Wefi Cert
Wefi Cert
Question #1Topic 1
On a branch office deployment, it has been noted that if the FlexConnect AP is in
standalone mode and loses connection to the WLC, all clients are disconnected, and
the SSID is no longer advertised. Considering that FlexConnect local switching is
enabled, which setting is causing this behavior?
Question #2Topic 1
An engineer must implement intrusion protection on the WLAN. The AP coverage is
adequate and on-channel attacks are the primary concern. The building is historic,
which makes adding APs difficult. Which AP mode and submode must be
implemented?
Question #3Topic 1
An engineer is implementing a FlexConnect group for access points at a remote
location using local switching but central DHCP. Which client feature becomes
available only if this configuration is changed?
• A. multicast
• B. static IP
• C. fast roaming
• D. mDNS
Question #4Topic 1
A FlexConnect remote office deployment is using five 2702i APs indoors and two
1532i APs outdoors. When a code upgrade is performed and FlexConnect Smart
AP Image Upgrade is leveraged, but no FlexConnect Master AP has been
configured, how many image transfers between the WLC and APs will occur?
• A. 1
• B. 2
• C. 5
• D. 7
Reveal Solution Discussion 5
Question #5Topic 1
Where is a Cisco OEAP enabled on a Cisco Catalyst 9800 Series Wireless
Controller?
• A. RF Profile
• B. Flex Profile
• C. Policy Profile
• D. AP Join Profile
Next Questions
Question #6Topic 1
When configuring a Cisco WLC, which CLI command adds a VLAN with VLAN ID of
30 to a FlexConnect group named BranchA-FCG?
Question #7Topic 1
Refer to the exhibit. A customer has implemented Cisco FlexConnect deployments
with different WLANs around the globe and is opening a new branch in a different
location. The engineer's task is to execute all the wireless configuration and to
suggest how to configure the switch ports for new APs. Which configuration must the
switching team use on the switch port?
• A. trunk mode
• B. access mode
• C. single VLAN
• D. multiple VLAN
Question #8Topic 1
A corporation is spread across different countries and uses MPLS to connect the
offices. The senior management wants to utilize the wireless network for all the
employees. To ensure strong connectivity and minimize delays, an engineer needs to
control the amount of traffic that is traversing between the APs and the central WLC.
Which configuration should be used to accomplish this goal?
Question #9Topic 1
An engineer configures a Cisco Aironet 600 Series OfficeExtend AP for a user who
works remotely. What is configured on the Cisco WLC to allow the user to print a
printer on his home network?
• A. split tunneling
• B. SE-connect
• C. FlexConnect
• D. AP failover priority
Question #10Topic 1
An engineer must configure a Cisco WLC to support Cisco Aironet 600 Series
OfficeExtend APs. Which two Layer 2 security options are supported in this
environment? (Choose two.)
Question #11Topic 1
An organization is supporting remote workers in different locations. In order to
provide wireless network connectivity and services, OfficeExtend has been
implemented. The wireless connectivity is working, but users report losing
connectivity to their local network printers. Which solution must be used to address
this issue?
Question #12Topic 1
What is configured to use more than one port on the OEAP to extend the wired
network?
Question #13Topic 1
An engineer must implement Cisco Identity-Based Networking Services at a remote
site using ISE to dynamically assign groups of users to specific IP subnets. If the
subnet assigned to a client is available at the remote site, then traffic must be
offloaded locally, and subnets are unavailable at the remote site must be tunneled
back to the WLC. Which feature meets these requirements?
Question #14Topic 1
An engineer must configure Cisco OEAPs for three executives. As soon as the NAT
address is configured on the management interface, it is noticed that the WLC is not
responding for APs that are trying to associate to the internal IP management
address. Which command should be used to reconcile this?
Question #15Topic 1
An engineer is responsible for a wireless network for an enterprise. The enterprise
has distributed offices around the globe, and all APs are configured in
FlexConnect mode. The network must be configured to support 802.11r and CCKM.
What needs to be implemented to accomplish this goal?
Question #16Topic 1
A corporation has employees working from their homes. A wireless engineer must
connect 1810 OEAP at remote teleworker locations. All configuration has been
completed on the controller side, but the network readiness is pending. Which two
configurations must be performed on the firewall to allow the AP to join the
controller? (Choose two.)
Question #17Topic 1
An enterprise has two WLANs configured on WLC. It is reported that when converting
APs to FlexConnect mode, WLAN A works but WLAN B does not. When converting
APs to local mode, WLAN B works, but WLAN A does not. Which action is needed to
complete this configuration?
Question #19Topic 1
When using a Cisco Catalyst 9800 Series Wireless Controller, which statement about
AutoQoS is true?
Question #20Topic 1
A network engineer is deploying 8865 IP phones with wireless clients connected to
them. In order to apply the appropriate QoS, the IP voice traffic needs to be
distinguished from client data traffic. Which switch configuration feature must be
enabled?
• A. Voice VLAN
• B. QBSS
• C. WME
• D. QoS routing
Question #21Topic 1
A network engineer wants to implement QoS across the network that supports
multiple VLANs. All the APs are connected to switch ports and are configured in local
mode. Which trust model must be configured on the switch ports to which the APs
are connected?
• A. CoS
• B. WMM UP
• C. DSCP
• D. IPP
Question #22Topic 1
An enterprise started using WebEx as a virtual meeting solution. There is a concern
that the existing wireless network will not be able to support the increased amount of
traffic as a result of using WebEx. An engineer needs to remark the QoS value for
this application to ensure high quality in meetings. What must be implemented to
accomplish this task?
Question #23Topic 1
A corporation has a wireless network where all access points are configured in
FlexConnect. The WLC has a Data WLAN and a VoWiFi WLAN implemented where
centrally-switched SSID is configured for the APs. Which QoS configuration must be
implemented for the wireless packets to maintain the marking across the wired and
wireless network?
Question #24Topic 1
A company is collecting the requirements for an on-premises event. During the event,
a wireless client connected to a dedicated WLAN will run a video application that will
need on average 391595179 bits per second to function properly. What is the QoS
marking that needs to be applied to that WLAN?
• A. Platinum
• B. Gold
• C. Silver
• D. Bronze
Question #25Topic 1
Refer to the exhibit. Which two items must be supported on the VoWLAN phones to
take full advantage of this WLAN configuration? (Choose two.)
• A. TSPEC
• B. SIFS
• C. 802.11e
• D. WMM
• E. APSD
Question #26Topic 1
An engineer must use Cisco AVC on a Cisco WLC to prioritize Cisco IP cameras that
use the wireless network. Which element do you configure in a rule?
• A. permit-ACL
• B. WMM required
• C. mark
• D. rate-limit
Reveal Solution Discussion 2
Question #27Topic 1
An IT administrator is managing a wireless network in which most devices are Apple
iOS. A QoS issue must be addressed on the WLANs. Which configuration must be
performed?
• A. Enable Fastlane globally under Wireless > Access Points > Global Configuration.
• B. Create a new AVC Profile named AUTOQOS-AVC-PROFILE and apply to all
WLANs.
• C. Enable Fastlane under each WLAN setting.
• D. Enable WMM TSPEC/TCLAS negotiation under Wireless > Advanced.
Question #28Topic 1
What is the Cisco recommended configuration for a Cisco switch port connected to
an AP in local mode for optimal voice over WLAN performance with an 8821 wireless
phone?
• A. switchport encapsulation dot1q switchport mode trunk mls qos trust device cisco-
phone
• B. switchport mode access mls qos trust device cisco-phone
• C. switchport mode access mls qos trust cos
• D. switchport mode access mls qos trust dscp
Question #29Topic 1
An engineer has configured Media Stream on the WLC and must guarantee at least
2 Mbps stream per user. Which RRC template should the engineer use?
• A. coarse
• B. medium
• C. low
• D. ordinary
Question #30Topic 1
Refer to the exhibit.
Which COS to DSCP map must be modified to ensure that voice traffic is tagged
correctly as it traverses the network?
• A. COS of 6 to DSCP 46
• B. COS of 3 to DSCP 26
• C. COS of 7 to DSCP 48
• D. COS of 5 to DSCP 46
Question #31Topic 1
Which QoS level is recommended for guest services?
• A. gold
• B. bronze
• C. platinum
• D. silver
Question #32Topic 1
An engineer wants to configure WebEx to adjust the precedence and override the
QoS profile on the WLAN. Which configuration is needed to complete this task?
Question #33Topic 1
All APs are receiving multicast traffic, instead of only the APs that need it. What is the
cause of this problem?
Question #34Topic 1
What is the difference between PIM sparse mode and PIM dense mode?
• A. Sparse mode supports only one switch. Dense mode supports multiswitch networks.
• B. Sparse mode floods. Dense mode uses distribution trees.
• C. Sparse mode uses distribution trees. Dense mode floods.
• D. Sparse mode supports multiswitch networks. Dense mode supports only one switch.
Question #35Topic 1
An engineer has been hired to implement a way for users to stream video content
without having issues on the wireless network. To accomplish this goal, the engineer
must set up a reliable way for a Media Stream to work between Cisco FlexConnect
APs. Which feature must be enabled to guarantee delivery?
• A. Unicast Direct
• B. IGMP Direct
• C. Multicast Direct
• D. Multicast-to-Unicast Direct
Question #36Topic 1
A network engineer observes a spike in controller CPU overhead and overall network
utilization after multicast is enabled on a controller with 500 APs. Which feature
corrects the issue?
Question #37Topic 1
An engineer is configuring multicast for wireless for an all-company video meeting on
a network using EIGRP and BGP within a single domain from a single source. Which
type of multicast routing should be implemented?
Question #38Topic 1
Which statement about the VideoStream/Multicast Direct feature is true?
• A. IP multicast traffic is reliable over WLAN by default as defined by the IEEE 802.11
wireless multicast delivery mechanism.
• B. Each VideoStream client acknowledges receiving a video IP multicast stream.
• C. It converts the unicast frame to a multicast frame over the air.
• D. It makes the delivery of the IP multicast stream less reliable over the air, but reliable
over Ethernet.
Question #39Topic 1
Which configuration is applied to prevent the network from a Layer 2 flooding of
multicast frames with a seamless transfer of multicast data to the client when
roaming from one controller to another?
Question #40Topic 1
An engineer is configuring multicast for two WLCs. The controllers are in different
physical locations and each handles around 500 wireless clients. How should the
CAPWAP multicast group address be assigned during configuration?
Question #41Topic 1
A wireless network has been implemented to enable multicast video to be streamed
reliably over the wireless link to the wireless users. After a client reports that the
video is unable to stream, the administrator determines that the client is connecting at
a data rate of 12 Mbps and is trying to stream to a valid multicast address on the
network. Which two actions must be applied? (Choose two.)
• A. Turn off IGMP snooping for all the configured WLANs on the controller.
• B. Implement video-stream for the multicast video on the controller.
• C. Allow multicast-direct to work correctly and multicast-direct to be enabled globally.
• D. Change the WLAN QoS value to Bronze for the WLAN that multicast will be
enabled.
• E. Allow RTSP to stream the video due to wireless multicast not using
acknowledgements.
Question #42Topic 1
Which two restrictions are in place with regards to configuring mDNS? (Choose two.)
Question #43Topic 1
A network engineer needs to configure multicast in the network. The implementation
will use multiple multicast groups and PIM routers. Which address provides automatic
discovery of the best RP for each multicast group?
• A. 224.0.0.13
• B. 224.0.0.14
• C. 224.0.1.39
• D. 224.0.1.40
Question #44Topic 1
A shopping center uses AireOS controllers with Cisco Wave 2 APs. A separate
WLAN named Guest-012345678-WLAN is used for guest wireless clients.
Management needs location analytics to determine popular areas. CMX must track
only associated clients. What must be selected on the CMX server settings?
Question #45Topic 1
A wireless engineer needs to implement client tracking. Which method does the
angle of arrival use to determine the location of a wireless device?
Question #46Topic 1
Which two steps are needed to complete integration of the MSE to Cisco Prime
Infrastructure to track the location of clients/rogues on maps? (Choose two.)
Question #47Topic 1
An IT department receives a report of a stolen laptop and has information on the
MAC address of the laptop. Which two settings must be set on the wireless
infrastructure to determine its location? (Choose two.)
Question #48Topic 1
Refer to the exhibit. An engineer needs to manage non-802.11 interference. What is
observed in the output on PI?
Question #49Topic 1
After looking in the logs, an engineer notices that RRM keeps changing the channels
for non-IEEE 802.11 interferers. After surveying the area, it has been decided that
RRM should not change the channel. Which feature must be enabled to ignore non-
802.11 interference?
• A. HTTPS
• B. Telnet
• C. SOAP
• D. SSH
• E. NMSP
Question #51Topic 1
An engineer must configure MSE to provide guests access using social media
authentication. Which service does the engineer configure so that guests use
Facebook credentials to authenticate?
• A. Social Connect
• B. Client Connect
• C. Visitor Connect
• D. Guest Connect
Question #52Topic 1
A network engineer has been hired to perform a new MSE implementation on an
existing network. The MSE must be installed in a different network than the Cisco
WLC. Which configuration allows the devices to communicate over NMSP?
Question #53Topic 1
What is the default NMSP echo interval between Cisco MSE and a Wireless LAN
Controller?
• A. 10 seconds
• B. 15 seconds
• C. 30 seconds
• D. 60 seconds
Question #54Topic 1
An engineer just added a new MSE to Cisco Prime Infrastructure and wants to
synchronize the MSE with the Cisco 5520 WLC, located behind a firewall in a DMZ.
It is noticed that NMSP messages are failing between the two devices. Which traffic
must be allowed on the firewall to ensure that the MSE and WLC are able to
communicate using NMSP?
• A. TCP 1613
• B. UDP 16113
• C. UDP 1613
• D. TCP 16113
Question #55Topic 1
• A. probe-based
• B. location patterning
• C. data packet-based
• D. angulation
Question #56Topic 1
An engineer is managing a wireless network for a shopping center. The network
includes a Cisco WLC, a Cisco MSE, and a Cisco Prime Infrastructure. What is
required to use Cisco CMX Location Analytics?
Question #57Topic 1
An engineer configures a deployment to support:
✑ Cisco CMX
✑ licenses for at least 3000 APs
✑ 6000 wIPS licenses
The Cisco vMSE appliance must be sized for this deployment. Which Cisco vMSE
Release 8 option must the engineer deploy?
• A. Large vMSE
• B. Low-End vMSE
• C. Standard vMSE
• D. High-End vMSE
Question #58Topic 1
A new MSE with wIPS service has been installed and no alarm information appears
to be reaching the MSE from controllers. Which protocol must be allowed to reach
the MSE from the controllers?
• A. SOAP/XML
• B. NMSP
• C. CAPWAP
• D. SNMP
Question #59Topic 1
Which two statements about the requirements for a Cisco Hyperlocation deployment
are true? (Choose two.)
• A. After enabling Cisco Hyperlocation on Cisco CMX, the APs and the wireless LAN
controller must be restarted.
• B. NTP can be configured, but that is not recommended.
• C. The Cisco Hyperlocation feature must be enabled on the wireless LAN controller
and Cisco CMX.
• D. The Cisco Hyperlocation feature must be enabled only on the wireless LAN
controller.
• E. If the Cisco CMX server is a VM, a high-end VM is needed for Cisco Hyperlocation
deployments.
Question #60Topic 1
An engineer is performing a Cisco Hyperlocation accuracy test and executes the
cmxloc start command on Cisco CMX. Which two parameters are relevant?
(Choose two.)
• A. X, Y real location
• B. client description
• C. AP name
• D. client MAC address
• E. WLC IP address
Question #61Topic 1
Where is Cisco Hyperlocation enabled on a Cisco Catalyst 9800 Series Wireless
Controller web interface?
• A. Policy Profile
• B. AP Join Profile
• C. Flex Profile
• D. RF Profile
Question #62Topic 1
The Cisco Hyperlocation detection threshold is currently set to -50 dBm. After
reviewing the wireless user location, discrepancies have been noticed. To improve
the Cisco Hyperlocation accuracy, an engineer attempts to change the detection
threshold to -100 dBm. However, the Cisco Catalyst 9800 Series Wireless
Controller does not allow this change to be applied. What actions should be taken to
resolve this issue?
Question #63Topic 1
An engineer must track guest traffic flow using the WLAN infrastructure. Which Cisco
CMX feature must be configured and used to accomplish this tracking?
• A. analytics
• B. connect and engage
• C. presence
• D. detect and locate
Question #64Topic 1
An engineer has successfully implemented 10 active RFID tags in an office
environment. The tags are not visible when the location accuracy is tested on the
Cisco CMX Detect and Locate window. Which setting on Cisco CMX allows the
engineer to view the tags?
Question #65Topic 1
An engineer completed the basic installation for two Cisco CMX servers and is in the
process of configuring high availability, but it fails. Which two statements about the
root of the issue are true? (Choose two.)
Question #66Topic 1
Refer to the exhibit. The image shows a packet capture that was taken at the CLI of
the Cisco CMX server. It shows UDP traffic from the WLC coming into the server.
What does the capture prove?
• A. The Cisco CMX server receives NetFlow data from the WLC.
• B. The Cisco CMX server receives NMSP traffic from the WLC.
• C. The Cisco CMX server receives SNMP traffic from the WLC.
• D. The Cisco CMX server receives Angle-of-Arrival data from the WLC.
Question #67Topic 1
A Cisco CMX 3375 appliance on the 10.6.1 version code counts duplicate client
entries, which creates wrong location analytics. The issue is primarily from iOS
clients with the private MAC address feature enabled. Enabling this feature requires
an upgrade of the Cisco CMX 3375 appliance in a high availability pair to version
10.6.3. SCP transfers the Cisco CMX image, but the upgrade script run fails. Which
configuration change resolves this issue?
• A. Upgrade the high availability pair to version 10.6.2 image first and then upgrade to
version 10.6.3.
• B. Save configuration and use the upgrade script to upgrade the high availability pair
without breaking the high availability.
• C. Break the high availability using the cmxha config disable command and upgrade
the primary and secondary individuality.
• D. Run root patch to first upgrade to version 10.6.2 and then migrate to version 10.6.3.
Question #68Topic 1
An engineer has implemented advanced location services for a retail wireless
deployment. The marketing department wants to collect user demographic
information in exchange for guest WLAN access and to have a customized portal per
location hosted by the provider. Which social connector must be tied into
Cisco CMX to provide this service?
• A. Gmail
• B. Google+
• C. Facebook
• D. MySpace
Question #69Topic 1
What are two considerations when deploying a Cisco Hyperlocation? (Choose two.)
Question #70Topic 1
After installing and configuring Cisco CMX, an administrator must change the NTP
server on the Cisco CMX server. Which action accomplishes this task?
• A. Manually edit /etc/ntp.conf using an XML editor before restarting the server by using
service restart all services.
• B. Log in to the Cisco CMX CLI and issue set ntp server NTP IP where NTP IP is the IP
of the NTP server.
• C. Manually edit /etc/ntp.conf as the admin user before restarting ntpd by using service
ntpd restart.
• D. Log in to the Cisco CMX GUI as the administrator and type the IP address of the
NTP server in System tab > Settings> TimeZone/NTP.
Question #71Topic 1
A customer managing a large network has implemented location services. Due to
heavy load, it is needed to load balance the data coming through NMSP from the
WLCs. Load must be spread between multiple CMX servers to help optimize the data
flow for Aps. Which configuration in CMX meets this requirement?
Question #72Topic 1
An engineer needs to provision certificates on a Cisco Catalyst 9800 Series Wireless
Controller. The customer uses a third-party CA server. Which protocol must be used
between the controller and CA server to request and install certificates?
• A. SCEP
• B. TLS
• C. LDAP
• D. SSL
• A. network analyzers
• B. malware
• C. lost and stolen devices
• D. keyloggers
• E. unauthorized users
Question #74Topic 1
When implementing self-registration for guest/BYOD devices, what happens when an
employee tries to connect four devices to the network at the same time?
• A. The last device is removed and the newly added device is updated as active device.
• B. The registration is allowed, but only one device is connected at any given time.
• C. All devices are allowed on the network simultaneously.
• D. Purge time dictates how long a device is registered to the portal.
Question #75Topic 1
What is an important consideration when implementing a dual SSID design for
BYOD?
• A. After using the provisioning SSID, an ACL that used to make the client switch SSIDs
forces the user to associate and traverse the network by MAC filtering.
• B. If multiple WLCs are used, the WLAN IDs must be exact for the clients to be
provisioned and traverse the network correctly.
• C. SSIDs for this setup must be configured with NAC State-RADIUS NAC for the clients
to authenticate with Cisco ISE, or with NAC State-ISE NAC for Cisco ISE to associate
the client.
• D. One SSID is for provisioning and the other SSID is for gaining access to the
network. The use of an ACL should not be enforced to make the client connect to the
REAL SSID after provisioning.
Question #76Topic 1
Refer to the exhibit. A network administrator deploys the DHCP profiler service in two
ISE servers: 10.3.10.101 and 10.3.10.102. All BYOD devices connecting to
WLAN on VLAN63 have been incorrectly profiled and are assigned as unknown
profiled endpoints. Which action efficiently rectifies the issue according to Cisco
recommendations?
• A. Nothing needed to be added on the Cisco WLC or VLAN interface. The ISE
configuration must be fixed.
• B. Disable DHCP proxy on the Cisco WLC.
• C. Disable DHCP proxy on the Cisco WLC and run the ip helper-address command
under the VLAN interface to point to DHCP and the two ISE servers.
• D. Keep DHCP proxy enabled on the Cisco WLC and define helper-address under the
VLAN interface to point to the two ISE servers.
Question #77Topic 1
An engineer must implement a BYOD policy with these requirements:
✑ Onboarding unknown machines
✑ Easily scalable
✑ Low overhead on the wireless network
Which method satisfies these requirements?
• A. triple SSID
• B. single SSID
• C. open SSID
• D. dual SSID
Question #78Topic 1
A company has a single WLAN configured for 802.1x authentication with the QoS set
to Silver. This WLAN supports all corporate and BYOD access. A decision has been
made to allow users to install Cisco Jabber on their personal mobile devices. Users
report poor voice quality when using Jabber. QoS is being applied only as best effort.
What must be configured to ensure that the WLAN remains on the Silver class and to
ensure Platinum class for Jabber?
Question #79Topic 1
An engineer is implementing profiling for BYOD devices using Cisco ISE. When using
a distributed model, which persona must the engineer configure with the profiling
service?
Question #80Topic 1
DRAG DROP -
The network management team in a large shopping center has detected numerous
rogue APs from local coffee shops that are broadcasting SSIDs. All of these
SSIDs have names starting with ATC (for example, ATC302, ATC011, and ATC566).
A wireless network engineer must appropriately classify these SSIDs using the
Rogue Rules feature. Drag and drop the options from the left onto the categories in
which they must be used on the right. Not all options are used.
Select and Place:
Question #81Topic 1
What must be configured on ISE version 2.1 BYOD when using Single SSID?
• A. open authentication
• B. 802.1x
• C. no authentication
• D. WPA2
Question #82Topic 1
A wireless engineer must implement a corporate wireless network for a large
company in the most efficient way possible. The wireless network must support 32
VLANs for 300 employees in different departments. Which solution must the engineer
choose?
Question #83Topic 1
Which feature on the Cisco Wireless LAN Controller must be present to support
dynamic VLAN mapping?
• A. FlexConnect ACL
• B. VLAN name override
• C. CCKM/OKC
• D. AAA override
Question #84Topic 1
Which three properties are used for client profiling of wireless clients? (Choose
three.)
Question #85Topic 1
Which command set configures a Cisco Catalyst 9800 Series Wireless Controller so
that the client traffic enters the network at the AP switch port?
A.
B.
C.
D.
Question #87Topic 1
An engineer must implement rogue containment for an SSID. What is the maximum
number of APs that should be used for containment?
• A. 1
• B. 2
• C. 3
• D. 4
Question #88Topic 1
An engineer is following the proper upgrade path to upgrade a Cisco AireOS WLC
from version 7.3 to 8.9. Which two ACLs for Cisco CWA must be configured when
upgrading from the specified codes? (Choose two.)
• A. Allow HTTP traffic only before authentication and block all the traffic.
• B. Allow all the traffic before authentication and intercept HTTPS only.
• C. Allow HTTPs traffic only before authentication and block all other traffic.
• D. Allow all the traffic before authentication and intercept HTTP only.
• E. Allow SNMP traffic only before authentication and block all the traffic.
Question #90Topic 1
An engineer is implementing Cisco Identity-Based Networking on a Cisco AireOS
controller. The engineer has two ACLs on the controller. The first ACL, named
BASE_ACL, is applied to the corporate_clients interface on the WLC, which is used
for all corporate clients. The second ACL, named HR_ACL, is referenced by
ISE in the Human Resources group policy. What is the resulting ACL when a Human
Resources user connects?
Question #91Topic 1
Branch wireless users report that they can no longer access services from head
office but can access services locally at the site. New wireless users can associate to
the wireless while the WAN is down. Which three elements (Cisco FlexConnect state,
operation mode, and authentication method) are seen in this scenario? (Choose
three.)
• A. authentication-local/switch-local
• B. WPA2 personal
• C. authentication-central/switch-central
• D. lightweight mode
• E. standalone mode
• F. WEB authentication
Question #92Topic 1
Refer to the exhibit. An engineer deployed a Cisco WLC using local EAP. Users who
are configured for EAP-PEAP cannot connect to the network. Based on the local EAP
debug on the controller provided, why is the client unable to connect?
Question #93Topic 1
An engineer set up identity-based networking with ISE and configured AAA override
on the WLAN. Which two attributes must be used to change the client behavior from
the default settings? (Choose two.)
• A. DHCP timeout
• B. DNS server
• C. IPv6 ACL
• D. DSCP value
• E. multicast address
Question #94Topic 1
Refer to the exhibit. The security team has implemented ISE as an AAA solution for
the wireless network. The wireless engineer notices that though clients are able to
authenticate successfully, the ISE policies that are designed to place them on
different interfaces are not working. Which configuration must be applied in the
RADIUS Authentication Settings section from the ISE Network Device page?
• A. Disable KeyWrap.
• B. Use ASCII for the key input format.
• C. Change the CoA Port.
• D. Correct the shared secret.
• A. WPA2 passkey
• B. AAA override
• C. CPU ACL
• D. preauthentication ACL
Question #96Topic 1
A Cisco WLC has been added to the network and Cisco ISE as a network device, but
authentication is failing. Which configuration within the network device configuration
should be verified?
• A. SNMP RO community
• B. device interface credentials
• C. device ID
• D. shared secret
Question #97Topic 1
A user is trying to connect to a wireless network that is configured for WPA2-
Enterprise security using a corporate laptop. The CA certificate for the authentication
server has been installed on the Trusted Root Certification Authorities store on the
laptop. The user has been prompted to enter the credentials multiple times, but the
authentication has not succeeded. What is causing the issue?
Question #98Topic 1
A wireless engineer is configuring LWA using ISE. The customer is a startup
company and requested the wireless users to authenticate against a directory, but
LDAP is unavailable. Which solution should be proposed in order to have the same
security and user experience?
• A. Use SAML.
• B. Use the internal database of the RADIUS server.
• C. Use a preshared key on the corporate WLAN.
• D. Use Novell eDirectory.
Question #99Topic 1
An engineer has implemented 802.1x authentication on the wireless network utilizing
the internal database of a RADIUS server. Some clients reported that they are unable
to connect. After troubleshooting, it is found that PEAP authentication is failing. A
debug showed the server is sending an Access-Reject message.
Which action must be taken to resolve authentication?
Question #100Topic 1
A customer wants to allow employees to easily onboard their personal devices to the
wireless network. The visitors also must be able to connect to the same network
without the need to engage with anyone from the reception desk. Which process
must be configured on Cisco ISE to support this requirement?
Question #101Topic 1
A customer has a distributed wireless deployment model where the WLCs are
located in the data centers. Because the file servers are located in the data center,
the traffic from the corporate WLAN `Corp-401266017` must go through the
controllers, where the guest WLAN `Guest-19283746` traffic must use the local
Internet line installed in each office. Which configuration will accomplish this task?
Question #102Topic 1
A network engineer is implementing BYOD on a wireless network. Based on the
customer requirements, a dual SSID approach must be taken. Which two advanced
WLAN configurations must be performed? (Choose two.)
Question #103Topic 1
Which three characteristics of a rogue AP pose a high security risk? (Choose three.)
• A. open authentication
• B. high RSSI
• C. foreign SSID
• D. accepts clients
• E. low RSSI
• F. distant location
Question #104Topic 1
Which AP model of the Cisco Aironet Active Sensor is used with Cisco DNA Center?
• A. 1800s
• B. 3600e
• C. 3800s
• D. 4800i
Question #105Topic 1
Which component must be integrated with Cisco DNA Center to display the location
of a client that is experiencing connectivity issues?
Question #106Topic 1
The IT manager is asking the wireless team to get a report for all guest user
associations during the past two weeks. In which two formats can Cisco Prime save
this report? (Choose two.)
• A. CSV
• B. PDF
• C. XLS
• D. DOC
• E. plain text
Question #107Topic 1
A customer is experiencing performance issues with its wireless network and asks a
wireless engineer to provide information about all sources of interference and their
impacts to the wireless network over the past few days. Where can the requested
information be accessed?
Question #108Topic 1
An engineer must provide a graphical report with summary grouped data of the total
number of wireless clients on the network. Which Cisco Prime Infrastructure report
provides the required data?
Question #109Topic 1
An engineer is using Cisco Prime Infrastructure reporting to monitor the state of
security on the WLAN. Which output is produced when the Adaptive wIPS Top 10
AP report is run?
Question #110Topic 1
Refer to the exhibit. An engineer tries to manage the rogues on the Cisco WLC.
Based on the configuration, which AP is marked as malicious by the controller?
• A. rogue AP with SSID admin seen for 4000 seconds and heard at -70dBm
• B. rogue AP with SSID admin seen for 3000 seconds and heard at -60dBm
• C. rogue AP with SSID admin seen for 4000 seconds and heard at -60dBm
• D. rogue AP with SSID admin seen for 3000 seconds and heard at -70dBm
Question #111Topic 1
Which devices can be tracked with the Cisco Context Aware Services?
Question #112Topic 1
Which two events are outcomes of a successful RF jamming attack? (Choose two.)
Question #113Topic 1
An engineer must create an account to log in to the CLI of an access point for
troubleshooting. Which configuration on the WLC will accomplish this?
Question #114Topic 1
A multitenant building contains known wireless networks in most of the suites.
Rogues must be classified in the WLC. How are the competing wireless APs
classified?
• A. adhoc
• B. friendly
• C. malicious
• D. unclassified
Question #115Topic 1
An enterprise has recently deployed a voice and video solution available to all
employees using AireOS controllers. The employees must use this service over their
laptops, but users report poor service when connected to the wireless network. The
programs that consume bandwidth must be identified and restricted.
Which configuration on the WLAN aids in recognizing the traffic?
• A. NetFlow Monitor
• B. AVC Profile
• C. QoS Profile
• D. Application Visibility
Question #116Topic 1
Which customizable security report on Cisco Prime Infrastructure will show rogue
APs detected since a point in time?
• A. Network Summary
• B. Rogue APs Events
• C. New Rogue APs
• D. Rogue APs Count Summary
Question #117Topic 1
After receiving an alert about a rogue AP, a network engineer logs into Cisco Prime
Infrastructure and looks at the floor map where the AP that detected the rogue is
located. The map is synchronized with a mobility services engine that determines that
the rogue device is actually inside the campus. The engineer determines that the
rogue is a security threat and decides to stop if from broadcasting inside the
enterprise wireless network. What is the fastest way to disable the rogue?
• A. Go to the location where the rogue device is indicated to be and disable the power.
• B. Create an SSID similar to the rogue to disable clients from connecting to it.
• C. Update the status of the rogue in Cisco Prime Infrastructure to contained.
• D. Classify the rogue as malicious in Cisco Prime Infrastructure.
Question #118Topic 1
Refer to the exhibit.
Which area indicates the greatest impact on the wireless network when viewing the
Cisco CleanAir Zone of Impact map of interferers?
• A. A
• B. B
• C. C
• D. D
Question #119Topic 1
A wireless network engineer must present a list of all rogue APs with a high severity
score to senior management. Which report must be created in Cisco Prime
Infrastructure to provide this information?
• A. Rogue AP Count Summary
• B. New Rogue APs
• C. Rogue AP Events
• D. Rogue APs
Question #120Topic 1
An engineer must run a Client Traffic Stream Metrics report in Cisco Prime
Infrastructure. Which task must be run before the report?
• A. scheduled report
• B. radio performance
• C. client status
• D. software