Download Cisco.PracticeDumps.400-351.2018-01-14.1e.94q.vcex

Download Dump

File Info

Exam CCIE Wireless Written Exam
Number 400-351
File Name Cisco.PracticeDumps.400-351.2018-01-14.1e.94q.vcex
Size 2.82 Mb
Posted January 14, 2018
Downloaded 11



How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%

 
 



Demo Questions

Question 1

 

  

Refer to the exhibit. You have been asked to troubleshoot why VTP is not distributing new VLANs to a VTP client switch. Which option is the most likely root cause of this VTP problem?

  • A: The VTP password is incorrect on the client switch.
  • B: The client switch is set to transparent mode, which ignores VLAN configuration updates from VTP servers.
  • C: The VTP encryption level does not match on the client switch.
  • D: The VTP password encryption level is not set on the client switch.
  • E: The VTP is not set to level 15 on the client switch.

Correct Answer: A

This log message does usually indicate a password or vtp domain name issue (case sensitive and watch for spaces)




Question 2

 

  

Refer to the exhibit. It belongs to a Cisco IOS AP with just one radio. This portion of configuration refers to a multiple SSID/VLAN configuration. Which statement is correct?

  • A: The SSID “EAP” will allow clients to connect to it using any EAP authentication method such as EAP-TLS.
  • B: The AP must have subinterfaces 80, 81, and 82 configured; on the Radio 0 and Ethernet interfaces.
  • C: “mbssid guest-mode” is used to allow broadcast of multiple SSIDs on the radio interface. No other “mbssid” commands are needed to achieve this functionality.
  • D: The configuration does not allow for non-corporate clients to connect to any SSID. Guest traffic, therefore, will not be allowed.

Correct Answer: C




Question 3

Which AireOS release is the first to support New Mobility on the Cisco 2504 WLC?

  • A: 8.1.x
  • B: 7.6.x
  • C: 7.4.x
  • D: 8.0.x

Correct Answer: B

Please refer to this link:http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_010010110.html




Question 4

VLAN Trunking Protocol is a Cisco protocol that propagates the definition of VLANs over the local area network. Which two statements are true? (Choose two.)

  • A: When Cisco switches are started from scratch, they are in server mode and their domain is set to null.
  • B: VTP transparent mode forwards VTP packets and can act as a client or a server.
  • C: VTP requires trunk mode interfaces to propagate.
  • D: VTP config revision increases based on switch uptime.
  • E: VTP requires access mode interfaces to propagate.

Correct Answer: AC

When a new switch is added to the network, by default it is configured with no VTP domain name or password, but in VTP server mode. If no VTP Domain Name has been configured, it assumes the one from the first VTP packet it receives. Since a new switch has a VTP configuration revision of 0, it will accept any revision number as newer and overwrite its VLAN information if the VTP passwords match. 
Reference:https://en.wikipedia.org/wiki/VLAN_Trunking_Protocol




Question 5

Which three types of ACLs are supported by the Cisco 5760 WLC? (Choose three.)

  • A: Router ACLs.
  • B: VLAN ACLs (VLAN maps).
  • C: Port ACLs.
  • D: Switch port ACLs.
  • E: AP Radio ACL.
  • F: Router port ACLs.

Correct Answer: ABC




Question 6

You are designing a wireless network for a museum. One of their requirements is to track people inside the museum and push a notification into their tablet device as soon as they step in front of the painting with information about the artist and the painting. This information must be delivered in real time. You are using regular probe request-based tracking and, during testing, you notice that although the tablet is connected to the museum Wi-Fi network, the location is not updating in real time as you move. It can take almost two minutes for the location to be updated. Which option is the likely reason for this issue?

  • A: Probe request-based tracking is bound to delay due to the broadcast type of traffic that is not acknowledged over the air and could be lost.
  • B: CCXv4 S60 is disabled by default. You must enable CCXv4 S60, which is compatible with all Wi-Fi clients. This feature carries out location updates more frequently.
  • C: Cisco MSE does not perform a new location calculation for certain elements if the resulting position is not at least 5 meters different than previous location.
  • D: Probe request-based tracking is device dependent. The tablet might not send a prove request if it is maintaining a good Wi-Fi signal, which can cause slower location updates.

Correct Answer: C




Question 7

Drag and drop the wireless deployment modes on the left to the corresponding roaming description on the right. 



Correct Answer: Exam simulator is required




Question 8

 

  

Refer to the exhibit. Which option describes what this sequence of commands achieves on a Cisco Autonomous AP?

  • A: This example shows how to permit any SNMP manager to access all objects with read-only permission using the community stringpublic. The access point also sends config traps to the hosts 192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2C. The community stringpublicis sent with the traps.
  • B: This example shows how to permit any SNMP manager to access all objects with read-only permission using the community stringpublic. The access point also sends config traps to the hosts 192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2C. The community stringpublicis not sent with the traps as this is the default.
  • C: This example shows how to permit any SNMP access to all objects with read-only permission to only three specific IP addresses using the community stringpublic.The access point also sends config traps to the hosts 192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2C. The community stringpublicis sent with the traps.
  • D: This example shows how to permit any SNMP access to all objects with read-only permission to only three specific IP addresses using the community stringpublic.The access point also sends config traps to the hosts 192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2C. The community stringpublicis not sent with the traps.

Correct Answer: A

SNMPv1 and SNMPv2 use the notion of communities to establish trust between managers and agents. An agent is configured with three community names: read-only, read-write, and trap. The community names are essentially passwords; there's no real difference between a community string and the password you use to access your account on the computer. The three community strings control different kinds of activities. As its name implies, the read-only community string lets you read data values, but doesn't let you modify the data. For example, it allows you to read the number of packets that have been transferred through the ports on your router, but doesn't let you reset the counters. The read-write community is allowed to read and modify data values; with the read-write community string, you can read the counters, reset their values, and even reset the interfaces or do other things that change the router's configuration. Finally, the trap community string allows you to receive traps (asynchronous notifications) from the agent.
Most vendors ship their equipment with default community strings, typicallypublicfor the read-only community andprivatefor the read-write community. It's important to change these defaults before your device goes live on the network. (You may get tired of hearing this because we say it many times, but it's absolutely essential.) When setting up an SNMP agent, you will want to configure its trap destination, which is the address to which it will send any traps it generates. In addition, since SNMP community strings are sent in clear text, you can configure an agent to send an SNMP authentication-failure trap when someone attempts to query your device with an incorrect community string. Among other things, authentication-failure traps can be very useful in determining when an intruder might be trying to gain access to your network. 
Because community strings are essentially passwords, you should use the same rules for selecting them as you use for Unix or NT user passwords: no dictionary words, spouse names, etc. An alphanumeric string with mixed upper- and lowercase letters is generally a good idea. As mentioned earlier, the problem with SNMP's authentication is that community strings are sent in plain text, which makes it easy for people to intercept them and use them against you. SNMPv3 addresses this by allowing, among other things, secure authentication and communication between SNMP devices.
Reference:
http://docstore.mik.ua/orelly/networking_2ndEd/snmp/ch02_02.htm




Question 9

 

  

Refer to the exhibit, which is a configuration snippet of a Cisco 5760 controller code IOS XE 3.6.3. Which statement about wlan 11 is true?

  • A: This configuration is for external WebAuth with an external Radius server.
  • B: This configuration is for WebAuth with local authentication.
  • C: This configuration is for WebAuth with an external RADIUS server.
  • D: This configuration is for custom WebAuth with local authentication.
  • E: This configuration is for custom WebAuth with an external RADIUS server.

Correct Answer: D

Parameter-MapHere is the configuration for the Parameter-Map. This section provides insight on the how to configure the Virtual IP address on the WLC and how to set the parameter type, which helps to specify the redirect URL, Login Page, Logout page, and Failure page. You must make sure that the flash has these files. 
parameter-map type webauth globalvirtual-ip ipv4 1.1.1.1parameter-map type webauth customtype webauthredirect on-success http://www.cisco.combanner text ^C CC global ip for redirect ^C custom-page login device flash:webauth_login.html custom-page success device flash:webauth_success.html custom-page failure device flash:webauth_failure.html custom-page login expired device flash:webauth_expired.html
Wireless LAN (WLAN) ConfigurationHere is the configuration for WLAN. The WLAN is configured for Layer 3 security. This configuration maps the authentication list to Local_webauth and ensures that the authentication is handled by the local net users. This calls the AAA configuration that is in the initial step. 
wlan webauth 1 webauthclient vlan Vlanxno security wpano security wpa akm dot1xno security wpa wpa2no security wpa wpa2 ciphers aessecurity web-authsecurity web-auth authentication-list local_webauthsecurity web-auth parameter-map customsession-timeout 1800no shutdown 
Reference:http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117728-configure-wlc-00.html




Question 10

Which three conditions can trigger a client exclusion policy? (Choose three.)

  • A: excessive 802.11 association failures
  • B: excessive 802.1x authentication failures
  • C: IP theft or IP reuse
  • D: excessive 802.11 probe request failures
  • E: excessive 802.1x authorization failures
  • F: excessive 802.11 packet retries

Correct Answer: ABC

The Cisco WLC will exclude clients when specific conditions are met:
Excessive 802.11 Association Failures after five consecutive failures. 
Excessive 802.11 Authentication Failures after five consecutive failures. 
802.1X Authentication Failures after three consecutive failures. 
IP Theft or IP Reuse if the IP address, being obtained by the client, is already assigned to another device. 
Excessive Web AuthenticationFailures after three consecutive failures. 
Reference:https://www.packet6.com/should-you-disable-cisco-wlc-client-exclusion-policies-hint-nope/










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files