An engineer is changing the authentication method of a wireless network from EAP-FAST to EAP-TLS. Which two changes are necessary? (Choose two.)

An engineer is changing the authentication method of a wireless network from EAP-FAST to EAP-TLS. Which two changes are necessary? (Choose two.)
A. Cisco Secure ACS is required.
B. A Cisco NAC server is required.
C. All authentication clients require their own certificates.
D. The authentication server now requires a certificate.
E. The users require the Cisco AnyConnect client.

Answer: C,D

Which configuration change is recommended to improve the speed of client roaming?

A company is deploying wireless PCs on forklifts within its new 10,000-square-foot (3048-square-rneter) facility. The clients are configured for PEAP-MS-CHAPv2 with WPA TKIP. Users report that applications frequently drop when the clients roam between access points on the floor. A professional site survey was completed.
Which configuration change is recommended to improve the speed of client roaming?
A. EAP-FAST
B. EAP-TLS
C. WPA AES
D. WPA2 AES

Answer: D
Explanation:
Although the controller and APs support WLAN with SSID using WiFi Protected Access (WPA) and WPA2 simultaneously, it is common that some wireless client drivers cannot handle complex SSID settings. Whenever possible, Cisco recommends WPA2 only with Advanced Encryption Standard (AES). However, due to standards and mandatory WiFi Alliance certification process, TKIP support is required across future software versions. Keep the security policies simple for any SSID. Use a separate WLAN/SSID with WPA and Temporal Key Integrity Protocol (TKIP), and a separate one with WPA2 and Advanced Encryption Standard (AES). Since TKIP is being deprecated, Cisco recommends to use TKIP together with WEP, or to migrate out of TKIP completely and use PEAP, if possible.

Which option describes what must be done?

While deploying PEAP authentication on a customer laptop with the native Windows supplicant, the PEAP security options do not appear.
Which option describes what must be done?
A. Enable automatic connection to the WLAN.
B. Enable DNS on WLAN.
C. Enable AES on WLAN settings
D. Enable WLAN autoconfig services on the PC

Answer: C

Which two statements describe the requirements for EAP-TLS? (Choose two)

Which two statements describe the requirements for EAP-TLS? (Choose two)
A requires client-side and server-side certificates.
B. It uses PAC on the client.
C. It requires PKI.
D. It requires a server-side digital certificate on only the RADIUS server.
E. It must use AES for encryption and cannot use TKIP for encryption.

Answer: AB
Explanation:
https://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a008009256b.shtml

What two pieces of information must be known to configure the AP?

An engineer is configuring an autonomous AP for RADIUS authentication.
What two pieces of information must be known to configure the AP? (Choose two.)
A. shared secret
B. username and password
C. RADIUS IP address
D. group name
E. PAC encryption key

Answer: AC
Explanation:
You identify RADIUS security servers by their host name or IP address, host name and specific UDP port numbers, or their IP address and specific UDP port numbers. The combination of the IP address and the UDP port number creates a unique identifier allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service. This unique identifier enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_rad/configuration/xe-3se/3850/sec-usr-rad-xe-3se-3850-book/sec-rad-mult-udp-ports.html

When a network engineer plans to implement the client MFP, which three settings should be supported by the client? (Choose three)

When a network engineer plans to implement the client MFP, which three settings should be supported by the client? (Choose three)
A. WPA2 with AES
B. Short Preamble check box
C. WPA2 with TKIP
D. WEP
E. WPA with TKIP
F. Cisco Compatible Extensions v5

Answer: ACF
Explanation:
* Client MFP is supported for use only with CCXv5 clients using WPA2 with TKIP or
https://learningnetwork.cisco.com/thread/6528

A customer wants to allow employees to easily onboard their devices to the wireless network. Which process can be configured on Cisco ISE to support this requirement?

A customer wants to allow employees to easily onboard their devices to the wireless network. Which process can be configured on Cisco ISE to support this requirement?
A. self registration guest portal
B. client provisioning
C. native supplicant provisioning
D. local web auth

Answer: B

What do the red circles represent in the exhibit?

Refer to the exhibit.

image036 - 
What do the red circles represent in the exhibit?
What do the red circles represent in the exhibit?
A. detected interferers
B. RSSI cutoff
C. wIPs attackers
D. zones of impact

Answer: C
Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html

Which three methods are valid for guest wireless using web authentication? (Choose three.)

Which three methods are valid for guest wireless using web authentication? (Choose three.)
A. LDAP
B. SSL
C. local
D. TLS
E. EAP-TLS
F. RADIUS

Answer: FCA
Explanation:
There are three ways to authenticate users when you use web authentication. Local authentication allows you to authenticate the user in the Cisco WLC. You can also use an external RADIUS server or a LDAP server as a backend database in order to authenticate the users.
https://www.sslshopper.com/ssl-certificate-not-trusted-error.html