Braindumps questions

(1)

Braindumps.350-050.259 questions.

Number: 350-050 Passing Score: 800 Time Limit: 120 min File Version: 8.1

http://www.gratisexam.com/

350-050

CCIE™ Wireless Written (v2.0)

Dumps still valid, cleared today.

Make yourself wise and talented with studies and look out for the video lectures for your exam because they are perfect to train

you for the exam and its modules.

By this you can will be able to determine some troubleshooting techniques which you need to learn as it will help you scenarios

on the exam . So I’m pretty happy with it.

(2)

(3)

Exam A QUESTION 1

Which two security features are associated with a wireless network employing 802.11i configured as a Robust Security Network? (Choose two.) A. WEP B. AES-CCMP C. 802.11x D. IPsec E. TKIP F. 802.1x Correct Answer: BF Section: (none) Explanation Explanation/Reference: QUESTION 2

Which statement about heat maps on Cisco WCS is true?

A. They are predictive and rely only on the accuracy of the information that is provided with the map. B. They are based on real-time actual values if Cisco Compatible Extensions is enabled on the APs. C. They are predictive but can be converted to real values by using the Refresh from network button. D. They are based on real-time actual values because of fingerprinting.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

QUESTION 3

Which environmental phenomena can cause considerable degradation to your wireless signals? A. multipath, reflection, scattering, refraction

(4)

B. multipath, alpha particles, diversity, absorption C. multipath, cosmic radiation, free path loss, scattering D. multipath, convergence, refraction, gamma rays Correct Answer: A

Section: (none) Explanation

QUESTION 4

You are working for a South American services integrator. Your customer has a working unified Cisco WLC solution in Costa Rica (-A domain). You need to integrate an office in Panama (-N domain); correct APs are already deployed for this domain. Which approach do you take?

http://www.gratisexam.com/

A. Do nothing. These APs will work on the same Cisco WLC because the countries are neighbors. B. Change the APs in the Panama office to AIR-CAP3502E-N-K9, which have external antennae. C. Use the config domain add -N command on the Cisco WLC.

D. Add the country code for Panama (PA) through the Cisco WLC web GUI. Correct Answer: D Section: (none) Explanation Explanation/Reference: best answer. QUESTION 5

Which role does the Wi-Fi Alliance fulfill regarding WLANs?

(5)

B. maintains and creates the protocol standards by which wireless devices work

C. ensures that wireless products that are available to consumers provide the features that the products claim to have D. creates strict regulations

Correct Answer: C Section: (none) Explanation

QUESTION 6

One of your customers is thinking of deploying wireless in a building. Which two items should you establish in a pre-site survey? (Choose two.) A. the exact channels that should be used

B. the agreed coverage areas for the design

C. the access security arrangements for getting into the building

D. the type of deployment (data-only service, voice service, or location services) E. sources of RF interference Correct Answer: BD Section: (none) Explanation Explanation/Reference: QUESTION 7

On AIR-CAP3500 Series APs, which AP mode allows you to intensively analyze the frequency spectrum and detect interferers? A. Sniffer B. Monitor C. SE-Connect D. Analyzer E. Rogue Detector Correct Answer: C Section: (none)

(6)

Explanation

QUESTION 8

Your site has already been surveyed at 5 GHz for 802.11n VoWLAN services. Which services can you add safely, without conducting an additional site survey? (Choose two.)

A. enhanced Layer 2 or Layer 3 security of the WLAN

B. optional MFP client protection for Cisco Client Extensions Version 5 clients C. 802.11n data services on the 2.4 GHz Frequency

D. 802.11n voice services on the 2.4 GHz Frequency E. new services (such as location) on both frequencies Correct Answer: AB Section: (none) Explanation Explanation/Reference: correct answer. QUESTION 9

Which type of indoor Cisco AP should you deploy to make use of spatial multiplexing? A. AIR-LAP1242AG B. AIR-BR1310G C. AIR-LAP1131AG D. AIR-LAP1252AG E. AIR-LAP1524AG Correct Answer: D Section: (none) Explanation Explanation/Reference:

(7)

You are a wireless network administrator for a company that has installed a network that is based on Cisco WLC and uses Aironet 1140 Series APs. The clients are using the 2.4 GHz band and WPA TKIP for Layer 2 security. The president of the company reads a news article on the benefits of 802.11n and wants to deploy it at the office so that the company can use data rates of up to 150 Mb/s. What should you tell the president?

A. You need to change your Layer 2 security policy to WPA2 AES to achieve the 300 Mb/s data rate. B. You need to purchase different APs because the 1140 Series supports only up to 54 Mb/s. C. You need to change the client Layer 2 security to WPA2 TKIP.

D. You need to change the client Layer 2 security to open. E. 802.1n data rates are possible only on 5 GHz.

F. 802.11n data rates are possible with the current client Layer 2 security, but for a theoretical data rate of 300 Mb/s, you need to use channel bonding, which is not recommended on the 2.4 GHz band.

QUESTION 11

You have been hired to conduct a predeployment indoor wireless site survey. Which item is not needed before starting the project?

http://www.gratisexam.com/

A. a statement of work that details the areas of the facility in which the customer wants to deploy wireless B. architecture drawings of the facility

C. topographical maps

D. a list of client devices and applications that will use wireless at the facility E. Layer 2 security requirements for the WLAN

Correct Answer: C Section: (none)

(8)

Explanation

Explanation/Reference: absolute answer.

QUESTION 12

Which regulatory body develops standards for European information and communication technologies? A. European Union

B. European Telecommunications Standards Institute

C. European Radio and Telecommunications Terminal Equipment Directive D. International Organization for Standardization

Correct Answer: B Section: (none) Explanation Explanation/Reference: appropriate answer. QUESTION 13

ABC Company end users are reporting voice roaming issues. Which two situations are possible causes? (Choose two.)

A. The RF coverage cells have only 10-percent overlap; 15- to 20-percent cell overlap is typically needed for seamless roaming. B. The RF coverage is colocated.

C. There is interference from a 5 GHz DECT-like phone.

D. The RF coverage cells have only 20-percent overlap; 25- to 30-percent cell overlap is typically needed for seamless roaming. E. There is interference from the cellular network.

Correct Answer: AC Section: (none) Explanation

QUESTION 14

After interviewing the customer to understand its wireless client requirements, you determine that 802.11b must be enabled to support legacy clients within a mixed-mode environment. What recommendation will have the greatest mitigation on the effects of 802.11b clients on the rest of the network?

(9)

A. Restrict the use of OFDM modulation. B. Make 11 Mb/s the lowest mandatory rate. C. Enable a separate SSID for 802.11b clients. D. Enable short preamble.

Correct Answer: B Section: (none) Explanation

QUESTION 15

When conducting a greenfield RF site survey with multiple APs, which information element should be enabled to ensure your site survey software will display the hostname of each AP?

A. IE 0 B. IE 1 C. IE 133 D. IE 221 Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 16

Corporation XYZ has 25 buildings (with a total of 12000 employees) and would like to implement a single SSID across their entire site. Which feature would be helpful to prevent wireless internet access from 1 of the 25 buildings?

A. AP groups B. AAA override C. WLAN override D. MAC filtering Correct Answer: A

(10)

Explanation/Reference: reliable answer.

QUESTION 17

Which IEEE standard allows for the use of multiple 2-MHz communication channels within the 2.4-GHz spectrum? A. 802.14 B. 802.15.4 C. 802.16.1 D. 802.18 E. 802.19 Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 18

While reviewing data gathered during a passive RF site survey for an existing network of Cisco Aironet 1260 Series Access Points, you discover a high amount of potential co-channel interference throughout the network. Which two of these are potential causes? (Choose two.)

A. an inconsistent beacon interval B. EDRRM is not enabled

C. the APs are placed too close together D. a static channel plan is used

E. the radio policy is inadvertently set identically for all SSIDs Correct Answer: CD

(11)

QUESTION 19

You are tasked with creating a controller-based high-density RF design. Which three factors determine the cell size? (Choose three.) A. antenna type

B. ClientLink support C. basic data rate D. TPC threshold setting E. AP placement F. free space path loss Correct Answer: ACD Section: (none) Explanation

Explanation/Reference: real answer.

QUESTION 20

You are configuring an autonomous wireless guest network for your customer. The customer requires that guest users be unable to communicate with one another. Which solution best meets this requirement?

A. public secure packet forwarding on the AP and switch-port protected on the AP switch port B. public secure packet forwarding on the AP and limiting the AP switch port to the guest VLAN only C. port security on the AP and 802.1X on the AP switch port

D. MAC filtering on the AP radio interface and switch-port protected on the AP switch port

E. public secure packet forwarding on the AP and configuring the guest VLAN on the switched network as a private VLAN Correct Answer: E Section: (none) Explanation Explanation/Reference: best answer. QUESTION 21

What is the advantage of EAP-FAST compared to LEAP?

A. EAP-FAST exchanges user credentials within a TLS tunnel whereas LEAP exchanges credentials information in clear, which allows possible offline "dictionary attacks."

(12)

B. EAP-FAST allows authenticated in-band PAC provisioning, whereas LEAP uses anonymous in-band PAC provisioning, which is transparent to the user. C. LEAP only supports user and password changes in conjunction with CHAPv2, whereas EAP-FAST supports user and password changes when using

MS-CHAPv2 or OTP or PAC.

D. EAP-FAST works with the 802.11 authentication algorithm "open eap," and also with "network-eap," whereas LEAP is limited to the 802.11 authentication algorithm "network-eap" only.

QUESTION 22

Which two statements are not correct about client MFP? (Choose two.)

http://www.gratisexam.com/

A. Client MFP can replace infrastructure MFP if only CCXv5 clients are used.

B. Client MFP encrypts class 3 unicast management frames using the security mechanisms defined by 802.11i. C. In order to use client MFP, the client must support CCXv5 and negotiate WPA2 with AES- CCMP or TKIP. D. The only supported method to obtain the pre-user MFP encryption keys is EAP authentication.

E. The CCXv5 client and access points must discard broadcast class 3 management frames. Correct Answer: AD Section: (none) Explanation Explanation/Reference: actual answer. QUESTION 23

(13)

three.)

A. The maximum effective AP spacing should be between 40 feet and 70 feet. B. There should be a minimum of two APs within range of each client.

C. APs at the perimeter of the coverage area need to be deployed. D. The physical placement of APs must be collinear.

E. Equilateral triangle placement of the APs yields better accuracy. Correct Answer: ACE

Explanation/Reference: best answer.

QUESTION 24

You are designing a wireless infrastructure for an enterprise customer in the busy international banking district of Tokyo. All the client adapters are fairly modern, so you have turned off 802.11b speeds to reduce the size of your cells. Which channels will you choose to make optimum use of the available spectrum?

A. 1, 5, 9, 13 B. 1, 6, 11 C. 1, 6, 11, 14 D. 1, 4, 7, 11, 14 E. 1, 5, 9 Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 25

Which three are equivalent forms of the IPv6 address 2011:0000:0000:0000:2010:0000:0000:000F? (Choose three.) A. 2011:0:0:0:2010:0:0:F

B. 2011::2010::000F

(14)

D. 2011::2010:0:0:F

E. 2011::201:0000:0000:000F F. 2011::201:0010:0010:000F Correct Answer: ACD Section: (none) Explanation

QUESTION 26

Which of the following is not a valid IPv6 address type? A. link-local unicast B. unique-local unicast C. anycast D. multicast E. broadcast Correct Answer: E Section: (none) Explanation Explanation/Reference: proper answer. QUESTION 27

To avoid classification at all switches within a QoS domain, a switch port may be configured in a trusted state. Which two statements are true regarding the trust state configuration of a switch port? (Choose two.)

A. When mls qos trust is not configured on the port, the default port trust state is DSCP. B. When mls qos trust is not configured on the port, the default port trust state is CoS. C. The port trust state can be CoS or DSCP only.

D. When mls qos trust cos is configured on the port, the port default CoS value is used for an untagged packet.

E. When mls qos trust cos is configured on the port, the switch classifies an ingress packet by using the packet CoS value. Correct Answer: DE

(15)

QUESTION 28

Which aggregate of the IPv6 addresses 2001:0303:0000:5000:0000:052B:0000:0000/96 and 2001:0303:0000:5000:0000:052C:0000:0000/96 has the longest possible mask? A. 2001:0303:0000:5000:0000:052A:0000:0000/96 B. 2001:0303:0000:5000:0000:052A:0000:0000/95 C. 2001:0303:0000:5000:0000:0528:0000:0000/93 D. 2001:0303:0000:5000:0000:0520:0000:0000/92 Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 29

Which two protocols or processes can be used for a switched network to control distribution of multicast traffic at Layer 2? (Choose two.) A. PIM B. CGMP C. IGMP v2 D. IGMP v3 E. IGMP snooping Correct Answer: CE Section: (none) Explanation Explanation/Reference: Answer is verified. QUESTION 30

(16)

A router has two interfaces: Ethernet 0 is connected to the LAN and Ethernet 1 is connected to the Internet. The LAN is 20.20.20.0/24. All hosts on the LAN must be able to form TCP connections to any host on the Internet. Hosts on the Internet may not form TCP connections to hosts on the LAN, except to port 25 of a mail server on the LAN. The web server IP address is 20.20.20.100. Which configuration fulfills all the requirements?

A. interface ethernet 1 ip access-group 123 in !

access-list 123 permit tcp any 20.20.20.0 0.0.0.255 access-list 123 permit tcp any host 20.20.20.100 eq 25 B. interface ethernet 1

ip access-group 123 in !

access-list 123 permit tcp any 20.20.20.0 0.0.0.255 established access-list 123 permit tcp any host 20.20.20.100 eq 25 C. interface ethernet 1

access-list 123 permit tcp any host 20.20.20.100 eq 25 access-list 123 deny tcp any 20.20.20.0 0.0.0.255 D. interface ethernet 1

access-list 123 deny tcp any 20.20.20.0 0.0.0.255 access-list 123 permit tcp any host 20.20.20.100 eq 25 E. interface ethernet 1

access-list 123 permit tcp any host 20.20.20.100 eq 25 access-list 123 permit tcp 20.20.20.0 0.0.0.255 any access-list 123 deny tcp any 20.20.20.0 0.0.0.255 Correct Answer: B

QUESTION 31

Cisco WiSM controllers have multiple interface types. Which three statements about the interface types of the controllers are true? (Choose three.) A. The service-port interface is the default interface for in-band management of the controller.

B. If the service port is in use, then the management interface must be on a different subnet than the service port. C. You cannot ping the AP-manager interface.

(17)

E. The management interface is used as the source IP address for all Layer 3 communications between the controller and the lightweight APs. F. On the Cisco WiSM, the management interface is used to synchronize the supervisor engine and the Cisco WiSM.

Correct Answer: BCD Section: (none) Explanation

QUESTION 32

You have 2 WLCs with management IP addresses of 192.168.11.5 and 192.168.11.6 respectively. Your APs reside on a different subnet. Which of the below DHCP options needs to be configured?

A. option 43 hex f102c0a80b05c0a80b06 B. option 43 hex f108c0a80b05c0a80b06 C. option 43 hex f102c0a81105c0a81106 D. option 43 hex f108c0a81105c0a81106 Correct Answer: B Section: (none) Explanation Explanation/Reference: appropriate answer. QUESTION 33

Which two statements about the IPv4 ToS byte are true? (Choose two.) A. The ToS byte is located in the Layer 2 header.

B. The ToS byte is located in the Layer 3 header. C. The DSCP values range from 0 to 7.

D. The IP precedence and the DSCP fields have two overlapping bits.

E. The class selector in the DSCP field is defined for backward compatibility with IP precedence. Correct Answer: BE

(18)

QUESTION 34

Which three protocols does IEEE 802.1X access control allow until the client is authenticated? (Choose three.) A. Cisco Discovery Protocol

B. VLAN Trunking Protocol C. Spanning Tree Protocol

D. Extensible Authentication Protocol over LAN E. Dynamic Host Control Protocol

Correct Answer: ACD Section: (none) Explanation

QUESTION 35

Cisco WiSM controllers have multiple interface types. Which two interfaces must be present and configured at setup time? (Choose two.) A. virtual B. virtual gateway C. service port D. operator defined Correct Answer: AC Section: (none) Explanation Explanation/Reference: QUESTION 36

IN CUWN, what DHCP option needs to be configured for APs to join specific WLCs, if the WLCs and APs reside in different subnets? A. option 43

(19)

C. option 82 D. option 150 Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 37

When LAG is enabled, all ports participate in LAG by default. Which statement about LAG is true? A. The failure of one link affects only management access, not traffic throughput.

B. If any single link fails, traffic will automatically migrate to the remaining links.

C. If only two switch ports are in the LAG group, and one switch port fails, then the other switch port will fail also. D. If there are only two LAG connections, then all VLANs must be allowed.

Correct Answer: B Section: (none) Explanation Explanation/Reference: Answer is updated. QUESTION 38

Two switches are connected by an EtherChannel. Which setting does not have to match on the connected ports in order to form an EtherChannel? A. the allowed VLAN list

B. the spanning-tree PortFast settings C. DTP negotiation settings

D. the native VLAN

E. the spanning-tree port priorities for each VLAN Correct Answer: C

(20)

QUESTION 39 Refer to the exhibit.

Which two statements are true? (Choose two.)

A. 10.10.10.9 is the IP address of the multicast source. B. 10.10.10.9 is the IP address of the multicast receiver. C. 10.10.10.9 is the RP address for multicast group 239.5.5.5.

D. The Ethernet 0/0 interface of the router and 10.10.10.9 are in the same broadcast domain.

E. The Ethernet 0/0 interface of the router and 10.10.10.9 do not need to be in the same broadcast domain. Correct Answer: BD Section: (none) Explanation Explanation/Reference: sophisticated answer. QUESTION 40

DSCP values can be expressed in decimal form or by PHB. Which PHB is the equivalent of DSCP 20? A. AF20

B. AF22 C. AF26 D. AF28

(21)

QUESTION 41

You are configuring a TACACS+ server and the security team asks you for details about this protocol. Which three statements about the TACACS+ protocol are true? (Choose three.)

A. It is TCP based. B. It is UDP based.

C. It uses port 49 by default. D. It uses port 59 by default.

E. The username is sent in cleartext. F. The username is encrypted. Correct Answer: ACF

(22)

All the guest users that associate to the guest SSID on the Cisco WLC are receiving this message from their browser each time that they try to reach an Internet website. Which two changes will allow the guest users to avoid this message in a simple and secure way? (Choose two.)

A. Generate and install a new certificate for the Cisco WLC web-auth, signed by the Cisco CA.

B. Configure a FQDN in the management interface of the Cisco WLC and add that FQDN to the DNS server. C. Configure a FQDN in the virtual interface of the Cisco WLC and add that FQDN to the DNS server. D. Generate and install a new certificate for the Cisco WLC web-auth, signed by a CA trusted by the browser. E. Generate and install a new certificate for the Cisco WLC web-auth, signed by the local CA.

Correct Answer: CD Section: (none) Explanation

Explanation/Reference: Valid answer.

(23)

QUESTION 43

You are configuring a RADIUS server and the security team asks you for details about this protocol. Which three statements about the RADIUS protocol are true? (Choose three.)

A. It is TCP based. B. It is UDP based.

C. RADIUS servers use port 1645 or port 1812 for authentication. D. RADIUS servers use port 1646 or port 1813 for authorization. E. The username is sent in cleartext.

F. The username is encrypted. Correct Answer: BCE

QUESTION 44

In a bridge-to-bridge setup, the network administrator wants to allow only the root bridge the ability to associate to the non-root bridge. To achieve this goal, the administrator decides to implement a MAC filter. If 0017.dfa6.cdf0 is the MAC address of the root AP (ROOT_AP) and 0017.dfa6.ae13 is the MAC address of the non-root AP (NON-ROOT_AP), which command set will achieve this goal?

A. ROOT_AP# configure terminal

ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 ROOT_AP(config)# dot11 association mac-list 700 B. NON-ROOT_AP# configure terminal

NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 NON-ROOT_AP(config)# dot11 association mac-list 700 C. NON-ROOT_AP# configure terminal

NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.ae13 NON-ROOT_AP(config)# dot11 association mac-list 700 D. NON-ROOT_AP# configure terminal

NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 NON-ROOT_AP(config)# dot11 ssid bridge NON-ROOT_AP(config-ssid)# dot11 association mac-list 700

E. ROOT_AP# configure terminal

ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 ROOT_AP(config)# interface Dot11Radio0 ROOT_AP(config-if)# dot11 association mac-list 700

Correct Answer: B Section: (none)

(24)

Explanation

QUESTION 45

Which two sets of commands will allow multiple SSIDs (each in its own VLAN) to be broadcast on a single radio interface for an autonomous AP? (Choose two.) A. dot11mbssid under the global config section and guest-mode under the SSID config section

B. mbssid under the radio interface and mbssid guest-mode under the SSID config section

C. dot11mbssid under the global config section and mbssid guest-mode under the SSID config section

D. dot11mbssid under the global config section, mbssid under the radio interface, and guest- mode under the SSID config section E. cannot broadcast multiple SSIDs under one radio interface if using multiple VLANs

Correct Answer: BC Section: (none) Explanation

QUESTION 46

Which three statements about workgroup bridges in a unified environment are true? (Choose three) A. Web authentication is not supported for use with workgroup bridges.

B. VLANs are supported for use with workgroup bridges.

C. Wired clients that connect to a workgroup bridge inherit the QoS and AAA override attributes of the bridge.

D. If a workgroup bridge associates to a web-authentication WLAN, then the bridge is added to the exclusion list and all the workgroup bridge wired clients are deleted.

E. The lightweight feature Cisco CKM is supported for use with a workgroup bridge. F. If your AP has two radios, then you can configure both for workgroup bridge mode. Correct Answer: ACD

(25)

Given the following GUI output on an autonomous AP, how many additional infrastructure APs are registered to the Cisco WDS AP that is shown in the exhibit, and which Cisco WDS master AP MAC address is used for the WDS registration process?

A. Zero and 0022.bd1a.0680 B. One and 0022.bd1a.0680 C. Two and 0026.cb53.6d40

(26)

D. Zero and 0026.cb53.6d40 E. One and 0026.cb53.6d40

F. One and 0024.d70c.7ca4 or 001b.7766.d253 Correct Answer: B

QUESTION 48

The QoS implementation for WLANs differs from QoS implementations on other Cisco devices. Which two actions do QoS enabled autonomous bridges perform? (Choose two)

A. They do not classify packets; they prioritize packets based on DSCP value, client type (such as a wireless phone), or the priority value in the 802.1q or 802.1p tag.

B. They construct internal DSCP values and support mapping by assigning IP Differentiated Services Code Point (DSCP), Precedence, or Protocol values to Layer 2 COS values.

C. They do not match packets using ACL; they use only modular quality of service (MQC) class- map for matching clauses.

D. They do not construct internal DSCP values; they only support mapping by assigning IP Differentiated Services Code Point (DSCP), Precedence, or Protocol values to Layer 2 COS values.

Correct Answer: AD Section: (none) Explanation Explanation/Reference: fine answer. QUESTION 49

The QoS implementation for WLANs differs from QoS implementation on other Cisco devices. With QoS enabled on autonomous APs, which two statements are true? (Choose two.)

(27)

http://www.gratisexam.com/

A. Autonomous APs do not prioritize packets; they classify packets based on DSCP value, client type, or the priority value in the 802.1Q or 802.1p tag. B. Autonomous APs do not construct internal DSCP values; they only support mapping by assigning IP DSCP, precedence, or protocol values to Layer 2 CoS

values.

C. Autonomous APs do not support 802.1Q or 802.1p tagged packets.

D. Autonomous APs prioritize the traffic from voice clients over traffic from other clients when the QoS Element for Wireless Phones feature is enabled. Correct Answer: BD Section: (none) Explanation Explanation/Reference: reliable answer. QUESTION 50

When you have an AP in autonomous mode, you can configure the AP to only allow console or Telnet access to authorized users. What is the correct command sequence to achieve RADIUS login authentication via console?

A. configure terminal aaa new-model

aaa authentication login default line console 0

login authentication default

radius-server host 172.10.0.1 auth-port 1645 acct-port 1646 B. configure terminal

aaa new-model

aaa authentication login default group radius line console 0

login authentication default

radius-server host 172.10.0.1 auth-port 1645 acct-port 1646 C. configure terminal

(28)

aaa authentication login default group radius login authentication default

radius-server host 172.10.0.1 auth-port 1645 acct-port 1646 D. configure terminal

aaa new-model

aaa authentication login default group radius line console 0

login authentication default group radius

radius-server host 172.10.0.1 auth-port 1645 acct-port 1646 Correct Answer: B

QUESTION 51

When viewing the configuration of an autonomous AP, you see these SNMP commands: snmp-server community comaccess ro 4

snmp-server enable traps snmp authentication snmp-server host cisco.com version 2c public Which statement about these commands is true?

A. These commands block read-only access for all objects to access list 4 members that use the comaccess community string. All other SNMP managers have access to any objects. SNMPv2c sends SNMP Authentication Failure traps to the host cisco.com, using the public community string.

B. These commands allow write-only access for all objects to access list 4 members that use the comaccess community string. No other SNMP managers have access to any objects. SNMPv2c sends SNMP Authentication Failure traps to the host cisco.com, using the public community string.

C. These commands allow read-only access for all objects to access list 4 members that use the comaccess community string. No other SNMP managers have access to any objects. SNMPv2c sends SNMP Authentication Failure traps to the host cisco.com, using the public community string.

D. These commands allow read-only access to access list 4 members that use the comaccess community string. SNMPv2c sends SNMP Authentication Failure traps to the host cisco.com, using the public community string.

(29)

(30)

(31)

This portion of a Cisco IOS AP configuration refers to a multiple SSID and VLAN configuration. Which statement is false? A. The mbssid guest-mode command allows guest users to connect to the SSID.

B. All SSIDs are broadcast by and visible to clients.

C. The EAP SSID allows client to connect to it by using PEAP as an authentication method.

D. The AP needs to have subinterfaces 80, 81, and 82 configured, both on the radio 0 and Ethernet interfaces. Correct Answer: A

QUESTION 53

Which authentication method is not supported when using the local RADIUS server feature of an autonomous AP? A. EAP-FAST B. EAP-TLS C. LEAP D. MAC Correct Answer: B Section: (none) Explanation Explanation/Reference: reliable asnwer. QUESTION 54 Refer to the exhibit.

(32)

Given this debug output from the debug wlccp wds mn command, which event has occurred? A. A wireless client with an IP address of 192.168.200.33 has joined the Cisco WDS domain.

B. A wireless client with an IP address of 192.168.200.33 has re-associated to the Cisco WDS domain. C. A wireless client has been removed from the Cisco WDS domain.

D. A wireless client has failed authentication. Correct Answer: A

QUESTION 55

You want to prevent a wireless client with a MAC address of 00:40:96:a5:b5:d4 from associating with an autonomous AP. Which commands do you use on the autonomous AP?

(33)

A. dot11 association mac-list 700

access-list 700 deny 0040.96a5.b5d4 ffff.ffff.ffff B. dot11 association mac-list 700

access-list 700 permit 0000.0000.0000 ffff.ffff.ffff access-list 700 deny 0040.96a5.b5d4 0000.0000.0000 C. dot11 association mac-list 700

access-list 700 deny 0040.96a5.b5d4 0000.0000.0000 access-list 700 permit 0000.0000.0000 ffff.ffff.ffff D. dot11 association mac-list 700

access-list 700 deny 0040.96a5.b5d4 ffff.ffff.ffff access-list 700 permit 0000.0000.0000 ffff.ffff.ffff E. none of the above

QUESTION 56

Which set of steps shows the correct order for adding an SSID with WPA security on a new VLAN via the GUI on an autonomous AP? A. Create the SSID, create the VLAN, and then set up encryption.

B. Create the VLAN, set up encryption, and then create the SSID. C. Set up encryption, create the VLAN, and then create the SSID. D. Create the VLAN, create the SSID, and then set up encryption. Correct Answer: B

QUESTION 57

What is the function of the distance command on an autonomous 802.11 bridge? A. to adjust the data rate of the packet transmission

B. to adjust the bridge timeout values to account for the time that is required for radio signals to travel from bridge to bridge C. to give the person reading the configuration an idea of how far apart the bridge links are

(34)

D. to increase the time that is needed for authentication Correct Answer: B Section: (none) Explanation Explanation/Reference: valid answer. QUESTION 58

Which command can you use to configure the standalone AP to use the NTP server at IP address 192.168.1.99? A. ntp server 192.168.1.99 B. sntp server 192.168.1.99 C. ntp broadcast client 192.168.1.99 D. sntp broadcast client 192.168.1.99 Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 59

When configuring multiple BSSIDs in autonomous APs, which three requirements and guidelines should you follow? (Choose three.) A. APs must contain an 802.11a or 802.11b/g radio that supports multiple BSSIDs.

B. RADIUS-assigned VLANs are supported when you enable multiple BSSIDs. C. VLANs cannot be configured.

D. When you enable BSSIDs, the AP automatically maps a BSSID to each SSID. You cannot manually map a BSSID to a specific SSID. E. Any Wi-Fi certified client device can associate to an AP that uses multiple BSSIDs.

F. You cannot enable multiple BSSIDs on APs that participate in WDS. Correct Answer: ADE

(35)

QUESTION 60

Which debug command is best to use when you suspect that a client will not connect to an autonomous AP because of an incorrect WPA PSK? A. debug dot11 mgmt station

B. debug dot11 aaa authenticator process C. debug dot11 station connection failure D. debug dot11 encryption

Correct Answer: C Section: (none) Explanation Explanation/Reference: good answer. QUESTION 61 Refer to the exhibit.

You are troubleshooting a client that is not able to associate to an SSID configured on an autonomous AP. What is most likely the cause of the association failure, given the debug output seen in the exhibit?

A. The RADIUS server is not reachable.

B. The username and password combination is incorrect.

C. The SSID is secured with PSK and the shared secret is wrong. D. There is no login method configured under the AAA configuration.

E. The aaa authentication command is pointing to a nonexistent RADIUS server.

F. The interface dot11radio0 does not require authentication and the client is requesting it. Correct Answer: D

(36)

QUESTION 62

You are setting up a wireless network using autonomous APs. Which two statements are true? (Choose two.) A. A wireless device always attempts to transmit at the highest data rate that is set to Basic, (or Require in the GUI). B. At least one data rate must be set to Basic.

C. The AP sends multicast and management frames at the lowest basic rate. D. The 5-GHz radios do not support 40-MHz channel width.

You have setup an autonomous AP and configured an SSID to serve clients. While troubleshooting a client that is not able to associate to the SSID, you enable some debugs. Given the debug output seen in the exhibit, what is most likely the cause of association failure?

A. The SSID is configured with TKIP encryption and the client PC is using AES encryption.

B. The authenticating EAP method is PEAP and the username and password combination is incorrect. C. The SSID is secured with PSK and the shared secret is wrong.

D. The RADIUS server is rejecting the dot1x authentication due to a message integrity check failure. Correct Answer: C

(37)

Explanation

Explanation/Reference: appropriate answer. QUESTION 64

To have the CleanAir feature merge reports from APs from different controllers, what do you need? A. CleanAir APs and Cisco WLCs in the same mobility group

B. CleanAir APs, Cisco WLCs, and Cisco WCS

C. CleanAir APs in the same RF group and Cisco WLCs

D. CleanAir APs, Cisco WLCs, Cisco WCS PLUS, and a Cisco MSE

E. CleanAir APs, Cisco WLCs, Cisco WCS PLUS, and a Cisco MSE with CleanAir tracking license Correct Answer: D

Client stations are trying to associate to a given SSID and fail to do so for some time before associating successfully. Considering the debug output that was collected, what could be the cause of the issue?

A. The WLC is connected to two switches and LAG is not configured.

B. The client was roaming and the SSID does not have the same WLAN ID on all company controllers. C. The client was already associated to another corporate SSID and Fast SSID change is disabled. D. The WLAN is constantly brought down because of CAPWAP tunnel flapping.

(38)

QUESTION 66

What is the correct procedure to install a chained certificate (if multiple certification authorities are involved) when you do web authentication on a WLC? A. In the Security > Web Authentication menu, download first the root CA certificate, apply, then download the intermediate CA and then the device certificate. B. Upload the WLC certificate through the Security > Web Authentication menu and the CA certificates by downloading with datatype Vendor CA Certificate. C. Zip all the certificates and download them on the WLC as datatype WebAuth Bundle.

D. Only through command line with the command "transfer download data type webauth chained cert".

E. Concatenate the device and intermediate CA certificates into one file along with the private key generated for the WLC CSR and upload that file in the Security > Web Authentication menu.

Correct Answer: E Section: (none) Explanation

QUESTION 67

When configuring NAC in-band to work with a Cisco WLC, which statement is true, from a WLC perspective? A. NAC always needs to be enabled in the WLAN configuration.

B. The Clean Access Server always needs to be configured as a RADIUS accounting server on the Cisco WLC. C. The Clean Access Manager always needs to be configured in the SNMP trap receiver.

D. Only the quarantine VLAN ID needs to be configured as the WLAN interface. Correct Answer: D

(39)

QUESTION 68

You have four Cisco WLCs and have deployed wired guest access, using a single guest VLAN for all controllers. How can you achieve redundancy if the guest VLAN fails on the infrastructure switches?

A. Configure one Cisco WLC as the anchor controller for the wired guest VLAN. B. Configure a different wired guest VLAN on each Cisco WLC.

C. Configure all the Cisco WLCs in the same mobility group. D. Set a fallback port on the wired guest interface.

E. You cannot achieve redundancy of the wired guest VLAN. Correct Answer: E

QUESTION 69

You are on the U.S. East Coast (EST time zone, UTC-5) and configure NTP on your Cisco WLC. The Cisco WLC web GUI shows the correct time and date, but your APs are off by 5 hours. Which statement is true?

A. This behavior is normal because the APs show UTC time. B. You need to configure the time zone on the APs.

C. You need to configure the NTP server on the APs.

D. You need to enable time-zone synchronization between the APs and Cisco WLC. E. APs support only an SNTP server, not an NTP server.

QUESTION 70

Which three statements about the VideoStream feature (also known as MediaStream) on the Cisco WLC are true? (Choose three.) A. It unicasts the stream only to clients that are subscribed via IGMP.

(40)

C. It unicasts the stream only to APs on which you enable the feature. D. It sends unicast, so it can usually use higher data rates.

E. It unicasts the multicast stream over the air only; it multicasts on wired connections.

F. It multicasts, so a large number of subscribed clients on the AP will not consume more bandwidth. Correct Answer: ADE

Explanation/Reference: fine answer.

QUESTION 71

What is the minimum number of rules that is necessary in a CPU ACL to allow all access from a single VLAN to the management interface, yet prevent management access from all other VLANs while permitting all other traffic?

A. five B. six C. seven D. eight Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 72 Refer to the exhibit.

(41)

Your manager has asked you to configure a remote office Cisco WLC to support local EAP authentication. The manager wants the clients to use EAP-FAST. The LDAP server is Microsoft Active Directory. All users, including the account that is used to bind to the LDAP server, are in the default Users container in Active Directory. No RADIUS servers are configured on the Cisco WLC. The client is using the latest Intel card and supplicant.

Why does the test client fail to authenticate?

A. Local EAP does not support EAP-FAST when using an Active Directory LDAP server. B. The LDAP bind account cannot be in the same container as the wireless user accounts. C. The User object type is incorrect.

D. The default Users container in Active Directory is a container rather than an organizational unit. E. The User attribute is incorrect.

Correct Answer: D Section: (none) Explanation

(42)

Explanation/Reference: real answer.

You are a senior wireless network administrator and have just completed the configuration of TACACS+ on your production Cisco WLC server. You can successfully log into the Cisco WLC by using your domain credentials. However, junior administrators, who have only local management accounts on the Cisco WLC, are complaining that they can no longer log into the Cisco WLC GUI or CLI. What is the cause of this problem?

A. When TACACS+ is configured on the Cisco WLC, local authentication is permanently disabled.

B. TACACS+ is the first authentication priority. The ACS is responding, so the Cisco WLC never queries the local database. C. TACACS+ was configured and the ACS is responding, so all local accounts on the Cisco WLC are disabled.

D. The junior administrators must also have domain accounts with the same username but different passwords than the local Cisco WLC accounts, so the ACS is returning an access-reject.

This prevents the Cisco WLC from querying the local database. Correct Answer: B

(43)

QUESTION 74

After performing a wireless site survey, you determine that to achieve proper HR-DSSS coverage within the rooms along a hallway area, the AP radios that service the hallway must be at 12 mW or higher. After the APs are all installed, you note that RRM is decreasing the power on the AP radios in the hallway to 6 mW. Which two methods can you use to prevent the HRDSSS AP radio power levels from dropping below 12 mW? (Choose two.)

A. Configure the minimum power-level assignment for the 2.4 GHz radio to 11 dBm under the individual TPC settings on the hallway APs. B. Configure the minimum power-level assignment for the 5 GHz radio to 11 dBm under the individual TPC settings on the hallway APs. C. Configure the minimum power-level assignment to 11 dBm under the global 802.11b/g/n TPC settings.

D. Configure the minimum power-level assignment to 11 dBm under the global 802.11a/n TPC settings. E. Statically configure the 5 GHz radios on the hallway APs to power level 4.

F. Statically configure the 2.4 GHz radios on the hallway APs to power level 4. Correct Answer: CF

QUESTION 75

A wireless ISP has hired you to help set up a new Cisco WLC to provide wireless access to subscription-based customers. Each customer that uses the wireless network needs to pay their bill every 30 days. How do you configure the WLAN security to help meet this requirement?

A. no Layer 2 security, conditional web redirect Layer 3 security

B. WPA2 802.1X Layer 2 security, splash page web redirect Layer 3 security C. 802.1X Layer 2 security, splash page web redirect Layer 3 security D. WPA2 PSK Layer 2 security, conditional web redirect Layer 3 security E. no Layer 2 security, splash page web redirect Layer 3 security

F. WPA 802.1X Layer 2 security, conditional web redirect Layer 3 security Correct Answer: F

(44)

When is the Poor Link SNR Alarm generated in a mesh network? A. when the SNR between the mesh nodes falls below 15 dB. B. when the SNR between the client and the AP falls below 20 dB. C. when the SNR between the mesh nodes falls below 12 dB.

D. when the Cisco WCS receives the first 10 SNR links from the network. Correct Answer: C

QUESTION 77

The helpdesk is reporting that many users are reporting slow wireless connections in one of the office buildings. You look at the CleanAir statistics and do not see any interferers, but you see very high 2.4-GHz channel utilization from the Wi-Fi devices. WCS is reporting the following mix of 802.11 chipsets in the building: 10 percent 802.11b, 75 percent 802.11g and 15 percent 802.11a. You do a survey and see that you have a very dense deployment of APs and a lot of co- channel interference.

Which two steps would help lower your channel utilization in this area? (Choose two.) A. Raise the power on the 2.4-GHz radios.

B. Lower the power on the 2.4-GHz radios. C. Lower the DTIM.

D. Raise the DTIM.

E. Disable 1-, 2-, 5.5-, 6-, and 9-Mb data rates. F. Enable 1-, 2-, 5.5-, 6-, and 9-Mb data rates. Correct Answer: BE

QUESTION 78

(45)

A. A virtual interface serves as the redirect address for the web authentication login page.

B. A virtual interface must have a DNS host name in order to prevent web authentication clients from getting a security warning on their web browser. C. A virtual interface acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP server.

D. A virtual interface acts as a RADIUS proxy for wireless clients. Correct Answer: AC

You want to use 3500e APs to setup an indoor mesh deployment. After you change the AP mode, the AP will not rejoin the Cisco WLC. Which debug command was run, according to the exhibit, and why is the AP not rejoining the Cisco WLC?

A. debug capwap packet was run, and 3500e APs do not support indoor mesh.

B. debug pm pki was run, and you must disable VLAN transparent for 3500e indoor mesh deployments.

C. debug mesh security was run, and the 3500e radio MAC address is not in the local MAC filter list on the Cisco WLC. D. debug ap join was run, and you must disable VLAN transparent for 3500e indoor mesh deployments.

E. debug capwap events enable was run, and the 3500e Ethernet MAC address is not in the local MAC filter list on the Cisco WLC. Correct Answer: E

(46)

QUESTION 80

When you configure channel bonding on your APs by using the 2.4-GHz radio, what is the maximum number of APs that you can place in a given location so that the AP channels do not overlap?

A. One B. Two C. Three

D. Three in most of the countries, but 4 (including channel 14) in Japan Correct Answer: A

QUESTION 81

You calculate that your AP should transmit at 6 dBm to provide appropriate wireless coverage, while still complying with EIRP, with the antennas that you selected. However, the AP is transmitting at 1 dBm only, even though it is on power level 1. How can you increase the transmitting power?

A. Choose appropriate antennas types.

B. Decrease the antenna gain that is configured on the Cisco WLC. C. Switch to a custom Tx power level and increase the power level. D. Disable auto-RF.

E. Activate 802.11n legacy beamforming on the Cisco WLC. Correct Answer: B Section: (none) Explanation Explanation/Reference: actual answer. QUESTION 82

(47)

A. WLC B. WGB C. MAP D. RAP Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 83

Which two statements about the CleanAir and AP modes are true? (Choose two.) A. The CleanAir chipset on local mode APs can scan all channels simultaneously.

B. The CleanAir chipset on local mode APs scans only the current channel and only when the AP is silent. C. Monitor mode AP interferer reports cannot be merged unless you have a Cisco MSE.

D. Monitor mode APs have no advantage over local mode APs for CleanAir. E. Enhanced local mode (wIPS) allows the CleanAir chipset to scan all channels. Correct Answer: BC

QUESTION 84

What is the MAPs behavior if you enable mesh ethernet-bridging vlan-transparent on them?

A. The MAPs bridge traffic that came from the Ethernet port, but only if the vlan tag matches the Cisco WLC configured VLANs and interfaces. B. The MAPs bridge traffic according to the VLAN configuration.

C. The MAPs bridge toward the backhaul all traffic that arrives on the Ethernet port, without touching the vlan tag. D. The MAPs bridge toward the backhaul only traffic that arrives as untagged on the Ethernet port.

E. The MAPs untag all traffic that arrives on the Ethernet port and bridge all the traffic toward the backhaul. Correct Answer: E

(48)

QUESTION 85

Which statement about the beamforming (ClientLink) feature on the Cisco WLC is true? A. It works only with 802.11n APs and clients.

B. It works only with 802.11n APs and 802.11b/g clients.

C. It provides a signal gain when the AP transmits towards the client. D. It provides a signal gain in both directions (AP to client and client to AP). Correct Answer: C

QUESTION 86

You are running 7.0.116.0. Connecting wireless clients have an HTTP proxy server configured and need to get web redirected in a web authentication (guest) SSID. Which two statements are true? (Choose two.)

A. You do not need to enable WebAuth proxy redirection on the WLC. B. You need to enable WebAuth proxy redirection on the WLC.

C. You need to configure DHCP option 252 on the WLC to provide clients with proxy configuration for their browser. D. The clients need to manually enter an exception in their browser proxy rule for the WLC virtual IP address. Correct Answer: BD Section: (none) Explanation Explanation/Reference: actual answer. QUESTION 87

(49)

want 802.11a/g/n data rates to be affected in any way. Which two configuration tasks on the Cisco WLC will achieve this goal? (Choose two.) A. Disable the 1, 2, 5.5, and 11 Mb/s data rates.

B. Disable all data rates below 12 Mb/s.

C. Configure the WLAN radio policies to 802.11a/g only. D. Disable the 802.11b network on the Cisco WLC. E. Disable the 2.4 GHz radio on all the APs. F. Disable the DSSS data rates.

QUESTION 88

After a scheduled downtime of your 5508 WLC, you notice that only a handful of the 100 APs are rejoining the controller. All the APs are in the same subnet and use default settings. Cisco WLC debugs indicate that the APs are sending discovery and join requests. Only after shutting down all the switch ports that connect to the APs and turning five ports back on at a time can you rejoin all the APs. Why were the APs unable to rejoin the Cisco WLC, and how can you prevent this from happening in the future?

A. Having all the APs in the same VLAN created a Layer 2 broadcast storm, preventing the APs from receiving discovery and join responses from the Cisco WLC. You can prevent this by configuring the APs to send syslog messages to a multicast address, using the Cisco WLC CLI only.

B. Having all the APs in the same VLAN created a Layer 2 broadcast storm, preventing the APs from receiving discovery and join responses from the Cisco WLC. You can prevent this by configuring the APs to send syslog messages to a unicast address, using the Cisco WLC CLI only.

C. Having all the APs in the same VLAN created a Layer 3 broadcast storm, preventing the APs from receiving discovery and join responses from the Cisco WLC. You can prevent this by configuring the APs to send syslog messages to a unicast address, using the Cisco WLC CLI only.

D. Having all the APs in the same VLAN created a Layer 2 broadcast storm. You cannot prevented this from happening again. Correct Answer: B

QUESTION 89

(50)

http://www.gratisexam.com/

A. Cisco CKM roaming is supported within an H-REAP group of APs.

B. Cisco CKM roaming is unsupported between local mode APs and H-REAP APs. C. HREAP AP in standalone mode can authenticate new clients for CCKM roaming.

D. H-REAP APs can have some locally switched WLANs and some centrally switched WLANs. Correct Answer: C

QUESTION 90

In order to configure the MAP authorization using an external AAA server for the indoor MAP 1260 with the Ethernet MAC address 00:1d:a1:fe:e5:44 and base radio MAC address

00:1f:9d:2a:3f:10, which two user accounts are to be created on the RADIUS server? (Choose two.) A. 00:1f:9d:2a:3f:10 B. 001da1fee544 C. c1260-001da1fee544 D. ap3g1-001da1fee544 E. c1260-001f9d2a3f10 F. ap3g1-001f9d2a3f10 Correct Answer: BD Section: (none) Explanation Explanation/Reference:

(51)

QUESTION 91

You have implemented a branch network using H-REAP local switching. You have been asked to enable an acceptable use-policy web authentication page, without requiring users to enter credentials and login. Users should only have to accept the login terms.

Which two solutions should you implement? (Choose two.) A. Enable a web policy of conditional web redirect.

B. Use an external web server for the web authentication page. C. Use the internal web server for the web authentication page.

D. Implement a pre-authentication ACL to allow web authentication page traffic. E. Enable a web policy of passthrough.

Correct Answer: CE Section: (none) Explanation

(52)

The wireless clients at your company are all on the 192.168.1.0/24 network. Given the applied ACL in the exhibit, which two statements are true? (Choose two.) A. DNS requests from the wireless clients will be blocked.

B. ICMP requests will be allowed to travel to the wireless clients. C. ICMP replies will be allowed to travel from the wireless clients. D. DNS requests from the wireless clients will be allowed. Correct Answer: AB

QUESTION 93

Your company is using wireless voice clients that have a unicast push-to-talk-function. DTIM is set to 10. Users report that the audio is choppy. Which action should you take to try to resolve this issue?

(53)

A. Lower the DTIM to 2. B. Lower the DTIM to 1.

C. Disable power saving on the wireless device. D. Enable power saving on the wireless device. E. Raise the DTIM to 15.

QUESTION 94

Corporation XYZ is enabling wireless guest access for its guests. You will be using the Cisco WCS Lobby Ambassador feature to provision guest user accounts and want to make sure that the web authentication for guest access is not susceptible to brute force attacks. What is the best way to accomplish this?

A. Configure web authentication max retries on the WCS. B. Implement a CPU ACL on the terminating WLC. C. Configure web authentication max retries on the WLC. D. Configure client exclusion.

Correct Answer: D Section: (none) Explanation

QUESTION 95

Which of the below statements is true about Radio Resource Management Neighbor messages? (Choose three.) A. they are transmitted at minimum power

B. they are transmitted at maximum power C. they are transmitted at the highest data rate

D. they are transmitted at the lowest supported data rate E. they are transmitted on all serviced channels

(54)

F. they are transmitted every 60 seconds Correct Answer: BDF Section: (none) Explanation Explanation/Reference: QUESTION 96

The IT administrator can confirm the air quality and existing non-Wi-Fi interference on the Cisco WLC but cannot find any non-Wi-Fi interference on the Cisco WCS. What are two possible reasons for this issue? (Choose two.)

A. The administrator did not add Cisco MSE to Cisco WCS.

B. The administrator added Cisco MSE to Cisco WCS but forgot to sync Cisco MSE with Cisco WLC and the floor map. C. The administrator needs to enable the CleanAir function from the Cisco WCS GUI again.

D. The administrator needs to restart Cisco WCS after adding Cisco WLC, to enable the CleanAir function. Correct Answer: AB Section: (none) Explanation Explanation/Reference: well answered. QUESTION 97

Which three device types can be tracked with a context-aware license on a Cisco MSE? (Choose three.) A. wired client

B. microwave oven C. ad hoc rogue AP D. 1.9 GHz DECT phone E. RFID chokepoint F. cellular smart phone Correct Answer: ABC Section: (none) Explanation

(55)

QUESTION 98

Which statement about the Cisco WCS WLAN configuration template is true? A. A WLAN template can be used to configure SSID settings on an AP.

B. A WLAN template can be used to configure mandatory and supported data rates on a WLC. C. A WLAN template can be used to configure SSID settings on a WLC.

D. A WLAN template can be used to configure channel and power level options on an AP. Correct Answer: C

QUESTION 99

Which two statements about deploying high availability for the Cisco WCS are true? (Choose two.) A. The high availability license file needs to be installed on the primary WCS server.

B. The secondary WCS needs to be installed with the same version as the primary WCS. C. The primary and secondary WCS servers are not required to share the same subnet. D. The primary and secondary WCS servers need to be set up as high availability pairs. Correct Answer: BC Section: (none) Explanation Explanation/Reference: definite answer. QUESTION 100 Refer to the exhibit.

(56)

Which method was used to define this rogue AP as malicious?

A. This rogue AP matched a WCS malicious rogue AP classification rule.

B. A WCS switch port trace was performed and the MAC address of the rogue AP was found connected to a Cisco switch port. C. This rogue AP was discovered using RLDP.

D. A rogue AP alert was enabled that defines all rogues with open SSIDs as malicious. Correct Answer: D

(57)

(58)

on the map view? A. Tx power level B. utilization C. profiles

D. average air quality E. associated clients F. coverage hole Correct Answer: F Section: (none) Explanation Explanation/Reference: QUESTION 102 Refer to the exhibit.

(59)

According to the Cisco WCS floor map, which statement is true? A. All APs are affected by interference from Bluetooth.

B. All APs are affected by interference from a video camera. C. Only AP1 is affected by interference from a video camera.

(60)

D. Any device that uses channel 1 is affected by interference from a video camera. Correct Answer: D

Explanation/Reference: most accurate answer. QUESTION 103 Refer to the exhibit.

Which statement about the Cisco WCS RRM event message is true? A. Excessive non-802.11 interference caused the channel change.

(61)

C. A CleanAir AP detected a persistence interferer and forced an RRM reassignment of channels. D. Event-driven RRM caused the channel change.

(62)

With five devices connected to an AP radio, this Cisco WCS alarm was activated. Which action will prevent this alarm from appearing again when 10 devices connect to the AP radio?

A. Within Cisco WCS, modify the Max client event parameters to trigger an alarm when 11 or more clients associate to the radio. B. Within Cisco WCS, create an RRM template to modify the Max clients setting and apply it to all controllers.

C. Within Cisco WCS, enable spectrum load balancing for this AP.

D. Within Cisco WCS, modify the alarm settings to activate on 11 or more clients. Correct Answer: B

QUESTION 105

Which three statements about the Cisco WCS auto-provisioning feature are true? (Choose three.)

A. Auto-provisioning allows WCS to automatically configure a new or replace a current wireless LAN controller.

B. The service port of the WLAN controller is required to have network connectivity for the auto-provisioning process to begin.

C. DHCP Option 43 (vendor-specific information) has to be configured in the DHCP scope options for the auto-provisioning process to begin. D. DHCP Option 150 (TFTP server address) has to be configured in the DHCP scope options for the auto-provisioning process to begin. E. Using the add filter command in WCS will create a controller configuration file.

F. WCS auto-provisions the management interface of the WLAN controller by pushing a predefined template. Correct Answer: ADE

(63)

Based on this Cisco Spectrum Expert "FFT Duty Cycle" screen capture, which device type is most likely generating the signal in Wi-Fi channel 1? A. a broad-spectrum, low-power device

(64)

C. a spread-spectrum, narrowband, frequency-hopping device

D. a high-power, narrow-spectrum, direct-sequence device using CCK modulation Correct Answer: B

QUESTION 107

To manage the wireless network separately, an IT administrator created several virtual domains on the Cisco WCS. APs and WLCs were assigned to these virtual domains. However, when the IT staff logs into the Cisco WCS, they are assigned to the default root domain. The Cisco WCS login request is authenticated by an external RADIUS server. What needs to be configured next to solve this problem?

A. The IT administrator needs to add the correct attribute in the RADIUS server to assign the administrator to the proper virtual domain. B. The IT administrator needs to add local user accounts in the Cisco WCS.

C. The administrator needs to change to TACACS+ authentication because the virtual domain cannot be assigned via RADIUS authentication. D. Users need to manually select the proper virtual domain after logging into the root domain.

E. The IT administrator needs to configure the user group settings to map users to the proper virtual domain. Correct Answer: A

QUESTION 108

Following the instructions in the configuration guide, the IT staff backs up the historical data of the installed Cisco MSE. Where does this data gets stored? A. On the Cisco MSE, in the root path.

B. In the FTP directory that is specified during Cisco WCS installation. C. In the directory that is specified during the backup operation.

D. In the TFTP directory that is specified during Cisco WCS installation. Correct Answer: B

(65)

Explanation/Reference: good answer.

QUESTION 109

Which two statements about the Cisco WCS alarms and events are true? (Choose two.) A. An alarm is the listing of an SNMP trap from a WLAN controller.

B. An event can be a report about radio interference crossing a threshold. C. An alarm is a Cisco WCS response to one or more related events.

D. An event summary of critical, major, and minor events is displayed at the top of the Cisco WCS page. Correct Answer: BC

Explanation/Reference: satisfied with answer. QUESTION 110

Which statement about the Cisco WCS security index is true?

A. The security index will display red (high threat level) when the managed WLAN detects multiple rogues and attack signatures. B. The security index is a weighted scale of WLAN security ranging from 0 least risk (secure) to 100 high risk (unsecure). C. The security index uses device configuration parameters to assign a weighted value of network security.

D. The security index of the Cisco WCS managed network is the average of all controller and Cisco MSE scores. Correct Answer: C

(66)

According to the Cisco WCS CleanAir dashboard, which interferer is causing the most interference at the time of the capture? A. video camera B. Bluetooth link C. DECT-like phone D. DECT phone Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 112