Latest Cisco CCIE 350-050 Real Exam Download 231-240

Ensurepass

QUESTION 231

In order to protect IEEE 802.11 clients against spoofed management frames, client Management Frame Protection encrypts management frames sent between access points and clients. Which three of these management frames are protected by client MFP? (Choose three.)

 

A.

beacon

B.

authentication

C.

deauthentication

D.

disassociation

E.

probe request

F.

probe response

G.

QoS (WMM) action frames

 

Answer: CDG

 

 

QUESTION 232

Infrastructure Management Frame Protection enables the wireless infrastructure to detect management frames spoofed by an attacker. Which two of these mechanisms does infrastructure MFP introduce to access points in order to protect against such attacks? (Choose two.)

 

A.

management frame validation

B.

management frame encryption

C.

cryptographically-hashed message integrity check

D.

cryptographically-hashed frame check sequence

E.

802.1x authentication

 

Answer: AC

 

 

QUESTION 233

You are deploying a wireless network in a warehouse located next to an airport. Which two of these 5-GHz channels would avoid potential radar interference, considering that many airport radars use the UNII-2 frequency ranges? (Choose two.)

 

A.

36

B.

52

C.

140

D.

153

 

Answer: AD

 

 

QUESTION 234

Your site has already been surveyed at 5 GHz for 802.11n VoWLAN services. Which two services can you add safely, without conducting an additional site survey? (Choose two.)

 

A.

enhanced Layer 2 or Layer 3 security of the WLAN

B.

optional MFP client protection for Cisco Client Extensions Version 5 clients

C.

802.11n data services on the 2.4 GHz Frequency

D.

802.11n voice services on the 2.4 GHz Frequency

E.

new services (such as location) on both frequencies

 

Answer: AB

 

 

QUESTION 235

Which two of the following statements are true regarding RLDP? (Choose two.)

 

A.

RLDP works only on APs configured in Open Authentication mode.

B.

RLDP only works if the AP is in Monitor Mode.

C.

RLDP will attempt to identify each Rogue AP only once.

D.

RLDP only works if the Rogue AP is connected to a VLAN that is reachable by the WLC.

E.

RLDP only works if the AP is in Local Mode.

 

Answer: AD

 

 

QUESTION 236

When configuring authentication for a WLAN through a RADIUS server, which statement is correct when per-WLAN RADIUS source support is enabled?

 

A.

You must specify a RADIUS server in the WLAN settings; otherwise, authentications will fail.

B.

If the RADIUS server is on one of the WLC dynamic interface networks, RADIUS traffic from the

controller will be sourced from that dynamic interface.

C.

If AAA override is enabled, the WLAN settings will override any RADIUS attribute received by the

RADIUS server.

D.

Wireless clients need to trust the WLC certificate in case of EAP-TLS authentications.

 

Answer: B

 

 

QUESTION 237

When implementing a web authentication-based WLAN, which two of these statements are correct? (Choose two.)

 

A.

When using an external web authentication server, a pre-auth ACL is required for the WLC 5500.

B.

You need to configure DNS resolution for the IP address of the Cisco WLC virtual interface.

C.

When using the Cisco WLC as a web auth server, wireless clients will never be able to validate the

Self Signed Certificate (SCC) so a Locally Significant Certificate (LSC) must be used.

D.

If you are using an external web server for the login portal, wireless clients may be required to trust

two certificates: one from the external web server and one from the Cisco WLC.

 

Answer: AD

 

 

QUESTION 238

Which two of these procedures enable you to implement dynamic VLAN assignment for wireless users connecting to a Cisco WLC on a secure dot1x WLAN, so that users connect to a specific VLAN based upon their credentials? (Choose two.)

 

A.

Configure the IETF Tunnel-Private-Group-ID attribute on the TACACS server so that it can send the

VLAN ID to the WLC.

B.

Configure the IETF RADIUS attributes 64, 65, and 81 on the RADIUS server so that it can send the

VLAN ID to the WLC.

C.

Configure the IETF RADIUS attribute 81 on the RADIUS server so that it can send the interface name

to the WLC.

D.

Configure the Cisco Airespace RADIUS Aire-Vlan-Id attribute on the RADIUS server so that it can

send the VLAN ID to the WLC.

E.

Configure the Cisco Airespace RADIUS Aire-Interface-Name attribute on the RADIUS server so that

it can send the interface name to the WLC.

 

Answer: BE

 

 

QUESTION 239

When configuring management user authentication on a WLC, which statement is correct?

 

A.

You can configure an LDAP server to authenticate management users.

B.

You can configure users on the local WLC database with different authorization privileges for specific menus.

C.

If the local database is selected as a second priority after RADIUS, the local WLC database will not be

used if the authentication fails through the RADIUS server.

D.

A lobby ambassador user can push new management users to the WLC through Cisco WCS.

 

Answer: C

 

 

QUESTION 240

You want to restrict read/write admin access levels to only the Security tab on a Cisco WLC for a particular admin user. Which two of these options do you need to configure? (Choose two.)

 

A.

a custom attribute-value pair on the ACS

B.

a Cisco attribute-value pair on the ACS

C.

a RADIUS authentication/authorization server

D.

a TACACS+ authentication/authorization server

E.

the Lobby Ambassador feature

 

Answer: AD

 

 

Download Latest CISCO CCIE 350-050 Real Free Tests ,help you to pass exam 100%.

Download FREE CCIE 350-050 Demo
FREE Ensurepass CCIE Certification Exam Questions and Answers
FREE Ensurepass Cisco Certification Exam Questions and Answers

HOT EXAM!

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com