Cisco.CCNA.Wireless - GRATIS EXAM · Cisco.CCNA.Wireless.162q ... Exam Name: Implementing Cisco Unified Wireless Networking Essentials v2.0 Sections 1. Access Points 2 ... Release

Cisco.CCNA.Wireless.162q

Number: 640-722Passing Score: 800Time Limit: 120 minFile Version: 2.0

http://www.gratisexam.com/

Vendor: Cisco

Exam Code: 640-722

Exam Name: Implementing Cisco Unified Wireless Networking Essentials v2.0

Sections1. Access Points2. AnyConnect3. Apple4. Cisco Compatible Extension5. Discovery6. Other7. RF8. Security9. Standarts10.Wireless Control System11.WLC

All

QUESTION 1You have an Apple IOS iPhone4 that is used on your home Wi-Fi network and a personal laptop that is used onyour work's enterprise wireless network. At your office, you are unable to see the enterprise wireless network onyour iPhone4.What is the most likely cause of this issue?

A. WPA2 CPU intensive encryption is not supported on the client.B. WPA2 must be enabled on the client.C. A new profile must be created on the client.D. Wi-Fi must be enabled on the client.E. The enterprise is 2.4 GHz only.F. The enterprise is 5 GHz only.G. The RF channel must be adjusted on the client.

Correct Answer: FSection: AppleExplanation

QUESTION 2You have brought your MacBook Pro running OS 10.6 to work and intend use the enterprise wireless network.This network is using EAP-FAST and 2.4 GHz for data and 5 GHz for VoWLAN. Which statement about thelaptop configuration and wireless connection is true?

A. Install a USBwireless adapter and configureB. Install AppleEAP-Fast plug-in and configureC. Install Cisco AnyConnect v2.4 and configureD. Configure Apple network preferences for EAP-FASTE. The laptop does not support EAP-FAST and will be unable to connectF. The laptop only supports 5 GHz and will be unable to connect

Correct Answer: DSection: AppleExplanation

QUESTION 3The introduction of consumer phones and tablets into enterprise WLANs can have an impact on 802.11a/b/g/ndeployments. The Apple iPhone 4 and iPad 2 are very common examples. Which statement best describes theabilities of these devices?

A. The Apple iPhone 4 and the iPad 2 use 2.4 GHz and 5 GHz. The Apple iPhone 4 uses only one spatialstream and the iPad 2 uses two spatial streams.

B. The Apple iPhone 4 uses only 2.4 GHz and the iPad 2 only uses 5 GHz. The Apple iPhone 4 uses only onespatial stream and the iPad 2 uses two spatial streams.

C. The Apple iPhone 4 uses 2.4 GHz and the iPad 2 uses 2.4 GHz or 5 GHz. The Apple iPhone 4 only usesone spatial stream and the iPad 2 uses two spatial streams.

D. The Apple iPhone 4 uses 2.4 GHz and the iPad 2 uses 2.4 GHz or 5 GHz. The Apple iPhone 4 and the iPad2 use only one spatial stream.


Explanation/Reference:

QUESTION 4Which key combination provides a detailed wireless connection status for an Apple MacBook running 10.6?

A. Command + Click the SSID of the networkB. Alt + Click the SSID of the networkC. Command + the Airport iconD. Option + the Airport iconE. Ctrl + the Airport IconF. Option + Click the SSID of the network


QUESTION 5Which option lists the key features of Cisco Compatible Extensions v5?

A. Roaming and real-time diagnostics, MFP, a diagnostic channel that allows troubleshooting of the client,client reporting, optional location service, and expedited bandwidth

B. AP assisted roam, Cisco Centralized Key Management, radio measurements, and transmit power controlC. CAC, UPSD, voice metrics, MBSSIDs, location, link tests, and NACD. WME, proxy ARP, EAP-FAST, and WPA2, and single sign-onE. LEAP, WPA, 802.1x and VLANs per AP, TKIP, and WiFi

Correct Answer: ASection: Cisco Compatible ExtensionExplanation

QUESTION 6Which option is needed to earn the Cisco Compatible credential for Cisco Compatible Extensions Lite?

A. Foundation and Management are required.B. Location and Management are required.C. Foundation and Location are required.D. Foundation and Voice are required.E. Voice is required.F. Foundation is required.G. Location is required.H. Management is required.

Correct Answer: FSection: Cisco Compatible ExtensionExplanation

QUESTION 7How are application-specific devices differentiated from laptop computers in the way they support CiscoCompatible Extensions?


A. ASDs are required to support only Cisco Compatible Extensions v1 and v2 features. Laptops must supportall Cisco Compatible Extensions features.

B. ASDs are required to support only Cisco Compatible Extensions v5 management features, while laptops arerequired to support optional features.

C. Several features that are required for laptops are not required for ASDs.D. There is no differentiation. ASDs and laptops must both support the same Cisco Compatible Extensions

features.

Correct Answer: CSection: Cisco Compatible ExtensionExplanation


QUESTION 8A controller is connected to a Cisco Catalyst switch. The switch port configuration looks like this:

interface GigabitEthernet 1/0/10switchportswitchport trunk encapsulation dot1qswitchport trunk allowed vlan 1,20,30,50switchport trunk native vlan 20switchport mode trunk

Which controller CLI command assigns its management interface to the native VLAN interface of the CiscoCatalyst switch?

A. config interface vlan management 0B. config interface vlan management 1C. config interface vlan management 20D. config interface vlan management 30E. config interface vlan management 50

Correct Answer: CSection: WLCExplanation

Explanation/Reference:For the controller Cisco says:“Enter 0 for an untagged VLAN or a nonzero value for a tagged VLAN.”http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mint.html#wp1120860

So “config interface vlan management 20″ is the right answer.

QUESTION 9Which two statements best describe the LAG configuration between a Cisco WLC and a Cisco Catalyst switch?(Choose two.)

A. The Catalyst switch should be configured for PAgP.B. The Catalyst switch should be configured only for Layer 2 load balancing.C. The Catalyst switch should be configured for "on" mode.D. The Cisco WLC relies on the connected switch to perform the load-balance of traffic.E. The Cisco WLC aggregates multiple management interfaces into a single virtual interface.

Correct Answer: CDSection: WLCExplanation

Explanation/Reference:Cisco Wireless LAN Controller Configuration Guide, Release 7.2 -> Chapter 3 - Configuring Ports andInterfaces

Guidelines and Limitations ...

LAG requires the EtherChannel to be configured for the on mode on both the controller and the Catalystswitch. The load-balancing method configured on the Catalyst switch must be a load-balancing method thatterminates all IP datagram fragments on a single controller port. Not following this recommendation mayresult in problems with access point association.

...http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_ports_interfaces.html#wp1277652

QUESTION 10Which type of management tasks can be completed on a Cisco WLC remotely from a wireless client?

A. All management and configuration tasks can be performed from a wireless client except for using debugcommands.

B. In the default configuration, no management or configuration is possible through the GUI or CLI on theCisco WLC.

C. The default configuration of the Cisco WLC allows only CLI access and then only the use of showcommands, so no configuration is possible.

D. All management and configuration tasks, except uploads from and downloads to the Cisco WLC, arepermitted.

Correct Answer: BSection: WLCExplanation

Explanation/Reference:Cisco Wireless LAN Controller Configuration Guide, Release 7.4

Managing the Controller WirelesslyYou can monitor and configure controllers using a wireless client. This feature is supported for all managementtasks except uploads from and downloads to the controller.Before you can open the GUI or the CLI from a wireless client device, you must configure the controller to allowthe connection.

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_010.html#ID470

QUESTION 11When using a Cisco WLC version 7.0 with a default configuration, how is a remote management HTTPSaccess connection secured?

A. The Cisco WLC uses a pre-shared key to authenticate the user, which limits the number of potential usersthat can access the controller.

B. The Cisco WLC generates its own local web administration SSL certificate and automatically applies it tothe GUI.

C. The Cisco WLC uses a CA certificate for SSL access.D. The Cisco WLC uses HTTPS to secure the HTTP session via a preconfigured password that generates a

certificate for each session.


QUESTION 12Configurations are commonly uploaded and downloaded to a WLC. Which options are other examples of a filethat can be uploaded from a Cisco 2500 Series WLC?

A. packet captureB. crash fileC. codeD. login bannerE. PAC


QUESTION 13Which interface is considered a dynamic interface?

A. the virtual interfaceB. the AP manager interfaceC. the LAG interfaceD. the management interfaceE. the service port interfaceF. a WLAN client data interface

Correct Answer: FSection: WLCExplanation

QUESTION 14Which CLI command is used on a Cisco WLC to troubleshoot mobility, rogue detection, and load- balancingevents?

A. debug dot11B. debug capwap allC. show dot11 detailsD. show capwap details

Correct Answer: A

Section: WLCExplanation

Explanation/Reference:Cisco Wireless LAN Controller Command Reference, Release 7.3

To configure dot11 events debug options, use the debug dot11 command.debug dot11 { all | load-balancing | management | mobile | nmsp | probe | rldp | rogue | state} { enable | disable}

QUESTION 15Which three WLC debug commands are appropriate to troubleshoot a wireless client that is associated to anAP? (Choose three.)

A. debug capwapB. debug mac addrC. debug dot11D. debug dhcpE. debug apF. debug dtls

Correct Answer: BCDSection: WLCExplanation

Explanation/Reference:debug capwap {detail | dtls-keepalive | errors | events | hexdump | info | packet | payload} {enable | disable}debug mac {disable | addr MAC} debug dot11 {all | load-balancing | management | mobile | nmsp | probe | rldp | rogue | state} {enable | disable}debug dhcp {message | packet} {enable | disable} debug ap {enable | disable | command cmd} cisco_apdebug dtls {all | event | trace | packet} {enable | disable} - debug DTLS data encryption;

QUESTION 16Refer to the exhibit. With the current Cisco WLC version 7.0 syslog level settings set the way they are, whichlog levels are captured by the Syslog server?

A. syslog level errors onlyB. all syslog levelsC. only the syslog severity level number of error and greaterD. only the syslog severity level number of error and less

Correct Answer: DSection: WLCExplanation

QUESTION 17How many RADIUS servers can be configured globally and per WLAN on a Cisco WLC version 7.0?

A. 7 global; additional 1 per WLANB. 7 global; additional 3 per WLANC. 17 global; additional 1 per WLAND. 17 global; additional 3 per WLANE. 7 global; reuse of up to 1 maximum per WLANF. 17 global; reuse of up to 1 maximum per WLAN

G. 17 global; reuse of up to 3 maximum per WLAN

Correct Answer: GSection: WLCExplanation


QUESTION 18Which limitation applies to the use of the Cisco WLAN Solution Management over Wireless feature?

A. Controllers must be managed using only secure protocols (that is, SSH and HTTPS), not nonsecureprotocols (that is, HTTP and Telnet).

B. Read-write access is not available; only read-only access is supported.C. Uploads and downloads from the controller are not allowed.D. Wireless clients can manage other controllers however not the same controller and AP to which the client is

associated.


Explanation/Reference:Cisco Wireless LAN Controller Configuration Guide, Release 7.4:The management over wireless feature allows you to monitor and configure local controllers using a wirelessclient. This feature is supported for all management tasks except uploads to and downloads from (transfers toand from) the controller.

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_0110101.html

QUESTION 19Which description best describes upfade in a multipath environment?

A. In this situation, multiple signal paths are not sent at exactly the same time. The receiver receives a positivecrest on the primary signal and a negative crest on the secondary signal.

B. In this situation, the multiple signal paths are distorted and difficult to understand.C. In this situation, the multiple signal paths are weaker than they should be because the signals are out of

phase with each other.D. In this situation, the signal is stronger than it should be because multiple signal paths are received twice at

exactly the same time, which results in the multiple signals being in-phase.

Correct Answer: DSection: RFExplanation

Explanation/Reference:Upfade is the term used in radio communications to describe a situation where multipath conditions (in whichsignals travel from the transmitter to the receiving antenna by two or more paths) cause a radio signal to gainstrength. Some multipath conditions cause a signal's amplitude to be increased in this way because signalstravelling by different paths arrive at the receiver in phase and become additive to the main signal. Hence, thetotal signal that reaches the receiver will be stronger than the signal would otherwise have been without themultipath conditions.

The effect is also noticeable in wireless LAN systems.

QUESTION 20Which two factors must be considered when evaluating an RF interferer for severity? (Choose two.)

A. distance from the APB. dBmC. the type of security crack being usedD. duty cycleE. number of interfering IP stations in the cellF. duplicate SSID

Correct Answer: BDSection: RFExplanation

QUESTION 21How many dBm is 40 mW?

A. 10 dBmB. 16 dBmC. 20 dBmD. 22 dBmE. 40 dBm

Correct Answer: BSection: RFExplanation

Explanation/Reference:dBm = 10*lg(mW) => 10*lg(40) ~ 16 dBm

QUESTION 22If an antenna has a dBd of 8.6, what is the dBi value?

A. 6.2B. 6.46C. 8.6D. 10.74E. 12.88


Explanation/Reference:dBi refers to the decibel gain in relation to an "Isotropic Radiator." That is a theoretical antenna which radiatesenergy equally in all directions (as a perfect sphere.)dBd refers to decibel gain in relation to a dipole antenna. That antenna has a dBi gain of 2.14. So, an antennathat has a 4 dBd gain would be a 6.14 dBi gain antenna.

dBi = dBd + 2.14 dB

8.6 + 2.14 = 10.74

QUESTION 23

Which calculation computes the EIRP of an antenna?

A. EIRP = Tx power (dBm) + Antenna Gain (dBi) - Cable Loss (dB)B. EIRP= Cable Loss (dB) + Antenna Gain (dBi) - Tx power (dBm)C. EIRP = Cable Loss (dB) + Antenna Gain (dBi) / Tx power (dBm)D. EIRP = Tx power (dBm) + Antenna Gain (dBi) / Cable Loss (dB)E. EIRP = Antenna Gain (dBi) - Cable Loss (dB) * Tx power (dBm)F. EIRP = Tx power (dBm) * Antenna Gain (dBi) / Cable Loss (dB)

Correct Answer: ASection: RFExplanation


QUESTION 24Effective Isotropic Radiated Power is calculated by using which three values? (Choose three.)

A. antenna bandwidthB. antenna gainC. cable lossD. receiver sensitivityE. SSIDF. transmission power

Correct Answer: BCFSection: RFExplanation


QUESTION 25What increases bandwidth and resists multipath problems by carrying data in subcarriers?

A. Direct Sequence Spread SpectrumB. Frequency Hopping Spread SpectrumC. Narrow Band FrequencyD. Orthogonal Frequency Division Multiplexing


QUESTION 26What is fading?

A. Another signal source is producing energy on the channel in which you are trying to operate.B. The desired signal reaches the receiving antenna via multiple paths, each of which has a different

propagation delay and path loss.C. A time-varying change in the path loss of a link with the time variance governed by the movement of objects

in the environment, including the transmitter and receiver themselves.

D. A function of the frequency and should be provided in the cable specification by the vendor.E. The minimum signal level for the receiver to be able to acceptably decode the information.F. The time delay from the reception of the first instance of the signal until the last instance.

Correct Answer: CSection: RFExplanation

Explanation/Reference:In wireless communications, fading is deviation of the attenuation affecting a signal over certain propagationmedia. The fading may vary with time, geographical position or radio frequency, and is often modeled as arandom process. A fading channel is a communication channel comprising fading. In wireless systems, fadingmay either be due to multipath propagation, referred to as multipath induced fading, or due to shadowing fromobstacles affecting the wave propagation, sometimes referred to as shadow fading.

QUESTION 27Which two tasks does RRM routinely perform? (Choose two.)

A. antenna selectionB. AP address assignmentC. channel assignmentD. encryption method assignmentE. transmit power control

Correct Answer: CESection: RFExplanation

QUESTION 28What is the equivalent of 26 dBm in milliwatts?

A. 4 mWB. 40 mWC. 100 mWD. 400 mWE. 1000 mW


Explanation/Reference:dBm = 10*lg(mW) => mW = 10^(dBm/10) => 10^(26/10) = 10^2.6 == 398.1 ~ 400 mW

QUESTION 29What is the EIRP value for a transmitter that has a transmitter capable of 15 dBm, an antenna that has a gainof 12 dBi, and a cable that connects the transmitter to the antenna that has 1 dB loss?

A. 26 dBmB. 100 mWC. 86 dBmD. 165 dBmE. 1000 mW


Explanation/Reference:EIRP = transmitter power – cable loss + antenna gain => EIRP = 15 dBm + 12 dBi - 1 dB = 26 dBm

QUESTION 30Which three Cisco Unified Wireless Network capabilities use information that is provided by Radio ResourceManagement neighbor messages? (Choose three.)

A. aggressive load balancingB. dynamic channel assignmentC. hybrid remote edge access pointD. intercontroller mobility (that is, mobility groups)E. over-the-air provisioningF. rogue AP classification

Correct Answer: BEFSection: RFExplanation

Explanation/Reference:First we should learn how the RRM works:

1. Controllers (whose APs need to have RF configuration computed as a single group) are provisioned with thesame RF Group Name. An RF Group Name is an ASCII string each AP will use to determine if the otherAPs they hear are a part of the same system. (RF groups are groups of controllers that share the same RFgroup name and whose APs can hear the neighbor messages of each other)

2. APs periodically send out Neighbor Messages, sharing information about themselves, their controllers, andtheir RF Group Name. These neighbor messages can then be authenticated by other APs sharing the sameRF Group Name.

3. APs that can hear these Neighbor Messages and authenticate them based on the shared RF Group Name,pass this information (consisting primarily of controller IP address and information on the AP transmitting theneighbor message) up to the controllers to which they are connected.

4. The controllers, now understanding which other controllers are to be a part of the RF Group, then form alogical group to share this RF information and subsequently elect a group leader.

5. Equipped with information detailing the RF environment for every AP in the RF Group, a series of RRMalgorithms are used to optimize AP configurations.

Information from Radio Resource Management (RRM) monitors the radio resources, performs dynamicchannel assignments, provides detection and avoidance of interference, and provides the dynamic transmitpower control (TPC).

The RRM neighbor message contains the following information:Radio Identifier: If the AP had multiple radios, this field identifies the radio used to transmit the message.Group ID: The 16-bit value and controller MAC address. This information is used to detect rogue accesspoints. The access points will then check the beacon/probe-response frames in neighboring access pointmessages to see if they contain an authentication information element (IE) that matches that of the RFgroup. If the check is successful, the frames are authenticated. Otherwise, the authorized access pointreports the neighboring access point as a rogue, records its BSSID in a rogue table, and sends the table tothe controller.WLC IP Address: RF group leader’s management IP address. This address is discovered through Over-the-Air Provisioning (OTAP)AP Channel: The native channel that the AP uses to service clients.Neighbor Message Channel: The channel the message is sent on.Power: The power level at which the message is transmitted.Antenna Pattern: The antenna pattern currently in use

Note:Dynamic channel assignment is used to dynamically allocate access point channel assignments to avoidconflict and to increase capacity and performance. For example, two overlapping channels in the 802.11gband, such as 1 and 2, cannot both simultaneously use 54 Mbps. By effectively reassigning channels, thecontroller keeps adjacent channels separated, thereby avoiding this problem.Over-the-Air Provisioning (OTAP) is a method for APs to discover the management IP of a controller overthe air.A rogue AP is an AP that is unknown to the controller.

QUESTION 31Which three options relate to event-driven RRM? (Choose three.)

A. any 802.11n AP modelsB. specific AP modelsC. minimum of AP and WLCD. minimum of AP, WLC, and WCSE. minimum of AP, WLC, WCS, and MSEF. configurable in WLC at 802.11b/g/n > RRM > TPCG. configurable in WLC at 802.11b/g/n > RRM > DCA

Correct Answer: BCGSection: RFExplanation

Explanation/Reference:Cisco Wireless LAN Controller Configuration Guide, Release 7.0:

The Cisco CleanAir spectrum event-driven RRM feature allows you to set a threshold for air quality (AQ) that, ifexceeded, triggers an immediate channel change for the affected access point. Most RF management systemscan avoid interference, but this information takes time to propagate through the system. Cisco CleanAir relieson AQ measurements to continuously evaluate the spectrum and can trigger a move within 30 seconds. Forexample, if an access point detects interference from a video camera, it can recover by changing channelswithin 30 seconds of the camera becoming active. Cisco CleanAir also identifies and locates the source ofinterference so that more permanent mitigation of the device can be performed at a later time.Note: Spectrum event-driven RRM can be triggered only by Cisco CleanAir-enabled access points in localmode.

Configuring Transmit Power Control (GUI):Step 1 Choose Wireless > 802.11a/n or 802.11b/g/n > RRM > TPC

Configuring Dynamic Channel Assignment (GUI):...Step 2 Choose Wireless > 802.11a/n or 802.11b/g/n > RRM > DCA

QUESTION 32Why are wireless analog video signals that are operating in the 2.4-GHz band particularly harmful to Wi-Fiservice?

A. Analog video is a strong signal and increases the SNR.B. Analog video is a constant signal with 100% duty cycle.C. Analog video signals are slow frequency hopping and tend to affect the entire band.D. Analog Video modulation is the same as Wi-Fi and causes interference.



QUESTION 33What does the current European Telecommunications Standards Institute rule state is the 2.4-GHz maximumtransmitter output power for point-to-point installations?

A. 16 dBmB. 17 dBmC. 20 dBmD. 30 dBmE. 36 dBm


QUESTION 34What are two attributes used to characterize antenna performance? (Choose two.)

A. attenuationB. beamwidthC. gainD. harmonyE. interference

Correct Answer: BCSection: RFExplanation


QUESTION 35Which two Cisco Unified Wireless Network capabilities use information that is provided by Radio ResourceManagement neighbor messages in version 7.0 MR1? (Choose two.)

A. aggressive load balancingB. dynamic channel assignmentC. hybrid remote edge access pointD. inter-controller mobility (that is, mobility groups)E. rogue AP classification

Correct Answer: BESection: RFExplanation


QUESTION 36What unit of measurement is used to represent the strength of an antenna's radiation pattern?

A. dBiB. dBmC. mWD. GHz


Explanation/Reference:dB(isotropic) – the forward gain of an antenna compared with the hypothetical isotropic antenna, whichuniformly distributes energy in all directions. Linear polarization of the EM field is assumed unless notedotherwise.

QUESTION 37A controller-based wireless solution can avoid interference by dynamically adjusting what two access pointtransmission characteristics? (Choose two.)

A. operating RF channelB. SSID namesC. transmit power levelsD. switch port parametersE. antenna gain

Correct Answer: ACSection: RFExplanation


QUESTION 38Which modulation technique allows you to achieve a data rate of 54Mb/s in the 2.4GHz-band?

A. Complimentary Code KeyingB. Differential Binary Phase Shift KeyingC. Differential Quadrature Phase Shift KeyingD. Quadrature Amplitude Modulation



QUESTION 39You are on the phone working with a colleague that is console connected to a lightweight AP that has lost itsconfiguration.Which three actions are neecessary to allow the AP to connect to a controller? (Choose three.)

A. Configure the AP IP address.B. Configure the controller name.C. Configure the controller IP address.D. Configure the AP hostname.

E. Configure the AP IP default-gateway.F. Configure the AP username and password.

Correct Answer: ACESection: Access PointsExplanation

QUESTION 40You have a lightweight AP that has been moved to a new subnet and has become stranded because DNS andDHCP servers are unavailable. The AP cannot connect to the controller. When connected to the console port,which three minimum parameters must you configure? (Choose three.)

A. AP IP addressB. controller nameC. AP hostnameD. default gateway IP addressE. controller IP addressF. username and password

Correct Answer: ADESection: Access PointsExplanation

QUESTION 41Which two items are needed to discover the IP address of a new Cisco Aironet 1260 autonomous AP that justfinished booting? (Choose two.)

A. username = "cisco" and password = "cisco"B. username = "Admin" and password = "Cisco"C. username = none and password = "Cisco"D. show int vlan1E. show int bvi1F. show int gigabitethernet0G. show int radio0-802.11nH. show int radio1-802.11n

Correct Answer: CESection: Access PointsExplanation

Explanation/Reference:Cisco IOS Software Configuration Guide for Cisco Aironet Access Points -> Connecting to the 1040,1140,1200, 1230, 1240, 1250, 1260, and 2600 Series Access Points Locally:When connected, press enter or type en to access the command prompt. Pressing enter takes you to the userexec mode. Entering en prompts you for a password, then takes you to the privileged exec mode. The defaultpassword is Cisco and is case-sensitive.(Note: By default, for console access the user is not configured!)

QUESTION 42Which statement correctly describes the procedure for a lightweight AP to successfully establish a connectionto a controller?

A. The AP authenticates the received Cisco WLC certificate as valid. The AP then sends its certificate to the

controller.B. The AP sends its certificate to the controller. The AP then authenticates the received Cisco WLC certificate

as valid.C. The AP sends its certificate to the RADIUS server. The AP then authenticates the controller certificate as

valid.D. The AP sends its certificate to the RADIUS server. The AP then authenticates the RADIUS certificate as

valid.E. The AP authenticates the received RADIUS server certificate as valid. The AP then sends its certificate to

the RADIUS server.F. The AP authenticates the received RADIUS server certificate as valid. The AP then sends its certificate to

the controller.

Correct Answer: BSection: Access PointsExplanation

Explanation/Reference:After the LAP selects a WLC, the LAP sends an LWAPP join request to the WLC. In the LWAPP join request,the LAP embeds a digitally signed X.509 certificate. When the certificate is validated, the WLC sends anLWAPP join response in order to indicate to the LAP that it is successfully joined to the controller. The WLCembeds its own digitally signed X.509 certificate in the LWAPP join response that the LAP must validate. Afterthe LAP validates the WLC certificate, the LWAPP join process is complete.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml#topic1

QUESTION 43An indoor 1240 AP is booting and has obtained an IP address using DHCP. The AP has confirmed priorcontroller IP addresses from a previously joined mobility group stored in NVRAM. What is the next step the APperforms?

A. DHCP option 43.B. DNS resolution of CISCO-LWAPP-CONTROLLER.localdomain.C. Layer 2 LWAPP discovery broadcast.D. Layer 3 LWAPP discovery broadcast.E. Ping each Cisco WLC to verify its current status.F. Select a Cisco WLC based on its position in the configured join selection sequence.

Correct Answer: ASection: DiscoveryExplanation

Explanation/Reference:Cisco Aironet 1240G Series Access Point Data Sheet:The Cisco Aironet 1240G Series is available in two versions: unified or autonomous. Unified access pointsoperate with the Lightweight Access Point Protocol (LWAPP) and work in conjunction with Cisco wireless LANcontrollers and the Cisco Wireless Control System (WCS).

Register the LAP with the WLC1. The LAP issues a DHCP request to a DHCP server in order to get an IP address, unless an assignment

was made previously with a static IP address.2. If Layer 2 LWAPP mode is supported on the LAP, the LAP broadcasts an LWAPP discovery message in a

Layer 2 LWAPP frame. Any WLC that is connected to the network and that is configured for Layer 2LWAPP mode responds with a Layer 2 discovery response. If the LAP does not support Layer 2 mode, or ifthe WLC or the LAP fails to receive an LWAPP discovery response to the Layer 2 LWAPP discoverymessage broadcast, the LAP proceeds to step 3.

3. If step 1 fails, or if the LAP or the WLC does not support Layer 2 LWAPP mode, the LAP attempts a Layer 3

LWAPP WLC discovery.4. See the Layer 3 LWAPP WLC Discovery Algorithm section of this document.5. If step 3 fails, the LAP resets and returns to step 1....Layer 3 LWAPP WLC Discovery Algorithm...You can also program DHCP servers to return WLC IP addresses in the vendor-specific "option 43" in theDHCP offer to LAPs. This is the discovery process:1. When an LAP gets an IP address from the DHCP server, the LAP looks for WLC IP addresses in the

option 43 field of the DHCP offer.2. The LAP sends a Layer 3 LWAPP discovery request to each of the WLCs that are listed in the DHCP option

43.3. WLCs that receive the LWAPP discovery message reply with a unicast LWAPP discovery response

message to the LAP....http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml

Note:i.e. if an access point does not have an assigned IP address, then she gets it from the DHCP together withDHCP-option 43, and the discovery process ends. However, if the access point already have assigned IPaddress, then performs the usual discovery process:1. LWAPP discovery broadcast on local subnet2. OTAP3. Locally stored WLC IPs4. DHCP Option 435. DNS Discovery

QUESTION 44Which AP to Wireless LAN Controller discovery process requires a previous association of the AP with a CiscoWLC?

A. AP primingB. defining a master controllerC. DHCP Option 6D. DHCP Option 43E. over-the-air provisioning

Correct Answer: ASection: DiscoveryExplanation

QUESTION 45Which set of commands assigns a standalone access point an IP address of 10.0.0.24 with a 27-bit subnetmask and a gateway of 10.0.0.1?

A. config tinterface BVI1ip address 10.0.0.24 255.255.255.192exitip default-gateway 10.0.0.1

B. config tinterface BVI1ip address 10.0.0.24 255.255.255.224exitip default-gateway 10.0.0.1

C. config tinterface FastEthernet1

ip address 10.0.0.24 255.255.255.224exitip default-gateway 10.0.0.1

D. config tinterface Dot11Radio0ip address 10.0.0.24 255.255.255.224exitip default-gateway 10.0.0.1

E. config tinterface FastEthernet1ip address 10.0.0.24 255.255.255.192exitip default-gateway 10.0.0.1

F. config tinterface Dot11Radio0ip address 10.0.0.24 255.255.255.192exitip default-gateway 10.0.0.1


QUESTION 46Which three items are allowed on an Ethernet trunk port? (Choose three.)

A. autonomous APB. FlexConnect APC. local APD. monitor APE. rogue detector APF. sniffer APG. SE-Connect APH. Cisco WLC

Correct Answer: ABESection: Access PointsExplanation

QUESTION 47A Cisco Aironet 1260 AP is unable to join a Cisco 2500 Series WLC that is connected through a Layer 2 switch.Which three options help to verify the wireless network operation and locate a possible issue? (Choose three.)

A. Verify status of GUI Wireless > CountryB. Verifystatus of GUI Wireless > TimersC. Verify status of GUI WLANs > ID > AdvancedD. CLI debug of dot11E. CLI debug of DHCPF. Verify Cisco WLC licenseG. Verify Cisco WLC model

Correct Answer: AEFSection: Access Points

Explanation


QUESTION 48An AP has been configured for personal wireless access to the Internet.Which item should be configured on the wireless client?

A. RF channelB. BSSC. PSKD. 802.1X/EAPE. broadcast SSIDF. IBSS

Correct Answer: CSection: Access PointsExplanation

QUESTION 49An AP was reset while working on the correct association to a Cisco WCS version 7.0.Which item was cleared during the reset?

A. static IP addressB. the location ID of the APC. WLC primary, secondary, tertiaryD. AP nameE. certificateF. Nothing was cleared.

Correct Answer: FSection: Access PointsExplanation


QUESTION 50Which two actions would you use to begin to troubleshoot an access point that fails to join a wireless LANcontroller successfully? (Choose two.)

A. SSH to the AP.B. SSH to the Cisco WCS.C. SSH to the Cisco WLC.D. Issue the Cisco WLC comman debug capwap events enableE. Issue the Cisco WLC comman show capwap events

Correct Answer: CDSection: Access PointsExplanation


QUESTION 51Which type of authentication is used initially by a controller-based AP so that a guest client can get an IPaddress?

A. 802.1xB. EAPC. LEAPD. open authenticationE. TLSF. SSL

Correct Answer: DSection: Access PointsExplanation

QUESTION 52In general, what is the difference in transmit power between an AP operating at Tx Power Level 1 and the sameAP operating at Tx Power Level 3?

A. 2 dBB. 3 dBC. 6 dBD. 11 dBE. 17 dB


Explanation/Reference:Suppose:TxLevel1 = 15 mW, hence TxLevel3 = TxLevel1 * 4 = 60 mW, hence:TxLevel1 = 10*lg(15) = 11,7 dB, TxLevel2 = 10*lg(60) = 17,8 dBTxDelta = 17,8 - 11,7 = 6,1 ~ 6 dB

QUESTION 53You are testing a new autonomous Cisco Aironet 1260 AP that has booted for the first time on the existingcorporate network, which includes voice, data, and location services.How do you reach the GUI of the AP?

A. HTTP to 10.0.0.1.B. HTTP to 192.168.1.1.C. HTTP to the DHCP address.D. HTTPS to 10.0.0.1.E. HTTPS to the 192.168.1.1.F. HTTPS to the DHCP address.


QUESTION 54When an AP, in its default configuration mode, connects to a Cisco WLC, which methods are available forremote management access to an AP?

A. SSL and SSH are available only after configuration by a Cisco WLC version 7.0.B. SSH onlyC. HTTPS, and SSHD. SSH and TelnetE. SSH and Telnet are available only after configuration by a Cisco WLC version 7.0.


QUESTION 55Which three options are limitations when configuring basic security on an autonomous AP when using theexpress security page setup? (Choose three.)

A. You need multiple SSIDs.B. Delete all the SSIDs.C. Edit the SSIDs.D. Use multiple authentication servers.E. Use the same SSID on both radios.F. Use a single SSID on a single radio.

Correct Answer: CDFSection: Access PointsExplanation

Explanation/Reference:Cisco IOS Software Configuration Guide for Cisco Aironet Access Points:

Because the Express Security page is designed for simple configuration of basic security, the options availableare a subset of the wireless device security capabilities. Keep these limitations in mind when using the ExpressSecurity page:

If the No VLAN option is selected, the static WEP key can be configured once. If you select Enable VLAN,the static WEP key should be disabled.You cannot edit SSIDs. However, you can delete SSIDs and re-create them.You cannot assign SSIDs to specific radio interfaces. The SSIDs that you create are enabled on all radiointerfaces. To assign SSIDs to specific radio interfaces, use the Security SSID Manager page.You cannot configure multiple authentication servers. To configure multiple authentication servers, use theSecurity Server Manager page.You cannot configure multiple WEP keys. To configure multiple WEP keys, use the Security EncryptionManager page.You cannot assign an SSID to a VLAN that is already configured on the wireless device. To assign an SSIDto an existing VLAN, use the Security SSID Manager page.You cannot configure combinations of authentication types on the same SSID (for example, MAC addressauthentication and EAP authentication). To configure combinations of authentication types, use the SecuritySSID Manager page.

QUESTION 56Which two items are used to help convert a lightweight AP into an autonomous AP? (Choose two.)

A. HTTP express setup on the APB. Cisco WCS templateC. Cisco WLC CLID. Windows Cisco Conversion ToolE. image with naming convention of platform_name-k9w7-tar.defaultF. image with naming convention of platform_name-rcvk9w8-tar


Explanation/Reference:You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOSRelease that supports autonomous mode. If the access point is associated to a controller, you can use thecontroller to load the Cisco IOS release. If the access point is not associated to a controller, you can load theCisco IOS release using TFTP.

Using a Wireless LAN Controller to Return to a Previous Release

Follow these steps to revert from LWAPP mode to autonomous mode using a wireless LAN controller:Log into the CLI on the controller to which the access point is associated.Enter this command: config ap tftp-downgrade tftp-server-ip-address filename access-point-name

Using a TFTP Server to Return to a Previous Release

Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using aTFTP server:

The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and10.0.0.30.Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a1200 series access point) in the TFTP server folder and that the TFTP server is activated

...

http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp161272

QUESTION 57Which three AP modes of operation allow for the wIPS sub mode? (Choose three.)

A. local modeB. bridge modeC. monitor modeD. H-REAP modeE. rogue detector modeF. SE-Connect modeG. sniffer mode

Correct Answer: ACDSection: Access PointsExplanation


http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b82504.shtml

QUESTION 58A lightweight AP has been deployed in local mode in a network that consists of 10 wireless LAN controllers in asingle mobility group. The AP has been configured to use primary, secondary, and tertiary Cisco WLCs. Due toa major power failure, all those Cisco WLCs are unavailable.

Which step does the AP take next?

A. The AP reboots and repeatedly attempts to join the configured primary, secondary, and tertiary Cisco WLCsin that order. The process continues until one of the configured Cisco WLCs is available.

B. The AP attempts to join a Cisco WLC configured as a master controller.C. The AP attempts to join the Cisco WLC that has the greatest capacity available.D. The AP state transitions to AP Fallback Mode and continues to provide limited WLAN services (that is, no

new client authentications) until a Cisco WLC is available.


QUESTION 59An AP using version 7.0 MR1 broadcasts a Layer 3 CAPWAP discovery message on the local IP subnet.Which step does the AP take next?

A. Determine if the controller responses include the primary controller.B. Determine if the controller responses include the master controller.C. Send a discovery request using DHCP option 43.D. Send a discovery request using DNS.E. Send a discovery request using locally stored information on the AP.F. Send a discovery request using OTAP.

Correct Answer: ESection: DiscoveryExplanation

QUESTION 60An AP has been configured for personal wireless access to the Internet using appropriate security and cloaking.Which two items should be configured on the wireless client? (Choose two.)

A. RF channelB. BSSC. PSKD. 802.1X/EAPE. broadcast SSIDF. manual SSIDG. IBSS

Correct Answer: BFSection: Access PointsExplanation

QUESTION 61

You have an organization that has a growing number of standalone APs. You would like to migrate tolightweight APs and manage them through Cisco WCS.Which software platform allows you to make this migration?

A. The enterprise version of Cisco WCS allows this migration and provides the most flexibility in the number ofAPs supported.

B. CiscoWorks WLSE is the only management platform that allows this migration, but it is limited to 500 APs.C. You can migrate your network to Cisco WCS single server with the CiscoWorks WLSE upgrade software

upgrade.D. You can migrate the network by using either the single server or enterprise software platforms, both using

the CiscoWorks WLSE upgrade software upgrade.


Explanation/Reference:CiscoWorks WLSE is a centralized, systems-level application for managing and controlling an entire autonomous Cisco WLAN infrastructure.

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/index.html

QUESTION 62Which statement best describes the ability of a wireless client to access and transmit a data frame to an AP?

A. The client listens to the media until polled by the AP using PCF to send its data.B. The client listens to the media until a data frame is finished, at which time it transmits, unless a collision of

data frames has occurred.C. The client uses random countdown timers to start the transmission of a data frame.D. The client listens to the media and countdown timers to start the transmission of a data frame.




QUESTION 63The corporate network locates all RADIUS servers at the centralized data center for authentication. The remoteoffices use access points operating in H-REAP mode using v5.0 code with various local and central switchWLANs. When a remote office has lost connectivity to the main corporate network due to a WAN outage, whichtwo statements correctly describe the status of that remote office when H-REAP access points are operating instandalone mode? (Choose two.)

A. All Cisco APs with 16 MB of RAM or more can operate as standalone H-REAP.B. All clients will continue association until the respective authentication timers expire.C. If configured, clients using WPA or WPA2 with PSK and locally switched WLANs will continue to operate.D. If configured, locally switched WLANs will continue operation using the backup RADIUS server feature.

E. If configured, locally switched WLANs will continue operation using Local-EAP for EAP-LEAP and EAP-FAST for up to twenty users.

F. If configured, locally switched WLANs will continue operation using Local-EAP for EAP-LEAP, EAP-FAST,EAP-TLS, and EAP-PEAP for up to twenty users.


Explanation/Reference:H-Reap Design and Deployment Guide:...local authentication, local switching - In this state, the H REAP access point handles client authenticationsand switches client data packets locally. This state is valid only in Standalone mode and only for authenticationtypes that can be handled locally at the access point. When a hybrid-REAP access point enters standalonemode, WLANs that are configured for open, shared, WPA-PSK, or WPA2-PSK authentication enter the localauthentication, local switching state and continue new client authentications....Local authentication - You can configure the controller to allow a H REAP access point in standalone mode toperform LEAP or EAP FAST authentication up to 20 statically configured users. With Controller softwarerelease 5.0 onwards, this has been increased to 100 statically configured users. The controller sends the staticlist of usernames and passwords to each H REAP access point when it joins the controller. Each access pointin the group authenticates only its own associated clients. This feature is ideal for customers who migrate froman autonomous access point network to a CAPWAP H REAP access point network and do not need tomaintain a large user database nor add another hardware device to replace the RADIUS server functionalityavailable in the autonomous access point....http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml

QUESTION 64Which two statements about the Cisco WLC and AP code upgrade when 7.0 is running are true? (Choose two.)

A. The AP can download and run new code only after a Cisco WLC reboot causes the AP discovery and join.B. The AP can download new code before the Cisco WLC reboot, but only if the AP is configured the CLI via

SSH.C. The AP can download new code before Cisco WLC reboot if it is configuring the Cisco WLC directly using

the GUI via HTTP or HTTPS.D. The Cisco WLC defaults to booting newer code, but it can boot older backup code only from the CLI

configuration.E. The Cisco WLC can boot either primary or back code configured from the GUI.F. The Cisco WLC can download only a single code at a time for reboot.



QUESTION 65What is the result when client exclusion is enabled with a timeout value of zero?

A. Clients are excluded indefinitely.B. Clients are never excluded.C. Client exclusion is disabled.D. Clients must be explicitly included by specifying the MAC address.

E. Exclusion and inclusion is determined by access list.

Correct Answer: ASection: OtherExplanation


QUESTION 66You need to set up an ad hoc connection to another client in a conference room to exchange files usingWindows 7.Which two items do you need to create this connection? (Choose two.)

A. SSID nameB. RF channelC. 802.1X/EAP credentialsD. pre-shared keyE. TelnetF. IBSS nameG. SSH

Correct Answer: DFSection: OtherExplanation

QUESTION 67Which option describes why most wireless phones and tablets do not use 802.11a/n and 40 MHz channels?

A. a lack of radio range when using these radiosB. a lack of device battery capacity to operate concurrent a/b/g/n radiosC. a lack of cooling in the device necessary to operate these radiosD. These radios would require the devices to be larger.

Correct Answer: BSection: OtherExplanation

QUESTION 68You are about to use a hotel's guest wireless services using a wireless laptop. Which three items do you needto establish a wireless connection? (Choose three.)

A. SSID nameB. RF channelC. RF signalD. 802.1X/EAP credentialsE. pre-shared keyF. web pageG. WPA/WPA2 settings

Correct Answer: ACFSection: Other

Explanation


QUESTION 69Which three items do you need to establish a wireless connection to an enterprise wireless network? (Choosethree.)

A. SSID nameB. RF channelC. RF signalD. 802.1X/EAP credentialsE. pre-shared keyF. web pageG. WPA/WPA2 settings

Correct Answer: ACDSection: OtherExplanation


QUESTION 70Which single tool helps to troubleshoot client-related issues in a WLAN?

A. The show and debug commands on the controller.B. The show commands on the AP.C. Client templates on the Cisco WCS.D. Client troubleshooting on the Cisco WCS.

Correct Answer: DSection: OtherExplanation

QUESTION 71Which two actions are best for deploying VoWLAN on a wireless network? (Choose two.)

A. Minimize the use of Class 3 Bluetooth devices.B. Minimize the use of analog cameras.C. Minimize the use of IP cameras.D. Maximize client access by enabling all data rates used by clients.E. Maximize client access by enabling only a few high data rates used by clients.

Correct Answer: BESection: OtherExplanation

Explanation/Reference:Class 3 Bluetooth devices, not greatly impact on VoWLAN, because those devices can operate ondistances not more than 1 meter;Analog camera significantly affect VoWLAN, because constantly transmit on frequencies that can be usedVoWLAN;

IP cameras use WLAN and do not impact VoWLAN;

QUESTION 72When using the CLI command eping, configured for auto-anchor mobility wireless guest access, which type ofpacket is tested?

A. data packetsB. mobility unencrypted packetsC. mobility encrypted packetsD. SNMP control packetsE. NTP control packets

Correct Answer: ASection: WLCExplanation

Explanation/Reference:To test the mobility Ethernet over IP (EoIP) data packet communication between two controllers, use the epingcommand.

http://www.cisco.com/en/US/docs/wireless/controller/7.2/command/reference/cli72commands.html#wp6422975

QUESTION 73When a wireless guest network is implemented using auto-anchor mobility in a controller-based wirelessnetwork, which controller is responsible for a guest client's IP address and their security configuration?

A. any controller that supports the same VLANB. foreign controllerC. anchor controllerD. master controllerE. RF group master controller


QUESTION 74A WLAN deployment uses a combination of Cisco Aironet 1260 APs and multiple Cisco 5500 Wireless LANControllers to provide wireless LAN access to end-users. The network administrator has decided to use DHCPOption 43 to enable the APs to discover the wireless LAN controllers. When configuring the DHCP scope,which format should be used for the Cisco WLC addresses?

A. a comma-separated ASCII string of Cisco WLC AP-manager addressesB. a comma-separated ASCII string of Cisco WLC management addressesC. a comma-separated ASCII string of Cisco WLC virtual IP addressesD. a hexadecimal string of Cisco WLC AP-manager addressesE. a hexadecimal string of Cisco WLC management addressesF. a hexadecimal string of Cisco WLC virtual IP addresses

Correct Answer: ESection: DiscoveryExplanation

QUESTION 75In the AP Layer 3 controller discovery process, after the LWAPP Discovery Request is broadcast on a localsubnet, what is the next step that the AP takes?

A. Determine whether the controller responses are the primary controller.B. Send an LWAPP discovery request to controllers learned via OTAP if operational.C. Send an LWAPP response to the master controller if known.D. Wait 5 seconds and resend a Discovery Request to the local subnet.

Correct Answer: BSection: DiscoveryExplanation

Explanation/Reference:This procedure describes the steps that the Layer 3 discovery algorithm goes through in the attempt to discoverWLCs:1. After the LAP gets an IP address from the DHCP server, the LAP begins this discovery process:

The LAP broadcasts a Layer 3 LWAPP discovery message on the local IP subnet. Any WLC that isconfigured for Layer 3 LWAPP mode and that is connected to the same local subnet receives the Layer 3LWAPP discovery message.Each of the WLCs that receives the LWAPP discovery message replies with a unicast LWAPP discoveryresponse message to the LAP.

2. LAPs also use the Over-the-Air Provisioning (OTAP) feature in order to discover the WLC. The OTAPfeature is disabled by default in 4.2.39.13, 5.0.68.0 and later WLC versions. OTAP is enabled by default inthe WLC versions earlier than 4.2.39.13.. This is the discovery process when OTAP is enabled:The LAPs that are already registered to the WLC can advertise the WLC IP address to the LAPs (in anattempt to find the WLC) with the use of neighbor messages that are sent over the air.New LAPs that attempt to discover WLCs hear these messages and then unicast LWAPP discovery requestmessages to the WLCs.WLCs that receive the LWAPP discovery message reply with a unicast LWAPP discovery responsemessage to the LAP.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml#l2lwaap

QUESTION 76Which two statements about the requirements to configure inter-controller roaming are true? (Choose two.)

A. The same mobility domain names are configured across controllers.B. The same RF group names are configured across controllers.C. The same controller hardware version is configured across controllers.D. The same AP manager interface is configured across controllers.E. The same virtual interface is configured across controllers.F. The same controller software version is configured across controllers.

Correct Answer: AESection: OtherExplanation

Explanation/Reference:Wireless Official Exam Certification Guide -> Chapter 12: Adding Mobility with Roaming

The following must occur for your controllers to support roaming:The controllers need to be in the same mobility domain.The controllers need to run the same code version.The controllers need to operate in the same LWAPP mode.Access control lists (ACL) in the network need to be the same.The SSID (WLAN) needs to be the same.

...Controllers that are in the same mobility group have the same virtual gateway IP address.

QUESTION 77Which governing body analyzes the applications and environments in which wireless networks are used?

A. EIRPB. ETSIC. FCCD. IEEEE. WiFi Alliance

Correct Answer: DSection: OtherExplanation

QUESTION 78What is the difference between the IEEE, the WiFi Alliance, and the FCC, ETSI, and TELEC?

A. The IEEE and FCC are responsible for the standards that apply to wireless networks. The WiFi Alliance,ETSI, and TELEC are the governmental agencies that regulate compliance with local standards.

B. The IEEE is responsible for Layer 1 and Layer 2 protocols. The WiFi Alliance is responsible forinteroperability testing. The FCC, ETSI, and TELEC are responsible for radio frequency and transmissionpower-level regulations and standards in the U.S., Europe, and Japan.

C. The IEEE is responsible for Layer 1 and Layer 2 protocols. The FCC, ETSI, and TELEC are responsible forinteroperability testing and compliance. The WiFi Alliance is responsible for radio frequency andtransmission power-level regulations and standards on a global basis.

D. The IEEE and FCC are responsible for the Layer 3 protocol support and frequency and power- levelregulations in the United States. ETSI and TELEC are responsible for frequency and power- levelregulations in Europe and Japan. The WiFi Alliance is responsible to interoperability testing.

Correct Answer: BSection: OtherExplanation


QUESTION 79The IEEE 802.11n standard provides 40-MHz channels, improved MAC efficiency, and MIMO. Which threeelements define the 802.11n implementation of MIMO? (Choose three.)

A. channel bondingB. dynamic frequency selectionC. maximal ratio combiningD. packet aggregationE. spatial multiplexingF. transmit beam forming

Correct Answer: CEFSection: StandartsExplanation

QUESTION 80Which two statements about WiMAX technology are true? (Choose two.)

A. WiMAX is defined by 802.11i.B. Typically, fixed WiMAX networks have a higher-gain directional antenna installed near the client.C. WiMAX is capable of working as a long-range system over several miles.D. WiMAX works only for licensed frequencies.

Correct Answer: BCSection: StandartsExplanation

Explanation/Reference:http://www.wifinotes.com/wimax/wimax-limitations.html

QUESTION 81Which statement about an infrastructure basic service set is true according to IEEE 802.11 specifications?

A. The set also is called an ad hoc network.B. The BSSID is generated from the first wireless client that starts up in the IBSS.C. The set enables the use of ESS.D. No signals are relayed from one client to another client.

Correct Answer: CSection: StandartsExplanation

Explanation/Reference:The set-up formed by the access point and the stations located within its coverage area are called the basicservice set (or infrastructure basic service set, or BSS for short). Each BSS forms one cell.

We can link several BSS’s together (it means we link access points) using a connection called a distributionsystem in order to form an extended service set or ESS. The distribution system can also be a wired network, acable between two access points or even a wireless network.

QUESTION 82Which physical layer encoding technology is common to both the IEEE 802.11g and the IEEE 802.11astandards?

A. BPSKB. CCKC. DSSSD. OFDM

Correct Answer: DSection: StandartsExplanation


QUESTION 83The network administrator receives complaints of slow wireless network performance and performs a sniffertrace of the wireless network in preparation for migration to 802.11n. The sample capture shows frames thatcontains AP beacons with NonERP_Present bit set to 1 and frames with RTS/CTS.Which two conclusions can be interpreted from these frames? (Choose two.)

A. The network is performing slowly because 802.11n clients are already mixed with 802.11g clients.B. The network is performing slowly because 802.11b clients still exist in the network.C. The network is performing slowly because a wireless client is incorrectly configured, which results in RF

interference.D. Possible 802.11b wireless clients are located only in the AP cell radius where the sniffer capture was

performed.E. Possible 802.11b wireless clients could be located anywhere in the wireless network.

Correct Answer: BESection: StandartsExplanation

QUESTION 84Which option describes computer-to-computer wireless communication?

A. BSS and BSAB. IBSS and ad hoc networkC. ad hoc network and BSAD. IBSS and ESSE. ESS and BSAF. BSS and ad hoc network

Correct Answer: BSection: StandartsExplanation

QUESTION 85Which two statements best describe LWAPP? (Choose two.)

A. Cisco proprietaryB. communication between the AP and clientC. communication between the AP and the WLCD. Lightweight Access Point provisioningE. used to encrypt control and data packets

Correct Answer: ACSection: StandartsExplanation

QUESTION 86What is an MBSSID?

A. a virtual AP configured on a physical AP that share a single physical device, which is one half-duplex radioB. a set of physical APs configured in a BSA to form cells that are controlled by a single controllerC. the group of clients that are allowed to gain access to one or more SSIDs configured in an APD. the identified overlap area between two cells, which identifies the clients that are operating in that area at

any given time

Correct Answer: ASection: StandartsExplanation

Explanation/Reference:CCNA Wireless Official Exam Certification Guide:

When the AP has more than one network, it is called a Multiple Basic Service Set Identifier (MBSSID). You canthink of it as a virtual AP. It offers service for multiple networks, but it’s the same hardware.

QUESTION 87Which statement about ZigBee technology is true?

A. It has low power consumption.B. It is designed only for point-to-point communications.C. It ranges up to 250 meters.D. It supports data rates up to 1 and 2 Mb/s.

Correct Answer: ASection: StandartsExplanation

QUESTION 88Which four options are the characteristics of the original 802.11 protocol? (Choose four.)

A. Defined DSSS and FHSS as possible methods for modulationB. Designed to operate in the 5 GHz ISM frequency spectrumC. The most common deployment is three non-overlapping channels that are 20 MHz wideD. The protocol sets the maximumthroughput at 1 Mb/s or 2 Mb/sE. Defined FHSS and OFDM aspossible methods for modulationF. The most common deployment is three non-overlapping channels that are 22 MHz wideG. Designed to operate in the2.4 GHz ISM frequency spectrumH. The protocol sets the maximum throughput at1 Mb/s

Correct Answer: ACDGSection: StandartsExplanation


QUESTION 89Which two statements about beacon frames used by access points are true? (Choose two.)

A. They contain SSIDs if this feature is enabled.B. They provide vendor proprietary information.C. They are another name for an associated request.D. They are sent in response to a probe frame.E. They include ATIM window information for power save operations.

Correct Answer: ABSection: StandartsExplanation


QUESTION 90Which open standard defines the combination of Extensible Authentication Protocol with Advanced EncryptionStandard for providing strong wireless LAN client security?

A. IEEE 802.1XB. IEEE 802.11iC. WEPD. WPAE. WPA2

Correct Answer: BSection: StandartsExplanation

QUESTION 91Drag and Drop Questions

Select and Place:

Correct Answer:

Section: OtherExplanation



Select and Place:

Correct Answer:

Section: Access PointsExplanation

Explanation/Reference:Layer 2 forwarding for remote analysis:An LWAPP that operates in Sniffer mode functions as a sniffer and captures all the packets on Layer 2 andforwards them to a remote machine for analysis.

wIPSE, MSE:wIPS Mode Access Point - A wIPS mode access point is any access point in Monitor Mode, Enhanced LocalMode, or with the WSSI module.Wireless Security and Spectrum Intelligence (WSSI) Module - This is an add-on module to the Cisco Aironet3600 Series Access Point, which offloads the constant channel scanning with attack detection and forensicscapabilities to the module, freeing up the serving radios for clientsMobility Services Engine (running wIPS Service) - The central point of alarm aggregation from all controllersand their respective wIPS Monitor Mode Access Points. Alarm information and forensic files are stored onthe system for archival purposes

http://www.cisco.com/en/US/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html AWAPP, local bridging:Answer - Bridge mode

Layer 1 forwarding for remote analysis:Keep in mind that the spectrum chip on the AP is processing the energy that could not be demodulated as802.11. Therefore, you would only get the physical layer(Layer 1) data for the SE-Connect mode.https://learningnetwork.cisco.com/thread/51774

VLAN trunk access, wired IDS:A Rogue detector AP finds rogues over the wire. It does this by a local mode or montior mode AP finding arogue client mac address and that mac address is reported back to the controller. Then the Rogue Detectormode AP will sniff the wire for the same mac address as the rogue client. If that is found, then that is theindication there is a rogue AP on the wire. Once found, you can port trace where the rougue is plugged into onthe wire and take action.

Local bridging, wIPS, OEAP, VLAN trunk access:The Office Extend AP (OEAP) is a specific submode of H-REAP, and is supported on the Cisco Aironet1130AG, 1140, and 3500i (not 3500e) APs. Answer - H-REAP

Site survey, wIPS, MSE:Answer - Local mode


Select and Place:

Correct Answer:

Section: Wireless Control SystemExplanation

Explanation/Reference:Using the Select a command drop-down list, you can make the following changes to the selected alarms:

Delete - Delete the selected alarms.Clear - Clear the selected alarms.Acknowledge - You can acknowledge the alarm to prevent it from showing up in the Alarm Summary page.The alarm remains in WCS and you can search for all Acknowledged alarms using the alarm searchfunctionality.

http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0event.html


Select and Place:

Correct Answer:


Explanation/Reference:Network Summary -> Executive SummaryCompliance Report -> Configuration AuditDevices Reports -> Inventory ReportsCleanAir Reports -> Security Risk Interferers

http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0reps.html#wp1102587


Select and Place:

Correct Answer:


Explanation/Reference:Performance Reports -> Network UtilizationCleanAir Reports -> Worst InterferersNetwork Summary -> 802.11n SummaryCompliance Report -> PCI DSS Summary (Payment Card Industry (PCI) Data Security Standard (DSS))

http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0reps.html#wp1140411


Select and Place:

Correct Answer:


Explanation/Reference:AP manager interface:

Used for Layer 3 communications between WLC and lightweight AP after the access points have joined thecontroller;Used as the tunnel source/destination for communications between WLC and AP;

Management interface:In-band management of the controller. Uses for access the controller’s GUI;Used APs for discover the controller;Inter-controller communications. Mobility groups exchange information using the management interface;

Virtual interface:

Used to support mobility management;Act as DHCP relay and DNS gateway;Uses as the source of certificates when Layer 3 web authorization is enabled;For embedded Layer 3 security such as guest web authentication and VPN termination;

Specifically, the virtual interface plays these two primary roles:Acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP server;Serves as the redirect address for the web authentication login page;

Dynamic interface:Also known as VLAN interfaces, are created by users and designed to be analogous to VLANs for wirelessLAN clients;Mapped on WLAN;

Service interface:Out-of-band management and can also be used for system recovery and maintenance purposes;Statically mapped by the system to the service port;This is the only port that will be active when the controller is in its boot mode;Default gateway cannot be assigned to the service-port interface. Instead, static routes can be definedthrough the controller for remote network access to the service port;

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mint.html#wp1167723


Select and Place:

Correct Answer:

Section: SecurityExplanation

Explanation/Reference:EAP MD5 does not support mutual authentication nor dynamic derivation of the Wired Equivalent Privacy(WEP) key, which are essential for WLAN networks. Therefore, Cisco recommends that you do not deploy EAPMD5 in a WLAN environment.http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a008009256b.shtml

Cisco recommends that customers who absolutely must use LEAP do so only with sufficiently complexpasswords, though complex passwords are difficult to administer and enforce.http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol


Select and Place:

Correct Answer:




Select and Place:

Correct Answer:


Explanation/Reference:In this issue, when they say three boxes, they mean three icons of the monitor:

In Windows 7 uses the following notation:Three monitor icon without gold shield - Secure IBSSThree monitor icon with gold shield - Open IBSSFive bars without golden shield - Secure BSSFive bars with gold shield - Open BSS


Select and Place:

Correct Answer:


Explanation/Reference:A new RRM component, called Event-Driven RRM (EDRRM), allows the controller to take immediate action tomitigate severe interference issues rather than waiting for the RRM configured interval to take action. Thesensitivity threshold determines the AQI value for an individual AP radio that is required in order for EDRRM tokick into effect and make an adjustment in order to avoid the source of interference. Three threshold settingsare available to control what AQI value triggers RRM events: High Sensitivity requires AQI to fall below 60,

Medium Sensitivity requires AQI below 50, and Low Sensitivity requires AQI below 35. Additionally, air qualitySNMP trap alarms are sent when the AQI drops below a value of 35 (by default).

A value of 1 represents the worst air quality, and 100 represents the best.

http://revolutionwifi.blogspot.ru/2010/10/cisco-cleanair-review.html


Select and Place:

Correct Answer:

Section: Cisco Compatible ExtensionExplanation

Explanation/Reference:Foundation:

Management Frame ProtectionIEEE 802.11i - WPA2PEAP-GTC

Voice:Wi-Fi Multimedia (WMM)Expedited Bandwidth Request

Management:Link Test

http://www.cisco.com/web/partners/pr46/pr147/program_additional_information_new_release_features.html


Select and Place:

Correct Answer:

Section: SecurityExplanation



Select and Place:

Correct Answer:



QUESTION 104

Drag and Drop Questions

Select and Place:

Correct Answer:



One of the key concepts of the LWAPP is concept of split MAC, where part of the 802.11 protocol operation ismanaged by the LWAPP AP, and other parts of the 802.11 protocol are managed by the WLC.

For example, the LWAPP AP handles the following:Frame exchange handshake between a client and APTransmission of beacon framesBuffering and transmission of frames for clients in power save modeResponse to probe request frames from clients; the probe requests are also sent to the WLC for processingForwarding notification of received probe requests to the WLCProvision of real-time signal quality information to the switch with every received frameMonitoring each of the radio channels for noise, interference, and other WLANsMonitoring for the presence of other APsEncryption and decryption of 802.11 frames

Other functionality is handled by the WLC. Some of the MAC-layer functions provided by the WLC include thefollowing:

802.11 authentication802.11 association and reassociation (mobility)802.11 frame translation and bridging802.1x/EAP/RADIUS processingTermination of 802.11 traffic on a wired interface, except for the REAP and H-REAP, which are discussedlater in this guide

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob30dg/TechArch.html#wp999574


Select and Place:

Correct Answer:


Explanation/Reference:CCNA Wireless Official Exam Certification Guide -> Chapter 7: Wireless Traffic Flow and AP Discovery


Select and Place:

Correct Answer:




Select and Place:

Correct Answer:



In this situation:Address 1 - Receiving address = AP;Address 2 - Source address = HostA;Address 3 - Destination address = HostB;Address 4 - Transmitter address = Empty;

QUESTION 108When Cisco AnyConnect modules are installed on a PC, which module must be installed first?

A. telemetryB. web securityC. VPND. NAME. DARTF. postureG. CSSC

Correct Answer: CSection: AnyConnectExplanation

Explanation/Reference:Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.1... Installing AnyConnect Modules for Windows (Recommended Order) Step 1 Install the AnyConnect core client module, which installs the GUI and VPN capability (both SSL andIPsec).

QUESTION 109Which Cisco AnyConnect module allows troubleshooting for core Cisco AnyConnect problems?


Correct Answer: ESection: AnyConnectExplanation

Explanation/Reference:DART (Diagnostic and Reporting Tool) allows you to collect data useful for troubleshooting AnyConnectinstallation and collection problems.

QUESTION 110Which Cisco AnyConnect module provides wireless connectivity?


Correct Answer: DSection: AnyConnectExplanation


NAM (Network Access Manager)

QUESTION 111How do the features that are available on the Cisco WCS for Linux version differ from those of the Cisco WCSfor Windows version?

A. Assuming that there are no differences in hardware, a Cisco WCS for Linux can support up to 750 wirelessLAN controllers. A Cisco WCS for Windows can support up to 250 wireless LAN controllers.

B. Cisco WCS for Windows includes support for Cisco Spectrum Expert clients. Cisco WCS for Linux does notsupport Cisco Spectrum Expert clients.

C. Cisco WCS for Linux is required for deployments.D. There are no differences in features between the Linux and Windows versions of Cisco WCS.

Correct Answer: DSection: Wireless Control SystemExplanation

QUESTION 112Refer to the exhibit. If Cisco WCS version 7.0 needs to have APs added, relocated, or removed on a respectivemap, which menu leads to the correct location to make that adjustment?

A. SecurityB. MonitorC. Configure

D. ServicesE. AdministrationF. Tools

Correct Answer: BSection: Wireless Control SystemExplanation


QUESTION 113Which two statements about the results of the Cisco WCS version 7.0 client troubleshooting tool are true?(Choose two.)

A. Results of Layers 1 - 3 are provided.B. Results of only Layers 2 and 3 are provided.C. Results of Layers 4 - 7 are provided.D. The tabulated results vary depending on the client type.E. Results are provided in a fixed four-part tabulation.F. Results are provided in a fixed six-part tabulation.

Correct Answer: ADSection: Wireless Control SystemExplanation

QUESTION 114Refer to the exhibit. Which two menus do you click to determine the reachability status of a controller fromCisco WCS? (Choose two.)

A. MonitorB. ReportsC. ConfigureD. ServicesE. AdministrationF. Tools

Correct Answer: ACSection: Wireless Control SystemExplanation


QUESTION 115When using Cisco WCS version 7.0, which two features are available for the client troubleshooting tool when aCisco Compatible Extensions v5 wireless client gets connected? (Choose two.)

A. Request CleanAir reports from the clientB. Send text messages to the clientC. Aggregated Cisco ACS authentication client information

D. Request the client to ping the DHCP-supplied IP gatewayE. Display asummary of client event history

Correct Answer: BDSection: Wireless Control SystemExplanation

Explanation/Reference:http://www.cisco.com/web/partners/pr46/pr147/program_additional_information_new_release_features.html

The "Diagnostic Channel" automates the troubleshooting of client problems communicating with the WLAN.When Diagnostic Channel is triggered by a client experiencing communication difficulties, the client and AP willproceed through a defined set of tests and responses to identify the cause of the problem.

QUESTION 116Refer to the exhibit. A wireless network that consists of Cisco Aironet 1260 APs and Cisco 2100 Series WLChas been correctly configured with Cisco WCS version 7, which is also used for management. The CleanAirZone of Impact is not visible for the respective Cisco WCS maps.Which two issues are causing the problem? (Choose two.)

A. software versionB. APC. Cisco WLC

D. Cisco MSEE. Cisco WCSF. Cisco WCS is not enabled.


QUESTION 117The results of a Cisco WCS client troubleshooting tool are summarized into a simple visual representation of afour-part progression of the connection status for a wireless client.What are the four parts? (Choose four.)

A. client MAC addressB. 802.1x authenticationC. IP address assignmentD. 802.11 associationE. successful associationF. authentication methodG. SSIDH. client radio type

Correct Answer: BCDESection: Wireless Control SystemExplanation

Explanation/Reference:Example 1:

Example 2:

QUESTION 118Refer to the exhibit. Which action allows you to view a summary count by alarm types for the displayed total of11 alarms?

A. Choose Monitor > AlarmsB. Click the Security tabC. Click a respective number in the Alarm SummaryD. Click the Alarm Summary blue arrowE. Choose Home (house icon) > Alarm Summary


QUESTION 119Refer to the exhibit. Which menu gives you access to manage background tasks in Cisco WCS?

A. MonitorB. ConfigureC. ServicesD. AdministrationE. Tools


Explanation/Reference:Cisco Wireless Control System Configuration Guide 7.0:

Choose Administration > Background Tasks to view several scheduled tasks. The Background Tasks pageappears.

QUESTION 120Refer to the exhibit. How do improperly set Telnet/SSH parameters effect the configuration of a controller withCisco WCS?

A. The CLI and GUI management of the controller both fail because Cisco WCS checks these credentialsbefore opening a session.

B. The Telnet/SSH username must have sufficient privileges to execute commands in CLI templates.C. The GUI management of the controller fails because the Cisco WCS uses the Telnet/SSH parameters to

login to the controller.D. The controller remains configured in the Cisco WCS, but no management is possible through GUI from

other client browsers.


QUESTION 121Refer to the exhibit. Which GUI item do you click to configure maps with APs in Cisco WCS?

A. ConfigureB. ClientC. CleanAirD. ServicesE. AdministrationF. Monitor

Correct Answer: FSection: Wireless Control SystemExplanation


QUESTION 122Refer to the exhibit. You made a manual configuration change to a controller and now you need to compare thecontroller configuration seen on Cisco WCS to the configuration that is present in the controller. Which menucan you use to do compare the configurations?

A. ReportsB. MonitorC. ConfigureD. ServicesE. AdministrationF. Tools

Correct Answer: CSection: Wireless Control SystemExplanation


QUESTION 123Which portion of a WLAN deployment can WLC message logs help to troubleshoot?

A. RF issuesB. encryption issues between APs and clientsC. configuration verification issuesD. infrastructure and client IssuesE. AP placement issues

Correct Answer: DSection: Wireless Control System

Explanation

QUESTION 124The wireless network is using controller-based APs and version 7.0 MR1. The APs appear to be connectedproperly to the controllers. A wireless user near one of the APs reports that they are unable to connect to thenetwork with their pre-shared key. Which option shows the GUI path where you can check the connectionstatus of that client?

A. WLANs > WLAN_ID > AdvancedB. Security > ClientsC. Security > Advanced > ClientsD. Monitor > ClientsE. Wireless > 802.11b/g/n > clients


QUESTION 125What is the maximum number of lightweight APs that can be supported from a single Cisco WCS Navigatormanagement console with Cisco WCS and Cisco WLC running version 7.0 code?

A. 10,000B. 20,000C. 25,000D. 30,000E. 60,000


QUESTION 126Refer to the exhibit. Which two options does this icon represent about the status of the respective AP on aCisco WCS version 7.0 map? (Choose two.)

A. The 802.11a/n radio is administratively disabled.B. The 802.11a/n radio has a minor fault.C. The 802.11a/n radio has a major fault.D. The 802.11b/g/n radio is administratively disabled.E. The 802.11b/g/n radio has a minor fault.F. The 802.11b/g/n radio has a major fault.


Explanation/Reference:Cisco Wireless Control System Configuration Guide 7.0 -> Adding and Using Maps:

The icon with the top half yellow and the lower half green indicates that the optional 802.11a Cisco Radio (top)has a minor fault, and the 802.11b/g Cisco Radio (bottom) is operational with no faults. The worst of the twoCisco Radio colors determines the color of the large triangular pointer. The icon with a red “x” on the top half(optional 802.11a) shows that the indicated Cisco Radio has been administratively disabled.

QUESTION 127Refer to the exhibit. Which GUI item do you click to configure authentication and authorization in Cisco WCS?

A. SecurityB. MonitorC. ConfigureD. ServicesE. AdministrationF. Tools

Correct Answer: ESection: Wireless Control SystemExplanation


QUESTION 128When adding a controller to manage through Cisco WCS, which address type is used and which SNMPfunction does the Cisco WCS perform?

A. The controller is managed through its MAC address and the Cisco WCS acts as a SNMP TRAPauthenticator.

B. The IP address of the controller is used and the Cisco WCS acts as a SNMP TRAP receiver.C. The controller is managed through its MAC address and the Cisco WCS acts as a SNMP agent.D. The controller connects through its MAC address to the Cisco WCS and the Cisco WCS uses the SNMP to

manage the controller for all configured SNMP parameters.



QUESTION 129Which three severity levels are in the Cisco WCS alarm dashboard? (Choose three.)

A. CriticalB. FlashC. MajorD. MinorE. TrivialF. Urgent

Correct Answer: ACDSection: Wireless Control SystemExplanation

QUESTION 130The existing Cisco Unified Wireless Controller is running version 7.0 code for both the controllers and the CiscoWCS. A controller has been configured with an appropriate rogue rule condition to report discovered APs to theCisco WCS.Which default alarm level is used to display all rogue APs in the Alarm Summary?

A. CriticalB. FlashC. UrgentD. MajorE. Minor

Correct Answer: ESection: Wireless Control SystemExplanation

QUESTION 131Which Cisco WCS tool allows you to view current reports, open specific types of reports, create and save newreports, and manage scheduled runs?

A. Reports menuB. Reports launch pageC. Scheduled Run resultsD. saved reports

Correct Answer: BSection: Wireless Control System

Explanation

QUESTION 132Which path do you take to manage the results of a report that had been run on network utilization?

A. Reports > Report Launch Pad > Device > UtilizationB. Reports > Report Launch Pad > Scheduled Run ResultsC. Reports > Saved Reports > Scheduled Run ResultsD. Reports > Scheduled Run Results



QUESTION 133Which command path correctly describes how to access and troubleshoot clients with Cisco WCS version 7.0?

A. Tools > Clients > select displayed client's MAC addressB. Tools > Clients > enter client's MAC addressC. Monitor > Clients > click displayed client's MAC addressD. Monitor > Clients > enter client's MAC address


QUESTION 134You have a small organization with multiple Cisco WCS servers. Management has become cumbersome andyou are planning to deploy Cisco WCS Navigator. When the Cisco WCS Navigator has been deployed, how arethe existing Cisco WCS servers added to the Cisco WCS Navigator, which software versions are supported,and which protocol(s) do they use to communicate with Navigator?

A. Cisco WCS Navigator searches the enterprise intranet to locate the existing Cisco WCS servers and addsthem automatically using SOAP as long as there is only a difference of one version or less between CiscoWCS and WCS Navigator.

B. Each existing Cisco WCS server must be added manually and use SOAP/HTTP to communicate with theCisco WCS Navigator platform as long as the software versions of Cisco WCS and Cisco WCS Navigatorare the same.

C. Cisco WCS must be on the same software version as Cisco WCS Navigator and each Cisco WCS server isadded automatically using XML over HTTP.

D. When Cisco WCS Navigator is added, all the Cisco WCS servers must be added manually, each systemmust use the same software release as Navigator, and the Cisco WCS communicates with Cisco WCSNavigator by using SOAP/XML over HTTPS.



The Cisco Wireless Control System Navigator (Cisco WCS Navigator) manages multiple Cisco WCSs (running the same version as Navigator) and provides a unified view of the network. It uses SOAP/XML over HTTPs to communicate with individual WCSs.-----In addition, network wide searches are available. -----In order for the WCS Navigator to detect the regional WCSs, you must manually add them to the system using either the IP address or hostname and specify the login credentials for each of the regional WCSs.

QUESTION 135Which two features are available in the Cisco WCS Plus license over the base license? (Choose two.)

A. ad hoc rogue detectionB. high availability between two Cisco WCS stationsC. mobility service engine managementD. auto discovery and containment or notification of rogue APsE. client location to the nearest AP

Correct Answer: BCSection: Wireless Control SystemExplanation


Cisco WCS PLUS license supports Cisco WCS Base license features and the following capabilities: mobilityservices enablement and high availability.

QUESTION 136Refer to the exhibit. Cisco WCS version 7.0 has a configuration mismatch with what is actually running in thecontroller. Which menu leads to the Audit Status Report?

A. SecurityB. MonitorC. ConfigureD. ServicesE. AdministrationF. Tools



QUESTION 137Refer to the exhibit. Which two statements about the status of the respective AP on a Cisco WCS version 7.0map does this icon represent? (Choose two.)

A. The 802.11a/n radio is administratively disabled.B. The 802.11a/n radio has a minor fault.C. The 802.11a/n radio has a major fault.D. The 802.11b/g/n radio is administratively disabled.E. The 802.11b/g/n radio has a minor fault.F. The 802.11b/g/n radio has a major fault.

Correct Answer: BFSection: Wireless Control SystemExplanation


QUESTION 138What are the main menu items in WCS 7.0?

A. MonitorB. HelpC. AdministrationD. ServiceE. HomeF. ReportsG. Wireless

H. ToolsI. SecurityJ. Configure

Correct Answer: ABCEFHJSection: Wireless Control SystemExplanation


QUESTION 139What two statements are true about AES-CCMP? (Choose two.)

A. It is an encryption algorithm used in the 802.11i security protocol.B. It is defined in 802.1X.C. It is the encryption algorithm used in TKIP implementations.D. It is required in WPA.E. It is required in WPA2.

Correct Answer: AESection: SecurityExplanation

Explanation/Reference:CCNA Wireless Official Exam Certification Guide:"By the time 802.11i was ratified, it had added more support for 802.1x methods and AES/CCMP forencryption.""WPA mandates TKIP, and AES is optional.""WPA2 mandates AES and doesn’t allow TKIP.""WPA2 only allows the AES/CCMP variant."

QUESTION 140A client is attached to the Cisco Unified Wireless Network using controllers. When the client is using WPA2 andEAP authentication, where are the wireless encryption keys located during the active user session? (Choosetwo.)

A. on the access pointB. on the RADIUS serverC. on the Cisco WCSD. on the clientE. on the Cisco WLC

Correct Answer: ADSection: SecurityExplanation

Explanation/Reference:CCNA Wireless Official Exam Certification Guide:With WPA2, key management allows keys to be cached to allow for faster connections.

QUESTION 141Which Extensible Authentication Protocol types are supported by the Cisco Unified Wireless Network?

A. EAP-TLS, PEAP-MSCHAPv2, and PEAP-GTC only

B. LEAP and EAP-FAST onlyC. EAP-TLS, PEAP-MSCHAPv2, PEAP-GTC, LEAP, and EAP-FAST onlyD. any EAP supported by the RADIUS authentication server

Correct Answer: DSection: SecurityExplanation

QUESTION 142Which four parameters must be configured for local EAP-FAST on the controller? (Choose four.)

A. authority IDB. authority ID InformationC. client keyD. PACE. server keyF. TTL for PACG. monitor keyH. NTP source

Correct Answer: ABEFSection: SecurityExplanation

Explanation/Reference:Cisco Wireless LAN Controller Configuration Guide, Release 7.0:

If you created an EAP-FAST profile, follow these steps to configure the EAP-FAST parameters: In the Server Key and Confirm Server Key text boxes, enter the key (in hexadecimal characters) used toencrypt and decrypt PACs. In the Time to Live for the PAC text box, enter the number of days for the PAC to remain viable. The validrange is 1 to 1000 days, and the default setting is 10 daysIn the Authority ID text box, enter the authority identifier of the local EAP-FAST server in hexadecimalcharacters. You can enter up to 32 hexadecimal characters, but you must enter an even number ofcharacters.In the Authority ID Information text box, enter the authority identifier of the local EAP-FAST server in textformat.

QUESTION 143Which statement best represents the authorization aspect of AAA?

A. Authorization takes place after a successful authentication and provides the Cisco WLC the informationneeded to allow client access to network resources.

B. Authorization is the validation of successful DHCP address delivery to the wireless client.C. Authorization must be successfully completed in order to proceed with the authentication phase.D. Successful authorization will provide encryption keys that will be used to secure the wireless

communications between client and AP.

Correct Answer: ASection: SecurityExplanation

QUESTION 144

What three roles are defined by 802.1X? (Choose three.)

A. AAA ServerB. AuthenticateeC. AuthenticatorD. Authentication ServerE. Supplicant

Correct Answer: CDESection: SecurityExplanation

QUESTION 145Which two attacks does Management Frame Protection help to mitigate? (Choose two.)

A. EavesdroppingB. Denial of ServiceC. War DrivingD. Man-in-the-Middle

Correct Answer: BDSection: SecurityExplanation


QUESTION 146Which method of encryption does the 802.11i standard use?

A. AES/CCMPB. AES/ECBC. AES/OCBD. TKIPE. both AES/ECB and AES/CCMP

Correct Answer: ASection: SecurityExplanation

Explanation/Reference:CCNA Wireless Official Exam Certification Guide 802.11i:By the time 802.11i was ratified, it had added more support for 802.1x methods and AES/CCMP for encryption.

QUESTION 147In a typical wireless network using WPA, WPA2 or VPN, why is it still possible for a rogue client to launch aDOS attack?

A. WPA and WPA2 are not considered strong encryption algorithms and are easily cracked.B. 802.11 management frames are easily compromised.C. Cisco Compatible Extensions v5 are required with WPA, WPA2, or VPN to keep rogues from launching

attacks in the wireless network.D. The message integrity check frames are never encrypted or authenticated, which allows rogues to spoof

clients.

Correct Answer: BSection: SecurityExplanation

QUESTION 148Strong security is required, but a centralized RADIUS authenticator has not been implemented. Which twosteps must you take to provide maximum security when using a pre-shared key? (Choose two.)

A. Change the TKIP on a weekly basis.B. Use a key that includes mixed-case letters, numbers, and symbols with a length greater than 10 characters.C. Use only with WPA and WPA2, following proper strong key guidelines.D. Use the longest possible WEP key in your security policy.

Correct Answer: BCSection: SecurityExplanation

QUESTION 149Which key is established using the four-way handshake during the WPA authentication process?

A. Pairwise Master KeyB. Pairwise Multiple KeyC. Pairwise Session KeyD. Pairwise Transient KeyE. Pairwise Transverse Key


Explanation/Reference:CCNA Wireless Official Exam Certification Guide:Next, a four-way handshake occurs (see Figure 17-16), in which the client and authenticator communicate anda new key called a Pairwise Transient Key (PTK) is derived.

QUESTION 150What are four features of WPA? (Choose four.)

A. a larger initialization vector, increased to 48 bitsB. a message integrity check protocol to prevent forgeriesC. authenticated key management using 802.1XD. support for a key caching mechanismE. unicast and broadcast key managementF. requires AES-CCMP

Correct Answer: ABCESection: SecurityExplanation

Explanation/Reference:http://www.wi-fiplanet.com/tutorials/article.php/2148721

QUESTION 151When the enterprise-based authentication method is used for WPA2, a bidirectional handshake exchangeoccurs between the client and the authenticator. Which five options are results of that exchange being used ona controller-based network? (Choose five.)

A. a bidirectional exchange of a nonce used for key generationB. binding of a Pairwise Master Key at the client and the controllerC. creation of the Pairwise Transient KeyD. distribution of the Group Transient KeyE. distribution of the Pairwise Master key for caching at the access pointF. proof that each side is alive

Correct Answer: ABCDFSection: SecurityExplanation


QUESTION 152When a guest client is authenticated, which type of connection is created between the controller- based AP andthe client?

A. as SSL connectionB. a TLS encrypted tunnelC. an unsecured connectionD. a 802.1x/EAP tunnelE. an IPsec tunnel

Correct Answer: CSection: SecurityExplanation


QUESTION 153What are three primary components that describe TKIP? (Choose three.)

A. broadcast key rotationB. dynamic WEPC. message integrity checkD. per-packet key hashingE. symmetric key cipherF. WPA2 enterprise mode

Correct Answer: ACDSection: SecurityExplanation

Explanation/Reference:Wikipedia:TKIP uses the same underlying mechanism as WEP, and consequently is vulnerable to a number of similarattacks. The message integrity check, per-packet key hashing, broadcast key rotation, and a sequence counterdiscourage many attacks. The key mixing function also eliminates the WEP key recovery attacks.

http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol

QUESTION 154What security benefit is enabled by using Management Frame Protection?

A. Provides encryption of administrator sessions between a wireless client and a wireless LAN controller.B. Protects the network infrastructure from denial-of-service attacks that attempt to flood the network with

associations and probes.C. Prevents the formation of client ad hoc networks within the RF coverage domain.D. Detects network reconnaissance probes, like those used by tools like NetStumbler, that attempt to discover

the wireless network topology.


QUESTION 155You are in a coffee shop and you have connected to their wireless hot-spot. Your Windows 7 wireless clientshows five green bars with a yellow shield. Which statement about the level of signal strength and the WLANsecurity that is present is true?

A. You have excellent signal strength and a secure network connection.B. Your wireless client needs a username and password before it can connect to the WLAN.C. You have excellent signal strength and the client is waiting for you to enter a username and password.D. Your laptop is not receiving a signal.E. Your laptop is receiving an excellent signal and the network security is open.

Correct Answer: ESection: SecurityExplanation

QUESTION 156You are sitting in an airport preparing to use a free WLAN. When you look at the connections in your Windows7 wireless client, you see a network name and three boxes with a yellow shield.What does this mean?

A. You cannot connect to this WLAN.B. An open ad hoc network is nearby.C. The WLAN in the airport is open.D. A secure ad hoc network is nearby.E. A secure WLAN is in the airport.F. You must provide a username and password to access the WLAN in the airport.



QUESTION 157Cisco Client Management Frame Protection is running on a mobility group with two controllers. Which two MFP

requirements protect the network? (Choose two.)

A. forces clients to authenticate, using a secure EAP method onlyB. implements the validation of wireless management framesC. requires Cisco Compatible Extensions v5D. requires the use of a nonbroadcast SSIDE. requires Cisco Compatible Extensions v4

Correct Answer: BCSection: SecurityExplanation


QUESTION 158When a wireless client is authenticated in a controller-based wireless network, which three pieces of sourceidentification information can be used by the controller for an Access-Request message that is sent to anexternal RADIUS server? (Choose three.)

A. wireless client IP addressB. controller IP addressC. AP IP addressD. wireless client MAC addressE. controller MAC addressF. AP MAC address

Correct Answer: BEFSection: SecurityExplanation

Explanation/Reference:Cisco Wireless LAN Controller Configuration Guide, Release 7.0:From the Call Station ID Type drop-down list, choose IP Address, System MAC Address, or AP MAC Addressto specify whether the IP address, system MAC address, or AP MAC address of the originator will be sent tothe RADIUS server in the Access-Request message.

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70sol.html

QUESTION 159Which official port should be used when configuring external RADIUS authentication on a Cisco WLC version7.0?

A. 49B. 1645C. 1646D. 1812E. 1813


QUESTION 160

Which statement about the impact of configuring a single SSID to support TKIP and AES encryptionsimultaneously is true?

A. The overhead associated with supporting both encryption methods significantly degrades client throughput.B. Some wireless client drivers might not handle complex SSID settings and may be unable to associate to the

WLAN.C. This configuration is unsupported and the Cisco Wireless Control System generates alarms continuously

until the configuration is corrected.D. This configuration is common for migrating from WPA to WPA2. No problem is associated with using this

configuration.


QUESTION 161When the pre-shared key authentication method is used for WPA or WPA2, for which two functions is the pre-shared key used? (Choose two.)

A. to act as the Group Transient Key during the bidirectional handshakeB. to act as the Pairwise Master Key during the bidirectional handshakeC. to derive the nonce at each side of the exchangeD. to derive the Pairwise Transient Key

Correct Answer: BDSection: SecurityExplanation


Select and Place:

Correct Answer:


Explanation/Reference:AP manager interface:

Used for Layer 3 communications between WLC and lightweight AP after the access points have joined thecontroller;Used as the tunnel source/destination for communications between WLC and AP;

Management interface:In-band management of the controller. Uses for access the controller’s GUI;Used APs for discover the controller, act like an AP manager interface by default;Inter-controller communications. Mobility groups exchange information using the management interface;Is the only consistently "pingable" in-band interface IP address on the controller

Virtual interface:Used to support mobility management;Act as DHCP relay and DNS gateway;Uses as the source of certificates when Layer 3 web authorization is enabled;For embedded Layer 3 security such as guest web authentication and VPN termination;

Specifically, the virtual interface plays these two primary roles:Acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP server;Serves as the redirect address for the web authentication login page;

Dynamic interface:Also known as VLAN interfaces, are created by users and designed to be analogous to VLANs for wirelessLAN clients;

Mapped on WLAN;

Service interface:Out-of-band management and can also be used for system recovery and maintenance purposes;Statically mapped by the system to the service port;This is the only port that will be active when the controller is in its boot mode;Default gateway cannot be assigned to the service-port interface. Instead, static routes can be definedthrough the controller for remote network access to the service port;

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mint.html#wp1167723


Documents

Cisco.CCNA.Wireless - GRATIS EXAM · Cisco.CCNA.Wireless.162q ... Exam Name: Implementing Cisco Unified Wireless Networking Essentials v2.0 Sections 1. Access Points 2 ... Release