CCIE Wireless
Exam: 400-351
Demo Edition
© 2016 - 2017 Troy Tec, LTD All Rights Reserved
400-351
1 http://www.troytec.com
QUESTION: 1
Which option in the Cisco Identity Services Engine checks that the user authentication
comes from a domain computer?
A. It is not possible to validate the computer domain membership through ISE.
B. Machine Access Restriction
C. Machine Access Restriction
D. Active Directory Attributes.
E. An identity source sequence can be used to perform this check.
Answer: C
Explanation:
From:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE-
ADIntegration.html
QUESTION: 2
Which statement about 802.11h is true?
A. DFS feature works irrespective of whether the channel setting on WLC is set to auto
or manual.
B. 802.llh is not a mandatory standard under FCC regulations.
C. The FCC does not require 802.llh to be supported in the 5 GHz band.
400-351
2 http://www.troytec.com
D. When the radio detects a radar, it can use the channel for only 20 minutes at a time.
Answer: A
Explanation:
From:
EEE
802 .llh-2003-Wikipedia, the free encyclopedia
https://en.wikipedia.org/wiki/IEEE_802.11h-2003
The standard provides Dynamic Frequency Selection (DFS) and Transmit Power
Control (TPC) to the 802.11a PHY. It has been integrated into the full IEEE 802.11-
2007 standard. FCC Regulations Update –Cisco
http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1300-
series/prod_white_paper0900aecd801c4a88.html
https://supportforums.cisco.com/document/52376/tpc-and-dfs-overview
QUESTION: 3
In which direction does Application Visibility and Control mark the DSCP value of the
original packet in the wireless LAN controller?
A. In both directions, upstream and downstream.
B. In one direction, downstream only.
C. In one configured direction, either upstream or downstream.
D. In one direction, upstream only.
Answer: A
Explanation:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-
guide/b_cg80/b_cg80_chapter_011001.htmlQUESTION: NO:
QUESTION: 4
On a Cisco autonomous AP, the maximum number of attempts to send a packet (packet
retries) is set to 32 by default. Which statement about the result when the AP has tried to
send a packet for that number of attempts and no response is received from the client is
true?
A. The access point drops the packet.
B. The client MAC address is excluded for 60 seconds.
400-351
3 http://www.troytec.com
C. The access point resets the radio interface.
D. The access point disassociates the client.
Answer: A
Explanation:
From:
Packet Retries & Max-Retries I mrn-cciew https://mrncciew.com/2013/06/16/packet-
retries-max-retries/In Autonomous(IOS) AP, you can configure number of attempts the
wireless device makes to send a packet before giving up & dropping the packet. There
are two ways of configuring this feature. One method for best effort (priority value 0)
traffic & another method for non-best effort (priority value 1-7)
1. Best-effort Traffic (packet retries command)
2. N on-Best-effort Traffic (packet max-retries command ) CLI default: packet retries 32
drop-packet channel width 40-above channel dfs station-role root rts retries 32 cfg:
http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-
3/configuration/guide/cg15-3-3/cg15-3-3-chap6- radio.html
Configuring the Maximum Data Packet Retries
The maximum data retries setting determines the number of attempts the makes to send
a packet before giving up and dropping the packet. The default setting is 32. Beginning
in privileged EXEC mode
QUESTION: 5
Your customer has a Cisco Unified Wireless Network running AireOS 8.0 and wants to
learn about the FlexConnect mode that is available on his APs. Which two statements
are true? (Choose two.)
A. A newly connected AP can be booted in FlexConnect mode.
B. When an AP is changed from Local mode to FlexConnect mode, a reboot is required.
C. Enhanced FlexConnect mode allows to enable wIPS on FlexConnect APs.
D. When an AP is changed from Local mode to FlexConnect mode, reboot is not
required.
E. Using CCKM with FlexConnect APs requires the use of FlexConnect Groups.
F. FlexConnect was previously know as "H-TEEP"
Answer: D, E
Explanation:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDA
TED_ chapter_01000010.html
400-351
4 http://www.troytec.com
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/
ch7_HREA.html
QUESTION: 6
Which three types of ACLs are supported by the Cisco 5760 WLC? (Choose three.)
A. Port ACLs.
B. VLAN ACLs(VLAN maps).
C. Router port ACLs.
D. AP Radio ACL Switch port ACLs.
E. Router ACLs.
Answer: A, B, E
Explanation:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/5700/software/release/3se/secu
rity/configuration_guide/b_sec_3se_5700_cg/b_sec_1501_3850_cg_chapter_01010.htm
l#ID6 3 ACL Precedence Port ACLs Router ACLs VLAN Maps
QUESTION: 7
Which statement about Wired Guest Access is true?
A. The guest traffic can terminate on the foreign WLC, but egress interface must be
defined on the guest SSID
B. Wired Guest Access is not supported in the Cisco 5760 WLC
C. The wired guest traffic terminates only on the anchor Cisco WLC
D. The Cisco 5760 WLC supports Wired Guest Access only in conjunction with the
converged access switches.
Answer: C
Explanation:
http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-
controllers/118810-technote-wlc-00.html
QUESTION: 8
When a Flex Connect AP is in the "local authentication, local switching" state, it handles
client authentication and switches client data packets locally. This state is valid in
400-351
5 http://www.troytec.com
standalone mode and connected mode. Which three statements about a FlexConnect AP
are true? (Choose three).
A. In connected mode, the AP provides minimal information about the locally
authenticated client to the controller. This information is not available on the controller
policy type. Access VLAN. VLAN name, supported rates. Encryption ciphter.
B. In connected mode, the access point provides minimal information about the locally
authenticated client to the controller. However, this information is available to the
controller policy type., access VLAN, VLAN name, supported rates, encryption cipher.
C. Local authentication is useful where you cannot maintain a remote office setup of a
minimum bandwidth kbps with the round-trip latency no greater than 100 ms and the
maximum transmission unit no smaller than 576 bytes.
D. Local authentication is useful where you cannot maintain a remote office setup of a
minimum bandwidth kbps with the round-trip latency no greater than 150 ms and the
maximum transmission unit no higher than 500 bytes.
E. Local authentication in connected mode does not require any WLAN configuration.
F. Local authentication can be enabled only on the WLAN of a FlexConnect AP that is
in local switching mode.
Answer: A, C, F
Explanation:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
2/configuration/guide/cg/cg_flexconnect.html
QUESTION: 9
You have configured VideoStream on a Cisco WLC and users are now viewing the
company video broadcast over the wireless network. How can you verify you have
VideoStream configured and working in the Cisco WLC GUI?
A. The Multicast Status shows "Normal Multicast" in the Multicast Group Details.
B. The Multicast Status shows "MediaStream Ongoing" in the Client detail page.
C. The Multicast Status shows "Multicast-direct Allowed" in the Multicast Group
Details.
D. The Multicast Status shows "MediaStream Allowed" in the Multicast Group Details.
Answer: C
400-351
6 http://www.troytec.com
QUESTION: 10
Refer to the exhibit. It belongs to a Cisco IOS AP with just one radio. This portion of
configuration refers to a multiple SSID/VLAN configuration. Which statement is
correct?
Refer to the exhibit. It belongs to a Cisco IOS AP with just one radio. This portion of
configuration refers to a multiple SSID/WLAN configuration. Which statement is
correct?
400-351
7 http://www.troytec.com
A. The configuration does not allow for non-corporate clients to connect to any SSID
Guest traffic.There fore will not allowed.
B. 'mbssid guest-mode' is used to allow broad cat of multiple SSIDs on the radio
interface. No other 'mbssid" commands are needed to achieve this functionality.
C. The AP must have subinterfaces 80,81,and 82 configured on the Radio 0 and Ethernet
interfaces.
D. The SSID "EAP" will allow clients to connect to it using any EAP authentication
method such as EAP-TLS.
Answer: C
Explanation:
Consider the association process of a wireless client to an SSID. Drag and drop the
client actions from the left into the correct order of operation on the right.
Left:
802.11 probe request 802.11 association request EAPol key message 2 802.11
authentication request EAP identity response
Right:
Step1 -------------Step1 802.11 probe request
Step2 -------------Step2 802.11 authentication request
Step3 -------------
Step3 802.11 association request Step4 -------------
Step4 EAP identity response
Step5 -------------Step5 EAPol key message 2
400-351
8 http://www.troytec.com
QUESTION: 11
Exhibit
Refer to the exhibit. You have been asked to troubleshoot why VTP is not distributing
new VLANs to a VTP client switch. Which option is the most likely root cause of this
VTP problem.
A. The VTP password is not set to level 15 on the client switch.
B. The VTP password encryption level is not set on the client switch.
C. The VTP encryption level does not match on the client switch.
D. The VTP password is incorrect on the client switch.
E. The client switch is set to transparent mode. Which ignores VLAN configuration
updates from VTP servers.
Answer: D
Explanation:
From:
Each sw, and issue the command:
No vtp password
400-351
9 http://www.troytec.com
https://www.packet6.com/configuring-vtp-on-cisco-switches/
http://www.sunpenguin.net/?p=283
QUESTION: 12
You are setting up a Cisco access point in repeater mode with a non-Cisco access point
as the parent and you use this interface configuration on your Cisco access point.
400-351
10 http://www.troytec.com
You are getting the following error message. Which reason for this issue is true?
A. %D0Tll-4-CANT_A$S0C:lnterface DotllRadioO, cannot associate:No Aironet
Extension IE.
B. "dotll extension aironet" is missing under the interface DotllRadio 0 interface
When repeater mode is used, unicast-flooding must be enabled to allow Aironet IE
communications.
C. The parent AP MAC address has not been defined.
D. Repeater mode only works between Cisco access points.
Answer: A
Explanation:
From:
400-351
11 http://www.troytec.com
http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-
2_11_JA/configuration/guide/b12211sc/s11rep.html
QUESTION: 13
Which two advanced WLAN options are required when deploying central web
authentication with Cisco ISE? (Choose two.)
A. P2P Blocking Action set to Drop.
B. NAC State RADIUS NAC
C. NAC State SNMPNAC.
D. DHCP Addr. Assignment disabled.
E. Allow AAA override enabled.
Answer: B, E
Explanation:
From
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-
central-web-auth-00.html
QUESTION: 14
FlexConnect APs have already been deployed in a branch office for local switching.
Currently the WLAN in the large auditorium is proposed to change to a high-density
design and thus some low data rates are proposed to be disabled while keeping the data
400-351
12 http://www.troytec.com
rates in other areas under the same Cisco WLC. Which two configuration settings must
be modified in the Cisco WLC to achieve this configuration? (Choose two.)
A. RF Profiles
B. Mobility Groups
C. FlexConnect Groups
D. AP Groups
E. Fape profile.
Answer: A, D
Explanation:
From:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDA
TED_ chapter_010001111.html
QUESTION: 15
You are installing Converged Access controllers that run Cisco IOS-XE and you are
ready to implement QoS. From the below, choose all the possible QoS target levels that
would apply to downstream traffic (toward the client)?
A. Client, SSID, Radio, Port
B. Client, SSID, Radio
C. Client, Radio
D. Client, SSID
Answer: A
Explanation:
Exhibit
400-351
13 http://www.troytec.com
http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/
multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_010010.ht
ml
QUESTION: 16
Refer to the exhibit.
Exhibit
Which feature (and associated show output) is seen here?
A. Controller>show client tsm 802.11a 00:01:02:03:04:05 all
B. Controller>show client wmm 802.11a 00:01:02:03:04:05 all
C. Controller>show ap stats 802.11a00:01:02:03:04:05
D. Controller>show client detail 00:01:02:03:04:05
Answer: A
Explanation:
Exhibit
400-351
14 http://www.troytec.com
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDA
TED_ chapter_010000.html
QUESTION: 17
You are designing a wireless network for a museum. One of their requirements is to
track people inside the museum and push a notification into their tablet device as soon as
they step in front of a painting with information about the artist and the painting. This
information must be delivered in real time. You are using regular probe request-based
tracking and during testing. You notice that although the tablet Is connected to the
museum Wi-Fi network, the location is not updating in real time as you move. It can
take almost 2 minutes for the location to be updated. Which option is the likely reason
for this issue?
A. Cisco MSE does not perform a new location calculation for certain elements if the
resulting position is not at least 5 meters different than the previous location.
B. Probe request-based tracking is bound to delay due to the broadcast type of traffic
that is not acknowledged over the air and could be lost.
C. CCXv4 S60 is disabled by default. You must enable CCXv4 S60, which is
compatible with all Wi-Ficlients. This feature comes out location updates more
frequently.
D. Probe request-based tracking is device dependent. The tablet might not send a probe
request if it is maintaining a good Wi-Fi signal, which can cause slower location
updates.
400-351
15 http://www.troytec.com
Answer: C
Explanation:
From.
http://www.cisco.com/c/en/us/support/docs/wireless/context-aware-software/110836-
cas-faq.html
Exhibit
400-351
16 http://www.troytec.com
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDA
TED_ chapter_010000111.html
Exhibit
http://www.cisco.com/c/en/us/td/docs/wireless/mse/3350/release/notes/mse7_0_220-
0.html#pgfId-1128560
400-351
17 http://www.troytec.com
https://communities.cisco.com/thread/41579?start=0&tstart=0
Exhibit
400-351
18 http://www.troytec.com
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/sys
tem_management/configuration_guide/b_sm_3se_3850_cg/b_sm_3se_3850_cg_chapter
_01 010.pdf
QUESTION: 18
Which two effects does TSPEC-based admission control have as it relates to WMM
clients? (Choose two)
A. Deny clients access to the WLAN that do not support WMM.
B. Allow access only for VoWLAN traffic when interference is detected.
C. Enforce airtime entitlement for wireless voice applications.
D. Ensure that call quality does not degrade for existing VoWLAN calls.
E. Deny clients access to the WLAN if then do not comply with the TERP standard.
Answer: C, D
Explanation:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/vowlan/41dg/vowla
n41d g-book/vowlan_ch2.html
http://www.cisco.com/c/en/us/td/docs/wireless/technology/vowlan/troubleshooting/vowl
an_t roubleshoot/5_Troubleshooting_CAC_Rev1-2.html#wp1053384
QUESTION: 19
Which two options are new features that are supported by IGMPv3compared to
IGMPv2.(Choose two)
400-351
19 http://www.troytec.com
A. It extends IGMP. which allows for an explicit maximum response time field.
B. It adds support for source filtering.
C. Router can now send a group-specific query.
D. It adds support for IGMP Leave Message.
E. It supports the link local address 224.0.0.22. which is the destination IP address for
membership reports.
Answer: B, E
Explanation:
Do not understanding difference between IGMPv2 and v3 | LAN, Switching and
Routing | Cisco Support Community
https://supportforums.cisco.com/discussion/10948466/do-not-understanding-difference-
between-igmpv2-and-v3 IGMP Version 3 Cisco
http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/12s_igmp.html
Feature Overview Internet Group Management Protocol (IGMP) is a protocol used by
IPv4 systems to report IP multicast memberships to neighboring multicast routers.
This feature module introduces support for Version 3 of IGMP. In previous versions of
Cisco IOS software only Version 1 and Version 2 were supported. IGMP Version 3
(IGMPv3) adds support for "source filtering," which enables a multicast receiver host to
signal to a router which groups it wants to receive multicast traffic from, and from which
source(s) this traffic is expected. This membership information enables Cisco IOS
software to forward traffic only from those sources from which receivers requested the
traffic.
IGMPv3 supports applications that explicitly signal sources from which they want to
receive traffic. With IGMPv3, receivers signal membership to a multicast host group in
the following two modes:
INCLUDE mode—In this mode, the receiver announces membership to a host group
and provides a list of IP addresses (the INCLUDE list) from which it wants to receive
traffic. EXCLUDE mode—In this mode, the receiver announces membership to a host
group and provides a list of IP addresses (the EXCLUDE list) from which it does not
want to receive traffic. This indicates that the host wants to receive traffic only from
other sources whose IP addresses are not listed in the EXCLUDE list. To receive traffic
from all sources, like in the case of the Internet Standard Multicast (ISM) service model,
a host expresses EXCLUDE mode membership with an empty EXCLUDE list.
IGMPv3 is the industry-designated standard protocol for hosts to signal channel
subscriptions in Source Specific Multicast (SSM). SSM was introduced in Cisco IOS
Release 12.1(3)1, however SSM support for IGMPv3 was introduced in 12.1(5)T. For
SSM
to rely on IGMPv3; IGMPv3 must be available in last hop routers and host operating
system network stacks, and be used by the applications running on those hosts.
In SSM deployment cases where IGMPv3 cannot be used because it is not supported by
the receiver host or the receiver applications, there are two Cisco-developed transition
solutions that enable the immediate deployment of SSM services: URL Rendezvous
400-351
20 http://www.troytec.com
Directory (URD) and IGMP Version 3 lite (IGMP v3lite). Both of these features are
documented in the Cisco IOS Release 12.0(15)S Source Specific Multicast with
IGMPv3, IGMP vSlite, and URD feature module.
IGMP
Version Description IGMPvl
Provides the basic query-response mechanism that allows the multicast
router to determine which multicast groups are active and other processes that enable
hosts to join and leave a multicast group. RFC 1112 defines the IGMPvl host extensions
for IP multicasting.
IGMPv2
Extends IGMP. allowing such capabilities as the IGMP leave process, group-specific
queries, and an explicit maximum response time field. IGMPv2 also adds the capability
for routers to elect the IGMP querier without dependence on the multicast protocol to
perform this task. RFC 2236 defines IGMPv2.
IGMPv3
Provides for source filtering. which enables a multicast receiver host to
signal to a router which groups it wants to receive multicast traffic from, and from which
sources this traffic is expected. In addition, IGMPv3 supports the link local address
224.0.0.22. which is the destination IP address for IGMPv3 membership reports; all
IGMPv3-capable multicast routers must listen to this address. RFC 3376 defines
IGMPv3.
QUESTION: 20
Exhibit
Refer to the exhibit. What is the best way to resolve this issue?
A. Install a server certificate signed by a well-know public CA on the WLC.
B. Disable certificate checks on the client.
C. Install a server certificate signed by a well-known public CA on the Radius Server.
D. Use the certificate authority on the Cisco Identity Services Engine.
Answer: C
400-351
21 http://www.troytec.com
Explanation:
From:
Event: 5400 Authentication failed
Failure Reason: 12321 PEAP failed SSL/TLS handshake because the client rejected the
ISE Local - certificate
Cisco ISE authentication failed because client reject certificate | AAA, Identity and NAC
| Cisco
Support Community https://supportforums.cisco.com/discussion/11697966/cisco-ise-
authentication-failed-because- client-reject-certificate
The error you are seeing in ISE is pointing to your client, if you have the eap settings set
to "validate server certificate" then you must manually set it to trust the rootCA that
signed the ISE certificate, or you can disable this option for testing. You can try to
remove this wireless network profile, and recreate it and see if the pop up appears which
asks you to validate the server's identity.
Possible Causes for this issue
The supplicant or client machine is not accepting the certificate from Cisco ISE.
The client machine is configured to validate the server certificate, but is not configured
to trust the Cisco ISE certificate.
Note [This is an indication that the client does not have or does not trust the Cisco ISE
certificates. Possible Causes The supplicant or client machine is not accepting the
certificate from Cisco ISE.
The client machine is configured to validate the server certificate, but is not configured
to trust the Cisco ISE certificate. Resolution The client machine must accept the Cisco
ISE certificate to enable authentication.
400-351
22 http://www.troytec.com

More Related Content

PDF
Nse4 fgt 6.0
PDF
Đề Thi Trắc Nghiệm CCNA Full
PDF
Jncia er
PDF
Ccna 1 5
DOCX
Ip seminar
PDF
CCNA 200-120 Exam Questions
PDF
ccna-discowey-final-100
DOC
Ccna 4 chapter 3 v4.0 answers 2011
Nse4 fgt 6.0
Đề Thi Trắc Nghiệm CCNA Full
Jncia er
Ccna 1 5
Ip seminar
CCNA 200-120 Exam Questions
ccna-discowey-final-100
Ccna 4 chapter 3 v4.0 answers 2011

What's hot (20)

PDF
3.4.6-lab---configure-vlans-and-trunking.pdf
PDF
CCNAX 200 120 dumps
PPTX
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
 
PPTX
JUNOS: OSPF and BGP
PDF
CCNA Quick Notes
PDF
Stupid Web Caching Tricks
PDF
Easergy studio realeasenotesv8_0_0
DOC
Ccna lab manual 640 802
PDF
352-001-Exam-ADVDESIGN
PDF
EDS-10/40G Ethernat Delay Simulator
DOC
Zxdsl 9210 guide
PPTX
JUNOS EX-Switching
PDF
Krzysztof Mazepa - IOS XR - IP Fast Convergence
PDF
Sa mog
PPTX
JUNOS - Monitoring and Troubleshooting
PDF
CCNA 200-120 Exam Quick Notes
PDF
Ies5000 usg
DOC
Juniper policy based filter based forwarding
PDF
Ies5000 config guide
PDF
CCNP Lab Guide CCIE University
3.4.6-lab---configure-vlans-and-trunking.pdf
CCNAX 200 120 dumps
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
 
JUNOS: OSPF and BGP
CCNA Quick Notes
Stupid Web Caching Tricks
Easergy studio realeasenotesv8_0_0
Ccna lab manual 640 802
352-001-Exam-ADVDESIGN
EDS-10/40G Ethernat Delay Simulator
Zxdsl 9210 guide
JUNOS EX-Switching
Krzysztof Mazepa - IOS XR - IP Fast Convergence
Sa mog
JUNOS - Monitoring and Troubleshooting
CCNA 200-120 Exam Quick Notes
Ies5000 usg
Juniper policy based filter based forwarding
Ies5000 config guide
CCNP Lab Guide CCIE University
Ad

Similar to 400-351 Exam-CCIE Wireless (20)

PDF
200-355 Exam-Implementing Cisco Wireless Network Fundamentals
PDF
200 355-q&a-demo-exam area
DOCX
1. Which of the following is a Cisco IOS feature that can collect .docx
PDF
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
PDF
"Pass Cisco 200-301 CCNA Exam with Certifiedumps – Verified Dumps for Guarant...
PDF
Pass Your Cisco 200-301 CCNA Exam in 2025 with Confidence
PDF
Free Cisco 200-301 Practice Questions PDF – Download Demo Now
PDF
Cisco 200-301 Exam Practice Questions – Certifiedumps (Latest 2025 Version)
PDF
Pass Cisco 200-301 CCNA Exam with Certifiedumps – Latest Dumps Cover Networki...
PDF
ccna 1 chapter 2 v5.0 exam answers 2014
PDF
Wireless Feature Update
PDF
640 802 exam
PDF
CCNP ENCOR ICT.pdf
PDF
Pass the Cisco 200-301 Exam with P2PCerts – 100% Success Guaranteed!
PDF
Ccnav5.org ccna 3-chapter_4_v50_2014_exam_answers
PPTX
Pass4sure 640-864 Questions Answers
DOCX
Ccna 3 final exam answer v5
PDF
Cisco CCNP Enterprise ENCOR 350-401 Real Questions
PDF
Www ccnav5 net_ccna_1_chapter_5_v5_0_exam_answers_2014
PDF
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
200-355 Exam-Implementing Cisco Wireless Network Fundamentals
200 355-q&a-demo-exam area
1. Which of the following is a Cisco IOS feature that can collect .docx
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
"Pass Cisco 200-301 CCNA Exam with Certifiedumps – Verified Dumps for Guarant...
Pass Your Cisco 200-301 CCNA Exam in 2025 with Confidence
Free Cisco 200-301 Practice Questions PDF – Download Demo Now
Cisco 200-301 Exam Practice Questions – Certifiedumps (Latest 2025 Version)
Pass Cisco 200-301 CCNA Exam with Certifiedumps – Latest Dumps Cover Networki...
ccna 1 chapter 2 v5.0 exam answers 2014
Wireless Feature Update
640 802 exam
CCNP ENCOR ICT.pdf
Pass the Cisco 200-301 Exam with P2PCerts – 100% Success Guaranteed!
Ccnav5.org ccna 3-chapter_4_v50_2014_exam_answers
Pass4sure 640-864 Questions Answers
Ccna 3 final exam answer v5
Cisco CCNP Enterprise ENCOR 350-401 Real Questions
Www ccnav5 net_ccna_1_chapter_5_v5_0_exam_answers_2014
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
Ad

More from Isabella789 (20)

PDF
T7 Exam-International Financial Reporting Standards for Compensation Professi...
PDF
T7 Exam-International Financial Reporting Standards for Compensation Professi...
PDF
1Z0-400 Exam-Oracle Communications Session Border Controller
PDF
2V0-622 Exam-VMware Certified Professional 6.5 – Data Center Virtualization (...
PDF
HP2-B129 Exam-HP Document Solutions Technical Fundamentals (LAR)
PDF
210-250 Exam-Understanding Cisco Cybersecurity Fundamentals
PDF
70 334 exam-core solutions of microsoft skype for business (beta)
PDF
1 y0 311 exam-citrix xenapp and xendesktop 7.15 ltsr advanced administration
PDF
1z0 034 exam-upgrade oracle9i10g oca to oracle database 11g ocp
PDF
70-414 exam-implementing an advanced server infrastructure
PDF
1Z0-027 Exam-Oracle Exadata Database Machine Administration, Software Release
PDF
210 250 exam-understanding cisco cybersecurity fundamentals
PDF
1z0-204 Exam-Oracle EBS R12: E-Business Essentials
PDF
1z0 061 exam-oracle database 12c sql fundamentals
PDF
1y0 230 exam-citrix netscaler 12 essentials
PDF
Pmi acp exa- pmi agile certified practitioner
PDF
1z0 851 exam-java standard edition 6 programmer certified professional
PDF
Jn0 420 exam-jncis-dev ops
PDF
200 310-q&a-demo-troytec
PDF
1y0 200-q&a-demo-troytec
T7 Exam-International Financial Reporting Standards for Compensation Professi...
T7 Exam-International Financial Reporting Standards for Compensation Professi...
1Z0-400 Exam-Oracle Communications Session Border Controller
2V0-622 Exam-VMware Certified Professional 6.5 – Data Center Virtualization (...
HP2-B129 Exam-HP Document Solutions Technical Fundamentals (LAR)
210-250 Exam-Understanding Cisco Cybersecurity Fundamentals
70 334 exam-core solutions of microsoft skype for business (beta)
1 y0 311 exam-citrix xenapp and xendesktop 7.15 ltsr advanced administration
1z0 034 exam-upgrade oracle9i10g oca to oracle database 11g ocp
70-414 exam-implementing an advanced server infrastructure
1Z0-027 Exam-Oracle Exadata Database Machine Administration, Software Release
210 250 exam-understanding cisco cybersecurity fundamentals
1z0-204 Exam-Oracle EBS R12: E-Business Essentials
1z0 061 exam-oracle database 12c sql fundamentals
1y0 230 exam-citrix netscaler 12 essentials
Pmi acp exa- pmi agile certified practitioner
1z0 851 exam-java standard edition 6 programmer certified professional
Jn0 420 exam-jncis-dev ops
200 310-q&a-demo-troytec
1y0 200-q&a-demo-troytec

Recently uploaded (20)

PDF
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
PDF
Farming Based Livelihood Systems English Notes
PDF
Physical education and sports and CWSN notes
PDF
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
PDF
Journal of Dental Science - UDMY (2022).pdf
PPTX
principlesofmanagementsem1slides-131211060335-phpapp01 (1).ppt
PDF
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
PDF
anganwadi services for the b.sc nursing and GNM
PPTX
Thinking Routines and Learning Engagements.pptx
PDF
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
PDF
Journal of Dental Science - UDMY (2021).pdf
PPTX
UNIT_2-__LIPIDS[1].pptx.................
PPTX
pharmaceutics-1unit-1-221214121936-550b56aa.pptx
PDF
Health aspects of bilberry: A review on its general benefits
PPTX
4. Diagnosis and treatment planning in RPD.pptx
PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2015).pdf
PDF
Horaris_Grups_25-26_Definitiu_15_07_25.pdf
PPTX
Case Study on mbsa education to learn ok
PPTX
Cite It Right: A Compact Illustration of APA 7th Edition.pptx
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
Farming Based Livelihood Systems English Notes
Physical education and sports and CWSN notes
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Journal of Dental Science - UDMY (2022).pdf
principlesofmanagementsem1slides-131211060335-phpapp01 (1).ppt
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
anganwadi services for the b.sc nursing and GNM
Thinking Routines and Learning Engagements.pptx
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
Journal of Dental Science - UDMY (2021).pdf
UNIT_2-__LIPIDS[1].pptx.................
pharmaceutics-1unit-1-221214121936-550b56aa.pptx
Health aspects of bilberry: A review on its general benefits
4. Diagnosis and treatment planning in RPD.pptx
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2015).pdf
Horaris_Grups_25-26_Definitiu_15_07_25.pdf
Case Study on mbsa education to learn ok
Cite It Right: A Compact Illustration of APA 7th Edition.pptx

400-351 Exam-CCIE Wireless

  • 1. CCIE Wireless Exam: 400-351 Demo Edition © 2016 - 2017 Troy Tec, LTD All Rights Reserved 400-351 1 http://www.troytec.com
  • 2. QUESTION: 1 Which option in the Cisco Identity Services Engine checks that the user authentication comes from a domain computer? A. It is not possible to validate the computer domain membership through ISE. B. Machine Access Restriction C. Machine Access Restriction D. Active Directory Attributes. E. An identity source sequence can be used to perform this check. Answer: C Explanation: From: http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE- ADIntegration.html QUESTION: 2 Which statement about 802.11h is true? A. DFS feature works irrespective of whether the channel setting on WLC is set to auto or manual. B. 802.llh is not a mandatory standard under FCC regulations. C. The FCC does not require 802.llh to be supported in the 5 GHz band. 400-351 2 http://www.troytec.com
  • 3. D. When the radio detects a radar, it can use the channel for only 20 minutes at a time. Answer: A Explanation: From: EEE 802 .llh-2003-Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/IEEE_802.11h-2003 The standard provides Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) to the 802.11a PHY. It has been integrated into the full IEEE 802.11- 2007 standard. FCC Regulations Update –Cisco http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1300- series/prod_white_paper0900aecd801c4a88.html https://supportforums.cisco.com/document/52376/tpc-and-dfs-overview QUESTION: 3 In which direction does Application Visibility and Control mark the DSCP value of the original packet in the wireless LAN controller? A. In both directions, upstream and downstream. B. In one direction, downstream only. C. In one configured direction, either upstream or downstream. D. In one direction, upstream only. Answer: A Explanation: http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration- guide/b_cg80/b_cg80_chapter_011001.htmlQUESTION: NO: QUESTION: 4 On a Cisco autonomous AP, the maximum number of attempts to send a packet (packet retries) is set to 32 by default. Which statement about the result when the AP has tried to send a packet for that number of attempts and no response is received from the client is true? A. The access point drops the packet. B. The client MAC address is excluded for 60 seconds. 400-351 3 http://www.troytec.com
  • 4. C. The access point resets the radio interface. D. The access point disassociates the client. Answer: A Explanation: From: Packet Retries & Max-Retries I mrn-cciew https://mrncciew.com/2013/06/16/packet- retries-max-retries/In Autonomous(IOS) AP, you can configure number of attempts the wireless device makes to send a packet before giving up & dropping the packet. There are two ways of configuring this feature. One method for best effort (priority value 0) traffic & another method for non-best effort (priority value 1-7) 1. Best-effort Traffic (packet retries command) 2. N on-Best-effort Traffic (packet max-retries command ) CLI default: packet retries 32 drop-packet channel width 40-above channel dfs station-role root rts retries 32 cfg: http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3- 3/configuration/guide/cg15-3-3/cg15-3-3-chap6- radio.html Configuring the Maximum Data Packet Retries The maximum data retries setting determines the number of attempts the makes to send a packet before giving up and dropping the packet. The default setting is 32. Beginning in privileged EXEC mode QUESTION: 5 Your customer has a Cisco Unified Wireless Network running AireOS 8.0 and wants to learn about the FlexConnect mode that is available on his APs. Which two statements are true? (Choose two.) A. A newly connected AP can be booted in FlexConnect mode. B. When an AP is changed from Local mode to FlexConnect mode, a reboot is required. C. Enhanced FlexConnect mode allows to enable wIPS on FlexConnect APs. D. When an AP is changed from Local mode to FlexConnect mode, reboot is not required. E. Using CCKM with FlexConnect APs requires the use of FlexConnect Groups. F. FlexConnect was previously know as "H-TEEP" Answer: D, E Explanation: http://www.cisco.com/c/en/us/td/docs/wireless/controller/7- 4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDA TED_ chapter_01000010.html 400-351 4 http://www.troytec.com
  • 5. http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ ch7_HREA.html QUESTION: 6 Which three types of ACLs are supported by the Cisco 5760 WLC? (Choose three.) A. Port ACLs. B. VLAN ACLs(VLAN maps). C. Router port ACLs. D. AP Radio ACL Switch port ACLs. E. Router ACLs. Answer: A, B, E Explanation: http://www.cisco.com/c/en/us/td/docs/wireless/controller/5700/software/release/3se/secu rity/configuration_guide/b_sec_3se_5700_cg/b_sec_1501_3850_cg_chapter_01010.htm l#ID6 3 ACL Precedence Port ACLs Router ACLs VLAN Maps QUESTION: 7 Which statement about Wired Guest Access is true? A. The guest traffic can terminate on the foreign WLC, but egress interface must be defined on the guest SSID B. Wired Guest Access is not supported in the Cisco 5760 WLC C. The wired guest traffic terminates only on the anchor Cisco WLC D. The Cisco 5760 WLC supports Wired Guest Access only in conjunction with the converged access switches. Answer: C Explanation: http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan- controllers/118810-technote-wlc-00.html QUESTION: 8 When a Flex Connect AP is in the "local authentication, local switching" state, it handles client authentication and switches client data packets locally. This state is valid in 400-351 5 http://www.troytec.com
  • 6. standalone mode and connected mode. Which three statements about a FlexConnect AP are true? (Choose three). A. In connected mode, the AP provides minimal information about the locally authenticated client to the controller. This information is not available on the controller policy type. Access VLAN. VLAN name, supported rates. Encryption ciphter. B. In connected mode, the access point provides minimal information about the locally authenticated client to the controller. However, this information is available to the controller policy type., access VLAN, VLAN name, supported rates, encryption cipher. C. Local authentication is useful where you cannot maintain a remote office setup of a minimum bandwidth kbps with the round-trip latency no greater than 100 ms and the maximum transmission unit no smaller than 576 bytes. D. Local authentication is useful where you cannot maintain a remote office setup of a minimum bandwidth kbps with the round-trip latency no greater than 150 ms and the maximum transmission unit no higher than 500 bytes. E. Local authentication in connected mode does not require any WLAN configuration. F. Local authentication can be enabled only on the WLAN of a FlexConnect AP that is in local switching mode. Answer: A, C, F Explanation: http://www.cisco.com/c/en/us/td/docs/wireless/controller/7- 2/configuration/guide/cg/cg_flexconnect.html QUESTION: 9 You have configured VideoStream on a Cisco WLC and users are now viewing the company video broadcast over the wireless network. How can you verify you have VideoStream configured and working in the Cisco WLC GUI? A. The Multicast Status shows "Normal Multicast" in the Multicast Group Details. B. The Multicast Status shows "MediaStream Ongoing" in the Client detail page. C. The Multicast Status shows "Multicast-direct Allowed" in the Multicast Group Details. D. The Multicast Status shows "MediaStream Allowed" in the Multicast Group Details. Answer: C 400-351 6 http://www.troytec.com
  • 7. QUESTION: 10 Refer to the exhibit. It belongs to a Cisco IOS AP with just one radio. This portion of configuration refers to a multiple SSID/VLAN configuration. Which statement is correct? Refer to the exhibit. It belongs to a Cisco IOS AP with just one radio. This portion of configuration refers to a multiple SSID/WLAN configuration. Which statement is correct? 400-351 7 http://www.troytec.com
  • 8. A. The configuration does not allow for non-corporate clients to connect to any SSID Guest traffic.There fore will not allowed. B. 'mbssid guest-mode' is used to allow broad cat of multiple SSIDs on the radio interface. No other 'mbssid" commands are needed to achieve this functionality. C. The AP must have subinterfaces 80,81,and 82 configured on the Radio 0 and Ethernet interfaces. D. The SSID "EAP" will allow clients to connect to it using any EAP authentication method such as EAP-TLS. Answer: C Explanation: Consider the association process of a wireless client to an SSID. Drag and drop the client actions from the left into the correct order of operation on the right. Left: 802.11 probe request 802.11 association request EAPol key message 2 802.11 authentication request EAP identity response Right: Step1 -------------Step1 802.11 probe request Step2 -------------Step2 802.11 authentication request Step3 ------------- Step3 802.11 association request Step4 ------------- Step4 EAP identity response Step5 -------------Step5 EAPol key message 2 400-351 8 http://www.troytec.com
  • 9. QUESTION: 11 Exhibit Refer to the exhibit. You have been asked to troubleshoot why VTP is not distributing new VLANs to a VTP client switch. Which option is the most likely root cause of this VTP problem. A. The VTP password is not set to level 15 on the client switch. B. The VTP password encryption level is not set on the client switch. C. The VTP encryption level does not match on the client switch. D. The VTP password is incorrect on the client switch. E. The client switch is set to transparent mode. Which ignores VLAN configuration updates from VTP servers. Answer: D Explanation: From: Each sw, and issue the command: No vtp password 400-351 9 http://www.troytec.com
  • 10. https://www.packet6.com/configuring-vtp-on-cisco-switches/ http://www.sunpenguin.net/?p=283 QUESTION: 12 You are setting up a Cisco access point in repeater mode with a non-Cisco access point as the parent and you use this interface configuration on your Cisco access point. 400-351 10 http://www.troytec.com
  • 11. You are getting the following error message. Which reason for this issue is true? A. %D0Tll-4-CANT_A$S0C:lnterface DotllRadioO, cannot associate:No Aironet Extension IE. B. "dotll extension aironet" is missing under the interface DotllRadio 0 interface When repeater mode is used, unicast-flooding must be enabled to allow Aironet IE communications. C. The parent AP MAC address has not been defined. D. Repeater mode only works between Cisco access points. Answer: A Explanation: From: 400-351 11 http://www.troytec.com
  • 12. http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12- 2_11_JA/configuration/guide/b12211sc/s11rep.html QUESTION: 13 Which two advanced WLAN options are required when deploying central web authentication with Cisco ISE? (Choose two.) A. P2P Blocking Action set to Drop. B. NAC State RADIUS NAC C. NAC State SNMPNAC. D. DHCP Addr. Assignment disabled. E. Allow AAA override enabled. Answer: B, E Explanation: From http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732- central-web-auth-00.html QUESTION: 14 FlexConnect APs have already been deployed in a branch office for local switching. Currently the WLAN in the large auditorium is proposed to change to a high-density design and thus some low data rates are proposed to be disabled while keeping the data 400-351 12 http://www.troytec.com
  • 13. rates in other areas under the same Cisco WLC. Which two configuration settings must be modified in the Cisco WLC to achieve this configuration? (Choose two.) A. RF Profiles B. Mobility Groups C. FlexConnect Groups D. AP Groups E. Fape profile. Answer: A, D Explanation: From: http://www.cisco.com/c/en/us/td/docs/wireless/controller/7- 4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDA TED_ chapter_010001111.html QUESTION: 15 You are installing Converged Access controllers that run Cisco IOS-XE and you are ready to implement QoS. From the below, choose all the possible QoS target levels that would apply to downstream traffic (toward the client)? A. Client, SSID, Radio, Port B. Client, SSID, Radio C. Client, Radio D. Client, SSID Answer: A Explanation: Exhibit 400-351 13 http://www.troytec.com
  • 14. http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/ multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_010010.ht ml QUESTION: 16 Refer to the exhibit. Exhibit Which feature (and associated show output) is seen here? A. Controller>show client tsm 802.11a 00:01:02:03:04:05 all B. Controller>show client wmm 802.11a 00:01:02:03:04:05 all C. Controller>show ap stats 802.11a00:01:02:03:04:05 D. Controller>show client detail 00:01:02:03:04:05 Answer: A Explanation: Exhibit 400-351 14 http://www.troytec.com
  • 15. http://www.cisco.com/c/en/us/td/docs/wireless/controller/7- 4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDA TED_ chapter_010000.html QUESTION: 17 You are designing a wireless network for a museum. One of their requirements is to track people inside the museum and push a notification into their tablet device as soon as they step in front of a painting with information about the artist and the painting. This information must be delivered in real time. You are using regular probe request-based tracking and during testing. You notice that although the tablet Is connected to the museum Wi-Fi network, the location is not updating in real time as you move. It can take almost 2 minutes for the location to be updated. Which option is the likely reason for this issue? A. Cisco MSE does not perform a new location calculation for certain elements if the resulting position is not at least 5 meters different than the previous location. B. Probe request-based tracking is bound to delay due to the broadcast type of traffic that is not acknowledged over the air and could be lost. C. CCXv4 S60 is disabled by default. You must enable CCXv4 S60, which is compatible with all Wi-Ficlients. This feature comes out location updates more frequently. D. Probe request-based tracking is device dependent. The tablet might not send a probe request if it is maintaining a good Wi-Fi signal, which can cause slower location updates. 400-351 15 http://www.troytec.com
  • 19. http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/sys tem_management/configuration_guide/b_sm_3se_3850_cg/b_sm_3se_3850_cg_chapter _01 010.pdf QUESTION: 18 Which two effects does TSPEC-based admission control have as it relates to WMM clients? (Choose two) A. Deny clients access to the WLAN that do not support WMM. B. Allow access only for VoWLAN traffic when interference is detected. C. Enforce airtime entitlement for wireless voice applications. D. Ensure that call quality does not degrade for existing VoWLAN calls. E. Deny clients access to the WLAN if then do not comply with the TERP standard. Answer: C, D Explanation: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/vowlan/41dg/vowla n41d g-book/vowlan_ch2.html http://www.cisco.com/c/en/us/td/docs/wireless/technology/vowlan/troubleshooting/vowl an_t roubleshoot/5_Troubleshooting_CAC_Rev1-2.html#wp1053384 QUESTION: 19 Which two options are new features that are supported by IGMPv3compared to IGMPv2.(Choose two) 400-351 19 http://www.troytec.com
  • 20. A. It extends IGMP. which allows for an explicit maximum response time field. B. It adds support for source filtering. C. Router can now send a group-specific query. D. It adds support for IGMP Leave Message. E. It supports the link local address 224.0.0.22. which is the destination IP address for membership reports. Answer: B, E Explanation: Do not understanding difference between IGMPv2 and v3 | LAN, Switching and Routing | Cisco Support Community https://supportforums.cisco.com/discussion/10948466/do-not-understanding-difference- between-igmpv2-and-v3 IGMP Version 3 Cisco http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/12s_igmp.html Feature Overview Internet Group Management Protocol (IGMP) is a protocol used by IPv4 systems to report IP multicast memberships to neighboring multicast routers. This feature module introduces support for Version 3 of IGMP. In previous versions of Cisco IOS software only Version 1 and Version 2 were supported. IGMP Version 3 (IGMPv3) adds support for "source filtering," which enables a multicast receiver host to signal to a router which groups it wants to receive multicast traffic from, and from which source(s) this traffic is expected. This membership information enables Cisco IOS software to forward traffic only from those sources from which receivers requested the traffic. IGMPv3 supports applications that explicitly signal sources from which they want to receive traffic. With IGMPv3, receivers signal membership to a multicast host group in the following two modes: INCLUDE mode—In this mode, the receiver announces membership to a host group and provides a list of IP addresses (the INCLUDE list) from which it wants to receive traffic. EXCLUDE mode—In this mode, the receiver announces membership to a host group and provides a list of IP addresses (the EXCLUDE list) from which it does not want to receive traffic. This indicates that the host wants to receive traffic only from other sources whose IP addresses are not listed in the EXCLUDE list. To receive traffic from all sources, like in the case of the Internet Standard Multicast (ISM) service model, a host expresses EXCLUDE mode membership with an empty EXCLUDE list. IGMPv3 is the industry-designated standard protocol for hosts to signal channel subscriptions in Source Specific Multicast (SSM). SSM was introduced in Cisco IOS Release 12.1(3)1, however SSM support for IGMPv3 was introduced in 12.1(5)T. For SSM to rely on IGMPv3; IGMPv3 must be available in last hop routers and host operating system network stacks, and be used by the applications running on those hosts. In SSM deployment cases where IGMPv3 cannot be used because it is not supported by the receiver host or the receiver applications, there are two Cisco-developed transition solutions that enable the immediate deployment of SSM services: URL Rendezvous 400-351 20 http://www.troytec.com
  • 21. Directory (URD) and IGMP Version 3 lite (IGMP v3lite). Both of these features are documented in the Cisco IOS Release 12.0(15)S Source Specific Multicast with IGMPv3, IGMP vSlite, and URD feature module. IGMP Version Description IGMPvl Provides the basic query-response mechanism that allows the multicast router to determine which multicast groups are active and other processes that enable hosts to join and leave a multicast group. RFC 1112 defines the IGMPvl host extensions for IP multicasting. IGMPv2 Extends IGMP. allowing such capabilities as the IGMP leave process, group-specific queries, and an explicit maximum response time field. IGMPv2 also adds the capability for routers to elect the IGMP querier without dependence on the multicast protocol to perform this task. RFC 2236 defines IGMPv2. IGMPv3 Provides for source filtering. which enables a multicast receiver host to signal to a router which groups it wants to receive multicast traffic from, and from which sources this traffic is expected. In addition, IGMPv3 supports the link local address 224.0.0.22. which is the destination IP address for IGMPv3 membership reports; all IGMPv3-capable multicast routers must listen to this address. RFC 3376 defines IGMPv3. QUESTION: 20 Exhibit Refer to the exhibit. What is the best way to resolve this issue? A. Install a server certificate signed by a well-know public CA on the WLC. B. Disable certificate checks on the client. C. Install a server certificate signed by a well-known public CA on the Radius Server. D. Use the certificate authority on the Cisco Identity Services Engine. Answer: C 400-351 21 http://www.troytec.com
  • 22. Explanation: From: Event: 5400 Authentication failed Failure Reason: 12321 PEAP failed SSL/TLS handshake because the client rejected the ISE Local - certificate Cisco ISE authentication failed because client reject certificate | AAA, Identity and NAC | Cisco Support Community https://supportforums.cisco.com/discussion/11697966/cisco-ise- authentication-failed-because- client-reject-certificate The error you are seeing in ISE is pointing to your client, if you have the eap settings set to "validate server certificate" then you must manually set it to trust the rootCA that signed the ISE certificate, or you can disable this option for testing. You can try to remove this wireless network profile, and recreate it and see if the pop up appears which asks you to validate the server's identity. Possible Causes for this issue The supplicant or client machine is not accepting the certificate from Cisco ISE. The client machine is configured to validate the server certificate, but is not configured to trust the Cisco ISE certificate. Note [This is an indication that the client does not have or does not trust the Cisco ISE certificates. Possible Causes The supplicant or client machine is not accepting the certificate from Cisco ISE. The client machine is configured to validate the server certificate, but is not configured to trust the Cisco ISE certificate. Resolution The client machine must accept the Cisco ISE certificate to enable authentication. 400-351 22 http://www.troytec.com