ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-425 All Questions

View all questions & answers for the 300-425 exam
Go to Exam

Exam 300-425 topic 1 question 158 discussion

Actual exam question from Cisco's 300-425
Question #: 158
Topic #: 1
[All 300-425 Questions]

A network consultant is designing a wireless network for a government agency. The customer requires high security between any device communication. The design includes AireOS, Cisco IOS-XE controllers, and Cisco 4800 Series APs. Which requirement must be met to enhance the mobility group security?

  • A. Use a different group name for each mobility member.
  • B. Enable MIC authentication between the mobility group members.
  • C. Enable Mobility Encryption on the network.
  • D. Use a complex group name for the mobility group.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by albiprx at June 25, 2024, 9:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Farhad123
4 months, 1 week ago
Selected Answer: B
I would say also B , as Mobility encryption is enabled by default
upvoted 1 times
...
ShamsDimashki
10 months, 3 weeks ago
Selected Answer: B
The mobility encryption is mandatory, and the peer will not established without encryption The question mentioned to "Enhance" the security which is the right answer with using the MIC
upvoted 1 times
zyxzyx123
9 months, 1 week ago
This is false, its not mandatory. On a 9800 "Configuration > Wireless > Mobility > Peer Configuration > Datalink encryption > enable/disabled" Also: A secure link in which data is encrypted using CAPWAP DTLS protocol can be established between two controllers. This secured link is called Encrypted Mobility Tunnel. If encrypted mobility tunnel is in enabled state, the data traffic is encrypted and the controller uses UDP port 16667, instead of EoIP, to send the data traffic. To ensure that controllers with expired MIC certificates are able to join the encrypted mobility tunnel enabled network, an existing CLI is used to disable the MIC certificate date validation https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-7/config-guide/b_cg87/encrypted_mobility_tunnel.pdf
upvoted 1 times
...
...
Bembs
1 year ago
Selected Answer: C
C. Encrypt the mobility tunnel
upvoted 3 times
...
albiprx
1 year ago
Selected Answer: C
C. Enable Mobility Encryption on the network. Here’s why: Mobility Encryption: Enabling mobility encryption ensures that the data and control traffic exchanged between controllers in a mobility group is encrypted. This is critical for maintaining high security, especially in environments where sensitive information is transmitted. MIC Authentication: While MIC (Message Integrity Check) authentication is important for ensuring the integrity of messages exchanged between mobility group members, it does not provide encryption. MIC alone might not be sufficient for the high-security requirements of a government agency. Mobility Group Names: Using a different group name for each mobility member or a complex group name can help with organizational clarity and might add a layer of security through obscurity. However, these measures are not substitutes for proper encryption mechanisms.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel