Cisco Enterprise Wireless Networks – Multiple Choice Questions With Answers

cisco_wireless_enterprise_networks_techhyme

Cisco Enterprise Wireless Networks course gives you the basic knowledge and skills needed to create a secure wireless network infrastructure and troubleshoot any related issues. Although every industry and organization is different, everyone needs a reliable wireless network.

Cisco wireless solutions help these industries and organizations by providing a robust, reliable wireless network to achieve their goals.

Also Read:

Below is the set of MCQ questions with Answers which helps you to clear the CISCO Enterprise Wireless Networks Exam:

1. A wireless network engineer must present a list of all rogue APs with a high severity score to senior management. Which report must be created in Cisco Prime Infrastructure to provide this information?

  • Rogue AP Count Summary
  • Rogue APs
  • New Rogue APS
  • Rogue AP Events

2. An engineer set up identity-based networking with ISE and configured AAA override on the WLAN. Which two attributes must be used to change the client behavior from the default settings? (Choose two.)

  • IPV6 ACL .
  • DHCP timeout
  • DSCP value
  • multicast address
  • DNS server

3. A multitenant building contains known wireless networks in most of the suites. Rogues must be classified in the WLC. How are the competing wireless APs classified?

  • unclassified
  • friendly
  • malicious
  • adhoc

4. An engineer must configure a Cisco WLC to support Cisco Aironet 600 Series OfficeExtend APs. Which two Layer 2 security options are supported in this environment? (Choose two.)

  • Static WEP
  • Static WEP + 802.1X
  • WPA+WPA2
  • 802.1X
  • СКІР

5. An engineer is implementing RADIUS to restrict administrative control to the network with the WLC management IP address of 192.168.1.10 and an AP subnet of 192.168.2.0/24. Which entry does the engineer define in the RADIUS server?

  • administrative access defined on the WLC and the network range 192.168.2.0/255.255.254.0
  • NAS entry of the virtual interface and the network range 192.168.2.0/255.255.255.0
  • shared secret defined on the WLC and the network range 192.168.1.0/255.255.254.0
  • WLC roles for commands and the network range 192.168.1.0/255.255.255.0

6. A network engineer needs to configure multicast in the network. The implementation will use multiple multicast groups and PIM routers. Which address provides automatic discovery of the best RP for each multicast group?

  • 224.0.1.39
  • 224.0.1.40
  • 224.0.0.14
  • 224.0.0.13

7. A corporation is spread across different countries and uses MPLS to connect the offices. The senior management wants to utilize the wireless network for all the employees. To ensure strong connectivity and minimize delays, an engineer needs to control the amount of traffic that is traversing between the APs and the central WLC. Which configuration should be used to accomplish this goal?

  • FlexConnect mode with central authentication
  • FlexConnect mode with central switching enabled
  • FlexConnect mode with local authentication
  • FlexConnect mode with OffceExtend enabled

8. What must be configured on ISE version 2.1 BYOD when using Single SSID?

  • open authentication
  • WPA22
  • no authentication
  • 802.1x

9. An engineer has implemented 802.1x authentication on the wireless network utilizing the internal database of a RADIUS server. Some clients reported that they are unable to connect. After troubleshooting, it is found that PEAP authentication is failing. A debug showed the server is sending an AccessReject message. Which action must be taken to resolve authentication?

  • Disable the server certificate to be validated on the client.
  • Replace the client certificates from the CA with the server certificate
  • Update the client certificate to match the user account
  • Use the user password that is configured on the server

10. An engineer is configuring multicast for two WLCs. The controllers are in different physical locations and each handles around 500 wireless clients How should the CAPWAP multicast group address be assigned during configuration?

  • Both WLCs must be assigned the same multicast group address
  • Each WLC management address must be in a different multicast group.
  • Each WLC management address must be in the same multicast group.
  • Each WLC must be assigned a unique multicast group address

11. An engineer must run a Client Traffic Stream Metrics report in Cisco Prime Infrastructure. Which task must be run before the report?

  • scheduled report
  • software
  • client status
  • radio performance

12. A customer managing a large network has implemented location services. Due to heavy load, it is needed to load balance the data coming NMSP from the WLCs. Load must be spread between multiple CMX servers to help optimize the data flow for APs. Which configuration in CMX meets this requirement?

  • cmxctl config feature flags nmsplb.cmx-ap-grouping true
  • cmxctl config feature flags nmsplb.cmx-loadbalance true
  • cmxctl config feature flags nmsplb.cmxgrouping true
  • cmxctl config feature flags nmsplb.cmx-rssi-distribute true

13. An engineer is setting up a WLAN to work with a Cisco ISE as the AAA server. The company policy requires that all users be denied access to any resources until they pass the validation. Which component must be configured to achieve this stipulation?

  • preauthentication ACL
  • CPU ACL
  • AAA override
  • WPA2 passkey

14. A wireless engineer must configure access control on a WLC using a TACACS+ server for a company that is implementing centralized authentication on network devices. Which role value must be configured under the shell profile on the TACACS+ server for a user with read-only permissions?

  • READ
  • ADMIN ON
  • MANAGEMENT
  • MONITOR

15. A customer wants the APs in the CEO’s office to have different usernames and passwords for administrative support than the other APs deployed throughout the facility. Which feature must be enabled on the WLC and APs to achieve this goal?

  • local management users
  • HTTPS access
  • 802.1X supplicant credentials
  • override global credentials

16. After looking in the logs, an engineer notices that RRM keeps changing the channels for non-IEEE 802.11 interferers. After surveying the area, it has been decided that RRM should not change the channel. Which feature must be enabled to ignore non-802.11 interference?

  • Avoid Non-802.11 Noise
  • Avoid Cisco AP Load
  • Avoid Foreign AP Interference
  • Avoid Persistent Non-WiFi Interference

17. An engineer configures a deployment to support:
Cisco CMX
licenses for at least 3000 APS
6000 wlPS licenses
The Cisco VMSE appliance must be sized for this deployment. Which Cisco VMSE Release 8 option must the engineer deploy?

  • High-End VMSE
  • Standard VMSE
  • Low-End VMSE
  • Large VMSE

18. An engineer has configured Media Stream on the WLC and must guarantee at least 2 Mbps stream per user. Which RRC template should the engineer use?

  • coarse
  • medium
  • ordinary
  • low

19. After installing and configuring Cisco CMX, an administrator must change the NTP server on the Cisco CMX server. Which action accomplishes this task?

  • Manually edit /etc/ntp.conf as the admin user before restarting ntpd by using service ntpd restart
  • Manually edit /etc/ntp.conf using an XML editor before restarting the server by using service restart all services.
  • Log in to the Cisco CMX CLI and issue set ntp server NTP_IP where NTP_IP is the IP of the NTP server.
  • Log in to the Cisco CMX GUI as the administrator and type the IP address of the NTP server in System tab > Settings > TimeZone/NTP.

20. An IT administrator is managing a wireless network in which most devices are Apple iOS. A QoS issue must be addressed on the WLANs. Which configuration must be performed?

  • Enable Fastlane globally under Wireless > Access Points > Global Configuration
  • Enable WMM TSPEC/TCLAS negotiation under Wireless > Advanced
  • Enable Fastlane under each WLAN setting.
  • Create a new AVC Profile named AUTOQOS-AVC-PROFILE and apply to all WLANS.

21. An ACL is configured to restrict access for BYOD clients. The ACL must redirect devices to the guest portal. To which two devices on the local network must the ACL allow access other than the DHCP server? (Choose two.)

  • SNMP server
  • Cisco ISE
  • DNS server
  • WLCD
  • RADIUS server

22. The marketing department creates a promotion video for the branch store. Only interested hosts must receive the video over wireless multicast. What allows this feature?

  • ТРС
  • DCA
  • WMM
  • WMF

23. On a Cisco Catalyst 9800 Series Wireless Controller, an engineer wants to prevent a FlexConnect AP from allowing wireless clients to connect when its Ethernet connection is nonoperational. Which command set prevents this connection?

  • config terminal
    wireless profile flex [profile name]
    fallback-radio-shut
    end
  • config terminal
    wireless flexconnect profile [profile name]
    fallback-radio-shut
    end
  • config terminal
    wireless flexconnect profile [profile name)
    ethernet-fallback-enable
    end
  • config terminal
    wireless profile flex [profile name]
    ethernet-fallback-enable
    end

24. An engineer implemented the CPU ACL on your Cisco 5520 Series Wireless LAN Controller, and the controller is no longer manageable via the network What must be changed on this CPU ACL to enable it to manage the controller again?

  • Line 1 must be set to a destination port of HTTP
  • Permit statements must be added to the top of the ACL in both directions, which specify the network to be managed from and the virtual interface of the controller.
  • Line 1 must be set to the inbound direction.
  • Permit statements must be added to the top of the ACL, which specify the network to be managed from

25. An engineer completes the setup of a wo-node Cisco ISE deployment for a guest portal. When testing the portal, the engineer notices that sometimes there is a certificate CN mismatch. Which certificate type helps resolve this issue?

  • Public-Signed Root
  • Self-Signed Standard
  • Public-Signed SAN
  • Self-Signed Wildcard

26. An engineer is configuring a new wireless network for guest access. The Facebook page of the company must be viewed by the guest users before they get access to the network. A Cisco MSE is used as a wireless component Which URL must be used in the configuration as the external redirection URL?

  • http://<MSE>:8084/vistor/login.do
  • http://<MSE> 8083/visitor/login.do
  • http://<MSE>:8083/fbwifi/forward
  • http://<MSE>:8084/fbwifi/forward

27. A network administrator managing a Cisco Catalyst 9800-80 WLC must place all iOS connected devices to the guest SSID on VLAN 101. The rest of the clients must connect on VLAN 102 to distribute load across subnets. To achieve this configuration, the administrator configures a local policy on the WLC. Which two configurations are required? (Choose two.)

  • Allow HTTP and DHCP profiling under policy map.
  • Enable device classification on global wireless settings.
  • Add local profiling policy under global security policy settings.
  • Assign a policy map under global security policy settings.
  • Create a service template.

28. An engineer is deploying a virtual MSE. The network has 3000 APs and needs 7000 IPS licenses. To which size server does the engineer scale it?

  • virtual
  • standard
  • high end
  • low end

29. Which two restrictions are in place with regards to configuring mDNS? (Choose two.)

  • MDNS uses only UDP port 5436 as a destination port.
  • Controller software must be newer than 7.0.6+ 2
  • mDNS is not supported over IPv6
  • MDNS is not supported on FlexConnect APs with a locally switched WLAN.
  • DNS cannot use UDP port 5353 as the destination port.

30. An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which configuration must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS?

  • Cisco Centralized Key Management
  • local EAP
  • authentication caching
  • pre-authentication

31. What are two considerations when deploying a Cisco Hyperlocation? (Choose two.)

  • NTP can be configured, but that is not recommended.
  • If the Cisco CMX server is a VM, a high-end VM is needed for Cisco Hyperlocation deployments.
  • The Cisco Hyperlocation feature must be enabled on the wireless LAN controller and Cisco CMX.
  • After enabling Cisco Hyperlocation on Cisco CMX, the APs and the wireless LAN controller must be restarted.
  • The Cisco Hyperlocation feature must be enabled only on the wireless LAN controller.

32. Which three properties are used for client profiling of wireless clients? (Choose three.)

  • IP address
  • OS version 2
  • DHCP
  • MAC OUI
  • hostname
  • HTTP user agent

33. Which command set configures a Cisco Catalyst 9800 Series Wireless Controller so that the client traffic enters the network at the AP switch port?

  • config terminal
    wireless profile policy (policy name]
    no central switching
    end
  • config terminal
    a wireless profile policy (policy name]
    local switching
    end
  • config terminal
    wireless flexconnect policy spolicy name]
    2012 local switching
    end
  • config terminal
    wireless flexconnect policy spolicy name]
    no central switching
    end

34. What is the difference between PIM sparse mode and PIM dense mode?

  • Sparse mode floods. Dense mode uses distribution trees.
  • Sparse mode supports multiswitch networks. Dense mode supports only one switch
  • Sparse mode uses distribution trees. Dense mode floods.
  • Sparse mode supports only one switch. Dense mode supports multiswitch networks.

35. Which two items must be supported on the VOWLAN phones to take full advantage of this WLAN configuration? (Choose two.)

  • APSD
  • SIFS
  • TSPEC
  • WMM
  • 802.11r

36. A network engineer wants to implement QoS across the network that supports multiple VLANs. All the APs are connected to switch ports and are configured in local mode. Which trust model must be configured on the switch ports to which the APs are connected?

  • WMM UP
  • IPP
  • Cose
  • DSCP

37. An engineer has successfully implemented 10 active RFID tags in an office environment. The tags are not visible when the location accuracy is tested on the Cisco CMX Detect and Locate window. Which setting on Cisco CMX allows the engineer to view the tags?

  • Enable probing clients for active tags.
  • Define an RFID group globally and add the tags.
  • Enable RFID tags in tracking options
  • Enable hyperlocation services for RFID

38. What is the Cisco recommended configuration for a Cisco switch port connected to an AP in local mode for optimal voice over WLAN performance with an 8821 wireless phone?

  • switchport mode access
    mls qos trust dscp
  • switchport mode access
    mls qos trust device cisco-phone
  • switchport encapsulation dot1q
    switchport mode trunk
    mls qos trust device cisco-phone
  • switchport mode access
    mls qos trust cos

39. A corporation has employees working from their homes. A wireless engineer must connect 1810 OEAP at remote teleworker locations. All configuration has been completed on the controller side, but the network readiness is pending. Which two configurations must be performed on the firewall to allow the AP to join the controller? (Choose two.)

  • Allow UDP ports 5246 and UDP port 5247 on the firewall.
  • Enable NAT Address on the 5520 with an Internet-routable IP address.
  • Configure a static IP on the OEAP 1810.
  • Allow UDP ports 12222 and 12223 on the firewall.
  • Block UDP ports 1812 and 1813 on the firewall.

40. An engineer has been hired to implement a way for users to stream video content without having issues on the wireless network. To accomplish this goal, the engineer must set up a reliable way for a Media Stream to work between Cisco FlexConnect APs. Which feature must be enabled to guarantee delivery?

  • IGMP Direct
  • Unicast Direct
  • Multicast Direct 
  • Multicast-to-Unicast Direct

41. An engineer must connect a fork lift via a WGB to a wireless network and must authenticate the WGB certificate against the RADIUS server. Which three steps are required for this configuration? (Choose three.)

  • Configure WLAN to authenticate using ISE.
  • Configure the certificate on the WLC.
  • Configure the certificate, WLAN, and radio interface on WGB.
  • Configure WGB as a network device in ISE.
  • Configure a policy on ISE to allow devices to connect that validate the certificate.
  • Configure the access point with the root certificate from ISE.

42. Which two steps are needed to complete integration of the MSE to Cisco Prime Infrastructure and be able to track the location of clients/rogues on maps? (Choose two.)

  • Add the MSE to Cisco Prime Infrastructure using the CLI credentials.
  • Add the MSE to Cisco Prime Infrastructure using the Cisco Prime Infrastructure communication credentials configured during set up.
  • Apply a valid license for location tracking
  • Apply a valid license for Wireless Intrusion Prevention System
  • Synchronize access points with the MSE.

43. The Cisco Hyperlocation detection threshold is currently set to -50 dBm. After reviewing the wireless user location, discrepancies have been noticed. To improve the Cisco Hyperlocation accuracy, an engineer attempts to change the detection threshold to -100 dBm. However, the Cisco Catalyst 9800 Series Wireless Controller does not allow this change to be applied. What actions should be taken to resolve this issue?

  • Shutdown all radios on the controller, change the Cisco Hyperlocation detection range, and enable the radios again.
  • Create a new profile on Cisco CMX with the new Cisco Hyperlocation detection range, and apply it on the WLAN.
  • Place the APs to monitor mode, shutdown the radios, and then change Cisco Hyperlocation detection threshold.
  • Disable Cisco Hyperlocation, change the Cisco Hyperlocation detection threshold, and then enable it

44. A Cisco CMX 3375 appliance on the 10.6.1 version code counts duplicate client entries, which creates wrong location analytics. The issue is primarily from ios clients with the private MAC address feature enabled. Enabling this feature requires an upgrade of the Cisco CMX 3375 appliance in a high availability pair to version 10.6.3. SCP transfers the Cisco CMX image, but the upgrade script run fails. Which configuration change resolves this issue?

  • Break the high availability using the cmxha config disable command and upgrade the primary and secondary individually
  • Save configuration and use the upgrade script to upgrade the high availability pair without breaking the high availability
  • Upgrade the high availability pair to version 10.6.2 image first and then upgrade to version 10.6.3.
  • Run root patch to first upgrade to version 10.6.2 and then migrate to version 10.6.3

45. OS An engineer must configure Cisco OEAPs for three executives. As soon as the NAT address is configured on the management interface, it is noticed that the WLC is not responding for APs that are trying to associate to the internal IP management address. Which command should be used to reconcile this?

  • config network ap-discovery nat-ip-only disable
  • config flexconnect office-extend nat-ip-only enable
  • config flexconnect office-extend nat-ip-only disable
  • config network ap-discovery nat-ip-only enable

46. An engineer needs to configure an autonomous AP for 802.1x authentication. To achieve the highest security an authentication server is used for user authentication. During testing, the AP fails to pass the user authentication request to the authentication server. Which two details need to be configured on the AP to allow communication between the server and the AP? (Choose two.)

  • PAC encryption key
  • username and password?
  • group name
  • RADIUS IP address
  • shared secret

47. OS A network engineer is implementing BYOD on a wireless network. Based on the customer requirements, a dual SSID approach must be taken. Which two advanced WLAN configurations must be performed? (Choose two.)

  • Set DHCP Addr. Assignment to Required.
  • Set NAC State to Radius NAC
  • Select DHCP Profiling
  • Set Allow AAA Override to Enabled.
  • Select Enable Session Timeout

48. What must be configured on the Global Configuration page of the WLC for an access point to use 802.1x to authenticate to the wired infrastructure?

  • RADIUS shared secret
  • local access point credentials
  • TACACS server IP address
  • supplicant credentials

49. Which area indicates the greatest impact on the wireless network when viewing the Cisco CleanAir Zone of Impact map of interferers?

  • C
  • D
  • A
  • B

50. An engineer is implementing profiling for BYOD devices using Cisco ISE. When using a distributed model, which persona must the engineer configure with the profiling service?

  • Monitor Node
  • Primary Admin Node
  • Policy Services Node
  • Device Admin Node

51. An engineer must implement intrusion protection on the WLAN. The AP coverage is adequate and on-channel attacks are the primary concern. The building is historic, which makes adding APs difficult. Which AP mode and submode must be implemented?

  • AP mode: monitor, AP submode: none
  • AP mode: local, AP submode: none
  • AP mode: local, AP submode. WIPS
  • AP mode: monitor, AP submode: WIPS

52. An engineer needs to provision certificates on a Cisco Catalyst 9800 Series Wireless Controller. The customer uses a third-party CA server. Which protocol must be used between the controller and CA server to request and install certificates?

  • SSL
  • LDAP
  • TLS
  • SCEP

53. A customer requires wireless traffic from the branch to be routed through the firewall at corporate headquarters. A RADIUS server is in each branch location. Which Cisco FlexConnect configuration must be used?

  • central authentication and local switching
  • local authentication and local switching
  • central authentication and central switching
  • local authentication and central switching

54. A corporation has a wireless network where all APs are configured in FlexConnect. The WLC has a Data WLAN and a VoWiFi WLAN implemented where centrally-switched SSID is configured for the APs. Which QoS configuration must be implemented for the wireless packets to maintain the marking across the wired and wireless network?

  • Set QoS to Platinum.
  • Enable CAC.
  • Allow WMM.
  • Trust DSCP

55. Which COS to DSCP map must be modified to ensure that voice traffic is tagged correctly as it traverses the network?

  • COS of 7 to DSCP 48
  • COS of 6 to DSCP 46
  • COS of 5 to DSCP 46
  • COS of 3 to DSCP 26

56. An engineer is responsible for a wireless network for an enterprise. The enterprise has distributed offices around the globe, and all APs are configured in Flex Connect mode. The network must be configured to support 802.11r and CCKM. What needs to be implemented to accomplish this goal?

  • Enable VLAN-based central switching
  • Create Flex Connect groups
  • Enable Flex Connect local switching.
  • Enable Flex Connect local authentication.

57. A wireless engineer has integrated the wireless network with a RADIUS server. Although the configuration on the RADIUS is correct, users are reporting that they are unable to connect. During troubleshooting, the engineer notices that the authentication requests are being dropped. Which action will resolve the issue?

  • Allow connectivity from the wireless controller to the IP of the RADIUS server.
  • Configure the shared-secret keys on the controller and the RADIUS server. 
  • Authenticate the client using the same EAP type that has been set up on the RADIUS server.
  • Provide a valid client username that has been configured on the RADIUS server.

58. An enterprise started using WebEx as a virtual meeting solution. There is a concern that the existing wireless network will not be able to support the increased amount of traffic as a result of using WebEx. An engineer needs to remark the QoS value for this application to ensure high quality in meetings. What must be implemented to accomplish this task?

  • QoS preferred call index
  • AVC profiles
  • WLAN quality of service profile
  • UP to DSCP map

59. After receiving an alert about a rogue AP, a network engineer logs into Cisco Prime Infrastructure and looks at the floor map where the AP that detected the rogue is located. The map is synchronized with a mobility services engine that determines that the rogue device is actually inside the campus. The engineer determines that the rogue is a security threat and decides to stop it from broadcasting inside the enterprise wireless network. What is the fastest way to disable the rogue?

  • Classify the rogue as malicious in Cisco Prime Infrastructure.
  • Create an SSID similar to the rogue to disable clients from connecting to it
  • Update the status of the rogue in Cisco Prime Infrastructure to contained. 
  • Go to the location where the rogue device is indicated to be and disable the power

60. An engineer must enable LSS for the Apple TV mDNS service only when ORIGIN is set to Wired. Which action meets this requirement?

  • Set ORIGIN to Wired. Enable LSS by using the config mdns service Iss Apple TV command.
  • Set ORIGIN to either Wireless or All. Enable LSS by using the config mdns service Iss enable Apple TV command
  • Set ORIGIN to Wired. Enable LSS by using the config mdns service Iss All command
  • Set ORIGIN to either Wireless or All. Enable LSS by using the config mdns service Iss All command.

61. A network engineer must segregate all iPads on the guest WLAN to a separate VLAN. How does the engineer accomplish this task without using Cisco ISE?

  • Enable RADIUS DHCP profiling on the WLAN.
  • Create a local policy on the WLC. 
  • Use an mDNS profile for the iPad device.
  • Use 802.1x authentication to profile the devices

62. A hospital wants to offer indoor directions to patient rooms utilizing its existing wireless infrastructure. The wireless network has been using location services specifications. Which two components must be installed to support this requirement? (Choose two.)

  • Cisco CMX Analytics
  • Cisco MSE 
  • Cisco CMX AppEngage
  • WIPS
  • Cisco CMX Visitor Connect

63. When configuring a large, high-availability wireless network which change to a mobility group creates less load on the controllers and maintains the same mobility messages?

  • Configure mobility group multicast messaging. 
  • Remove unnecessary controllers from the mobility group.
  • Configure the controllers into separate RF groups from the mobility groups.
  • Separate the controllers into different mobility groups per controller.

64. A Cisco 8540 WLC manages Cisco Aironet 4800 Series APs and sends AoA data to a Cisco CMX 3375 Appliance for Hyperlocation. The load from the WLC is distributed to another virtual CMX server using CMX grouping. The virtual CMX server shows location RSSI data and not Hyperiocation. No AOA metrics are shown on the metrics page of the CMX virtual appliance under System > Metrics > Location Metrics. How must the network administrator RESOLVE THIS ISSUE?

  • Allow port 2003 for AoA packets to flow through between the CMX appliances.
  • Enable Wireless > Access Points > Global configuration > Enable Hyperlocation on the WLC.
  • Use one Hyperlocation-enabled WL.C and CMX for AoA data
  • Enable the HALO module on the CMX appliance for the data collection

65. A healthcare organization notices many rogue APs and is concerned about a honeypot attack. Which configuration must a wireless network engineer perform in Cisco Prime Infrastructure to prevent these attacks most efficiently upon detection?

  • Set the auto containment level to 0 and select the Ad Hoc Rogue AP containment option.
  • Set the auto containment level to 0 and select the Using Our SSID containment option
  • Set the manual containment level to 4 and select the Ad Hoc Rogue AP containment option.
  • Set the auto containment level to 4 and select the Using Our SSID containment option.

66. In a Cisco WLAN deployment, it is required that all APs from branch 1 remain operational even if the control plane CAPWAP tunnel is down because of a WAN failure to headquarters Which operational mode must be configured on the APs?

  • Disconnected
  • Connected
  • Lightweight
  • Standalone

67. An engineer wants to upgrade the APs in a Cisco FlexConnect group. To accomplish this upgrade, the FlexConnect AP Upgrade setting will be used One AP of each model with the lowest MAC address in the group must receive the upgrade directly from the controller. Which action accomplishes this direct upgrade?

  • Reboot all APs before the upgrade.
  • Remove the APs from the group
  • Do not set any master APs. 9 0
  • Allocate the master APs to different groups

68. The security policy mandates that only controller web management traffic is allowed from the IT subnet. In testing, an engineer is trying to connect to a WLAN with Web Authentication for guest users, but the page is timing out on the wireless client browser. What is the cause of this issue?

  • Web Authentication Redirect is supported only with Internet Explorer, and the client is using Google Chrome.
  • The DNS server that is configured on the controller is incorrect
  • Web Authentication Redirect is not supported with CPUACLS. QUE
  • The implemented CPU ACL on the controller is blocking HTTP/HTTPS traffic from the guest clients.

69. A corporation has recently implemented a BYOD policy at their HQ. Which two risks should the security director be concerned about? (Choose two.)

  • unauthorized users
  • malware
  • lost and stolen devices
  • network analyzers
  • keyloggers

70. Which QoS level is recommended for guest services?

  • platinum
  • silver
  • bronze
  • gold

71. Which feature on the Cisco Wireless LAN Controller must be present to support dynamic VLAN mapping?

  • AAA override
  • CCKM/OKCZ
  • VLAN name override
  • FlexConnect ACL

72. An engineer must use Cisco AVC on a Cisco WLC to prioritize Cisco IP cameras that use the wireless network. Which element do you configure in a rule?

  • rate-limit
  • mark
  • WMM required
  • permit-ACL