Latest Cisco CCIE 350-050 Real Exam Download 71-80

Ensurepass

QUESTION 71

Refer to the exhibit. The ACS RADIUS Authentication Report shows the output for a failed client authentication. Which action can resolve this issue?

 

clip_image002

 

A.

Re-generate the client certificate, which is expired.

B.

Install the complete ACS certificate CA chain on the client operating system.

C.

Re-generate the local ACS certificate, which was issued by an unknown CA.

D.

Import the complete client certificate CA chain on the ACS.

 

Answer: D

 

 

QUESTION 72

Which two statements about the management access control on Cisco WLC, using an external TACACS+ server, are true? (Choose two.)

 

A.

The Cisco WLC supports TACACS+ command authorization.

B.

The Cisco WLC AAA authorization is role-based, using custom TACACS+ attributes.

C.

The Cisco WLC AAA authorization is role-based, using Cisco VSA attributes.

D.

The Cisco WLC requires the TACACS+ server to return a Privilege-Level attribute.

E.

If a user is not entitled to a specific task, then the user is not allowed to access that task.

F.

If a user is not entitled to a specific task, then the user is allowed to have read-only access to that task.

 

Answer: BF

 

 

QUESTION 73

What is the benefit of using a CA-signed certificate over a self-signed certificate?

 

A.

You can generate a certificate with a longer validity period.

B.

Fewer steps need to be generated.

C.

More authentication types are supported.

D.

You can avoid impersonation attacks.

E.

You can use bigger keys.

 

Answer: D

 

 

QUESTION 74

Refer to the exhibit. Which DHCP option is shown?

 

clip_image003

 

A.

32

B.

43

C.

60

D.

150

E.

241

 

Answer: C

 

 

QUESTION 75

Refer to the exhibit. Which Cisco WLC IP addresses will be returned to a Cisco AP that requests an IP address from this DHCP pool?

 

clip_image004

 

A.

192.168.129.12 and 192.168.129.20

B.

192.168.129.11 and 192.168.129.19

C.

192.168.129.12 and 192.168.129.17

D.

192.168.129.11 and 192.168.129.18

E.

none of the above

 

Answer: B

 

 

QUESTION 76

Which three EAP types are supported when using an LDAP backend database that does not return a cleartext password? (Choose three.)

 

A.

EAP-FAST-GTC

B.

EAP-TLS

C.

PEAPv0-MS-CHAPv2

D.

PEAPv1-GTC

E.

EAP-FAST-MS-CHAPv2

F.

LEAP

 

Answer: ABD

 

 

QUESTION 77

Refer to the exhibit. What can be filtered by using this DNIS filter on ACS?

 

clip_image006

 

A.

wireless clients, based on the SSID to which they are associating

B.

wireless IP phones, based on the phone number that they are calling

C.

authentications from AAA clients, based on their assigned location

D.

authentications from a specific Cisco WLC interface

E.

authentications, based on part of the username

 

Answer: A

 

 

QUESTION 78

Which statement about using the internal DHCP server feature on a Cisco WLC is true?

 

A.

DHCP option 43 must be configured on the internal DHCP server.

B.

The DHCP server IP address must be set to the Cisco WLC management interface IP address.

C.

The internal DHCP server can serve both wireless and wired clients.

D.

Autonomous APs are supported.

 

Answer: B

 

 

QUESTION 79

When using DNS discovery, you must configure DNS to respond to which of the following?

 

A.

CISCO-WAP-CONTROLLER.localdomain

B.

CISCO-CONTROLLER.localdomain

C.

CISCO-CAPWAP-CONTROLLER.localdomain or CISCO-LWAPP-CONTROLLER.localdomain

D.

CISCO-CONTROLLER-LWAPP.localdomain or CISCO-CONTROLLER-CAPWAP.localdomain

 

Answer: C

 

 

QUESTION 80

Which two methods can be used in Cisco Secure ACS 5.2 to assign client authentication requests to different access services or authorization policies, based on the SSID to which the client is associated? (Choose two.)

 

A.

DNIS-based end station filter

B.

CLI-based end station filter

C.

condition based on the RADIUS-IETF.Filter-ID(11) attribute

D.

condition based on the RADIUS-IETF:Called-Station-ID(30) attribute

E.

condition based on the RADIUS-IETF:Calling-Station-ID(31) attribute

 

Answer: AD

 

Download Latest CISCO CCIE 350-050 Real Free Tests ,help you to pass exam 100%.

Download FREE CCIE 350-050 Demo
FREE Ensurepass CCIE Certification Exam Questions and Answers
FREE Ensurepass Cisco Certification Exam Questions and Answers

HOT EXAM!

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com