Embed Size (px)
Citation preview
CCIE Wireless Written Exam
Cisco 400-351 Dumps Available Here at:
https://www.certification-questions.com/cisco-exam/400-351-dumps.html
Enrolling now you will get access to 192 questions in a unique set of 400-
351 dumps
Question 1 VLAN Trunking Protocol is a Cisco protocol that propagates the definition of VLANs over the local area
network. Which two statements are true? (Choose two.)
Options:
A. When Cisco switches are started from scratch, they are in server mode and their domain is set
to null.
B. VTP transparent mode forwards VTP packets and can act as a client or a server.
C. VTP requires trunk mode interfaces to propagate.
D. VTP config revision increases based on switch uptime.
E. VTP requires access mode interfaces to propagate.
Answer: A, C
Explanation:
When a new switch is added to the network, by default it is configured with no VTP domain name or
password,
but in VTP server mode. If no VTP Domain Name has been configured, it assumes the one from the first
VTP
packet it receives. Since a new switch has a VTP configuration revision of 0, it will accept any revision
number
as newer and overwrite its VLAN information if the VTP passwords match.
Reference:https://en.wikipedia.org/wiki/VLAN_Trunking_Protocol
Question 2
Cisco 400-351
https://www.certification-questions.com
Refer to the exhibit. Which option describes what this sequence of commands achieves on a Cisco
Autonomous AP?
Options:
A. This example shows how to permit any SNMP manager to access all objects with read-only
permission
using the community stringpublic. The access point also sends config traps to the hosts
192.180.1.111 and
192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2C. The community
stringpublicis
sent with the traps.
B. This example shows how to permit any SNMP manager to access all objects with read-only
permission
using the community stringpublic. The access point also sends config traps to the hosts
192.180.1.111 and
192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2C. The community
stringpublicis
not sent with the traps as this is the default.
C. This example shows how to permit any SNMP access to all objects with read-only permission
to only three
specific IP addresses using the community stringpublic.The access point also sends config traps
to the
hosts 192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using
SNMPv2C. The
community stringpublicis sent with the traps.
D. This example shows how to permit any SNMP access to all objects with read-only permission
to only three
Cisco 400-351
https://www.certification-questions.com
specific IP addresses using the community stringpublic.The access point also sends config traps
to the
hosts 192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using
SNMPv2C. The
community stringpublicis not sent with the traps.
Answer: A
Explanation:
SNMPv1 and SNMPv2 use the notion of communities to establish trust between managers and agents. An
agent is configured with three community names: read-only, read-write, and trap. The community names
are
essentially passwords; there's no real difference between a community string and the password you use to
access your account on the computer. The three community strings control different kinds of activities. As
its
name implies, the read-only community string lets you read data values, but doesn't let you modify the
data. For
example, it allows you to read the number of packets that have been transferred through the ports on your
router, but doesn't let you reset the counters. The read-write community is allowed to read and modify data
values; with the read-write community string, you can read the counters, reset their values, and even reset
the
interfaces or do other things that change the router's configuration. Finally, the trap community string allows
you
to receive traps (asynchronous notifications) from the agent.
Most vendors ship their equipment with default community strings, typicallypublicfor the read-only
community
andprivatefor the read-write community. It's important to change these defaults before your device goes live
on
the network. (You may get tired of hearing this because we say it many times, but it's absolutely essential.)
When setting up an SNMP agent, you will want to configure its trap destination, which is the address to
which it
will send any traps it generates. In addition, since SNMP community strings are sent in clear text, you can
configure an agent to send an SNMP authentication-failure trap when someone attempts to query your
device
with an incorrect community string. Among other things, authentication-failure traps can be very useful in
determining when an intruder might be trying to gain access to your network.
Because community strings are essentially passwords, you should use the same rules for selecting them
as
you use for Unix or NT user passwords: no dictionary words, spouse names, etc. An alphanumeric string
with
mixed upper- and lowercase letters is generally a good idea. As mentioned earlier, the problem with
SNMP's
authentication is that community strings are sent in plain text, which makes it easy for people to intercept
Cisco 400-351
https://www.certification-questions.com
them
and use them against you. SNMPv3 addresses this by allowing, among other things, secure authentication
and
communication between SNMP devices.
Reference:
http://docstore.mik.ua/orelly/networking_2ndEd/snmp/ch02_02.htm
Question 3
Cisco 400-351
https://www.certification-questions.com
Refer to the exhibit, which is a configuration snippet of a Cisco 5760 controller code IOS XE 3.6.3. Which
statement about wlan 11 is true?
Options:
A. This configuration is for external WebAuth with an external Radius server.
B. This configuration is for WebAuth with local authentication.
Cisco 400-351
https://www.certification-questions.com
C. This configuration is for WebAuth with an external RADIUS server.
D. This configuration is for custom WebAuth with local authentication.
E. This configuration is for custom WebAuth with an external RADIUS server.
Answer: D
Explanation:
Parameter-MapHere is the configuration for the Parameter-Map. This section provides insight on the how to
configure the Virtual IP address on the WLC and how to set the parameter type, which helps to specify the
redirect URL, Login Page, Logout page, and Failure page. You must make sure that the flash has these
files.
parameter-map type webauth globalvirtual-ip ipv4 1.1.1.1parameter-map type webauth customtype
webauthredirect on-success http://www.cisco.combanner text ^C CC global ip for redirect ^C custom-page
login
device flash:webauth_login.html custom-page success device flash:webauth_success.html custom-page
failure
device flash:webauth_failure.html custom-page login expired device flash:webauth_expired.html
Wireless LAN (WLAN) ConfigurationHere is the configuration for WLAN. The WLAN is configured for Layer
3
security. This configuration maps the authentication list to Local_webauth and ensures that the
authentication is
handled by the local net users. This calls the AAA configuration that is in the initial step.
wlan webauth 1 webauthclient vlan Vlanxno security wpano security wpa akm dot1xno security wpa
wpa2no
security wpa wpa2 ciphers aessecurity web-authsecurity web-auth authentication-list local_webauthsecurity
web-auth parameter-map customsession-timeout 1800no shutdown
Reference:ht tp: / /www.cisco.com/c/en/us/support /docs/wireless/5700-ser ies-wireless- lan-
controllers/117728-
configure-wlc-00.html
Question 4 Which three conditions can trigger a client exclusion policy? (Choose three.)
Options:
A. excessive 802.11 association failures
B. excessive 802.1x authentication failures
C. IP theft or IP reuse
D. excessive 802.11 probe request failures
E. excessive 802.1x authorization failures
Cisco 400-351
https://www.certification-questions.com
F. excessive 802.11 packet retries
Answer: A, B, C
Explanation:
The Cisco WLC will exclude clients when specific conditions are met:
- Excessive 802.11 Association Failures after five consecutive failures.
- Excessive 802.11 Authentication Failures after five consecutive failures.
- 802.1X Authentication Failures after three consecutive failures.
-IP Theft or IP Reuse if the IP address, being obtained by the client, is already assigned to another device.
- Excessive Web AuthenticationFailures after three consecutive failures.
Reference:https://www.packet6.com/should-you-disable-cisco-wlc-client-exclusion-policies-hint-nope/
Question 5
Refer to the exhibit. You have been asked to troubleshoot why VTP is not distributing new VLANs to a VTP
client switch. Which option is the most likely root cause of this VTP problem?
Options:
A. The VTP password is incorrect on the client switch.
B. The client switch is set to transparent mode, which ignores VLAN configuration updates from
VTP servers.
C. The VTP encryption level does not match on the client switch.
D. The VTP password encryption level is not set on the client switch.
E. The VTP is not set to level 15 on the client switch.
Answer: A
Explanation:
This log message does usually indicate a password or vtp domain name issue (case sensitive and watch
for
spaces)
Cisco 400-351
https://www.certification-questions.com
Question 6
Cisco 400-351
https://www.certification-questions.com
Refer to the exhibit. It belongs to a Cisco IOS AP with just one radio. This portion of configuration refers to
a
multiple SSID/VLAN configuration. Which statement is correct?
Options:
A. The SSID "EAP” will allow clients to connect to it using any EAP authentication method such as
EAP-TLS.
B. The AP must have subinterfaces 80, 81, and 82 configured; on the Radio 0 and Ethernet
interfaces.
C. "mbssid guest-mode” is used to allow broadcast of multiple SSIDs on the radio interface. No
other "mbssid”
commands are needed to achieve this functionality.
D. The configuration does not allow for non-corporate clients to connect to any SSID. Guest traffic,
therefore,
will not be allowed.
Answer: C
Question 7 Which AireOS release is the first to support New Mobility on the Cisco 2504 WLC?
Options:
A. 8.1.x
B. 7.6.x
C. 7.4.x
D. 8.0.x
Answer: B
Explanation:
Please refer to this link:http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/
b_cg76/b_cg76_chapter_010010110.html
Question 8 Which three types of ACLs are supported by the Cisco 5760 WLC? (Choose three.)
Cisco 400-351
https://www.certification-questions.com
Options:
A. Router ACLs.
B. VLAN ACLs (VLAN maps).
C. Port ACLs.
D. Switch port ACLs.
E. AP Radio ACL.
F. Router port ACLs.
Answer: A, B, C
Question 9 You are designing a wireless network for a museum. One of their requirements is to track people inside the
museum and push a notification into their tablet device as soon as they step in front of the painting with
information about the artist and the painting. This information must be delivered in real time. You are using
regular probe request-based tracking and, during testing, you notice that although the tablet is connected to
the
museum Wi-Fi network, the location is not updating in real time as you move. It can take almost two
minutes for
the location to be updated. Which option is the likely reason for this issue?
Options:
A. Probe request-based tracking is bound to delay due to the broadcast type of traffic that is not
acknowledged
over the air and could be lost.
B. CCXv4 S60 is disabled by default. You must enable CCXv4 S60, which is compatible with all
Wi-Fi clients.
This feature carries out location updates more frequently.
C. Cisco MSE does not perform a new location calculation for certain elements if the resulting
position is not at
least 5 meters different than previous location.
D. Probe request-based tracking is device dependent. The tablet might not send a prove request if
it is
maintaining a good Wi-Fi signal, which can cause slower location updates.
Cisco 400-351
https://www.certification-questions.com
Answer: C
Question 10 DRAG DROP
Drag and drop the wireless deployment modes on the left to the corresponding roaming description on the
right.
Select and Place:
Options:
A.
Answer: A
Explanation:
:
Cisco 400-351
https://www.certification-questions.com
Would you like to see more? Don't miss our 400-351 PDF
file at:
https://www.certification-questions.com/cisco-pdf/400-351-pdf.html
Cisco 400-351
https://www.certification-questions.com
