Question 121
What must be configured on the Global Configuration page of the WLC for an AP to use 802.1x to authenticate to the wired infrastructure?
A. local access point credentials
B. RADIUS shared secret
C. TACACS server IP address
D. supplicant credentials
Question 122
For security purposes, an engineer enables CPU ACL and chooses an ACL on the Security > Access Control Lists > CPU Access Control Lists menu.
Which kind of traffic does this change apply to as soon as the change is made?
A. wireless traffic only
B. wired traffic only
C. VPN traffic
D. wireless and wired traffic
Question 123
Refer to the exhibit. An engineer is creating an ACL to restrict some traffic to the WLC CPU.
Which selection must be made from the direction drop-down list?
A. It must be Inbound because traffic goes to the WLC.
B. Packet direction has no significance; it is always Any.
C. It must be Outbound because it is traffic that is generated from the WLC.
D. To have the complete list of options, the CPU ACL must be created only by the CLI.
Question 124
An engineer must implement a CPU ACL that blocks web management traffic to the controller, but they also must allow guests to reach a Web AuthenticationRedirect page.
To Which IP address is guest client HTTPS traffic allowed for this to work?
A. DNS server IP
B. controller management IP
C. virtual interface IP
D. client interface IP
Question 125
A customer wants the APs in the CEO's office to have different usernames and passwords for administrative support than the other APs deployed throughout the facility.
Which feature must be enabled on the WLC and APs to achieve this goal?
A. local management users
B. HTTPS access
C. 802.1X supplicant credentials
D. override global credentials
Question 126
An engineer configured a Cisco AireOS controller with two TACACS+ servers. The engineer notices that when the primary TACACS+ server fails, the WLC starts using the secondary server as expected, but the WLC does not use the primary server again until the secondary server fails or the controller is rebooted.
Which cause of this issue is true?
A. Fallback is enabled
B. Fallback is disabled
C. DNS query is disabled
D. DNS query is enabled
Question 127
An engineer is implementing RADIUS to restrict administrative control to the network with the WLC management IP address of 192.168.1.10 and an AP subnet of 192.168.2.0/24.
Which entry does the engineer define in the RADIUS server?
A. administrative access defined on the WLC and the network range 192.168.2.0/255.255.254.0
B. NAS entry of the virtual interface and the network range 192.168.2.0/255.255.255.0
C. shared secret defined on the WLC and the network range 192.168.1.0/255.255.254.0
D. WLC roles for commands and the network range 192.168.1.0/255.255.255.0
Question 128
A customer requires wireless traffic from the branch to be routed through the firewall at corporate headquarters. A RADIUS server is in each branch location.
Which Cisco FlexConnect configuration must be used?
A. central authentication and local switching
B. central authentication and central switching
C. local authentication and local switching
D. local authentication and central switching
Question 129
Refer to the exhibit.
An engineer must restrict some subnets to have access to the WLC. When the CPU ACL function is enabled, no ACLs in the drop-down list are seen. What is the cause of the problem?
A. The ACL does not have a rule that is specified to the Management interface.
B. No ACLs have been created under the Access Control List tab.
C. When the ACL is created, it must be specified that it is a CPU ACL.
D. This configuration must be performed through the CLI and not though the web GUI.
Question 130
An engineer configures the wireless LAN controller to perform 802.1x user authentication.
Which configuration must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS?
A. pre-authentication
B. local EAP
C. authentication caching
D. Cisco Centralized Key Management
