400-351 | High Value 400-351 Keys 2020

Certleader offers free demo for 400-351 exam. "CCIE Wireless Written Exam", also known as 400-351 exam, is a Cisco Certification. This set of posts, Passing the Cisco 400-351 exam, will help you answer those questions. The 400-351 Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco 400-351 exams and revised by experts!

Check 400-351 free dumps before getting the full version:

Your customer has high availability Clint SSO configure using a pair of Cisco 5508 WlCs running 8.0 code. The primary unit failed over and the secondary unit is now active. Which two statement are true. (Choose two)

  • A. Both controller RMIcan be in different subnets.
  • B. Only the clients that are in the run state are maintained during failover
  • C. Clients that are in transition such as roaming are dissociated
  • D. New mobility is supported

Answer: BC

Which of the following organizations certifies WLAN product compatibility and interoperability between vendors by providing certification testing?

  • A. CCX
  • B. ETSI
  • C. FCC
  • D. IEEE
  • E. Wi-Fi Alliance

Answer: E

What are the three fundamental properties that are provided by the antenna of an AP? (Choose three.)

  • A. frequency
  • B. gain
  • C. dB loss
  • D. polarization
  • E. direction
  • F. modulation

Answer: BDF

Refer to the exhibit.
400-351 dumps exhibit
In cloud deployments the hyper-threading feature is often enabled for higher virtual machine scale per compute node Is the hyper-threading feature enabled and what is the maximum number of core CPUs?

  • A. Hyper-threading is enabled and the maximum number of core CPUs is 80
  • B. Hyper-threading is enabled and the maximum number of core CPUs 40.
  • C. Hyper-threading is disabled and the maximum number of core CPUs is 39
  • D. Hyper-threading is disabled and the maximum number of core CPUs is 20.

Answer: A

400-351 dumps exhibit
Refer to the exhibit which syslog logging facility and severity level is enabled on this AP ?

  • A. logging trap severity 6, logging syslog facility local7
  • B. logging trap severity 3,logging syslog facility sys 10
  • C. logging trap severity 5,logging syslog facility local14
  • D. logging trap severity 7, logging syslog facility local 7
  • E. Logging trap severity 9,logging syslog facility kernel

Answer: D

Which statement is true about using fast-secure roaming 802.11r and Cisco Centralized Key Management in a hybrid VoWLAN deployment that has legacy Cisco 7925 and newer Cisco 8821 wireless IP phones, using 802.1X PEAP security?

  • A. Only the FSR method can be configured per WLAN, either 802.11r FT or Cisco CK
  • B. The Cisco 7925 and the Cisco 8821 phones support both of these FSR standards
  • C. You can have only Cisco CKM and not FT 802.1X enabled on the WLA
  • D. In this scenario, the Cisco 7925 and the Cisco 8821 uses Cisco CKM
  • E. You can have only FT 802.1X and not Cisco CKM enabled on the WLA
  • F. The Cisco 8821 uses FT 802.1X and the Cisco 7925 resorts to regular reauthentication
  • G. You can have Cisco CKM and FT 802.1X enabled on the WLA
  • H. The Cisco 7925 uses Cisco CKM, and the Cisco 8821 uses FT 802.1X

Answer: D

Your customer wants to configure LSCs and asks for specific information about which number to configure in the text box right next to the "Number of Attempts" .Which statement is true?

  • A. The default number of attempts is 100.
  • B. A value of 2 means that if an AP fails to join the Cisco WLC using an LSC, the AP attempts to Join the Cisco WLC using the default certificate
  • C. A value of 255 means that if an AP fails to join the Cisco WLC using an LSC, the AP does not attempt to join the Cisco WLC using the default .
  • D. A value of 3 means that if a user fails to authenticate, the user is disconnected after three retrie

Answer: B

Which two IETF RADIUS attributes sent by the Cisco WLC can be used to differentiate authentication requests based on the user location? (Choose two )

  • A. RADIUS attribute [95] NAS-IPv6-Address
  • B. RADIUS attribute [32] NAS-Identifier
  • C. RADIUS attribute [303] Source-IP
  • D. RADIUS attribute [31] Calling-Station-Id
  • E. RADIUS attribute [4] NAS-IP-Address
  • F. RADIUS attribute [30] Called-Station-id

Answer: BD

Which IEEE protocol can help a wireless client device to identify nearby APs that are available as roaming targets?

  • A. 802.11h
  • B. 802.11ac
  • C. 802.11k
  • D. 802.11n
  • E. 802.11w

Answer: C

https://support.apple.com/en-gb/HT202628 https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11k_and_802.11r_Ov erview
400-351 dumps exhibit
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design- Guide/Enterprise_Mobility_8-1_Deployment_Guide/wlanrf.html

Which two statements about AP Local Authentication by a FlexConnect AP in standalone mode are true? (Choose two.)

  • A. Cisco Wireless LAN Controller must generate a certificate signing request by itself for submitting to acertificate authority for signing.
  • B. Only the vendor Certificate Authority (CA) certificate has to be downloaded to the Cisco Wireless LANController to EAP-TLS authentication.
  • C. When using EAP-TLS, a FlexConnect group must be created so that the Cisco Wireless LAN Controller can push the certificates to the FlexConnect AP in the FlexConnect Group.
  • D. From AireOS release 8.0, Cisco Extended Keying Groups (CEKG) is a supported Local AuthenticationProtocol when deploying FlexConnect.
  • E. Only LEAP, EAP-FAST, PEAP, and EAP-TLS authentications are supporte

Answer: AC

You are working on a deployment that uses two Cisco APs as wireless bridges. One of the bridges is configured as a root bridge and the second bridge is configured as a nonroot bridge. Client A associates to the root bridge and client B associates to the nonroot bridge. Which two statements about this scenario are true? (Choose two)

  • A. The default setting of a bridge is nonroot bridge.
  • B. For two bridges to communicate with each other, one of the bridges must be in root mode and the other bridge must be in nonroot mode.
  • C. Only one device can connect to the Ethernet port of a nonroot bridge.
  • D. Two bridges that are in root mode can talk to each other.
  • E. In point-to-multipoint bridging, WGB is not recommended with the root bridg
  • F. WGB must be associated to the root AP in point-to-multipoint bridging setup.

Answer: AE

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/16041-bridgefaq. html
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/22950-br-ts- 22950.html#reset
http://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3/configuration/guide/cg15-3- 3/cg15-3-3-chap6-radio.html

Which parameter is a functionality of Micro segmentation in the Data Center?

  • A. Intemperate transparently with a wide variety of hypervisors
  • B. Enhanced security for east-west traffic
  • C. Packet filtering for North-South traffic
  • D. Inter-operate transparently with a wide variety of Layer 1 to Layer 7 devices

Answer: B

Which statement best describes MAC authentication?

  • A. The MAC address is used in place of the username in the EAP certificate exchange.
  • B. If WEP is used as a key cipher, the MAC address may be used in the key hash.
  • C. The MAC address can be spoofed, so it is insecure.
  • D. Users will not be able to connect unless some form of encryption is also use

Answer: C

Which option is a feature of a Cisco Autonormous AP that prevents over-the-air direct P2P communication, which forces all traffic to hit the first-hop router where security policy is enforced?

  • A. Wi-Fi Direct Client Policy
  • B. P2P Secure Packet Public
  • C. Secure Packet Forwarding
  • D. P2P Blocking Action

Answer: C

http://docwiki.cisco.com/wiki/Wireless_Technologies Cisco Aironet Access Points
http://www.cisco.com/web/techdoc/wireless/access_points/online_help/eag/123- 02.JA/1400BR/h_ap_network-if_802-11_c.html
Public Secure Packet Forwarding
Public Secure Packet Forwarding (PSPF) prevents client devices associated to an access point from inadvertently sharing files or communicating with other client devices associated to the access point. It provides Internet access to client devices without providing other capabilities of a LAN.
No exchange of unicast, broadcast, or multicast traffic occurs between protected ports. Choose Enable so that the protected port can be used for secure mode configuration.
PSPF must be set per VLAN.
Note: To prevent communication between clients associated to different access points on your wireless LAN, you must set up protected ports on the switch to which your access points are connected.
Wi-Fi Direct Client Policy | Security and Network Management J Cisco Support Community https://supportforums.cisco.com/discussion/11851216/wi-fi-direct-client-policy Information About the Wi-Fi Direct Client Policy
Devices that are Wi-Fi Direct capable can connect directly to each other quickly and conveniently to do tasks such as printing, synchronization, and sharing of data. Wi-Fi Direct devices may associate
with multiple peer-to-peer (P2P) devices and with infrastructure wireless LANs (WLANs) concurrently. You can use the controller to configure the Wi-Fi Direct Client Policy, on a per WLAN basis, where you can allow or disallow association of Wi-Fi devices with infrastructure WLANs, or disable Wi-Fi Direct Client Policy altogether for WLANs. http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010 00011.html

On a Cisco autonomous AP, the maximum number of attempts to send a packet (packet retries) is set to 32 by default. Which statement about the result when the AP has tried to send a packet for that number of attempts and no response is received from the client is true?

  • A. The access point drops the packet.
  • B. The client MAC address is excluded for 60 seconds.
  • C. The access point resets the radio interface.
  • D. The access point disassociates the clien

Answer: A

Packet Retries & Max-Retries I mrn-cciew https://mrncciew.com/2013/06/16/packet-retries-max-retries/
In Autonomous(IOS) AP, you can configure number of attempts the wireless device makes to send a packet before giving up & dropping the packet. There are two ways of configuring this feature. One method for best effort (priority value 0) traffic & another method for non-best effort (priority value 1- 7)
1. Best-effort Traffic (packet retries command)
2. N on-Best-effort Traffic (packet max-retries command ) CLI default:
packet retries 32 drop-packet channel width 40-above channel dfs station-role root rts retries 32
Configuring the Maximum Data Packet Retries
The maximum data retries setting determines the number of attempts the makes to send a packet before giving up and dropping the packet. The default setting is 32. Beginning in privileged EXEC mode

Your customer plans to deploy a location-aware WLAN in a campus. Which two statements about the planning consideration for a location-aware WLAN are true? (Choose two.)

  • A. At least one AP that resides in each of at least three of the surrounding quadrants is located within 70 feet (-21.3meters) of the point-in-question.
  • B. At least two APs are resident in each quadrant that surrounds the pint-in-question.
  • C. Cisco PI allows APs that are defined as being equipped with third-party antennas participate in client, tag, or rogue on-demand location tracking.
  • D. Active RFID tags transmit directly to the APs and require 802.11 authentication and association to pass data traffic to the real-time location system engine.
  • E. Perimeter APs should complement APs located within floor interior area
  • F. In addition, APs should beplaces in each of the four corners of the floor, and at any other corners that are encountered along the floor perimeter.
  • G. Onsite calibration is required otherwise location tracking for clients cannot be enable

Answer: DE

You have been asked to change your 7925 wireless IP phone scan mode from Auto lo Continuous. Which two statements about Continuous scan mode are true? (Choose two.)

  • A. Idle battery life is increased slightly when using this scan mode because the client does not have to send any association probe requests
  • B. The phone scans only when the basic service set is lost.
  • C. The phone scans only when on a call or when the signal strength (RSSI) is low.
  • D. This mode is recommended for environments where frequent roams occur or where smaller cells (pico cells) exist.
  • E. The phone scans continuously even when it is not in a cal

Answer: DE

Refer to the exhibit .
400-351 dumps exhibit
According to the debugs and logn the Cisco WLC and Cisco LAP which WLC discovery Algorithm is used by the LAP to join the Cisco WLC?

  • A. DHCP server LAP sends a layer 3 CAPWAP discover request to the Cisco WLC that is listed m the DHCP option 43.
  • B. configured LAP sends a uncast layer 3 CAPWAP discover request to the Cisco WLC IP address that the LAP has in its NVRAM
  • C. Broadcast lap broadcasts a layer 3 CAPWAP discover massage on the local ip subnet
  • D. DNS lap resolve the DNS Name CISCO-CAPWAP-CONTEOLLER cisco to the Cisco WLC ip address then it sends a uncast layer 3 CAPWAP discovery request to the Cisco WLC

Answer: A

Which statement about configuring the date and time on a wireless LAN controller is true?

  • A. When configuring wIPS on the wireless LAN controller you should not use the Universal Time Zone All logs and reports must be time-stamped with the localized time to assist with troubleshooting
  • B. You can configure an authentication channel between the controller and the NTP server
  • C. To set the wireless LAN controller date and time, only NTP should be used Manually configuring data and time is not supported
  • D. As part of their built-in resilience mechanism, Cisco Aironet lightweight access points always connect to the wireless LAN controller independently if the date and time has been set or not

Answer: D

You are looking at the logs of the Identity Services Engine while troubleshooting a wireless connectivity
problem. You see this error: “handshake failed because of an unknown CA in the client certificates chain”.
Which two statements are true? (Choose two.)

  • A. ISE does not trust the certificate chain of the client
  • B. EAP-Method is LEAP
  • C. Client does not trust the certificate chain of ISE
  • D. The client is doing certificate-based authentication
  • E. The WLC does not trust the certificate chain of client, which relayed to the client via the ISE.

Answer: AD

Drag and drop the mobility architecture components on the left to their primary function on the right?
400-351 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

400-351 dumps exhibit

400-351 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

400-351 dumps exhibit

Refer 10 the exhibit.
400-351 dumps exhibit
You are the network administrator at a corporation and you are trying to troubleshoot a Fast BSS transition issue for a client You have received the snapshot of the packet capture Based on your analysis of this packet capture which statement is true?

  • A. The packet capture shows that client cannot use any Fast BSS transition methods
  • B. The packet capture is for the initial association of the client with an AP supporting 802 11r-based Fast BSS transition
  • C. The packet capture shows the Fast BSS transition over the air
  • D. The packet capture shows Fast BSS transition over the DS, authentication packets are sent at basic rate of 36 Mbps.

Answer: D

Which of the below characteristics of RPL is true?

  • A. RPL is designed 1)or lossy networks.
  • B. RPL is an IPv6 link-state routing protocol.
  • C. RPL can send only messages in secured mode.
  • D. RPL uses hello messages to send routing updates to its neighbor

Answer: A

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/rpl/configuration/15-mt/rpl-15-mt-book.html https://datatracker.ietf.org/doc/rfc6550/?include_text=1

Drag and drop the configuration steps for access point groups on the wireless LAN controller from the left into the correct order on the right.
400-351 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

400-351 dumps exhibit

While configuring Wireless Domain Services, which port is used for traffic between infrastructure APs and the WDS AP?

  • A. Generic Routing Encapsulation GRE which is IP protocol 47
  • B. UDP destination and source protocol Port 1812 (0x0714)
  • C. UDP destination and source protocol port 2887 (0x0B47) or Ethernet Type 34605 (0x872D)
  • D. UDP destination and Source Protocol Port 1645 (0x066D)

Answer: C


100% Valid and Newest Version 400-351 Questions & Answers shared by Certshared, Get Full Dumps HERE: https://www.certshared.com/exam/400-351/ (New 393 Q&As)