Exam 300-430 topic 1 question 160 discussion

Answer is D. Honeypot attacks: A honeypot AP spoofs the SSID (and eventually MAC) of a real AP. Level 0 containment does not exist. Using our SSID option ensures that any rogue AP with the same SSID as "My Network" is contained.

B is the most logical answer here. https://www.cisco.com/c/en/us/td/docs/wireless/mse/3350/7-3/wIPS_Configuration_guide/Guide/wIPS/msecg_appB_wIPS.html The two answers with 0 containment aren't even valid options as the level is 1-4. Containing your own SSID makes no sense, so B is the only option left.

Auto Containment Level to 4: Setting the auto containment level to 4 ensures that rogue APs are automatically contained as soon as they are detected. This level provides the most aggressive containment, which is necessary to prevent honeypot attacks and protect the network from unauthorized access points. Using Our SSID Containment Option: The Using Our SSID containment option ensures that rogue APs broadcasting the organization's SSID are contained. This is critical for preventing honeypot attacks, where attackers mimic the organization's SSID to lure clients into connecting to a malicious AP.

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html#toc-hId-715491869:~:text=Use%20of%20our%20SSID%20%2D%20If%20a%20rogue%20device%20uses%20an%20SSID%20which%20is%20the%20same%20as%20that%20configured%20on%20the%20controller%2C%20it%20is%20automatically%20contained.%20This%20feature%20aims%20to%20address%20a%20honey%2Dpot%20attack%20before%20it%20causes%20damage. Use of our SSID - If a rogue device uses an SSID which is the same as that configured on the controller, it is automatically contained. This feature aims to address a honey-pot attack before it causes damage.

Use of our SSID - If a rogue device uses an SSID which is the same as that configured on the controller, it is automatically contained. This feature aims to address a honey-pot attack before it causes damage. https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html#toc-hId-715491869

Who can share the menue path to implement solution D on Prime 3.10? Unable to find it.

D. Agree with Mimimimimi, level 0 is not an option. Using own SSID is correct. The legit corp access points will send de-authentication messages to any client connected to the rouge AP on the corp SSID. It will not effect users connected to legit access points.

I did it on a testsystem: Dashboard > Incidents > Rogue Alarms > Open a destinctive Alarm > "AP containment" option > select "4 AP containment" The wording of "B" is really bad, but at least, I was able to use "B" as hint and to find the menue items in Prime 3.10 to complete this task. My prime is running in KVM and RHEL8 using the 12Gig RAM installation option. Disk is SAMSUNG SSD with 1000 MByte/s peak throughput

Answer is D Use of our SSID - If a rogue device uses an SSID which is the same as that configured on the controller, it is automatically contained. This feature aims to address a honey-pot attack before it causes damage.