Latest Cisco CCIE 350-050 Real Exam Download 81-90

Ensurepass

QUESTION 81

Refer to the exhibit. What might be the reason of these failed attempts in ACS?

 

clip_image002

 

A.

The wrong shared secret is configured on the AAA client or ACS.

B.

The request is coming from a AAA client that is configured only for RADIUS on ACS.

C.

The request is coming from a AAA client that is configured only for TACACS+ on ACS.

D.

The PC that is trying to access the device is outside the known subnet.

 

Answer: B

 

 

QUESTION 82

How can you configure an NTP server address for Cisco Secure ACS 5.2?

 

A.

through the ACS GUI only

B.

through the ACS CLI only

C.

through both the ACS GUI and CLI

D.

on the hosting Microsoft Windows operating system

E.

not possible because there are no NTP settings for ACS

 

Answer: B

 

 

QUESTION 83

You have configured ACS to perform machine authentication against Active Directory. Both ACS and Active Directory hosts can ping each other, there is no firewall between them, and ACS trusts the correct CA. Yet the clients that are performing machine authentication with EAP-TLS and using valid certificates are failing to authenticate. What might the reason be?

 

A.

The wrong UDP port for Active Directory is configured on ACS.

B.

Machine access restrictions is enabled on ACS.

C.

The client certificate key is less than 2048 bit.

D.

The wrong date and time are on the ACS server.

E.

The host is not configured in the ACS internal database.

 

Answer: D

 

 

QUESTION 84

Refer to the exhibit. Which three statements about the configured attribute or value in ACS are true? (Choose three.)

 

clip_image004

 

A.

It is returned within a RADIUS packet.

B.

It is returned within a TACACS+ packet.

C.

It grants the use of configuration commands on autonomous APs.

D.

It grants at least read-only access to all the menus in the Cisco WLC GUI.

E.

It is case sensitive.

F.

It is not case sensitive.

 

Answer: BDE

 

 

QUESTION 85

On a Cisco WLC, which NTP authentication type or types are supported?

 

A.

MD5 and DES

B.

MD5, DES, and DES-CBC

C.

MD5

D.

DES

E.

DES-CBC

 

Answer: C

 

 

QUESTION 86

Refer to the exhibit. Which DHCP option is shown?

 

clip_image006

 

A.

Option 60

B.

Option 241

C.

Option 32

D.

Option 150

E.

Option 43

 

Answer: E

 

 

QUESTION 87

Refer to the exhibit. Cisco Secure ACS 5.2 shows successful TACACS+ authentication and authorization for the user, but access to the Cisco WLC GUI fails. What is the reason for this failure?

 

clip_image008

 

A.

The user password is incorrect.

B.

The authorization response does not include a Privilege-Level attribute.

C.

The assigned role is incorrect.

D.

The received TACACS+ packet is not encrypted.

 

Answer: C

 

 

QUESTION 88

You are configuring a RADIUS server and the security team asks you for details about this protocol. Which three statements about the RADIUS protocol are true? (Choose three.)

 

A.

It is TCP based.

B.

It is UDP based.

C.

RADIUS servers use port 1645 or port 1812 for authentication.

D.

RADIUS servers use port 1646 or port 1813 for authorization.

E.

The username is sent in cleartext.

F.

The username is encrypted.

 

Answer: BCE

 

 

QUESTION 89

In a bridge-to-bridge setup, the network administrator wants to allow only the root bridge the ability to associate to the non-root bridge. To achieve this goal, the administrator decides to implement a MAC filter. If 0017.dfa6.cdf0 is the MAC address of the root AP (ROOT_AP) and 0017.dfa6.ae13 is the MAC address of the non-root AP (NON-ROOT_AP), which command set will achieve this goal?

 

A.

ROOT_AP# configure terminal

ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0

ROOT_AP(config)# dot11 association mac-list 700

B.

NON-ROOT_AP# configure terminal

NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0

NON-ROOT_AP(config)# dot11 association mac-list 700

C.

NON-ROOT_AP# configure terminal

NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.ae13

NON-ROOT_AP(config)# dot11 association mac-list 700

D.

NON-ROOT_AP# configure terminal

NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0

NON-ROOT_AP(config)# dot11 ssid bridge

NON-ROOT_AP(config-ssid)# dot11 association mac-list 700

E.

ROOT_AP# configure terminal

ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0

ROOT_AP(config)# interface Dot11Radio0

ROOT_AP(config-if)# dot11 association mac-list 700

 

Answer: B

 

 

QUESTION 90

Which two sets of commands will allow multiple SSIDs (each in its own VLAN) to be broadcast on a single radio interface for an autonomous AP? (Choose two.)

 

A.

dot11mbssid under the global config section and guest-mode under the SSID config section

B.

mbssid under the radio interface and mbssid guest-mode under the SSID config section

C.

dot11mbssid under the global config section and mbssid guest-mode under the SSID config section

D.

dot11mbssid under the global config section, mbssid under the radio interface, and guest-mode under

the SSID config section

E.

cannot broadcast multiple SSIDs under one radio interface if using multiple VLANs

 

Answer: BC

 

 

Download Latest CISCO CCIE 350-050 Real Free Tests ,help you to pass exam 100%.

Download FREE CCIE 350-050 Demo
FREE Ensurepass CCIE Certification Exam Questions and Answers
FREE Ensurepass Cisco Certification Exam Questions and Answers

HOT EXAM!

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com