300-430 Implementing Cisco Enterprise Wireless Networks (300-430 ENWLSI) Questions and Answers
Refer to the exhibit.
The image shows a packet capture that was taken at the CLI of the Cisco CMX server. It shows UDP traffic from the WLC coming into the server. What does the capture prove?
An engineer set up identity-based networking with ISE and configured AAA override on the WLAN. Which two attributes must be used to change the client behavior from the default settings? (Choose two.)
An engineer must perform a Layer 2 survey for a mining facility. Which type of antenna does the
engineer use in the mine shaft?
An engineer is planning an image upgrade of the WLC, and hundreds of APs are spread across remote sites with limited WAN bandwidth. The engineer must minimize the WAN utilization for this upgrade. Which approach must be used for the AP image upgrade?
An engineer configures a Cisco Aironet 600 Series OfficeExtend AP for a user who works remotely. What is configured on the Cisco WLC to allow the user to print a printer on his home network?
Refer to the exhibit.
An engineer needs to configure location services in an office. The requirement is to use FastLocate and achieve higher locations refresh rates. Which location-based technique should be implemented?
Refer to the exhibit.
A network administrator deploys the DHCP profiler service in two ISE servers: 10.3.10.101 and 10.3.10.102. All BYOD devices connecting to WLAN on VLAN63 have been incorrectly profiled and are assigned as unknown profiled endpoints. Which action efficiently rectifies the issue according to Cisco recommendations?
Which component must be integrated with Cisco DNA Center to display the location of a client that is experiencing connectivity issues?
An engineer completes the setup of a two-node Cisco ISE deployment for a guest portal. When testing the portal, the engineer notices that sometimes there is a certificate CN mismatch. Which certificate type helps resolve this issue?
Refer to the exhibit.
An engineer deployed a Cisco WLC using local EAP. Users who are configured for EAP-PEAP cannot connect to the network. Based on the local EAP debug on the controller provided, why is the client unable to connect?
An engineer wants to configure WebEx to adjust the precedence and override the QoS profile on the WLAN. Which configuration is needed to complete this task?
Refer to the exhibit. A network administrator must implement a video stream using the multicast-direct feature on a Cisco Catalyst 9800 WLC. After the configuration, the clients should be able to stream video from a multicast source. The APs used are Cisco 9130-AXI. Which two implementations must the engineer perform? (Choose two.)
Refer to the exhibit A network engineer must deploy a configuration to a Cisco Catalyst 9800 WLC to prevent a FlexConnect AP from allowing wireless clients to connect when its Ethernet connection is down Which code snippet must be added to the box in the code to complete the configuration?
You are configuring the social login for a guest network. Which three options are configurable social connectors in Cisco CMX Visitor Connect? (Chose three)
A company wants to switch to BYOD to reduce IT support costs for the company. Which option is an impact of BYOD should be considered?
What must be configured on the Global Configuration page of the WLC for an AP to use 802.1x to authenticate to the wired infrastructure?
A corporation is spread across different countries and uses MPLS to connect the offices. The senior management wants to utilize the wireless network for all the employees. To ensure strong connectivity and minimize delays, an engineer needs to control the amount of traffic that is traversing between the APs and the central WLC. Which configuration should be used to accomplish this goal?
An engineer wants to upgrade the APs in a Cisco FlexConnect group. To accomplish this upgrade, the FlexConnect AP Upgrade setting will be used. One AP of each model with the lowest MAC address in the group must receive the upgrade directly from the controller. Which action accomplishes this direct upgrade?
A university implemented a Cisco Catalyst Center (formerly DNA Center) solution to help its network administrator resolve Wi-Fi issues that are raised by students. A client dashboard must be used to view, monitor, and troubleshoot the captured data packets. Which feature must be used?
What is characteristic of Multicast mode that affects the wireless network when configured on a Cisco WLC?
A network administrator managing a Cisco Catalyst 9800-80 WLC must place all iOS connected devices to the guest SSID on VLAN 101. The rest of the clients must connect on VLAN 102 distribute load across subnets. To achieve this configuration, the administrator configures a local policy on the WLC. Which two configurations are required? (Choose two.)
An engineer must configure Cisco OEAPs for three executives. As soon as the NAT address is configured on the management interface, it is noticed that the WLC is not responding for APs that are trying to associate to the internal IP management address. Which command should be used to reconcile this?
On a branch office deployment, it has been noted that if the FlexConnect AP is in standalone mode and loses connection to the WLC, all clients are disconnected, and the SSID is no longer advertised. Considering that FlexConnect local switching is enabled, which setting is causing this behavior?
A company has a Cisco wireless solution and uses Cisco ISE to authenticate corporate users using 802.1X. Users must be grouped by endpoints, and a policy profile must be added and then assigned to an identity group. What is the configuration path in the Cisco ISE user interface?
The security learn is concerned about the access to all network devices, including the Cisco WLC. To permit only the admin subnet to have access to management, a CPU ACL is created and applied. However, guest users cannot get to the web portal. What must be configured to permit only admins to have access?
An engineer configures Cisco CMX. which uses Layer 2 high availability on primary and secondary CMX instances, according to these specifications:
· Primary CMX IP address: 192.168.1.4/24
· Secondary CMX IP address 192 168.4.4/24
· Virtual IP address: 192.168.4.1/24
in testing, the engineer discovers that the failover fails. Which action resolves the issue?
A network engineer must get an autonomous AP to authenticate to the upstream switch via IEEE 802.1 X. Drag and drop the commands from the left onto the right to complete the configuration.
Graphical user interface, application, Word
Description automatically generatedAn IT department receives a report of a stolen laptop and has information on the MAC address of the laptop. Which two settings must be set on the wireless infrastructure to determine its location? (Choose two.)
An engineer must implement intrusion protection on the WLAN. The AP coverage is adequate and on-channel attacks are the primary concern. The building is historic, which makes adding APs difficult. Which AP mode and submode must be implemented?
Company XYZ recently migrated from AireOS to IOS XE 9800 WLCs. The Internet bandwidth must be limited to 5 Mbps for each guest client as per the global standard. In which configuration on the Cisco Catalyst 9800 WLC must the QoS requirement be added?
When using a Cisco Catalyst 9800 Series Wireless Controller, which statement about AutoQoS is true?
You enter the command or a Cisco Catalyst 3850 Series Switch that runs Cisco ISO XE. What does the command do?
A wireless engineer deployed all remote sites as FlexConnect. The client VLAN assignment on these sites is configured manually mapped by WLAN and using local switching. Dynamic VLAN assignment is provided by the newly deployed Cisco ISE. Which IETF attribute must be configured on the AAA server to send that VLAN ID?
An engineer has configured the wireless controller to authenticate clients on the employee SSID against Microsoft Active Directory using PEAP authentication.
Which protocol does the controller use to communicate with the authentication server?
After looking in the logs, an engineer notices that RRM keeps changing the channels for non-IEEE 802.11 interferers. After surveying the area, it has been decided that RRM should not change the channel. Which feature must be enabled to ignore non-802.11 interference?
An engineer is performing a Cisco Hyperlocation accuracy test and executes the cmxloc start command on Cisco CMX. Which two parameters are
relevant? (Choose two.)
An engineer is configuring wireless guests using Cisco CWA. When a device connects, it must be redirected to the WebAuth, but this was failing. What must be configured for the device to be redirected correctly?
When implementing self-registration for guest/BYOD devices, what happens when an employee tries to connect four devices to the network at the same time?
Refer to the exhibit. A network administrator must automate notifications for Security Advisories Data reports on the Cisco Catalyst Center v2.3.7 using the Report notification feature. Preferring a programmable approach over UI/CLI, the administrator decides to create a webhook via the Cisco DNA Center API to send real-time HTTP notifications to an external application. The webhook URL https://example.com/webhook uses HTTPS with a self-signed certificate, which requires a specific configuration in the payload to ensure the webhook functions correctly. Which code snippet must be placed onto the box in the code to complete the Python script that configures the webhook to use the self-signed certificate to extract the Security Advisories Data report?
What is the Cisco recommended configuration for a Cisco switch port connected to an AP in local mode for optimal voice over WLAN performance with an 8821 wireless phone?
A wireless network uses Cisco ISE to implement 802 1x for user authentication and an Active Directory server as a user database After a power outage, the wireless clients cannot connect to the wireless network The ISE log reports a " clock skew " Which action addresses this issue?
The IT manager is asking the wireless team to get a report for all guest user associations during the past two weeks. In which two formats can Cisco Prime save this report? (Choose two.)
A university campus uses Cisco Catalyst Center and Cisco Spaces to provide indoor wayfinding for students and guests by leveraging the university mobile app. IT administrators notice that location tracking is inaccurate in multistory buildings, especially near staircases and elevators. Upon investigation, they find that overlapping signals from APs on different floors are causing triangulation errors. The IT team already ensured that APs are not placed directly above or below each other. However, the problem persists, and location accuracy remains unreliable near vertical structures. Which action must the IT team take to resolve the issue?
Refer to the exhibit.
The security team has implemented ISE as an AAA solution for the wireless network. The wireless engineer notices that though clients are able to authenticate successfully, the ISE policies that are designed to place them on different interfaces are not working. Which configuration must be applied in the RADIUS Authentication Settings section from the ISE Network Device page?
Refer to the exhibit. A network administrator must migrate a Cisco Catalyst 9800 WLC from local client profiling to RADIUS profiling through Cisco ISE. The engineer must enable RADIUS CoA based on detecting the client type as Windows to update the access policy based on profile detection immediately. Which CoA type configuration must the engineer apply on Cisco ISE?
What two actions must be taken by an engineer configuring wireless Identity-Based Networking for a WLAN to enable VLAN tagging? (Choose two.)
The security policy mandates that only controller web management traffic is allowed from the IT subnet. In testing, an engineer is trying to connect to a WLAN with Web Authentication for guest users, but the page is timing out on the wireless client browser. What is the cause of the issue?
An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which configuration must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS?
Refer to the exhibit.
An engineer must connect a fork lift via a WGB to a wireless network and must authenticate the WGB certificate against the RADIUS server. Which three steps are required for this configuration? (Choose three.)
An engineer has been hired to implement a way for users to stream video content without having issues on the wireless network. To accomplish this goal, the engineer must set up a reliable way for a Media Stream to work between Cisco FlexConnect APs. Which feature must be enabled to guarantee delivery?
Refer to the exhibit.
An engineer implemented the CPU ACL on your Cisco 5520 Series Wireless LAN Controller, and the controller is no longer manageable via the network. What must be changes on this CPU ACL to enable it to manage the controller again?
An engineer is implementing profiling for BYOD devices using Cisco ISE. When using a distributed model, which persona must the engineer configure with the profiling service?
A corporation has recently implemented a BYOD policy at their HQ. Which two risks should the security director be concerned about? (Choose two.)
A customer is deploying Cisco Catalyst Center (formerly DNA Center) to manage a Cisco Catalyst 9800 Series Wireless Controller Cisco CleanAir is used to address wireless interference Which two configurations must be completed from the Cisco Catalyst Center GUI to manage the interferes? (Choose two )
A user is trying to connect to a wireless network that is configured for WPA2-Enterprise security using a corporate laptop. The CA certificate for the authentication server has been installed on the Trusted Root Certification Authorities store on the laptop. The user has been prompted to enter the credentials multiple times, but the authentication has not succeeded. What is causing the issue?
A company has an existing Cisco wireless solution deployed to a remote branch location with centrally switched control and data traffic. A new solution is needed to locally switch client traffic when Wi-Fi is used. A new SSID that is used only for voice devices must be mapped to an onsite voice VLAN named VLAN 25. Which configuration on the switch interface that connects to the APs meets the requirement?
Refer to the exhibit. A university network administrator notices that wireless guest users consume a significant amount of uplink internet bzjjlwidth in the library, which causes throughput issues on staff SSID. To throttle this bandwidth use, the administrator intends to configure a QoS policy for guests that:
Which class-map configuration must the administrator implement?
For security purposes, an engineer enables CPU ACL and chooses an ACL on the Security > Access Control Lists > CPU Access Control Lists menu. Which kind of traffic does this change apply to as soon as the change is made?
An enterprise has recently deployed a voice and video solution available to all employees using AireOS controllers. The employees must use this service over their laptops, but users report poor service when connected to the wireless network. The programs that consume bandwidth must be identified and restricted. Which configuration on the WLAN aids in recognizing the traffic?
An engineer wants the wireless voice traffic class of service to be used to determine the queue order for packets received, and then have the differentiated services code point set to match when it is resent to another port on the switch. Which configuration is required in the network?
A controller shows that an AP in your environment is detecting interference, but the AP health score in Cisco DNA Center is unaffected. What are two reasons that Cisco DNA Center is ignoring the interference? (Choose two.)
Refer to the exhibit.
An ACL is configured to restrict access for BYOD clients. The ACL must redirect devices to the guest portal. To which two devices on the local network must the ACL allow access other than the DHCP server? (Choose two.)
A company is collecting the requirements for an on-premises event. During the event, a wireless client connected to a dedicated WLAN will run a video application that will need on average 391595179 bits per second to function properly. What is the QoS marking that needs to be applied to that WLAN?
Which AP model of the Cisco Aironet Active Sensor is used with Cisco DNA Center?
A consulting engineer must migrate the APs from a Cisco 8540 WLC to a Cisco Catalyst 9800-80 WLC. As part of the migration, the engineer is advised to use a policy map as part of the configuration on the Catalyst 9800-80 WLC to mirror the platinum QoS settings on voice WLAN to accommodate CP-840 wireless phones. Which configuration must the engineer implement on the voice WLAN?
A customer has a distributed wireless deployment model where the WLCs are located in the data centers. Because the file servers are located in the data center, the traffic from the corporate WLAN “Corp-401266017” must go through the controllers, where the guest WLAN “Guest-19283746” traffic must use the local Internet line installed in each office. Which configuration will accomplish this task?
An SSID is set up with central web authentication using Cisco ISE The new SSID uses guest tunneling from the foreign controller to the anchor controller. Which device must be configured ISE as the one performing the RADIUS authentication requests for the web authentication method?
A Cisco WLC has been added to the network and Cisco ISE as a network device, but authentication is failing. Which configuration within the network device configuration should be verified?
An engineer configured a Cisco AireOS controller with two TACACS+ servers. The engineer notices that when the primary TACACS+ server fails, the WLC starts using the secondary server as expected, but the WLC does not use the primary server again until the secondary server fails or the controller is rebooted. Which cause of this issue is true?
Branch wireless users report that they can no longer access services from head office but can access services locally at the site. New wireless users can associate to the wireless while the WAN is down. Which three elements (Cisco FlexConnect state, operation mode, and authentication method) are seen in this scenario? (Choose three.)
All APs are receiving multicast traffic, instead of only the APs that need it. What is the cause of this problem?
A network is set up to support wired and wireless clients. Both types must authenticate using 802.1X before connecting to the network. Different types of client authentication must be separated on a Cisco ISE deployment. Which two configuration items achieve this task? (Choose two.)
A network administrator for a corporation must create a guest SSID for a captive portal redirect powered by Cisco Catalyst Center (formerly DNA Center). The network includes a Cisco Catalyst 9800-80 WLC, Cisco 9130AXI APs, and Cisco Spaces (formerly Cisco DNA Spaces) using a connector. To support guest client captive portal redirect, the administrator must create a security ACL and an intercept ACL. The ACL requirement is:
ACL WA-v4-int34.235.248.212 must be applied first on traffic coming from the client and keep HTTP(s) traffic toward Cisco DNA Spaces portal IP 34.235.248.212 on the data plane. No drop or forward action, just hand the traffic over to the data plane. Then send it to the CPU for redirection except for virtual IP traffic, which is serviced by the web server for all HTTP(s) traffic. Other types of traffic is given to the data plane.
ACL WA-sec-34.235.248.212 must permit HTTP and HTTPS traffic to the Cisco Spaces portal IP 34.235.248.212 that the administrator configured in the web authentication parameter map. DNS and DHCP traffic must be allowed, but drop the rest. HTTP traffic is intercepted before reaching this ACL and therefore does not need to be covered by this ACL.
Which configuration implements the ACL requirements?
A customer must provide a secure wireless network from a Cisco Catalyst 9800 Series Wireless Controller to a Cisco AP to remote users The corporate WLAN must be provided over the Internet to specific locations and support a locally-installed IP phone Which two actions accomplish this configuration? (Choose two )
An engineer must create an account to log in to the CLI of an access point for troubleshooting. Which configuration on the WLC will accomplish this?
Refer to the exhibit.
An engineer needs to manage non-802.11 interference. What is observed in the output on PI?
An engineer must implement a BYOD policy with these requirements:
Onboarding unknown machines
Easily scalable
Low overhead on the wireless network
Which method satisfies these requirements?
PDF + Testing Engine
Testing Engine
PDF (Q&A)
