Copia de 300-430 V

Download as pdf or txt
Download as pdf or txt
You are on page 1of 54

Implementing Cisco Enterprise Wireless Networks (ENWLSI)

300-430
SET#1

QUESTION 1
For security purposes, an engineer enables CPU ACL and chooses an ACL on the Security > Access Control Lists >
CPU Access Control Lists menu.
Which kind of traffic does this change apply to, as soon as the change is made?

A. wireless traffic only


B. wired traffic only
C. VPN traffic
D. wireless and wired traffic

Answer: D
Explanation:
When CPU ACL is enabled, it is applicable to both wireless and wired traffic.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/configguide/b_cg85/access_control_lists.html

QUESTION 2
An engineer must implement Cisco Identity-Based Networking Services at a remote site using ISE to dynamically assign
groups of users to specific IP subnets.
If the subnet assigned to a client is available at the remote site, then traffic must be offloaded locally, and subnets are
unavailable at the remote site must be tunneled back to the WLC. Which feature meets these requirements?

A. learn client IP address


B. FlexConnect local authentication
C. VLAN-based central switching
D. central DHCP processing

Answer: C

QUESTION 3
Which two events are outcomes of a successful RF jamming attack? (Choose two.)

A. disruption of WLAN services


B. unauthentication association
C. deauthentication broadcast
D. deauthentication multicast
E. physical damage to AP hardware

Answer: AE
Explanation:

AllDumpz
[email protected]
QUESTION 4
Which two steps are needed to complete integration of the MSE to Cisco Prime Infrastructure and be able to track the
location of clients/rogues on maps? (Choose two.)

A. Synchronize access points with the MSE.


B. Add the MSE to Cisco Prime Infrastructure using the CLI credentials.
C. Add the MSE to Cisco Prime Infrastructure using the Cisco Prime Infrastructure communication credentials
configured during set up.
D. Apply a valid license for Wireless Intrusion Prevention System.
E. Apply a valid license for location tracking.

Answer: CE Explanation:
https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/33/user/guide/bk_Cis
coPrimeInfrastructure_3_3_0_UserGuide/bk_CiscoPrimeInfrastructure_3_3_0_UserGuide_
chapter_0100110.html

QUESTION 5
An engineer is performing a Cisco Hyperlocation accuracy test and executes the cmxloc start command on Cisco CMX.
Which two parameters are relevant? (Choose two.)

A. X, Y real location
B. client description
C. AP name
D. client MAC address
E. WLC IP address

Answer: AD
Explanation:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/88/b_ap_4800_hyperlo
cation_deployment_guide.html

QUESTION 6
A network engineer observes a spike in controller CPU overhead and overall network utilization after multicast is
enabled on a controller with 500 APs. Which feature connects the issue?

A. controller IGMP snooping


B. multicast AP multicast mode
C. broadcast forwarding
D. unicast AP multicast mode

Answer: D
Explanation:
Note: The question is about the reason behind CPU hike, it is not asking the solution for the issue
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/81671- multicastwlc-lap.html

QUESTION 7

AllDumpz
[email protected]
Refer to the exhibit. An engineer must connect a fork lift via a WGB to a wireless network and must authenticate the
WGB certificate against the RADIUS server. Which three steps are required for this configuration? (Choose three.)

A. Configure the certificate, WLAN, and radio interface on WGB.


B. Configure the certificate on the WLC.
C. Configure WLAN to authenticate using ISE.
D. Configure the access point with the root certificate from ISE.
E. Configure WGB as a network device in ISE.
F. Configure a policy on ISE to allow devices to connect that validate the certificate.

Answer: ACF Explanation:


https://mrncciew.com/2018/05/25/wgb-with-peap/

QUESTION 8
On a branch office deployment, it has been noted that if the FlexConnect AP is in standalone mode and loses
connection to the WLC, all clients are disconnected, and the SSID is no longer
advertised.
Considering that FlexConnect local switching is enabled, which setting is causing this behavior?

A. ISE NAC is enabled


B. 802.11r Fast Transition is enabled
C. Client Exclusion is enabled
D. FlexConnect Local Auth is disabled

Answer: D

QUESTION 9
AllDumpz
[email protected]
What is the default IEEE 802.1x AP authentication configuration on a Cisco Catalyst 9800 Series Wireless Controller?

A. EAP-PEAP with 802.1x port authentication


B. EAP-TLS with 802.1x port authentication
C. EAP-FAST with CAPWAP DTLS + port authentication
D. EAP-FAST with CAPWAP DTLS

Answer: D

QUESTION 10
When using a Cisco Catalyst 9800 Series Wireless Controller, which statement about AutoQoS is true?

A. It has a set of predefined profiles that you cannot modify further


B. It matches traffic and assigns each matched packet to QoS groups
C. It automates deployment of wired QoS and makes wireless QoS implementation easier D. It allows the output policy
map to put specific QoS queues into specific subgroups

Answer: B

QUESTION 11
An engineer must implement rogue containment for an SSID. What is the maximum number of APs that should be used
for containment?

A. 1 B. 2 C. 3 D. 4

Answer: D Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/technology/roguedetection_deploy/Rogue_Detecti on.html

QUESTION 12
What is the maximum time range that can be viewed on the Cisco DNA Center issues and alarms page?

A. 3 hours
B. 24 hours
C. 3 days
D. 7 days

Answer: D
Explanation:

QUESTION 13
An engineer is implementing a FlexConnect group for access points at a remote location using local switching but central
DHCP.
Which client feature becomes available only if this configuration is changed?

AllDumpz
[email protected]
A. multicast
B. static IP
C. fast roaming
D. mDNS

Answer: B Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-7/configguide/b_cg87/flexconnect.html

QUESTION 14
What is the default NMSP echo interval between Cisco MSE and a Wireless LAN Controller?

A. 10 seconds B. 15 seconds C. 30
seconds
D. 60 seconds

Answer: B Explanation:
https://www.cisco.com/en/US/docs/wireless/mse/3350/6.0/CAS/configuration/guide/msecg_ch4_ CAS.html

QUESTION 15
An engineer configures a Cisco Aironet 600 Series OfficeExtend AP for a user who works remotely.
What is configured on the Cisco WLC to allow the user to print a printer on his home network?

A. split tunneling
B. SE-connect
C. FlexConnect
D. AP failover priority

Answer: A Explanation: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-602-


officeextendaccesspoint/117540-configure-splittunneloeap-00.html

QUESTION 16
When implementing self-registration for guest/BYOD devices, what happens when an employee tries to connect four
devices to the network at the same time?

A. The last device is removed and the newly added device is updated as active device.
B. The registration is allowed, but only one device is connected at any given time.
C. All devices are allowed on the network simultaneously.
D. Purge time dictates how long a device is registered to the portal.

Answer: B Explanation:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_A
ccess/BYOD_Design_Guide/BYOD_Enhanced_Use_Case.html

QUESTION 17
Where is Cisco Hyperlocation enabled on a Cisco Catalyst 9800 Series Wireless Controller web interface?

A. Policy Profile
B. AP Join Profile
C. Flex Profile
AllDumpz
[email protected]
D. RF Profile

Answer: B Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/configguide/b_wl_16_10_cg/ciscohyperlocation.html

QUESTION 18
A customer is experiencing performance issues with its wireless network and asks a wireless engineer to provide
information about all sources of interference and their impacts to the wireless network over the past few days.
Where can the requested information be accessed?

A. CleanAir reports on Cisco Prime Infrastructure


B. Performance reports on Cisco Prime Infrastructure
C. Interference Devices reports on Cisco Wireless LAN Controller
D. Air Quality reports on Cisco Wireless LAN Controller

Answer: A
Explanation:

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Apr2014/CVDCampusCleanAirDesignGuide-APR14.pdf

QUESTION 19
An engineer is following the proper upgrade path to upgrade a Cisco AireOS WLC from version 7.3 to 8.9.
Which two ACLs for Cisco CWA must be configured when upgrading from the specified codes? (Choose two.)

A. Permit 0.0.0.0 0.0.0.0 UDP any any


B. Permit 0.0.0.0 0.0.0.0 any DNS any
C. Permit 0.0.0.0 0.0.0.0 UDP DNS any
D. Permit 0.0.0.0 0.0.0.0 UDP any DNS
E. Permit any any any

Answer: CD Explanation:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732- centralweb-auth-00.html

AllDumpz
[email protected]
QUESTION 20
Refer to the exhibit. The image shows a packet capture that was taken at the CLI of the Cisco CMX server. It shows
UDP traffic from the WLC coming into the server. What does the capture prove?

A. The Cisco CMX server receives NetFlow data from the WLC.
B. The Cisco CMX server receives NMSP traffic from the WLC.
C. The Cisco CMX server receives SNMP traffic from the WLC.
D. The Cisco CMX server receives Angle-of-Arrival data from the WLC.

Answer: D
Explanation:
https://www.cisco.com/c/en/us/support/docs/wireless/connected-mobile- experiences/200907configuring-and-
troubleshooting-hyperloc.html

AllDumpz
[email protected]
QUESTION 21
CMX Facebook Wi-Fi allows access to the network before authentication. Which two elements are available?
(Choose two.)

A. Allow HTTP traffic only before authentication and block all the traffic.
B. Allow all the traffic before authentication and intercept HTTPS only.
C. Allow HTTPs traffic only before authentication and block all other traffic.
D. Allow all the traffic before authentication and intercept HTTP only.
E. Allow SNMP traffic only before authentication and block all the traffic.

Answer: CD Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/mse/8-
0/CMX_Connect_Engage_Visitor_Connect/Guide/Cisco_CMX_Connect_Engage_Config_Guide_
VC/CMX_Facebook_Wi-Fi.html

QUESTION 22
A wireless engineer needs to implement client tracking. Which method does the angle of arrival use to determine the
location of a wireless device?

A. received signal strength


B. triangulation
C. time distance of arrival
D. angle of incidence

Answer: D Explanation:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/WiFiLBS-DG/wifich2.html

QUESTION 23
An engineer must configure a Cisco WLC to support Cisco Aironet 600 Series OfficeExtend APs. Which two Layer 2
security options are supported in this environment? (Choose two.)

A. Static WEP + 802.1X


B. WPA+WPA2
C. Static WEP
D. CKIP
E. 802.1X

Answer: BC

QUESTION 24
Refer to the exhibit. An engineer is creating an ACL to restrict some traffic to the WLC CPU. Which selection must be
made from the direction drop-down list?

AllDumpz
[email protected]
A. It must be Inbound because traffic goes to the WLC.
B. Packet direction has no significance; it is always Any.
C. It must be Outbound because it is traffic that is generated from the WLC.
D. To have the complete list of options, the CPU ACL must be created only by the CLI.

Answer: A

QUESTION 25
During the EAP process and specifically related to the client authentication session, which encrypted key is sent from the
RADIUS server to the access point?

A. WPA key
B. session key
C. encryption key
D. shared-secret key

Answer: B

QUESTION 26
Branch wireless users report that they can no longer access services from head office but can access services locally at
the site.
New wireless users can associate to the wireless while the WAN is down.
Which three elements (Cisco FlexConnect state, operation mode, and authentication method) are seen in this scenario?
(Choose three.)

A. authentication-local/switch-local
B. WPA2 personal
C. authentication-central/switch-central
D. lightweight mode
E. standalone mode
F. WEB authentication

Answer: ABE

AllDumpz
[email protected]
QUESTION 27
What is an important consideration when implementing a dual SSID design for BYOD?

A. After using the provisioning SSID, an ACL that used to make the client switch SSIDs forces the user to associate
and traverse the network by MAC filtering.
B. If multiple WLCs are used, the WLAN IDs must be exact for the clients to be provisioned and traverse the network
correctly.
C. SSIDs for this setup must be configured with NAC State-RADIUS NAC for the clients to authenticate with Cisco ISE,
or with NAC State-ISE NAC for Cisco ISE to associate the client.
D. One SSID is for provisioning and the other SSID is for gaining access to the network. The use of an ACL should not
be enforced to make the client connect to the REAL SSID after provisioning.

Answer: B
Explanation:
When implementing BYOD solutions using more than one Wireless LAN Controller, WLAN IDs must be kept consistent.
WLAN ID is used by ISE in determining which WLAN (SSID) clients are using to connect to the network. Ensuring each
WLAN has the same WLAN ID on each WLC is essential for proper operation and security.
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/
BYOD_Design_Guide/BYOD_Wireless.html

QUESTION 28
Which two protocols are used to communicate between the Cisco MSE and the Cisco Prime Infrastructure network
management software? (Choose two.)

A. HTTPS
B. Telnet C. SOAP
D. SSH
E. NMSP

Answer: AC Explanation:
https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113344cuwn-ppm.html#anc5

QUESTION 29
An engineer is configuring multicast for wireless for an all-company video meeting on a network using EIGRP and
BGP within a single domain from a single source. Which type of multicast routing should be implemented?

A. Protocol Independent Multicast Dense Mode


B. Source Specific Multicast
C. Multicast Source Discovery Protocol
D. Protocol Independent Multicast Sparse Mode

Answer: D

QUESTION 30
Which component must be integrated with Cisco DNA Center to display the location of a client that is experiencing
connectivity issues?

A. Cisco Hyperlocation Module


B. Wireless Intrusion Prevention System C. Cisco Connected Mobile Experiences
D. Cisco Mobility Services Engine

Answer: C
AllDumpz
[email protected]
QUESTION 31
An engineer configured a Cisco AireOS controller with two TACACS+ servers.
The engineer notices that when the primary TACACS+ server fails, the WLC starts using the secondary server as
expected, but the WLC does not use the primary server again until the secondary server fails or the controller is
rebooted.
Which cause of this issue is true?

A. Fallback is enabled
B. Fallback is disabled
C. DNS query is disabled
D. DNS query is enabled

Answer: B

QUESTION 32
A Cisco WLC has been added to the network and Cisco ISE as a network device, but authentication is failing.
Which configuration within the network device configuration should be verified?

A. SNMP RO community
B. device interface credentials
C. device ID
D. shared secret

Answer: D

QUESTION 33
Refer to the exhibit. A network administrator deploys the DHCP profiler service in two ISE servers: 10.3.10.101 and
10.3.10.102.
All BYOD devices connecting to WLAN on VLAN63 have been incorrectly profiled and are assigned as unknown profiled
endpoints.
Which action efficiently rectifies the issue according to Cisco recommendations?

A. Nothing needed to be added on the Cisco WLC or VLAN interface. The ISE configuration must be fixed.
B. Disable DHCP proxy on the Cisco WLC.
C. Disable DHCP proxy on the Cisco WLC and run the ip helper-address command under the VLAN interface to point
to DHCP and the two ISE servers.
D. Keep DHCP proxy enabled on the Cisco WLC and define helper-address under the VLAN interface to point to the
two ISE servers.
AllDumpz
[email protected]
Answer: C Explanation: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-
lancontrollers/110865-dhcp-wlc.html

QUESTION 34
Which statement about the VideoStream/Multicast Direct feature is true?

A. IP multicast traffic is reliable over WLAN by default as defined by the IEEE 802.11 wireless multicast delivery
mechanism.
B. Each VideoStream client acknowledges receiving a video IP multicast stream.
C. It converts the unicast frame to a multicast frame over the air.
D. It makes the delivery of the IP multicast stream less reliable over the air, but reliable over Ethernet.

Answer: B Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/configurationguide/b_cg81/multicast_broadcast_setup.html

QUESTION 35
Where is a Cisco OEAP enabled on a Cisco Catalyst 9800 Series Wireless Controller?

A. RF Profile
B. Flex Profile
C. Policy Profile
D. AP Join Profile

Answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/configguide/b_wl_16_10_cg/flexconnect.html

QUESTION 36
A network engineer is implementing a wireless network and is considering deploying a single SSID for device
onboarding.
Which option is a benefit of using dual SSIDs with a captive portal on the onboard SSID compared to a single SSID
solution?

A. limit of a single device per user


B. restrict allowed devices types
C. allow multiple devices per user
D. minimize client configuration errors

Answer: B
Explanation:

QUESTION 37
AllDumpz
[email protected]
A company wants to switch to BYOD to reduce IT support costs for the company. Which option is an impact of
BYOD should be considered?

A. increased VPN connections


B. restricted device enforcement
C. increased phishing attacks
D. decreased support calls

Answer: A

QUESTION 38
An engineer is configuring a BYOD deployment strategy and prefers a single SSID model. Which technology is required
to accomplish this configuration?

A. mobility service engine


B. wireless control system
C. identify service engine
D. Prime Infrastructure

Answer: C
Explanation:

QUESTION 39
An engineer is designing a high availability wireless network. What mechanism should be the focus for high availability?

A. SNR
B. channel reuse
C. RSSI
D. cell overlap

Answer: D
Explanation:
Describe basic RF deployment considerations related to site survey design of data or VoWLAN applications, common
RF interference sources such as devices, building material, AP location, and basic RF site survey design related to
channel reuse, signal strength, and cell overlap. If an AP fails, channel reuse in the design is not going to help you if
there is no coverage. Cell overlap will, because more than one AP will cover a given area.

QUESTION 40
Which two restrictions are in place with regards to configuring mDNS? (Choose two.)

A. mDNS uses only UDP port 5436 as a destination port.


B. mDNS cannot use UDP port 5353 as the destination port.
C. mDNS is not supported on FlexConnect APs with a locally switched WLAN.
D. Controller software must be newer than 7.0.6+.
E. mDNS is not supported over IPv6.

AllDumpz
[email protected]
Answer: CE

QUESTION 41
An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which configuration must be
enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the
RADIUS?

A. pre-authentication
B. local EAP
C. authentication caching
D. Cisco Centralized Key Management

Answer: B

QUESTION 42
Which QoS level is recommended for guest services?

A. gold
B. bronze
C. platinum
D. silver

Answer: B

QUESTION 43
Which feature on the Cisco Wireless LAN Controller must be present to support dynamic VLAN mapping?

A. FlexConnect ACL
B. VLAN name override
C. CCKM/OKC
D. AAA override

Answer: D

QUESTION 44
Which two statements about the requirements for a Cisco Hyperlocation deployment are true? (Choose two.)

A. After enabling Cisco Hyperlocation on Cisco CMX, the APs and the wireless LAN controller must be restarted.
B. NTP can be configured, but that is not recommended.
C. The Cisco Hyperlocation feature must be enabled on the wireless LAN controller and Cisco CMX.
D. The Cisco Hyperlocation feature must be enabled only on the wireless LAN controller. E. If the Cisco CMX server is
a VM, a high-end VM is needed for Cisco Hyperlocation deployments.

Answer: CE Explanation: https://www.cisco.com/c/en/us/products/collateral/wireless/mobility-services-


engine/datasheetc78-734648.html

AllDumpz
[email protected]
QUESTION 45
An engineer must use Cisco AVC on a Cisco WLC to prioritize Cisco IP cameras that use the wireless network. Which
element do you configure in a rule?

A. permit-ACL
B. WMM required
C. mark
D. rate-limit

Answer: C

QUESTION 46
An engineer wants to configure WebEx to adjust the precedence and override the QoS profile on the WLAN.
Which configuration is needed to complete this task?

A. Change the WLAN reserved bandwidth for WebEx


B. Create an AVC profile for WebEx
C. Create an ACL for WebEx
D. Change the AVC application WebEx-app-sharing to mark

Answer: B Explanation: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-


5/AVC_dg7point5.html

QUESTION 47
What two actions must be taken by an engineer configuring wireless Identity-Based Networking for a WLAN to enable
VLAN tagging? (Choose two.)

A. enable AAA override on the WLAN


B. create and apply the appropriate ACL to the WLAN
C. update the RADIUS server attributes for tunnel type 64, medium type 65, and tunnel private group type 81
D. configure RADIUS server with WLAN subnet and VLAN ID
E. enable VLAN Select on the wireless LAN controller and the WLAN

AllDumpz
[email protected]
Answer: AC

QUESTION 48
You are configuring the social login for a guest network. Which three options are configurable social connectors in Cisco
CMX Visitor Connect? (Choose three)

A. LinkedIn
B. Pinterest
C. Medium
D. Google+
E. Facebook
F. Myspace

Answer: ADE

QUESTION 49
An engineer has configured passive fallback mode for RADIUS with default timer settings. What will occur when the
primary RADIUS fails then recovers?

A. RADIUS requests will be sent to the secondary RADIUS server until the secondary fails to respond.
B. The controller will immediately revert back after it receives a RADIUS probe from the primary server.
C. After the inactive time expires the controller will send RADIUS to the primary.
D. Once RADIUS probe messages determine the primary controller is active the controller will revert back to the
primary RADIUS.

Answer: C

QUESTION 50
What is the difference between PIM sparse mode and PIM dense mode?

A. Sparse mode supports only one switch. Dense mode supports multiswitch networks.
B. Sparse mode floods. Dense mode uses distribution trees. C. Sparse mode uses distribution trees.
Dense mode floods.
D. Sparse mode supports multiswitch networks. Dense mode supports only one switch.

Answer: C Explanation:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/xe-16/imc-pim- xe16-book/imc-tech-
oview.html

QUESTION 51
Refer to the exhibit. Which two items must be supported on the VoWLAN phones to take full advantage of this WLAN
configuration? (Choose two.)

AllDumpz
[email protected]
A. TSPEC
B. SIFS
C. 802.11e
D. WMM
E. APSD

Answer: CD

QUESTION 52
A user is trying to connect to a wireless network that is configured for WPA2-Enterprise security using a corporate
laptop.
The CA certificate for the authentication server has been installed on the Trusted Root Certification Authorities store on
the laptop.
The user has been prompted to enter the credentials multiple times, but the authentication has not succeeded. What is
causing the issue?

A. There is an IEEE invalid 802.1X authentication policy on the authentication server.


B. The user Active Directory account is locked out after several failed attempts.
C. There is an invalid 802.1X authentication policy on the authenticator.
D. The laptop has not received a valid IP address from the wireless controller.

AllDumpz
[email protected]
Answer: A Explanation:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_199/Dot1X_
Deployment/Dot1x_Dep_Guide.html

QUESTION 53
A new MSE with wIPS service has been installed and no alarm information appears to be reaching the MSE from
controllers.
Which protocol must be allowed to reach the MSE from the controllers?

A. SOAP/XML
B. NMSP
C. CAPWAP
D. SNMP

Answer: B Explanation:

QUESTION 54
A company is deploying wireless PCs on forklifts within its new 10,000-square-foot (3048-square- rneter) facility.
The clients are configured for PEAP-MS-CHAPv2 with WPA TKIP. Users report that applications frequently drop when
the clients roam between access points on the floor.
A professional site survey was completed.
Which configuration change is recommended to improve the speed of client roaming?

A. EAP-FAST
B. EAP-TLS
C. WPA AES
D. WPA2 AES

Answer: D
Explanation:
WPA2 AES (Enterprise) is supported for CCKM, Cisco Centralized Key Management, which facilitates distributing client
session keys to neighboring APs for a faster more seamless roaming experience.

QUESTION 55

AllDumpz
[email protected]
An engineer is troubleshooting rogue access points that are showing up in Cisco Prime Infrastructure.
What is maximum number of APS the engineer can use to contain an identified rogue access point in the WLC?

A. 3 B. 4 C. 6
D. 5

Answer: B
Explanation:
Enter the maximum number of Cisco APs to actively contain the rogue client [1-4].
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan- controllers/112045-handling-rogue-cuwn-
00.html

QUESTION 56
The IT manager is asking the wireless team to get a report for all guest user associations during the past two weeks. In
which two formats can Cisco Prime save this report? (Choose two.)

A. CSV
B. PDF
C. XLS
D. DOC
E. plain text

Answer: AB Explanation:
https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-
2/user/guide/bk_CiscoPrimeInfrastructure_3_2_0_UserGuide/bk_CiscoPrimeInfrastructure_3_2_
0_User Guide_chapter_01010.html

QUESTION 57
Which devices can be tracked with the Cisco Context Aware Services?

A. wired and wireless devices


B. wireless devices
C. wired devices
D. Cisco certified wireless devices

Answer: A Explanation:
https://www.cisco.com/c/en/us/support/docs/wireless/context-aware-software/110836-casfaq.html

QUESTION 58
All APs are receiving multicast traffic, instead of only the APs that need it. What is the cause of this problem?

A. The multicast group includes all APs


B. The wrong multicast address was used
C. The multicast group is assigned the wrong VLAN
D. Multicast IGMP snooping is not enabled

Answer: D

QUESTION 59

AllDumpz
[email protected]
An IT team is growing quickly and needs a solution for management device access. The solution must authenticate
users from an external repository instead of the current local on the WLC, and it must also identify the user and
determine what level of access users should have.
Which protocol do you recommend to achieve these goals?

A. network policy server


B. RADIUS
C. TACACS+
D. LDAP

Answer: C Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/Denali_161/ConfigExamples_Technotes/Tec
hzone_Articles/Example_and_Technotes_Denali_16_1_1/Example_and_Technotes_Denali_16_
1_1_chapter_010110.pdf

QUESTION 60
Which customizable security report on Cisco Prime Infrastructure would show rogue APs detected since a point in time?

A. New Rogue APs


B. Rogue AP Events
C. Rogue APs
D. Rogue AP Count Summary

Answer: C
Explanation:

AllDumpz
[email protected]
QUESTION 61
After receiving an alert regarding a rogue AP, a network engineer logs into Cisco Prime and looks at the floor map where
the AP that detected the rogue is located.
The map is synchronized with a mobility services engine that determines the rogue device is actually inside the campus.
The engineer determines the rogue to be a security threat and decides to stop it from broadcasting inside the enterprise
wireless network.
What is the fastest way to disable the rogue?

A. Go to the location the rogue device is indicated to be and disable the power.
B. Create an SSID on WLAN controller resembling the SSID of the rogue to spoof it and disable clients from connecting
to it.
C. Classify the rogue as malicious in Cisco Prime.
D. Update the status of the rogue in Cisco Prime to contained.

Answer: A
Explanation:
As MSE is used and location of Rogue is identified, the fastest way to disable the rogue is to disable the power.
Option C is incorrect because if Rogue is identified as malicious then it just sends a "ALERT" alarm in cisco prime, but
the rogue is not disabled.

QUESTION 62
A network engineer is configuring a Cisco AireOS WLC environment for central web authentication using Cisco ISE.
The controllers are configured using auto-anchor for the guest network.
Which three components must be implemented for the foreign WLC? (Choose three.)

AllDumpz
[email protected]
A. DHCP RADIUS profiling enabled.
B. HTTP RADIUS profiling enabled.
C. UDP/1812-1813 open to ISE
D. downloadable preauth ACL on ISE
E. local preauth ACL on WLC
F. WLAN Layer 2 security

Answer: CF Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-
DesignGuide/Enterprise_Mobility_8-1_Deployment_Guide/WirelessNetwork_GuestAccessService.pdf

QUESTION 63
An engineer is adding APs to an existing VoWLAN to allow for location based services. Which option will the primary
change be to the network?

A. increased transmit power on all APs


B. moving to a bridging model
C. AP footprint
D. cell overlap would decrease
E. triangulation of devices

Answer: A

QUESTION 64
A wireless engineer must implement a corporate wireless network for a large company in the most efficient way possible.
The wireless network must support 32 VLANs for 300 employees in different departments. Which solution must the
engineer choose?

A. Configure a second WLC to support half of the APs in the deployment.


B. Configure one single SSID and implement Cisco ISE for VLAN assignment according to different user roles.
C. Configure different AP groups to support different VLANs, so that all of the WLANs can be broadcast on both radios.
D. Configure 16 WLANs to be broadcast on the 2.4-GHz band and 16 WLANs to be broadcast on the 5.0-GHz band.

Answer: B
Explanation:
One of the primary advantage of ISE and 802.1x with COA is to use user groups and put them on the appropriate VLAN
after authentication.

QUESTION 65
A corporation has recently implemented a BYOD policy at their HQ.
Which two risks should the security director be concerned about? (Choose two.)

A. network analyzers
B. malware
C. lost and stolen devices
D. keyloggers
E. unauthorized users

Answer: BC Explanation:
https://ccbtechnology.com/byod-5-biggest-security-risks/
https://blogs.cisco.com/security/byod-many-call-it-bring-your-own-malware-byom

AllDumpz
[email protected]
QUESTION 66
An engineer is implementing Cisco Identity-Based Networking on a Cisco AireOS controller. The engineer has two ACLs
on the controller.
The first ACL, named BASE_ACL, is applied to the corporate_clients interface on the WLC, which is used for all
corporate clients.
The second ACL, named HR_ACL, is referenced by ISE in the Human Resources group policy. What is the resulting
ACL when a Human Resources user connects?

A. HR_ACL appended with BASE_ACL


B. HR_ACL only
C. BASE_ACL appended with HR_ACL
D. BASE_ACL only

Answer: B Explanation:
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98590Per-User-ACL-
WLC.html#configure-acs

QUESTION 67
Which AP model of the Cisco Aironet Active Sensor is used with Cisco DNA Center?

A. 1800s
B. 3600e
C. 3800s
D. 4800i

Answer: A Explanation: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-active- sensor/guide-


c07743929.html

QUESTION 68
A FlexConnect remote office deployment is using five 2702i APs indoors and two 1532i APs outdoors.
When a code upgrade is performed and FlexConnect Smart AP Image Upgrade is leveraged, but no FlexConnect
Master AP has been configured, how many image transfers between the WLC and APs will occur?

A. 1 B. 2 C. 5
D. 7

Answer: B

QUESTION 69
Which three characteristics of a rogue AP pose a high security risk? (Choose three.)

A. open authentication
B. high RSSI
C. foreign SSID
D. accepts clients
E. low RSSI
F. distant location

Answer: ACD Explanation:


https://www.cisco.com/c/en/us/td/docs/wireless/controller/74/configuration/guides/consolida
ted/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010111001.html

AllDumpz
[email protected]
QUESTION 70
An administrator receives reports of many interferers in the wireless network and wants to get the location of these
interferers from the maps in Cisco Prime Infrastructure.
When looking at the floor plans/maps, the administrator does not see any interferers, but can see all wireless clients
located successfully.
Which two statements define the cause of the issue? (Choose two.)

A. MSE is not added to Cisco Prime infrastructure and synchronized.


B. Interferer tracking is not enabled on the MSE.
C. SNMP between Cisco Prime Infrastructure and the WLC is failing.
D. Context Aware Service tracking limit has already been reached with tracking other elements.
E. NSMP communication is inactive with the WLC.

Answer: AB Explanation:
https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112139- cleanair-uwn-guide-
00.html

QUESTION 71
You plan to implement Cisco Identity Based Networking Services on a Cisco Catalyst 3850 Series Switch. Which switch
command is required when configuring downloadable ACLs?

A. authentication display new-style


B. ip device tracking
C. dot1x system-auth-control
D. aaa session-id common

Answer: B
Explanation: https://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_8021x/configuration/15-2mt/sec-ieee- 802x-acl-
assign.html

QUESTION 72
Which CLI command do you use to shut down the 2.4 GHz radio of the Floor1_AP1 AP on a Cisco 3850 Switch?

A. ap name Floor1_AP1 dot11 shutdown 24ghz


B. ap name Floor1_AP1 dot11 5ghz shutdown
C. ap name Floor1_AP1 dot11 24ghz shutdown
D. ap name Floor1_AP1 shutdown dot11 24ghz

Answer: C

QUESTION 73
Which three properties are used for client profiling of wireless clients? (Choose three.)

A. HTTP user agent


B. DHCP
C. MAC OUI
D. hostname
E. OS version
F. IP address

Answer: ABC Explanation:

AllDumpz
[email protected]
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7- 5/NativeProfiling75.html

QUESTION 74
Which command set configures a Cisco Catalyst 9800 Series Wireless Controller so that the client traffic enters the
network at the AP switch port?

A. Option A
B. Option B
C. Option C
D. Option D

Answer: D
Explanation:
There is no "wireless flexconnect" command. Use the "wireless profile Policy" command.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-1/cmdref/b_wl_17_1_cr/configuration-
commands-g-to-z.html#wp5169136690 There is no "Local switching" command. Use the "no central
switching" command.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-1/cmdref/b_wl_17_1_cr/configuration-commands-a-
to-f.html#wp3034709985

QUESTION 75
An engineer completed the basic installation for two Cisco CMX servers and is in the process of configuring high
availability, but it fails.
Which two statements about the root of the issue are true? (Choose two.)

A. The Cisco CMX instances are installed in the same subnet.


B. The types of the primary and secondary Cisco CMX installations differ.
C. The delay between the primary and secondary instance is 200 ms.
AllDumpz
[email protected]
D. The sizes of the primary and secondary Cisco CMX installations differ.
E. Both Cisco CMX installations are virtual.

Answer: BD

QUESTION 76
An engineer wants the wireless voice traffic class of service to be used to determine the queue order for packets
received, and then have the differentiated services code point set to match when it is resent to another port on the
switch.
Which configuration is required in the network?

A. Platinum QoS configured on the WLAN


B. WMM set to required on the WLAN
C. msl qos trust dscp configured on the controller switch port
D. msl qos trust cos configured on the controller switch port

Answer: C

QUESTION 77
Refer to the exhibit. You enter the command on a Cisco Catalyst 3850 Series Switch that runs Cisco ISO XE. What does
the command do?

A. It defines the user identity or the device identity to be validated by the RADIUS server.
B. It captures information on the length of the authorized session, as well as the bandwidth usage of the client.
C. It defines the RADIUS server used to track which sessions are still active.
D. It defines the level of access of the user or the device.

Answer: D

QUESTION 78
A wireless engineer has performed a Wireshark capture on an 802.1x authentication process to troubleshoot a
connectivity issue.
Which two types of packet does the EAP contain? (Choose two.)

A. EAP complete
B. EAP response
C. EAP failure
D. EAP request
E. EAP reply

Answer: BD

QUESTION 79
Which EAP method can an AP use to authenticate to the wired network?

A. EAP-GTC
B. EAP-MD5
C. EAP-TLS
D. EAP-FAST

Answer: D
AllDumpz
[email protected]
Explanation:
Enables or disables Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST)
authentication. https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/cmd-
ref/b_cr80/config_commands_a_to_i.html

QUESTION 80
An engineer is considering an MDM integration with Cisco ISE to assist with security for lost devices.
Which two functions of MDM increase security for lost devices that access data from the network? (Choose two.)

A. PIN enforcement
B. Jailbreak/root detection
C. data wipe
D. data encryption
E. data loss prevention

Answer: AC Explanation:

QUESTION 81
An engineer is setting up a new unique NAD on a Cisco ISE.
Which two parameters must be configured? (Choose two.)

A. device hostname
B. device password
C. RADIUS fallback
D. device IP address
E. RADIUS shared secret

Answer: AD

QUESTION 82
An engineer has configured the wireless controller to authenticate clients on the employee SSID against Microsoft Active
Directory using PEAP authentication.
Which protocol does the controller use to communicate with the authentication server?

A. EAP
B. 802.1X
C. RADIUS
D. WPA2

Answer: C
Explanation:
EAP is exchanged between supplicant and authenticator and RADIUS Is used between authenticator and Auth server.

AllDumpz
[email protected]
QUESTION 83
Which condition introduce security risk to a BYOD policy?

A. enterprise-managed MDM platform used for personal devices


B. access to LAN without implementing MDM solution
C. enforcement of BYOD access to internet only network
D. enterprise life-cycle enforcement of personal device refresh

Answer: B

QUESTION 84
Drag and Drop Question

A wireless engineer wants to schedule monthly security reports in Cisco Prime infrastructure. Drag and drop the report
the from the left onto the expected results when the report is generated on the right.

AllDumpz
[email protected]
Answer:

Explanation:

QUESTION 85
When configuring a Cisco WLC, which CLI command adds a VLAN with VLAN ID of 30 to a FlexConnect group named
BranchA-FCG?

AllDumpz
[email protected]
A. config flexconnect BranchA-FCG vlan 30 add
B. config flexconnect group BranchA-FCG vlan add 30
C. config flexconnect group BranchA-FCG vlan 30 add
D. config flexconnect BranchA-FCG vlan add 30

Answer: B

QUESTION 86
An engineer must implement intrusion protection the WLAN. The AP coverage is adequate and on-channel attacks are
the primary concern. The building is historic, which makes adding APs difficult. Which Ap mode and submode must be
implemented?

A. Ap mode: local, Ap submode: WIPS


B. Ap mode: monitor, Ap submode: WIPS
C. Ap mode: monitor, Ap submode: none
D. Ap mode: local, Ap submode: none

Answer: A

QUESTION 87
Refer to the exhibit. An engineer deployed a Cisco WLC using local EAP. Users who are configured for EAP-PEAP
cannot connect to the network. Based on the local EAP debug controller provided, why is the client unable to connect?

A. The client is falling to accept certificate.


B. The Cisco WLC is configured for the incorrect date.
C. The user is using invalid credentials.

Answer: A

QUESTION 88

AllDumpz
[email protected]
Which two configurations are applied on the WLC to enable multicast, check multicast stream subscriptions, and stream
content only to subscribed clients? (Choose two)

A. Enable IGMP snooping


B. Set the IGMP timeout to 180 seconds
C. Enable broadcast forwarding D. Enable 802.3x flow control mode.
E. Set the AP multicast to 238.255.255.255

Answer: AC Explanation: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/81671-


multicastwlc-lap.html

QUESTION 89
Which configured is applied to prevent the network from a Layer 2 flooding of multicast frames with a seamless transfer
of multicast data to the client when roaming from one controller to another?

A. Enable IGMPv3 on the central Layer 3 switch.


B. Enable IGMP snooping on the WLC
C. Create multicast groups on the central Layer 3 switch.

Answer: B Explanation: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/81671-


multicastwlc-lap.html

QUESTION 90
A corporation has a wireless network where all access points are configured in FlexConnect. The WLC has a Data
WLAN and a VoWiFi WLAN implemented where centrally-switched is configured for the APs. Which QoS configuration
must be implemented for the wireless packets to maintain the marking across the wired and wireless network?

A. Enable CAC
B. Trust DSCP
C. Set QoS to Platinum
D. Allow WMM

Answer: B

QUESTION 91
What is configured to use more than one port on the OEAP to extend the wired network's?

A. AAA override
B. client load balancing
C. remote LAN ACL
D. remote LAN

Answer: D

QUESTION 92
An engineer must create an account to log in to the CLI of an access point for troubleshooting. Which configuration on
the WLC will accomplish this?

A. ReadWrite User Access Mode


B. Global Configuration Enable Password
C. SNMP V3 User

AllDumpz
[email protected]
D. Allow New Telnet Sessions

Answer: B

QUESTION 93
A corporation is spread across different countries and uses MPLS to connect the offices. The senior management wants
to utilize the wireless network for all the employees. To ensure strong connectivity and minimize delays, an engineer
needs to control the amount of traffic that is traversing between the APs and the central WLC.
Which configuration should be used to accomplish this goal?

A. FlexConnect mode with OfficeExtend enabled


B. FlexConnect mode with local authentication
C. FlexConned mode with central switching enabled
D. FlexConnect mode with central authentication

Answer: B Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/72/configuration/guide/cg/cg_flex connect.html#wp1241304

QUESTION 94
An engineer must track guest traffic flow using the WLAN infrastructure. Which Cisco CMX feature must be configured
and used to accomplish this tracking?

A. analytics
B. connect and engage
C. presence
D. detect and locate.

Answer: C

QUESTION 95
Refer to the exhibit. An engineer tries to manage the rogues on the Cisco WLC. Based on the configuration, which AP is
marked as malicious by the controller?

AllDumpz
[email protected]
A. rogue AP with SSlD admin seen for 4000 seconds and heard at -60 dBm
B. rogue AP with SSID admin seen for 3000 seconds and heard at -70 dBm C. rogue AP with SSlD admin
seen for 4000 seconds and heard at -70 dBm
D. rogue AP with SSID admin seen for 3000 seconds and heard at -60 dBm

Answer: A

QUESTION 96
An engineer must achieve the highest level of location accuracy possible for a new mobile application. Which technology
must be implemented for this use case?

A. Time Difference of Arrival


B. Bluetooth Low Energy
C. RSS lateration
D. ToA lateration

Answer: A Explanation:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/WiFiLBSDG/wifich2.html

QUESTION 97
The CTO of an organization wants to ensure that all Android devices are placed into a separate VLAN on their
wireless network. However, the CTO does not want to deploy ISE. Which feature must be implemented on the Cisco
WLC?

A. RADIUS server overwrite interface


B. AAA override
C. WLAN local policy
D. custom AVC profile

Answer: C Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7- 5/NativeProfiling75.html

AllDumpz
[email protected]
QUESTION 98
What must be configured on the Global Configuration page of the WLC for an access point to use 802.1x to authenticate
to the wired infrastructure?

A. supplicant credentials
B. RADIUS shared secret C. local access point credentials
D. TACACS server IP address.

Answer: A

QUESTION 99
Refer to the exhibit. An engineer needs to manage non-802.11 interference. What is observed in the
output on PI?

A. Several light interferers are collectively impacting connectivity at this site.


B. The three Individual clusters shown Indicate poor AP placement.
C. At least one strong interferer is impacting connectivity at this site.

Answer: A

QUESTION 100
A customer is deploying local web authentication. Which software application must be implemented on Cisco ISE to
utilize as a directory service?

A. Solaris Directory Service


B. LDAP
C. SAML
AllDumpz
[email protected]
D. Novell eDirectory

Answer: B

QUESTION 101
What must be configured on ISE version 2.1 BYOD when using Single SSID?

A. no authentication
B. WPA2
C. open authentication
D. 802.1x

Answer: B

QUESTION 102
The security learn is concerned about the access to all network devices, including the Cisco WLC. To permit only the
admin subnet to have access to management, a CPU ACL is created and applied. However, guest users cannot get to
the web portal. What must be configured to permit only admins to have access?

A. The guest portal must be configured on the CPU ACLs on the Cisco WLC.
B. Access to Cisco ISE must be allowed on the pre authentication ACL.
C. Management traffic from the guest network must be configured on the ACL rules.
D. Traffic toward the virtual interface must be permitted.

Answer: C Explanation:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71978-acl- wlc.html

QUESTION 103
A network engineer has been hired to perform a new MSE implementation on an existing network. The MSE must be
installed in a different network than the Cisco WLC. Which configuration allows the devices to communicate over
NMSP?

A. Allow UDP/16113portonthe central switch.


B. Allow TCP/16666 port on the router.
C. Allow TCP/16113 port on the firewall.
D. Allow UDP/16666 port on the VPN router.

Answer: C Explanation:
https://www.cisco.com/en/US/docs/wireless/mse/3350/6.0/CAS/configuration/guide/msecg_ch4_ CAS.html

QUESTION 104
A company has a single WLAN configured for 802.1x authentication with the QoS set to Silver. This WLAN supports all
corporate and BYOD access. A decision has been made to allow users to install Cisco Jabber on their personal mobile
devices. Users report poor voice quality when using Jabber. QoS is being applied only as best effort. What must be
configured to ensure that the WLAN remains on the Silver class and to ensure Platinum class for Jabber?

A. Configure an AVC profile for the Jabber traffic and apply it to the WLAN.
B. Configure the WLAN to broadcast on 5 GHz radios only and allow Jabber users to conned.
C. Enable Cisco Centralized Key Management on the WLAN so that the Jabber-enabled devices will connect.
D. Configure QoS on the mobile devices that have Jabber installed.
AllDumpz
[email protected]
Answer: A
Section: (none)

Explanation/Reference:
Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/81/Jabber_in_WLAN/b_Jabb
er_in_WLAN.html#reference_7B4539C91FBE4639ACF906F6F3931667

QUESTION 105
When using a Cisco Catalyst 9800 Series Wireless Controller, which statement about AutoQoS is true?

A. It has a set of predefined profiles that you cannot modify further


B. It matches traffic and assigns each matched packet to QoS groups
C. It automates deployment of wired QoS and makes wireless QoS implementation easier D. It allows the output policy
map to put specific QoS queues into specific subgroups

Answer: B

QUESTION 106
All APs are receiving multicast traffic, instead of only the APs that need it. What is the cause of this problem?

A. The multicast group includes all APs


B. The wrong multicast address was used
C. The multicast group is assigned the wrong VLAN
D. Multicast IGMP snooping is not enabled

Answer: D Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/74/configuration/guides/consolidated/b_
cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01011.html

SET#2

Exam A
QUESTION 1
A wireless engineer must implement a corporate wireless network for a large company in the most efficient way possible.
The wireless network must support 32 VLANs for 300 employees in different departments. Which solution must the
engineer choose?
A. Configure a second WLC to support half of the APs in the deployment.
B. Configure one single SSID and implement Cisco ISE for VLAN assignment according to different user roles.
C. Configure different AP groups to support different VLANs, so that all of the WLANs can be broadcast on both
radios.
D. Configure 16 WLANs to be broadcast on the 2.4-GHz band and 16 WLANs to be broadcast on the 5.0-GHz band.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
A corporation has recently implemented a BYOD policy at their HQ. Which two risks should the security director be
concerned about? (Choose two.)
A. network analyzers
AllDumpz
[email protected]
B. malware
C. lost and stolen devices
D. keyloggers
E. unauthorized users
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3 Which two restrictions are in place with regards to configuring mDNS?
(Choose two.)
A. mDNS uses only UDP port 5436 as a destination port.
B. mDNS cannot use UDP port 5353 as the destination port.
C. mDNS is not supported on FlexConnect APs with a locally switched WLAN.
D. Controller software must be newer than 7.0.6+.
E. mDNS is not supported over IPv6.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which configuration must be
enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the
RADIUS?
A. pre-authentication
B. local EAP
C. authentication caching
D. Cisco Centralized Key Management
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5 Which QoS level is recommended for guest services?
A. gold
B. bronze
C. platinum
D. silver
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6 Which feature on the Cisco Wireless LAN Controller must be present to support dynamic VLAN mapping?
A. FlexConnect ACL
B. VLAN name override
C. CCKM/OKC
D. AAA override
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7 Which two statements about the requirements for a Cisco Hyperlocation deployment are true? (Choose
two.)
A. After enabling Cisco Hyperlocation on Cisco CMX, the APs and the wireless LAN controller must be restarted.
B. NTP can be configured, but that is not recommended.
C. The Cisco Hyperlocation feature must be enabled on the wireless LAN controller and Cisco CMX.
D. The Cisco Hyperlocation feature must be enabled only on the wireless LAN controller.

AllDumpz
[email protected]
E. If the Cisco CMX server is a VM, a high-end VM is needed for Cisco Hyperlocation deployments.
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
An engineer must use Cisco AVC on a Cisco WLC to prioritize Cisco IP cameras that use the wireless network. Which
element do you configure in a rule?
A. permit-ACL
b. WMM required
c. mark
d. rate-limit
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
An engineer wants to configure WebEx to adjust the precedence and override the QoS profile on the WLAN. Which
configuration is needed to complete this task?
a. Change the WLAN reserved bandwidth for WebEx
b. Create an AVC profile for WebEx
c. Create an ACL for WebEx
d. Change the AVC application WebEx-app-sharing to mark
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10 Which three properties are used for client profiling of wireless clients? (Choose three.)
a. HTTP user agent
b. DHCP
c. MAC OUI
d. hostname
e. OS version
f. IP address
Correct Answer: ABC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
Which command set configures a Cisco Catalyst 9800 Series Wireless Controller so that the client traffic enters the
network at the AP switch port? A.

B.

AllDumpz
[email protected]
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12 What is the difference between PIM sparse mode and PIM dense mode?
A. Sparse mode supports only one switch. Dense mode supports multiswitch networks.
B. Sparse mode floods. Dense mode uses distribution trees.
C. Sparse mode uses distribution trees. Dense mode floods.
D. Sparse mode supports multiswitch networks. Dense mode supports only one switch.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13

AllDumpz
[email protected]
Refer to the exhibit. Which two items must be supported on the VoWLAN phones to take full advantage of this WLAN
configuration? (Choose two.)
A. TSPEC
B. SIFS
C. 802.11e
D. WMM
E. APSD
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
A user is trying to connect to a wireless network that is configured for WPA2-Enterprise security using a corporate laptop.
The CA certificate for the authentication server has been installed on the Trusted Root Certification Authorities store on
the laptop. The user has been prompted to enter the credentials multiple times, but the authentication has not succeeded.
What is causing the issue?
A. There is an IEEE invalid 802.1X authentication policy on the authentication server.
B. The user Active Directory account is locked out after several failed attempts.
C. There is an invalid 802.1X authentication policy on the authenticator.
D. The laptop has not received a valid IP address from the wireless controller.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:

AllDumpz
[email protected]
QUESTION 15 A new MSE with wIPS service has been installed and no alarm information appears to be reaching the
MSE from controllers. Which protocol must be allowed to reach the MSE from the controllers?
A. SOAP/XML
B. NMSP
C. CAPWAP
D. SNMP
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16 An engineer completed the basic installation for two Cisco CMX servers and is in the process of
configuring high availability, but it fails. Which two statements about the root of the issue are true?
(Choose two.)
A. The Cisco CMX instances are installed in the same subnet.
B. The types of the primary and secondary Cisco CMX installations differ.
C. The delay between the primary and secondary instance is 200 ms.
D. The sizes of the primary and secondary Cisco CMX installations differ.
E. Both Cisco CMX installations are virtual.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
An engineer wants the wireless voice traffic class of service to be used to determine the queue order for packets received,
and then have the differentiated services code point set to match when it is resent to another port on the switch. Which
configuration is required in the network?
A. Platinum QoS configured on the WLAN
B. WMM set to required on the WLAN
C. msl qos trust dscp configured on the controller switch port
D. msl qos trust cos configured on the controller switch port
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 18 For security purposes, an engineer enables CPU ACL and chooses an ACL on the Security > Access
Control Lists > CPU Access Control Lists menu. Which kind of traffic does this change apply to, as soon as the change is
made?
A. wireless traffic only
B. wired traffic only
C. VPN traffic
D. wireless and wired traffic
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 19
An engineer must implement Cisco Identity-Based Networking Services at a remote site using ISE to dynamically assign
groups of users to specific IP subnets. If the subnet assigned to a client is available at the remote site, then traffic must be
offloaded locally, and subnets are unavailable at the remote site must be tunneled back to the WLC. Which feature meets
these requirements?
A. learn client IP address
B. FlexConnect local authentication
C. VLAN-based central switching
D. central DHCP processing
Correct Answer: C

AllDumpz
[email protected]
Section: (none)
Explanation
Explanation/Reference:
QUESTION 20 The IT manager is asking the wireless team to get a report for all guest user associations during the past
two weeks. In which two formats can Cisco Prime save this report? (Choose two.)
A. CSV
B. PDF
C. XLS
D. DOC
E. plain text
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-
2/user/guide/bk_CiscoPrimeInfrastructure_3_2_0_UserGuide/bk_CiscoPrimeInfrastructure_3_2_0_UserGuide_chapter_0
1010.html
QUESTION 21 Which devices can be tracked with the Cisco Context Aware Services?
A. wired and wireless devices
B. wireless devices
C. wired devices
D. Cisco certified wireless devices
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/support/docs/wireless/context-aware-software/110836-cas-faq.html
QUESTION 22
All APs are receiving multicast traffic, instead of only the APs that need it. What is the cause of this problem?
A. The multicast group includes all APs
B. The wrong multicast address was used
C. The multicast group is assigned the wrong VLAN
D. Multicast IGMP snooping is not enabled
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 23
An IT team is growing quickly and needs a solution for management device access. The solution must authenticate users
from an external repository instead of the current local on the WLC, and it must also identify the user and determine what
level of access users should have. Which protocol do you recommend to achieve these goals?
A. network policy server
B. RADIUS
C. TACACS+
D. LDAP
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 24 Which two events are outcomes of a successful RF jamming attack?
(Choose two.)
A. disruption of WLAN services
B. unauthentication association
C. deauthentication broadcast
D. deauthentication multicast

AllDumpz
[email protected]
physical damage to AP hardware
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 25
Which two steps are needed to complete integration of the MSE to Cisco Prime Infrastructure and be able to track the
location of clients/rogues on maps? (Choose two.)
Synchronize access points with the MSE.
Add the MSE to Cisco Prime Infrastructure using the CLI credentials.
Add the MSE to Cisco Prime Infrastructure using the Cisco Prime Infrastructure communication credentials configured
during set up.
Apply a valid license for Wireless Intrusion Prevention System.
Apply a valid license for location tracking.
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 26 An engineer is performing a Cisco Hyperlocation accuracy test and executes the cmxloc start command
on Cisco CMX. Which two parameters are relevant? (Choose two.)
X, Y real location
client description
AP name
client MAC address
WLC IP address
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27 A network engineer observes a spike in controller CPU overhead and overall network utilization after
multicast is enabled on a controller with 500 APs. Which feature connects the issue?
controller IGMP snooping
multicast AP multicast mode
broadcast forwarding
unicast AP multicast mode
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
Refer to the exhibit. An engineer must connect a fork lift via a WGB to a wireless network and must authenticate the WGB
certificate against the RADIUS server. Which three steps are required for this configuration? (Choose three.)

AllDumpz
[email protected]
Configure the certificate, WLAN, and radio interface on WGB.
Configure the certificate on the WLC.
Configure WLAN to authenticate using ISE.
Configure the access point with the root certificate from ISE.
Configure WGB as a network device in ISE.
Configure a policy on ISE to allow devices to connect that validate the certificate.
Correct Answer: ACF
Section: (none)
Explanation
Explanation/Reference:
QUESTION 29
On a branch office deployment, it has been noted that if the FlexConnect AP is in standalone mode and loses connection
to the WLC, all clients are disconnected, and the SSID is no longer advertised. Considering that FlexConnect local
switching is enabled, which setting is causing this behavior?
ISE NAC is enabled
802.11r Fast Transition is enabled
Client Exclusion is enabled
FlexConnect Local Auth is disabled
Correct Answer: D
Section: (none)

AllDumpz
[email protected]
Explanation
Explanation/Reference:
QUESTION 30 What is the default IEEE 802.1x AP authentication configuration on a Cisco Catalyst 9800 Series Wireless
Controller?
EAP-PEAP with 802.1x port authentication
EAP-TLS with 802.1x port authentication
EAP-FAST with CAPWAP DTLS + port authentication
EAP-FAST with CAPWAP DTLS
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 31 When using a Cisco Catalyst 9800 Series Wireless Controller, which statement about AutoQoS is true?
It has a set of predefined profiles that you cannot modify further
It matches traffic and assigns each matched packet to QoS groups
It automates deployment of wired QoS and makes wireless QoS implementation easier
It allows the output policy map to put specific QoS queues into specific subgroups
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 32 An engineer must implement rogue containment for an SSID. What is the maximum number of APs that
should be used for containment?
A. 1 B. 2
3
4
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/technology/roguedetection_deploy/Rogue_Detection.html
QUESTION 33 What is the maximum time range that can be viewed on the Cisco DNA Center issues and alarms page?
A. 3 hours
24 hours
3 days
7 days
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 34 An engineer is implementing a FlexConnect group for access points at a remote location using local
switching but central DHCP. Which client feature becomes available only if this configuration is changed?
multicast
static IP
fast roaming
mDNS
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 35 What is the default NMSP echo interval between Cisco MSE and a Wireless LAN Controller?
A. 10 seconds B. 15 seconds
30 seconds
60 seconds
AllDumpz
[email protected]
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.cisco.com/en/US/docs/wireless/mse/3350/6.0/CAS/configuration/guide/msecg_ch4_CAS.html
QUESTION 36 An engineer configures a Cisco Aironet 600 Series OfficeExtend AP for a user who works remotely. What
is configured on the Cisco WLC to allow the user to print a printer on his home network?
split tunneling
SE-connect
FlexConnect
AP failover priority
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/support/docs/wireless/aironet-602-officeextend-access-point/117540-configure-
splittunneloeap-00.html
QUESTION 37
When implementing self-registration for guest/BYOD devices, what happens when an employee tries to connect four
devices to the network at the same time?
The last device is removed and the newly added device is updated as active device.
The registration is allowed, but only one device is connected at any given time.
All devices are allowed on the network simultaneously.
Purge time dictates how long a device is registered to the portal.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 38
Where is Cisco Hyperlocation enabled on a Cisco Catalyst 9800 Series Wireless Controller web interface?
Policy Profile
AP Join Profile
Flex Profile
RF Profile
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/cisco-
hyperlocation.html
QUESTION 39
A customer is experiencing performance issues with its wireless network and asks a wireless engineer to provide
information about all sources of interference and their impacts to the wireless network over the past few days. Where can
the requested information be accessed?
CleanAir reports on Cisco Prime Infrastructure
Performance reports on Cisco Prime Infrastructure
Interference Devices reports on Cisco Wireless LAN Controller
Air Quality reports on Cisco Wireless LAN Controller
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 40 An engineer is following the proper upgrade path to upgrade a Cisco AireOS WLC from version 7.3 to 8.9.
Which two ACLs for Cisco CWA must be configured when upgrading from the specified codes?
AllDumpz
[email protected]
(Choose two.)
Permit 0.0.0.0 0.0.0.0 UDP any any
Permit 0.0.0.0 0.0.0.0 any DNS any
Permit 0.0.0.0 0.0.0.0 UDP DNS anyD. Permit 0.0.0.0 0.0.0.0 UDP any DNS
E. Permit any any any
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference: QUESTION 41

AllDumpz
[email protected]
AllDumpz
[email protected]
Refer to the exhibit. The image shows a packet capture that was taken at the

CLI of the Cisco CMX server. It shows UDP traffic from the WLC coming into

the server. What does the capture prove? A. The Cisco CMX server receives

NetFlow data from the WLC.

B. The Cisco CMX server receives NMSP traffic from the WLC.
C. The Cisco CMX server receives SNMP traffic from the WLC.
D. The Cisco CMX server receives Angle-of-Arrival data from the WLC.

Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 42
CMX Facebook Wi-Fi allows access to the network before authentication. Which two elements are available? (Choose
two.)
Allow HTTP traffic only before authentication and block all the traffic.
Allow all the traffic before authentication and intercept HTTPS only.
Allow HTTPs traffic only before authentication and block all other traffic.
Allow all the traffic before authentication and intercept HTTP only.
Allow SNMP traffic only before authentication and block all the traffic.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/mse/8-
0/CMX_Connect_Engage_Visitor_Connect/Guide/Cisco_CMX_Connect_Engage_Config_Guide_VC/CMX_Facebook_Wi-
Fi.html
QUESTION 43
A wireless engineer needs to implement client tracking. Which method does the angle of arrival use to determine the
location of a wireless device?
received signal strength
triangulation
time distance of arrival
angle of incidence
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/WiFiLBS-DG/wifich2.html
QUESTION 44
An engineer is implementing Cisco Identity-Based Networking on a Cisco AireOS controller. The engineer has two ACLs
on the controller. The first ACL, named BASE_ACL, is applied to the corporate_clients interface on the WLC, which is
used for all corporate clients. The second ACL, named HR_ACL, is referenced by ISE in the Human Resources group
policy. What is the resulting ACL when a Human Resources user connects?
A. HR_ACL appended with BASE_ACL B.
HR_ACL only
BASE_ACL appended with HR_ACL
BASE_ACL only
Correct Answer: B
Section: (none)

AllDumpz
[email protected]
Explanation
Explanation/Reference:
QUESTION 45 Which AP model of the Cisco Aironet Active Sensor is used with Cisco DNA Center?
1800s
3600e
3800s
4800i
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 46
A FlexConnect remote office deployment is using five 2702i APs indoors and two 1532i APs outdoors. When a code
upgrade is performed and FlexConnect Smart AP Image Upgrade is leveraged, but no FlexConnect Master AP has been
configured, how many image transfers between the WLC and APs will occur?
A. 1 B. 2
5
7
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 47 Which three characteristics of a rogue AP pose a high security risk? (Choose three.)
open authentication
high RSSI
foreign SSID
accepts clients
low RSSI
distant location
Correct Answer: ACD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 48 An engineer must configure a Cisco WLC to support Cisco Aironet 600 Series OfficeExtend APs. Which
two Layer 2 security options are supported in this environment? (Choose two.)
Static WEP + 802.1X
WPA+WPA2
Static WEP
CKIP
802.1X
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 49
Refer to the exhibit. An engineer is creating an ACL to restrict some traffic to the WLC CPU. Which selection must be
made from the direction drop-down list?

AllDumpz
[email protected]
It must be Inbound because traffic goes to the WLC.
Packet direction has no significance; it is always Any.
It must be Outbound because it is traffic that is generated from the WLC.
To have the complete list of options, the CPU ACL must be created only by the CLI.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 50 During the EAP process and specifically related to the client authentication session, which encrypted key
is sent from the RADIUS server to the access point?
WPA key
session key
encryption key
shared-secret key
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 51
Branch wireless users report that they can no longer access services from head office but can access services locally at
the site. New wireless users can associate to the wireless while the WAN is down. Which three elements (Cisco
FlexConnect state, operation mode, and authentication method) are seen in this scenario? (Choose three.) A.
authentication-local/switch-local
WPA2 personal
authentication-central/switch-central
lightweight mode
standalone mode
WEB authentication
Correct Answer: ABE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 52 What is an important consideration when implementing a dual SSID design for BYOD?
After using the provisioning SSID, an ACL that used to make the client switch SSIDs forces the user to associate and
traverse the network by MAC filtering.

AllDumpz
[email protected]
If multiple WLCs are used, the WLAN IDs must be exact for the clients to be provisioned and traverse the network
correctly.
SSIDs for this setup must be configured with NAC State-RADIUS NAC for the clients to authenticate with Cisco ISE, or
with NAC State-ISE NAC for Cisco ISE to associate the client.
One SSID is for provisioning and the other SSID is for gaining access to the network. The use of an ACL should not be
enforced to make the client connect to the REAL SSID after provisioning.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 53
Which two protocols are used to communicate between the Cisco MSE and the Cisco Prime Infrastructure network
management software? (Choose two.)
HTTPS
Telnet C. SOAP
SSH
NMSP
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 54 An engineer is configuring multicast for wireless for an all-company video meeting on a network using
EIGRP and BGP within a single domain from a single source. Which type of multicast routing should be implemented?
Protocol Independent Multicast Dense Mode
Source Specific Multicast
Multicast Source Discovery Protocol
Protocol Independent Multicast Sparse Mode
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 55
Which component must be integrated with Cisco DNA Center to display the location of a client that is experiencing
connectivity issues?
Cisco Hyperlocation Module
Wireless Intrusion Prevention System C. Cisco Connected Mobile Experiences
D. Cisco Mobility Services Engine
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 56
An engineer configured a Cisco AireOS controller with two TACACS+ servers. The engineer notices that when the primary
TACACS+ server fails, the WLC starts using the secondary server as expected, but the WLC does not use the primary
server again until the secondary server fails or the controller is rebooted. Which cause of this issue is true?
Fallback is enabled
Fallback is disabled
DNS query is disabled
DNS query is enabled
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:

AllDumpz
[email protected]
QUESTION 57 A Cisco WLC has been added to the network and Cisco ISE as a network device, but authentication is
failing. Which configuration within the network device configuration should be verified?
SNMP RO community
device interface credentials
device ID
shared secret
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 58
Refer to the exhibit. A network administrator deploys the DHCP profiler service in two ISE servers: 10.3.10.101 and
10.3.10.102. All BYOD devices connecting to WLAN on VLAN63 have been incorrectly profiled and are assigned as
unknown profiled endpoints. Which action efficiently rectifies the issue according to Cisco recommendations?

Nothing needed to be added on the Cisco WLC or VLAN interface. The ISE configuration must be fixed.
Disable DHCP proxy on the Cisco WLC.
Disable DHCP proxy on the Cisco WLC and run the ip helper-address command under the VLAN interface to point to
DHCP and the two ISE servers.
Keep DHCP proxy enabled on the Cisco WLC and define helper-address under the VLAN interface to point to the two ISE
servers.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 59 Which statement about the VideoStream/Multicast Direct feature is true?
IP multicast traffic is reliable over WLAN by default as defined by the IEEE 802.11 wireless multicast delivery mechanism.
Each VideoStream client acknowledges receiving a video IP multicast stream.
It converts the unicast frame to a multicast frame over the air.
It makes the delivery of the IP multicast stream less reliable over the air, but reliable over Ethernet.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/configuration-
guide/b_cg81/multicast_broadcast_setup.html
QUESTION 60 Where is a Cisco OEAP enabled on a Cisco Catalyst 9800 Series Wireless Controller?
RF Profile
Flex Profile
Policy Profile
AP Join Profile
Correct Answer: B
Section: (none)
AllDumpz
[email protected]
Explanation
Explanation/Reference:
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/flexconnect.html

AllDumpz
[email protected]

You might also like