[Lead2pass New] 2017 Updated Lead2pass Cisco 200-355 Exam Questions (241-260)
2017 October Cisco Official New Released 200-355 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Cisco New Released Exam 200-355 exam questions are now can be downloaded from Lead2pass! All questions and answers are the latest! 100% exam pass guarantee! Get this IT exam certification in a short time!
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/200-355.html
Refer to the exhibit. At which point in the network topology must the trunk be configured to support multiple SSIDs for voice and data separation?
Controllers typically map WLANs to VLANs. When configuring a switch port to a controller, you would set the port to support 802.1Q (switchport trunk encapsulation dot1q), then set the port to trunk (switchport mode trunk) and only allow the VLANs needed by the controller (for example, switchport trunk allowed VLANs 10,20,30 if your controller needs only VLANs 10, 20, and 30).
What is the IEEE name for a group of access points that are connected by using the Ethernet?
The wired section of the network that can be reached through the AP is called, from the perspective of the wireless side, the Distribution System (DS). When the distribution system links two APs, or two cells, via Ethernet, the group is called an Extended Service Set (ESS).
Which type of frames are ACK and CF-ACK?
Wireless LANs come in three frame types:
Frame Types Table
Request to Send (RTS)
Clear to Send (CTS)
Contention Free End (CF-End)
Contention Free End + Acknowledgment (CF-End +ACK)
Announcement traffic indication message (ATIM)
The network administrator wants an access point to be able to find rogue APs and to support
location-based services. Which AP mode meets this requirement while having the radios up and preventing client connections?
If you have enough access points, you can even dedicate an AP to making it’s only job picking up other networks, this a mode that the AP can be in and is called “Monitor Mode” to change an AP to monitor mode, navigate to the following on the WLC:
This will place the AP into a dedicated monitor mode, it will not service clients but will sit and scan for you.
What are the interface statuses of a lightweight AP working in rogue-detection mode?
A. radios turned off, Ethernet interface up
B. radios and Ethernet interfaces up
C. radios turned on, Ethernet interface shut down
D. radios turned on, Ethernet interface status controlled by Cisco WLC
In this mode, the AP radio is turned off, and the AP listens to wired traffic only. The controller passes the APs configured as rogue detectors as well as lists of suspected rogue clients and AP MAC addresses. The rogue detector listens for ARP packets only, and can be connected to all broadcast domains through a trunk link if desired.
Which Cisco AnyConnect module allows you to set the parameters that are needed to connect to the wireless network?
The main components used in IUWNE are the Cisco AnyConnect Mobility Client itself, associated with the Network Access Module (NAM) used to manage existing profiles and provide the wireless connectivity. You also can click Advanced to open the NAM front end. You can then manage profiles (create, delete, reorder). The network administrator can restrict the types of networks that the end user can manipulate on the NAM.
What is the function of the Cisco AnyConnect DART tool?
A. creates a compressed bundle of client logs and information
B. visualizes a WLAN environment, showing the possible locations of problems
C. gathers statistics from neighboring clients for comparison to the baseline
D. helps to troubleshoot a WLAN connection by using easy-to-use wizards and statistic viewers
AnyConnect offers the DART module that can be used to analyze and troubleshoot connections.
The information collected by DART can be examined locally or exported and sent to a network support desk for analysis. The DART tool is able to create a bundle to log information for all the wireless clients.
Which Cisco program for WLAN client vendors helps to ensure that their devices are interoperable with Cisco WLAN infrastructure?
IEEE and industry standards define how a Wi-Fi radio interoperates with a wireless LAN infrastructure, and the Wi-Fi CERTIFIEDTM seal ensures interoperability. For many organizations that rely on mobile computers, however, Wi-Fi CERTIFIED is not enough. These organizations need assurance that their mobile computers will interoperate with a Cisco wireless LAN infrastructure and support Cisco wireless LAN innovations for enhanced security, mobility, quality of service, and network management. The Cisco Compatible seal gives organizations the assurance that they seek.
A mobile computer earns the Cisco Compatible seal through a program called Cisco Compatible Extensions, or CCX. Like the Wi-Fi certification program, CCX:
The CCX specification is a superset of that used for Wi-Fi certification. In fact, a device cannot be certified for CCX unless it, or the Wi-Fi radio inside it, is Wi-Fi CERTIFIED.
Which information on the Monitoring page of a Cisco WLC verifies that the wireless network is operational?
A. In the Access Point Summary section, the All APs number in the Up column is the same as in the
B. In the Client Summary section, the Current Clients number is positive.
C. In the Controller Summary section, the 802.11b/g Network State is shown as Enabled.
D. In the Controller Summary section, the CPU Usage number is positive.
The output from the access point summary section of the Cisco WLC can be seen at the reference link below:
What is a risk when initiating the containment of a rogue AP?
A. disassociating clients of valid access points that are operated by a neighboring organization
B. disrupting transmission of neighboring AP clients
C. breaking the radio of the containing AP
D. breaking the rogue client radio or its firmware
Rogue Containment Caveats
Refer to the exhibit. What does the yellow shield with the exclamation mark indicate?
A. The network uses open authentication and no encryption.
B. The network uses an unsupported channel.
C. The signal is too distorted to connect.
D. The AP that is transmitting this SSID uses the wrong RF domain.
E. This is the ad-hoc network.
an exclamation mark inside a yellow shield is displayed if the SSID has no security [Open authentication, no encryption]), clicking Connect and completing the security parameters when applicable.
Which method is used to shield the client from class 3 management attacks?
A. client MFP
D. client protection suite
With MFP, all management frames are cryptographically hashed to create a Message Integrity Check (MIC). The MIC is added to the end of the frame (before the Frame Check Sequence (FCS)).
When MFP is enabled on one or more WLANs configured in the WLC, the WLC sends a unique key to each radio on each registered AP. Management frames are sent by the AP over the MFP-enabled WLANs. These APs are labeled with a frame protection MIC IE. Any attempt to alter the frame invalidates the message, which causes the receiving AP that is configured to detect MFP frames to report the discrepancy to the WLAN controller.
Which protocol helps the administrator to determine whether a detected rogue AP is in the network of the organization?
RLDP is an active approach, which is used when rogue AP has no authentication (Open Authentication) configured. This mode, which is disabled by default, instructs an active AP to move to the rogue channel and connect to the rogue as a client. During this time, the active AP sends deauthentication messages to all connected clients and then shuts down the radio interface. Then, it will associate to the rogue AP as a client.
The AP then tries to obtain an IP address from the rogue AP and forwards a User Datagram Protocol (UDP) packet (port 6352) that contains the local AP and rogue connection information to the controller through the rogue AP. If the controller receives this packet, the alarm is set to notify the network administrator that a rogue AP was discovered on the wired network with the RLDP feature.
Which wireless client attempts to authenticate by using 802.1X?
802.1x is an Institute of Electrical and Electronics Engineers (IEEE) standard that provides an authentication framework for WLANs. 802.1x uses the Extensible Authentication Protocol (EAP) to exchange messages during the authentication process. The authentication protocols that operate inside the 802.1x framework that are suitable for wireless networks include EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), and EAP-Tunneled TLS (EAP-TTLS). These protocols allow the network to authenticate the client while also allowing the client to authenticate the network.
802.1x authentication consists of three components:
Which EAP protocol requires a certificate only on the server side?
PEAP is not an encryption protocol; as with other EAP types it only authenticates a client into a network.
PEAP uses only server-side public key certificates to authenticate clients by creating an encrypted SSL/TLS tunnel between the client and the authentication server, which protects the ensuing exchange of authentication information from casual inspection.
Which encryption algorithm does WPA use?
The RC4 Encryption Algorithm, developed by Ronald Rivest of RSA, is a shared key stream cipher algorithm requiring a secure exchange of a shared key. The symmetric key algorithm is used identically for encryption and decryption such that the data stream is simply XORed with the generated key sequence. The algorithm is serial as it requires successive exchanges of state entries based on the key sequence. Hence implementations can be very computationally intensive. The RC4 encryption algorithm is used by standards such as IEEE 802.11 within WEP (Wireless Encryption Protocol) using 40 and 128-bit keys. Published procedures exist for cracking the security measures as implemented in WEP.
Which statement about configuration of Layer 2 wireless user authentication on a Cisco WLC is true?
A. Local EAP is used only if an external RADIUS is not configured or is unreachable.
B. The external RADIUS is used only if local EAP is not configured.
C. The administrator chooses whether local EAP or an external RADIUS is used first.
D. The external RADIUS is used only if local EAP is explicitly disabled.
If any RADIUS servers are configured on the controller, the controller tries to authenticate the wireless clients using the RADIUS servers first. Local EAP is attempted only if no RADIUS servers are found, either because the RADIUS servers timed out or no RADIUS servers were configured. If four RADIUS servers are configured, the controller attempts to authenticate the client with the first RADIUS server, then the second RADIUS server, and then local EAP. If the client attempts to then reauthenticate manually, the controller tries the third RADIUS server, then the fourth RADIUS server, and then local EAP.
Refer to the exhibit. Which option must be chosen if only the WPA is needed?
B. Static-WEP + 802.1X
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks.
Which statement describes a security weakness of a WPA2 with a PSK?
A. The compromised key can be used for another connection.
B. The key can be eavesdropped from the wireless medium.
C. The key can be recreated from a few eavesdropped frames.
D. The key is not case-sensitive and is vulnerable to compromise by brute-force methods.
WPA2-Enterprise is (in my opinion) considerably more secure than PSK.
To implement a more secure means of communication for voice and data, what technology successfully resists interference by utilizing a wider bandwidth than needed for the transmitting signal?
A. Spread Spectrum
C. Extended U-NII2
D. ISM Bands
Lead2pass gives the latest, authoritative and complete 200-355 braindumps for 200-355 exam, because of that, all of our candidates pass 200-355 certification without any problem. The biggest feature is the regular update of 200-355 PDF and VCE, which keeps our candidates’ knowledge up to date and ensures their 200-355 exam success.
200-355 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDd3NzLWRUUTRLME0
2017 Cisco 200-355 exam dumps (All 500 Q&As) from Lead2pass:
https://www.lead2pass.com/200-355.html [100% Exam Pass Guaranteed]