Check answers here:
Chapters 20 – 21: Wireless Security and Connectivity Exam Answers
Quiz-summary
0 of 33 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
Information
CCNP ENCOR v8 Chapters 20 – 21: Wireless Security and Connectivity Test Online
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 33 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- Answered
- Review
-
Question 1 of 33
1. Question
1 pointsWhich term describes the role of a Cisco switch in the 802.1X port-based access control?Correct
Incorrect
Hint
802.1X port-based authentication defines specific roles for the devices in the network: Client (Supplicant) – The device that requests access to LAN and switch services Switch (Authenticator) – Controls physical access to the network based on the authentication status of the client Authentication server – Performs the actual authentication of the client -
Question 2 of 33
2. Question
1 pointsWhat method of wireless authentication is dependent on a RADIUS authentication server?Correct
Incorrect
Hint
WPA2 Enterprise relies on an external RADIUS server to authenticate clients when they attempt to connect. WEP and WPA/WPA2 Personal both use a pre-shared key that the clients must know in order to authenticate. -
Question 3 of 33
3. Question
1 pointsWhich wireless encryption method is the most secure?Correct
Incorrect
Hint
IEEE 802.11i and WPA2 both use the Advanced Encryption Standard (AES) for encryption. AES is currently considered the strongest encryption protocol. WPA2 does not use TKIP (Temporal Key Integrity Protocol). It is WPA that uses TKIP. Although WPA provides stronger encryption than WEP, it is is not as strong as WPA2 (AES). -
Question 4 of 33
4. Question
1 pointsA network administrator is configuring a RADIUS server connection on a Cisco 3500 series WLC. The configuration requires a shared secret password. What is the purpose for the shared secret password?Correct
Incorrect
Hint
The RADIUS protocol uses security features to protect communications between the RADIUS server and clients. A shared secret is the password used between the WLC and the RADIUS server. It is not for end users. -
Question 5 of 33
5. Question
1 pointsWhich WLAN security protocol avoids attacks by strengthening the key exchange between clients and APs using a method known as Simultaneous Authentication of Equals?Correct
Incorrect
Hint
With WPA-Personal and WPA2-Personal modes, a malicious user can eavesdrop and capture the four-way handshake between a client and an AP. WPA3-Personal avoids such attacks by strengthening the key exchange between clients and APs through a method knows as SAE (Simultaneous Authentication of Equals). -
Question 6 of 33
6. Question
1 pointsWhich configuration is supported as the authentication server for implementation of 802.1X on Cisco devices?Correct
Incorrect
Hint
The RADIUS security system with EAP extensions is the only supported authentication server to be used in 802.1X port-based authentication. -
Question 7 of 33
7. Question
1 pointsA network administrator of a small advertising company is configuring WLAN security on a Cisco WLC. The administrator decides to use the WPA2 PSK authentication method. On which OSI layer does WPA2 PSK provide security?Correct
Incorrect
Hint
Protocols such as WPA2 (PSK and Enterprise) and 802.1x are used to provide Layer 2 WLAN security by requiring successful authentication before access to the WLAN is allowed. -
Question 8 of 33
8. Question
1 pointsWhich WLAN security measure requires a special backend authentication server?Correct
Incorrect
Hint
In an WLAN (802.1x) environment with EAP, the actual client authentication is done using a back-end server like Radius even though the client is able to authenticate with the AP. -
Question 9 of 33
9. Question
1 pointsWhat advantage does WPA2 have over WPA?Correct
Incorrect
Hint
WPA2 uses the encryption algorithm AES (Advanced Encryption Standard) which is a stronger algorithm than WPA is, which uses TKIP (Temporal Key Integrity Protocol.) WPA was created to replace WEP (Wired Equivalent Privacy) which was easily compromised. However, the WPA TKIP had to take into account the older devices still using WEP on the network and as a result still had some of the WEP vulnerabilities. This was overcome with the creation of WPA2. -
Question 10 of 33
10. Question
1 pointsMatch the wireless security settings to the description. (Not all options are used.)Correct
Incorrect
-
Question 11 of 33
11. Question
1 pointsA network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN?Correct
Incorrect
Hint
When a WLAN is configured with WPA2 PSK, wireless users must know the pre-shared key to associate and authenticate with the AP. -
Question 12 of 33
12. Question
1 pointsA network administrator is configuring a WLAN with WPA2 Enterprise on a Cisco 3500 series WLC. Client authentications will be handled by a RADIUS server. Which tab should the administrator use to add the RADIUS server information?Correct
Incorrect
Hint
To configure the WLC with the RADIUS server information, click the SECURITY tab > RADIUS > Authentication . Click New… to add the RADIUS server information. -
Question 13 of 33
13. Question
1 pointsWhich situation is an example of EAP deployment?Correct
Incorrect
Hint
In a 802.1x WLAN environment, WPA2 with EAP (Extensible Authentication Protocol) allows for a back-end authentication server like Radius. In this environment, even though the supplicant is authenticated by the AP, the actual authentication process is carried out by the back-end Radius server through the WLAN controller. -
Question 14 of 33
14. Question
1 pointsWhich three statements concerning wireless network security are accurate? (Choose three.)Correct
Incorrect
Hint
A wireless client first authenticates with an AP and then associates for network access. WPA versions use a four-way handshake procedure to exchange a pre-shared key between a client and an AP. WPA3-Personal prevents attackers from being able to use a key to unencrypt data that was already transmitted over the air. -
Question 15 of 33
15. Question
1 pointsA network administrator is configuring security for new WLANs on a Cisco WLC. Which client authentication mode should the administrator use for a large scale deployment?Correct
Incorrect
Hint
To secure wireless connections on a WLAN, you can leverage one of the three WPA versions (WPA1, WPA2, or WPA3). All three WPA versions support two client authentication modes: Pre-Shared Key (PSK) or personal mode for smaller scale deployments 802.1x or enterprise mode for larger scale deployments -
Question 16 of 33
16. Question
1 pointsA network administrator is adding a new WLAN with Open Authentication on a Cisco 3500 series WLC. Which tab should the administrator use to create it?Correct
Incorrect
Hint
To create a WLAN with Open Authentication, first create a new WLAN and map it to the correct VLAN. The General tab should be accessed, the SSID string should be entered, the appropriate controller interface applied, and the status changed to Enabled. -
Question 17 of 33
17. Question
1 pointsA recently hired network engineer is new to the Cisco lightweight APs that the company uses. Which tool should the engineer use for managing and monitoring the wireless network?Correct
Incorrect
Hint
The WLC GUI is used to monitor and troubleshoot wireless issues. The default screen shows the network summary information that includes connected APs and client information. -
Question 18 of 33
18. Question
1 pointsA network technician has received complaints from users in a particular area. Upon investigation, the technician notices a poor air quality value for the AP in that area. Which WLC GUI tab should the technician use next to determine if there are any neighbor or rogue APs interfering with the one AP?Correct
Incorrect
Hint
If a technician selects a particular AP within the WLC GUI, four tabs appear across the top: CLIENTS , RF TROUBLESHOOT , CLEAN AIR , and TOOLS . If the performance summary for a particular AP shows a poor air quality value, the RF TROUBLESHOOT tab can be used to see neighbor and rogue APs as well as the specific AP channels that could cause issues. If the AP supports both 2.4 and 5 GHz frequencies, information can be shown for each of them. -
Question 19 of 33
19. Question
1 pointsUsers are complaining about the wireless connectivity in a particular area for a company that uses lightweight APs and wireless LAN controllers. The technician that handles the wireless networks notices that the particular AP has a poor air quality value. The technician uses the CLEAN AIR tab to further investigate and notices that there is an active interferer listed that has a duty cycle of 100%. What should the technician do next?Correct
Incorrect
Hint
When an AP is an issue, one of the best places to start is the WLC GUI. A particular AP can be selected, and the performance summary shows an overall view of the resources being used, clients, and the status of a particular AP. On the CLEAN AIR tab, the duty cycle shows the percentage of time the offending device is transmitting. A duty cycle value of 100% means the offending device can affect the channel all the time. The technician should track down the offending device or select a different RF channel for the AP. -
Question 20 of 33
20. Question
1 pointsA company uses lightweight APs. Which criterion must be in place before an AP can successfully accept clients for a particular WLAN?Correct
Incorrect
Hint
In order to be shown in the list of active APs in the wireless LAN controller (WLC) GUI, an AP must be connected to an access layer switch and have connectivity with the WLC. -
Question 21 of 33
21. Question
1 pointsIn addition to signal-to-noise ratio, what is used by a Cisco wireless LAN controller to determine which AP will respond to a client request to associate?Correct
Incorrect
Hint
RSSI stands for Received Signal Strength Indicator. It is an estimated measure of power level that a RF client device is receiving from an access point or router. The greater the RSSI value, the stronger the signal. -
Question 22 of 33
22. Question
1 pointsWhat are two common issues that could cause a specific user to have problems when trying to connect to the wireless network within a company that uses lightweight APs? (Choose two.)Correct
Incorrect
Hint
When a single client is having wireless issues in the corporate environment, check the distance from the client to the AP, client authentication, and that the client has IP addressing information. -
Question 23 of 33
23. Question
1 pointsWhat is the function provided by CAPWAP protocol in a corporate wireless network?Correct
Incorrect
Hint
CAPWAP is an IEEE standard protocol that enables a WLC to manage multiple APs and WLANs. CAPWAP is also responsible for the encapsulation and forwarding of WLAN client traffic between an AP and a WLC. -
Question 24 of 33
24. Question
1 pointsSeveral users from the same area cannot connect to the wireless network. The company uses lightweight APs and WLCs. What is one of the first things that the technician should check?Correct
Incorrect
Hint
When users from the same area report an issue, check the AP to see that it is working or is misconfigured. -
Question 25 of 33
25. Question
1 pointsA network engineer is working with a user to troubleshoot connectivity of a laptop to a lightweight AP. The user has rebooted the laptop, and the network engineer is checking the connection status of the client from the WLC GUI. The client connection status dot is showing black on the DHCP step, just as it did before the reboot. What can the network engineer learn from this output?Correct
Incorrect
Hint
The client connection status on the WLC GUI shows a dot for particular steps used by a client when joining a wireless network. The dot can be black if a step is unsuccessful and green if the step is successful. The DHCP step shows whether the WLC has learned the client IP address from a DHCP server. -
Question 26 of 33
26. Question
1 pointsA network administrator is configuring a WLC to provide WLAN access to users in an office building. When testing the newly created WLAN, the administrator does not see the SSID from a wireless device. What is a possible cause?Correct
Incorrect
Hint
After a new WLAN is created and configured on a WLC, it should be enabled before it can be accessed by users. -
Question 27 of 33
27. Question
1 pointsA network technician is checking the status of a live AP on the WLC. On the Access Point View screen, the technician notices that the AP is using channel 11 and the channel utilization is 35%. However, the technician notices that there is no wireless client associated with the AP. What is a possible explanation for the channel utilization?Correct
Incorrect
Hint
The channel utilization indicates how much of the available airtime is being consumed. If the wireless network is not well deployed, other APs and clients may use the same channel 11 somewhere nearby. If those devices are busy transmitting on channel 11 and this AP is within range to receive their signals, the AP will note that the channel is in use. -
Question 28 of 33
28. Question
1 pointsA network technician is checking the status of a live AP on the WLC. On the Access Point View screen, the technician notices that the AP is using channel 11 and the noise level is -30 dBm. Which conclusion can be drawn with the information?Correct
Incorrect
Hint
On the Access Point View screen, a technician can check the operating status of connected APs. One important indicator is the noise level on a channel. Noise is usually considered to be the energy received from non-802.11 sources. Ideally, the noise level should be as low as possible, usually around −90 or −100 dBm, so that 802.11 signals can be received intelligibly and accurately. -
Question 29 of 33
29. Question
1 pointsUsers report that accesses to the wireless network inside a meeting room are not successful even after repeated attempts. A network technician verifies that the meeting room space is served by a lightweight AP and the radio is working. What is a likely cause of the problem?Correct
Incorrect
Hint
Successfully operating a lightweight AP and providing a working BSS require the following:- The AP must have connectivity to the access layer switch.
- The AP must have connectivity to the WLC, unless it is operating in FlexConnect mode.
-
Question 30 of 33
30. Question
1 pointsA network administrator opens the Client View screen on the WLC to review the performance data of a wireless client. The administrator notices that the client has a connection score value of 78%. What can the administrator conclude from this information?Correct
Incorrect
Hint
The connection score shown in the Client View window is determined by dividing the current data rate of the client by the lower maximum supported date rate. It is a measure of how much of its maximum capability it is using. If the client had a maximum rate of 100 Mbps, then a connection score of 78% would mean the client is currently using 78 Mbps. -
Question 31 of 33
31. Question
1 pointsA network administrator receives a complaint from a laptop user of slow web accesses through the wireless network. The administrator reviews the information in the Client View screen of the WLC and finds that the connection speed of the client is 30 Mbps and it has a connection score of 21%. What is likely the problem?Correct
Incorrect
Hint
The connection score shown in the Client View window is determined by dividing the current data rate of the client by the lower maximum supported date rate of either the client or the AP. A connection score of 21% results from the client current data rate of 30 Mbps divided by the maximum data rate which would be 144 Mbps (30 / 144 = .21). This indicates that the client is too far away from the associated AP. -
Question 32 of 33
32. Question
1 pointsA network administrator of a college is configuring WLAN security with WPA2 Enterprise authentication. Which server is required when deploying this type of authentication?Correct
Incorrect
Hint
WAP2 Enterprise provides stronger secure user authentication than WPA2 PSK does. Instead of using a pre-shared key for all users to access a WLAN, WPA2 Enterprise requires that users enter their own username and password credentials to be authenticated before they can access the WLAN. The RADIUS server is required for deploying WPA2 Enterprise authentication. -
Question 33 of 33
33. Question
1 pointsWhich two hybrid modes can cause compatibility issues when configured on a WLAN controller? (Choose two.)Correct
Incorrect