This page was exported from Lead2pass New Updated Exam Questions [ https://www.getfreevce.com ] Export date:Mon Dec 23 3:26:50 2024 / +0000 GMT ___________________________________________________ Title: [Lead2pass New] Easily Pass Cisco 400-351 Exam With Lead2pass Latest Cisco 400-351 Brain Dumps (231-250) --------------------------------------------------- 2017 November Cisco Official New Released 400-351 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Although the Cisco 400-351 dumps are very popular, Lead2pass offers a wide range of Cisco 400-351 exam dumps and will continue to release new study guide to meet the rapidly increasing demand of the IT industry. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-351.html QUESTION 231Which three security threats require the Cisco Adaptive wIPS service for mitigation? (Choose three.) A.    on/off-channel rogueB.    spectrum intelligenceC.    man-in-the-middle attackD.    rogue switch-port tracingE.    zero-day attackF.    network reconnaissanceAnswer: CEF QUESTION 232Which of the following are required components for Client MFP? (Choose two.) A.    CCXv4B.    CCXv5C.    802.11nD.    WPA2 w/TKIP or AES-CCMPE.    AnyConnect 3.0 Answer: BD QUESTION 233Which of the following statements are true regarding RLDP? (Choose two) A.    RLDP works only on APs configured in Open Authentication mode.B.    RLDP only works if the AP is in Monitor Mode.C.    RLDP will attempt to identify each Rogue AP only once.D.    RLDP only works if the Rogue AP is connected to a VLAN that is reachable by the WLC.E.    RLDP only works if the AP is in Local Mode. Answer: AD QUESTION 234Which of the following statements are not correct about Client Management Frame Protection (MFP)? (Choose 2.) A.    Client MFP can replace Infrastructure MFP in case only CCXv5 clients are used.B.    Client MFP encrypts class 3Unicastmanagement frames using the security mechanisms defined by 802.11i.C.    In order to use Client MFP the client must support CCXv5 and negotiate WPA2 with AES- CCMP or TKIP.D.    The only supported method to obtain the pre-user MFP encryption keys is EAP authentication.E.    CCXv5 client and access points must discard broadcast class 3 management frames. Answer: AD QUESTION 235Corporation XYZ just underwent a third-party security audit. The auditors have required that the corporation implements 802.1x on its wireless network and disable all pre-shared key WLANs as soon as possible. XYZ does not have an internal CA installed to provide server certificates today. However, it wishes to implement an EAP method that requires clients to use server authentication in the future. XYZ also needs an EAP method that will allow both Active Directory user authentication and time-based tokens.What is the best EAP method for XYZ to implement? A.    TTLSB.    PEAPC.    FASTD.    TLS Answer: C QUESTION 236Which of the below parameters are used in calculating the range - maximum distance - of an outdoor link between two bridges? Choose two. A.    The cable length between bridge and the connecting switch.B.    The bridge transmission power.C.    The outside temperature.D.    The modulation type.E.    The length of the antenna. Answer: BD QUESTION 237Resource Reservation Control (RRC) provides enhanced capabilities to manage admission and policy controls when deploying VideoStream on a Cisco Unified Wireless Network. Which statement correctly states the decision making process RRC goes through to admit or deny a client from joining a stream? A.    RRC initiates admission and policy decisions based on the radio resource measurements, traffic statistics measurement, and system configurations. The WLC initiates RRC requests to the APs for the IGMP join.B.    The WLC processes IGMP join requests after checking all the parameters, including client count, channel utilization, latency, QoS, and client link rates.C.    RRC algorithm periodically checks if conditions have changed. If a policy is violated, the client will be denied to the stream immediately. When the condition improves, the client will be admitted to join again.D.    RRC algorithm will check and ensure the conditions are optimal before the client gets admitted.If the conditions are only partially satisfied, the client will be admitted but will have a better QoS priority to protect the stream quality.E.    RRC is a control mechanism to ensure good connection quality for a video stream via multicast.Clients that do not satisfy all conditions will always be admitted as best effort clients. Clients that do not get admitted 3 times within a specific time period, are denied access to the stream. Answer: A QUESTION 238Which two statements are true regarding the location tracking history on the Cisco 3300 Series Mobility Services Engine? (Choose two.) A.    By default, the historical data is archived for 30 days.B.    The history of an element is recorded if it moves more than 5 meters (or 15 feet).C.    The history of an element is recorded if it moves across floors.D.    History logging is enabled by default.E.    An element is removed from the tracking table after one hour of inactivity. Answer: AC QUESTION 239When designing a WLAN network to support both voice and context-aware services, which set of design principles should you follow? A.    An AP must be placed at the perimeter and in each of the four corners of the floor. All APs must be enabled to ensure proper coverage on the floor to provide -67 dBm, 20 percent celloverlap, and 19 dB channel separation.B.    An AP must be placed at the perimeter and in each of the four corners of the floor. Some APs may be disabled to ensure proper coverage on the floor to provide -67 dBm, 20 percent celloverlap, and 19 dB channel separation.C.    An AP must be placed at the perimeter and in each of the four corners of the floor to ensure proper coverage on the floor to provide -67 dBm, 20 percent cell overlap, and 19 dB channel separation. Some APs may be in monitor mode.D.    If a conflict occurs between the AP placement for voice design and for context-aware location design, then the voice design should take precedence, to protect against delays and dropping of sensitive voice traffic.E.    In a design that includes both voice and context-aware services, voice design always requires more APs to be deployed to ensure -67 dBm coverage, 20 percent cell overlap, 19 dB channel separation, and proper capacity planning.F.    In a design that includes both voice and context-aware services, voice design should take precedence to avoid co-channel interference, which can negatively affect voice quality. Voice design also requires -67 dBm coverage, 20 percent cell overlap, and 19 dB channel separation, which is more difficult to achieve. Answer: C QUESTION 240Refer to the exhibit. Looking at the packet capture between the client and AP during a voice troubleshooting session, what can you learn?   A.    The 802.1p COS value is marked as 5, which typically is used for the voice traffic that is encoded in G711.B.    IP precedence is marked as 5 for the voice traffic that is encoded in G711, with a corresponding 802.11e UP marking of 6.C.    The WMM UP value is marked as 5, which typically is used for the voice traffic that is encoded in G711, and DSCP is marked as EF.D.    IP precedence is marked as 5, with a corresponding 802.11e UP marking of 6 and a correct DSCP marking to EF; the voice traffic is encoded in G711.E.    The 802.1p COS value is marked as 5, with a correct DSCP marking to EF, and the voice traffic is encoded in G711.F.    WMM UP marking is marked as 5, which typically is used for video traffic; this voice traffic stream is encoded in G711, and DSCP is marked as EF. Answer: F QUESTION 241When deploying the Cisco Unified Wireless IP Phone 7925 running firmware release 1.3.4 on a Cisco Unified architecture, which features should you enable to support fast secure roaming while maintaining a scalable deployment? A.    The controller supports PKC, so use WPA2 802.1X.B.    The controller does not support PKC, so use WPA2 PSK.C.    The controller does not support OKC, so use WPA2 PSK.D.    The 7925 does not support WPA2 with Cisco CKM, so use WPA2 PSK.E.    The 7925 supports WPA2 with Cisco CKM, so use WPA2 802.1X.F.    The 7925 supports PKC, so use WPA2 802.1X. Answer: E QUESTION 242At what distance does the curve of the earth factor into the antenna elevation calculation? A.    greater than 6 miles (~10 km)B.    greater than 26 miles (~42 km)C.    the width of the Fresnel zone, which varies depending on the distance by which the bridges are separatedD.    60% of the Fresnel zone Answer: A QUESTION 243Which statement is true regarding communication between the WDS and other APs in a WLAN setup using WDS? A.    Communication is protected using X.509 certificates, which can be either self-signed or manufacturer-installed.B.    Communication is protected using a Context Transfer Key, which is manually configured on the AP.C.    Communication is protected using multicast traffic, which is restricted to the local Layer 2 network.D.    Communication is protected using a Context Transfer Key, which is negotiated during WDS authentication. Answer: D QUESTION 244Which statement about NIC cards certified by Cisco Compatible Extensions is correct? A.    They support Cisco WLAN technology enhancements.B.    They support Cisco alternatives to the 802.11 standards.C.    They support Cisco standards such as LEAP and EAP-FAST but not PEAP-MSCHAP.D.    They support 802.11 standards plus power management only.E.    They are compliant with Cisco Compatible Extensions, but not with Wi-Fi. Answer: A QUESTION 245How can you use Cisco WCS as part of the preliminary site survey for an unfinished building? A.    detect sources of RF interferenceB.    detect possible security policy violationsC.    find the exact location of the APs on the floor mapD.    create obstacles on floor plans that can be taken into consideration when computing RF prediction heat maps for APs Answer: D QUESTION 246What happens to the traffic between two users with the same SSID when peer-to-peer blocking is disabled? A.    traffic is dropped from wireless user to wireless userB.    traffic is forwarded to the upstream VLAN; the device above the controller decides what action to take regarding the packetsC.    traffic is bridged on the same controllerD.    traffic is inspected by the controller for malicious attacks Answer: C QUESTION 247During the Layer 3 LWAPP Join process, a list of wireless LAN controllers may be offered to the AP by which DHCP option? A.    6B.    43C.    44D.    46E.    60F.    66 Answer: B QUESTION 248In order to protect IEEE 802.11 clients against spoofed management frames, client Management Frame Protection encrypts management frames sent between access points and clients. Which three of these management frames are protected by client MFP? (Choose three.) A.    beaconB.    authenticationC.    deauthenticationD.    disassociationE.    probe requestF.    probe responseG.    QoS (WMM) action frames Answer: CDG QUESTION 249Infrastructure Management Frame Protection enables the wireless infrastructure to detect management frames spoofed by an attacker. Which two of these mechanisms does infrastructure MFP introduce to access points in order to protect against such attacks? (Choose two.) A.    management frame validationB.    management frame encryptionC.    cryptographically-hashed message integrity checkD.    cryptographically-hashed frame check sequenceE.    802.1x authentication Answer: AC QUESTION 250You are deploying a wireless network in a warehouse located next to an airport. Which two of these 5-GHz channels would avoid potential radar interference, considering that many airport radars use the UNII-2 frequency ranges? (Choose two.) A.    36B.    52C.    140D.    153 Answer: AD Lead2pass offers the latest Cisco 400-351 dumps and a good range of Cisco Certification 400-351 answers. Most of our Cisco 400-351 exam dumps are exclusively prepared by the best brains and highly skilled professionals from the IT domain to ensure 100% pass in your Cisco 400-351 Exam. More 400-351 new questions (with images) on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDY0FaMFVrWHdXWEk 2017 Cisco 400-351 exam dumps (All 305 Q&As) from Lead2pass: https://www.lead2pass.com/400-351.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-11-03 08:24:43 Post date GMT: 2017-11-03 08:24:43 Post modified date: 2017-11-03 08:24:43 Post modified date GMT: 2017-11-03 08:24:43 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com