CCNP Wireless

Cisco CCNP Wireless 642-737 Exam Practice Questions and Answers: 642-737 IAUWS

Welcome to Easyhometraining! We update all year round! Help everyone improve their skills, 40 of the latest effective
Cisco CCNP Wireless 642-737 exam dumps online learning and 642-737 PDF online download! Want to try to pass the exam for the first time!
Please select: https://www.pass4itsure.com/642-737.html (Q&As:207)

[PDF] Free Cisco CCNP Wireless 642-737 pdf dumps download from Google Drive: https://drive.google.com/open?id=14EXCDrQrSDTnWjAy1TSzBp9p7hX-O4wq

[PDF] Free Full Cisco pdf dumps download from Google Drive: https://drive.google.com/drive/folders/1dq6fv9FX6zSDDoHc3ge-WzVU9SNaUbsH

642-737 IAUWS – Cisco: https://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/iauws.html

Latest effective Cisco CCNP Wireless 642-737 Exam Practice Tests

QUESTION 1
A lobby ambassador is creating guest access accounts. At which two locations can the accounts be stored? (Choose two.)
A. NAC guest server
B. Active directory
C. WLAN controller
D. WCS
E. ACS
Correct Answer: CD

QUESTION 2
An engineer is configuring a Cisco AnyConnect client. What module is selected to allow for reporting and diagnostics?
A. NAM
B. Posture
C. Telemetry
D. VPN
E. DART
Correct Answer: E

QUESTION 3
MFP is enabled globally on a WLAN with default settings on a single controller wireless network. Older client devices are disconnected from the network during a deauthentication attack. What is the cause of this issue?
A. The client devices do not support CCXv5.
B. The client devices do not support WPA.
C. The NTP server is not configured on the controller.
D. The MFP on the WLAN is set to optional.
Correct Answer: A

QUESTION 4
What does the eping mobility_peer_IP_address command do?
A. It tests EoIP connectivity via port 97 though the management interface.
B. It tests EoIP connectivity via port 97 though the AP manager interface.
C. It tests UDP connectivity via port 16666 through the management interface.
D. It tests UDP connectivity via port 16666 through the AP manager interface.
Correct Answer: A

QUESTION 5
When a supplicant and AAA server are configured to use PEAP, which mechanism is used by the client to authenticate the AAA server in Phase One?
A. PMK
B. shared secret keys
C. digital certificate
D. PAC
Correct Answer: C

QUESTION 6
An engineer needs to block SSH traffic going to the WLC, which does not originate on the management interface. Where should the ACL be applied to accomplish this with the least configuration?
A. CPU
B. Management interface
C. WLAN interfaces
D. SSID
Correct Answer: A

QUESTION 7
An engineer is troubleshooting a FlexConnect authentication to a local RADIUS server. What debug command can discover the issue on the controller?
A. debug lwapp reap
B. debug dot11 mgmtmsg
C. debug hreapaaa
D. debug lwapp reap mgmt
Correct Answer: C

QUESTION 8
An engineer is configuring NAC on a Wireless LAN Controller. What two CLI commands are required to create NAC out-of-band integration for SSID Cisco? (Choose two.)
A. config interface quarantine vlan Cisco 10
B. config interface quarantine vlan Cisco 0
C. config wlan nac enable Cisco
D. config guest-lan nac enable Cisco
E. config wlan apgroup nac wlan Cisco
F. config wlan apgroup nac guest-lan Cisco
Correct Answer: AC

QUESTION 9
The Cisco WLC v7.0 is configured for external 802.1X and EAP by using the WPA2 association of wireless clients when using the Cisco Secure ACS v4.2. Which two items are required in the Cisco Secure ACS network configuration to
enable correct AAA? (Choose two.)
A. AP IP address
B. WLC virtual IP address
C. WLC management IP address
D. WLC AP management IP address
E. hostname matching the WLC case-sensitive name
F. authentication using RADIUS
G. authentication using TACACS+
Correct Answer: CF

QUESTION 10
An engineer has narrowed down an authentication issue to the client laptop. What three items should be verified for EAP-TLS authentication? (Choose three.)
A. The user account is the same in the certificate.
B. The Subject Key Identifier is configured correctly.
C. The client certificate is formatted as X.509 version 3.
D. Validate server certificate is disabled.
E. The supplicant is configured correctly.
F. The client certificate has a valid expiration date.
Correct Answer: ACE

QUESTION 11
An engineer is going to enable EAP on a new WLAN and is ensuring he has the necessary components. What component uses EAP and 802.1x to pass user authentication to the authenticator?
A. AP
B. Controller
C. Supplicant
D. AAA Server
Correct Answer: C

QUESTION 12
Refer to the exhibit.pass4itsure 642-737 exam-12Why is the client failing to authenticate with the AAA server?
A. excessive number of authentication attempts for username
B. incorrect read/write credentials for username
C. incorrect IP address being sent by client
D. incorrect authentication for username
Correct Answer: D

QUESTION 13
A Cisco WLC v7.0 has been only initially configured through the console setup CLI wizard. A new AP has just finished association with the controller. What is the default mode of remote access to the AP?
A. HTTPS
B. HTTP
C. SSH
D. Telnet
E. access is disabled
Correct Answer: E

QUESTION 14
Which two firewall protocol port(s) need open access for secure management access to an anchor WLC for guest access? (Choose two.)
A. TCP 22
B. TCP 23
C. TCP 80
D. TCP 8080
E. TCP 443
F. UDP 123
Correct Answer: AE

QUESTION 15
Which option verifies that a wireless client has authenticated to a WLAN when performing NAC using the Cisco NAC Appliance Manager and Server?
A. Cisco CAM OOB Management > Devices > Discovered Clients
B. Cisco CAS OOB Management > Devices > Discovered Clients
C. Cisco CAM Monitor > View Online Users
D. Cisco CAS Monitor > View Online Users
Correct Answer: C

QUESTION 16
Which two fast roaming algorithms will allow a WLAN client to roam to a new AP and re- establish a new session key without a full reauthentication of the WLAN client? (Choose two.)
A. PMK
B. PTK
C. MIC
D. GTK
E. CKM
F. PKC
Correct Answer: EF

QUESTION 17
Customer wants to configure Wireless client authentication using digtial certificates with PKI. What happens after the signer encrypts the hash with the private key of the signer during the certification signature process?
A. The verifier obtains the public key of the signer.
B. The encrypted hash is appended to the document as the signature.
C. The verifier decrypts the signature of the signer using the public key.
D. The verifier makes a hash of the received document and compares it to the decrypted signature hash.
Correct Answer: B

QUESTION 18
What is the default authentication protocol that is used for web authentication?
A. MD5-CHAP
B. CHAP
C. PAP
D. LEAP
Correct Answer: C

QUESTION 19
Which option verifies that a wireless client has associated but is not yet authenticated to a WLAN when performing NAC using the Cisco NAC Appliance Manager and Server?
A. Cisco CAM OOB Management > Devices > Discovered Clients
B. Cisco CAS OOB Management > Devices > Discovered Clients
C. Cisco CAM Monitor > View Online Users
D. Cisco CAS Monitor > View Online Users
Correct Answer: A

QUESTION 20
Configuring the Cisco Secure ACS with a self-signed certificate supports which requirement?
A. when no user certificate is required
B. when a CA-signed certificate is required for the user
C. when a self-signed certificate Class 4 is required for the user
D. when a self-signed certificate Class 0 is required for the user
Correct Answer: A

QUESTION 21
Which type of attack is characterized by an evil twin?
A. DoS
B. man in the middle
C. jamming
D. eavesdropping
Correct Answer: B

QUESTION 22
Employees adjust their wireless laptop for work at the office and when away from the office. What are the two most likely security issues for an employee laptop when connected at the corporate WLAN? (Choose two.)
A. loading a freeware customer contact application
B. configuring a static IP address
C. updating the driver
D. adding a coffee shop wireless HotSpot
Correct Answer: AC

QUESTION 23
Which protocol port(s) need open access when deploying NAC appliances to communicate with the Cisco WLC v7.0 to move an authenticated user from the quarantine VLAN to the access VLAN?
A. UDP 16666
B. UDP 514
C. UDP 5246 and 5247
D. UDP 161 and 162
E. TCP 443
Correct Answer: D

QUESTION 24
Which two considerations must a network engineer have when planning for voice over wireless roaming? (Choose two.)
A. Roaming with only 802.1x authentication requires full reauthentication.
B. Full reauthentication introduces gaps in a voice conversation.
C. Roaming occurs when e phone has seen at least four APs.
D. Roaming occurs when the phone has reached -80 dBs or below.
Correct Answer: AB

QUESTION 25
An engineer would like to use an EAP supplicant that uses PKI to authenticate the WLAN network and client, as well as a client certificate. What EAP method can be used?
A. PEAPv1
B. PEAPv0
C. EAP-FAST
D. EAP-TLS
Correct Answer: D

QUESTION 26
Refer to the exhibit.

pass4itsure 642-737 exam-26

A client reports being unable to log into the wireless network, which uses PEAPv2. Which two issues appear in the output? (Choose two.)
A. There is a problem with the client supplicant.
B. The AP has the incorrect RADIUS server address.
C. The AP has lost IP connectivity to the authentication server.
D. The EAP client timeout value should be increased.
E. The authentication server is misconfigured on the controller.
F. The authentication server is misconfigured in the WLAN.
Correct Answer: AD

QUESTION 27
Which option correctly lists the EAP protocol(s) that can be configured on an autonomous AP for local authentication?
A. MAC
B. LEAP and EAP-FAST
C. MAC, LEAP, and EAP-FAST
D. MAC, EAP-FAST, EAP-PEAP, and EAP-TLS
Correct Answer: C

QUESTION 28
Which three actions can be configured for EAP authentication on a Cisco 1200 Series AP? (Choose three.)
A. Specify the shared secret and ports.
B. Set the EAP Authentication type Priority 1 field to the server IP address under Default Server Priorities.
C. Set the EAP Authentication type Priority 5 field to the server IP address under Default Server Priorities.
D. Enter the IP address of the authentication server in the Server field.
E. Enter the IP address of the management IP address of the Cisco WLC.
F. Specify EAP account on server and ports.
Correct Answer: ABD

QUESTION 29
When using the Microsoft WLAN AutoConfig feature, which 802.1X authentication method is not supported natively by Windows 7?
A. EAP-TLS
B. EAP-FAST
C. PEAP with MS-CHAPv2
D. PEAP with GTC
Correct Answer: B

QUESTION 30
Which device provides IDS and IPS protection in a Cisco Unified Wireless Network against wireless clients with viruses and worms?
A. Cisco NAC Guest Server
B. Cisco Secure Access Control System
C. Cisco WLC
D. Cisco WCS
E. Cisco NAC Appliance Manager
F. Cisco NAC Appliance Server
G. Cisco IPS Appliance
Correct Answer: G

QUESTION 31
An engineer is configuring client MFP. What WLAN Layer 2 security must be selected to use client MFP?
A. 802.1x
B. Static WEP
C. WPA + WPA2
D. CKIP
Correct Answer: C

QUESTION 32
What NAC appliance component is configured to create user roles, meet remediation requirements, and handle checking for device compliance?
A. NGS
B. NAA
C. NAS
D. NAM
Correct Answer: D

QUESTION 33
All users on one of the two guest WLANs are failing to connect after a configuration change was made to a controller. What is the cause of the outage?
A. The interface or VLAN of the anchor controller and foreign controller no longer match.
B. The configuration of the failing WLAN no longer matches the foreign controllers.
C. The address of the NAC guest server has been changed.
D. The DHCP server on the foreign controller was changed.
Correct Answer: B

QUESTION 34
An engineer is configuring 802.1x authentication on an autonomous AP. What two configuration commands must be included on the AP if the RADIUS server IP is 10.9.4.9? (Choose two.)
A. radius-server host 10.9.4.9 auth-port 1812 acct-port 1813 key Cisco123
B. aaa new-model
C. aaa authorization
D. aaa attribute list 10.9.4.9
E. aaa group server radius 10.9.4.9
Correct Answer: AB

QUESTION 35
DRAG DROPpass4itsure 642-737 exam-35

QUESTION 36
DRAG DROPpass4itsure 642-737 exam-36 pass4itsure 642-737 exam-36-1

QUESTION 37
DRAG DROPpass4itsure 642-737 exam-37

QUESTION 38
DRAG DROPpass4itsure 642-737 exam-38

QUESTION 39
DRAG DROPpass4itsure 642-737 exam-39

QUESTION 40
DRAG DROPpass4itsure 642-737 exam-40

We offer more ways to make it easier for everyone to learn, and YouTube is the best tool in the video.
Follow channels: https://www.youtube.com/channel/UCTP5RClZrtMxtRkSvIag0DQ get more useful exam content.

Latest Cisco 642-737 YouTube videos:

Congratulations! The right choice is here! Guaranteed the first attempt to pass the Cisco CCNP Wireless 642-737 exam.

[PDF] Free Cisco 642-737 pdf dumps download from Google Drive: https://drive.google.com/open?id=14EXCDrQrSDTnWjAy1TSzBp9p7hX-O4wq

[PDF] Free Full Cisco pdf dumps download from Google Drive: https://drive.google.com/drive/folders/1dq6fv9FX6zSDDoHc3ge-WzVU9SNaUbsH

Why Pass4itsure?

pass4itsure 642-737

related: https://www.janintraining.com/the-most-recommended-cisco-810-502-dumps/