Free 400-351 Exam Braindumps

Refer to the exhibit.

You have been asked to troubleshoot why VTP is not distributing new VLANs to a VTP client switch. Which option is the most likely root cause of this VTP problem?

  1. The VTP password is incorrect on the client switch.
  2. The client switch is set to transparent mode, which ignores VLAN configuration updates from VTP servers.
  3. The VTP encryption level does not match on the client switch.
  4. The VTP password encryption level is not set on the client switch.
  5. The VTP is not set to level 15 on the client switch.

Answer(s): A

Explanation:

This log message does usually indicate a password or vtp domain name issue (case sensitive and watch for spaces)



Which three conditions can trigger a client exclusion policy? (Choose three.)

  1. excessive 802.11 association failures
  2. excessive 802.1x authentication failures
  3. IP theft or IP reuse
  4. excessive 802.11 probe request failures
  5. excessive 802.1x authorization failures
  6. excessive 802.11 packet retries

Answer(s): A,B,C

Explanation:

The Cisco WLC will exclude clients when specific conditions are met: Excessive 802.11 Association Failures after five consecutive failures. Excessive 802.11 Authentication Failures after five consecutive failures. 802.1X Authentication Failures after three consecutive failures.

IP Theft or IP Reuse if the IP address, being obtained by the client, is already assigned to another device. Excessive Web AuthenticationFailures after three consecutive failures.


Reference:

https://www.packet6.com/should-you-disable-cisco-wlc-client-exclusion-policies-hint-nope/



Refer to the exhibit, which is a configuration snippet of a Cisco 5760 controller code IOS XE 3.6.3. Which statement about wlan 11 is true?

  1. This configuration is for external WebAuth with an external Radius server.
  2. This configuration is for WebAuth with local authentication.
  3. This configuration is for WebAuth with an external RADIUS server.
  4. This configuration is for custom WebAuth with local authentication.
  5. This configuration is for custom WebAuth with an external RADIUS server.

Answer(s): D

Explanation:

Parameter-MapHere is the configuration for the Parameter-Map. This section provides insight on the how to configure the Virtual IP address on the WLC and how to set the parameter type, which helps to specify the redirect URL, Login Page, Logout page, and Failure page. You must make sure that the flash has these files. parameter-map type webauth global virtual-ip ipv4 1.1.1.1parameter-map type webauth customtype webauthredirect on-success http://www.cisco.combanner text ^C CC global ip for redirect ^C custom-page login device flash:webauth_login.html custom-page success device flash:webauth_success.html custom-page failure device flash:webauth_failure.html custom-page login expired device flash:webauth_expired.html
Wireless LAN (WLAN) Configuration Here is the configuration for WLAN. The WLAN is configured for Layer 3 security. This configuration maps the authentication list to Local_webauth and ensures that the authentication is handled by the local net users. This calls the AAA configuration that is in the initial step.

wlan webauth 1 webauthclient vlan Vlanxno security wpano security wpa akm dot1xno security wpa wpa2no security wpa wpa2 ciphers aessecurity web-authsecurity web-auth authentication-list local_webauthsecurity web-auth parameter-map customsession-timeout 1800no shutdown


Reference:

http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117728-configure-wlc-00.html



Refer to the exhibit.

Which option describes what this sequence of commands achieves on a Cisco Autonomous AP?

  1. This example shows how to permit any SNMP manager to access all objects with read-only permission using the community string public. The access point also sends config traps to the hosts 192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2C. The community string public is sent with the traps.
  2. This example shows how to permit any SNMP manager to access all objects with read-only permission using the community string public. The access point also sends config traps to the hosts 192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2C. The community string public is not sent with the traps as this is the default.
  3. This example shows how to permit any SNMP access to all objects with read-only permission to only three specific IP addresses using the community string public. The access point also sends config traps to the hosts 192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2 The community string public is sent with the traps.
  4. This example shows how to permit any SNMP access to all objects with read-only permission to only three specific IP addresses using the community string public. The access point also sends config traps to the hosts 192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2C. The community string public is not sent with the traps.

Answer(s): A

Explanation:

SNMPv1 and SNMPv2 use the notion of communities to establish trust between managers and agents. An agent is configured with three community names: read-only, read-write, and trap. The community names are essentially passwords; there's no real difference between a community string and the password you use to access your account on the computer. The three community strings control different kinds of activities. As its name implies, the read-only community string lets you read data values, but doesn't let you modify the data. For example, it allows you to read the number of packets that have been transferred through the ports on your router, but doesn't let you reset the counters. The read-write community is allowed to read and modify data values; with the read-write community string, you can read the counters, reset their values, and even reset the interfaces or do other things that change the router's configuration. Finally, the trap community string allows you to receive traps (asynchronous notifications) from the agent.

Most vendors ship their equipment with default community strings, typically public for the read-only community and private for the read-write community. It's important to change these defaults before your device goes live on the network. (You may get tired of hearing this because we say it many times, but it's absolutely essential.) When setting up an SNMP agent, you will want to configure its trap destination, which is the address to which it will send any traps it generates. In addition, since SNMP community strings are sent in clear text, you can configure an agent to send an SNMP authentication-failure trap when someone attempts to query your device with an incorrect community string. Among other things, authentication-failure traps can be very useful in determining when an intruder might be trying to gain access to your network.

Because community strings are essentially passwords, you should use the same rules for selecting them as you use for Unix or NT user passwords: no dictionary words, spouse names, etc. An alphanumeric string with mixed upper- and lowercase letters is generally a good idea. As mentioned earlier, the problem with SNMP's authentication is that community strings are sent in plain text, which makes it easy for people to intercept them and use them against you. SNMPv3 addresses this by allowing, among other things, secure authentication and communication between SNMP devices.


Reference:

http://docstore.mik.ua/orelly/networking_2ndEd/snmp/ch02_02.htm



Drag and drop the wireless deployment modes on the left to the corresponding roaming description on the right. Select and Place:

Exhibit A:



Exhibit B:

  1. The answer is Exhibit B.

Answer(s): A