Tag Archives: 300-101

The Cisco certification is an internationally recognized validation of foundation-level security skills and knowledge. The 300-101 practice test will certify that the successful candidate can identify risk, participate in risk mitigation activities, and provide infrastructure, application information, and operational security. Testprepwell will prepare you for theCisco 300-101 practice test questions, including the knowledge of security controls to maintain confidentiality, integrity, and availability. Some questions may be beta questions put in for research purposes and they aren’t graded. However, you’ll never know which ones are beta questions and which ones are graded, so you must answer each question as though it’s a valid question. You can take the exam at any Pearson Vue test center. If you know of one near you, you can call them directly to register, or you can register online. This Pearson Vue site will help you locate a Pearson Vue testing center close to you.

Cisco 300-101 practice test questions

Latest Cisco 100-105 dumps exam questions and answers (Q&As)

Question No : 19 Which of the following is a step in deploying a WPA2-Enterprise wireless network?
A. Install a token on the authentication server
B. Install a DHCP server on the authentication server
C. Install an encryption key on the authentication server
D. Install a digital certificate on the authentication server
Answer: D
When setting up a wireless network, you’ll find two very different modes of Wi-Fi Protected
Access (WPA) security, which apply to both the WPA and WPA2 versions.
The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK)
mode. It doesn’t require anything beyond the wireless router or access points (APs) and
uses a single passphrase or password for all users/devices.
The other is the Enterprise mode —which should be used by businesses and
organizations—and is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It
provides better security and key management, and supports other enterprise-type
functionality, such as VLANs and NAP. However, it requires an external authentication
server, called a Remote Authentication Dial In User Service (RADIUS) server to handle the
802.1X authentication of users.
To help you better understand the process of setting up WPA/WPA2-Enterprise and
802.1X, here’s the basic overall steps:
Choose, install, and configure a RADIUS server, or use a hosted service.
Create a certificate authority (CA), so you can issue and install a digital certificate onto the
RADIUS server, which may be done as a part of the RADIUS server installation and
configuration. Alternatively, you could purchase a digital certificate from a public CA, such
as GoDaddy or Verisign, so you don’t have to install the server certificate on all the clients.
If using EAP-TLS, you’d also create digital certificates for each end-user.
On the server, populate the RADIUS client database with the IP address and shared secret
for each AP.
On the server, populate user data with usernames and passwords for each end-user.
On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS
server IP address and the shared secret you created for that particular AP.
On each Wi-Fi computer and device, configure the security for WPA/WPA2-Enterprise and
set the 802.1X authentication settings.

Question No : 20 A system administrator attempts to ping a hostname and the response is
Which of the following replies has the administrator received?
A. The loopback address
B. The local MAC address
C. IPv4 address
D. IPv6 address
Answer: D
IPv6 addresses are 128-bits in length. An IPv6 address is represented as eight groups of
four hexadecimal digits, each group representing 16 bits (two octets). The groups are
separated by colons (:). The hexadecimal digits are case-insensitive, but IETF
recommendations suggest the use of lower case letters. The full representation of eight 4-
digit groups may be simplified by several techniques, eliminating parts of the

Question No : 21 Which of the following best practices makes a wireless network more difficult to find?
A. Implement MAC filtering
C. Disable SSID broadcast
D. Power down unused WAPs
Answer: C
Network administrators may choose to disable SSID broadcast to hide their network from
unauthorized personnel. However, the SSID is still needed to direct packets to and from the
base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID
should be disabled if the network isn’t for public use.

Question No : 22 A security team has identified that the wireless signal is broadcasting into the parking lot.
To reduce the risk of an attack against the wireless network from the parking lot, which of
the following controls should be used? (Select TWO).
A. Antenna placement
B. Interference
C. Use WEP
D. Single Sign on
E. Disable the SSID
F. Power levels
Answer: A,F
Placing the antenna in the correct position is crucial. You can then adjust the power levels
to exclude the parking lot.

Question No : 23 Which of the following wireless security technologies continuously supplies new keys for
B. Mac filtering
Answer: A
TKIP is a suite of algorithms that works as a “wrapper” to WEP, which allows users of
legacy WLAN equipment to upgrade to TKIP without replacing hardware. TKIP uses the
original WEP programming but “wraps” additional code at the beginning and end to
encapsulate and modify it.

Question No : 24 Matt, the IT Manager, wants to create a new network available to virtual servers on the
same hypervisor, and does not want this network to be routable to the firewall. How could
this BEST be accomplished?
A. Create a VLAN without a default gateway.
B. Remove the network from the routing table.
C. Create a virtual switch.
D. Commission a stand-alone switch.
Answer: C
A Hyper-V Virtual Switch implements policy enforcement for security, isolation, and service

Question No : 25 A security administrator wishes to increase the security of the wireless network. Which of
the following BEST addresses this concern?
A. Change the encryption from TKIP-based to CCMP-based.
B. Set all nearby access points to operate on the same channel.
C. Configure the access point to use WEP instead of WPA2.
D. Enable all access points to broadcast their SSIDs.
Answer: A
CCMP makes use of 128-bit AES encryption with a 48-bit initialization vector. This
initialization vector makes cracking a bit more difficult.

Question No : 26 Which of the following should be deployed to prevent the transmission of malicious traffic
between virtual machines hosted on a singular physical device on a network?
A. HIPS on each virtual machine
B. NIPS on the network
C. NIDS on the network
D. HIDS on each virtual machine
Answer: A

Question No : 27 Host-based intrusion prevention system (HIPS) is an installed software package which
monitors a single host for suspicious activity by analyzing events occurring within that host.
Which of the following ports would be blocked if Pete, a security administrator, wants to
deny access to websites?
A. 21
B. 25
C. 80
D. 3389
Answer: C
Explanation:Port 80 is used by HTTP, which is the foundation of data communication for the World Wide Web.

If you have decided to participate in the Cisco 300-101 practice test questions, Testprepwell is here. We can help you achieve your goals. We know that you need to pass your 300-101 vce, we promise that provide high quality exam materials for you, Which can help you through 300-101 exam. This Latest Cisco 300-101 practice test questions are what IT people are very wanted. Because it will make you pass the exam easily, since then rise higher and higher on your career path.You have seen Testprepwell Latest Cisco 300-101 practice test questions, it is time to make a choice. You 300-101 test choose other products, but you have to know that Testprepwell 300-101 bring you infinite interests. Only http://www.bestexampass.com/300-101.html guarantee you 100% success.