Transcription
Cisco 350-050 ExamVolume: 315 QuestionsQuestion No : 1You are a wireless network administrator for a company that has installed a network that is based onCisco WLC and uses Aironet 1140 Series APs. The clients are using the 2.4 GHz band and WPA TKIP forLayer 2 security. The president of the company reads a news article on the benefits of 802.11n and wantsto deploy it at the office so that the company can use data rates of up to 150 Mb/s. What should you tellthe president?A. You need to change your Layer 2 security policy to WPA2 AES to achieve the 300 Mb/s data rate.B. You need to purchase different APs because the 1140 Series supports only up to 54 Mb/s.C. You need to change the client Layer 2 security to WPA2 TKIP.D. You need to change the client Layer 2 security to open.E. 802.1n data rates are possible only on 5 GHz.F. 802.11n data rates are possible with the current client Layer 2 security, but for a theoretical data rate of300 Mb/s, you need to use channel bonding, which is not recommended on the 2.4 GHz band.Answer: AQuestion No : 2Refer to the exhibit.After setting up an AP to be part of network where WDS is running, you notice that the newly added AP isnot able to join the WDS device. On the newly added AP, you only configure wlccp ap username ciscopassword ccie. You enable debug radius local-server error to help troubleshoot the issue.Given the debug output, what is the most likely cause of the issue?A. The WDS device is configured as a local RADIUS and the EAP packets are looping in the network.B. The WDS device is configured as a local RADIUS and there is a mismatch on the RADIUS sharedsecret.Leading the way in IT testing and certification tools, www.examkiller.net
Cisco 350-050 ExamC. The newly added AP is configured with a wrong password.D. The RADIUS server is not reachable.E. The WDS device is configured for EAP-FAST authentication and the newly added AP is using LEAP.Answer: CQuestion No : 3You are configuring a TACACS server and the security team asks you for details about this protocol.Which three statements about the TACACS protocol are true? (Choose three.)A. It is TCP based.B. It is UDP based.C. It uses port 49 by default.D. It uses port 59 by default.E. The username is sent in cleartext.F. The username is encrypted.Answer: A,C,FQuestion No : 4You are configuring a RADIUS server and the security team asks you for details about this protocol.Which three statements about the RADIUS protocol are true? (Choose three.)A. It is TCP based.B. It is UDP based.C. RADIUS servers use port 1645 or port 1812 for authentication.D. RADIUS servers use port 1646 or port 1813 for authorization.E. The username is sent in cleartext.F. The username is encrypted.Leading the way in IT testing and certification tools, www.examkiller.net
Cisco 350-050 ExamAnswer: B,C,EQuestion No : 5When you have an AP in autonomous mode, you can configure the AP to only allow console or Telnetaccess to authorized users. What is the correct command sequence to achieve RADIUS loginauthentication via console?A. configure terminal aaa new-model aaa authentication login default line console 0 login authenticationdefault radius-server host 172.10.0.1 auth-port 1645 acct-port 1646B. configure terminal aaa new-model aaa authentication login default group radius line console 0 loginauthentication default radius-server host 172.10.0.1 auth-port 1645 acct-port 1646C. configure terminal aaa new-model aaa authentication login default group radius login authenticationdefault radius-server host 172.10.0.1 auth-port 1645 acct-port 1646D. configure terminal aaa new-model aaa authentication login default group radius line console 0 loginauthentication default group radius radius-server host 172.10.0.1 auth-port 1645 acct-port 1646Answer: BQuestion No : 6Refer to the exhibit.Leading the way in IT testing and certification tools, www.examkiller.net
Cisco 350-050 ExamAll the guest users that associate to the guest SSID on the Cisco WLC are receiving this message fromtheir browser each time that they try to reach an Internet website. Which two changes will allow the guestusers to avoid this message in a simple and secure way? (Choose two.)A. Generate and install a new certificate for the Cisco WLC web-auth, signed by the Cisco CA.B. Configure a FQDN in the management interface of the Cisco WLC and add that FQDN to the DNSserver.C. Configure a FQDN in the virtual interface of the Cisco WLC and add that FQDN to the DNS server.D. Generate and install a new certificate for the Cisco WLC web-auth, signed by a CA trusted by thebrowser.E. Generate and install a new certificate for the Cisco WLC web-auth, signed by the local CA.Answer: C,DQuestion No : 7You are converting your wireless infrastructure from a data-only design to a location services design.Which task do you need to complete?A. Disable the DSSS speeds for RFID compatibility.B. Use fewer APs to avoid RFID 3D imaging.C. Set APs to maximum power for RF fingerprinting.D. Locate APs at the edges of your coverage area for trilateration.Answer: DQuestion No : 8Two switches are connected by an EtherChannel. Which setting does not have to match on the connectedports in order to form an EtherChannel?A. the allowed VLAN listB. the spanning-tree PortFast settingsC. DTP negotiation settingsLeading the way in IT testing and certification tools, www.examkiller.net
Cisco 350-050 ExamD. the native VLANE. the spanning-tree port priorities for each VLANAnswer: CQuestion No : 9You are tasked with creating a controller-based high-density RF design. Which three factors determinethe cell size? (Choose three.)A. antenna typeB. ClientLink supportC. basic data rateD. TPC threshold settingE. AP placementF. free space path lossAnswer: A,C,DQuestion No : 10DSCP values can be expressed in decimal form or by PHB. Which PHB is the equivalent of DSCP 20?A. AF20B. AF22C. AF26D. AF28Answer: BQuestion No : 11Refer to exhibit.Leading the way in IT testing and certification tools, www.examkiller.net
Cisco 350-050 ExamWhich type of RF signature does the exhibit illustrate on channel 1?A. broadcast probe floodB. video cameraC. Wi-Fi invertedD. NULL probe responseE. none of the aboveAnswer: BQuestion No : 12You are designing a wireless network utilizing EAP-TLS. One design requirement is to provide per-userdifferentiated QoS using only one SSID. What is the best way to achieve this goal?A. using WMM overrideB. using Cisco Airespace VSAsC. using QoS Enhanced BSSD. using AP groupsLeading the way in IT testing and certification tools, www.examkiller.net
Cisco 350-050 ExamAnswer: BQuestion No : 13Which of the below parameters are used in calculating the range - maximum distance - of an outdoor linkbetween two bridges? Choose two.A. The cable length between bridge and the connecting switch.B. The bridge transmission power.C. The outside temperature.D. The modulation type.E. The length of the antenna.Answer: B,DQuestion No : 14Which of the below statement is correct with regards to configuring local MAC authentication on an AP?A. A MAC address can be spoofed, so it is insecure.B. The MAC address is used in stead of the username in the EAP certificate exchange.C. The MAC address may be used in the key hash, if WEP is used as a key cipher.D. MAC address authentication can not co-exist with EAP authentication.Answer: AQuestion No : 15You have configured ACS to perform machine authentication against Active Directory. Both ACS andActive Directory hosts can ping each other, there is no firewall between them, and ACS trusts the correctCA. Yet the clients that are performing machine authentication with EAP-TLS and using valid certificatesare failing to authenticate. What might the reason be?A. The wrong UDP port for Active Directory is configured on ACS.B. Machine access restrictions is enabled on ACS.Leading the way in IT testing and certification tools, www.examkiller.net
Cisco 350-050 ExamC. The client certificate key is less than 2048 bit.D. The wrong date and time are on the ACS server.E. The host is not configured in the ACS internal database.Answer: DQuestion No : 16How can you configure an NTP server address for Cisco Secure ACS 5.2?A. through the ACS GUI onlyB. through the ACS CLI onlyC. through both the ACS GUI and CLID. on the hosting Microsoft Windows operating systemE. not possible because there are no NTP settings for ACSAnswer: BQuestion No : 17The transmit power level on an 802.11a radio is configured for 25 mW. What is the corresponding value indecibels?A. 2.5 dBmB. 3 dBmC. 14 dBmD. 18 dBmE. none of the aboveAnswer: CQuestion No : 18Leading the way in IT testing and certification tools, www.examkiller.net
Cisco 350-050 ExamRefer to the exhibit.This setup uses two Cisco APs as wireless bridges. One bridge is configured for root bridge mode and theother is configured for non-root bridge mode. Client A associates with the root bridge and Client Bassociates with the non-root bridge. Which three statements are true? (Choose three.)A. Two bridges that are in root mode can talk to each other.B. Only one device can connect to the ethernet connection of the non-root bridge.C. For two bridges to communicate with each other, one bridge should be in root mode and the other mustbe in non-root mode.D. The default setting of a bridge is root.E. Two bridges that are in root mode cannot talk to each other.F. The default setting of a bridge is non-root.Answer: C,D,EQuestion No : 19Your site has already been surveyed at 5 GHz for 802.11n VoWLAN services. Which services can youadd safely, without conducting an additional site survey? (Choose two.)A. enhanced Layer 2 or Layer 3 security of the WLANB. optional MFP client protection for Cisco Client Extensions Version 5 clientsLeading the way in IT testing and certification tools, www.examkiller.net
Cisco 350-050 ExamC. 802.11n data services on the 2.4 GHz FrequencyD. 802.11n voice services on the 2.4 GHz FrequencyE. new services (such as location) on both frequenciesAnswer: A,BQuestion No : 20Which of the following is not a valid IPv6 address type?A. link-local unicastB. unique-local unicastC. anycastD. multicastE. broadcastAnswer: EQuestion No : 21Refer to the exhibit.Cisco Secure ACS 5.2 shows successful TACACS authentication and authorization for the user, butaccess to the Cisco WLC GUI fails. What is the reason for this failure?A. The user password is incorrect.B. The authorization response does not include a Privilege-Level attribute.Leading the way in IT testing and certification tools, www.examkiller.net
The wrong date and time are on the ACS server. E. The host is not configured in the ACS internal database. Answer: D Question No : 16 How can you configure an NTP server address for Cisco Secure ACS 5.2? A. through the ACS GUI only B. through the ACS CLI only C. through both the ACS GUI and CLI D. on the hosting Microsoft Windows operating .
