C.

Policy Profile

D.

AP Join Profile

Buy Now
Questions 35

An engineer is implementing Cisco Identity-Based Networking on a Cisco AireOS controller. The engineer has two ACLs on the controller. The first ACL, named BASE_ACL, is applied to the corporate_clients interface on the WLC, which is used for all corporate clients. The second ACL, named HR_ACL, is referenced by ISE in the Human Resources group policy. What is the resulting ACL when a Human Resources user connects?

Options:

A.

HR_ACL appended with BASE_ACL

B.

HR_ACL only

C.

BASE_ACL appended with HR_ACL

D.

BASE_ACL only

Buy Now
Questions 36

An engineer has been hired to implement a way for users to stream video content without having issues on the wireless network. To accomplish this goal, the engineer must set up a reliable way for a Media Stream to work between Cisco FlexConnect APs. Which feature must be enabled to guarantee delivery?

Options:

A.

Unicast Direct

B.

IGMP Direct

C.

Multicast Direct

D.

Multicast-to-Unicast Direct

Buy Now
Questions 37

A network engineer must segregate all IPads on the guest WLAN to a separate VLAN. How does the engineer accomplish this task without using Cisco

ISE?

Options:

A.

Create a local policy on the WLC.

B.

Use 802.1x authentication to profile the devices.

C.

Use an mDNS profile for the iPad device.

D.

Enable RADIUS DHCP profiling on the WLAN.

Buy Now
Questions 38

An enterprise started using WebEx as a virtual meeting solution. There is a concern that the existing wireless network will not be able to support the increased amount of traffic as a result of using WebEx. An engineer needs to remark the QoS value for this application to ensure high quality in meetings. What must be implemented to accomplish this task?

Options:

A.

QoS preferred call index

B.

UP to DSCP map

C.

AVC profiles

D.

WLAN quality of service profile

Buy Now
Questions 39

A FlexConnect remote office deployment is using five 2702i APs indoors and two 1532i APs outdoors. When a code upgrade is performed and FlexConnect Smart AP Image Upgrade is leveraged, but no FlexConnect Master AP has been configured, how many image transfers between the WLC and APs will occur?

Options:

A.

1

B.

2

C.

5

D.

7

Buy Now
Questions 40

A network engineer must get an autonomous AP to authenticate to the upstream switch via IEEE 802.1 X. Drag and drop the commands from the left onto the right to complete the configuration.

Options:

Buy Now
Questions 41

Which EAP method can an AP use to authenticate to the wired network?

Options:

A.

EAP-GTC

B.

EAP-MD5

C.

EAP-TLS

D.

EAP-FAST

Buy Now
Questions 42

Refer to the exhibit.

A customer has implemented Cisco FlexConnect deployments with different WLANs around the globe and is opening a new branch in a different location. The engineer’s task is to execute all the wireless configuration and to suggest how to configure the switch ports for new APs. Which configuration must the switching team use on the switch port?

Options:

A.

trunk mode

B.

access mode

C.

single VLAN

D.

multiple VLAN

Buy Now
Questions 43

Which two protocols are used to communicate between the Cisco MSE and the Cisco Prime Infrastructure network management software? (Choose two.)

Options:

A.

HTTPS

B.

Telnet

C.

SOAP

D.

SSH

E.

NMSP

Buy Now
Questions 44

Refer to the exhibit.

An engineer is creating an ACL to restrict some traffic to the WLC CPU. Which selection must be made from the direction drop- down list?

Options:

A.

It must be Inbound because traffic goes to the WLC.

B.

Packet direction has no significance; it is always Any.

C.

It must be Outbound because it is traffic that is generated from the WLC.

D.

To have the complete list of options, the CPU ACL must be created only by the CLI.

Buy Now
Questions 45

Refer to the exhibit.

Which COS to DSCP map must be modified to ensure that voice traffic is tagged correctly as it traverses the network?

Options:

A.

COS of 6 to DSCP 46

B.

COS of 3 to DSCP 26

C.

COS of 7 to DSCP 48

D.

COS of 5 to DSCP 46

Buy Now
Questions 46

An engineer needs read/write access to rename access points and add them to the correct AP groups on a wireless controller. Using Cisco ISE TACACS, which custom attributes is the minimum required?

Options:

A.

role1=WLAN

B.

role1=WLAN role2=SECURITY

C.

role1=WLAN role2=WIRELESS

D.

role1=WIRELESS

Buy Now
Questions 47

Refer to the exhibit.

An engineer deployed a Cisco WLC using local EAP. Users who are configured for EAP-PEAP cannot connect to the network. Based on the local EAP debug on the controller provided, why is the client unable to connect?

Options:

A.

The client is failing to accept certificate.

B.

The Cisco WLC is configured for the incorrect date.

C.

The Cisco WLC local EAP profile is misconfigured.

D.

The user is using invalid credentials.

Buy Now
Questions 48

Which three characteristics of a rogue AP pose a high security risk? (Choose three.)

Options:

A.

open authentication

B.

high RSSI

C.

foreign SSID

D.

accepts clients

E.

low RSSI

F.

distant location

Buy Now
Questions 49

An engineer set up identity-based networking with ISE and configured AAA override on the WLAN. Which two attributes must be used to change the client behavior from the default settings? (Choose two.)

Options:

A.

DHCP timeout

B.

DNS server

C.

IPv6 ACL

D.

DSCP value

E.

multicast address

Buy Now
Questions 50

An IT department receives a report of a stolen laptop and has information on the MAC address of the laptop. Which two settings must be set on the wireless infrastructure to determine its location? (Choose two.)

Options:

A.

Location History for Clients must be enabled on the MSE.

B.

Client location tracking must be enabled on the MSE.

C.

Location History for Visitors must be enabled on the MSE.

D.

Location History for Rogue APs & Rogue Clients must be enabled on the MSE.

E.

Tracking optimization must be enabled on the WLC.

Buy Now
Questions 51

Refer to the exhibit.

An engineer must restrict some subnets to have access to the WLC. When the CPU ACL function is enabled, no ACLs in the drop-down list are seen. What is the cause of the problem?

Options:

A.

The ACL does not have a rule that is specified to the Management interface.

B.

No ACLs have been created under the Access Control List tab.

C.

When the ACL is created, it must be specified that it is a CPU ACL.

D.

This configuration must be performed through the CLI and not though the web GUI.

Buy Now
Questions 52

An enterprise has two WLANs configured on WLC. It is reported that when converting APs to FlexConnect mode, WLAN A works but WLAN B does not. When converting APs to local mode, WLAN B works, but WLAN A does not. Which action is needed to complete this configuration?

Options:

A.

Create a Cisco FlexConnect group with WLAN-VLAN mapping.

B.

Disable local switching on the WLANs.

C.

Map the AP group to the WLAN interface.

D.

Join the APs to a Cisco FlexConnect group.

Buy Now
Questions 53

An engineer is responsible for a wireless network for an enterprise. The enterprise has distributed offices around the globe, and all APs are configured in FlexConnect mode. The network must be configured to support 802.11r and CCKM. What needs to be implemented to accomplish this goal?

Options:

A.

Enable VLAN-based central switching.

B.

Enable FlexConnect local authentication.

C.

Enable FlexConnect local switching.

D.

Create FlexConnect groups.

Buy Now
Questions 54

The CTO of an organization wants to ensure that all Android devices are placed into a separate VLAN on their wireless network. However, the CTO does not want to deploy ISE. Which feature must be implemented on the Cisco WLC?

Options:

A.

WLAN local policy

B.

RADIUS server overwrite interface

C.

AAA override

D.

custom AVC profile

Buy Now
Questions 55

An engineer is assembling a PCI report for compliance purposes and must include missed best practices that are related to WLAN controllers. The engineer has access to all WLCs, Cisco MSE, and Cisco Prime Infrastructure. Which method most efficiently displays a summary of inconsistencies?

Options:

A.

WLC running-config

B.

Cisco Prime Infrastructure monitoring

C.

Cisco Prime Infrastructure reporting

D.

WLC logs

Buy Now
Questions 56

Which two statements about the requirements for a Cisco Hyperlocation deployment are true? (Choose two.)

Options:

A.

After enabling Cisco Hyperlocation on Cisco CMX, the APs and the wireless LAN controller must be restarted.

B.

NTP can be configured, but that is not recommended.

C.

The Cisco Hyperlocation feature must be enabled on the wireless LAN controller and Cisco CMX.

D.

The Cisco Hyperlocation feature must be enabled only on the wireless LAN controller.

E.

If the Cisco CMX server is a VM, a high-end VM is needed for Cisco Hyperlocation deployments.

Buy Now
Questions 57

Branch wireless users report that they can no longer access services from head office but can access services locally at the site. New wireless users can associate to the wireless while the WAN is down. Which three elements (Cisco FlexConnect state, operation mode, and authentication method) are seen in this scenario? (Choose three.)

Options:

A.

authentication-local/switch-local

B.

WPA2 personal

C.

authentication-central/switch-central

D.

lightweight mode

E.

standalone mode

F.

WEB authentication

Buy Now
Questions 58

An engineer is following the proper upgrade path to upgrade a Cisco AireOS WLC from version 7.3 to 8.9. Which two ACLs for Cisco CWA must be configured when upgrading from the specified codes? (Choose two.)

Options:

A.

Permit 0.0.0.0 0.0.0.0 any DNS any

B.

Permit 0.0.0.0 0.0.0.0 UDP DNS any

C.

Permit 0.0.0.0 0.0.0.0 UDP any DNS

D.

Permit any any any

E.

Permit 0.0.0.0 0.0.0.0 UDP any any

Buy Now
Questions 59

A customer requires wireless traffic from the branch to be routed through the firewall at corporate headquarters. A RADIUS server is in each branch location. Which Cisco FlexConnect configuration must be used?

Options:

A.

central authentication and local switching

B.

central authentication and central switching

C.

local authentication and local switching

D.

local authentication and central switching

Buy Now
Questions 60

Which command set configures a Cisco Catalyst 9800 Series Wireless Controller so that the client traffic enters the network at the AP switch port?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 61

Which three properties are used for client profiling of wireless clients? (Choose three.)

Options:

A.

HTTP user agent

B.

DHCP

C.

MAC OUI

D.

hostname

E.

OS version

F.

IP address

Buy Now
Questions 62

Which two configurations are applied on the WLC to enable multicast, check multicast stream subscriptions, and stream content only to subscribed clients? (Choose two)

Options:

A.

Enable IGMP snooping

B.

Set the IGMP timeout to 180 seconds

C.

Enable broadcast forwarding

D.

Enable 802.3x flow control mode.

E.

Set the AP multicast to 238.255.255.255

Buy Now
Questions 63

When configuring a large, high-availability wireless network, which change to a mobility group creates less load on the controllers and maintains the same mobility messages?

Options:

A.

Configure mobility group multicast messaging.

B.

Remove unnecessary controllers from the mobility group.

C.

Configure the controllers into separate RF groups from the mobility groups.

D.

Separate the controllers into different mobility groups per controller.

Buy Now
Questions 64

What is configured to use more than one port on the OEAP to extend the wired network?

Options:

A.

remote LAN ACL

B.

AAA override

C.

client load balancing

D.

remote LAN

Buy Now
Exam Code: 300-430
Exam Name: Implementing Cisco Enterprise Wireless Networks (300-430 ENWLSI)
Last Update: Dec 22, 2024
Questions: 216

PDF + Testing Engine

$144.99

Testing Engine

$109.99

PDF (Q&A)

$94.99