Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 400-351
100% Free Download! 100% Pass Guaranteed!

CCIE Wireless (v3.1)

Question No: 41 – (Topic 1)

Refer to the exhibit. Which statement about this CPU ACL is correct?

1. This CPU ACL is used as a redirection aCLto redirect all traffic except Telnet to 172.21.153.37.

2. A user on the 10.64.0.0/24 network can use Telnet to access the WLC IP address on 172.21.153.37.

3. A user on the 10.64.0.0/24 network cannot use Telnet to access the WLC IP address on 172.21.153.37.

4. A user on the 10.64.0.0/24 network cannot use HTTPS to 172.21.153.37.

5. No subnets other than 10.64.0.0/24 can manage the WLC.

Answer: C Explanation: From:

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71978-acl- wlc.html

Question No: 42 – (Topic 1)

You are installing Converged Access controllers that run Cisco IOS-XE and you are ready to implement QoS. From the below, choose all the possible QoS target levels that would apply to downstream traffic (toward the client)?

1. Client, SSID, Radio, Port

2. Client, SSID, Radio

3. Client, Radio

4. Client, SSID

Answer: A Explanation:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/mul tibook/configuration_guide/b_consolidated_config_guide_3850_chapter_010010.html

Question No: 43 – (Topic 1)

Which three statements about 802.11ac are true? (Choose three.)

Which three statements about 802.11ac are true? (Choose three.)

1. When using MU-MIMO, up to 8 devices can transmit data at the same time.

2. MU-MIMO allows one AP to transmit unique data to multiple stations simultaneously.

3. MU-MIMO is supported in Wave1.

4. 802.11 a/b/g/n devices are able to connect to 802.11 ac radios.

5. 802.11ac is supported in the 2.4- and 5-GHz radio band.

6. It is possible to reach 160 MHz by combining two discontiguous 80MHz channel blocks.

Answer: B,D,F Explanation:

4 Things You Need to Know About 802.11ac

Question No: 44 DRAG DROP – (Topic 1)

Drag and drop the wireless deployment modes on the left to the corresponding roaming descriptions on the right.

Answer:

Explanation:

From: http://www.cisco.com/c/en/us/td/docs/wireless/technology/5760_deploy/CT5760_Controller

_Deployment_Guide/Mobility_Architecture.html

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76.pdf

Question No: 45 – (Topic 1)

A Cisco Unified 7925G Wireless IP Phone is operating on the 5 GHz band and transmitting at a power level of 40 mW. Which configuration must be done on the controller to avoid one-way audio?

1. In DCA, enable UNH-1 channels only.

2. Set the maximum power level assignment to 26 dBm.

3. In DCA, enable UNII-II channels only.

4. Set the maximum power level assignment to 16 dBm.

Answer: D Explanation:

https://www.cisco.com/c/en/us/support/docs/collaboration-endpoints/unified- wireless-ip-phone-7925g/200032-How-to-get-your-792x-wireless-phones-per.html

Question No: 46 – (Topic 1)

A user is presented with the underlying hardware and software needed to develop and offer applications via the Internet from a cloud service provider. Which cloud model is this user consuming?

1. Software as a Service

2. Platform as a Service

3. Application as a Service

4. Infrastructure as a Service

Answer: A Explanation:

Cloud computing – Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Cloud_computing#Service_models

Question No: 47 – (Topic 1)

Refer to the exhibit. What is the best way to resolve this issue?

1. Install a server certificate signed by a well-know public CA on the WLC.

2. Disable certificate checks on the client.

3. Install a server certificate signed by a well-known public CA on the Radius Server.

4. Use the certificate authority on the Cisco Identity Services Engine.

Answer: C Explanation:

From:

Event: 5400 Authentication failed

Failure Reason: 12321 PEAP failed SSL/TLS handshake because the client rejected the ISE Local –

certificate

Cisco ISE authentication failed because client reject certificate | AAA, Identity and NAC | Cisco

Support Community

https://supportforums.cisco.com/discussion/11697966/cisco-ise-authentication-failed- because-client-reject-certificate

The error you are seeing in ISE is pointing to your client, if you have the eap settings set to quot;validate server certificatequot; then you must manually set it to trust the rootCA that signed the ISE certificate, or you can disable this option for testing. You can try to remove this wireless network profile, and recreate it and see if the pop up appears which asks you to validate the server#39;s identity.

Possible Causes for this issue

The supplicant or client machine is not accepting the certificate from Cisco ISE.

The client machine is configured to validate the server certificate, but is not configured to trust the

Cisco ISE certificate.

Note [This is an indication that the client does not have or does not trust the Cisco ISE certificates.

Possible Causes The supplicant or client machine is not accepting the certificate from Cisco ISE.

The client machine is configured to validate the server certificate, but is not configured to trust the Cisco ISE certificate.

Resolution The client machine must accept the Cisco ISE certificate to enable authentication.

Question No: 48 – (Topic 1)

Which feature intersection of a Cisco 5760 Wireless LAN Controller with HA AP SSO is not true?

1. Switchover during AP preimage download causes the Aps to start image download all over again from the new active controller.

2. Upon guest anchor controller switchover, mobility tunnels stay active, Aps remain connected, clients rejoin at MA or MC, and clients are anchored on the new active controller.

3. WIPS information is synced to the standby unit. The standby unit does not have to relean wIPS information upon switchover.

4. Roamed clients that have their data path going through the mobility tunnel endpoint quot;becomed Localquot; in case of Layer 2 with sticky anchoring and Layer 3 roam. Layer 2 roamed clients are not affected except when roaming occurs between Cisco Unified Wireless Network and CA controller.

Answer: C Explanation: From:

CT5760 High Availability AP SSO Deployment Guide, Cisco IOS XE Release 3.3 – Cisco http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/5700/software/release/i os_xe_33/5760_HA_DG_iosXE33.html

This document introduces the Access Point Stateful Switch Over redundancy model for High Availability (HA) with CT5760 controllers using the StackWise-480 technology. HA in Cisco 5700 Series Wireless Controller is enabled using Cisco StackWise-480 technology. Feature Intersection with AP SSO

• Switchover during AP Pre-Image download causes the APs to start image download all over again from the new Active controller.

• Rogue APs and clients are not synced to Standby and are re-learnt upon switchover.

• Infra structure MFP key is not synced to the Standby controller and is re-learnt upon switchover.

• New Active controller re-learns the shim list from IPS and other MCs. and redistributes it to the MAs.

• wIPS information is not synced to the Standby unit and is re-learnt upon switchover.

• Clean Air detected Interferer devices are re-learnt after switchover.

• Net Flow records are cleared upon switchover and collection starts fresh on the new Active

  controller.

• Mobility paths and tunnels to the MO and other peer MCs are not disrupted upon switchover. However the Client state is cleaned up on the MO under which the HA pair exists and is re-learnt from the new Active controller when the client re-associates.

• Roamed clients that have their data path going through the Mobility Tunnel Endpoint (MTE) quot;become Local#39;quot; in case of L2 with Sticky Anchoring and L3 Roam. L2 Roamed

  Clients are not affected except when roaming occurs between CUWN and CA controllers.

• RRM related configurations and the AP neighbor list in the Leader HA pair is synced to the Standby controller.

• Upon Guest Anchor controller switchover, mobility tunnels stay active. APs remain connected, clients rejoin at MA or MC. and are anchored on the new Active controller.

  Question No: 49 – (Topic 1)

  

  Refer to the exhibit. You have been asked to troubleshoot why VTP is not distributing new VLANs to a VTP client switch. Which option is the most likely root cause of this VTP problem.

  1. The VTP password is not set to level 15 on the client switch.

  2. The VTP password encryption level is not set on the client switch.

  3. The VTP encryption level does not match on the client switch.

  4. The VTP password is incorrect on the client switch.

  5. The client switch is set to transparent mode. Which ignores VLAN configuration updates from VTP servers.

  Answer: D Explanation: From:

  Each sw, and issue the command: No vtp password

  

  https://www.packet6.com/configuring-vtp-on-cisco-switches/ http://www.sunpenguin.net/?p=283

  Question No: 50 – (Topic 1)

  

  You are getting the following error message. Which reason for this issue true?

  %DOT11-4-CANT_ASSOC Interface Dot 11 Radio0. Cannot associate NO Aironet Extension IE.

  1. 鈥渄ot11 extension 鈥?is missing under the interface Dot11Radio 0 interface.

  2. When repeater mode is used, unicast-flooding must be enabled to allow Aironet IE communications.

  3. The parent AP MAC address has not been defined.

  4. Repeater mode only works between Cisco access point.

  Answer: A Explanation:

  

  http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12- 2_11_JA/configuration/guide/b12211sc/s11rep.html

  100% Ensurepass Free Download!
  –400-351 PDF
  100% Ensurepass Free Guaranteed!
  –400-351 Dumps

  	EnsurePass	ExamCollection	Testking
  Lowest Price Guarantee	Yes	No	No
  Up-to-Dated	Yes	No	No
  Real Questions	Yes	No	No
  Explanation	Yes	No	No
  PDF VCE	Yes	No	No
  Free VCE Simulator	Yes	No	No
  Instant Download	Yes	No	No