400-351 Exam - CCIE Wireless Written Exam

NEW QUESTION 1
Refer to the exhibit,

which is a configuration snippet of a Cisco 5760 controller running code IOS XE 3.6.3. Which statement about wlan 11 is true?

• A. This configuration is for external WebAuth with an external RADIUS server.
• B. This configuration is for WebAuth with local authentication.
• C. This configuration is for custom WebAuth with local authentication.
• D. This configuration is for WebAuth with an external RADIUS server.
• E. This configuration is for custom WebAuth with an external RADIUS serve

Answer: D

Explanation:

http://www.cisco.com/c/en/us/td/docs/switches/lan/Denali_16-1/ConfigExamples_Technotes/Techzone_Articles/Example_and_Technotes_Denali_16_1_1/Example_and_Technotes_Denali_16_1_1_chapter_010010.html

NEW QUESTION 2
Refer to the exhibit.

An access point cannot join the Wireless LAN Controller when plugged to interface GigabitEthernet1/0/2. When the same access point is moved to interface GigabitEthernet1/0/1, the problem does not occur. What is the reason for this problem?

• A. GgabitEthernet1/0/2 is set as span session destination.
• B. GgabitEthernet1/0/2 is still participating in Spanning Tree Protocol.
• C. GgabitEthernet1/0/2 is set as portfast.
• D. The switch is experiencing a hardware failure and it must be reboote

Answer: C

NEW QUESTION 3
Refer to the exhibit.

This screenshot is an EAPOL exchange from an 8821 wireless IP phone performing a roam using WPA2+AES+PSK WLAN in a CUWN solution Which two statements are true. (Choose two)

• A. Enabling scan mode from default continuous to auto under the CallManager settings for the 8821 phone helps to avoid these EAPOL key exchanges and provides a better roaming experience.
• B. The capture snippet indicates a phone performing a slow roamin
• C. This usually refilects as robotic, or choppy audio instance due to 1 second delay between M1 and M2 exchange
• D. Enabling WPA2+CCKM (instead of WPA2+PSK) helps to avoid these EAPOL key exchanges and provides a better roaming experience.
• E. The capture indicates a phone performing a regular roam A 1 second roaming delay is standard expectation from 8821 wireless IP phones while on call.
• F. Migrating from WPA2+AES+PSK to WPA2+AES+802 1X EAP-FAST helps to avoid these EAPOL key exchanges and provides a better roaming experience.

Answer: CE

NEW QUESTION 4
Refer to the exhibit,

based upon the given configuration which two statement are true? (choose two)

• A. local RADIUS server is used
• B. No password is required everyone can join wireless network
• C. Users will be required to provide a username and password for authentication
• D. User will be required to provide a password only order to get access
• E. Remote RADIUS servers is used

Answer: AC

NEW QUESTION 5
Which two statements about the various types or DevOps tools are true? (Choose two)

• A. Puppet requires the installation of a master (server) and agents (clients) architecture for configuring systems.
• B. Salt cannot communicate with clients through general SSH, it use minions client agents only.
• C. Puppet and Chef are written in Python, Python skills are a must to operate these two.
• D. Ansible does not require agent node installation and uses SSH for performing all tasks.
• E. Chef and Puppet are much more attuned to the needs of system administrator

Answer: CE

NEW QUESTION 6
Which two statements about accessing the GUI and CLI of a Cisco WLC are true? (Choose two)

• A. The feature “Management using Dynamic Interfaces” can be configured in CLI only.
• B. The feature “Management using Dynamic Interfaces” can be applied to one of the Dynamic Interfaces only.
• C. The wireless clients can access the Cisco WLC only when the option “Enable Controller Management to be accessible from Wireless Clients” is checked.
• D. Wired clients can have only CLI access with the dynamic interface of the Cisco WLC, while wireless clients have both CLI and GUI access with the dynamic interface when the feature “Management using Dynamic Interfaces” is enabled.
• E. Wireless management access is only possible through the default management WLAN “CiscoMGMT”.
• F. Wireless management access is only possible through the default management WLAN – WLAN ID 1.

Answer: BC

NEW QUESTION 7
Which two statements about 802.11r are true? (Choose two)

• A. A PTK is generated before the client roams to the target AP.
• B. Non-802.11r clients cannot associate to WLANs that have 802 llr enabled on WLC AireOS code 8.0
• C. 802.11r IS supported only on OPEN and WPA2 WLANs.
• D. This protocol uses the four-way handshake for the key management upon roamin

Answer: BC

NEW QUESTION 8
Refer to the exhibit.

After the AP mode is changed from Local mode to Bridge mode the AP cannot register to the Cisco WLC Considering the debug output in the exhibit which description of the issue is true?

• A. DTLS connection was not found.
• B. DTLS is not supported in bridge mode.
• C. The AP exceeds the number of joined APs permitted by the controller license.
• D. The date and time on the Cisco WLC and AP do not match.
• E. The AP does not have a valid certificate.
• F. The Cisco WLC does not have a valid image for this AP model.
• G. The AP MAC address has not been added into the MAC fitter list of the controller.

Answer: G

NEW QUESTION 9
While configuring the root access point for WGB connectivity, the IT admin issues the no infrastructure client command. Which impact of this command is true?

• A. The SSID must be marked as infrastructure SSID when this command is in use or the WGB cannot connect
• B. This command adds reliability to the multicast packet delivery from the access point to WGB
• C. This command enables multi-VLAN support for the clients behind WGB
• D. This command allows more than 20 WGBs to associate with the same access point

Answer: D

NEW QUESTION 10
You have added your Active Directory server to the Cisco ISE and see the status as operational. However, when you try to add Active Directory groups to your authorization policy conditions in the Cisco ISE, no Active Directory groups appear. What is the most likely reason?

• A. You did not add any attributes in the Active Directory join point under the External Identity Sources.
• B. A firewall is blocking TCP port 389 between the Cisco ISE and Active Directory.
• C. You did not add any groups in the Active Directory join point under the External Identity Sources.
• D. The credentials used to join the Cisco ISE to Active Directory do not have sufficient privileges to query Active Directory.

Answer: C

Explanation:


http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISEADIntegration. html#ID687

NEW QUESTION 11

Refer to the exhibit. Which statement about this CPU ACL is correct?

• A. This CPU ACL is used as a redirection aCLto redirect all traffic except Telnet to 172.21.153.37.
• B. A user on the 10.64.0.0/24 network can use Telnet to access the WLC IP address on 172.21.153.37.
• C. A user on the 10.64.0.0/24 network cannot use Telnet to access the WLC IP address on 172.21.153.37.
• D. A user on the 10.64.0.0/24 network cannot use HTTPS to 172.21.153.37.
• E. No subnets other than 10.64.0.0/24 can manage the WL

Answer: C

Explanation:
From:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71978-acl-wlc.html

NEW QUESTION 12
Which IEEE protocol can help a wireless client device to identify nearby APs that are available as roaming targets?

• A. 802.11h
• B. 802.11ac
• C. 802.11k
• D. 802.11n
• E. 802.11w

Answer: C

Explanation:
https://support.apple.com/en-gb/HT202628 https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11k_and_802.11r_Ov erview

http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design- Guide/Enterprise_Mobility_8-1_Deployment_Guide/wlanrf.html

NEW QUESTION 13
You are implementing a WLC at a remote site and want to make sure that you are able to sync up with the Cisco WCS at the central site. Which two statements about this process are true? (Choose two.)

• A. If the WLC is behind a firewall, you must make sure that UDP ports 161 and 162 are open.
• B. The Cisco WCS server does not need direct IP connectivity to the WLC.
• C. Cisco WCS will not be able to communicate with the WLC if the WLC is behind a NAT device.
• D. If the WLC is behind a NAT device, the WLC's dynamic AP-manager interface must be configured with the external NAT IP address.

Answer: AC

NEW QUESTION 14
You have a wireless network that authenticates users by using Local WebAuth Which guest flow feature does LWA support?

• A. self-registration guest portal
• B. RFC 3576
• C. hotspot guest portal with an optional access code
• D. credentialed guest portal

Answer: D

NEW QUESTION 15
Prime Infrastructure will trigger alarms indicating that the Prime Infrastructure physical or virtual server is low on disk space. As the administrator, Which three actions can you take to increase disk space immediately upon receiving a Major alert ( 60 percent disk usage)? (Choose three.)

• A. Enable cron job on ade for disk clean up using $du -sh.
• B. Change the disk controller RAID.
• C. Conpacting the PI database using the ncs database purge command.
• D. Reduce the storage load on the local disk by setting up and using remote trackup reponitories.
• E. Reduce the length of time you store client association data and related events.
• F. Compacting the PI database using the ncs cleanup comman

Answer: DEF

NEW QUESTION 16
Which three types of ACLs are supported by the Cisco 5760 WLC? (Choose three.)

• A. Port ACLs.
• B. VLAN ACLs(VLAN maps).
• C. Router port ACLs.
• D. AP Radio ACL Switch port ACLs.
• E. Router ACL

Answer: ABE

Explanation:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/5700/software/release/3se/security/con figuration_guide/b_sec_3se_5700_cg/b_sec_1501_3850_cg_chapter_01010.html#ID63
ACL Precedence Port ACLs Router ACLs VLAN Maps

NEW QUESTION 17
Refer to the exhibit. At which rate are the multicast frames transmitted by an autonomous AP configured with these data rates, considering the client on the AP is a 802.11b client?

• A. 36.0 mbps
• B. 11.0 mbps
• C. 12.0 mbps
• D. 5.5 mbps
• E. 2 mbps

Answer: B

NEW QUESTION 18
Which feature helps determine the Wi-Fi signal level in dBm at which an AP radio demodulates and decodes a packet from wireless client?

• A. optimized roaming
• B. Receiver Start of Packet Detection Threshold
• C. RSSI low check
• D. client load balancing
• E. band select

Answer: B

NEW QUESTION 19
Your customer has high availability Clint SSO configure using a pair of Cisco 5508 WlCs running 8.0 code. The primary unit failed over and the secondary unit is now active. Which two statement are true. (Choose two)

• A. Both controller RMIcan be in different subnets.
• B. Only the clients that are in the run state are maintained during failover
• C. Clients that are in transition such as roaming are dissociated
• D. New mobility is supported

Answer: BC

NEW QUESTION 20
You are getting the following error message. Which reason for this issue true?

%DOT11-4-CANT_ASSOC Interface Dot 11 Radio0. Cannot associate NO Aironet Extension IE.

• A. “dot11 extension ” is missing under the interface Dot11Radio 0 interface.
• B. When repeater mode is used, unicast-flooding must be enabled to allow Aironet IE communications.
• C. The parent AP MAC address has not been defined.
• D. Repeater mode only works between Cisco access poin

Answer: A

Explanation:

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-2_11_JA/configuration/guide/b12211sc/s11rep.html

NEW QUESTION 21
Two autonomous Aps are connected to a switch on the same VLAN both APS are configured with the same SSID and WPA2-PSK. After making configuration changes to one of the APs .spanning tree disabled one of the switch ports into which AP was plugged.? Which two options describe possible reasons that spanning tree disabled a port? (choose Two)

• A. One of the Aps was configured as a universal workgroup bridge.
• B. It is not possible for spanning tree to disable a por
• C. The bridging loop must have been coincidental
• D. Spanning tree was disabled on both Aps
• E. PortFast was enabled on all ports
• F. One of the APs was configured as a standard workgroup bridg

Answer: AE

NEW QUESTION 22
Which two options are correct according to debug output presented in the following exhibit ? (Choose two.)
Exhibit:

• A. The wireless client "hangs" in probes (does not proceed with 802.11 authentication and association). It is likely that the "encryption" or "key-management" advertised in the probe response does not match.
• B. Since the AP receives a probe request from the wireless client, the Access Point Functions state for the machine changes from "Idle" to "Probe."
• C. The wireless client uses a static IP address, so "0.0.0.0 START (0)" can be found in the logs.
• D. The wireless client has been successfully authenticated.Reauthentication is set to occur on an extremely aggressive schedule (every five seconds).

Answer: AB

NEW QUESTION 23
Refer the exhibit.

The created dynamic interfaces are bound to an interface group for a specific WLAN profile in a Cisco Wireless LAN Controller. You have noticed duplicated multicast streams on the wireless medium for the given WLAN profile. Which statement is correct?

• A. Global multicast mode, globai 1Pv6 config, and multicast listener discovery snooping have not been enable
• B. Enable this to avoid duplicate streams.
• C. Global multicast mode and internet group management protocol snooping have not been enable
• D. To avoid stream enable both .
• E. The controller creates different multicast groups IDs for each multicast address and VLAN and a result the upstream router sends one copy for each VLA
• F. Enable Multicast VLAN to avoid duplicate streams.
• G. The controller always uses layer 3 multicast group 10 for all layer 3 multicast traffic sent to the access point internet group management protocol snooping should be disabled to avoid duplicate streams.

Answer: C

NEW QUESTION 24
Which two statements about a FlexConnect AP are true? (Choose two )

• A. In connected mode the AP provides minimal information about the locally authenticated client to the controller.This information is not available to the controller policy type, access VLAN, VLAN name supported rates, encryption cipher
• B. In connected mode the access pant provides minimal information about the locally authenticated client to the controller; However, the following information is available to the controller policy type access VLA
• C. VLAN name supported rates and encryption cipher
• D. Careful planning must be undertaken when setting up local authentication as it increases the latency requirements of the branch officeSetting up local authentication in connected mode is the fastest way of enabling wireless at a remote location as it does not require any WLAN configuration
• E. Local authentication can be enabled only on the WLAN of a FiexConnect AP that is in local switching mode

Answer: AB

NEW QUESTION 25
When creating a guest account on Cisco identity Services Engine .Which option in the sponsor portal allows for the guest credentials to be used for RADIUS authentication without requiring the guest user to log into the guest portal?

• A. Set the Guest role to Guest
• B. Set the Guest role to Activated guest
• C. Set the Time Profile to Radius 1Day
• D. Check the box to send email not send email notification id the guest user name is based on the email address.

Answer: B

NEW QUESTION 26
DRAG DROP

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

Reference: http://www.cisco.com/en/US/docs/wireless/wcs/7.0MR1/configuration/guide/maps.html#wp10758 63

NEW QUESTION 27
Which statement about ACLs used on a Cisco WLC is true?

• A. A WLAN ACL will override an interface access-list.
• B. An interface ACL will override a WLAN ACL.
• C. A WLAN ACL will get applied first followed by an interface ACL.
• D. An interface ACL will get applied first followed by a WLAN AC

Answer: A

NEW QUESTION 28
......