Proper study guides for Update Cisco CCIE Wireless Written Exam certified begins with Cisco 400-351 preparation products which designed to deliver the Virtual 400-351 questions by making you pass the 400-351 test at your first time. Try the free 400-351 demo right now.
NEW QUESTION 1
Refer to the exhibit.
You are configuring an autonomous AP in WGB mode. You configure d1 radio as shown in the exhibit. Which commands must you use on the root bridge to ensure the successful negotiation of a link?
- A. RB(config-if)# interface d0RB(config-if)# channel 5180 5200 5220 5240
- B. RB(config-if)# interface d1RB(config-if)# mobile station 5180 5200 5220 5240
- C. RB(config-if)# interface d1 RB(config-if)# mobile station 5180
- D. RB(config-if)# interface d1 RB(config-if)# channel 5180
Answer: D
NEW QUESTION 2
Which two IEEE standards improve roaming performances when supported by the wireless infrastructure and the clients? (Choose two.)
- A. 802.11k
- B. 802.11h
- C. 802.11e
- D. 802.11v
- E. 802.11i
Answer: AE
NEW QUESTION 3
Refer to the exhibit.
It was taken from the switch where the Cisco WLC connects to and for which the switch port to the Cisco WLC is configured to trust CoS The customer has an SSID in place for their VoWLAN whose QoS profile has been set to Platinum When the IP packet egresses the switch to which the Cisco WLC is connected the switch interfaces are configured to use the mis qos trust dscp command but a packet
trace on the far end reveals that the DSCP marking is set to AF41 and not to EF Which option can cause the IP packet to be remarked to the lower QoS value?
- A. A switch in the path remarks the binary value in the packet to 011 010.
- B. The DSCP configuration on the Cisco WLC is set to a DSCP of AF41.
- C. A policy map is applied to an interface by using the violate-action policed-dscp-transmit command.
- D. The CoS-to-DSCP mapping is incorrec
Answer: D
NEW QUESTION 4
Harry is a network engineer for a company, he is now upgrading a large autonomous WLAN deployment to LWAPP operation. He has successfully imported a X.509 self-signed certificate into the WLC. But, when he tries to add additional self-signed certificates, the WLC GUI reports a "Failed to Add entry" error.
Which command can diagnose the root cause of this problem?
- A. Show wps summary
- B. Show database summary
- C. Show exlusionlist
- D. Show sysinfo
Answer: B
NEW QUESTION 5
You have a HDX deployment that has multiple rogue clients and multiple Wi-Fi interferers that consume an MSE location license. Which two settings must you configure to prevent allocating licenses to the rogue clients and the multiple Wi-Fi interferers? (Choose two)
- A. RSSI Cutoff for Probing Clients
- B. Load Balancing
- C. Duty Cycle Cutoff Interferers
- D. Probe Request Forwarding
- E. Band Select
Answer: AC
NEW QUESTION 6
Which two option describe implication of deploying autonomous APs in repeater mode? (Choose two)
- A. The Ethernet port is disabled in repeater mode
- B. You can configure multiple VLANs on repeater access point
- C. You should disable Cisco Aironet extensions on the parent(root) AP and on the repeater APs
- D. The infrastructure SSID should be assigned to the native VLAN
Answer: AD
NEW QUESTION 7
Which statement about wireless LAN security in a Cisco Unified Wireless Network VoWLAN deployment is false?
- A. EAP-FAST, if available, is the recommended EAP type for use in VoWLAN deployments.
- B. Although LEAP is considered secure for VoWLAN handsets when correctly deployed, it is recommended that a different EAP method (FAST, PEAP, TLS) is used, if available.
- C. Dynamic WEP mitigates the security weaknesses in static WEP, making it a viable option that can be relied upon to secure a VoWLAN deployment.
- D. When using EAP authentication, the EAP-Request timeout value should be adjusted based only on the advice of the VoWLAN handset vendor.
- E. When using WPA Personal, strong keys should be used to avoid a dictionary attac
Answer: D
NEW QUESTION 8
You have configured video stream on a Cisco WLC and users are now viewing the company video broadcast over the wireless network how can you verify you have video stream configures and working in the cisco WLC GUI?
- A. The multicast status shows "normalmulticast" in the multicast group detail
- B. The multicast status shows "MediaStream allowed" in the multicast group detail
- C. The WMM state shows "Enabled" into the clients detai
- D. The multicast status shows "multicast-direct allowed" in the multicast group detail
Answer: D
NEW QUESTION 9
Which two configuration are required on the Cisco 5760 WLC to ensure that APs will successfully join the Cisco WLC? (Choose two)
- A. Enable IP DHCP SNOOPING TRUST on the wireless controller port-channel interface
- B. Activate the apocopate Right-to-use AP license on the wireless LAN controller
- C. Ensure that port-fast is enabled on each access point switch port
- D. Ensure accurate configuration of the correct time and date on the wireless LAN controller
Answer: BD
NEW QUESTION 10
You are the wireless administrator for ACME corporation. You must configure a Cisco Catalyst 3850 Series Switch to work as mobility agent to allow access point association to this switch. Which statement about this scenario is true?
- A. Access points must be connected to an access port that has the access VLAN configured to be the same as the service port VLAN on the Catalyst 3850 switch.Access points must be connected to a trunk port with the native VLAN set to 1 in order to join the WLC on the Catalyst 3850 switch.
- B. Access points must be connected to an access port with the access VLAN configured to the same as the wireless management VLAN on the Catalyst 3850 switch.
- C. Access points must be connected to an access port that has the access VLAN configured to be the same as the management VLAN for the switch stack.
- D. Access points must be connected to an access port with the access VLAN configured to be any VLAN that has a Layer 3 interface (SVI) on the Catalyst 3850 switch.
Answer: C
Explanation:
https://mrncciew.com/2013/09/29/getting-started-with-3850/
https://supportforums.cisco.com/document/146996/getting-started-wlc-5760-and-3850
NEW QUESTION 11
Refer to the exhibit,
based upon the given configuration which two statement are true? (choose two)
- A. local RADIUS server is used
- B. No password is required everyone can join wireless network
- C. Users will be required to provide a username and password for authentication
- D. User will be required to provide a password only order to get access
- E. Remote RADIUS servers is used
Answer: AC
NEW QUESTION 12
Refer to the exhibit.
This portion of configuration refers to a multiple SSIDA/LAN configuration of a Cisco IOS AP with just one radio. Which statement is correct?
- A. The AP must have subinterfaces 80 81 and 82 configured, on the Radio 1 and Ethernet interfaces
- B. You can use dot11 mbssid globally to allow broadcast of multiple SSID
- C. or you can do it on individual radios with the command mbssid guest-mode
- D. The configuration does not allow for non-corporate clients to connect to any SSID Guest traffic therefore will not be allowed
- E. The SSID "EAP" will allow clients to connect to it using EAP-TLS as the authentication method However, in this scenario ISE is the only supported external RADIUS server
Answer: B
NEW QUESTION 13
A wireless engineer has completed the configuration of the QoS profiles on the WLC and has assigned them to the WLANs The engineer applies the profiles, tests them, and notices that traffic is blocked for some of the WLANs. Which problem is true?
- A. The QoS profiles have 802 1p tagging disabled and the WLANs that are assigned use tagged interfaces on the controller.
- B. The QoS profiles and the traffic restrictions of the WLANs are different
- C. The QoS profiles have 802 1p tagging configured, and the WLANs that are assigned use untagged interfaces on the controller.
- D. AVC must be enabled for the QoS profiles to work property
Answer: A
NEW QUESTION 14
While configuring the root access point for WGB connectivity, the IT admin issues the no infrastructure client command. Which impact of this command is true?
- A. The SSID must be marked as infrastructure SSID when this command is in use or the WGB cannot connect
- B. This command adds reliability to the multicast packet delivery from the access point to WGB
- C. This command enables multi-VLAN support for the clients behind WGB
- D. This command allows more than 20 WGBs to associate with the same access point
Answer: D
NEW QUESTION 15
You have received a new Cisco 5760 Controller and have gone through the initial startup wizard. You are now trying to add APs to the controller, but these are not joining.
Which three checks should you do next? (Choose three.)
- A. Check that the radios are not in a shutdown state.
- B. Check the country code of the controlle
- C. The APs do not join the controller if the country code does not match.
- D. Check that the correct time is set on the controller.
- E. Check that option 53 has been set in the DHCP scope.
- F. Check that the controller has enough AP licenses.
- G. Check that the controller has been configured with the correct hostnam
- H. Otherwise, DNS resolution fails.
Answer: BCE
Explanation:
NEW QUESTION 16
As per the 802.11ac standard which statement about MU-MIMO is true?
- A. MU-MIMO can be used in both directions, downstream and upstream
- B. MU-MIMO can be used only in the downstream direction.
- C. MU-MIMO was introduced in 802 11ac Wave 1
- D. MU-MIM can be used only in the upstream direction
Answer: B
NEW QUESTION 17
Which statement about the integration of ISE with Cisco Prime Infrastructure version 2.2 is true?
- A. Cisco Prime Infrastructure can display ISE profiling attributes for authenticated and un authenticated clients.
- B. Cisco Prime Infrastructure can collect client authentication details from up to three configured ISE servers.
- C. ISE can be added to Cisco Prime Infrastructure only using user credentials of admin user configured locally on ISE
- D. When two instances of ISE are added to Cisco Prime Infrastructur
- E. One must be working in secondary mode.
Answer: D
Explanation:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/user/guide/pi_ug.pdf
NEW QUESTION 18
Which statement best describes MAC authentication?
- A. The MAC address is used in place of the username in the EAP certificate exchange.
- B. If WEP is used as a key cipher, the MAC address may be used in the key hash.
- C. The MAC address can be spoofed, so it is insecure.
- D. Users will not be able to connect unless some form of encryption is also use
Answer: C
NEW QUESTION 19
Refer to the exhibit.
Which security method is the wireless workgroup bridge with this configuration going to use to establish its wireless connection?
- A. WPA2-AES with LEAP over 5 Ghz
- B. WPA2-AES with EAP-FAST over 5 Ghz
- C. WPA2-AES with EAP-FAST over 2 4 Ghz
- D. WPA2-AES with PEAP over 5 Ghz
Answer: A
NEW QUESTION 20
Which AireOS release is the first to support New Mobility on the Cisco 2504 WLC?
- A. 8.0x
- B. 8.1x
- C. 7.6x
- D. 7.4
Answer: A
Explanation:
http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html http://www.cisco.com/c/en/us/support/docs/wireless/2500-series-wireless-controllers/113034- 2500-deploy-guide-00.html
NEW QUESTION 21
A network administrator is troubleshooting a wireless client connection problem on an autonomous deployment The SSID is configured to use dotlX methods. Which statement is true?
- A. The client has passed open authentication but it has not yet passed the dotlX authentication phase
- B. The client has passed open authenticatio
- C. dotlX authentication, and the four-way handshake.
- D. The client has no open authentication and has passed the dotlX authentication process Only the GTK must be processed now
- E. The client has passed open authentication and dotlX authentication The four-way handshake is the next step in the process
Answer: D
NEW QUESTION 22
You have a Cisco ISE deployment that controls wireless access. Which two actions cause the ISE policy service to issue a CoA? (Choose two.)
- A. An endpoint is assigned to a new policy statically
- B. An endpoint is created through the Guest Device Registration flow
- C. An endpoint is profiled for the first time.
- D. An endpoint is disconnected from the network
- E. Packet-of-Disconnect CoA (Terminate Session) is issued when a wireless endpoint is detecte
Answer: AC
NEW QUESTION 23
What two statements are true with regards to the UNII brands? (Choose two)
- A. All channels in the UNII-2 band require DFS and TPC
- B. The UNII-3 band provides channel that ate spaced 20 MHz apart
- C. The channels in UNII-3 band require DFS and TPC
- D. The UNII-1band provides 4 non-overlapping channels
- E. Different channels within the UNII-1band have different restrictions including transmit power antenna gain antenna style usage
Answer: AD
NEW QUESTION 24
You are trying to connect a Cisco wireless phone to your network Based on the device manual. Admission Control must be enabled on the wireless network for the device to connect When you enable Admission Control you get an error message and the operation is aborted What is the root of the problem?
- A. Admission Control is an unsupported feature of Cisco APs unless the client supports CCXv5
- B. You cannot enable Admission Control if the radio is enabled
- C. Admission Control is not supported in all radios Verify that the wireless phone is connecting to the correct radio
- D. The wireless phone is incompatible with the wireless infrastructure
Answer: B
NEW QUESTION 25
Which two IEEE protocols combined provide a wireless client with optimized Fast Secure Network Assisted Roaming? (Choose two)
- A. 802. llw
- B. 802.llh
- C. 802.112
- D. 802.lie
- E. 802.11k
- F. 802.llr
Answer: EF
Explanation:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/5700/software/release/ios_x e_33/11rkw_DeploymentGuide/b_802point11rkw_deployment_guide_cisco_ios_xe_release33/b_8 02point11rkw_deployment_guide_cisco_ios_xe_release33_chapter_010.html?referring_site=RE&po s=1&page=http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/5700/software/rel ease/ios_xe_33/11rkw_DeploymentGuide/b_802point11rkw_deployment_guide_cisco_ios_xe_rele ase33/b_802point11rkw_deployment_guide_cisco_ios_xe_release33_chapter_01.html http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design- Guide/Enterprise_Mobility_8-1_Deployment_Guide/Chapter- 11.html?referring_site=RE&pos=2&page=http://www.cisco.com/c/en/us/td/docs/wireless/controlle r/technotes/5700/software/release/ios_xe_33/11rkw_DeploymentGuide/b_802point11rkw_deploy ment_guide_cisco_ios_xe_release33/b_802point11rkw_deployment_guide_cisco_ios_xe_release33
_chapter_01.html
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116493-technotetechnology- 00.html
NEW QUESTION 26
A corporation has a Cisco 5520 WLC running software 8.x configured with US country code. They have recently purchased 20 AIR-AP3702I-UXK9 APs to replace older APs in one of their branch offices After those are deployed, users report that they can no longer access SSIDs that are operating on the
5 GHz band. Which cause of this problem is true?
- A. The 5 GHz radio operates in rogue detection mode and cannot be changed to any other station role until the APs are primed
- B. The 5 GHz radio operates in scanner mode until the APs are primed
- C. The network administrator must disable the 5 GHz radio interfaces and re-enable them on every UX AP to make the 5 GHz radios operational on all UX APs
- D. The 5 GHz radio is in down state until the APs are primed
Answer: B
NEW QUESTION 27
DRAG DROP
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 28
Which three types of ACLs are supported by the Cisco 5760 WLC? (Choose three.)
- A. Port ACLs.
- B. VLAN ACLs(VLAN maps).
- C. Router port ACLs.
- D. AP Radio ACL Switch port ACLs.
- E. Router ACL
Answer: ABE
Explanation:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/5700/software/release/3se/security/con figuration_guide/b_sec_3se_5700_cg/b_sec_1501_3850_cg_chapter_01010.html#ID63
ACL Precedence Port ACLs Router ACLs VLAN Maps
NEW QUESTION 29
Refer to the exhibit
the autonomous AP has a corporate and guest SSID configured . The security team requested that you limit guest user traffic to DHCP ,DNS, and web browsing on the AP. which configuration best satisfies the request?
- A. access-list 101permit udp any any eq 67 access-list 101permit udp 10.28.128.0 0.0.0.255 host 10128.10.15 eq 53 access-list 101 permit tcp 10.28.128.0.0.0.0.255 any eq 80 access-list 101 deny ip any any interface dot11radio 0 ip access-group 101 in
- B. access-list 101permit udp any any eq 67 access-list 101permit udp 10.28.128 0.255.255.255 host 10128.10.15 eq 53 access-list 101permit tcp 10.28.128 0.255.255.255 any eq 80 access-list 101deny ip any any interface dot11radio 0 ip access-group 101in
- C. access-list 101 perm1t udp any any eq 67 access-list 101 per mit udp 10.28.128.0 0.0.0.255 host 10128.10.15 eq 53 access- l1st 101 permit tcp 10.28.128.0 0.0.0.255 any eq 80 access-list 101 deny ip any any interface fast Ethernet 0 ip access-group 101 in
- D. access-list 101 permit udp any anyeq 67 access-list 101 permit udp 10.28.128 0.255.255.255 host10128.10.15 eq 53 access-list 101 permit tcp 10.28.128 0.255.255.255 any eq 80 access-list 101 deny ip any any interface fast Ethernet 0 ip access-group 101 in
Answer: C
NEW QUESTION 30
Refer to the exhibit.
You enabled NAT to make sure that your WLC is publicly reachable If other NAT parameters are left to default which statement is true?
- A. The AP WLC discovery fails for APs in local mode using 209.165.200.44
- B. The AP WLC discovery succeeds for OEAPs joining the WLC using 192.168.3.44.
- C. The AP WLC discovery fails for APs in local mode using 192.168.3.44.
- D. The AP WLC discovery succeeds for OEAPs joining the WLC using 192.168.3.44 or 209.165.200.44.
Answer: A
NEW QUESTION 31
......
Recommend!! Get the Full 400-351 dumps in VCE and PDF From Certifytools, Welcome to Download: https://www.certifytools.com/400-351-exam.html (New 393 Q&As Version)