350 050.realtests - Premium.exam.469q

RealTests.350-050.
469Questions
Number: 350-050
Passing Score: 800
Time Limit: 120 min
File Version: 250
This VCE is Valid i got all questions from this VCE.. I have passed my exam today.
Passed this exam in the UK today with a score of 810. Great VCE thank you so much Angela
I just passed the 510 and this VCE is nearly perfect and still 99% valid. I memorized the entire VCE over about 3 weeks and passed in the upper
400's. I didn't use any other VCE.
It actually saves our lot of time, no repetiton, up to date data prepared by professionals.
Still valid in UK :-) They were almost word for word,amazing!!!!!!
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
Exam A
QUESTION 1
You are configuring an autonomous wireless guest network for your customer. The customer requires that guest users be unable to communicate with
one another. Which solution best meets this requirement?
A.
B.
C.
D.
E.
public secure packet forwarding on the AP and switch-port protected on the AP switch port
public secure packet forwarding on the AP and limiting the AP switch port to the guest VLAN only
port security on the AP and 802.1X on the AP switch port
MAC filtering on the AP radio interface and switch-port protected on the AP switch port
public secure packet forwarding on the AP and configuring the guest VLAN on the switched network as a private VLAN
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
What is the advantage of EAP-FAST compared to LEAP?
A. EAP-FAST exchanges user credentials within a TLS tunnel whereas LEAP exchanges credentials information in clear, which allows possible offline
"dictionary attacks."
B. EAP-FAST allows authenticated in-band PAC provisioning, whereas LEAP uses anonymous in-band PAC provisioning, which is transparent to the
user.
C. LEAP only supports user and password changes in conjunction with MS-CHAPv2, whereas EAP-FAST supports user and password changes when
using MS-CHAPv2 or OTP or PAC.
D. EAP-FAST works with the 802.11 authentication algorithm "open eap," and also with "network-eap," whereas LEAP is limited to the 802.11
authentication algorithm "network-eap" only.
Correct Answer: A
Section: (none)
Explanation
QUESTION 3
Which two statements are not correct about client MFP? (Choose two.)
A.
B.
C.
D.
E.
Client MFP can replace infrastructure MFP if only CCXv5 clients are used.
Client MFP encrypts class 3 unicast management frames using the security mechanisms defined by 802.11i.
In order to use client MFP, the client must support CCXv5 and negotiate WPA2 with AES- CCMP or TKIP.
The only supported method to obtain the pre-user MFP encryption keys is EAP authentication.
The CCXv5 client and access points must discard broadcast class 3 management frames.
Correct Answer: AD
Section: (none)
Explanation
modified answers
QUESTION 4
Company XYZ has a wireless network in place. Which three general guidelines should be followed to overlay a Cisco Context-Aware Mobility Solution?
(Choose three.)
A.
B.
C.
D.
E.
The maximum effective AP spacing should be between 40 feet and 70 feet.

There should be a minimum of two APs within range of each client.
APs at the perimeter of the coverage area need to be deployed.
The physical placement of APs must be collinear.
Equilateral triangle placement of the APs yields better accuracy.
Correct Answer: ACE

Section: (none)
Explanation
QUESTION 5
Which three are equivalent forms of the IPv6 address 2011:0000:0000:0000:2010:0000:0000:000F? (Choose three.)
A.
B.
C.
D.
E.
F.
2011:0:0:0:2010:0:0:F
2011::2010::000F
2011:0:0000:0000:2010::000F
2011::2010:0:0:F
2011::201:0000:0000:000F
2011::201:0010:0010:000F
Correct Answer: ACD

Section: (none)
Explanation
updated answers
QUESTION 6
Which of the following is not a valid IPv6 address type?
A.
B.
C.
D.
E.
link-local unicast
unique-local unicast
anycast
multicast
broadcast
Correct Answer: E
Section: (none)
Explanation
QUESTION 7
To avoid classification at all switches within a QoS domain, a switch port may be configured in a trusted state. Which two statements are true regarding
the trust state configuration of a switch port? (Choose two.)
A.
B.
C.
D.
E.
When mls qos trust is not configured on the port, the default port trust state is DSCP.
When mls qos trust is not configured on the port, the default port trust state is CoS.
The port trust state can be CoS or DSCP only.
When mls qos trust cos is configured on the port, the port default CoS value is used for an untagged packet.
When mls qos trust cos is configured on the port, the switch classifies an ingress packet by using the packet CoS value.
Correct Answer: DE
Section: (none)
Explanation
QUESTION 8
Which aggregate of the IPv6 addresses 2001:0303:0000:5000:0000:052B:0000:0000/96 and 2001:0303:0000:5000:0000:052C:0000:0000/96 has the
longest possible mask?
A.
B.
C.
D.
2001:0303:0000:5000:0000:052A:0000:0000/96
2001:0303:0000:5000:0000:052A:0000:0000/95
2001:0303:0000:5000:0000:0528:0000:0000/93
2001:0303:0000:5000:0000:0520:0000:0000/92
Correct Answer: C
Section: (none)
Explanation
answer is modified
QUESTION 9
Which two protocols or processes can be used for a switched network to control distribution of multicast traffic at Layer 2? (Choose two.)
A.
B.
C.
D.
E.
PIM
CGMP
IGMP v2
IGMP v3
IGMP snooping
Correct Answer: CE
Section: (none)
Explanation
QUESTION 10
A router has two interfaces: Ethernet 0 is connected to the LAN and Ethernet 1 is connected to the Internet. The LAN is 20.20.20.0/24. All hosts on the
LAN must be able to form TCP connections to any host on the Internet. Hosts on the Internet may not form TCP connections to hosts on the LAN,
except to port 25 of a mail server on the LAN. The web server IP address is 20.20.20.100. Which configuration fulfills all the requirements?
A. interface ethernet 1
ip access-group 123 in
!
B.
C.
D.
E.
access-list 123 permit tcp any 20.20.20.0 0.0.0.255 access-list 123 permit tcp any host 20.20.20.100 eq 25
interface ethernet 1
!
access-list 123 permit tcp any 20.20.20.0 0.0.0.255 established access-list 123 permit tcp any host 20.20.20.100 eq 25
!
access-list 123 permit tcp any host 20.20.20.100 eq 25 access-list 123 deny tcp any 20.20.20.0 0.0.0.255
!
access-list 123 deny tcp any 20.20.20.0 0.0.0.255
access-list 123 permit tcp any host 20.20.20.100 eq 25
!
access-list 123 permit tcp any host 20.20.20.100 eq 25 access-list 123 permit tcp 20.20.20.0 0.0.0.255 any access-list 123 deny tcp any 20.20.20.0
0.0.0.255
Correct Answer: B
Section: (none)
Explanation
QUESTION 11
Cisco WiSM controllers have multiple interface types. Which three statements about the interface types of the controllers are true? (Choose three.)
A.
B.
C.
D.
E.
F.
The service-port interface is the default interface for in-band management of the controller.
If the service port is in use, then the management interface must be on a different subnet than the service port.
You cannot ping the AP-manager interface.
The virtual gateway interface is used to support mobility management.
The management interface is used as the source IP address for all Layer 3 communications between the controller and the lightweight APs.
On the Cisco WiSM, the management interface is used to synchronize the supervisor engine and the Cisco WiSM.
Correct Answer: BCD

Section: (none)
Explanation
QUESTION 12
You have 2 WLCs with management IP addresses of 192.168.11.5 and 192.168.11.6 respectively. Your APs reside on a different subnet. Which of the
below DHCP options needs to be configured?
A.
B.
C.
D.
option 43 hex f102c0a80b05c0a80b06

option 43 hex f108c0a80b05c0a80b06
option 43 hex f102c0a81105c0a81106
option 43 hex f108c0a81105c0a81106
Correct Answer: B
Section: (none)
Explanation
QUESTION 13
When using DNS discovery, you must configure DNS to respond to which of the following?
A.
B.
C.
D.
CISCO-WAP-CONTROLLER.localdomain
CISCO-CONTROLLER.localdomain
CISCO-CAPWAP-CONTROLLER.localdomain or CISCO-LWAPP- CONTROLLER.localdomain
CISCO-CONTROLLER-LWAPP.localdomain or CISCO-CONTROLLER- CAPWAP.localdomain
Correct Answer: C
Section: (none)
Explanation
QUESTION 14
Which two methods can be used in Cisco Secure ACS 5.2 to assign client authentication requests to different access services or authorization policies,
based on the SSID to which the client is associated? (Choose two.)
A. DNIS-based end station filter
B. CLI-based end station filter
C. condition based on the RADIUS-IETF. Filter-ID(11) attribute

D. condition based on the RADIUS-IETF:Called-Station-ID(30) attribute
E. condition based on the RADIUS-IETF:Calling-Station-ID(31) attribute
Correct Answer: AD
Section: (none)
Explanation
QUESTION 15
Refer to the exhibit.
What might be the reason of these failed attempts in ACS?

A.
B.
C.
D.
The wrong shared secret is configured on the AAA client or ACS.

The request is coming from a AAA client that is configured only for RADIUS on ACS.
The request is coming from a AAA client that is configured only for TACACS+ on ACS.
The PC that is trying to access the device is outside the known subnet.
Correct Answer: B
Section: (none)
Explanation
QUESTION 16
How can you configure an NTP server address for Cisco Secure ACS 5.2?
A. through the ACS GUI only
B.
C.
D.
E.
through the ACS CLI only

through both the ACS GUI and CLI
on the hosting Microsoft Windows operating system
not possible because there are no NTP settings for ACS
Correct Answer: B
Section: (none)
Explanation
QUESTION 17
You have configured ACS to perform machine authentication against Active Directory. Both ACS and Active Directory hosts can ping each other, there is
no firewall between them, and ACS trusts the correct CA. Yet the clients that are performing machine authentication with EAP-TLS and using valid
certificates are failing to authenticate. What might the reason be?
A.
B.
C.
D.
E.
The wrong UDP port for Active Directory is configured on ACS.

Machine access restrictions is enabled on ACS.
The client certificate key is less than 2048 bit.
The wrong date and time are on the ACS server.
The host is not configured in the ACS internal database.
Correct Answer: D
Section: (none)
Explanation
QUESTION 18
Which three statements about the configured attribute or value in ACS are true? (Choose three.)
A.
B.
C.
D.
E.
F.
It is returned within a RADIUS packet.

It is returned within a TACACS+ packet.
It grants the use of configuration commands on autonomous APs.
It grants at least read-only access to all the menus in the Cisco WLC GUI.
It is case sensitive.
It is not case sensitive.
Correct Answer: BDE

Section: (none)
Explanation
updated answers
QUESTION 19
Which DHCP option is shown?

A.
B.
C.
D.
E.
Option 60
Option 241
Option 32
Option 150
Option 43
Correct Answer: E
Section: (none)
Explanation
important
QUESTION 20
To have the CleanAir feature merge reports from APs from different controllers, what do you need?
A. CleanAir APs and Cisco WLCs in the same mobility group
B.
C.
D.
E.
CleanAir APs, Cisco WLCs, and Cisco WCS

CleanAir APs in the same RF group and Cisco WLCs
CleanAir APs, Cisco WLCs, Cisco WCS PLUS, and a Cisco MSE
CleanAir APs, Cisco WLCs, Cisco WCS PLUS, and a Cisco MSE with CleanAir tracking license
Correct Answer: D
Section: (none)
Explanation
QUESTION 21
Client stations are trying to associate to a given SSID and fail to do so for some time before associating successfully. Considering the debug output that
was collected, what could be the cause of the issue?
A.
B.
C.
D.
E.
The WLC is connected to two switches and LAG is not configured.

The client was roaming and the SSID does not have the same WLAN ID on all company controllers.
The client was already associated to another corporate SSID and Fast SSID change is disabled.
The WLAN is constantly brought down because of CAPWAP tunnel flapping.
An administrator changed the WLAN ID during the time in question.
Correct Answer: C
Section: (none)
Explanation
updated answer
QUESTION 22
What is the correct procedure to install a chained certificate (if multiple certification authorities are involved) when you do web authentication on a WLC?
A. In the Security > Web Authentication menu, download first the root CA certificate, apply, then download the intermediate CA and then the device
B.
C.
D.
E.
certificate.
Upload the WLC certificate through the Security > Web Authentication menu and the CA certificates by downloading with datatype Vendor CA
Certificate.
Zip all the certificates and download them on the WLC as datatype WebAuth Bundle.
Only through command line with the command "transfer download data type webauth chained cert".
Concatenate the device and intermediate CA certificates into one file along with the private key generated for the WLC CSR and upload that file in
the Security > Web Authentication menu.
Correct Answer: E
Section: (none)
Explanation
QUESTION 23
When configuring NAC in-band to work with a Cisco WLC, which statement is true, from a WLC perspective?
A.
B.
C.
D.
NAC always needs to be enabled in the WLAN configuration.

The Clean Access Server always needs to be configured as a RADIUS accounting server on the Cisco WLC.
The Clean Access Manager always needs to be configured in the SNMP trap receiver.
Only the quarantine VLAN ID needs to be configured as the WLAN interface.
Correct Answer: D
Section: (none)
Explanation
QUESTION 24
You have four Cisco WLCs and have deployed wired guest access, using a single guest VLAN for all controllers. How can you achieve redundancy if the
guest VLAN fails on the infrastructure switches?
A.
B.
C.
D.
E.
Configure one Cisco WLC as the anchor controller for the wired guest VLAN.
Configure a different wired guest VLAN on each Cisco WLC.
Configure all the Cisco WLCs in the same mobility group.
Set a fallback port on the wired guest interface.
You cannot achieve redundancy of the wired guest VLAN.
Correct Answer: E
Section: (none)
Explanation
QUESTION 25
You are on the U.S. East Coast (EST time zone, UTC-5) and configure NTP on your Cisco WLC. The Cisco WLC web GUI shows the correct time and
date, but your APs are off by 5 hours. Which statement is true?
A.
B.
C.
D.
E.
This behavior is normal because the APs show UTC time.

You need to configure the time zone on the APs.
You need to configure the NTP server on the APs.
You need to enable time-zone synchronization between the APs and Cisco WLC.
APs support only an SNTP server, not an NTP server.
Correct Answer: A
Section: (none)
Explanation
QUESTION 26
Which three statements about the VideoStream feature (also known as MediaStream) on the Cisco WLC are true? (Choose three.)
A.
B.
C.
D.
E.
F.
It unicasts the stream only to clients that are subscribed via IGMP.
It works both ways (from network to client and from client to network).
It unicasts the stream only to APs on which you enable the feature.
It sends unicast, so it can usually use higher data rates.
It unicasts the multicast stream over the air only; it multicasts on wired connections.
It multicasts, so a large number of subscribed clients on the AP will not consume more bandwidth.
Correct Answer: ADE

Section: (none)
Explanation
answers updated
QUESTION 27
What is the minimum number of rules that is necessary in a CPU ACL to allow all access from a single VLAN to the management interface, yet prevent
management access from all other VLANs while permitting all other traffic?
A.
B.
C.
D.
five
six
seven
eight
Correct Answer: B
Section: (none)
Explanation
QUESTION 28
Your manager has asked you to configure a remote office Cisco WLC to support local EAP authentication. The manager wants the clients to use EAPFAST. The LDAP server is Microsoft Active Directory. All users, including the account that is used to bind to the LDAP server, are in the default Users
container in Active Directory. No RADIUS servers are configured on the Cisco WLC. The client is using the latest Intel card and supplicant.
Why does the test client fail to authenticate?
A.
B.
C.
D.
E.
Local EAP does not support EAP-FAST when using an Active Directory LDAP server.
The LDAP bind account cannot be in the same container as the wireless user accounts.
The User object type is incorrect.
The default Users container in Active Directory is a container rather than an organizational unit.
The User attribute is incorrect.
Correct Answer: D
Section: (none)
Explanation
QUESTION 29
You are a senior wireless network administrator and have just completed the configuration of TACACS+ on your production Cisco WLC server. You can
successfully log into the Cisco WLC by using your domain credentials. However, junior administrators, who have only local management accounts on
the Cisco WLC, are complaining that they can no longer log into the Cisco WLC GUI or CLI. What is the cause of this problem?
A.
B.
C.
D.
When TACACS+ is configured on the Cisco WLC, local authentication is permanently disabled.
TACACS+ is the first authentication priority. The ACS is responding, so the Cisco WLC never queries the local database.
TACACS+ was configured and the ACS is responding, so all local accounts on the Cisco WLC are disabled.
The junior administrators must also have domain accounts with the same username but different passwords than the local Cisco WLC accounts, so
the ACS is returning an access-reject.
This prevents the Cisco WLC from querying the local database.
Correct Answer: B
Section: (none)
Explanation
QUESTION 30
After performing a wireless site survey, you determine that to achieve proper HR-DSSS coverage within the rooms along a hallway area, the AP radios
that service the hallway must be at 12 mW or higher. After the APs are all installed, you note that RRM is decreasing the power on the AP radios in the
hallway to 6 mW. Which two methods can you use to prevent the HRDSSS AP radio power levels from dropping below 12 mW? (Choose two.)
A.
B.
C.
D.
E.
F.
Configure the minimum power-level assignment for the 2.4 GHz radio to 11 dBm under the individual TPC settings on the hallway APs.
Configure the minimum power-level assignment for the 5 GHz radio to 11 dBm under the individual TPC settings on the hallway APs.
Configure the minimum power-level assignment to 11 dBm under the global 802.11b/g/n TPC settings.
Configure the minimum power-level assignment to 11 dBm under the global 802.11a/n TPC settings.
Statically configure the 5 GHz radios on the hallway APs to power level 4.
Statically configure the 2.4 GHz radios on the hallway APs to power level 4.
Correct Answer: CF
Section: (none)
Explanation
QUESTION 31
You are testing coverage-hole detection in your lab. You are using the default Cisco WLC coverage-hole detection configuration that is shown. You have
14 test clients, all associated to the same AP. You move three of the clients far away from the AP so that they have an RSSI of - 85 dBm or lower for 1
minute. To your surprise, you see precoverage-hole alarms, but no coverage-hole alarm is triggered.
Which two scenarios explain this issue? (Choose two.)
A.
B.
C.
D.
E.
The failed clients must be at an RSSI of -81 dBm or lower for at least 90 seconds.
The failed clients must be at an RSSI of -80 dBm or lower for at least 90 seconds.
The number of failed clients is less than 25 percent of the total number of clients that are associated to the AP.
This Cisco WLC is not an RF group leader and so cannot make a coverage-hole decision.
Coverage-hole alarms are generated based on the number and percentage of failed packets from the client, rather than on thresholds.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 32
A wireless ISP has hired you to help set up a new Cisco WLC to provide wireless access to subscription-based customers. Each customer that uses the
wireless network needs to pay their bill every 30 days. How do you configure the WLAN security to help meet this requirement?
A.
B.
C.
D.
E.
F.
no Layer 2 security, conditional web redirect Layer 3 security

WPA2 802.1X Layer 2 security, splash page web redirect Layer 3 security
802.1X Layer 2 security, splash page web redirect Layer 3 security
WPA2 PSK Layer 2 security, conditional web redirect Layer 3 security
no Layer 2 security, splash page web redirect Layer 3 security
WPA 802.1X Layer 2 security, conditional web redirect Layer 3 security
Correct Answer: F
Section: (none)
Explanation
QUESTION 33
Two Cisco WLCs on a Cisco WiSM and in the same mobility group are both running 4.2.209.0 code. All the WLANs on both Cisco WLCs are configured
for H-REAP local switching. Based on the configurations that are shown, which WLAN or WLANs will still be correctly mapped to a local VLAN if an HREAP mode AP moves between the two controllers?
A.
B.
C.
D.
WLANs 2, 3, 4, and 5
All the WLANs
WLAN 1
WLANs 2 and 5
E. WLANs 1, 2, 4, and 5
F. WLAN 5
Correct Answer: D
Section: (none)
Explanation
QUESTION 34
You have just configured multicast on the wired network and the controller. You configured the multicast address on the Cisco WLC to be 239.0.1.25,
with IGMP snooping disabled. Clients 1 and 3 are associated to AP1, and Client 2 is associated to AP2. All three clients are associated and
authenticated to WLAN 1. Using Client 1, you send an IGMP join request to test the multicast application on the wireless network.
Which client or clients will need to process the multicast traffic?

A.
B.
C.
D.
E.
none of the clients

Client 1
Clients 1 and 2
Clients 1, 2, and 3
Clients 1 and 3
Correct Answer: D
Section: (none)
Explanation
QUESTION 35
Corporation XYZ is enabling multicast on its WLANs in order to enable company meetings to be streamed to employee laptops. The company wishes to
block specific unwanted multicast traffic from traversing the wireless network. What is the best way to filter multicast traffic going toward wireless
clients?
A.
B.
C.
D.
use a WLC ACL on the management interface

use a CPU ACL on the WLC
use a WLC ACL on the dynamic interface for all WLANs
use an ACL on the first-hop router
Correct Answer: D
Section: (none)
Explanation
QUESTION 36
You have implemented a branch network using H-REAP local switching. You have been asked to enable an acceptable use-policy web authentication
page, without requiring users to enter credentials and login. Users should only have to accept the login terms.
Which two solutions should you implement? (Choose two.)
A. Enable a web policy of conditional web redirect.
B.
C.
D.
E.
Use an external web server for the web authentication page.

Use the internal web server for the web authentication page.
Implement a pre-authentication ACL to allow web authentication page traffic.
Enable a web policy of passthrough.
Correct Answer: CE
Section: (none)
Explanation
QUESTION 37
The wireless clients at your company are all on the 192.168.1.0/24 network. Given the applied ACL in the exhibit, which two statements are true?
(Choose two.)
A. DNS requests from the wireless clients will be blocked.
B. ICMP requests will be allowed to travel to the wireless clients.

C. ICMP replies will be allowed to travel from the wireless clients.
D. DNS requests from the wireless clients will be allowed.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 38
Your company is using wireless voice clients that have a unicast push-to-talk-function. DTIM is set to 10. Users report that the audio is choppy. Which
action should you take to try to resolve this issue?
A.
B.
C.
D.
E.
Lower the DTIM to 2.

Lower the DTIM to 1.
Disable power saving on the wireless device.
Enable power saving on the wireless device.
Raise the DTIM to 15.
Correct Answer: C
Section: (none)
Explanation
QUESTION 39
Corporation XYZ has many retail branch sites that are using H-REAP APs. XYZ wishes to send multicast traffic to the branch sites on WLAN A, which is
centrally switched. It also wishes to ensure that multicast traffic is not sent to sites that do not request it. Which two steps must be taken in order to
make this work? (Choose two.)
A.
B.
C.
D.
Enable multicasting in multicast mode

Disable IGMP snooping
Enable multicasting in unicast mode
Enable IGMP snooping
Correct Answer: CD
Section: (none)
Explanation
QUESTION 40
Corporation XYZ is enabling wireless guest access for its guests. You will be using the Cisco WCS Lobby Ambassador feature to provision guest user
accounts and want to make sure that the web authentication for guest access is not susceptible to brute force attacks. What is the best way to
accomplish this?
A.
B.
C.
D.
Configure web authentication max retries on the WCS.

Implement a CPU ACL on the terminating WLC.
Configure web authentication max retries on the WLC.
Configure client exclusion.
Correct Answer: D
Section: (none)
Explanation
QUESTION 41
You wish to configure a Cisco WCS to provide an additional layer of security by outlining which APs your DHCP servers will respond to. Which two
pieces or combinations of information can be used to achieve this objective? (Choose two.)
A.
B.
C.
D.
AP MAC address
AP MAC address and AP host name
AP host name
AP MAC address and AP SSID
Correct Answer: AD
Section: (none)
Explanation
QUESTION 42
Which of the below statements is true about Radio Resource Management Neighbor messages? (Choose three.)
A.
B.
C.
D.
E.
F.
they are transmitted at minimum power

they are transmitted at maximum power
they are transmitted at the highest data rate
they are transmitted at the lowest supported data rate
they are transmitted on all serviced channels
they are transmitted every 60 seconds
Correct Answer: BDF

Section: (none)
Explanation
QUESTION 43
The IT administrator can confirm the air quality and existing non-Wi-Fi interference on the Cisco WLC but cannot find any non-Wi-Fi interference on the
Cisco WCS. What are two possible reasons for this issue? (Choose two.)
A.
B.
C.
D.
The administrator did not add Cisco MSE to Cisco WCS.

The administrator added Cisco MSE to Cisco WCS but forgot to sync Cisco MSE with Cisco WLC and the floor map.
The administrator needs to enable the CleanAir function from the Cisco WCS GUI again.
The administrator needs to restart Cisco WCS after adding Cisco WLC, to enable the CleanAir function.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 44
The IT manager wants the Cisco WCS to send email notifications of alarms to identify issues in a timely fashion. The manager finds that not all of the
alarms were sent via email. Which default severity level of alarm will trigger an email?
A.
B.
C.
D.
E.
major
critical
minor
informational
critical and major
Correct Answer: B
Section: (none)
Explanation
answer is valid
QUESTION 45
The IT manager is demonstrating the Cisco WCS to the CIO. During the demonstration of the client-troubleshooting feature, the CIO notices that some
clients have the Test analysis, Messaging, and Event log options, whereas other clients do not. What is causing this difference?
A.
B.
C.
D.
Cisco Compatible Extensions v5 clients have more troubleshooting options than other clients.
When clients associate to the diagnostic channel, the Cisco WCS has more troubleshooting options.
Associated clients have more troubleshooting options than other clients.
Authenticated clients have more troubleshooting options than other clients.
Correct Answer: A
Section: (none)
Explanation
QUESTION 46
Which three device types can be tracked with a context-aware license on a Cisco MSE? (Choose three.)
A.
B.
C.
D.
E.
F.
wired client
microwave oven
ad hoc rogue AP
1.9 GHz DECT phone
RFID chokepoint
cellular smart phone
Correct Answer: ABC

Section: (none)
Explanation
QUESTION 47
Which statement about the Cisco WCS WLAN configuration template is true?
A.
B.
C.
D.
A WLAN template can be used to configure SSID settings on an AP.

A WLAN template can be used to configure mandatory and supported data rates on a WLC.
A WLAN template can be used to configure SSID settings on a WLC.
A WLAN template can be used to configure channel and power level options on an AP.
Correct Answer: C
Section: (none)
Explanation
QUESTION 48
Which method was used to define this rogue AP as malicious?

A.
B.
C.
D.
This rogue AP matched a WCS malicious rogue AP classification rule.

A WCS switch port trace was performed and the MAC address of the rogue AP was found connected to a Cisco switch port.
This rogue AP was discovered using RLDP.
A rogue AP alert was enabled that defines all rogues with open SSIDs as malicious.
Correct Answer: D
Section: (none)
Explanation
QUESTION 49
The IT manager is monitoring the wireless coverage of a floor. The manager sees the floor view that is shown. Which identifying information is displayed
for the APs on the map view?
A.
B.
C.
D.
E.
F.
Tx power level
utilization
profiles
average air quality
associated clients
coverage hole
Correct Answer: F
Section: (none)
Explanation
QUESTION 50
According to the Cisco WCS floor map, which statement is true?

A.
B.
C.
D.
All APs are affected by interference from Bluetooth.

All APs are affected by interference from a video camera.
Only AP1 is affected by interference from a video camera.
Any device that uses channel 1 is affected by interference from a video camera.
Correct Answer: D
Section: (none)
Explanation
QUESTION 51
Which statement about the Cisco WCS RRM event message is true?
A.
B.
C.
D.
Excessive non-802.11 interference caused the channel change.

Being near another managed AP on the same channel caused the channel change.
A CleanAir AP detected a persistence interferer and forced an RRM reassignment of channels.
Event-driven RRM caused the channel change.
Correct Answer: B
Section: (none)
Explanation
updated answer
QUESTION 52
Which menu option in the Cisco Wireless Control Systems (WCS) planning mode will create a report detailing AP placement and signal coverage?
A.
B.
C.
D.
E.
F.
G.
Home
Add APs
Delete APs
Map Editor
Synchronize
Generate Proposal
Planned AP Association
Correct Answer: F
Section: (none)
Explanation
QUESTION 53
Company ABC has a deployment plan that includes multiple controllers. To start the deployment and manage the controllers more efficiently, the IT
administrator decides to use controller autoprovisioning on Cisco WCS. Which three controller options are available as matching criteria? (Choose
three.)
A.
B.
C.
D.
E.
F.
hostname
MAC address
serial number
management IP address
device type
UDI
Correct Answer: ABC

Section: (none)
Explanation
QUESTION 54
The manufacturing firm XYZ deployed outdoor mesh in one of their factories. The IT manager is asked to enable monitoring of the mesh network on the
map. Which two mesh link options can be shown as link labels of the mesh link on the map? (Choose two.)
A. SNR
B.
C.
D.
E.
packet error rate

data rate
backhaul channel
hop counter
Correct Answer: AB
Section: (none)
Explanation
QUESTION 55
The IT manager acknowledges that some security issues that are shown in a detailed security index report violate company policies. However, the
security index does not change after synchronizing the configuration of the Cisco WLC on Cisco WCS. What are two possible reasons for this issue?
(Choose two.)
A. The acknowledged issue is on a controller that does not directly affect the security index score (for instance, it is not the controller with the lowest
score).
B. The acknowledged issue is on a WLAN that does not directly affect the security index score.
Only the lowest scoring WLAN of the lowest scoring controller affects the security index score.
C. The acknowledged issue is on a controller that does not directly affect the security index score (for instance, it is not the controller with the highest
score).
D. The acknowledged issue is on a WLAN that does not directly affect the security index score.
Only the highest scoring WLAN of the highest scoring controller affects the security index score.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 56
Which two statements about why client devices fail to be displayed on a Cisco WCS floor map are true? (Choose two.)
A.
B.
C.
D.
NMSP communication has failed between the Cisco MSE and Cisco WCS.
Filtering parameters have not been configured for the context-aware service.
Network designs and controllers have not been assigned to the Cisco MSE.
LOCP communication has failed between the Cisco MSE and Cisco WCS.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 57
Which statement about Cisco WCS virtual domains (partitioning) is true?
A.
B.
C.
D.
The WCS root user is contained to the root virtual domain and cannot view other virtual domains.
Each virtual domain can be configured to include or exclude selected maps, WLCs, or APs based on the hierarchical level of each domain.
Any AP managed by WCS will be visible in all virtual domains.
Each virtual domain can be configured to include or exclude selected reports, configuration templates, or WCS background tasks based on the
hierarchical level of each domain.
Correct Answer: B
Section: (none)
Explanation
answer is modified
QUESTION 58
Which statement is true when the basic audit mode is selected in Cisco WCS?
A.
B.
C.
D.
Basic audit will only audit the reachability and functional status of the WLAN controller.
Basic audit will compare the device configuration in the WCS database against the current WLAN controller configuration.
Basic audit will compare the WCS template settings against the current WLAN controller configuration.
Basic audit will instruct the WLAN controller to notify WCS when a configuration change has occurred via the web interface or CLI of the controller.
Correct Answer: B
Section: (none)
Explanation
QUESTION 59
The client troubleshooting feature on Cisco WCS is very useful. You can collect the log message that is logged against a specific client on Cisco WCS.
What statement about the log function in client troubleshooting is true?
A. The log messages are collected automatically when the administrator starts to troubleshoot the client. The administrator needs to stop the log
collection manually.
B. The log messages are collected when the administrator clicks "Start". Log collection stops only after the administrator clicks "Stop".
C. The log messages are collected automatically as soon as the administrator starts to troubleshoot the client. The log collection stops automatically
after a period of 10 minutes.
D. The log messages are collected when the administrator clicks "Start". The log collection stops automatically after 10 minutes.
Correct Answer: D
Section: (none)
Explanation
QUESTION 60
The IT manager needs to start deploying WLAN in a new building and is using the planning mode in Cisco WCS to generate a coverage proposal.
Which statement about the planning mode in Cisco WCS is false?
A. Planning mode calculates the necessary number of APs, based on traffic type on the network, location accuracy requirements, number of users, and
number of users per square footage.
B. In the advanced options, the Aggressive option generates more APs to cover the floor area, whereas the Very safe option generates a proposal with
fewer APs to cover the same area.
C. Walls that are defined in the floor map are used or accounted for in the planning mode calculation.
D. Users can specify a particular model of Cisco AP, antenna, and throughput for the planning mode calculation.
Correct Answer: B
Section: (none)
Explanation
QUESTION 61
What appears to be the issue with the wireless client device?

A.
B.
C.
D.
E.
F.
The client 802.1x configuration is incorrect.

There is RF interference.
The client WPA2 parameters are incorrect.
No response is being received from the DHCP server.
The client is configured with the wrong WEP key.
No response is being received from the RADIUS server for 802.1x authentication.
Correct Answer: D
Section: (none)
Explanation
QUESTION 62
When designing a WLAN network to support both voice and context-aware services, which set of design principles should you follow?
A. A voice and context-aware site survey can be one survey, and both voice and context-aware deployment recommendations can be implemented.
APs that are not serving clients will be in monitor mode.
B. A context-aware site survey usually recommends deploying more APs because of the requirement for perimeter coverage and four corners of a floor.
However, voice deployment recommendations should be adopted because of the mission-critical nature of voice traffic.
C. A voice and context-aware site survey can be one survey, but voice deployment recommendations take precedence over context-aware deployment
recommendations because the context-aware survey usually recommends too many APs and might introduce too much co- channel interference,
negatively affecting voice quality.
D. A voice and context-aware site survey can be one survey, but context-aware deployment recommendations take precedence over voice deployment
recommendations because context- aware services require at least four APs to hear clients or tags at -75 dBm. An AP can provide adequate
coverage to voice clients with acceptable SNR.
E. A voice and context-aware site survey can be one survey, but voice deployment recommendations take precedence over context-aware deployment
recommendations. Context- aware surveys usually recommend too many APs, and APs need to be in local mode because APs in monitor mode
spend too much time (2 sec) on each channel, listening for rogue activities, and often miss client or tag beaconing.
Correct Answer: A
Section: (none)
Explanation
QUESTION 63
You are developing a context-aware application with customized middleware. The Cisco MSE is configured to send northbound notifications to the
middleware as well as to the Cisco WCS via SOAP/XML. You created the notification definitions via the WCS and see notifications coming in on the
middleware, but you do not see notification messages showing up in the WCS.
What could be causing this problem?
A. The notification receiver is not correctly configured in the WCS. Make sure the WCS is correctly configured with a northbound notification receiver
using SNMPv2 and the correct community string.
B. The notification group does not have an MSE assigned and the MSE is not synchronized.
C. The WCS does not understand SOAP/XML. To correct this, change the transport protocol to SNMP/plain text.
D. The WCS does not understand SOAP/XML. To correct this, change the transport protocol to SNMP/XML.
E. The WCS does not understand SOAP/XML. To correct this, change the transport protocol to Syslog/plain text.
F. The WCS does not understand SOAP/XML. To correct this, change the transport protocol to Syslog/XML.
Correct Answer: D
Section: (none)
Explanation
QUESTION 64
A customer calls you to report that it is not able to carry calls on its Cisco Unified Wireless IP phones. The phones are not registering with the call
manager even though it has a static IP address. Which WLC feature could be causing this problem?
A. DHCP Address Assignment Required is selected on the SSID.
B. There is a DHCP server configured on the SSID. This should not be implemented when AAA override is selected.
C. MFP client protection should be set to "required" on Voice SSIDs.
D. The Option 150 IP address is misconfigured in the DHCP pool.

Correct Answer: A
Section: (none)
Explanation
QUESTION 65
You have been getting reports of voice disruption over wireless communications in your network. Your SSID is configured to use WPA1 with TKIP and
Cisco Centralized Key Management. You see a lot of TKIP replay messages on the WLC logs.
What is the most probable reason for the voice disruptions?
A. TKIP replay causes access point to reboot as a security measure. This causes voice disruptions for the associated clients until they scan and
reconnect to another AP.
B. The TKIP countermeasure timer is putting the AP down for a specified time and causing the voice disruptions.
C. TKIP replay activates MFP. If MFP detects the replays, it will trigger a disassociation to all wireless clients.
D. The use of WPA1 with TKIP is the main reason for the voice disruptions. It is better to use WPA2 with AES to avoid this problem.
Correct Answer: B
Section: (none)
Explanation
QUESTION 66
A user runs the Cisco Unified Wireless IP Phone 7921 with an AP that runs autonomous Cisco IOS Software. How does the 7921 decide whether to
associate to an AP to avoid over congestion?
A. The 7921 monitors the QBSS information element, which includes the Min and Max contention window fields, and uses the information to evaluate
contention and channel utilization.
B. The 7921 monitors the QBSS information element, which includes channel load information in the beacon and probe response frames.
C. The 7921 monitors the QBSS information element, which includes EDCF such as queuing on the radio egress port, and uses the information to
evaluate AP load and make an association decision.
D. The 7921 monitors the QBSS information element, which includes radio access categories and the Min and Max contention window fields, to
evaluate AP load.
Correct Answer: B
Section: (none)
Explanation
QUESTION 67
Two callers, using the Cisco Unified Wireless IP Phone 7921 on the same AP running autonomous Cisco IOS Software, have trouble calling each other,
but the problem does not exist when they call each other using a wired IP phone. Signaling and call routing appear to work correctly. What else might be
causing the problem?
A.
B.
C.
D.
E.
F.
On the AP, DTIM is set to 2, Beacon Interval is set to 100, and PSPF is enabled.
On the AP, MFP is enabled for U-APSD, DHCP is not required, and PSPF is disabled.
On the AP, WMM is enabled for U-APSD, DHCP is required, and PSK is enabled.
On the AP, CAC is enabled for U-APSD, P2P-blocking is enabled, and Cisco CKM is enabled.
On the AP, ARP unicast is disabled, 802.1X is configured, and WDS is enabled.
On the AP, MFP is disabled, 802.1X is configured to support TSPEC, and WDS is enabled.
Correct Answer: A
Section: (none)
Explanation
QUESTION 68
You want to expand the services of your wireless network and add location tracking on top of voice over wireless. Although the existing wireless network
offers excellent voice over wireless services, tracking accuracy is not working well enough. You decide to contract a site survey engineer. What is this
engineer most likely to recommend?
A.
B.
C.
D.
E.
Disable 2.4 GHz and higher data rates, which interfere with location tracking.
Add wireless APs that are not from Cisco, to accomplish location tracking.
Add more APs to the perimeters of the floors.
Choose between voice over wireless and location tracking; you cannot use both simultaneously.
Install chokepoints to perform good location accuracy.
Correct Answer: C
Section: (none)
Explanation
QUESTION 69
You are a wireless specialist and have been called to inspect an existing wireless network that offers voice services. High channel utilization on 2.4 GHz
has been reported. How can you solve this problem?
A.
B.
C.
D.
E.
Disable higher data rates 36, 48, and 54 Mb/s, which increase channel utilization.
Enable lower data rates 1 and 2, to avoid sticky clients.
Disable data rates 1, 2, 5.5, 6, and 9 Mb/s; set 11 Mb/s as mandatory; and leave the other higher data rates as supported.
Deselect DTPC, to avoid high channel utilization.
Enable at least five mandatory data rates.
Correct Answer: C
Section: (none)
Explanation
QUESTION 70
A Cisco Wireless IP Phone is unable to seamlessly roam on 2.4 GHz. There are interruptions of several seconds on each roaming. No problems are
reported on 5 GHz. A full site survey for voice has been completed on both bands.
Which Cisco WLC feature does this issue involve?
A. client load balancing
B. Aironet information element
C. coverage-hole detection
D. client band select

Correct Answer: D
Section: (none)
Explanation
QUESTION 71
To achieve location tracking, which four tasks must be completed? (Choose four.)
A.
B.
C.
D.
E.
F.
Synchronize Cisco WLC or WLCs with Cisco MSE.

Add Cisco MSE to Cisco WCS.
Synchronize the network designs with Cisco MSE.
Open UDP port 6750 between Cisco WLC and Cisco MSE.
Ensure that APs are placed correctly on maps.
Ensure that the correct antenna type is selected on Cisco WCS.
Correct Answer: ABCE

Section: (none)
Explanation
updated
QUESTION 72
When designing a WLAN network using Cisco 1142 APs to support both voice services (Cisco 7921 IP Phones) and data services, what design
principles are true? (Choose 2)
A. 802.11n data rates should be enabled to improve overall performance even if the Cisco 7921 IP Phones do not support 802.11n data rates.
B. 802.11n data rates should not be enabled as the Cisco 7921 IP Phones are not 802.11n capable. As such, no performance improvement is expected
for the voice clients upon enabling 802.11n data rates.
C. Ensure proper floor coverage to ensure good voice quality (-67 dBm, 20% cell overlap, and 19 dB channel separation).
D. -67 dBm, 20% cell overlap, and 19 dB channel separation is impossible to achieve. Therefore, a site survey to ensure required RSSI coverage is top
priority to ensure good voice quality.
E. RRM should not be used as it is not designed for wireless voice services and will adjust the channel and Tx power settings to non optimized values
for voice services.
F. RRM should be used because it is the only way to ensure that channel and Tx power are configured to support voice services.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 73
Resource Reservation Control (RRC) provides enhanced capabilities to manage admission and policy controls when deploying VideoStream on a Cisco
Unified Wireless Network. Which statement correctly states the decision making process RRC goes through to admit or deny a client from joining a
stream?
A. RRC initiates admission and policy decisions based on the radio resource measurements, traffic statistics measurement, and system configurations.
The WLC initiates RRC requests to the APs for the IGMP join.
B. The WLC processes IGMP join requests after checking all the parameters, including client count, channel utilization, latency, QoS, and client link
rates.
C. RRC algorithm periodically checks if conditions have changed. If a policy is violated, the client will be denied to the stream immediately. When the
condition improves, the client will be admitted to join again.
D. RRC algorithm will check and ensure the conditions are optimal before the client gets admitted. If the conditions are only partially satisfied, the client
will be admitted but will have a better QoS priority to protect the stream quality.
E. RRC is a control mechanism to ensure good connection quality for a video stream via multicast. Clients that do not satisfy all conditions will always
be admitted as best effort clients.
Clients that do not get admitted 3 times within a specific time period, are denied access to the stream.
Correct Answer: A
Section: (none)
Explanation
QUESTION 74
Which two statements are true regarding the location tracking history on the Cisco 3300 Series Mobility Services Engine? (Choose two.)
A.
B.
C.
D.
E.
By default, the historical data is archived for 30 days.

The history of an element is recorded if it moves more than 5 meters (or 15 feet).
The history of an element is recorded if it moves across floors.
History logging is enabled by default.
An element is removed from the tracking table after one hour of inactivity.
Correct Answer: AC
Section: (none)
Explanation
perfect answer
QUESTION 75
When designing a WLAN network to support both voice and context-aware services, which set of design principles should you follow?
A. An AP must be placed at the perimeter and in each of the four corners of the floor. All APs must be enabled to ensure proper coverage on the floor
to provide -67 dBm, 20 percent cell overlap, and 19 dB channel separation.
B. An AP must be placed at the perimeter and in each of the four corners of the floor. Some APs may be disabled to ensure proper coverage on the
floor to provide -67 dBm, 20 percent cell overlap, and 19 dB channel separation.
C. An AP must be placed at the perimeter and in each of the four corners of the floor to ensure proper coverage on the floor to provide -67 dBm, 20
percent cell overlap, and 19 dB channel separation. Some APs may be in monitor mode.
D. If a conflict occurs between the AP placement for voice design and for context-aware location design, then the voice design should take precedence,
to protect against delays and dropping of sensitive voice traffic.
E. In a design that includes both voice and context-aware services, voice design always requires more APs to be deployed to ensure -67 dBm
coverage, 20 percent cell overlap, 19 dB channel separation, and proper capacity planning.
F. In a design that includes both voice and context-aware services, voice design should take precedence to avoid co-channel interference, which can
negatively affect voice quality. Voice design also requires -67 dBm coverage, 20 percent cell overlap, and 19 dB channel separation, which is more
difficult to achieve.
Correct Answer: C
Section: (none)
Explanation
QUESTION 76
When deploying the Cisco Unified Wireless IP Phone 7925 running firmware release 1.3.4 on a Cisco Unified architecture, which features should you
enable to support fast secure roaming while maintaining a scalable deployment?
A.
B.
C.
D.
E.
F.
The controller supports PKC, so use WPA2 802.1X.

The controller does not support PKC, so use WPA2 PSK.
The controller does not support OKC, so use WPA2 PSK.
The 7925 does not support WPA2 with Cisco CKM, so use WPA2 PSK.
The 7925 supports WPA2 with Cisco CKM, so use WPA2 802.1X.
The 7925 supports PKC, so use WPA2 802.1X.
Correct Answer: E
Section: (none)
Explanation
QUESTION 77
To support efficient bandwidth utilization for broadcasting multicast packets to all WLANs on the AP, which two mechanisms can you configure on the
Cisco WLCs? (Choose two.)
A. VideoStream can be used to convert multicast transmissions to broadcast transmissions at the AP, to enable the AP to receive ACKs from the
clients and to determine the frames that need to be retransmitted.
B. VideoStream can be used to convert multicast transmissions to unicast transmissions at the AP. The same data rate will be used, but the unicast
stream allows the AP to receive ACKs from the clients and to determine the frames that need to be retransmitted.
C. RRC in a Cisco WLC will use channel utilization as a metric to determine capacity and perform admission control, but it does not deny requests that
would cause oversubscription.
D. RRC in a Cisco WLC will use channel utilization as a metric to determine capacity and perform admission control, and it denies requests that would
cause oversubscription by sending SAP messages to clients on drop.
E. VideoStream can be used to convert multicast transmission to unicast transmission at the AP.
Because of the unreliable nature of wireless media, no ACKs are expected from the clients; however, unicast transmission will effectively reduce
multicast PLR to between 0.1 and 0.5 percent.
F. VideoStream can be used to convert multicast transmission to unicast transmission at the AP, to enable the AP to receive ACKs from the clients and
to determine the frames that need to be retransmitted.
Correct Answer: DF
Section: (none)
Explanation
QUESTION 78
Looking at the packet capture between the client and AP during a voice troubleshooting session, what can you learn?
A.
B.
C.
D.
The 802.1p COS value is marked as 5, which typically is used for the voice traffic that is encoded in G711.
IP precedence is marked as 5 for the voice traffic that is encoded in G711, with a corresponding 802.11e UP marking of 6.
The WMM UP value is marked as 5, which typically is used for the voice traffic that is encoded in G711, and DSCP is marked as EF.
IP precedence is marked as 5, with a corresponding 802.11e UP marking of 6 and a correct DSCP marking to EF; the voice traffic is encoded in
G711.
E. The 802.1p COS value is marked as 5, with a correct DSCP marking to EF, and the voice traffic is encoded in G711.
F. WMM UP marking is marked as 5, which typically is used for video traffic; this voice traffic stream is encoded in G711, and DSCP is marked as EF.
Correct Answer: F
Section: (none)
Explanation
QUESTION 79
A hospital has four Cisco WLCs, a WCS, and an MSE. All devices are correctly synchronized via the WCS. You have been called to inspect a location
tracking problem. In some areas, tracked elements are being reported on wrong floors. After troubleshooting, you find out that the hospital building does
not provide enough interfloor attenuation.
What is the best way to solve the problem?
A.
B.
C.
D.
Assign a separate WLC to each floor in order to make sure that tags do not get reported on wrong floors.
Do not use more than 10 APs on each floor. Using more than 10 causes signals to propagate across floors and pushes tags to wrong floors.
Vertically align APs across floors for better accuracy.
Turn on Cisco Compatible Extensions location measurements on the WLC to enhance location accuracy.
Correct Answer: C
Section: (none)
Explanation
QUESTION 80
Which two statements are true regarding the VideoStream functionality on the WLC? (Choose two.)
A.
B.
C.
D.
E.
F.
It applies to any multicast video streams available on the network.

It enables broadcasting the video stream using 802.11n HT data rates.
It applies only to the configured media streams.
It converts the multicast video stream into unicast to be sent directly to clients at the WLC level.
It delivers reliable video multicast by having the receiver clients acknowledge the 802.11 multicast video data frames on the air.
The AP replicates the multicast video frames into 802.11 unicast frames to be sent directly to wireless clients at their individual data rate.
Correct Answer: CF
Section: (none)
Explanation
QUESTION 81
You were hired as a wireless consultant to plan and design a secure WLAN on a Cisco Unified Wireless Network, allowing access only by the
employees of the company. The requirements are as follows:
Authenticate employees based on their existing Active Directory user domain credentials.
The username/password credentials need to be protected during the authentication handshake by using a PKI.
Encrypt data traffic using the strongest encryption method defined by the 802.11i standard.
Implement a standard authentication method that is supported by most wireless clients and RADIUS servers
What option meets these requirements?
A.
B.
C.
D.
EAP-TLS with WPA2-AES

PEAPv0/EAP-MS-CHAPv2 with WPA2-AES
EAP-FAST/EAP-MS-CHAPv2 (anonymous PAC provisioning) with WPA2-TKIP
EAP-FAST/EAP-MS-CHAPv2 (anonymous PAC provisioning) with WPA2-AES
Correct Answer: B
Section: (none)
Explanation
QUESTION 82
Which association certifies product interoperability between different vendors so that users are not locked into a single brand of Wi-Fi products?
A.
B.
C.
D.
E.
F.
IEEE
IETF
Wi-Fi Alliance
FCC
Wireless Networking Alliance
Cisco Compatible Extensions
Correct Answer: C
Section: (none)
Explanation
QUESTION 83
What is the role of the IEEE regarding WLANs?
A.
B.
C.
D.
IEEE conducts certification testing to ensure that products from different vendors can interoperate.
IEEE provides guidance and creates regulations for each regulatory authority concerning spectrum usage, including frequency and power settings.
IEEE maintains and creates technical standards and protocols used by wireless LAN devices.
IEEE enforces standards and regulations within each regulatory domain and reports violations to appropriate authorities.
Correct Answer: C
Section: (none)
Explanation
QUESTION 84
Which RRM feature increases the AP radio Tx power when the client SNR levels pass below a given threshold?
A.
B.
C.
D.
Dynamic Channel Assignment

Transmit Power Control
Dynamic Transmit Power Control
Coverage Hole Detection
Correct Answer: D
Section: (none)
Explanation
QUESTION 85
It is recommended that you use channels 1-6-11 on a 2.4-GHz WLAN deployment with three or more APs, because only channels 1 to 11 are available
on the 2.4-GHz Cisco ISM band due to the regulatory domain. Which one of these statements explains why this channel usage is recommended?
A. This channel usage is required by the 802.11 standard.
B. They are the only non-overlapping channels available on the 2.4-GHz ISM band. Channels other than 1-6-11 overlap each other.
C. This is the highest channel usage combination available (allowing three different channels to be used), combining channels that are separated
enough on the 2.4-GHz ISM band to avoid co- channel interference.
D. The channels are separated 30-MHz away, and the energy radiated by an 802.11b/g device can only extend up to 25-MHz within the bandwidth of
the channels due to regulations.
Correct Answer: C
Section: (none)
Explanation
QUESTION 86
Which two of the below protocols must a client support in order to use client MFP? (Choose two.)
A.
B.
C.
D.
E.
F.
802.1x
CCXv4
CCXv5
WEP
WPA1 with TKIP or AES-CCMP
WPA2 with TKIP or AES-CCMP
Correct Answer: CF
Section: (none)
Explanation
QUESTION 87
Which three of the below values does a wireless client use, when operating in DCF mode, to calculate the duration field in the 802.11 MAC header for
transmitting a non-fragmented unicast data packet? (Choose three.)
A.
B.
C.
D.
E.
F.
MPDU length
SIFS interval
DIFS interval
PIFS interval
transmit rate
ACK length
Correct Answer: BEF

Section: (none)
Explanation
appropriate answers
QUESTION 88
The 802.11e standard defines mechanisms for providing QoS treatment to wireless frames. Which three of these mechanisms enable the 802.11e
EDCA standard to achieve differentiated treatment for wireless frames? (Choose three.)
A.
B.
C.
D.
E.
priority queuing
802.3af tag mapping
four access categories
AP controlled access phase
differentiated back-off timers
Correct Answer: ACE

Section: (none)
Explanation
QUESTION 89
The IEEE 802.11i standard defines mechanisms for wireless client authentication and data encryption. During 802.1X EAP authentication, a number of
keys are used in order to establish a secure encrypted link between the access point and the client. Which two of these keys are derived via the WPA
four-way handshake? (Choose two.)
A.
B.
C.
D.
E.
PMK
PTK
MSK
GMK
GTK
Correct Answer: BE
Section: (none)
Explanation
QUESTION 90
In order to protect IEEE 802.11 clients against spoofed management frames, client Management Frame Protection encrypts management frames sent
between access points and clients. Which three of these management frames are protected by client MFP? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
beacon
authentication
deauthentication
disassociation
probe request
probe response
QoS (WMM) action frames
Correct Answer: CDG

Section: (none)
Explanation
QUESTION 91
Infrastructure Management Frame Protection enables the wireless infrastructure to detect management frames spoofed by an attacker. Which two of
these mechanisms does infrastructure MFP introduce to access points in order to protect against such attacks? (Choose two.)
A. management frame validation
B. management frame encryption
C. cryptographically-hashed message integrity check
D. cryptographically-hashed frame check sequence

E. 802.1x authentication
Correct Answer: AC
Section: (none)
Explanation
QUESTION 92
You are deploying a wireless network in a warehouse located next to an airport. Which two of these 5-GHz channels would avoid potential radar
interference, considering that many airport radars use the UNII-2 frequency ranges? (Choose two.)
A.
B.
C.
D.
36
52
140
153
Correct Answer: AD
Section: (none)
Explanation
QUESTION 93
Your site has already been surveyed at 5 GHz for 802.11n VoWLAN services. Which two services can you add safely, without conducting an additional
site survey? (Choose two.)
A.
B.
C.
D.
E.
enhanced Layer 2 or Layer 3 security of the WLAN

optional MFP client protection for Cisco Client Extensions Version 5 clients
802.11n data services on the 2.4 GHz Frequency
802.11n voice services on the 2.4 GHz Frequency
new services (such as location) on both frequencies
Correct Answer: AB
Section: (none)
Explanation
QUESTION 94
Which two of the following statements are true regarding RLDP? (Choose two.)
A.
B.
C.
D.
E.
RLDP works only on APs configured in Open Authentication mode.

RLDP only works if the AP is in Monitor Mode.
RLDP will attempt to identify each Rogue AP only once.
RLDP only works if the Rogue AP is connected to a VLAN that is reachable by the WLC.
RLDP only works if the AP is in Local Mode.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 95
When configuring authentication for a WLAN through a RADIUS server, which statement is correct when per-WLAN RADIUS source support is
enabled?
A. You must specify a RADIUS server in the WLAN settings; otherwise, authentications will fail.
B. If the RADIUS server is on one of the WLC dynamic interface networks, RADIUS traffic from the controller will be sourced from that dynamic
interface.
C. If AAA override is enabled, the WLAN settings will override any RADIUS attribute received by the RADIUS server.
D. Wireless clients need to trust the WLC certificate in case of EAP-TLS authentications.
Correct Answer: B
Section: (none)
Explanation
answer is valid
QUESTION 96
When implementing a web authentication-based WLAN, which two of these statements are correct? (Choose two.)
A. When using an external web authentication server, a pre-auth ACL is required for the WLC 5500.
B. You need to configure DNS resolution for the IP address of the Cisco WLC virtual interface.
C. When using the Cisco WLC as a web auth server, wireless clients will never be able to validate the Self Signed Certificate (SCC) so a Locally
Significant Certificate (LSC) must be used.
D. If you are using an external web server for the login portal, wireless clients may be required to trust two certificates: one from the external web server
and one from the Cisco WLC.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 97
Which two of these procedures enable you to implement dynamic VLAN assignment for wireless users connecting to a Cisco WLC on a secure dot1x
WLAN, so that users connect to a specific VLAN based upon their credentials? (Choose two.)
A.
B.
C.
D.
E.
Configure the IETF Tunnel-Private-Group-ID attribute on the TACACS server so that it can send the VLAN ID to the WLC.
Configure the IETF RADIUS attributes 64, 65, and 81 on the RADIUS server so that it can send the VLAN ID to the WLC.
Configure the IETF RADIUS attribute 81 on the RADIUS server so that it can send the interface name to the WLC.
Configure the Cisco Airespace RADIUS Aire-Vlan-Id attribute on the RADIUS server so that it can send the VLAN ID to the WLC.
Configure the Cisco Airespace RADIUS Aire-Interface-Name attribute on the RADIUS server so that it can send the interface name to the WLC.
Correct Answer: BE
Section: (none)
Explanation
QUESTION 98
When configuring management user authentication on a WLC, which statement is correct?
A. You can configure an LDAP server to authenticate management users.
B. You can configure users on the local WLC database with different authorization privileges for specific menus.
C. If the local database is selected as a second priority after RADIUS, the local WLC database will not be used if the authentication fails through the
RADIUS server.
D. A lobby ambassador user can push new management users to the WLC through Cisco WCS.
Correct Answer: C
Section: (none)
Explanation
QUESTION 99
You want to restrict read/write admin access levels to only the Security tab on a Cisco WLC for a particular admin user. Which two of these options do
you need to configure? (Choose two.)
A.
B.
C.
D.
E.
a custom attribute-value pair on the ACS

a Cisco attribute-value pair on the ACS
a RADIUS authentication/authorization server
a TACACS+ authentication/authorization server
the Lobby Ambassador feature
Correct Answer: AD
Section: (none)
Explanation
QUESTION 100
You are troubleshooting a connectivity issue on a Cisco WLC, in which wireless clients occasionally lose their connection. Which two of these
infrastructure application services can help you to troubleshoot this issue by using one service to synchronize time on the WLC, and a server that is
configured with another service to receive the output of the client debugs from the WLC? (Choose two.)
A.
B.
C.
D.
E.
F.
G.
FTP
TFTP
syslog
SNMP
DHCP
NTP
TRAPLOG
Correct Answer: CF
Section: (none)
Explanation
verified answers
QUESTION 101
You are configuring a Cisco WLC in a hotel that provides wireless guest access to the Internet, using web authentication. Guest credentials are
generated for individual rooms upon check-in. Users often complain about certificate security warnings when opening their browser. You need to fix this
issue so that the clients stop getting this certificate warning every time they access the Web-Authentication page, but still protect the credentials during
the authentication handshake of this guest setup. You cannot configure the user devices yourself. What is the best solution that meets these
requirements?
A.
B.
C.
D.
Disable HTTPS on the WLC to avoid the certificate warning during the web authentication.
Configure the WLAN with an EAP method that does not use PKI certificates, but still protects the credentials during the authentication handshake.
Remove the self-signed SSL certificate of the WLC or make sure that the clients know about the WLC CA that generated this self-signed certificate.
Install a third-party SSL certificate on the WLC, issued by a known public CA.
Correct Answer: D
Section: (none)
Explanation
QUESTION 102
When configuring a WLAN doing Layer 3 web authentication, the Cisco WLC can authenticate the users with different servers or databases. Which two
of these activities are valid options? (Choose two.)
A.
B.
C.
D.
E.
F.
using the local RADIUS server of the WLC

using the local database on the WLC (just configuring local net users)
using Lobby Ambassador users
using PAP with an external RADIUS server
using MS-CHAP with an external RADIUS server
using LDAP over SSL with an external database
Correct Answer: BD
Section: (none)
Explanation
QUESTION 103
When authenticating wireless clients through PEAPv0 with MS-CHAPv2, which statement is correct?
A.
B.
C.
D.
E.
Authentication credentials are exchanged inside a TLS tunnel.

The client must trust the RADIUS server certificate.
The same certification authority must issue both the client and server certificates.
The CN attribute of the RADIUS server certificate must contain the FQDN or the IP address of the RADIUS server itself.
A self-signed RADIUS server certificate cannot be used.
Correct Answer: A
Section: (none)
Explanation
answer is modified
QUESTION 104
What is the correct command to upgrade an autonomous AP to a Cisco Unified AP (Cisco IOS Release 12.3(8)JEA2), after you established console
access to the AP and set up a TFTP server at 1.1.1.1?
A.
B.
C.
D.
AP# copy tftp: flash://<1.1.1.1>/ c1140-rcvk9w8-tar.123-8.JEA2.tar

AP# archive download-sw/force-reload/overwrite tftp://1.1.1.1/ c1140-k9w7-tar.123- 8.JEA2.tar
AP# archive download-sw/force-reload/overwrite tftp://1.1.1.1/ c1140-rcvk9w8-tar.123- 8.JEA2.tar
AP# archive download-sw/force-reload/overwrite tftp://1.1.1.1/ c1140-k9w7-bin.123- 8.JEA2.bin
Correct Answer: C
Section: (none)
Explanation
QUESTION 105
You are configuring an access point in a mobile scenario (on a train) which is connected to a L2 switch that has multiple clients attached. The access
point must be configured to connect to the mesh network. Which two of the below bridge configuration settings need to be configured? (Choose two.)
A.
B.
C.
D.
station-role workgroup-bridge
station-role workgroup-bridge universal
station-role non-root bridge
infrastructure-ssid
Correct Answer: AD
Section: (none)
Explanation
QUESTION 106
What does the max-channel 30 command refer to?

A.
B.
C.
D.
maximum percentage of channel utilization for CAC traffic

maximum bandwidth of traffic utilization for CAC traffic
maximum percentage of bandwidth for non-CAC traffic
maximum number of queues on the radio interface for CAC traffic
Correct Answer: A
Section: (none)
Explanation
QUESTION 107
You are deploying a Cisco DMP (Digital Media Player) that only has an Ethernet interface, and you plan to plug it into an access point to connect it to the
Cisco Unified Wireless Network. The DMP multicast video is displaying distorted and pixelated video. Which one of these radio interface actions is most
likely to improve the video stream quality?
A.
B.
C.
D.
Increase the RTS threshold to 2000.

Disable short preambles.
Configure station-role workgroup-bridge universal.
Enable infrastructure-client.
Correct Answer: D
Section: (none)
Explanation
QUESTION 108
The autonomous AP has a corporate and guest SSID configured. The security team requested that you limit guest user traffic to DHCP, DNS, and web
browsing on the AP. Which configuration best satisfies the request?
A. access-list 101 permit udp any any eq 67
access-list 101 permit udp 10.28.128.0 0.0.0.255 host 10.28.10.5 eq 53 access-list 101 permit tcp 10.28.128.0 0.0.0.255 any eq 80 access-list 101
deny ip any any
interface FastEthernet 0
B. access-list 101 permit udp any any eq 67
access-list 101 permit udp 10.28.128.0 0.0.0.255 host 10.28.10.5 eq 53 access-list 101 permit tcp 10.28.128.0 0.0.0.255 any eq 80 access-list 101
deny ip any any
interface dot11radio 0
C. access-list 101 permit udp any any eq 67
access-list 101 permit udp 10.28.128.0 255.255.255.0 host 10.28.10.5 eq 53 access-list 101 permit tcp 10.28.128.0 255.255.255.0 any eq 80
access-list 101 deny ip any any
interface dot11radio 0
D. access-list 101 permit udp any any eq 67
access-list 101 permit udp 10.28.128.0 255.255.255.0 host 10.28.10.5 eq 53 access-list 101 permit tcp 10.28.128.0 255.255.255.0 any eq 80
access-list 101 deny ip any any
interface FastEthernet 0
Correct Answer: B
Section: (none)
Explanation
verified answer
QUESTION 109
In the Cisco Unified Wireless Network (CUWN) model, which of the following mappings is correct at the AP level?
A.
B.
C.
D.
The AP maps IP DSCP 46 (EF) to IEEE 802.11e UP CoS 6.

The AP maps IP DSCP 46 (EF) to IEEE 802.11e UP CoS 5.
The AP maps IEEE 802.11e UP CoS 6 to 802.1p UP CoS 5.
The AP maps IEEE 802.11e UP CoS 5 to 802.1p UP CoS 6.
Correct Answer: A
Section: (none)
Explanation
QUESTION 110
You enabled CAC on your autonomous AP. Which two of these statements are true? (Choose two.)
A.
B.
C.
D.
If WMM is enabled, non-WMM clients are still able to prioritize voice packets.
If WMM is disabled, the AP will prioritize voice packets.
If WMM is enabled, the AP will prioritize voice packets.
If WMM is disabled, WMM clients are still able to prioritize voice packets internally.
Correct Answer: CD
Section: (none)
Explanation
QUESTION 111
A network administrator is trying to convert a Cisco Aironet 1250 Series Lightweight Access Point back to autonomous mode using a TFTP server and
AP mode button. DHCP Option 43 is configured, but the AP is not connected to the controller. Console and physical access to the AP has been
established. The TFTP server is local to the PC and the directory has the original image of "c1250-k9w7-tar.124-10b.JDA3.tar," downloaded from
Cisco.com. The PC is directly connected to the access point, but the conversion is failing. Which one of these statements is a possible reason for the
failure?
A.
B.
C.
D.
E.
The 1250 Series AP is a lightweight-only AP and needs a WLC.

The image filename is incorrect.
The lightweight AP has to be joined to the WLC and then converted, using the config ap tftp- downgrade command.
Telnet is not enabled on the AP or WLC.
The network administrator needs to use the archive command directly on the AP for this procedure to complete.
Correct Answer: B
Section: (none)
Explanation
QUESTION 112
Company XYZ needs to establish network connectivity to a newly acquired, adjacent building less than 1 kilometer (3280 feet) away. The project calls for
implementing a wireless solution using autonomous access points in a point-to-point bridging solution using external antennas on interface dot11radio1.
You need to secure the bridge link with strong EAP, DOT1x, and WPA methods, using a local RADIUS server. However, the link cannot be established
and the following message is observed in the logs: "DOT1X_SHIM-3-SUPP_START_FAIL: Unable to start supplicant on Dot11Radio1." What is most
likely the root cause?
A.
B.
C.
D.
The non-root bridge is not configured for WPA key management.

There is RF interference corrupting the 802.11b/g RF signal.
The non-root bridge does not have the correct authentication credentials configured.
The RADIUS service on the root bridge is not started or needs to be restarted.
Correct Answer: C
Section: (none)
Explanation
QUESTION 113
Company ABC is implementing a point-to-point bridging solution to a building approximately 3 kilometers (1.86 miles) away. The equipment used will be
two autonomous access points set to frequency 2412 Mhz with external antennas. The bridge link will be authenticated using an external RADIUS
server. While looking at the interface statistics, the network administrator observes duplicate frames in the receive counters. What is most likely the root
cause of these duplicate frames?
A.
B.
C.
D.
E.
The antennae are not installed on the primary port.

The counters on interface dot11radio1 are most likely due to the RF signal being corrupted by an outside interference source.
The non-root bridge is failing the authentication process and, as a result, sending and receiving intermittently.
The distance parameter is not configured.
There is no clear LOS between the two buildings. The access points need to be mounted on higher masts to obtain the proper clearance.
Correct Answer: D
Section: (none)
Explanation
QUESTION 114
Which three of the below statements is true about Radio Resource Management Neighbor messages? (Choose three.)
A.
B.
C.
D.
E.
F.
they are transmitted at minimum power

they are transmitted at maximum power
they are transmitted at the highest data rate
they are transmitted at the lowest supported data rate
they are transmitted on all serviced channels
they are transmitted every 60 seconds
Correct Answer: BDF

Section: (none)
Explanation
updated answers
QUESTION 115
A user reported that, when viewing a video over the wireless network, the video keeps dropping every 30 minutes. What is the most likely cause?
A. Interference is causing the connection to drop.
B. The default session timeout is deauthenticating the client.
C. The WLC, by default, changes channel every 30 minutes.
D. The idle timeout is disassociating the client.

Correct Answer: B
Section: (none)
Explanation
QUESTION 116
You have been hired by an organization that would like to grow their wireless deployment from 150 to 300 users. They only have 200 available
addresses on the current wireless subnet and are looking for recommendations on how to overcome this limitation. They have already created a second
interface in another subnet that provides 200 additional addresses to accommodate the additional users. Which two of the below actions would you
recommend? (Choose two.)
A.
B.
C.
D.
E.
F.
Use the local DHCP server on the WLC to assign addresses.

Create AP groups, assign APs to the groups and assign different interfaces to the WLAN for each group.
Configure LACP on the WLC.
Change the default maximum number of allowed clients.
Create an interface group and assign the interface group to the WLAN.
Configure Passive Client on the WLAN.
Correct Answer: BE
Section: (none)
Explanation
QUESTION 117
Which WLC feature allows an administrator to limit a wireless client to trigger a change in the AP power settings?
A.
B.
C.
D.
E.
Wireless Protection Policies

Management Frame Protection
Cisco Aironet Extensions
Coverage Hole Detection
Transmit Power Control
Correct Answer: D
Section: (none)
Explanation
QUESTION 118
What is the minimum CCX version to support WMM?
A.
B.
C.
D.
v2, which also supports Cisco Centralized Key Management

v3, which also supports EAP-FAST
v4, which also supports UPSD
v5, which also supports MFP
Correct Answer: B
Section: (none)
Explanation
QUESTION 119
You like to troubleshoot location tracking issues on one specific RFID tag. How can this be achieved?
A.
B.
C.
D.
Turn on wcp events enable on the WLC and filter events based on MAC address.
Turn on debug rfid {mac address} enable on the WLC, and filter CCX Payload packets sent toward the MSE based on the MAC address.
Turn on CCXv5 on the RFID tag to allow sending RSSI information toward the AP, including the client ID.
Enable MAC Address Based Logging Parameters. Download and examine the zip file containing the log on the Cisco WCS or NCS.
Correct Answer: D
Section: (none)
Explanation
QUESTION 120
Location tracking and positioning systems can be classified by different techniques. Which statement is true?
A. The ToA technique requires very precise knowledge of the transmission start times. To simplify this technique, TDoA does not require the use of a
synchronized time source at the point of transmission, but the receivers still require time synchronization.
B. RSS is measured by either the mobile device or the receiving sensor. Knowledge of the transmitter output power allows you to calculate the distance
between the two stations.
C. A common benefit of AoA compared to the other location tracking techniques is its susceptibility to multipath interference, which allows several angle
calculations and therefore very accurate positioning.
D. The LTP field in the CCX Payload information allows synchronization between transmitter and receivers to allow calculation of the position within 10
meters during 90 percent of the time.
Correct Answer: A
Section: (none)
Explanation
QUESTION 121
Why would a wireless voice deployment not be good enough for providing accurate context- aware services?
A.
B.
C.
D.
Voice wireless clients have higher power settings. If you add context-aware services, you need to add APs within the area.
Voice wireless clients operate at a higher speed than needed for RFID tagging.
It is not a requirement to place APs at the floor perimeter for voice deployments.
The RFID tags use multicast, whereas wireless clients use unicast.
Correct Answer: C
Section: (none)
Explanation
correct answer
QUESTION 122
If you are restricted from using 5 Ghz channels that require DFS and TPC for a 7925 VoWLAN customer deployment in the United States, how many
channels can you use?
A.
B.
C.
D.
4
8
12
16
Correct Answer: B
Section: (none)
Explanation
QUESTION 123
Your enterprise customer is considering adding a VoWLAN service to their existing wireless deployment. The VoWLAN wireless phones have limited
power and processing capabilities. The IT manager insists that, while the authentication protocol must preserve battery and processing power, it must
also be secure. Assume that the wireless phones and AAA infrastructure support all the EAP methods listed within the options. Which one of the below
802.1X EAP authentication protocols would you recommend to your customer?
A.
B.
C.
D.
EAP-FAST
EAP-TLS
EAP-TTLS
LEAP
Correct Answer: A
Section: (none)
Explanation
QUESTION 124
Asset tags are not being detected correctly and re-verification of the correct configuration should be performed. It is also recommended that verification
of correct asset tag RSSI detection and message forwarding is conducted. Which statement is correct about the RFID tag timeout settings, as you would
see in a show advanced location summary on a Cisco WLC?
A. The RFID tag timeout should be set to two to five times the longest tag transmission interval found in the tag population, including stationary and any
in-motion tag transmission intervals.
B. The RFID tag timeout should be set to four to six times the longest tag transmission interval found in the tag population, including stationary and any
in-motion tag transmission intervals.
C. The RFID tag timeout should be set to three to eight times the longest tag transmission interval found in the tag population, including stationary and
any in-motion tag transmission intervals.
D. The RFID Tag RSSI expiry timeout cannot be configured; it is a fixed value (1200 seconds).
Correct Answer: C
Section: (none)
Explanation
QUESTION 125
The Context-Aware Services engine, which resides on the Cisco MSE, can determine and track the location of wireless clients based on data reported
by the access points. Which two types of data does the CAS engine use to determine the location of the wireless clients? (Choose two.)
A.
B.
C.
D.
E.
SNR
RSSI
number of antennas per access point
TDOA
current access point power level
Correct Answer: BD
Section: (none)
Explanation
QUESTION 126
Wireless client location tracking provided by the Cisco MSE relies heavily on the number of access points that can hear a particular wireless client. What
are the minimum and optimal numbers of access points required to cover an area in order to provide location tracking?
A.
B.
C.
D.
E.
minimum 1 access point, optimal 3 or more access points

minimum 2 access points, optimal 4 or more access points
Correct Answer: C
Section: (none)
Explanation
QUESTION 127
Bandwidth-based Call Admission Control for voice services allows the client to request the required bandwidth or medium time to accept calls in a
congested RF environment. Which three of these statements must be true in order for bandwidth-based CAC to correctly operate for voice calls?
(Choose three.)
A.
B.
C.
D.
E.
F.
G.
WLAN must use the silver QoS profile

WLAN must use the gold QoS profile
WLAN must use the platinum QoS profile
Client must support at least CCXv4
Client must support at least CCXv3
WMM does not need to be enabled for WLAN
WMM must be enabled for WLAN
Correct Answer: CDG

Section: (none)
Explanation
accurate answers
QUESTION 128
When deploying voice in a new wireless deployment, the phone transmits at a maximum power level of 50 mW. Which maximum AP transmit power
would avoid one-way communication?
A.
B.
C.
D.
23 dBm
14 dBm
17 dBm
20 dBm
Correct Answer: C
Section: (none)
Explanation
QUESTION 129
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 130
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 131
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 132
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 133
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 134
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 135
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 136
The IEEE 802.11n standard provides 40-MHz channels, improved MAC efficiency, and MIMO. Which three elements define the 802.11n implementation
of MIMO? (Choose three.)
A.
B.
C.
D.
E.
channel bonding
dynamic frequency selection
maximal ratio combining
packet aggregation
spatial multiplexing
F. transmit beam forming

Correct Answer: CEF
Section: (none)
Explanation
QUESTION 137
Which two statements about WiMAX technology are true? (Choose two.)
A.
B.
C.
D.
WiMAX is defined by 802.11i.

Typically, fixed WiMAX networks have a higher-gain directional antenna installed near the client.
WiMAX is capable of working as a long-range system over several miles.
WiMAX works only for licensed frequencies.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 138
Which governing body analyzes the applications and environments in which wireless networks are used?
A.
B.
C.
D.
E.
EIRP
ETSI
FCC
IEEE
WiFi Alliance
Correct Answer: D
Section: (none)
Explanation
QUESTION 139
Which description best describes upfade in a multipath environment?
A. In this situation, multiple signal paths are not sent at exactly the same time. The receiver receives a positive crest on the primary signal and a
negative crest on the secondary signal.
B. In this situation, the multiple signal paths are distorted and difficult to understand.
C. In this situation, the multiple signal paths are weaker than they should be because the signals are out of phase with each other.
D. In this situation, the signal is stronger than it should be because multiple signal paths are received twice at exactly the same time, which results in the
multiple signals being in-phase.
Correct Answer: D
Section: (none)
Explanation
QUESTION 140
A controller is connected to a Cisco Catalyst switch. The switch port configuration looks like this:
interfaceGigabitEthernet 1/0/10
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,20,30,50
switchport trunk native vlan 20
switchport mode trunk
Which controller CLI command assigns its management interface to the native VLAN interface of the Cisco Catalyst switch?
A.
B.
C.
D.
E.
config interface vlan management 0

Correct Answer: A
Section: (none)
Explanation
Since the controller management interface is connected to the native vlan interface of the Cisco Catalyst switch, the correct command is: config
interface vlan management vlan-id 0 (http://www.cisco.com/en/US/docs/wireless/controller/5.0/configuration/guide/c5mint.html#wp1 182892

QUESTION 141
Which statement about an infrastructure basic service set is true according to IEEE 802.11 specifications?
A.
B.
C.
D.
The set also is called an ad hoc network.

The BSSID is generated from the first wireless client that starts up in the IBSS.
The set enables the use of ESS.
No signals are relayed from one client to another client.
Correct Answer: C
Section: (none)
Explanation
QUESTION 142
Which two factors must be considered when evaluating an RF interferer for severity? (Choose two.)
A.
B.
C.
D.
E.
F.
distance from the AP

dBm
the type of security crack being used
duty cycle
number of interfering IP stations in the cell
duplicate SSID
Correct Answer: BD
Section: (none)
Explanation
valuable naswers
QUESTION 143
Which two items are needed to discover the IP address of a new Cisco Aironet 1260 autonomous AP that just finished booting? (Choose two.)
A. username = "cisco" and password = "cisco"
B. username = "Admin" and password = "Cisco"
C. username=Cisco and password=Cisco
D.
E.
F.
G.
H.
show int vlan1

show int bvi1
show int gigabitethernet0
show int radio0-802.11n
show int radio1-802.11n
Correct Answer: CE
Section: (none)
Explanation
QUESTION 144
Which statement correctly describes the procedure for a lightweight AP to successfully establish a connection to a controller?
A.
B.
C.
D.
E.
F.
The AP authenticates the received Cisco WLC certificate as valid. The AP then sends its certificate to the controller.
The AP sends its certificate to the controller. The AP then authenticates the received Cisco WLC certificate as valid.
The AP sends its certificate to the RADIUS server. The AP then authenticates the controller certificate as valid.
The AP sends its certificate to the RADIUS server. The AP then authenticates the RADIUS certificate as valid.
The AP authenticates the received RADIUS server certificate as valid. The AP then sends its certificate to the RADIUS server.
The AP authenticates the received RADIUS server certificate as valid. The AP then sends its certificate to the controller.
Correct Answer: B
Section: (none)
Explanation
QUESTION 145
Which two statements about the requirements to configure inter-controller roaming are true? (Choose two.)
A.
B.
C.
D.
E.
F.
The same mobility domain names are configured across controllers.

The same RF group names are configured across controllers.
The same controller hardware version is configured across controllers.
The same AP manager interface is configured across controllers.
The same virtual interface is configured across controllers.
The same controller software version is configured across controllers.
Correct Answer: AE
Section: (none)
Explanation
QUESTION 146
Which two statements best describe the LAG configuration between a Cisco WLC and a Cisco Catalyst switch? (Choose two.)
A.
B.
C.
D.
E.
The Catalyst switch should be configured for PAgP.

The Catalyst switch should be configured only for Layer 2 load balancing.
The Catalyst switch should be configured for "on" mode.
The Cisco WLC relies on the connected switch to perform the load-balance of traffic.
The Cisco WLC aggregates multiple management interfaces into a single virtual interface.
Correct Answer: CD
Section: (none)
Explanation
QUESTION 147
Which two Cisco Unified Wireless Network capabilities use information that is provided by Radio Resource Management neighbor messages in version
7.0 MR1? (Choose two.)
A.
B.
C.
D.
E.
aggressive load balancing

dynamic channel assignment
hybrid remote edge access point
inter-controller mobility (that is, mobility groups)
rogue AP classification
Correct Answer: BE
Section: (none)
Explanation
QUESTION 148
The wireless network is using controller-based APs and version 7.0 MR1. The APs appear to be connected properly to the controllers. A wireless user
near one of the APs reports that they are unable to connect to the network with their pre-shared key.
Which option shows the GUI path where you can check the connection status of that client?
A.
B.
C.
D.
E.
WLANs > WLAN_ID > Advanced

Security > Clients
Security > Advanced > Clients
Monitor > Clients
Wireless > 802.11b/g/n > clients
Correct Answer: D
Section: (none)
Explanation
QUESTION 149
You are about to use a hotel's guest wireless services using a wireless laptop. Which three items do you need to establish a wireless connection?
(Choose three.)
A.
B.
C.
D.
E.
F.
G.
SSID name
RF channel
RF signal
802.1X/EAP credentials
pre-shared key
web page
WPA/WPA2 settings
Correct Answer: ACF

Section: (none)
Explanation
QUESTION 150
You have an Apple IOS iPhone4 that is used on your home Wi-Fi network and a personal laptop that is used on your work's enterprise wireless network.
At your office, you are unable to see the enterprise wireless network on your iPhone4.
What is the most likely cause of this issue?
A.
B.
C.
D.
E.
F.
G.
WPA2 CPU intensive encryption is not supported on the client.

WPA2 must be enabled on the client.
A new profile must be created on the client.
Wi-Fi must be enabled on the client.
The enterprise is 2.4 GHz only.
The enterprise is 5 GHz only.
The RF channel must be adjusted on the client.
Correct Answer: F
Section: (none)
Explanation
QUESTION 151
When Cisco AnyConnect modules are installed on a PC, which module must be installed first?
A.
B.
C.
D.
E.
F.
G.
telemetry
web security
VPN
NAM
DART
posture
CSSC
Correct Answer: C
Section: (none)
Explanation
QUESTION 152
Which option lists the key features of Cisco Compatible Extensions v5?
A. Roaming and real-time diagnostics, MFP, a diagnostic channel that allows troubleshooting of the client, client reporting, optional location service, and
expedited bandwidth
B. AP assisted roam, Cisco Centralized Key Management, radio measurements, and transmit power control
C. CAC, UPSD, voice metrics, MBSSIDs, location, link tests, and NAC
D. WME, proxy ARP, EAP-FAST, and WPA2, and single sign-on
E. LEAP, WPA, 802.1x and VLANs per AP, TKIP, and WiFi
Correct Answer: A
Section: (none)
Explanation
QUESTION 153
A client is attached to the Cisco Unified Wireless Network using controllers. When the client is using WPA2 and EAP authentication, where are the
wireless encryption keys located during the active user session? (Choose two.)
A.
B.
C.
D.
E.
on the access point

on the RADIUS server
on the Cisco WCS
on the client
on the Cisco WLC
Correct Answer: AD
Section: (none)
Explanation
specified answers
QUESTION 154
Which four parameters must be configured for local EAP-FAST on the controller? (Choose four.)
A.
B.
C.
D.
E.
authority ID
authority ID Information
client key
PAC
server key
F. TTL for PAC

G. monitor key
H. NTP source
Correct Answer: ABEF
Section: (none)
Explanation
QUESTION 155
Which method of encryption does the 802.11i standard use?
A.
B.
C.
D.
E.
AES/CCMP
AES/ECB
AES/OCB
TKIP
both AES/ECB and AES/CCMP
Correct Answer: A
Section: (none)
Explanation
QUESTION 156
Which type of authentication is used initially by a controller-based AP so that a guest client can get an IP address?
A.
B.
C.
D.
E.
F.
802.1x
EAP
LEAP
open authentication
TLS
SSL
Correct Answer: D
Section: (none)
Explanation
QUESTION 157
What is the maximum number of lightweight APs that can be supported from a single Cisco WCS Navigator management console with Cisco WCS and
Cisco WLC running version 7.0 code?
A.
B.
C.
D.
E.
10,000
20,000
25,000
30,000
60,000
Correct Answer: D
Section: (none)
Explanation
QUESTION 158
Which menu gives you access to manage background tasks in Cisco WCS?
A.
B.
C.
D.
E.
F.
None, because the General tab provides access to the management of background tasks
Monitor
Configure
Services
Administration
Tools
Correct Answer: E
Section: (none)
Explanation
QUESTION 159
How do improperly set Telnet/SSH parameters effect the configuration of a controller with Cisco WCS?
A.
B.
C.
D.
The CLI and GUI management of the controller both fail because Cisco WCS checks these credentials before opening a session.
The Telnet/SSH username must have sufficient privileges to execute commands in CLI templates.
The GUI management of the controller fails because the Cisco WCS uses the Telnet/SSH parameters to login to the controller.
The controller remains configured in the Cisco WCS, but no management is possible through GUI from other client browsers.
Correct Answer: B
Section: (none)
Explanation
QUESTION 160
Which GUI item do you click to configure maps with APs in Cisco WCS?
A.
B.
C.
D.
E.
F.
Configure
Client
CleanAir
Services
Administration
Monitor
Correct Answer: F
Section: (none)
Explanation
QUESTION 161
Which two options does this icon represent about the status of the respective AP on a Cisco WCS version 7.0 map? (Choose two.)
A.
B.
C.
D.
E.
F.
The 802.11a/n radio is administratively disabled.

The 802.11a/n radio has a minor fault.
The 802.11a/n radio has a major fault.
The 802.11b/g/n radio is administratively disabled.
The 802.11b/g/n radio has a minor fault.
The 802.11b/g/n radio has a major fault.
Correct Answer: CD
Section: (none)
Explanation
QUESTION 162
What is the difference between the IEEE, the WiFi Alliance, and the FCC, ETSI, and TELEC?
A. The IEEE and FCC are responsible for the standards that apply to wireless networks. The WiFi Alliance, ETSI, and TELEC are the governmental
agencies that regulate compliance with local standards.
B. The IEEE is responsible for Layer 1 and Layer 2 protocols. The WiFi Alliance is responsible for interoperability testing. The FCC, ETSI, and TELEC
are responsible for radio frequency and transmission power-level regulations and standards in the U.S., Europe, and Japan.
C. The IEEE is responsible for Layer 1 and Layer 2 protocols. The FCC, ETSI, and TELEC are responsible for interoperability testing and compliance.
The WiFi Alliance is responsible for radio frequency and transmission power-level regulations and standards on a global basis.
D. The IEEE and FCC are responsible for the Layer 3 protocol support and frequency and power-level regulations in the United States. ETSI and
TELEC are responsible for frequency and power-level regulations in Europe and Japan. The WiFi Alliance is responsible to interoperability testing.
Correct Answer: B
Section: (none)
Explanation
QUESTION 163
What is an MBSSID?
A.
B.
C.
D.
a virtual AP configured on a physical AP that share a single physical device, which is one half-duplex radio
a set of physical APs configured in a BSA to form cells that are controlled by a single controller
the group of clients that are allowed to gain access to one or more SSIDs configured in an AP
the identified overlap area between two cells, which identifies the clients that are operating in that area at any given time
Correct Answer: A
Section: (none)
Explanation
QUESTION 164
You are testing a new autonomous Cisco Aironet 1260 AP that has booted for the first time on the existing corporate network, which includes voice,
data, and location services.
How do you reach the GUI of the AP?
A. HTTP to 10.0.0.1.
B. HTTP to 192.168.1.1.
C.
D.
E.
F.
HTTP to the DHCP address.

HTTPS to 10.0.0.1.
HTTPS to the 192.168.1.1.
HTTPS to the DHCP address.
Correct Answer: C
Section: (none)
Explanation
QUESTION 165
A WLAN deployment uses a combination of Cisco Aironet 1260 APs and multiple Cisco 5500 Wireless LAN Controllers to provide wireless LAN access
to end-users. The network administrator has decided to use DHCP Option 43 to enable the APs to discover the wireless LAN controllers.
When configuring the DHCP scope, which format should be used for the Cisco WLC addresses?
A.
B.
C.
D.
E.
F.
a comma-separated ASCII string of Cisco WLC AP-manager addresses

a comma-separated ASCII string of Cisco WLC management addresses
a comma-separated ASCII string of Cisco WLC virtual IP addresses
a hexadecimal string of Cisco WLC AP-manager addresses
a hexadecimal string of Cisco WLC management addresses
a hexadecimal string of Cisco WLC virtual IP addresses
Correct Answer: E
Section: (none)
Explanation
QUESTION 166
Which interface is considered a dynamic interface?
A.
B.
C.
D.
the virtual interface

the AP manager interface
the LAG interface
the management interface
E. the service port interface

F. a WLAN client data interface
Correct Answer: F
Section: (none)
Explanation
QUESTION 167
Which three items do you need to establish a wireless connection to an enterprise wireless network? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
SSID name
RF channel
RF signal
802.1X/EAP credentials
pre-shared key
web page
WPA/WPA2 settings
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 168
You have brought your MacBook Pro running OS 10.6 to work and intend use the enterprise wireless network. This network is using EAP-FAST and 2.4
GHz for data and 5 GHz for VoWLAN.
Which statement about the laptop configuration and wireless connection is true?
A.
B.
C.
D.
E.
Install a USB wireless adapter and configure

Install Apple EAP-Fast plug-in and configure
Install Cisco AnyConnect v2.4 and configure
Configure Apple network preferences for EAP-FAST
The laptop does not support EAP-FAST and will be unable to connect
F. The laptop only supports 5 GHz and will be unable to connect

Correct Answer: D
Section: (none)
Explanation
QUESTION 169
Which Cisco AnyConnect module allows troubleshooting for core Cisco AnyConnect problems?
A.
B.
C.
D.
E.
F.
G.
telemetry
web security
VPN
NAM
DART
posture
CSSC
Correct Answer: E
Section: (none)
Explanation
QUESTION 170
Which Cisco AnyConnect module provides wireless connectivity?
A.
B.
C.
D.
E.
F.
G.
telemetry
web security
VPN
NAM
DART
posture
CSSC
Correct Answer: D
Section: (none)
Explanation
QUESTION 171
Which option is needed to earn the Cisco Compatible credential for Cisco Compatible Extensions Lite?
A.
B.
C.
D.
E.
F.
G.
H.
Foundation and Management are required.

Location and Management are required.
Foundation and Location are required.
Foundation and Voice are required.
Voice is required.
Foundation is required.
Location is required.
Management is required.
Correct Answer: F
Section: (none)
Explanation
QUESTION 172
In a typical wireless network using WPA, WPA2 or VPN, why is it still possible for a rogue client to launch a DOS attack?
A.
B.
C.
D.
WPA and WPA2 are not considered strong encryption algorithms and are easily cracked.
802.11 management frames are easily compromised.
Cisco Compatible Extensions v5 are required with WPA, WPA2, or VPN to keep rogues from launching attacks in the wireless network.
The message integrity check frames are never encrypted or authenticated, which allows rogues to spoof clients.
Correct Answer: B
Section: (none)
Explanation
QUESTION 173
Strong security is required, but a centralized RADIUS authenticator has not been implemented. Which two steps must you take to provide maximum
security when using a pre-shared key? (Choose two.)
A.
B.
C.
D.
Change the TKIP on a weekly basis.

Use a key that includes mixed-case letters, numbers, and symbols with a length greater than 10 characters.
Use only with WPA and WPA2, following proper strong key guidelines.
Use the longest possible WEP key in your security policy.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 174
What is the impact of configuring a single SSID to support TKIP and AES encryption simultaneously?
A.
B.
C.
D.
The overhead associated with supporting both encryption methods degrades client throughput significantly.
Some wireless client drivers might not handle complex SSID settings and may be unable to associate to the WLAN.
This configuration is unsupported and the Cisco Wireless Control System generates alarms continuously until the configuration is corrected.
This configuration is common for migrating from WPA to WPA2. No problem is associated with using this configuration.
Correct Answer: B
Section: (none)
Explanation
QUESTION 175
Which key is established using the four-way handshake during the WPA authentication process?
A.
B.
C.
D.
E.
Pairwise Master Key

Pairwise Multiple Key
Pairwise Session Key
Pairwise Transient Key
Pairwise Transverse Key
Correct Answer: D
Section: (none)
Explanation
QUESTION 176
What are four features of WPA? (Choose four.)
A.
B.
C.
D.
E.
F.
a larger initialization vector, increased to 48 bits

a message integrity check protocol to prevent forgeries
authenticated key management using 802.1X
support for a key caching mechanism
unicast and broadcast key management
requires AES-CCMP
Correct Answer: ABCE

Section: (none)
Explanation
verified answers
QUESTION 177
When the enterprise-based authentication method is used for WPA2, a bidirectional handshake exchange occurs between the client and the
authenticator.
Which five options are results of that exchange being used on a controller-based network? (Choose five.)
A.
B.
C.
D.
E.
F.
a bidirectional exchange of a nonce used for key generation

binding of a Pairwise Master Key at the client and the controller
creation of the Pairwise Transient Key
distribution of the Group Transient Key
distribution of the Pairwise Master key for caching at the access point
proof that each side is alive
Correct Answer: ABCDF

Section: (none)
Explanation
QUESTION 178
When a guest client is authenticated, which type of connection is created between the controller- based AP and the client?
A.
B.
C.
D.
E.
as SSL connection
a TLS encrypted tunnel
an unsecured connection
a 802.1x/EAP tunnel
an IPsec tunnel
Correct Answer: C
Section: (none)
Explanation
QUESTION 179
Which GUI item do you click to configure authentication and authorization in Cisco WCS?
A.
B.
C.
D.
E.
F.
Security
Monitor
Configure
Services
Administration
Tools
Correct Answer: E
Section: (none)
Explanation
QUESTION 180
When adding a controller to manage through Cisco WCS, which address type is used and which SNMP function does the Cisco WCS perform?
A.
B.
C.
D.
The controller is managed through its MAC address and the Cisco WCS acts as a SNMP TRAP authenticator.
The IP address of the controller is used and the Cisco WCS acts as a SNMP TRAP receiver.
The controller is managed through its MAC address and the Cisco WCS acts as a SNMP agent.
The controller connects through its MAC address to the Cisco WCS and the Cisco WCS uses the SNMP to manage the controller for all configured
SNMP parameters.
Correct Answer: B
Section: (none)
Explanation
QUESTION 181
Which three severity levels are in the Cisco WCS alarm dashboard? (Choose three.)
A.
B.
C.
D.
E.
F.
Critical
Flash
Major
Minor
Trivial
Urgent
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 182
The existing Cisco Unified Wireless Controller is running version 7.0 code for both the controllers and the Cisco WCS. A controller has been configured
with an appropriate rogue rule condition to report discovered APs to the Cisco WCS.
Which default alarm level is used to display all rogue APs in the Alarm Summary?
A.
B.
C.
D.
E.
Critical
Flash
Urgent
Major
Minor
Correct Answer: E
Section: (none)
Explanation
QUESTION 183
Which Cisco WCS tool allows you to view current reports, open specific types of reports, create and save new reports, and manage scheduled runs?
A.
B.
C.
D.
Reports menu
Reports launch page
Scheduled Run results
saved reports
Correct Answer: B
Section: (none)
Explanation
QUESTION 184
Which path do you take to manage the results of a report that had been run on network utilization?
A. Reports > Report Launch Pad > Device > Utilization
B. Reports > Report Launch Pad > Scheduled Run Results
C. Reports > Saved Reports > Scheduled Run Results

D. Reports > Scheduled Run Results
Correct Answer: D
Section: (none)
Explanation
QUESTION 185
Which three WLC debug commands are appropriate to troubleshoot a wireless client that is associated to an AP? (Choose three.)
A.
B.
C.
D.
E.
F.
debug capwap
debug mac addr
debug dot11
debugdhcp
debugap
debugdtls
Correct Answer: BCD

Section: (none)
Explanation
QUESTION 186
Which command path correctly describes how to access and troubleshoot clients with Cisco WCS version 7.0?
A.
B.
C.
D.
Tools > Clients > select displayed client's MAC address

Tools > Clients > enter client's MAC address
Monitor > Clients > click displayed client's MAC address
Monitor > Clients > enter client's MAC address
Correct Answer: C
Section: (none)
Explanation
QUESTION 187
Which single tool helps to troubleshoot client-related issues in a WLAN?
A.
B.
C.
D.
The show and debug commands on the controller.

The show commands on the AP.
Client templates on the Cisco WCS.
Client troubleshooting on the Cisco WCS.
Correct Answer: D
Section: (none)
Explanation
QUESTION 188
Which option best describes the limitation of a client that is attempting to manage a WLC while using the client wireless adapter connection to the
wireless infrastructure?
A.
B.
C.
D.
Controllers must be managed using only secure protocols (that is, SSH and HTTPS), not nonsecure protocols (that is, HTTP and Telnet).
Read-write access is not available; only read-only access is supported.
Uploads and downloads from the controller are not allowed.
Wireless clients can manage other controllers, but not the same controller and the AP to which the client is associated.
Correct Answer: C
Section: (none)
Explanation
QUESTION 189
With the current Cisco WLC version 7.0 syslog level settings set the way they are, which log levels are captured by the Syslog server?
A.
B.
C.
D.
syslog level errors only

all syslog levels
only the syslog severity level number of error and greater
only the syslog severity level number of error and less
Correct Answer: D
Section: (none)
Explanation
QUESTION 190
Which type of management tasks can be completed on a Cisco WLC remotely from a wireless client?
A.
B.
C.
D.
All management and configuration tasks can be performed from a wireless client except for using debug commands.
In the default configuration, no management or configuration is possible through the GUI or CLI on the Cisco WLC.
The default configuration of the Cisco WLC allows only CLI access and then only the use of show commands, so no configuration is possible.
All management and configuration tasks, except uploads from and downloads to the Cisco WLC, are permitted.
Correct Answer: B
Section: (none)
Explanation
specified answer
QUESTION 191
When using a Cisco WLC version 7.0 with a default configuration, how is a remote management HTTPS access connection secured?
A.
B.
C.
D.
The Cisco WLC uses a pre-shared key to authenticate the user, which limits the number of potential users that can access the controller.
The Cisco WLC generates its own local web administration SSL certificate and automatically applies it to the GUI.
The Cisco WLC uses a CA certificate for SSL access.
The Cisco WLC uses HTTPS to secure the HTTP session via a preconfigured password that generates a certificate for each session.
Correct Answer: B
Section: (none)
Explanation
QUESTION 192
You have an organization that has a growing number of standalone APs. You would like to migrate to lightweight APs and manage them through Cisco
WCS.
Which software platform allows you to make this migration?
A.
B.
C.
D.
The enterprise version of Cisco WCS allows this migration and provides the most flexibility in the number of APs supported.
CiscoWorks WLSE is the only management platform that allows this migration, but it is limited to 500 APs.
You can migrate your network to Cisco WCS single server with the CiscoWorks WLSE upgrade software upgrade.
You can migrate the network by using either the single server or enterprise software platforms, both using the CiscoWorks WLSE upgrade software
upgrade.
Correct Answer: C
Section: (none)
Explanation
QUESTION 193
Which statement best describes the ability of a wireless client to access and transmit a data frame to an AP?
A.
B.
C.
D.
The client listens to the media until polled by the AP using PCF to send its data.
The client listens to the media until a data frame is finished, at which time it transmits, unless a collision of data frames has occurred.
The client uses random countdown timers to start the transmission of a data frame.
The client listens to the media and countdown timers to start the transmission of a data frame.
Correct Answer: D
Section: (none)
Explanation
QUESTION 194
Which statement about ZigBee technology is true?
A.
B.
C.
D.
It has low power consumption.

It is designed only for point-to-point communications.
It ranges up to 250 meters.
It supports data rates up to 1 and 2 Mb/s.
Correct Answer: A
Section: (none)
Explanation
QUESTION 195
Which four options are the characteristics of the original 802.11 protocol? (Choose four.)
A.
B.
C.
D.
E.
F.
G.
H.
Defined DSSS and FHSS as possible methods for modulation

Designed to operate in the 5 GHz ISM frequency spectrum
The most common deployment is three non-overlapping channels that are 20 MHz wide
The protocol sets the maximum throughput at 1 Mb/s or 2 Mb/s
Defined FHSS and OFDM as possible methods for modulation
The most common deployment is three non-overlapping channels that are 22 MHz wide
Designed to operate in the 2.4 GHz ISM frequency spectrum
The protocol sets the maximum throughput at 1 Mb/s
Correct Answer: ACDG

Section: (none)
Explanation
FHSS is still described in the original 802.11 protocol, but another technique was preferred and adopted by all 802.11 networks: Direct Sequence Spread
Spectrum. Instead of small channels and a jumping sequence, the information is sent over a wider channel. This channel is 22 MHz wide (if the center
frequency is 2.412, this channel spans from 2.401 GHz to 2.423 GHz) and does not move (no hopping, which is why the sequence is said to be direct
instead of hopping). Then, over this 22 MHz channel, several bits of information are sent in parallel. If a source of interference affects part of the
channel, it will prevent only the bits sent in that frequency from reaching the receiver.
QUESTION 196
The network administrator receives complaints of slow wireless network performance and performs a sniffer trace of the wireless network in preparation
for migration to 802.11n. The sample capture shows frames that contains AP beacons with NonERP_Present bit set to 1 and frames with RTS/CTS.
Which two conclusions can be interpreted from these frames? (Choose two.)
A.
B.
C.
D.
E.
The network is performing slowly because 802.11n clients are already mixed with 802.11g clients.
The network is performing slowly because 802.11b clients still exist in the network.
The network is performing slowly because a wireless client is incorrectly configured, which results in RF interference.
Possible 802.11b wireless clients are located only in the AP cell radius where the sniffer capture was performed.
Possible 802.11b wireless clients could be located anywhere in the wireless network.
Correct Answer: BE
Section: (none)
Explanation
QUESTION 197
If an antenna has a dBd of 8.6, what is the dBi value?
A.
B.
C.
D.
E.
6.2
6.46
8.6
10.74
12.88
Correct Answer: D
Section: (none)
Explanation
Antenna performance
Antenna performance is measured in
dBi (the antennas gain/loss over a theoretical isotropic antenna) dBd (the antennas gain/loss over a dipole antenna) dBi = dBd + 2.15
dBd = dBi 2.15
QUESTION 198
Which calculation computes the EIRP of an antenna?
A.
B.
C.
D.
E.
F.
EIRP = Tx power (dBm) + Antenna Gain (dBi) - Cable Loss (dB)

EIRP= Cable Loss (dB)+ Antenna Gain (dBi) - Tx power (dBm)
EIRP = Cable Loss (dB)+ Antenna Gain (dBi) / Tx power (dBm)
EIRP = Tx power (dBm) + Antenna Gain (dBi) / Cable Loss (dB)
EIRP = Antenna Gain (dBi) - Cable Loss (dB) * Tx power (dBm)
EIRP = Tx power (dBm) * Antenna Gain (dBi) / Cable Loss (dB)
Correct Answer: A
Section: (none)
Explanation
QUESTION 199
Which three items are allowed on an Ethernet trunk port? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
H.
autonomous AP
FlexConnect AP
local AP
monitor AP
rogue detector AP
sniffer AP
SE-Connect AP
Cisco WLC
Correct Answer: BEH

Section: (none)
Explanation
QUESTION 200
Which option describes computer-to-computer wireless communication?
A.
B.
C.
D.
E.
F.
BSS and BSA

IBSS and ad hoc network
ad hoc network and BSA
IBSS and ESS
ESS and BSA
BSS and ad hoc network
Correct Answer: B
Section: (none)
Explanation
QUESTION 201
Which two statements about AES-CCMP are true? (Choose two.)
A.
B.
C.
D.
E.
It is an encryption algorithm used in the 802.11i security protocol.

It is defined in 802.1X.
It is the encryption algorithm used in TKIP implementations.
It is required in WPA.
It is required in WPA2.
Correct Answer: AE
Section: (none)
Explanation
QUESTION 202
Which two statements about beacon frames used by access points are true? (Choose two.)
A.
B.
C.
D.
E.
They contain SSIDs if this feature is enabled.

They provide vendor proprietary information.
They are another name for an associated request.
They are sent in response to a probe frame.
They include ATIM window information for power save operations.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 203
Which two actions are best for deploying VoWLAN on a wireless network? (Choose two.)
A.
B.
C.
D.
E.
Minimize the use of Class 3 Bluetooth devices.

Minimize the use of analog cameras.
Minimize the use of IP cameras.
Maximize client access by enabling all data rates used by clients.
Maximize client access by enabling only a few high data rates used by clients.
Correct Answer: BE
Section: (none)
Explanation
QUESTION 204
What is the equivalent of 26 dBm in milliwatts?
A.
B.
C.
D.
E.
4 mW
40 mW
100 mW
400 mW
1000 mW
Correct Answer: D
Section: (none)
Explanation
QUESTION 205
What is the EIRP value for a transmitter that has a transmitter capable of 15 dBm, an antenna that has a gain of 12 dBi, and a cable that connects the
transmitter to the antenna that has 1 db loss?
A.
B.
C.
D.
E.
26 dBm
100 mW
.86 dBm
165 dBm
1000 mW
Correct Answer: A
Section: (none)
Explanation
QUESTION 206
What are three primary components that describe TKIP? (Choose three.)
A.
B.
C.
D.
E.
F.
broadcast key rotation

dynamic WEP
message integrity check
per-packet key hashing
symmetric key cipher
WPA2 enterprise mode
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 207
When an AP, in its default configuration mode, connects to a Cisco WLC, which methods are available for remote management access to an AP?
A.
B.
C.
D.
E.
SSL and SSH are available only after configuration by a Cisco WLC version 7.0.
SSH only
HTTPS, and SSH
SSH and Telnet
SSH and Telnet are available only after configuration by a Cisco WLC version 7.0.
Correct Answer: D
Section: (none)
Explanation
QUESTION 208
Which two security features are associated with a wireless network employing 802.11i configured as a Robust Security Network? (Choose two.)
A. WEP
B. AES-CCMP
C. 802.11x
D. IPsec
E. TKIP
F. 802.1x
Correct Answer: BF
Section: (none)
Explanation
QUESTION 209
Before conducting a passive RF site survey with a standalone AP, which two of these should be statically configured on the AP? (Choose two.)
A.
B.
C.
D.
E.
passive client
channel assignment
DTPC
Tx power level
channel scan defer priority
Correct Answer: BD
Section: (none)
Explanation
QUESTION 210
After interviewing a customer to understand wireless client requirements, you determine that 802.11b must be enabled to support legacy clients within a
mixed-mode environment. Which recommendation will have the greatest impact on mitigating the effects of 802.11b clients on the rest of the network?
A.
B.
C.
D.
Restrict OFDM modulation from being used.

Make 11 Mb/s the lowest mandatory rate.
Enable a separate SSID for 802.11b clients.
Enable a short preamble.
Correct Answer: B
Section: (none)
Explanation
QUESTION 211
In a Cisco Unified Wireless Network environment, which two of these are required in order for clients to connect with MCS data rates? (Choose two.)
A.
B.
C.
D.
E.
EDCF
client MFP
multiple spatial streams
AES-CCMP
40-MHz channels
Correct Answer: AD
Section: (none)
Explanation
QUESTION 212
The 802.11-2007 standard includes which two amendments to the original 802.11 standard? (Choose two.)
A.
B.
C.
D.
E.
802.11c
802.11d
802.11j
802.11r
802.11u
Correct Answer: BC
Section: (none)
Explanation
QUESTION 213
You are designing a wireless network utilizing EAP-TLS. One design requirement is to provide per-user differentiated QoS using only one SSID. What is
the best way to achieve this goal?
A. using WMM override
B. using Cisco Airespace VSAs

C. using QoS Enhanced BSS
D. using AP groups
Correct Answer: B
Section: (none)
Explanation
QUESTION 214
What does the letter P in the designation of the AIR-CAP3502P AP indicate?
A.
B.
C.
D.
The AP supports the new IEEE 802.11p (WAVE) wireless standard.

The AP requires professional installation.
The AP can be used in plenum applications.
The AP is compatible with polarization type antennae.
Correct Answer: B
Section: (none)
Explanation
answer is updated
QUESTION 215
You are converting your wireless infrastructure from a data-only design to a location services design. Which task do you need to complete?
A.
B.
C.
D.
Disable the DSSS speeds for RFID compatibility.

Use fewer APs to avoid RFID 3D imaging.
Set APs to maximum power for RF fingerprinting.
Locate APs at the edges of your coverage area for trilateration.
Correct Answer: D
Section: (none)
Explanation
QUESTION 216
Which statement about heat maps on Cisco WCS is true?
A.
B.
C.
D.
They are predictive and rely only on the accuracy of the information that is provided with the map.
They are based on real-time actual values if Cisco Compatible Extensions is enabled on the APs.
They are predictive but can be converted to real values by using the Refresh from network button.
They are based on real-time actual values because of fingerprinting.
Correct Answer: A
Section: (none)
Explanation
QUESTION 217
A clause 15 radio uses ___________ and supports data rates of ___________ .
A.
B.
C.
D.
FHSS or DSSS, 1 Mb/s up to 11 Mb/s

DSSS, 1 Mb/s and 2 Mb/s
FHSS, 1 Mb/s and 2 Mb/s
DSSS, 1 Mb/s up to 11 Mb/s
Correct Answer: B
Section: (none)
Explanation
QUESTION 218
Which three protocols does IEEE 802.1X access control allow until the client is authenticated? (Choose three.)
A.
B.
C.
D.
E.
Cisco Discovery Protocol

VLAN Trunking Protocol
Spanning Tree Protocol
Extensible Authentication Protocol over LAN
Dynamic Host Control Protocol
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 219
Cisco WiSM controllers have multiple interface types. Which two interfaces must be present and configured at setup time? (Choose two.)
A.
B.
C.
D.
virtual
virtual gateway
service port
operator defined
Correct Answer: AC
Section: (none)
Explanation
QUESTION 220
IN CUWN, what DHCP option needs to be configured for APs to join specific WLCs, if the WLCs and APs reside in different subnets?
A.
B.
C.
D.
option 43
option 60
option 82
option 150
Correct Answer: A
Section: (none)
Explanation
QUESTION 221
When LAG is enabled, all ports participate in LAG by default. Which statement about LAG is true?
A. The failure of one link affects only management access, not traffic throughput.
B. If any single link fails, traffic will automatically migrate to the remaining links.
C. If only two switch ports are in the LAG group, and one switch port fails, then the other switch port will fail also.
D. If there are only two LAG connections, then all VLANs must be allowed.
Correct Answer: B
Section: (none)
Explanation
QUESTION 222
Two switches are connected by an EtherChannel. Which setting does not have to match on the connected ports in order to form an EtherChannel?
A.
B.
C.
D.
E.
the allowed VLAN list

the spanning-tree PortFast settings
DTP negotiation settings
the native VLAN
the spanning-tree port priorities for each VLAN
Correct Answer: C
Section: (none)
Explanation
QUESTION 223
Which two statements are true? (Choose two.)

A.
B.
C.
D.
E.
10.10.10.9 is the IP address of the multicast source.

10.10.10.9 is the IP address of the multicast receiver.
10.10.10.9 is the RP address for multicast group 239.5.5.5.
The Ethernet 0/0 interface of the router and 10.10.10.9 are in the same broadcast domain.
The Ethernet 0/0 interface of the router and 10.10.10.9 do not need to be in the same broadcast domain.
Correct Answer: BD
Section: (none)
Explanation
valuable answers
QUESTION 224
DSCP values can be expressed in decimal form or by PHB. Which PHB is the equivalent of DSCP 20?
A.
B.
C.
D.
AF20
AF22
AF26
AF28
Correct Answer: B
Section: (none)
Explanation
QUESTION 225
You are configuring a TACACS+ server and the security team asks you for details about this protocol. Which three statements about the TACACS+
protocol are true? (Choose three.)
A.
B.
C.
D.
E.
It is TCP based.
It is UDP based.
It uses port 49 by default.
It uses port 59 by default.
The username is sent in cleartext.
F. The username is encrypted.

Correct Answer: ACF
Section: (none)
Explanation
QUESTION 226
All the guest users that associate to the guest SSID on the Cisco WLC are receiving this message from their browser each time that they try to reach an
Internet website. Which two changes will allow the guest users to avoid this message in a simple and secure way? (Choose two.)
A. Generate and install a new certificate for the Cisco WLC web-auth, signed by the Cisco CA.
B. Configure a FQDN in the management interface of the Cisco WLC and add that FQDN to the DNS server.
C. Configure a FQDN in the virtual interface of the Cisco WLC and add that FQDN to the DNS server.
D. Generate and install a new certificate for the Cisco WLC web-auth, signed by a CA trusted by the browser.
E. Generate and install a new certificate for the Cisco WLC web-auth, signed by the local CA.
Correct Answer: CD
Section: (none)
Explanation
QUESTION 227
Which local DHCP pools that are configured on an autonomous IOS AP will properly work and lease IP addresses to the wireless clients without using
the "ip helper-address" command?
A.
B.
C.
D.
only the pool configured for the native VLAN

only the pool configured for the VLAN assigned to the SSID where the wireless clients are connected
all of the configured local DHCP pools
all of the configured local DHCP pools, if static routing is configured appropriately
Correct Answer: A
Section: (none)
Explanation
QUESTION 228
Which two statements are true about the RADIUS attributes listed? (Choose two.)
A.
B.
C.
D.
E.
F.
They are used for dynamic VLAN assignment for wireless or wired clients.
They are used for dynamic VLAN assignment for VPN tunnels.
They correspond to the RADIUS attribute numbers 64, 65, and 81.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 229
DNS is configured to respond with a list containing multiple controller addresses. Upon DNS discovery, which statement is true?
A.
B.
C.
D.
The AP sends a discovery request to the first controller on the list, and then goes down the list chronologically until it receives a discovery response.
The AP sends a discovery request to the last controller on the list, and then goes up the list chronologically until it receives a discovery response.
The AP sends a discovery request to all controllers on the list simultaneously.
Multiple controller IP addresses in a DNS response are not supported.
Correct Answer: C
Section: (none)
Explanation
QUESTION 230
You are designing a wireless guest access solution to be used on a central campus and remote sites, where APs are configured in FlexConnect mode.
The guest Internet access service is offered by the domain controller. You want to use the guest anchor feature on the Cisco WLC. Which Cisco WLC
type should you consider deploying?
A.
B.
C.
D.
Any Cisco WLC.

A Cisco WLC by itself is not sufficient to support guest anchor and captive portal services.
A Cisco 5508 WLC, running Release 7.0.116.0, deployed as a guest anchor WLC.
A Cisco 2504 WLC, running Release 7.0.116.0, because guest access is a best-effort service and does not need to support large loads.
Correct Answer: C
Section: (none)
Explanation
QUESTION 231
You are helping your company to design a WLAN for a new campus. While writing a proposal for a site survey, which two of these benefits should you
outline in your proposal to justify the investment in a comprehensive site survey? (Choose two.)
A.
B.
C.
D.
A site survey will help determine the exact channels and power settings to be used by the APs, so that all applications can run correctly.
A site survey will help determine AP placement and coverage based on the proposed AP models and antenna types.
A site survey will help identify expected RF interference within the given environment.
A site survey will help determine the type and number of clients that can be used in the given environment as well as the applications that can be
used.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 232
You are designing a wireless point-to-point connection between two buildings that are 5 miles (8 km) apart. Which statement is true regarding the
design, considering that there is a lake between the two buildings?
A.
B.
C.
D.
You do not need to be concerned about multipath, reflection, scattering, or refraction because this is an outdoor design.
A pair of workgroup bridges will need to be used to bridge Ethernet traffic over the air between buildings.
You need to be concerned with the even and odd Fresnel zones because they can result in signal cancellation or amplification.
You need to simplify the design by putting a router on each building because wireless APs or bridges cannot carry 802.1Q traffic across the wireless
link.
E. Your concern should be the lake between the two buildings rather than the distance, because the water will absorb the signal.
Correct Answer: C
Section: (none)
Explanation
modified answer
QUESTION 233
You want to enable multicast video streaming supporting multicast for both wired and wireless clients. Which two statements are true regarding the
design of the network to deliver multicast streams over wireless? (Choose two.)
A. Multicast and broadcast packets cannot be managed because wireless clients will use the lowest mandatory rate supported by each AP to send and
receive traffic.
B. Multicast and broadcast packets do not send out ACK messages, and all packets are being delivered via best effort.
C. Multicast over wireless relies on a TCP retransmission mechanism for reliable transmission, which explains why multicast presents a unique
challenge for media traffic because multicast video is mostly UDP traffic.
D. A wireless network does not provide reliable transmission for multicast packets and does not classify queues or provision QoS.
E. IGMPv3 is required to provide reliable transmission for multicast streams. The default 802.11 retransmission mechanism will prioritize WMM queues
by means of the 802.11e UP value.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 234
You need to deploy several WLCs to manage Unified APs on the main site and on remote locations (on different subnets). A wireless network printer is
added to the network. Multicast is used to discover the printer. You enable multicast-multicast mode on the WLCs. Which two of these statements are
true, considering interoperability and requirements of the network? (Choose two.)
A.
B.
C.
D.
The infrastructure should be ready to allow multicast routing from the WLC management interfaces to all managed APs.
There is no need to configure multicast routing on the infrastructure, because all the wireless clients are on the same VLAN or subnet.
You can configure any multicast IP address on the WLCs, as long as you make sure to use the same address on the WLCs.
To avoid issues, you need to make sure that the WLC multicast IP address is different for each controller and is not used for anything else on the
network.
E. There is no need to allow multicast traffic on the WAN VPN links to the remote locations, because this traffic goes within the LWAPP/CAPWAP
tunnel.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 235
A retail company is refreshing their WLANs in their stores. Costs, resiliency, and ease of management are all important design criteria. Which two
statements are true when considering your proposed Cisco Unified Wireless solution? (Choose two.)
A. FlexConnect (H-REAP) should be considered to manage the WLAN from a centralized controller. In the event of WAN failure, clients already
connected can continue to connect and operate as normal.
B. FlexConnect (H-REAP) should not be considered to manage the WLAN. In the event of WAN failure, clients already connected will be dropped and
need to re-associate and re-authenticate to the network, using the in-store RADIUS and directory services.
C. The Cisco 2504 WLC should be considered to manage the store WLANs. The Cisco 2504 WLC will provide full services to the store and can be
managed and configured from a centralized controller. In the event of WAN failure, clients already connected can continue to connect and operate as
normal.
D. The Cisco 2504 WLC should be considered to manage the store WLANs. The Cisco 2504 WLC will provide full services to the store and can be
managed and configured from a centralized management system (NCS or WCS). In the event of WAN failure, clients already connected can
continue to connect and operate as normal.
E. The Cisco 7510 WLC should be considered to be deployed in each store to manage the store WLAN. In the event of WAN failure, clients already
connected can continue to connect and operate as normal.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 236
You are designing a new WLAN for an old warehouse. To make sure that the spectrum analysis is accurate, which two of these devices should you try
to remove from the warehouse? (Choose two.)
A.
B.
C.
D.
E.
old 2.4-GHz cordless phones

new DECT 6.0 series cordless phones
900-MHz PA radio system
the neighbor Wi-Fi system that operates in both 2.4 GHz and 5.0 GHz
old microwave ovens
Correct Answer: AE
Section: (none)
Explanation
QUESTION 237
_________ is classified as an 802.11i RSN with _________ as the mandatory encryption protocol.
A.
B.
C.
D.
WEP, TKIP
WPA2,TKIP
WPA, AES
WPA2, AES
Correct Answer: D
Section: (none)
Explanation
QUESTION 238
You are designing an autonomous wireless network for an office building that is located near a local airport. The customer requires the use of 802.11a/n
clients only, and the APs must never change their channel after they are configured. Which two UNII bands and channels should you restrict the APs to
use on the 5 GHz radios? (Choose two.)
A. UNII-1 and UNII-3
B. UNII-1 and UNII-2 extended
C.
D.
E.
F.
36-52 and 149-161

36-48 and 100-140
52-64 and 149-161
36-48 and 149-161
Correct Answer: AF
Section: (none)
Explanation
updated answers
QUESTION 239
You have been hired to install an outdoor wireless network for a small city. The design must provide 360 degrees of coverage from a central location
and at least 33 Mb/s of aggregate bandwidth for clause 18 radio clients. How do you design this solution?
A.
B.
C.
D.
E.
Three or more patch antennas installed in a circular pattern on the same supporting structure
One high-gain omni-directional antenna
Three or more parabolic dish antennas installed in a circular pattern on the same supporting structure
Three or more sector array antennas installed in a circular pattern on the same supporting structure
Three or more Yagi antennas installed in a circular pattern on the same supporting structure
Correct Answer: D
Section: (none)
Explanation
QUESTION 240
Which three security threats require the Cisco Adaptive wIPS service for mitigation? (Choose three.)
A.
B.
C.
D.
E.
F.
on/off-channel rogue
spectrum intelligence
man-in-the-middle attack
rogue switch-port tracing
zero-day attack
network reconnaissance
Correct Answer: CEF

Section: (none)
Explanation
answer is valid
QUESTION 241
Which of the following are required components for Client MFP? (Choose two.)
A.
B.
C.
D.
E.
CCXv4
CCXv5
802.11n
WPA2 w/TKIP or AES-CCMP
AnyConnect 3.0
Correct Answer: BD
Section: (none)
Explanation
QUESTION 242
Which of the following statements are true regarding RLDP? (Choose two)
A.
B.
C.
D.
E.
RLDP works only on APs configured in Open Authentication mode.

RLDP only works if the AP is in Monitor Mode.
RLDP will attempt to identify each Rogue AP only once.
RLDP only works if the Rogue AP is connected to a VLAN that is reachable by the WLC.
RLDP only works if the AP is in Local Mode.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 243
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 244
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 245
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 246
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 247
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 248
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 249
Select and Place:
Correct Answer:
Section: (none)
Explanation
Reference: http://www.cisco.com/en/US/docs/wireless/wcs/7.0MR1/configuration/guide/maps.html#wp1075863
QUESTION 250
Which statement about the impact of configuring a single SSID to support TKIP and AES encryption simultaneously is true?
A.
B.
C.
D.
The overhead associated with supporting both encryption methods significantly degrades client throughput.
Some wireless client drivers might not handle complex SSID settings and may be unable to associate to the WLAN.
This configuration is unsupported and the Cisco Wireless Control System generates alarms continuously until the configuration is corrected.
This configuration is common for migrating from WPA to WPA2. No problem is associated with using this configuration.
Correct Answer: B
Section: (none)
Explanation
QUESTION 251
When the pre-shared key authentication method is used for WPA or WPA2, for which two functions is the pre-shared key used? (Choose two.)
A.
B.
C.
D.
to act as the Group Transient Key during the bidirectional handshake

to act as the Pairwise Master Key during the bidirectional handshake
to derive the nonce at each side of the exchange
to derive the Pairwise Transient Key
Correct Answer: BD
Section: (none)
Explanation
valuable answers
QUESTION 252
When using the CLI command eping, configured for auto-anchor mobility wireless guest access, which type of packet is tested?
A.
B.
C.
D.
E.
data packets
mobility unencrypted packets
mobility encrypted packets
SNMP control packets
NTP control packets
Correct Answer: A
Section: (none)
Explanation
QUESTION 253
When a wireless guest network is implemented using auto-anchor mobility in a controller-based wireless network, which controller is responsible for a
guest client's IP address and their security configuration?
A.
B.
C.
D.
E.
any controller that supports the same VLAN

foreign controller
anchor controller
master controller
RF group master controller
Correct Answer: C
Section: (none)
Explanation
QUESTION 254
You have a small organization with multiple Cisco WCS servers. Management has become cumbersome and you are planning to deploy Cisco WCS
Navigator.
When the Cisco WCS Navigator has been deployed, how are the existing Cisco WCS servers added to the Cisco WCS Navigator, which software
versions are supported, and which protocol(s) do they use to communicate with Navigator?
A. Cisco WCS Navigator searches the enterprise intranet to locate the existing Cisco WCS servers and adds them automatically using SOAP as long
as there is only a difference of one version or less between Cisco WCS and WCS Navigator.
B. Each existing Cisco WCS server must be added manually and use SOAP/HTTP to communicate with the Cisco WCS Navigator platform as long as
the software versions of Cisco WCS and Cisco WCS Navigator are the same.
C. Cisco WCS must be on the same software version as Cisco WCS Navigator and each Cisco WCS server is added automatically using XML over
HTTP.
D. When Cisco WCS Navigator is added, all the Cisco WCS servers must be added manually, each system must use the same software release as
Navigator, and the Cisco WCS communicates with Cisco WCS Navigator by using SOAP/XML over HTTPS.
Correct Answer: D
Section: (none)
Explanation
QUESTION 255
Which two features are available in the Cisco WCS Plus license over the base license? (Choose two.)
A. ad hoc rogue detection
B.
C.
D.
E.
high availability between two Cisco WCS stations

mobility service engine management
auto discovery and containment or notification of rogue APs
client location to the nearest AP
Correct Answer: BC
Section: (none)
Explanation
QUESTION 256
Cisco WCS version 7.0 has a configuration mismatch with what is actually running in the controller. Which menu leads to the Audit Status Report?
A.
B.
C.
D.
E.
F.
Security
Monitor
Configure
Services
Administration
Tools
Correct Answer: C
Section: (none)
Explanation
QUESTION 257
If Cisco WCS version 7.0 needs to have APs added, relocated, or removed on a respective map, which menu leads to the correct location to make that
adjustment?
A.
B.
C.
D.
E.
F.
Security
Monitor
Configure
Services
Administration
Tools
Correct Answer: B
Section: (none)
Explanation
QUESTION 258
You made a manual configuration change to a controller and now you need to compare the controller configuration seen on Cisco WCS to the
configuration that is present in the controller.
Which menu can you use to do compare the configurations?
A.
B.
C.
D.
Reports
Monitor
Configure
Services
E. Administration
F. Tools
Correct Answer: C
Section: (none)
Explanation
QUESTION 259
Which two menus do you click to determine the reachability status of a controller from Cisco WCS? (Choose two.)
A.
B.
C.
D.
E.
F.
Monitor
Reports
Configure
Services
Administration
Tools
Correct Answer: AC
Section: (none)
Explanation
QUESTION 260
Which two statements about the status of the respective AP on a Cisco WCS version 7.0 map does this icon represent? (Choose two.)
A.
B.
C.
D.
E.
F.
The 802.11a/n radio is administratively disabled.

The 802.11a/n radio has a minor fault.
The 802.11a/n radio has a major fault.
The 802.11b/g/n radio is administratively disabled.
The 802.11b/g/n radio has a minor fault.
The 802.11b/g/n radio has a major fault.
Correct Answer: BF
Section: (none)
Explanation
correct answers
QUESTION 261
A wireless network that consists of Cisco Aironet 1260 APs and Cisco 2100 Series WLC has been correctly configured with Cisco WCS version 7, which
is also used for management. The CleanAir Zone of Impact is not visible for the respective Cisco WCS maps. Which two issues are causing the
problem? (Choose two.)
A.
B.
C.
D.
E.
F.
software version
AP
Cisco WLC
Cisco MSE
Cisco WCS
Cisco WCS is not enabled.
Correct Answer: BD
Section: (none)
Explanation
Topic 2, Volume B
QUESTION 262
Which action allows you to view a summary count by alarm types for the displayed total of 11 alarms?
A.
B.
C.
D.
E.
Choose Monitor > Alarms

Click the Security tab
Click a respective number in the Alarm Summary
Click the Alarm Summary blue arrow
Choose Home (house icon) > Alarm Summary
Correct Answer: D
Section: (none)
Explanation
QUESTION 263
An AP was reset while working on the correct association to a Cisco WCS version 7.0.
Which item was cleared during the reset?
A.
B.
C.
D.
E.
F.
static IP address
the location ID of the AP
WLC primary, secondary, tertiary
AP name
certificate
Nothing was cleared.
Correct Answer: F
Section: (none)
Explanation
QUESTION 264
Which two actions would you use to begin to troubleshoot an access point that fails to join a wireless LAN controller successfully? (Choose two.)
A.
B.
C.
D.
E.
SSH to the AP.

SSH to the Cisco WCS.
SSH to the Cisco WLC.
Issue the Cisco WLC commandebugcapwap events enable
Issue the Cisco WLC commanshowcapwap events
Correct Answer: CD
Section: (none)
Explanation
QUESTION 265
The results of a Cisco WCS client troubleshooting tool are summarized into a simple visual representation of a four-part progression of the connection
status for a wireless client.
What are the four parts? (Choose four.)
A.
B.
C.
D.
E.
F.
G.
H.
client MAC address

802.11 authentication
IP address assignment
802.11 association
successful association
authentication method
SSID
client radio type
Correct Answer: BCDE

Section: (none)
Explanation
QUESTION 266
Which two statements about the results of the Cisco WCS version 7.0 client troubleshooting tool are true? (Choose two.)
A.
B.
C.
D.
E.
F.
Results of Layers 1 - 3 are provided.

Results of only Layers 2 and 3 are provided.
Results of Layers 4 - 7 are provided.
The tabulated results vary depending on the client type.
Results are provided in a fixed four-part tabulation.
Results are provided in a fixed six-part tabulation.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 267
When using Cisco WCS version 7.0, which two features are available for the client troubleshooting tool when a Cisco Compatible Extensions v5 wireless
client gets connected? (Choose two.)
A.
B.
C.
D.
E.
Request CleanAir reports from the client

Send text messages to the client
Aggregated Cisco ACS authentication client information
Request the client to ping the DHCP-supplied IP gateway
Display a summary of client event history
Correct Answer: BD
Section: (none)
Explanation
QUESTION 268
Which portion of a WLAN deployment can WLC message logs help to troubleshoot?
A.
B.
C.
D.
E.
RF issues
encryption issues between APs and clients
configuration verification issues
infrastructure and client Issues
AP placement issues
Correct Answer: D
Section: (none)
Explanation
QUESTION 269
Configurations are commonly uploaded and downloaded to a WLC. Which options are other examples of a file that can be uploaded from a Cisco 2500
Series WLC?
A.
B.
C.
D.
packet capture
crash file
code
login banner
E. PAC
Correct Answer: B
Section: (none)
Explanation
QUESTION 270
Which two statements about the Cisco WLC and AP code upgrade when 7.0 is running are true? (Choose two.)
A.
B.
C.
D.
E.
F.
The AP can download and run new code only after a Cisco WLC reboot causes the AP discovery and join.
The AP can download new code before the Cisco WLC reboot, but only if the AP is configured the CLI via SSH.
The AP can download new code before Cisco WLC reboot if it is configuring the Cisco WLC directly using the GUI via HTTP or HTTPS.
The Cisco WLC defaults to booting newer code, but it can boot older backup code only from the CLI configuration.
The Cisco WLC can boot either primary or back code configured from the GUI.
The Cisco WLC can download only a single code at a time for reboot.
Correct Answer: CE
Section: (none)
Explanation
QUESTION 271
You are on the phone working with a colleague that is console connected to a lightweight AP that has lost its configuration. Which three actions are
necessary to allow the AP to connect to a controller? (Choose three.)
A.
B.
C.
D.
E.
F.
Configure the AP IP address.

Configure the controller name.
Configure the controller IP address.
Configure the AP hostname.
Configure the AP IP default-gateway.
Configure the AP username and password.
Correct Answer: ACE

Section: (none)
Explanation
QUESTION 272
You have a lightweight AP that has been moved to a new subnet and has become stranded because DNS and DHCP servers are unavailable. The AP
cannot connect to the controller. When connected to the console port, which three minimum parameters must you configure? (Choose three.)
A.
B.
C.
D.
E.
F.
AP IP address
controller name
AP hostname
default gateway IP address
controller IP address
username and password
Correct Answer: ADE

Section: (none)
Explanation
QUESTION 273
Which four levels of messages will be sent to the logging server? (Choose four.)
A.
B.
C.
D.
E.
F.
G.
H.
alerts
critcal
debugging
emergencies
errors
informational
notifications
warnings
Correct Answer: ABDE

Section: (none)
Explanation
Explanation:
There are a total of 8 logging severity levels. They are:
We can see from the output that the severity level was set to Critical, which means that all messages level 3 and less will be sent.
QUESTION 274
What APTx Power Level Assignment would be required to increase power by 3 dBm on 2.4GHz radio?
A.
B.
C.
D.
E.
F.
G.
H.
1
2
3
4
5
6
7
8
Correct Answer: D
Section: (none)
Explanation
From the output, we can see the current power level setting for the 802.11 bgn (2.4Ghz tab) is set at 5. Based on the following tyable from Cisco, that
would mean the output power is 3 mW:
Here is the power conversion table to go from mW to 3bm:
So, with a power level setting of 5, the output power is is 3mW, or 5 dbm. A power level of 4 would increase it to 6mW, or 8 dbm.
QUESTION 275
Tablets and other wireless clients are unable to connect at any 802.11 n data rates. What is the most likely cause of this problem?
A. WLAN > General properties are incorrectly configured.
B. WLAN >QoS properties are incorrectly configured.
C. WLAN > Security properties are incorrectly configured.
D. WLAN > Advanced properties are incorrectly configured.

E. Wireless > AP > 802.11 a/n is incorrectly configured.
F. Wireless > 802.11a/n > Network is incorrectly configured.
Correct Answer: C
Section: (none)
Explanation
Explanation:
802.11n only supports open authentication or the use of WPAv2 with AES. From the output shown in this question, we can see that WPA/WPA2 using
TKIP has been configured, not AES.
QUESTION 276
Old 2.4-GHz wireless laptops are unable to connect. What is the most likely cause of this problem?
A.
B.
C.
D.
E.
F.
WLAN > General properties are incorrectly configured.

WLAN >QoS properties are incorrectly configured.
WLAN > Security properties are incorrectly configured.
WLAN > Advanced properties are incorrectly configured.
Wireless > AP > 802.11 b/g/n AP is incorrectly configured.
Wireless > AP > 802.11 b/g/n > Network is incorrectly configured.
Correct Answer: F
Section: (none)
Explanation
Explnation:
Clienlink is not enabled and should be in a mixed client environment. Many networks still support a mix of 802.11a/g and 802.11n clients. Because
802.11a/g clients (legacy clients) operate at lower data rates, the older clients can reduce the capacity of the entire network. Cisco's ClientLink
technology can help solve problems related to adoption of 802.11n in mixed-client networks by ensuring that 802.11a/g clients operate at the best
possible rates, especially when they are near cell boundaries.
QUESTION 277
Which wireless topology supports roaming?
A.
B.
C.
D.
IBSS
BSS
ESS
bridging
Correct Answer: C
Section: (none)
Explanation
QUESTION 278
You are configuring an IP address on an autonomous access point. Which interface do you use to configure the IP address?
A.
B.
C.
D.
BVI1
FastEthernet 0
Dot11Radio0
VLAN 1
Correct Answer: A
Section: (none)
Explanation
QUESTION 279
You run minimum PEAP-GTC authentication in your wireless environment. Which version of Cisco Compatible Extensions supports PEAP-GTC?
A.
B.
C.
D.
E.
Cisco Compatible Extensions v1

Correct Answer: B
Section: (none)
Explanation
QUESTION 280
What does RF determine?
A.
B.
C.
D.
cycle pattern size

how often a wave occurs
signal size
quantity of energy injected in a signal
Correct Answer: B
Section: (none)
Explanation
QUESTION 281
Which module does the Cisco AnyConnect Secure Mobility client integrate into the AnyConnect client package for access to both wired and wireless
networks?
A.
B.
C.
D.
Network Access Manager

Telemetry
Web Security
DART
Correct Answer: A
Section: (none)
Explanation
QUESTION 282
Access points must discover a wireless LAN controller before they can become an active part of the network. In which order does an access point try to
discover a controller?
A. Layer 3 CAPWAP or LWAPP broadcast discovery

DHCP option 43
Locally stored controller IP address discovery
DNS controller name resolution
B. Layer 3 CAPWAP or LWAPP broadcast discovery
DHCP option 43
C. Layer 3 CAPWAP or LWAPP broadcast discovery
DHCP option 43
D. DNS controller name resolution
DHCP option 43
Layer 3 CAPWAP or LWAPP broadcast discovery
Correct Answer: C
Section: (none)
Explanation
QUESTION 283
You are configuring SNMPv1/v2c on a WLC. What should you do for improved security?
A.
B.
C.
D.
Remove the default SNMPv1 community.

Remove the default SNMPv1 and SNMPv2 communities.
Remove the default SNMPv2 community.
Remove the default SNMPv3 users.
Correct Answer: B
Section: (none)
Explanation
QUESTION 284
Which spread spectrum technique uses 11-bit chips to transmit 1 bit of data over a 22-MHz channel?
A.
B.
C.
D.
E.
DSSS
FHSS
OFDM
MIMO
CCK
Correct Answer: A
Section: (none)
Explanation
QUESTION 285
At which point in the network topology must the trunk be configured to support multiple SSIDs for voice and data separation?
A. A
B. B
C. C
D. D
Correct Answer: D
Section: (none)
Explanation
QUESTION 286
What is the IEEE name for a group of access points that are connected by using the Ethernet?
A.
B.
C.
D.
ESS
BSS
IBSS
ISS
Correct Answer: A
Section: (none)
Explanation
valid answer
QUESTION 287
Which type of frames are ACK and CF-ACK?
A.
B.
C.
D.
control
management
RTS/CTS
association
Correct Answer: A
Section: (none)
Explanation
QUESTION 288
The network administrator wants an access point to be able to find rogue APs and to support location-based services. Which AP mode meets this
requirement while having the radios up and preventing client connections?

A.
B.
C.
D.
monitor
sniffer
rogue-detection
H-REAP
Correct Answer: A
Section: (none)
Explanation
QUESTION 289
What are the interface statuses of a lightweight AP working in rogue-detection mode?
A.
B.
C.
D.
radios turned off, Ethernet interface up

radios and Ethernet interfaces up
radios turned on, Ethernet interface shut down
radios turned on, Ethernet interface status controlled by Cisco WLC
Correct Answer: A
Section: (none)
Explanation
QUESTION 290
What is the function of the Cisco AnyConnect DART tool?
A.
B.
C.
D.
creates a compressed bundle of client logs and information

visualizes a WLAN environment, showing the possible locations of problems
gathers statistics from neighboring clients for comparison to the baseline
helps to troubleshoot a WLAN connection by using easy-to-use wizards and statistic viewers
Correct Answer: A
Section: (none)
Explanation
QUESTION 291
Which Cisco program for WLAN client vendors helps to ensure that their devices are interoperable with Cisco WLAN infrastructure?
A.
B.
C.
D.
CCX
CCMP
ASDM
WLSE
Correct Answer: A
Section: (none)
Explanation
QUESTION 292
Which information on the Monitoring page of a Cisco WLC verifies that the wireless network is operational?
A.
B.
C.
D.
In the Access Point Summary section, the All APs number in the Up column is the same as in the Total column.
In the Client Summary section, the Current Clients number is positive.
In the Controller Summary section, the 802.11b/g Network State is shown as Enabled.
In the Controller Summary section, the CPU Usage number is positive.
Correct Answer: A
Section: (none)
Explanation
QUESTION 293
What is a risk when initiating the containment of a rogue AP?
A. disassociating clients of valid access points that are operated by a neighboring organization
B. disrupting transmission of neighboring AP clients
C. breaking the radio of the containing AP
D. breaking the rogue client radio or its firmware

Correct Answer: A
Section: (none)
Explanation
QUESTION 294
What does the yellow shield with the exclamation mark indicate?
A. The network uses open authentication and no encryption.
B. The network uses an unsupported channel.
C. The signal is too distorted to connect.
D. The AP that is transmitting this SSID uses the wrong RF domain.

E. This is the ad-hoc network.
Correct Answer: A
Section: (none)
Explanation
QUESTION 295
Which method is used to shield the client from class 3 management attacks?
A.
B.
C.
D.
E.
client MFP
WEP
WPA
client protection suite
802.1X
Correct Answer: A
Section: (none)
Explanation
QUESTION 296
Which protocol helps the administrator to determine whether a detected rogue AP is in the network of the organization?
A.
B.
C.
D.
RLDP
RCP
RDP
RAPP
Correct Answer: A
Section: (none)
Explanation
QUESTION 297
Which wireless client attempts to authenticate by using 802.1X?
A.
B.
C.
D.
supplicant
authenticator
EAP
RADIUS
Correct Answer: A
Section: (none)
Explanation
QUESTION 298
Which encryption algorithm does WPA use?
A.
B.
C.
D.
RC4
DES
AES
DH5
Correct Answer: A
Section: (none)
Explanation
QUESTION 299
Which statement about configuration of Layer 2 wireless user authentication on a Cisco WLC is true?
A.
B.
C.
D.
Local EAP is used only if an external RADIUS is not configured or is unreachable.

The external RADIUS is used only if local EAP is not configured.
The administrator chooses whether local EAP or an external RADIUS is used first.
The external RADIUS is used only if local EAP is explicitly disabled.
Correct Answer: A
Section: (none)
Explanation
QUESTION 300
Which option must be chosen if only the WPA is needed?

A.
B.
C.
D.
WPA+WPA2
Static-WEP + 802.1X
802.1X
CKIP
Correct Answer: A
Section: (none)
Explanation
QUESTION 301
Which statement describes a security weakness of a WPA2 with a PSK?
A.
B.
C.
D.
The compromised key can be used for another connection.

The key can be eavesdropped from the wireless medium.
The key can be recreated from a few eavesdropped frames.
The key is not case-sensitive and is vulnerable to compromise by brute-force methods.
Correct Answer: A
Section: (none)
Explanation
QUESTION 302
Which of the following statements are not correct about Client Management Frame Protection (MFP)? (Choose 2.)
A.
B.
C.
D.
E.
Client MFP can replace Infrastructure MFP in case only CCXv5 clients are used.
Client MFP encrypts class 3 Unicast management frames using the security mechanisms defined by 802.11i.
In order to use Client MFP the client must support CCXv5 and negotiate WPA2 with AES- CCMP or TKIP.
The only supported method to obtain the pre-user MFP encryption keys is EAP authentication.
CCXv5 client and access points must discard broadcast class 3 management frames.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 303
Corporation XYZ just underwent a third-party security audit. The auditors have required that the corporation implements 802.1x on its wireless network
and disable all pre-shared key WLANs as soon as possible. XYZ does not have an internal CA installed to provide server certificates today. However, it
wishes to implement an EAP method that requires clients to use server authentication in the future. XYZ also needs an EAP method that will allow both
Active Directory user authentication and time-based tokens.
What is the best EAP method for XYZ to implement?

A.
B.
C.
D.
TTLS
PEAP
FAST
TLS
Correct Answer: C
Section: (none)
Explanation
QUESTION 304
Which of the below parameters are used in calculating the range - maximum distance - of an outdoor link between two bridges? Choose two.
A.
B.
C.
D.
E.
The cable length between bridge and the connecting switch.

The bridge transmission power.
The outside temperature.
The modulation type.
The length of the antenna.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 305
When viewed from the side (in the H-plane), which two of the below statements describe the radiation pattern of a patch and a Yagi antenna? (Choose
two.)
A.
B.
C.
D.
E.
the patch patterns are egg-shaped.

the patch patterns are conical.
the patch patterns are doughnut-shaped.
the Yagi patterns are conical.
the Yagi patterns are egg-shaped.
F. the Yagi patterns are doughnut-shaped.

Correct Answer: AD
Section: (none)
Explanation
QUESTION 306
The transmit power level on an 802.11a radio is configured for 25 mW. What is the corresponding value in decibels?
A.
B.
C.
D.
E.
2.5 dBm
3 dBm
14 dBm
18 dBm
none of the above
Correct Answer: C
Section: (none)
Explanation
QUESTION 307
Users complain about intermittent wireless connectivity issues. You see the following message on your Cisco WCS, corresponding the time the
connectivity issues occurred.
AP 'building-1-entrance', interface '802.11b/g' on Controller '10.1.1.2'. Noise threshold violated.
What do you do?
A.
B.
C.
D.
Increase the interference threshold from the default 10%.

Use a spectrum analyzer to discover the noise source.
Check the logs for rogues in the area, and turn on rogue mitigation.
Increase the power of the APs in the entrance hall.
Correct Answer: B
Section: (none)
Explanation
QUESTION 308
Which environmental phenomena can cause considerable degradation to your wireless signals?
A.
B.
C.
D.
multipath, reflection, scattering, refraction

multipath, alpha particles, diversity, absorption
multipath, cosmic radiation, free path loss, scattering
multipath, convergence, refraction, gamma rays
Correct Answer: A
Section: (none)
Explanation
verified answer
QUESTION 309
After setting up an AP to be part of network where WDS is running, you notice that the newly added AP is not able to join the WDS device. On the newly
added AP, you only configure wlccp ap username cisco password ccie. You enable debug radius local-server error to help troubleshoot the issue.
Given the debug output, what is the most likely cause of the issue?
A.
B.
C.
D.
The WDS device is configured as a local RADIUS and the EAP packets are looping in the network.
The WDS device is configured as a local RADIUS and there is a mismatch on the RADIUS shared secret.
The newly added AP is configured with a wrong password.
The RADIUS server is not reachable.
E. The WDS device is configured for EAP-FAST authentication and the newly added AP is using LEAP.
Correct Answer: C
Section: (none)
Explanation
QUESTION 310
The QoS implementation for WLANs differs from QoS implementation on other Cisco devices. With QoS enabled on autonomous APs, which two
statements are true? (Choose two.)
A. Autonomous APs do not prioritize packets; they classify packets based on DSCP value, client type, or the priority value in the 802.1Q or 802.1p tag.
B. Autonomous APs do not construct internal DSCP values; they only support mapping by assigning IP DSCP, precedence, or protocol values to Layer
2 CoS values.
C. Autonomous APs do not support 802.1Q or 802.1p tagged packets.
D. Autonomous APs prioritize the traffic from voice clients over traffic from other clients when the QoS Element for Wireless Phones feature is enabled.
Correct Answer: BD
Section: (none)
Explanation
accurate answers
QUESTION 311
A network administrator changed some wireless network SSID configuration settings on an autonomous AP. As a result, old clients can still connect by
using the saved configuration on their wireless networks; however, new clients are not able to view or connect to the SSID.
What is most likely the cause of the problem?
A.
B.
C.
D.
The network administrator configured the SSID to not accept any new clients.
The network administrator removed the broadcast command from the SSID configuration.
The network administrator removed the guest-mode command from the SSID configuration.
The network administrator changed the encryption algorithm of the SSID.
Correct Answer: C
Section: (none)
Explanation
QUESTION 312
When you have an AP in autonomous mode, you can configure the AP to only allow console or Telnet access to authorized users. What is the correct
command sequence to achieve RADIUS login authentication via console?
A. configure terminal
aaa new-model
aaa authentication login default
line console 0
login authentication default
radius-server host 172.10.0.1 auth-port 1645 acct-port 1646
B. configure terminal
aaa new-model
aaa authentication login default group radius
line console 0
C. configure terminal
aaa new-model
D. configure terminal
aaa new-model
line console 0
login authentication default group radius
Correct Answer: B
Section: (none)
Explanation
QUESTION 313
When viewing the configuration of an autonomous AP, you see these SNMP commands:
snmp-server community comaccess ro 4
snmp-server enable traps snmp authentication

snmp-server host cisco.com version 2c public
Which statement about these commands is true?
A. These commands block read-only access for all objects to access list 4 members that use the comaccess community string. All other SNMP
managers have access to any objects. SNMPv2c sends SNMP Authentication Failure traps to the host cisco.com, using the public community string.
B. These commands allow write-only access for all objects to access list 4 members that use the comaccess community string. No other SNMP
C. These commands allow read-only access for all objects to access list 4 members that use the comaccess community string. No other SNMP
D. These commands allow read-only access to access list 4 members that use the comaccess community string. SNMPv2c sends SNMP
Authentication Failure traps to the host cisco.com, using the public community string.
Correct Answer: C
Section: (none)
Explanation
QUESTION 314
This setup uses two Cisco APs as wireless bridges. One bridge is configured for root bridge mode and the other is configured for non-root bridge mode.
Client A associates with the root bridge and Client B associates with the non-root bridge. Which three statements are true? (Choose three.)
A.
B.
C.
D.
E.
F.
Two bridges that are in root mode can talk to each other.
Only one device can connect to the ethernet connection of the non-root bridge.
For two bridges to communicate with each other, one bridge should be in root mode and the other must be in non-root mode.
The default setting of a bridge is root.
Two bridges that are in root mode cannot talk to each other.
The default setting of a bridge is non-root.
Correct Answer: CDE

Section: (none)
Explanation
QUESTION 315
This portion of a Cisco IOS AP configuration refers to a multiple SSID and VLAN configuration. Which statement is false?
A.
B.
C.
D.
The mbssid guest-mode command allows guest users to connect to the SSID.
All SSIDs are broadcast by and visible to clients.
The EAP SSID allows client to connect to it by using PEAP as an authentication method.
The AP needs to have subinterfaces 80, 81, and 82 configured, both on the radio 0 and Ethernet interfaces.
Correct Answer: A
Section: (none)
Explanation
QUESTION 316
When you set up an 802.11n-capable network using autonomous APs, which two settings let you achieve 802.11n rates? (Choose two.)
A.
B.
C.
D.
E.
F.
G.
no encryption
WPA2 AES-CCMP encryption
WEP encryption
Cisco Key Integrity Protocol encryption
WPA1 TKIP encryption
WPA2 TKIP encryption
PSK
Correct Answer: AB
Section: (none)
Explanation
QUESTION 317
Which authentication method is not supported when using the local RADIUS server feature of an autonomous AP?
A.
B.
C.
D.
EAP-FAST
EAP-TLS
LEAP
MAC
Correct Answer: B
Section: (none)
Explanation
QUESTION 318
Given this debug output from the debug wlccp wds mn command, which event has occurred?
A.
B.
C.
D.
A wireless client with an IP address of 192.168.200.33 has joined the Cisco WDS domain.
A wireless client with an IP address of 192.168.200.33 has re-associated to the Cisco WDS domain.
A wireless client has been removed from the Cisco WDS domain.
A wireless client has failed authentication.
Correct Answer: A
Section: (none)
Explanation
QUESTION 319
Where is Ethernet bridged traffic terminated in a mesh network?
A.
B.
C.
D.
WLC
WGB
MAP
RAP
Correct Answer: D
Section: (none)
Explanation
answer is perfect
QUESTION 320
Which two statements about the CleanAir and AP modes are true? (Choose two.)
A.
B.
C.
D.
E.
The CleanAir chipset on local mode APs can scan all channels simultaneously.
The CleanAir chipset on local mode APs scans only the current channel and only when the AP is silent.
Monitor mode AP interferer reports cannot be merged unless you have a Cisco MSE.
Monitor mode APs have no advantage over local mode APs for CleanAir.
Enhanced local mode (wIPS) allows the CleanAir chipset to scan all channels.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 321
What is the MAPs behavior if you enable mesh ethernet-bridging vlan-transparent on them?
A. The MAPs bridge traffic that came from the Ethernet port, but only if the vlan tag matches the Cisco WLC configured VLANs and interfaces.
B.
C.
D.
E.
The MAPs bridge traffic according to the VLAN configuration.

The MAPs bridge toward the backhaul all traffic that arrives on the Ethernet port, without touching the vlan tag.
The MAPs bridge toward the backhaul only traffic that arrives as untagged on the Ethernet port.
The MAPs untag all traffic that arrives on the Ethernet port and bridge all the traffic toward the backhaul.
Correct Answer: E
Section: (none)
Explanation
QUESTION 322
Which statement about the beamforming (ClientLink) feature on the Cisco WLC is true?
A.
B.
C.
D.
It works only with 802.11n APs and clients.

It works only with 802.11n APs and 802.11b/g clients.
It provides a signal gain when the AP transmits towards the client.
It provides a signal gain in both directions (AP to client and client to AP).
Correct Answer: C
Section: (none)
Explanation
QUESTION 323
You are running 7.0.116.0. Connecting wireless clients have an HTTP proxy server configured and need to get web redirected in a web authentication
(guest) SSID. Which two statements are true? (Choose two.)
A.
B.
C.
D.
You do not need to enable WebAuth proxy redirection on the WLC.

You need to enable WebAuth proxy redirection on the WLC.
You need to configure DHCP option 252 on the WLC to provide clients with proxy configuration for their browser.
The clients need to manually enter an exception in their browser proxy rule for the WLC virtual IP address.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 324
To improve the overall wireless experience of your users, you do not want any clients to use 802.11b data rates to associate to your wireless network.
You do not want 802.11a/g/n data rates to be affected in any way. Which two configuration tasks on the Cisco WLC will achieve this goal? (Choose two.)
A.
B.
C.
D.
E.
F.
Disable the 1, 2, 5.5, and 11 Mb/s data rates.

Disable all data rates below 12 Mb/s.
Configure the WLAN radio policies to 802.11a/g only.
Disable the 802.11b network on the Cisco WLC.
Disable the 2.4 GHz radio on all the APs.
Disable the DSSS data rates.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 325
After a scheduled downtime of your 5508 WLC, you notice that only a handful of the 100 APs are rejoining the controller. All the APs are in the same
subnet and use default settings. Cisco WLC debugs indicate that the APs are sending discovery and join requests. Only after shutting down all the
switch ports that connect to the APs and turning five ports back on at a time can you rejoin all the APs. Why were the APs unable to rejoin the Cisco
WLC, and how can you prevent this from happening in the future?
A. Having all the APs in the same VLAN created a Layer 2 broadcast storm, preventing the APs from receiving discovery and join responses from the
Cisco WLC. You can prevent this by configuring the APs to send syslog messages to a multicast address, using the Cisco WLC CLI only.
B. Having all the APs in the same VLAN created a Layer 2 broadcast storm, preventing the APs from receiving discovery and join responses from the
Cisco WLC. You can prevent this by configuring the APs to send syslog messages to a unicast address, using the Cisco WLC CLI only.
C. Having all the APs in the same VLAN created a Layer 3 broadcast storm, preventing the APs from receiving discovery and join responses from the
Cisco WLC. You can prevent this by configuring the APs to send syslog messages to a unicast address, using the Cisco WLC CLI only.
D. Having all the APs in the same VLAN created a Layer 2 broadcast storm. You cannot prevented this from happening again.
Correct Answer: B
Section: (none)
Explanation
QUESTION 326
Which statement about H-REAP and FlexConnect APs on a Cisco WLC is false?
A.
B.
C.
D.
Cisco CKM roaming is supported within an H-REAP group of APs.

Cisco CKM roaming is unsupported between local mode APs and H-REAP APs.
HREAP AP in standalone mode can authenticate new clients for CCKM roaming.
H-REAP APs can have some locally switched WLANs and some centrally switched WLANs.
Correct Answer: C
Section: (none)
Explanation
QUESTION 327
In order to configure the MAP authorization using an external AAA server for the indoor MAP 1260 with the Ethernet MAC address 00:1d:a1:fe:e5:44 and
base radio MAC address
00:1f:9d:2a:3f:10, which two user accounts are to be created on the RADIUS server? (Choose two.)
A.
B.
C.
D.
E.
F.
00:1f:9d:2a:3f:10
001da1fee544
c1260-001da1fee544
ap3g1-001da1fee544
c1260-001f9d2a3f10
ap3g1-001f9d2a3f10
Correct Answer: BD
Section: (none)
Explanation
QUESTION 328
With five devices connected to an AP radio, this Cisco WCS alarm was activated. Which action will prevent this alarm from appearing again when 10
devices connect to the AP radio?
A.
B.
C.
D.
Within Cisco WCS, modify the Max client event parameters to trigger an alarm when 11 or more clients associate to the radio.
Within Cisco WCS, create an RRM template to modify the Max clients setting and apply it to all controllers.
Within Cisco WCS, enable spectrum load balancing for this AP.
Within Cisco WCS, modify the alarm settings to activate on 11 or more clients.
Correct Answer: B
Section: (none)
Explanation
QUESTION 329
Which three statements about the Cisco WCS auto-provisioning feature are true? (Choose three.)
A.
B.
C.
D.
E.
F.
Auto-provisioning allows WCS to automatically configure a new or replace a current wireless LAN controller.
The service port of the WLAN controller is required to have network connectivity for the auto-provisioning process to begin.
DHCP Option 43 (vendor-specific information) has to be configured in the DHCP scope options for the auto-provisioning process to begin.
DHCP Option 150 (TFTP server address) has to be configured in the DHCP scope options for the auto-provisioning process to begin.
Using the add filter command in WCS will create a controller configuration file.
WCS auto-provisions the management interface of the WLAN controller by pushing a predefined template.
Correct Answer: ADE

Section: (none)
Explanation
QUESTION 330
Based on this Cisco Spectrum Expert "FFT Duty Cycle" screen capture, which device type is most likely generating the signal in Wi-Fi channel 1?
A. a broad-spectrum, low-power device
B. a high-power, broad-spectrum, frequency-hopping device
C. a spread-spectrum, narrowband, frequency-hopping device
D. a high-power, narrow-spectrum, direct-sequence device using CCK modulation

Correct Answer: B
Section: (none)
Explanation
QUESTION 331
To manage the wireless network separately, an IT administrator created several virtual domains on the Cisco WCS. APs and WLCs were assigned to
these virtual domains. However, when the IT staff logs into the Cisco WCS, they are assigned to the default root domain. The Cisco WCS login request
is authenticated by an external RADIUS server. What needs to be configured next to solve this problem?
A.
B.
C.
D.
E.
The IT administrator needs to add the correct attribute in the RADIUS server to assign the administrator to the proper virtual domain.
The IT administrator needs to add local user accounts in the Cisco WCS.
The administrator needs to change to TACACS+ authentication because the virtual domain cannot be assigned via RADIUS authentication.
Users need to manually select the proper virtual domain after logging into the root domain.
The IT administrator needs to configure the user group settings to map users to the proper virtual domain.
Correct Answer: A
Section: (none)
Explanation
QUESTION 332
Following the instructions in the configuration guide, the IT staff backs up the historical data of the installed Cisco MSE. Where does this data gets
stored?
A.
B.
C.
D.
On the Cisco MSE, in the root path.

In the FTP directory that is specified during Cisco WCS installation.
In the directory that is specified during the backup operation.
In the TFTP directory that is specified during Cisco WCS installation.
Correct Answer: B
Section: (none)
Explanation
QUESTION 333
Which two statements about the Cisco WCS alarms and events are true? (Choose two.)
A.
B.
C.
D.
An alarm is the listing of an SNMP trap from a WLAN controller.

An event can be a report about radio interference crossing a threshold.
An alarm is a Cisco WCS response to one or more related events.
An event summary of critical, major, and minor events is displayed at the top of the Cisco WCS page.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 334
Which statement about the Cisco WCS security index is true?
A.
B.
C.
D.
The security index will display red (high threat level) when the managed WLAN detects multiple rogues and attack signatures.
The security index is a weighted scale of WLAN security ranging from 0 least risk (secure) to 100 high risk (unsecure).
The security index uses device configuration parameters to assign a weighted value of network security.
The security index of the Cisco WCS managed network is the average of all controller and Cisco MSE scores.
Correct Answer: C
Section: (none)
Explanation
QUESTION 335
According to the Cisco WCS CleanAir dashboard, which interferer is causing the most interference at the time of the capture?
A.
B.
C.
D.
video camera
Bluetooth link
DECT-like phone
DECT phone
Correct Answer: D
Section: (none)
Explanation
QUESTION 336
Which statement about this Cisco WCS wIPS configuration is true?

A.
B.
C.
D.
Only a Cisco WLC and an AP are required to detect these wIPS signatures.
APs in monitor mode are required to detect these wIPS signatures.
Cisco WCS, a Cisco WLC, Cisco MSE, and an AP in enhanced local mode are required to detect these wIPS signatures.
Cisco WCS, a Cisco WLC, Cisco MSE, and an AP in FlexConnect mode are required to detect these wIPS signatures.
Correct Answer: B
Section: (none)
Explanation
QUESTION 337
You are working for a South American services integrator. Your customer has a working unified Cisco WLC solution in Costa Rica (-A domain). You
need to integrate an office in Panama (-N domain); correct APs are already deployed for this domain. Which approach do you take?
A.
B.
C.
D.
Do nothing. These APs will work on the same Cisco WLC because the countries are neighbors.
Change the APs in the Panama office to AIR-CAP3502E-N-K9, which have external antennae.
Use the config domain add -N command on the Cisco WLC.
Add the country code for Panama (PA) through the Cisco WLC web GUI.
Correct Answer: D
Section: (none)
Explanation
QUESTION 338
Which role does the Wi-Fi Alliance fulfill regarding WLANs?
A.
B.
C.
D.
creates global interoperability for wireless channels and spectrum

maintains and creates the protocol standards by which wireless devices work
ensures that wireless products that are available to consumers provide the features that the products claim to have
creates strict regulations
Correct Answer: C
Section: (none)
Explanation
updated answer
QUESTION 339
One of your customers is thinking of deploying wireless in a building. Which two items should you establish in a pre-site survey? (Choose two.)
A. the exact channels that should be used
B.
C.
D.
E.
the agreed coverage areas for the design

the access security arrangements for getting into the building
the type of deployment (data-only service, voice service, or location services)
sources of RF interference
Correct Answer: BD
Section: (none)
Explanation
QUESTION 340
On AIR-CAP3500 Series APs, which AP mode allows you to intensively analyze the frequency spectrum and detect interferers?
A.
B.
C.
D.
E.
Sniffer
Monitor
SE-Connect
Analyzer
Rogue Detector
Correct Answer: C
Section: (none)
Explanation
QUESTION 341
Which statement about customization of a web page that is used on a WLC to authorize guest users is true?
A.
B.
C.
D.
The administrator can use either a modified internal login page or the customized web page.
The administrator can use only the internal login page, and only the organization logo can be changed.
The administrator can use only the internal login page with a customized logo, headline, and message.
The administrator can use only the customized web page that is uploaded to a WLC.
Correct Answer: A
Section: (none)
Explanation
QUESTION 342
What is Cisco WCS Navigator?
A.
B.
C.
D.
E.
a single point of management for multiple Cisco WCS servers

a server for storing and reviewing Cisco Spectrum Expert station data
a server for storing the location data of wireless clients
a GUI for displaying the data of Cisco CleanAir APs, aligned with an uploaded map
a single point of management for multiple Cisco WLC systems
Correct Answer: A
Section: (none)
Explanation
QUESTION 343
What is the maximum number of access points supported on Cisco WCS with an enterprise license?
A.
B.
C.
D.
5,000
10,000
50,000
100,000
Correct Answer: C
Section: (none)
Explanation
QUESTION 344
Which user group has the ability to configure all features of the Cisco WCS except the user accounts and passwords?
A. Admin
B. SuperUser
C. Root
D. Supervisor
Correct Answer: A
Section: (none)
Explanation
QUESTION 345
What must be done for Cisco WLC and Cisco WCS to communicate?
A.
B.
C.
D.
The IP address and subnet mask of the Cisco WLC must be configured in the Cisco WCS.
The IP address and subnet mask of the Cisco WCS must be configured in the Cisco WLC.
The identity certificate of the Cisco WLC must be added to the Cisco WCS.
The Cisco WLC and Cisco WCS must exchange identity certificates.
Correct Answer: A
Section: (none)
Explanation
QUESTION 346
The administrator has noticed that the configuration on a controller is different than in Cisco WCS. How can the administrator fix this issue?
A.
B.
C.
D.
The configuration can be copied from the controller to the Cisco WCS or from the WCS to the controller.
The configuration can be copied only from the Cisco WCS to the controller.
The configuration can be copied only from the controller to the Cisco WCS.
The controller must be removed from the Cisco WCS and then added again.
Correct Answer: A
Section: (none)
Explanation
QUESTION 347
The Cisco WCS administrator wants to create an accurate RF heat map based on RF prediction data. Which statement about map creation in Cisco
WCS is true?
A.
B.
C.
D.
The administrator must manually add walls, doors, and windows to the map.
Cisco WCS automatically detects walls, doors, and windows and adds them to the map, but only when Cisco WCS Navigator is available.
Cisco WCS automatically detects walls, doors, and windows and adds them to the map, but only when a Cisco 3300 Series MSE is available.
All walls, doors, and windows must be included in the file that is uploaded as a background map.
Correct Answer: A
Section: (none)
Explanation
QUESTION 348
What is the meaning of the inverted orange triangle (marked "0") in the Alarm Summary tab of Cisco WCS?
A.
B.
C.
D.
number of major alarms

number of minor alarms
number of critical alarms
number of system alarms
Correct Answer: A
Section: (none)
Explanation
QUESTION 349
A Cisco WCS administrator has marked an alarm as acknowledged. For how many days does Cisco WCS prevent the alarm from reappearing, even if
the source of the alarm reoccurs?
A.
B.
C.
D.
1
7
10
30
Correct Answer: B
Section: (none)
Explanation
QUESTION 350
The administrator needs to create a report that shows all controllers, APs, and Cisco 3300 Series MSEs in the WLAN, including hardware and software
information. Which report includes this information?
A.
B.
C.
D.
Device > Inventory

Mesh > Nodes
Network Summary > Executive Summary
Network Summary > 802.11 Summary
Correct Answer: A
Section: (none)
Explanation
QUESTION 351
Which Cisco WLC command family can help to troubleshoot communication between an AP and the WLC?
A. (Cisco Controller) >debug capwap
B. (Cisco Controller) >debug ap
C. (Cisco Controller) >debug cac

D. (Cisco Controller) >debug dot11
Correct Answer: A
Section: (none)
Explanation
QUESTION 352
Which syslog facility option is shown?

A.
B.
C.
D.
an information field, which is added to every message that comes from the WLC
a security feature, which is set on the syslog server
the type of syslog server
the Cisco WLC identifier for this syslog server
Correct Answer: A
Section: (none)
Explanation
QUESTION 353
Which action secures the SNMPv2C protocol in a Cisco WLC?
A.
B.
C.
D.
configure new communities and disable default communities

use digital certificates to authenticate and encrypt transmissions
enable password or transfer encryption
set a username and difficult-to-guess password
Correct Answer: A
Section: (none)
Explanation
QUESTION 354
What is the purpose of the Log Analysis tab on the Client Troubleshooting page in Cisco WCS?
A.
B.
C.
D.
After you click start, the tab shows debug information for the client that is trying to re- associate.
The tab searches the logs for similar problems of other clients and generates a report.
The tab generates a report from historical logs for the client that is having problems.
The tab shows logs from the past hour for the client that is having problems.
Correct Answer: A
Section: (none)
Explanation
QUESTION 355
Which tool is shown?

A.
B.
C.
D.
Cisco WCS client troubleshooting tool

Cisco WLC client troubleshooting tool
WLAN Client Debug Analyzer
Cisco WLAN Connection Advisor
Correct Answer: A
Section: (none)
Explanation
QUESTION 356
Which two of the following authentication methods used for WiFi security require the use of certificates? (Choose two.)
A.
B.
C.
D.
E.
F.
PEAP
EAP-FAST
WPA2
WPA1
EAP-TLS
EAP-MD5
Correct Answer: AE
Section: (none)
Explanation
QUESTION 357
You are designing a wireless network in a medical facility. Which three areas are bad locations in which to install a wireless access point? (Choose
three.)
A.
B.
C.
D.
E.
F.
in front of the elevators doors

in the hallways
next to the electrical room
inside offices
near medical imaging devices
in the lobby
Correct Answer: ACE

Section: (none)
Explanation
QUESTION 358
What are the three primary functions of the Cisco Unified Wireless LWAPP architecture? (Choose three.)
A.
B.
C.
D.
E.
F.
control and management of the CAPWAP

tunneling of VPN clients over the WAN
tunneling of WLAN client traffic to the WLC
collection of 802.1Q trunks
collection of 802.11 data for management
control and management of VTP
Correct Answer: ACE

Section: (none)
Explanation
QUESTION 359
During Layer 2 intercontroller roaming, which two items change? (Choose two.)
A.
B.
C.
D.
E.
SSID
VLAN
IP address
AP
controller
Correct Answer: DE
Section: (none)
Explanation
QUESTION 360
Which of the following are three functions of Cisco RRM? (Choose three.)
A. TPC
B. intercontroller roaming
C. dynamic channel assignment
D. intracontroller roaming
E. coverage hole detection
Correct Answer: ACE
Section: (none)
Explanation
QUESTION 361
You are setting up a laptop to connect to the wireless network of your organization. The protocols that are used for the corporate network are WPA2
Enterprise, PEAP, and AES. Which three parameters do you need to configure in the Windows 7 wireless network properties for this connection?
(Choose three.)
A.
B.
C.
D.
E.
F.
VLAN
encryption type
authentication method
VRF
security type
IP address
Correct Answer: BCE

Section: (none)
Explanation
QUESTION 362
What are three characteristics of the 802.11g standard? (Choose three.)
A.
B.
C.
D.
E.
F.
speed of as much as 11 Mb/s

speed of as much as 54 Mb/s
backward-compatibility with 802.11a
backward-compatibility with 802.11b
OFDM as an additional modulation technique
OFDM and CCK as additional modulation techniques
Correct Answer: BDE

Section: (none)
Explanation
QUESTION 363
Which two types of encryption does Windows support for WPA2 security for wireless connections? (Choose two.)
A.
B.
C.
D.
E.
AES
DES
PGP
TKIP
WEP
Correct Answer: AD
Section: (none)
Explanation
QUESTION 364
Which three switch port types are valid for these connections? (Choose three.)
A. access
B. port-channel
C. port-channel trunk
D. trunk
E. port-channel access
F. routed port
Correct Answer: ACD
Section: (none)
Explanation
QUESTION 365
Which two wireless technologies can interfere with 802.11 networks? (Choose two.)
A.
B.
C.
D.
DECT
ZigBee
WiMax
GSM
Correct Answer: AB
Section: (none)
Explanation
QUESTION 366
Which two algorithms are available in RRM? (Choose two.)
A.
B.
C.
D.
E.
coverage-hole detection
dynamic channel assignment
RSSI normalizer
transmitting channel expander
rogue detection
Correct Answer: AB
Section: (none)
Explanation
QUESTION 367
Which two pieces of information are needed for the wireless client to connect to the wireless network? (Choose two.)
A.
B.
C.
D.
SSID
security settings
channel number
AP name
Correct Answer: AB
Section: (none)
Explanation
QUESTION 368
What are two wireless configuration utilities for Apple Mac computers? (Choose two.)
A.
B.
C.
D.
E.
AirPort
AirPort Extreme
AirManager
AirManager Supreme
AirAssistant Ultimate
Correct Answer: AB
Section: (none)
Explanation
QUESTION 369
What are two modules of the CCX Lite program? (Choose two.)
A.
B.
C.
D.
foundation
voice
RF power
roaming
Correct Answer: AB
Section: (none)
Explanation
QUESTION 370
What are two security threats to wireless networks? (Choose two.)
A.
B.
C.
D.
ad-hoc networks
client misassociation
port redirection
cross-site scripting
Correct Answer: AB
Section: (none)
Explanation
QUESTION 371
In a network with a deployed Cisco WLC, which two entities must be configured with the shared secret key for 802.1X authentication? (Choose two.)
A.
B.
C.
D.
E.
WLC
RADIUS server
AP
supplicant
wireless client
Correct Answer: AB
Section: (none)
Explanation
QUESTION 372
Which two formats are supported for uploading background graphics to create a network map in Cisco WCS? (Choose two.)
A.
B.
C.
D.
PNG
JPEG
DWG
TIFF
Correct Answer: AB
Section: (none)
Explanation
QUESTION 373
Which two destinations can Cisco WCS administrators specify for a scheduled report? (Choose two.)
A.
B.
C.
D.
a file on the Cisco WCS

a specified email address
a specified World Wide Web server
a TFTP server
Correct Answer: AB
Section: (none)
Explanation
QUESTION 374
Which two formats are available for Cisco WCS reports? (Choose two.)
A.
B.
C.
D.
PDF
CSV
HTML
TXT
Correct Answer: AB
Section: (none)
Explanation
QUESTION 375
Which two protocols are available to download or upload files to or from Cisco WLC? (Choose two.)
A.
B.
C.
D.
E.
FTP
TFTP
SCP
HTTP
HTTPS
Correct Answer: AB
Section: (none)
Explanation
QUESTION 376
Your site has already been surveyed at 5 GHz for 802.11n VoWLAN services. Which services can you add safely, without conducting an additional site
survey? (Choose two.)
A.
B.
C.
D.
E.
enhanced Layer 2 or Layer 3 security of the WLAN

optional MFP client protection for Cisco Client Extensions Version 5 clients
802.11n data services on the 2.4 GHz Frequency
802.11n voice services on the 2.4 GHz Frequency
new services (such as location) on both frequencies
Correct Answer: AB
Section: (none)
Explanation
QUESTION 377
Which type of indoor Cisco AP should you deploy to make use of spatial multiplexing?
A. AIR-LAP1242AG
B.
C.
D.
E.
AIR-BR1310G
AIR-LAP1131AG
AIR-LAP1252AG
AIR-LAP1524AG
Correct Answer: D
Section: (none)
Explanation
QUESTION 378
You have been hired to conduct a predeployment indoor wireless site survey. Which item is not needed before starting the project?
A.
B.
C.
D.
E.
a statement of work that details the areas of the facility in which the customer wants to deploy wireless
architecture drawings of the facility
topographical maps
a list of client devices and applications that will use wireless at the facility
Layer 2 security requirements for the WLAN
Correct Answer: C
Section: (none)
Explanation
answer is corrected
QUESTION 379
Which regulatory body develops standards for European information and communication technologies?
A.
B.
C.
D.
European Union
European Telecommunications Standards Institute
European Radio and Telecommunications Terminal Equipment Directive
International Organization for Standardization
Correct Answer: B
Section: (none)
Explanation
QUESTION 380
Refer to exhibit.
Which type of RF signature does the exhibit illustrate on channel 1?

A.
B.
C.
D.
E.
broadcast probe flood

video camera
Wi-Fi inverted
NULL probe response
none of the above
Correct Answer: B
Section: (none)
Explanation
QUESTION 381
ABC Company end users are reporting voice roaming issues. Which two situations are possible causes? (Choose two.)
A.
B.
C.
D.
E.
The RF coverage cells have only 10-percent overlap; 15- to 20-percent cell overlap is typically needed for seamless roaming.
The RF coverage is colocated.
There is interference from a 5 GHz DECT-like phone.
The RF coverage cells have only 20-percent overlap; 25- to 30-percent cell overlap is typically needed for seamless roaming.
There is interference from the cellular network.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 382
After interviewing the customer to understand its wireless client requirements, you determine that 802.11b must be enabled to support legacy clients
within a mixed-mode environment. What recommendation will have the greatest mitigation on the effects of 802.11b clients on the rest of the network?
A.
B.
C.
D.
Restrict the use of OFDM modulation.

Make 11 Mb/s the lowest mandatory rate.
Enable a separate SSID for 802.11b clients.
Enable short preamble.
Correct Answer: B
Section: (none)
Explanation
QUESTION 383
When conducting a greenfield RF site survey with multiple APs, which information element should be enabled to ensure your site survey software will
display the hostname of each AP?
A. IE 0
B. IE 1
C. IE 133
D. IE 221
Correct Answer: C
Section: (none)
Explanation
QUESTION 384
Corporation XYZ has 25 buildings (with a total of 12000 employees) and would like to implement a single SSID across their entire site. Which feature
would be helpful to prevent wireless internet access from 1 of the 25 buildings?
A.
B.
C.
D.
AP groups
AAA override
WLAN override
MAC filtering
Correct Answer: A
Section: (none)
Explanation
QUESTION 385
Which three of these are considered Cisco RF guidelines for a proper VoWLAN deployment? (Choose three.)
A.
B.
C.
D.
E.
F.
Cell edge should be -67 dBm with 20 to 30 percent overlap.

Channel utilization should be kept under 30 percent.
Noise levels should not exceed -92 dBm.
Packet loss should not exceed 5 percent.
Jitter should be kept at a minimum (less than 300 ms).
802.11 retransmissions should be less than 20 percent.
Correct Answer: ACF

Section: (none)
Explanation
QUESTION 386
Which IEEE standard allows for the use of multiple 2-MHz communication channels within the 2.4-GHz spectrum?
A.
B.
C.
D.
E.
802.14
802.15.4
802.16.1
802.18
802.19
Correct Answer: B
Section: (none)
Explanation
QUESTION 387
While reviewing data gathered during a passive RF site survey for an existing network of Cisco Aironet 1260 Series Access Points, you discover a high
amount of potential co-channel interference throughout the network. Which two of these are potential causes? (Choose two.)
A.
B.
C.
D.
E.
an inconsistent beacon interval

EDRRM is not enabled
the APs are placed too close together
a static channel plan is used
the radio policy is inadvertently set identically for all SSIDs
Correct Answer: CD
Section: (none)
Explanation
QUESTION 388
You are tasked with creating a controller-based high-density RF design. Which three factors determine the cell size? (Choose three.)
A.
B.
C.
D.
E.
F.
antenna type
ClientLink support
basic data rate
TPC threshold setting
AP placement
free space path loss
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 389
Cisco Secure ACS 5.2 shows successful TACACS+ authentication and authorization for the user, but access to the Cisco WLC GUI fails. What is the
reason for this failure?
A. The user password is incorrect.
B. The authorization response does not include a Privilege-Level attribute.
C. The assigned role is incorrect.
D. The received TACACS+ packet is not encrypted.

Correct Answer: C
Section: (none)
Explanation
accurate answer
QUESTION 390
On a Cisco WLC, which NTP authentication type or types are supported?
A.
B.
C.
D.
E.
MD5 and DES

MD5, DES, and DES-CBC
MD5
DES
DES-CBC
Correct Answer: C
Section: (none)
Explanation
QUESTION 391
You are configuring a RADIUS server and the security team asks you for details about this protocol. Which three statements about the RADIUS protocol
are true? (Choose three.)
A.
B.
C.
D.
E.
F.
It is TCP based.
It is UDP based.
RADIUS servers use port 1645 or port 1812 for authentication.
RADIUS servers use port 1646 or port 1813 for authorization.
The username is sent in cleartext.
The username is encrypted.
Correct Answer: BCE

Section: (none)
Explanation
QUESTION 392
In a bridge-to-bridge setup, the network administrator wants to allow only the root bridge the ability to associate to the non-root bridge. To achieve this
goal, the administrator decides to implement a MAC filter. If 0017.dfa6.cdf0 is the MAC address of the root AP (ROOT_AP) and 0017.dfa6.ae13 is the
MAC address of the non-root AP (NON-ROOT_AP), which command set will achieve this goal?
A. ROOT_AP# configure terminal
ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 ROOT_AP(config)# dot11 association mac-list 700
B. NON-ROOT_AP# configure terminal
NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 NON-ROOT_AP(config)# dot11 association mac-list 700
C. NON-ROOT_AP# configure terminal
NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.ae13 NON-ROOT_AP(config)# dot11 association mac-list 700
D. NON-ROOT_AP# configure terminal
NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 NON-ROOT_AP(config)# dot11 ssid bridge
NON-ROOT_AP(config-ssid)# dot11 association mac-list 700
E. ROOT_AP# configure terminal
ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 ROOT_AP(config)# interface Dot11Radio0
ROOT_AP(config-if)# dot11 association mac-list 700
Correct Answer: B
Section: (none)
Explanation
QUESTION 393
Which two sets of commands will allow multiple SSIDs (each in its own VLAN) to be broadcast on a single radio interface for an autonomous AP?
(Choose two.)
A.
B.
C.
D.
E.
dot11mbssid under the global config section and guest-mode under the SSID config section
mbssid under the radio interface and mbssid guest-mode under the SSID config section
dot11mbssid under the global config section and mbssid guest-mode under the SSID config section
dot11mbssid under the global config section, mbssid under the radio interface, and guest- mode under the SSID config section
cannot broadcast multiple SSIDs under one radio interface if using multiple VLANs
Correct Answer: BC
Section: (none)
Explanation
QUESTION 394
When a wireless client connects to an autonomous AP, which sequence of events will occur when connecting to a SSID that does not broadcast itself?
A.
B.
C.
D.
probe request, probe response, association request, association response, authentication request, authentication response
authentication request, authentication response, probe request, probe response, association request, association response
probe request, probe response, authentication request, authentication response, association request, association response
authentication request, authentication response, association request, association response, probe request, probe response
Correct Answer: C
Section: (none)
Explanation
QUESTION 395
Which three statements about workgroup bridges in a unified environment are true? (Choose three)
A.
B.
C.
D.
Web authentication is not supported for use with workgroup bridges.

VLANs are supported for use with workgroup bridges.
Wired clients that connect to a workgroup bridge inherit the QoS and AAA override attributes of the bridge.
If a workgroup bridge associates to a web-authentication WLAN, then the bridge is added to the exclusion list and all the workgroup bridge wired
clients are deleted.
E. The lightweight feature Cisco CKM is supported for use with a workgroup bridge.
F. If your AP has two radios, then you can configure both for workgroup bridge mode.
Correct Answer: ACD
Section: (none)
Explanation
QUESTION 396
Given the following GUI output on an autonomous AP, how many additional infrastructure APs are registered to the Cisco WDS AP that is shown in the
exhibit, and which Cisco WDS master AP MAC address is used for the WDS registration process?
A.
B.
C.
D.
E.
F.
Zero and 0022.bd1a.0680

One and 0022.bd1a.0680
Two and 0026.cb53.6d40
Zero and 0026.cb53.6d40
One and 0026.cb53.6d40
One and 0024.d70c.7ca4 or 001b.7766.d253
Correct Answer: B
Section: (none)
Explanation
QUESTION 397
The QoS implementation for WLANs differs from QoS implementations on other Cisco devices. Which two actions do QoS enabled autonomous bridges
perform? (Choose two)
A. They do not classify packets; they prioritize packets based on DSCP value, client type (such as a wireless phone), or the priority value in the 802.1q
or 802.1p tag.
B. They construct internal DSCP values and support mapping by assigning IP Differentiated Services Code Point (DSCP), Precedence, or Protocol
values to Layer 2 COS values.
C. They do not match packets using ACL; they use only modular quality of service (MQC) class- map for matching clauses.
D. They do not construct internal DSCP values; they only support mapping by assigning IP Differentiated Services Code Point (DSCP), Precedence, or
Protocol values to Layer 2 COS values.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 398
You want to prevent a wireless client with a MAC address of 00:40:96:a5:b5:d4 from associating with an autonomous AP. Which commands do you use
on the autonomous AP?
A. dot11 association mac-list 700
access-list 700 deny 0040.96a5.b5d4 ffff.ffff.ffff
B. dot11 association mac-list 700
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff access-list 700 deny 0040.96a5.b5d4 0000.0000.0000
C. dot11 association mac-list 700
access-list 700 deny 0040.96a5.b5d4 0000.0000.0000 access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
D. dot11 association mac-list 700
access-list 700 deny 0040.96a5.b5d4 ffff.ffff.ffff access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
E. none of the above
Correct Answer: C
Section: (none)
Explanation
QUESTION 399
Which set of steps shows the correct order for adding an SSID with WPA security on a new VLAN via the GUI on an autonomous AP?
A.
B.
C.
D.
Create the SSID, create the VLAN, and then set up encryption.
Create the VLAN, set up encryption, and then create the SSID.
Set up encryption, create the VLAN, and then create the SSID.
Create the VLAN, create the SSID, and then set up encryption.
Correct Answer: B
Section: (none)
Explanation
exact answer
QUESTION 400
What is the function of the distance command on an autonomous 802.11 bridge?
A.
B.
C.
D.
to adjust the data rate of the packet transmission

to adjust the bridge timeout values to account for the time that is required for radio signals to travel from bridge to bridge
to give the person reading the configuration an idea of how far apart the bridge links are
to increase the time that is needed for authentication
Correct Answer: B
Section: (none)
Explanation
QUESTION 401
Which command can you use to configure the standalone AP to use the NTP server at IP address 192.168.1.99?
A. ntp server 192.168.1.99
B. sntp server 192.168.1.99

C. ntp broadcast client 192.168.1.99
D. sntp broadcast client 192.168.1.99
Correct Answer: B
Section: (none)
Explanation
QUESTION 402
When configuring multiple BSSIDs in autonomous APs, which three requirements and guidelines should you follow? (Choose three.)
A.
B.
C.
D.
E.
F.
APs must contain an 802.11a or 802.11b/g radio that supports multiple BSSIDs.
RADIUS-assigned VLANs are supported when you enable multiple BSSIDs.
VLANs cannot be configured.
When you enable BSSIDs, the AP automatically maps a BSSID to each SSID. You cannot manually map a BSSID to a specific SSID.
Any Wi-Fi certified client device can associate to an AP that uses multiple BSSIDs.
You cannot enable multiple BSSIDs on APs that participate in WDS.
Correct Answer: ADE

Section: (none)
Explanation
QUESTION 403
Which debug command is best to use when you suspect that a client will not connect to an autonomous AP because of an incorrect WPA PSK?
A.
B.
C.
D.
debug dot11 mgmt station

debug dot11 aaa authenticator process
debug dot11 station connection failure
debug dot11 encryption
Correct Answer: C
Section: (none)
Explanation
QUESTION 404
You are troubleshooting a client that is not able to associate to an SSID configured on an autonomous AP. What is most likely the cause of the
association failure, given the debug output seen in the exhibit?
A.
B.
C.
D.
E.
F.
The RADIUS server is not reachable.

The username and password combination is incorrect.
The SSID is secured with PSK and the shared secret is wrong.
There is no login method configured under the AAA configuration.
The aaa authentication command is pointing to a nonexistent RADIUS server.
The interface dot11radio0 does not require authentication and the client is requesting it.
Correct Answer: D
Section: (none)
Explanation
QUESTION 405
You are setting up a wireless network using autonomous APs. Which two statements are true? (Choose two.)
A.
B.
C.
D.
A wireless device always attempts to transmit at the highest data rate that is set to Basic, (or Require in the GUI).
At least one data rate must be set to Basic.
The AP sends multicast and management frames at the lowest basic rate.
The 5-GHz radios do not support 40-MHz channel width.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 406
Which three of these options are variables used within the TPC algorithm to determine the transmit power? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
H.
antenna gain (dBi)

antenna gain (dBm)
RSSI of third highest neighbor above the threshold
SNR of third highest neighbor above the threshold
Tx power control threshold
client SNR cutoff value
number of neighbors
Tx Max
Correct Answer: CEH

Section: (none)
Explanation
QUESTION 407
A Cisco Unified Wireless Network client is configured with manual proxy settings. How can you, as an administrator, ensure that the user is able to
authenticate and access the network by having the WLC respond to a client request with a web page that prompts the user to change the Internet proxy
settings to automatically detect the proxy settings?
A.
B.
C.
D.
Enable conditional redirect on the web authentication policy.

Make sure that the option for web authentication proxy redirection port is set to 0.
Make sure that the web authentication proxy redirection mode is enabled.
Make sure that the web authentication proxy redirection mode is disabled.
Correct Answer: C
Section: (none)
Explanation
QUESTION 408
A network administrator is configuring local WLC DHCP services. Which group of statements regarding the output in the exhibit and the client DHCP
process is correct?
A. DHCP proxy is enabled. The WLC has sent the client DHCP Discover out, but no DHCP Offer came back. This indicates DHCP proxy needs to be
disabled for local WLC DHCP service.
B. DHCP proxy is disabled. The WLC has received a DHCP request from the client. As the capture does not include an indication a DHCP ACK was
received or not, this does not indicate a specific issue.
C. DHCP proxy is disabled. The WLC has sent the client DHCP Discover out, but no DHCP Offer came back. This indicates an apparent WLC issue.
D. DHCP proxy is enabled. The client is requesting 192.168.141.50 and the WLC interface is on VLAN 141. This points to a network VLAN 141 issue.
E. DHCP proxy is enabled. The WLC has received the client DHCP Discover, but there should be a DHCP ACK because the client asked to use
192.168.141.50. This is a client supplicant DHCP issue.
Correct Answer: B
Section: (none)
Explanation
QUESTION 409
You are installing a new AP, out of the box, on the Internet. However, you are required to enforce only preregistered APs to be allowed to connect to the
DMZ controller. Which two of these actions best meet the requirement? (Choose two.)
A. Make sure that the option to accept Cisco SSC from the AP is enabled on the WLC.
B. Make sure that the option to accept an MIC from the AP is enabled on the WLC.
C. Make sure that the option to accept an LSC from the AP is enabled on the WLC.
D. Authorize the AP to use an internal authorization list on the WLC, or to use an AAA server.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 410
While troubleshooting a VoWLAN call quality issue on a Cisco Unified Wireless IP Phone 7925 on a Cisco Unified Wireless Network, a network
administrator views a compilation of outputs from the WLAN settings and client connection status, as shown in the exhibit. From the information shown,
which one of these characteristics about the problem is true?
A. The RSSI is outside of the recommended specifications for voice.
B. The client keeps getting put into a blacklisted state due to client exclusions because Cisco Centralized Key Management and EAP-FAST are
incompatible.
C. The WLAN does not have a DHCP server assigned and therefore the client is not getting an IP address.
D. The SNR is outside of the required RF specifications for voice.
Correct Answer: A
Section: (none)
Explanation
QUESTION 411
A network administrator is troubleshooting a multicast problem in a Cisco Unified Wireless Network topology. Which one of these groups of
characteristics best describes the output shown in the exhibit?
A. The WLC is configured for multicast-multicast.
The multicast-direct feature is configured and a stream to group 239.2.2.26 is currently allowed at best-effort.
B. The WLC is configured for multicast-unicast.
The multicast-direct feature is configured and and a stream from source 239.2.2.26 is currently allowed.
C. The WLC is configured for multicast-multicast.
The multicast-direct feature is configured and a stream from source 239.2.2.26 is currently allowed but failed due to a missing QoS priority tag.
D. The WLC is configured for multicast-unicast.
The multicast-direct feature is configured and a stream from source 239.2.2.26 is currently allowed at best-effort.
E. The WLC is configured for multicast-multicast.
The multicast-direct feature is configured and a stream from source 239.2.2.26 is currently allowed but failed due to a missing QoS priority tag.
Correct Answer: A
Section: (none)
Explanation
QUESTION 412
Which one of these options is not a valid reason for a client to become excluded?
A.
B.
C.
D.
E.
excessive 802.11 association failures

excessive 802.11 authentication failures
excessive 802.1X association failures
excessive 802.1X authentication failures
an attempt to use an IP address already assigned to another device
F. excessive web authentication failures

Correct Answer: C
Section: (none)
Explanation
QUESTION 413
The corporate office has mandated that all guest WLAN users should have a per-user bandwidth restriction. The requirement is 1 Mb/s for normal rate
with a peak of 1.2 Mb/s. This is to be set for HTTP traffic only. From the exhibit, showing the QoS properties for a current guest user connection, is the
above requirement met?
A.
B.
C.
D.
E.
Yes, the profile has been configured for 1000 Kb/s for average rate and 1200 Kb/s for burst rate for all traffic.
No, the profile has been configured for 1000 Mb/s for average rate and 1200 Mb/s for burst rate for HTTP traffic.
No, the profile has been configured for 1000 Kb/s for average rate and 1200 Kb/s for burst rate for all traffic.
Yes, the profile has been configured for 1000 Kb/s for average rate and 1200 Kb/s for burst rate for HTTP traffic.
Yes, the profile has been configured for 1000 Mb/s for average rate and 1200 Mb/s for burst rate for all traffic.
Correct Answer: C
Section: (none)
Explanation
QUESTION 414
A network administrator is troubleshooting a client connection and runs a debug client command on the device MAC address. From the information in
the exhibit, which explanation is correct?
A. DHCP proxy is enabled. The WLC has sent the DHCP Discover out, but no DHCP Offer came back, which points to an apparent network issue.
B. DHCP proxy is disabled. The WLC has sent the DHCP Discover out, but no DHCP Offer came back, which points to an apparent network issue.
C. DHCP proxy is enabled. The WLC has sent the DHCP Discover out, but no DHCP Offer came back, which points to an apparent WLC issue
because the DHCP proxy should be disabled by default.

D. DHCP proxy is enabled. The client is requesting 192.168.1.42 but the WLC interface is on a different subnet, which points to an apparent client
supplicant issue.
E. DHCP proxy is disabled. The WLC has sent the DHCP Discover out, and a DHCP Offer came back of 192.168.142.31, but the client is not accepting
it and therefore timing out.
Correct Answer: A
Section: (none)
Explanation
QUESTION 415
The customer intermittently sees these messages in the WLC message logs. Which two sentences describe what these messages indicate? (Choose
two.)
A.
B.
C.
D.
E.
F.
This is an authentication process failure between the supplicant and RADIUS server for the unicast key.
There is one more retransmit attempt allowed by default.
There are two more retransmit attempts allowed by default.
This is an encryption process failure between the supplicant and the WLC for the unicast key.
This is an encryption process failure between the supplicant and the WLC for the broadcast key.
This is an authentication process failure between the supplicant and the WLC for the broadcast key.
Correct Answer: BE
Section: (none)
Explanation
QUESTION 416
You are configuring WLC high availability for an access point. Which statement is true?
A. You always need to configure both the controller system names and WLC IP address.
B. High availability can only be configured using the WLC IP addresses.

C. Controller names in access point high availability configurations are not case-sensitive.
D. A WLC IP address only needs to be configured when the backup WLC is in a different mobility group.
Correct Answer: D
Section: (none)
Explanation
updated
QUESTION 417
A network administrator is troubleshooting a client connection problem. In the process of collecting information, a client debug is run on the controller for
the device MAC address. What is the most likely cause of the problem?
A. WPA/802.1X Layer 2 security is enabled. Cisco Centralized Key Management is enabled. The logs show an EAP/802.1X identity request failure,
which points to a WLC issue. Client will be deauthenticated.
B. WPA2/802.1X Layer 2 security is enabled. The logs show a RADIUS identity request failure, which points to a WLC issue. Client will immediately
send an EAPOL-start packet to try again.
C. WPA2/802.1X Layer 2 security is enabled. The logs show an EAP/802.1x identity request failure, which points to a supplicant issue. Client will be
deauthenticated.
D. WPA PSK Layer 2 security is enabled. The logs show an EAP/802.1X identity request failure, which points to a supplicant issue. Client will
immediately send an EAPOL-start packet to try again.

E. WPA2 PSK Layer 2 security is enabled. The logs show an EAP/802.1X identity request failure, which points to a WLC issue. Client will be
deauthenticated.
Correct Answer: C
Section: (none)
Explanation
QUESTION 418
A network administrator is troubleshooting a problem of a CAPWAP access point that intermittently disconnects from the WLC. The administrator is
trying to determine when the problem is happening. UDP port 514 is allowed. What is the best option for successfully gathering comprehensive
information about the problem?
A.
B.
C.
D.
E.
Configure a script to log into the WLC to gather logs and save them on a PC, where they can be reviewed daily.
The CAPWAP AP has no syslog capability but the WLC does have syslog capability. Configure the WLC for syslog and level 1.
Configure the CAPWAP AP and the WLC for syslog and level 6.
Configure the CAPWAP AP for buffered logging and level 7. Configure the WLC for syslog and level 7.
Configure the CAPWAP AP and the WLC for syslog and level 1.
Correct Answer: C
Section: (none)
Explanation
QUESTION 419
You are testing the mesh AP feature in your lab. You begin by changing the AP mode from local to bridge on one of your Cisco 3500 Series APs. The
AP reboots and attempts to rejoin the controller, but it fails to do so. Based upon the information in the exhibit, which two of these options would allow
the AP to join the WLC? (Choose two.)
A. Add 08:d0:9f:22:9e:10 to the AP Authorization List
B. Add 08:d0:9f:22:9e:10 to the MAC Address Filter
C. Add 64:9e:f3:0e:b6:76 to the AP Authorization List

D. Add 64:9e:f3:0e:b6:76 to the MAC Address Filter
Correct Answer: CD
Section: (none)
Explanation
QUESTION 420
When is the Poor Link SNR Alarm generated in a mesh network?
A.
B.
C.
D.
when the SNR between the mesh nodes falls below 15 dB.
when the SNR between the client and the AP falls below 20 dB.
when the SNR between the mesh nodes falls below 12 dB.
when the Cisco WCS receives the first 10 SNR links from the network.
Correct Answer: C
Section: (none)
Explanation
QUESTION 421
A 7-Mb multicast traffic stream is being sent to wireless clients and it is using up most of the available wireless spectrum in the 2.4-GHz unlicensed
band. As a result, many of the data applications have become sluggish and the video is choppy. What is the best option to send the multicast over the
wireless network more efficiently and leave some bandwidth for the data applications (assuming the network is capable of supporting this option)?
A.
B.
C.
D.
Raise the DTIM to 10

Enable WMM QoS
Turn on multicast-multicast mode
Turn off the lower data rates
Correct Answer: D
Section: (none)
Explanation
QUESTION 422
The helpdesk is reporting that many users are reporting slow wireless connections in one of the office buildings. You look at the CleanAir statistics and
do not see any interferers, but you see very high 2.4-GHz channel utilization from the Wi-Fi devices. WCS is reporting the following mix of 802.11
chipsets in the building: 10 percent 802.11b, 75 percent 802.11g and 15 percent 802.11a. You do a survey and see that you have a very dense
deployment of APs and a lot of co- channel interference.
Which two steps would help lower your channel utilization in this area? (Choose two.)
A.
B.
C.
D.
E.
F.
Raise the power on the 2.4-GHz radios.

Lower the power on the 2.4-GHz radios.
Lower the DTIM.
Raise the DTIM.
Disable 1-, 2-, 5.5-, 6-, and 9-Mb data rates.
Enable 1-, 2-, 5.5-, 6-, and 9-Mb data rates.
Correct Answer: BE
Section: (none)
Explanation
QUESTION 423
Which two statements about virtual interfaces on a WLC are true? (Choose two.)
A.
B.
C.
D.
A virtual interface serves as the redirect address for the web authentication login page.
A virtual interface must have a DNS host name in order to prevent web authentication clients from getting a security warning on their web browser.
A virtual interface acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP server.
A virtual interface acts as a RADIUS proxy for wireless clients.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 424
Which EAP type does the diagram illustrate?

A.
B.
C.
D.
E.
F.
EAP-TLS
EAP-MD5
PEAP
EAP-GTC
EAP-FAST
LEAP
Correct Answer: E
Section: (none)
Explanation
QUESTION 425
Which statement describes the operation of an access point in Rogue Location Discovery Protocol mode?
A. The AP uses the existing wireless infrastructure in order to scan for rogue APs. Once discovered, these rogues are added to a local list that includes
the rogues' BSSIDs, MAC addresses, and any discovered security provisions (WPA, WEP, etc.).
B. The AP detects a rogue client, and then the network administrator is able to contain both the rogue AP and the rogue clients. This can be achieved
because 802.11 deauthentication packets are sent to clients that are associated to rogue APs, so threats such as holes are mitigated.
C. The AP moves to the rogue channel and attempts to connect to the rogue as a client. The AP then tries to obtain an IP address and forwards a UDP
packet to the controller through the rogue.
If the controller receives this packet, the network administrator is notified that a rogue AP has been discovered on the wired network.
D. The AP determines whether or not a rogue access point is on a trusted network. It does not provide RF service of any kind, but rather receives
periodic rogue access point reports from the controller, and sniffs all ARP packets. If it finds a match between an ARP request and a MAC address it
receives from the controller, it generates a rogue access point alert to the controller.
Correct Answer: C
Section: (none)
Explanation
QUESTION 426
You want to use 3500e APs to setup an indoor mesh deployment. After you change the AP mode, the AP will not rejoin the Cisco WLC. Which debug
command was run, according to the exhibit, and why is the AP not rejoining the Cisco WLC?
A.
B.
C.
D.
E.
debug capwap packet was run, and 3500e APs do not support indoor mesh.
debug pm pki was run, and you must disable VLAN transparent for 3500e indoor mesh deployments.
debug mesh security was run, and the 3500e radio MAC address is not in the local MAC filter list on the Cisco WLC.
debug ap join was run, and you must disable VLAN transparent for 3500e indoor mesh deployments.
debug capwap events enable was run, and the 3500e Ethernet MAC address is not in the local MAC filter list on the Cisco WLC.
Correct Answer: E
Section: (none)
Explanation
QUESTION 427
When you configure channel bonding on your APs by using the 2.4-GHz radio, what is the maximum number of APs that you can place in a given
location so that the AP channels do not overlap?
A.
B.
C.
D.
One
Two
Three
Three in most of the countries, but 4 (including channel 14) in Japan
Correct Answer: A
Section: (none)
Explanation
QUESTION 428
You calculate that your AP should transmit at 6 dBm to provide appropriate wireless coverage, while still complying with EIRP, with the antennas that you
selected. However, the AP is transmitting at 1 dBm only, even though it is on power level 1. How can you increase the transmitting power?
A.
B.
C.
D.
E.
Choose appropriate antennas types.

Decrease the antenna gain that is configured on the Cisco WLC.
Switch to a custom Tx power level and increase the power level.
Disable auto-RF.
Activate 802.11n legacy beamforming on the Cisco WLC.
Correct Answer: B
Section: (none)
Explanation
QUESTION 429
AP A is in AP group ONE and AP B in is AP group TWO. AP group ONE assigns the interface Marketing to the corporate WLAN, whereas AP group
TWO assigns the interface Sales to the same WLAN. What happens if a client roams from AP A to AP B while connected to the corporate SSID?
A.
B.
C.
D.
E.
No roaming is possible.
The client will reconnect with a new IP address from the Sales subnet.
The client will keep its Marketing subnet IP address, but roaming will not be seamless.
The client will keep its Marketing subnet IP address, and roaming will be seamless if the appropriate key management is used.
A mobility tunnel will be established between the two APs, and the client will be allowed to keep its IP address.
Correct Answer: D
Section: (none)
Explanation
QUESTION 430
What does disabling broadcast SSID in the WLAN configuration do?
A.
B.
C.
D.
E.
causes beacons to be unicast instead of broadcast

prevents beacons from being sent and allows only probes
allows beacons to be sent but leaves the SSID name field empty
forbids all broadcasts for that SSID
makes the SSID respond only to blank probes
Correct Answer: C
Section: (none)
Explanation
QUESTION 431
What does RLDP do?
A.
B.
C.
D.
E.
allows APs to detect rogues

allows the Cisco MSE or location appliance to calculate the location of rogues
allows APs to determine whether undetected rogue APs or clients are in the area
makes APs stop servicing clients and tries to associate to the unsecured AP, to send special UDP packet to the Cisco WLC
makes APs try to break the security of rogue APs, to allow better containment
Correct Answer: D
Section: (none)
Explanation
QUESTION 432
You are designing a wireless guest anchoring solution for a large company. Forty-five Cisco WLCs running 7.0.116.0 code are deployed in the corporate
network. You expect about 3000 devices to use the guest network at any one time. A junior wireless administrator has suggested using a single 4402-12
WLC running 7.0.116.0 as the anchor controller. What is your response?
A. Using a 4402-12 WLC is the best option, based on the design requirements, because it is currently the least expensive WLC that supports autoanchoring.
B. Using a 4402 WLC is not feasible because 4402 WLCs do not support the 7.0 release of code.
C. A single 4402 WLC supports only 2500 client database entries and therefore does not meet the design requirements.
D. A single 4402-12 WLC, regardless of code. supports only 40 simultaneous EoIP tunnels and therefore does not meet the design requirements.
Correct Answer: C
Section: (none)
Explanation
QUESTION 433
You are going to create a new WLAN on your production 5508 WLC running 7.0.116.0 code. You do not want this WLAN to be in the default AP group
on the Cisco WLC until you have thoroughly tested it. How can you achieve this goal when creating the WLAN on the production controller?
A. Create the new WLAN on the Cisco WLC by using WLAN ID 13.
B. A new WLAN will always be in the default AP group until you move the WLAN to a different AP group on the Cisco WLC.
C. Use a Cisco WCS to create the WLAN by using WLAN ID 17.
D. Create the new WLAN on the Cisco WLC using WLAN ID 20.
Correct Answer: D
Section: (none)
Explanation
QUESTION 434
You are implementing Cisco CleanAir through the Cisco WCS without any MSE integration. Which two types of data are you able to track through the
Cisco WCS? (Choose two.)
A.
B.
C.
D.
E.
location of one interferer at a time on the WCS map

history tracking and reports of the worst interferers
air quality history tracking and reports
location of multiple interferers at a time on the WCS map
air quality index on the heat maps when hovering the mouse over the AP icons
Correct Answer: CE
Section: (none)
Explanation
QUESTION 435
During the installation of a Cisco WCS, you are given the option to modify the protocol ports used by the WCS. Which two of these protocol ports can
you modify? (Choose two.)
A.
B.
C.
D.
E.
HTTP
HTTPS
FTP
TFTP
SNMP
Correct Answer: AB
Section: (none)
Explanation
QUESTION 436
When placing APs on a map through the Cisco WCS, which two statements are true? (Choose two.)
A.
B.
C.
D.
E.
F.
You must place all your access points on a map for the RRM algorithm to start working.
You will be able locate multiple wireless clients at a time.
You can automatically place APs on the map by accepting the planning mode tool result.
You will automatically track the location of interferers.
If an MSE was added already, you need to re-synchronize the network designs.
Minor severity alarms will be logged to indicate that new APs were added to the map.
Correct Answer: CE
Section: (none)
Explanation
QUESTION 437
When implementing context-aware location services on the Cisco WCS through the MSE, which two types of data or functionality are only available after
adding an MSE? (Choose two.)
A.
B.
C.
D.
E.
location of only one wireless client at a time on the WCS map

location of multiple wireless clients at a time on the WCS map
client location history
ability to define WCS map boundaries
ability to set email alerting options for rogue access points
Correct Answer: BC
Section: (none)
Explanation
verified
QUESTION 438
When adding an MSE to a Cisco WCS, you are given the option to enable HTTP. What would be a good reason to enable HTTP communication to the
MSE?
A.
B.
C.
D.
If HTTPS is disabled on the MSE.

If port 443 is blocked by a firewall in between WCS and the MSE.
If the MSE is being added to a version of WCS prior to 7.0.
If a a third-party application needs to communicate with the MSE.
Correct Answer: D
Section: (none)
Explanation
QUESTION 439
You currently have one Cisco WCS server on your network and you would like to add a second WCS server for high availability. Which one of these
options is not required to configure high availability?
A.
B.
C.
D.
Both WCS servers must run on the same operating system.

Both WCS servers must be in the same subnet.
Both WCS servers must run the same software release.
The primary WCS server must have an SMTP server configured.
Correct Answer: B
Section: (none)
Explanation
QUESTION 440
How can you improve location accuracy using RFID tags in RF-noisy or congested environments, such as hospitals?
A.
B.
C.
D.
Repeat frame transmissions per channel within each transmission interval (although this will lower battery life).
Transmit beacons as unicast instead of multicast, to make sure that APs can pick up the beacon packets.
Decrease the inter-cell overlap to 5 percent, decreasing the uncertain area.
Increase the data rate for the beacon packets to make sure that more data can be transmitted within the same time interval.
Correct Answer: A
Section: (none)
Explanation
QUESTION 441
Which two statements about the IPv4 ToS byte are true? (Choose two.)
A.
B.
C.
D.
E.
The ToS byte is located in the Layer 2 header.

The ToS byte is located in the Layer 3 header.
The DSCP values range from 0 to 7.
The IP precedence and the DSCP fields have two overlapping bits.
The class selector in the DSCP field is defined for backward compatibility with IP precedence.
Correct Answer: BE
Section: (none)
Explanation
QUESTION 442
The ACS RADIUS Authentication Report shows the output for a failed client authentication.
Which action can resolve this issue?
A.
B.
C.
D.
Re-generate the client certificate, which is expired.

Install the complete ACS certificate CA chain on the client operating system.
Re-generate the local ACS certificate, which was issued by an unknown CA.
Import the complete client certificate CA chain on the ACS.
Correct Answer: D
Section: (none)
Explanation
QUESTION 443
Which two statements about the management access control on Cisco WLC, using an external TACACS+ server, are true? (Choose two.)
A.
B.
C.
D.
E.
F.
The Cisco WLC supports TACACS+ command authorization.

The Cisco WLC AAA authorization is role-based, using custom TACACS+ attributes.
The Cisco WLC AAA authorization is role-based, using Cisco VSA attributes.
The Cisco WLC requires the TACACS+ server to return a Privilege-Level attribute.
If a user is not entitled to a specific task, then the user is not allowed to access that task.
If a user is not entitled to a specific task, then the user is allowed to have read-only access to that task.
Correct Answer: BF
Section: (none)
Explanation
QUESTION 444
What is the benefit of using a CA-signed certificate over a self-signed certificate?
A.
B.
C.
D.
You can generate a certificate with a longer validity period.

Fewer steps need to be generated.
More authentication types are supported.
You can avoid impersonation attacks.
E. You can use bigger keys.

Correct Answer: D
Section: (none)
Explanation
QUESTION 445
Which Cisco WLC IP addresses will be returned to a Cisco AP that requests an IP address from this DHCP pool?
A.
B.
C.
D.
E.
192.168.129.12 and 192.168.129.20

192.168.129.11 and 192.168.129.19
192.168.129.12 and 192.168.129.17
192.168.129.11 and 192.168.129.18
none of the above
Correct Answer: B
Section: (none)
Explanation
valuable
QUESTION 446
Which three EAP types are supported when using an LDAP backend database that does not return a cleartext password? (Choose three.)
A. EAP-FAST-GTC
B.
C.
D.
E.
F.
EAP-TLS
PEAPv0-MS-CHAPv2
PEAPv1-GTC
EAP-FAST-MS-CHAPv2
LEAP
Correct Answer: ABD

Section: (none)
Explanation
QUESTION 447
What can be filtered by using this DNIS filter on ACS?

A. wireless clients, based on the SSID to which they are associating
B. wireless IP phones, based on the phone number that they are calling
C. authentications from AAA clients, based on their assigned location
D. authentications from a specific Cisco WLC interface

E. authentications, based on part of the username
Correct Answer: A
Section: (none)
Explanation
QUESTION 448
Which statement about using the internal DHCP server feature on a Cisco WLC is true?
A.
B.
C.
D.
DHCP option 43 must be configured on the internal DHCP server.

The DHCP server IP address must be set to the Cisco WLC management interface IP address.
The internal DHCP server can serve both wireless and wired clients.
Autonomous APs are supported.
Correct Answer: B
Section: (none)
Explanation
QUESTION 449
How can you protect the configuration file from eavesdropping, when uploading from a Cisco WLC?
A.
B.
C.
D.
Use the Configuration File Encryption option.

Choose an SCP as the transfer method.
Connect to the Cisco WLC by using HTTPS.
Connect to the Cisco WLC by using SSH.
Correct Answer: A
Section: (none)
Explanation
QUESTION 450
Which CAPWAP AP management-access method is available as the default setting?
A.
B.
C.
D.
only the console port

the console port and SSH
the console port, SSH, and HTTPS
SSH only
Correct Answer: A
Section: (none)
Explanation
QUESTION 451
What tab contains access point configuration in the WCS?
A.
B.
C.
D.
Controller > Access Points

Configure > Access Points
General > Configure > Access Points
System > Configure > Access Points
Correct Answer: B
Section: (none)
Explanation
QUESTION 452
What path displays the current maps within the WCS version 7 GUI?
A.
B.
C.
D.
E.
F.
Monitor > Maps

Reports > Maps
Services > Maps
Administration > Maps
Configure > Maps
Tools > Maps
Correct Answer: A
Section: (none)
Explanation
QUESTION 453
A network engineer in the GUI of WCS version 7 wants to add an access point to a map. Where can this command be found within the drop-down
menu?
A.
B.
C.
D.
Monitor > Maps

Reports > Maps
Monitor > Network Summary
Configure > Maps
Correct Answer: A
Section: (none)
Explanation
QUESTION 454
A network engineer in the GUI of WCS version 7 wants to add an autonomous access point. Where can this command be found in the drop-down
menu?
A.
B.
C.
D.
Configure > Access Point > Add Autonomous APs

Manage > Access Points > Add Autonomous APs
Administration > Access Point > Add Autonomous APs
Location > Access Point > Add Autonomous APs
Correct Answer: A
Section: (none)
Explanation
QUESTION 455
What technology consists of small, low-power digital radios?
A.
B.
C.
D.
LTE
WiFi
ZigBee
Bluetooth
Correct Answer: C
Section: (none)
Explanation
QUESTION 456
What protocol is used to determine the best pathway back to a root access point?
A.
B.
C.
D.
CCKM
WNMP
AWPP
LWAP
Correct Answer: C
Section: (none)
Explanation
QUESTION 457
How does an LWAP receive a configuration file?
A.
B.
C.
D.
It is configured manually.
It receives a configuration from the controller.
It automatically ships with a configuration.
It receives a configuration from a TFTP server.
Correct Answer: B
Section: (none)
Explanation
QUESTION 458
A network engineer is troubleshooting a LAP that is unable to join the controller and receives the message below:
LWAPP_CLIENT_ERROR_DEBUG.No more AP manager IP addresses remain
What does the log indicate?
A.
B.
C.
D.
Two or more LAPs have the same IP address.

An AP manager has the same IP address as another AP manager.
A LAP has the same IP address as the AP manager.
Two or more controllers have the same IP address.
Correct Answer: C
Section: (none)
Explanation
QUESTION 459
A network administrator is configuring and installing an indoor mesh network using two CAPWAP APs. The APs were out of the box and have already
been installed in their designated locations. The RAP is joined to the controller and configured appropriately, but the MAP is not visible on the WLC. In
the output shown, which of these explanations is the most likely reason for the issue?
A. The MAP should have been primed to the WLC before being deployed. The Bridge Group Name is not configured by default. The AP policy for the
B.
C.
D.
E.
MAP is not configured.

The MAP should have been primed to the WLC before being deployed. The Bridge Group Name uses the MAC address and is configured but does
not match, which is the reason for the failure.
The MAP does not have to be primed to the WLC before being deployed to the field because the WLC discovery process is different for MAPs than it
is for RAPs. The Bridge Group Name does not have to match but the RAP has to have the MAP MAC address added to its database.
The MAP should have been primed to the WLC before being deployed. The Bridge Group Name does not need to match. The MAP is running an
LWAPP image that requires its MAC address to be configured in the RAP in order for a successful join.
The MAP does not have to be primed to the WLC before being deployed. The Bridge Group Name needs to match. The AP policy is automatically
populated by the MAP discovery process via CAPWAP, but is failing in this example.
Correct Answer: A
Section: (none)
Explanation
QUESTION 460
Your customer is attempting to create two WLANs with identical SSIDs and identical Layer 2 security policies on their WLC 5508, without success.
Which two of these actions would help them? (Choose two.)
A.
B.
C.
D.
Assign the WLANs to different AP groups.

Assign each WLAN to a different interface.
Set the WLAN IDs to a number greater than 17.
Use different radio policies for each WLAN.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 461
According to Cisco best practices, many features require the WLC to be synchronized with an NTP server. For which of these options is time
synchronization not required?
A. SNMPv3
B. MFP
C. CAPWAP
D. Location
Correct Answer: C
Section: (none)
Explanation
QUESTION 462
The help desk informs you that some users cannot receive multicast video. Upon troubleshooting, you determine that the users who are unable to
receive the multicast video are all connected at 9 Mbps. Users that are connected at a data rate of 12 Mbps or higher are able to receive the multicast
video. Which data rate can you modify to fix the problem?
A.
B.
C.
D.
Change 6 Mbps to Supported.

Change 6 Mbps to Mandatory.
Change 9 Mbps to Supported.
Change 9 Mbps to Disabled.
Correct Answer: D
Section: (none)
Explanation
QUESTION 463
In order for MFP client protection to be required on the WLAN, which three of these requirements must the client meet? (Choose three.)
A.
B.
C.
D.
E.
F.
The client must support CCXv5.

The client must use WPA2 with AES-CCMP.
The client must use either EAP or PSK to obtain the PMK.
The client exclusion must be enabled on the WLAN.
TKIP or AES must be used for encryprion.
Any encryption method can be used.
Correct Answer: ACE

Section: (none)
Explanation
QUESTION 464
Which of the following WLC feature is disabled by configuring the Passive Client feature?
A.
B.
C.
D.
proxy ARP
Proactive Key Caching
DHCP proxy
power-save mode
Correct Answer: A
Section: (none)
Explanation
QUESTION 465
Which two EAP methods are supported on H-REAP AP using a local RADIUS server? (Choose two.)
A.
B.
C.
D.
PEAP
EAP-FAST
LEAP
EAP-TLS
Correct Answer: BC
Section: (none)
Explanation
QUESTION 466
You are attempting to use the Auto Provisioning feature in a Cisco WCS to apply the configuration to a new WLC. Which options is not a valid method
for identifying a WLC using the Auto Provisioning feature?
A.
B.
C.
D.
serial number
MAC address
IP address
hostname
Correct Answer: C
Section: (none)
Explanation
QUESTION 467
Which three of these AP working modes is able to detect rogue access points over the air rather than through the wired network? (Choose three.)
A. local mode
B.
C.
D.
E.
F.
monitor mode
rogue detector mode
FlexConnect mode
sniffer mode
rogue discovery mode
Correct Answer: ABD

Section: (none)
Explanation
QUESTION 468
How many non-overlapping channels are available for WLANs on the UNII-1 band?
A.
B.
C.
D.
8
4
12
16
Correct Answer: B
Section: (none)
Explanation
QUESTION 469
Which option can you configure for inbound Call Admission Control on a Cisco Unified Wireless Network AP for video applications on a specific radio
band?
A.
B.
C.
D.
Set the data rate for a non-voice client below 11 Mb/s.

Set the desired maximum RF bandwidth that is allocated for video traffic.
Set QBSS to have precedence over TSPEC.
Set WMM = 6 for RTP packets.
Correct Answer: B
Section: (none)
Explanation

350 050.realtests - Premium.exam.469q

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

350 050.realtests - Premium.exam.469q

Загружено:

Авторское право:

Доступные форматы

RealTests.350-050.

The maximum effective AP spacing should be between 40 feet and 70 feet.

Correct Answer: ACE

Correct Answer: ACD

Correct Answer: BCD

option 43 hex f102c0a80b05c0a80b06

C. condition based on the RADIUS-IETF. Filter-ID(11) attribute

What might be the reason of these failed attempts in ACS?

The wrong shared secret is configured on the AAA client or ACS.

through the ACS CLI only

The wrong UDP port for Active Directory is configured on ACS.

It is returned within a RADIUS packet.

Correct Answer: BDE

Which DHCP option is shown?

CleanAir APs, Cisco WLCs, and Cisco WCS

The WLC is connected to two switches and LAG is not configured.

NAC always needs to be enabled in the WLAN configuration.

This behavior is normal because the APs show UTC time.

Correct Answer: ADE

no Layer 2 security, conditional web redirect Layer 3 security

Which client or clients will need to process the multicast traffic?

none of the clients

use a WLC ACL on the management interface

Use an external web server for the web authentication page.

B. ICMP requests will be allowed to travel to the wireless clients.

Lower the DTIM to 2.

Enable multicasting in multicast mode

Configure web authentication max retries on the WCS.

they are transmitted at minimum power

Correct Answer: BDF

The administrator did not add Cisco MSE to Cisco WCS.

Correct Answer: ABC

A WLAN template can be used to configure SSID settings on an AP.

Which method was used to define this rogue AP as malicious?

This rogue AP matched a WCS malicious rogue AP classification rule.

According to the Cisco WCS floor map, which statement is true?

All APs are affected by interference from Bluetooth.

Excessive non-802.11 interference caused the channel change.

Correct Answer: ABC

packet error rate

What appears to be the issue with the wireless client device?

The client 802.1x configuration is incorrect.

D. The Option 150 IP address is misconfigured in the DHCP pool.

D. client band select

Synchronize Cisco WLC or WLCs with Cisco MSE.

Correct Answer: ABCE

By default, the historical data is archived for 30 days.

The controller supports PKC, so use WPA2 802.1X.

It applies to any multicast video streams available on the network.

EAP-TLS with WPA2-AES

Dynamic Channel Assignment

Correct Answer: BEF

Correct Answer: ACE

Correct Answer: CDG

D. cryptographically-hashed frame check sequence

enhanced Layer 2 or Layer 3 security of the WLAN

RLDP works only on APs configured in Open Authentication mode.

a custom attribute-value pair on the ACS

using the local RADIUS server of the WLC

Authentication credentials are exchanged inside a TLS tunnel.

AP# copy tftp: flash://<1.1.1.1>/ c1140-rcvk9w8-tar.123-8.JEA2.tar

What does the max-channel 30 command refer to?

maximum percentage of channel utilization for CAC traffic