• The new CCNP Data Center certification required exams are 300-180 DCIT, 300-165 DCII, 300-160 DCID, 300-175 DCUCI and 300-170 DCVAI exams.
  • The last day to test Cisco 810-403 OUTCOMES exam is December 29, 2017.
  • The last day to test Cisco 820-424 BTASBVA exam is December 29, 2017.

Tag Archives: 642-737 IAUWS test

09 Sep

642-737 IAUWS Implementing Advanced Cisco Unified Wireless Security

The Implementing Advanced Cisco Unified Wireless Security exam is the exam associated with the CCNP Wireless certification. This Cisco 642-737 IAUWS exam assesses a candidate’s capability to secure the wireless network from security threats via appropriate security policies and best practices, to properly implement security standards, and to properly configure wireless security components.

Implementing Advanced Cisco Unified Wireless Security is the full name of 642-737 IAUWS test. The Associated Certification is CCNP Wireless. There are 50-60 questions in real Cisco 642-737 IAUWS exam, which will take the candidates 90 minutes to complete the test. The available languages are English and Japanese. Candidates can register Cisco 642-737 IAUWS exam at Pearson VUE testing center.

It is important for the candidates to know Cisco 642-737 IAUWS exam topics.

22% 1.0 Integrate Client Device Security

1.1 Describe Extensible Authentication Protocol (EAP) authentication process
1.2 Configure client for secure EAP authentication
1.3 Configure the AnyConnect client
1.4 Describe the impact of security configurations on application and client roaming
1.5 Troubleshoot client wireless authentication issues
1.5.a Packet analyzers
1.5.b Debugs
1.5.c Logs
1.5.d Cisco Wireless Control System (WCS)
1.5.e Access Control Server (ACS)
1.6 Identify client security risks
1.6.a driver update
1.6.b MS hot fixes

11% 2.0 Design and Integrate Wireless Network with NAC

2.1 Describe the architectures
2.1.a inband
2.1.b out-of-band
2.1.c agent vs. agentless
2.1.d Cisco Network Admission Control (NAC) appliance
2.2 Describe the high-level authentication process flow
2.2.a CAS
2.2.b CAM
2.2.d Wireless LAN controller (WLC)
2.2.e External authentication sources
2.3 Configure the WLC for Network Access Controller (NAC)
2.4 Verify wireless authentication with NAC

22% 3.0 Implement Secure Wireless Connectivity Services

3.1 Configure authentication
3.1.a Controller Local EAP with or without external Lightweight B. Directory Access
3.1.b Protocol (LDAP) database
3.1.c Client authentication on H-REAP access points (APs)
3.1.d 802.1X authentication for AP authentication to the switch
3.2 Configure autonomous AP for RADIUS authentication
3.3 Configure management frame protection on clients, APs and controllers
3.4 Configure IBN
3.4.a RADIUS based VLAN and ACLs
3.4.b AAA override
3.5 Define ACS parameters for integration with wireless network
3.6 Define client and server-side digital certificate requirements
3.7 Implement ACLs on controller
3.7.a CPU ACLs
3.7.b WLAN, interface, and client identity ACL
3.8 Troubleshoot secure wireless connectivity services
3.8.a Packet analyzers, debugs, logs, WCS, and ACS
3.8.b Verify firewall ports
3.8.c ACS and Controller authorization and authentication for clients

12% 4.0 Design and implement Guest Access Service

4.1 Describe the architectures for guest access services
4.1.a VLAN-based
4.1.b Anchor, DMZ, redundancy, and scaling
4.1.c NAC guest server
4.1.d Wired guest access
4.1.e Bandwidth limiting
4.2 Configure guest access accounts
4.2.a Lobby ambassador (controller and WCS-based)
4.2.b Guest roles
4.3 Configure controller web authentication
4.3.a Pass through
4.3.b Internal and external
4.3.c Authentication (local/RADIUS)
4.3.d Custom splash page (internal, external, and per WLAN)
4.3.e Understand design considerations (DNS, proxy)
4.3.f Pre-authentication ACL
4.3.g Wired guest access
4.3.h Install third party certificate on controller
4.4 Configure the anchor and internal controllers
4.5 Troubleshoot guest access issues
4.5.a Packet analyzers, debugs, logs, WCS, and ACS
4.5.b Verify firewall ports
4.5.c Mping and eping
4.5.d Proxies

11% 5.0 Translate Organizational and Regulatory Security Policies and Enforce Security Compliances

5.1 Describe Regulatory Compliance Considerations, such as HIPAA, PCI, SOX, and FERPA
5.1.a HIPAA
5.1.b PCI
5.1.c SOX
5.1.d FERPA
5.2 Segment traffic into different VLANs, based upon
5.2.a Security
5.2.b Application
5.2.c QoS
5.3 Configure administration security on controller and WCS
5.3.a TACACS+ and ACS integration
5.3.b Local
5.3.c RADIUS and AAA server integration
5.3.d Access point administration credential
5.3.e Admin roles
5.4 Manage WLC and WCS alarms
5.4.a SNMP and Trap receivers
5.4.b Syslog
5.4.c SMTP
5.4.d ACS log
5.4.e Modify WCS alarm levels
5.5 Utilize security audit tools
5.5.a Packet captures
5.5.b Penetration testing
5.5.c Third-party software (AirMagnet AirWise)
5.5.d PCI Audit tool in WCS

11% 6.0 Configure Native WLC security Feature Sets – IPS/IDS

6.1 Utilize WCS or controller for IDS and threat mitigation strategies
6.1.a Signature
6.1.b Custom signature
6.1.c Rogue classification management and (auto) containment
6.1.d Rogue reporting/location (WCS only)
6.1.e Switchport tracing (WCS only)
6.1.f Integrate Cisco spectrum expert to WCS
6.1.g Client exclusion
6.1.h CleanAir
6.2 Identify and mitigate wireless vulnerabilities
6.2.a Wireless packet injection (can’t be mitigated)
6.2.b Client misconfiguration
6.2.c DoS (RF jamming)
6.2.d Anomalous behavior attacks (association and authentication attacks)
6.2.e Signature attacks (NetStumbler and undetectable at this time
6.2.f Eavesdropping (wild packets and Honeypot)
6.2.g Hijacking/mimicry (evil Twin and HoneyPotting)
6.2.h Social engineering (human attack)

11% 7.0 Integrate Wireless Network with Advanced Security Platforms

7.1 Describe end-to-end security Solutions of Cisco and how they Integrate with the Cisco Wireless Solutions
7.1.a AnyConnect 3.0 and above
7.1.b NAC appliance
7.1.c NAC guest server
7.1.d Wired IPS
7.1.e ACS
7.2 Describe the CUWN firewall port configuration requirements
7.2.a Access control lists (ACLs)
7.2.b IP port pass-through
7.2.c DMZ
7.3 Configure the controller for wired IPS/IDS
7.4 Configure wireless Intrusion Prevention System (IPS) (MSE)

Related resource:


Recent Posts


and/or Remove an End-Device and/or Remove an Infrastructure Device and/or Remove Cables (network and/or power) Cisco 642-997 DCUFI exam Cisco 642-999 DCUCI exam Configure Cisco Unity Connection Configure Cisco Unity Express using the GUI Describe and implement centralized call processing redundancy Describe Data Center Structure and Modularity Describe the Design Methodology Describe the Technologies used within the Data Center Describe WLAN Fundamentals Design and Deploy WLAN Infrastructure for Mobility Design Network Management Considerations into a Data Center Design the Access Layer of a Data Center General Networking Knowledge given a Network Design and a set of Requirements High Availability Routing Features Identify Cisco Equipment and Related Hardware Implement high availability features on Cisco Unified Fabric products in a Cisco Data Center Architecture Implement Multicast over Wireless Implement QoS for Wireless Applications Implement VoWLAN Infrastructure Security Infrastructure Services Install Integrate Client Device Security IP Services LAN Switching Technologies Layer 2 Technologies Layer 3 Technologies Maintain Appropriate End-Devices and Industrial Network Infrastructure Devices Manage the Unified Fabric in a Cisco Data Center Architecture Monitoring and Reporting Tools Network Principles Replace Service-Related Knowledge Threat Defense Threat Defense Architectures Troubleshoot Call Setup Issues Troubleshooting Troubleshoot Registration Issues UCS Compute Troubleshooting VPN Technologies WAN Technologies


Powered by CCNP Exams Test Base