Cisco 642-737 Actual Free Exam Questions & Community Discussion

Exam Code/Number: 642-737
Exam Name/Title: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0
Certification Provider: Cisco
Corresponding Certification: CCNP Wireless

Exam Questions: 208
Updated On: May 28, 2026

Question #46

An engineer is configuring client MFP. What WLAN Layer 2 security must be selected to use client MFP?

A. 802.1x

B. Static WEP

C. WPA + WPA2

D. CKIP

Discussion 0

Correct Answer: C Vote an answer

Question #47

Which two things should you verify if the Cisco NAC Guest Server is configured on the network and the client cannot access the guest network? (Choose two.)

A. Controllers and the Cisco NAC Guest Server are in the same mobility group.

B. The controller can mping and eping the Cisco NAC Guest Server.

C. AAA override is enabled on the guest WLAN.

D. The controller can ping the Cisco NAC Guest Server.

Discussion 0

Correct Answer: C,D Vote an answer

Question #48

An engineer is troubleshooting failing authentication on a controller using an external
RADIUS server. What family of commands is used to troubleshoot the issue?

A. debug aaa local-auth

B. debug aaa

C. debug dot1x

D. debug ldap

Discussion 0

Correct Answer: B Vote an answer

Question #49

Which two fast roaming algorithms will allow a WLAN client to roam to a new AP and reestablish a new session key without a full reauthentication of the WLAN client? (Choose
two.)

A. GTK

B. PKC

C. PTK

D. MIC

E. CKM

F. PMK

Discussion 0

Correct Answer: B,E Vote an answer

Question #50

What is the best method to verify AP parameters that are seen from a wireless client?

A. WCS show commands

B. AP debug commands

C. packet analyzers

D. WCS debug commands

E. ACS log files

Discussion 0

Correct Answer: C Vote an answer

Question #51

An engineer is responding to a man-in-the-middle attack and needs to enable security features to prevent such attacks in the future. What security feature would prevent a man-in-the-middle attack?

A. Management Frame Protection

B. AAA Override

C. ACL

D. Enable client and infrastructure MFP

Discussion 0

Correct Answer: D Vote an answer

Question #52

In which three places can certificates be used in a WLAN to provide secure communications? (Choose three.)

A. between client and WLC

B. between AP and WLC

C. between client and RADIUS server

D. between WLC and RADIUS server

E. between client and AP

Discussion 0

Correct Answer: A,B,C Vote an answer

Question #53

What are the four packet types that are used by EAP? (Choose four.)

A. EAP Type

B. EAP Response

C. EAP Request

D. EAP Failure

E. EAP Success

F. EAP Identity

G. EAP Authentication

Discussion 0

Correct Answer: B,C,D,E Vote an answer

Question #54

Employees are allowed to starting bringing their own laptops to work. Which option can help provide a persistent user device check against unexpected issues of security risk application and lack of appropriate patches or updates inclusive of registry keys?

A. Cisco ACS

B. Cisco NAC Manager

C. Cisco NAC Windows Agent

D. Cisco NAC Server

E. Cisco NAC Guest Server

F. Cisco NAC Web Agent

Discussion 0

Correct Answer: C Vote an answer

Question #55

Which protocol port(s) need open access when deploying NAC appliances to communicate
with the Cisco WLC v7.0 to move an authenticated user from the quarantine VLAN to the access VLAN?

A. UDP 514

B. TCP 443

C. UDP 16666

D. UDP 161 and 162

E. UDP 5246 and 5247

Discussion 0

Correct Answer: D Vote an answer

Question #56

The controller is reporting an IDS signature 'deauth flood' attack and it has been determined that the default settings are too sensitive for the environment. What signature details should be adjusted to only trigger the alert on a certain amount of client packets within a certain period of time?

A. Quiet Time and Signature Frequency

B. Signature Frequency and Signature MAC Frequency

C. Measurement Interval and Signature MAC Frequency

D. Measurement Interval and Quiet Time

Discussion 0

Correct Answer: C Vote an answer

Question #57

An engineer is configuring 802.1x authentication on an autonomous AP. What two configuration commands must be included on the AP if the RADIUS server IP is 10.9.4.9? (Choose two.)

A. aaa authorization

B. aaa group server radius 10.9.4.9

C. radius-server host 10.9.4.9 auth-port 1812 acct-port 1813 key Cisco123

D. aaa new-model

E. aaa attribute list 10.9.4.9

Discussion 0

Correct Answer: C,D Vote an answer

Question #58

A client is failing EAP authentication and a debug shows that the server is sending an Access-Reject message. Which action must you take to resolve authentication?

A. Verify that the client server certificate has the proper Windows OIDs.

B. Verify that the user account is the same in the client certificate.

C. Verify that the client certificates are from the proper CA and server certificate.

D. Verify that the Validate server certificate on the client is disabled.

E. Verify that the user is using the same password that is on the server.

Discussion 0

Correct Answer: E Vote an answer

Question #59

An engineer is segmenting WLAN traffic by security options after the client has received an IP address. Which two security options are possible? (Choose two.)

A. 802.1x

B. Cisco Key Integrity Protocol

C. web policy

D. PSK

E. VPN pass-through

Discussion 0

Correct Answer: C,E Vote an answer

Question #60

Which one of the options is related to U.S. Federal Trade Commission safeguard rules for financial institutions to protect customer information?

A. GLBA

B. IETF

C. PCI

D. ISO

E. HIPAA

F. Wi-Fi Alliance

G. IEEE

Discussion 0

Correct Answer: A Vote an answer

Download Free Cisco 642-737 Demo

Simply submit your e-mail address below to get started with our free demo of your Cisco 642-737 exam.