2017 November Cisco Official New Released 400-351 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Although the Cisco 400-351 dumps are very popular, Lead2pass offers a wide range of Cisco 400-351 exam dumps and will continue to release new study guide to meet the rapidly increasing demand of the IT industry.
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-351.html
QUESTION 231
Which three security threats require the Cisco Adaptive wIPS service for mitigation? (Choose three.)
A. on/off-channel rogue
B. spectrum intelligence
C. man-in-the-middle attack
D. rogue switch-port tracing
E. zero-day attack
F. network reconnaissance
Answer: CEF
QUESTION 232
Which of the following are required components for Client MFP? (Choose two.)
A. CCXv4
B. CCXv5
C. 802.11n
D. WPA2 w/TKIP or AES-CCMP
E. AnyConnect 3.0
Answer: BD
QUESTION 233
Which of the following statements are true regarding RLDP? (Choose two)
A. RLDP works only on APs configured in Open Authentication mode.
B. RLDP only works if the AP is in Monitor Mode.
C. RLDP will attempt to identify each Rogue AP only once.
D. RLDP only works if the Rogue AP is connected to a VLAN that is reachable by the WLC.
E. RLDP only works if the AP is in Local Mode.
Answer: AD
QUESTION 234
Which of the following statements are not correct about Client Management Frame Protection (MFP)? (Choose 2.)
A. Client MFP can replace Infrastructure MFP in case only CCXv5 clients are used.
B. Client MFP encrypts class 3Unicastmanagement frames using the security mechanisms defined by 802.11i.
C. In order to use Client MFP the client must support CCXv5 and negotiate WPA2 with AES- CCMP or TKIP.
D. The only supported method to obtain the pre-user MFP encryption keys is EAP authentication.
E. CCXv5 client and access points must discard broadcast class 3 management frames.
Answer: AD
QUESTION 235
Corporation XYZ just underwent a third-party security audit. The auditors have required that the corporation implements 802.1x on its wireless network and disable all pre-shared key WLANs as soon as possible. XYZ does not have an internal CA installed to provide server certificates today. However, it wishes to implement an EAP method that requires clients to use server authentication in the future. XYZ also needs an EAP method that will allow both Active Directory user authentication and time-based tokens.
What is the best EAP method for XYZ to implement?
A. TTLS
B. PEAP
C. FAST
D. TLS
Answer: C
QUESTION 236
Which of the below parameters are used in calculating the range – maximum distance – of an outdoor link between two bridges? Choose two.
A. The cable length between bridge and the connecting switch.
B. The bridge transmission power.
C. The outside temperature.
D. The modulation type.
E. The length of the antenna.
Answer: BD
QUESTION 237
Resource Reservation Control (RRC) provides enhanced capabilities to manage admission and policy controls when deploying VideoStream on a Cisco Unified Wireless Network.
Which statement correctly states the decision making process RRC goes through to admit or deny a client from joining a stream?
A. RRC initiates admission and policy decisions based on the radio resource measurements, traffic
statistics measurement, and system configurations. The WLC initiates RRC requests to the APs
for the IGMP join.
B. The WLC processes IGMP join requests after checking all the parameters, including client count,
channel utilization, latency, QoS, and client link rates.
C. RRC algorithm periodically checks if conditions have changed. If a policy is violated, the client will
be denied to the stream immediately. When the condition improves, the client will be admitted to join again.
D. RRC algorithm will check and ensure the conditions are optimal before the client gets admitted.
If the conditions are only partially satisfied, the client will be admitted but will have a better QoS
priority to protect the stream quality.
E. RRC is a control mechanism to ensure good connection quality for a video stream via multicast.
Clients that do not satisfy all conditions will always be admitted as best effort clients. Clients that
do not get admitted 3 times within a specific time period, are denied access to the stream.
Answer: A
QUESTION 238
Which two statements are true regarding the location tracking history on the Cisco 3300 Series Mobility Services Engine? (Choose two.)
A. By default, the historical data is archived for 30 days.
B. The history of an element is recorded if it moves more than 5 meters (or 15 feet).
C. The history of an element is recorded if it moves across floors.
D. History logging is enabled by default.
E. An element is removed from the tracking table after one hour of inactivity.
Answer: AC
QUESTION 239
When designing a WLAN network to support both voice and context-aware services, which set of design principles should you follow?
A. An AP must be placed at the perimeter and in each of the four corners of the floor. All APs must be
enabled to ensure proper coverage on the floor to provide -67 dBm, 20 percent celloverlap, and 19 dB
channel separation.
B. An AP must be placed at the perimeter and in each of the four corners of the floor. Some APs may be
disabled to ensure proper coverage on the floor to provide -67 dBm, 20 percent celloverlap, and 19 dB
channel separation.
C. An AP must be placed at the perimeter and in each of the four corners of the floor to ensure proper
coverage on the floor to provide -67 dBm, 20 percent cell overlap, and 19 dB channel separation.
Some APs may be in monitor mode.
D. If a conflict occurs between the AP placement for voice design and for context-aware location design,
then the voice design should take precedence, to protect against delays and dropping of sensitive
voice traffic.
E. In a design that includes both voice and context-aware services, voice design always requires more
APs to be deployed to ensure -67 dBm coverage, 20 percent cell overlap, 19 dB channel separation,
and proper capacity planning.
F. In a design that includes both voice and context-aware services, voice design should take precedence
to avoid co-channel interference, which can negatively affect voice quality. Voice design also requires -67
dBm coverage, 20 percent cell overlap, and 19 dB channel separation, which is more difficult to achieve.
Answer: C
QUESTION 240
Refer to the exhibit. Looking at the packet capture between the client and AP during a voice troubleshooting session, what can you learn?
A. The 802.1p COS value is marked as 5, which typically is used for the voice traffic that is encoded
in G711.
B. IP precedence is marked as 5 for the voice traffic that is encoded in G711, with a corresponding
802.11e UP marking of 6.
C. The WMM UP value is marked as 5, which typically is used for the voice traffic that is encoded in
G711, and DSCP is marked as EF.
D. IP precedence is marked as 5, with a corresponding 802.11e UP marking of 6 and a correct DSCP
marking to EF; the voice traffic is encoded in G711.
E. The 802.1p COS value is marked as 5, with a correct DSCP marking to EF, and the voice traffic is
encoded in G711.
F. WMM UP marking is marked as 5, which typically is used for video traffic; this voice traffic stream is
encoded in G711, and DSCP is marked as EF.
Answer: F
QUESTION 241
When deploying the Cisco Unified Wireless IP Phone 7925 running firmware release 1.3.4 on a Cisco Unified architecture, which features should you enable to support fast secure roaming while maintaining a scalable deployment?
A. The controller supports PKC, so use WPA2 802.1X.
B. The controller does not support PKC, so use WPA2 PSK.
C. The controller does not support OKC, so use WPA2 PSK.
D. The 7925 does not support WPA2 with Cisco CKM, so use WPA2 PSK.
E. The 7925 supports WPA2 with Cisco CKM, so use WPA2 802.1X.
F. The 7925 supports PKC, so use WPA2 802.1X.
Answer: E
QUESTION 242
At what distance does the curve of the earth factor into the antenna elevation calculation?
A. greater than 6 miles (~10 km)
B. greater than 26 miles (~42 km)
C. the width of the Fresnel zone, which varies depending on the distance by which the bridges are separated
D. 60% of the Fresnel zone
Answer: A
QUESTION 243
Which statement is true regarding communication between the WDS and other APs in a WLAN setup using WDS?
A. Communication is protected using X.509 certificates, which can be either self-signed or manufacturer-installed.
B. Communication is protected using a Context Transfer Key, which is manually configured on the AP.
C. Communication is protected using multicast traffic, which is restricted to the local Layer 2 network.
D. Communication is protected using a Context Transfer Key, which is negotiated during WDS authentication.
Answer: D
QUESTION 244
Which statement about NIC cards certified by Cisco Compatible Extensions is correct?
A. They support Cisco WLAN technology enhancements.
B. They support Cisco alternatives to the 802.11 standards.
C. They support Cisco standards such as LEAP and EAP-FAST but not PEAP-MSCHAP.
D. They support 802.11 standards plus power management only.
E. They are compliant with Cisco Compatible Extensions, but not with Wi-Fi.
Answer: A
QUESTION 245
How can you use Cisco WCS as part of the preliminary site survey for an unfinished building?
A. detect sources of RF interference
B. detect possible security policy violations
C. find the exact location of the APs on the floor map
D. create obstacles on floor plans that can be taken into consideration when computing RF prediction heat maps for APs
Answer: D
QUESTION 246
What happens to the traffic between two users with the same SSID when peer-to-peer blocking is disabled?
A. traffic is dropped from wireless user to wireless user
B. traffic is forwarded to the upstream VLAN; the device above the controller decides what action to take regarding the packets
C. traffic is bridged on the same controller
D. traffic is inspected by the controller for malicious attacks
Answer: C
QUESTION 247
During the Layer 3 LWAPP Join process, a list of wireless LAN controllers may be offered to the AP by which DHCP option?
A. 6
B. 43
C. 44
D. 46
E. 60
F. 66
Answer: B
QUESTION 248
In order to protect IEEE 802.11 clients against spoofed management frames, client Management Frame Protection encrypts management frames sent between access points and clients. Which three of these management frames are protected by client MFP? (Choose three.)
A. beacon
B. authentication
C. deauthentication
D. disassociation
E. probe request
F. probe response
G. QoS (WMM) action frames
Answer: CDG
QUESTION 249
Infrastructure Management Frame Protection enables the wireless infrastructure to detect management frames spoofed by an attacker. Which two of these mechanisms does infrastructure MFP introduce to access points in order to protect against such attacks? (Choose two.)
A. management frame validation
B. management frame encryption
C. cryptographically-hashed message integrity check
D. cryptographically-hashed frame check sequence
E. 802.1x authentication
Answer: AC
QUESTION 250
You are deploying a wireless network in a warehouse located next to an airport. Which two of these 5-GHz channels would avoid potential radar interference, considering that many airport radars use the UNII-2 frequency ranges? (Choose two.)
A. 36
B. 52
C. 140
D. 153
Answer: AD
Lead2pass offers the latest Cisco 400-351 dumps and a good range of Cisco Certification 400-351 answers. Most of our Cisco 400-351 exam dumps are exclusively prepared by the best brains and highly skilled professionals from the IT domain to ensure 100% pass in your Cisco 400-351 Exam.
More 400-351 new questions (with images) on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDY0FaMFVrWHdXWEk
2017 Cisco 400-351 exam dumps (All 305 Q&As) from Lead2pass:
https://www.lead2pass.com/400-351.html [100% Exam Pass Guaranteed]