Latest Cisco CCIE 350-050 Real Exam Download 241-250

Ensurepass

QUESTION 241

You are troubleshooting a connectivity issue on a Cisco WLC, in which wireless clients occasionally lose their connection. Which two of these infrastructure application services can help you to troubleshoot this issue by using one service to synchronize time on the WLC, and a server that is configured with another service to receive the output of the client debugs from the WLC? (Choose two.)

 

A.

FTP

B.

TFTP

C.

syslog

D.

SNMP

E.

DHCP

F.

NTP

G.

TRAPLOG

 

Answer: CF

 

 

QUESTION 242

You are configuring a Cisco WLC in a hotel that provides wireless guest access to the Internet, using web authentication. Guest credentials are generated for individual rooms upon check-in. Users often complain about certificate security warnings when opening their browser. You need to fix this issue so that the clients stop getting this certificate warning every time they access the Web-Authentication page, but still protect the credentials during the authentication handshake of this guest setup. You cannot configure the user devices yourself. What is the best solution that meets these requirements?

 

A.

Disable HTTPS on the WLC to avoid the certificate warning during the web authentication.

B.

Configure the WLAN with an EAP method that does not use PKI certificates, but still protects the

credentials during the authentication handshake.

C.

Remove the self-signed SSL certificate of the WLC or make sure that the clients know about the

WLC CA that generated this self-signed certificate.

D.

Install a third-party SSL certificate on the WLC, issued by a known public CA.

 

Answer: D

 

 

QUESTION 243

When configuring a WLAN doing Layer 3 web authentication, the Cisco WLC can authenticate the users with different servers or databases. Which two of these activities are valid options? (Choose two.)

 

A.

using the local RADIUS server of the WLC

B.

using the local database on the WLC (just configuring local net users)

C.

using Lobby Ambassador users

D.

using PAP with an external RADIUS server

E.

using MS-CHAP with an external RADIUS server

F.

using LDAP over SSL with an external database

 

Answer: BD

 

 

QUESTION 244

When authenticating wireless clients through PEAPv0 with MS-CHAPv2, which statement is correct?

 

A.

Authentication credentials are exchanged inside a TLS tunnel.

B.

The client must trust the RADIUS server certificate.

C.

The same certification authority must issue both the client and server certificates.

D.

The CN attribute of the RADIUS server certificate must contain the FQDN or the IP address of the

RADIUS server itself.

E.

A self-signed RADIUS server certificate cannot be used.

 

Answer: A

 

 

QUESTION 245

What is the correct command to upgrade an autonomous AP to a Cisco Unified AP (Cisco IOS Release 12.3(8)JEA2), after you established console access to the AP and set up a TFTP server at 1.1.1.1?

 

A.

AP# copy tftp: flash://<1.1.1.1>/ c1140-rcvk9w8-tar.123-8.JEA2.tar

B.

AP# archive download-sw/force-reload/overwrite tftp://1.1.1.1/ c1140-k9w7-tar.123-8.JEA2.tar

C.

AP# archive download-sw/force-reload/overwrite tftp://1.1.1.1/ c1140-rcvk9w8-tar.123- 8.JEA2.tar

D.

AP# archive download-sw/force-reload/overwrite tftp://1.1.1.1/ c1140-k9w7-bin.123-8.JEA2.bin

 

Answer: C

 

 

QUESTION 246

Which three of these options are not valid ways to extend wireless coverage in an autonomous AP environment? (Choose three.)

 

A.

Add additional APs in repeater mode.

B.

Add additional APs in bridge mode.

C.

Add additional APs in access point mode.

D.

Increase the transmitter power level.

E.

Use both radios.

F.

Position the APs optimally.

G.

Use QoS.

 

Answer: BEG

 

 

QUESTION 247

Refer to the exhibit. What does the max-channel 30 command refer to?

 

clip_image002

 

A.

maximum percentage of channel utilization for CAC traffic

B.

maximum bandwidth of traffic utilization for CAC traffic

C.

maximum percentage of bandwidth for non-CAC traffic

D.

maximum number of queues on the radio interface for CAC traffic

 

Answer: A

 

 

QUESTION 248

You are configuring an access point in a mobile scenario (on a train) which is connected to a L2 switch that has multiple clients attached. The access point must be configured to connect to the mesh network. Which two of the below bridge configuration settings need to be configured? (Choose two.)

 

A.

station-role workgroup-bridge

B.

station-role workgroup-bridge universal

C.

station-role non-root bridge

D.

infrastructure-ssid

 

Answer: AD

 

 

QUESTION 249

You are deploying a Cisco DMP (Digital Media Player) that only has an Ethernet interface, and you plan to plug it into an access point to connect it to the Cisco Unified Wireless Network. The DMP multicast video is displaying distorted and pixelated video. Which one of these radio interface actions is most likely to improve the video stream quality?

 

A.

Increase the RTS threshold to 2000.

B.

Disable short preambles.

C.

Configure station-role workgroup-bridge universal.

D.

Enable infrastructure-client.

 

Answer: D

 

 

QUESTION 250

Refer to the exhibit. The autonomous AP has a corporate and guest SSID configured. The security team requested that you limit guest user traffic to DHCP, DNS, and web browsing on the AP. Which configuration best satisfies the request?

 

clip_image004

 

A.

access-list 101 permit udp any any eq 67

access-list 101 permit udp 10.28.128.0 0.0.0.255 host 10.28.10.5 eq 53

access-list 101 permit tcp 10.28.128.0 0.0.0.255 any eq 80

access-list 101 deny ip any any

interface FastEthernet 0

ip access-group 101 in

B.

access-list 101 permit udp any any eq 67

access-list 101 permit udp 10.28.128.0 0.0.0.255 host 10.28.10.5 eq 53

access-list 101 permit tcp 10.28.128.0 0.0.0.255 any eq 80

access-list 101 deny ip any any

interface dot11radio 0

ip access-group 101 in

C.

access-list 101 permit udp any any eq 67

access-list 101 permit udp 10.28.128.0 255.255.255.0 host 10.28.10.5 eq 53

access-list 101 permit tcp 10.28.128.0 255.255.255.0 any eq 80

access-list 101 deny ip any any

interface dot11radio 0

ip access-group 101 in

D.

access-list 101 permit udp any any eq 67

access-list 101 permit udp 10.28.128.0 255.255.255.0 host 10.28.10.5 eq 53

access-list 101 permit tcp 10.28.128.0 255.255.255.0 any eq 80

access-list 101 deny ip any any

interface FastEthernet 0

ip access-group 101 in

 

Answer: B

 

Download Latest CISCO CCIE 350-050 Real Free Tests ,help you to pass exam 100%.

Download FREE CCIE 350-050 Demo
FREE Ensurepass CCIE Certification Exam Questions and Answers
FREE Ensurepass Cisco Certification Exam Questions and Answers

HOT EXAM!

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com