cisco braindumps 646-048 exam questions & answers · · 2015-08-12cisco braindumps 646-048...

Cisco Braindumps 646-048 Exam Questions & Answers

Number: 646-048Passing Score: 800Time Limit: 120 minFile Version: 20.1

http://www.gratisexam.com/

Cisco 646-048 Exam Questions & Answers

Exam Name: Advanced Routing and Switching for Account Managers - ARSAM

For Full Set of Questions please visit: http://www.braindumps.com/646-048.htm

Braindumps

QUESTION 1Which two security features are associated with a wireless network employing 802.11i configured as a RobustSecurity Network? (Choose two.)

A. WEPB. AES-CCMPC. 802.11xD. IPsecE. TKIPF. 802.1x

Correct Answer: BFSection: (none)Explanation

Explanation/Reference:

QUESTION 2Before conducting a passive RF site survey with a standalone AP, which two of these should be staticallyconfigured on the AP? (Choose two.)

A. passive clientB. channel assignmentC. DTPCD. Tx power levelE. channel scan defer priority

Correct Answer: BDSection: (none)Explanation


QUESTION 3After interviewing a customer to understand wireless client requirements, you determine that 802.11b must beenabled to support legacy clients within a mixed-mode environment. Which recommendation will have thegreatest impact on mitigating the effects of 802.11b clients on the rest of the network?

A. Restrict OFDM modulation from being used.B. Make 11 Mb/s the lowest mandatory rate.C. Enable a separate SSID for 802.11b clients.D. Enable a short preamble.

Correct Answer: BSection: (none)Explanation


QUESTION 4

The 802.11-2007 standard includes which two amendments to the original 802.11 standard? (Choose two.)

A. 802.11cB. 802.11dC. 802.11jD. 802.11rE. 802.11u

Correct Answer: BCSection: (none)Explanation


QUESTION 5You are designing a wireless network utilizing EAP-TLS. One design requirement is to provide per-userdifferentiated QoS using only one SSID. What is the best way to achieve this goal?

A. using WMM overrideB. using Cisco Airespace VSAsC. using QoS Enhanced BSSD. using AP groups



QUESTION 6What does the letter P in the designation of the AIR-CAP3502P AP indicate?


A. The AP supports the new IEEE 802.11p (WAVE) wireless standard.B. The AP requires professional installation.C. The AP can be used in plenum applications.D. The AP is compatible with polarization type antennae.



QUESTION 7

You are converting your wireless infrastructure from a data-only design to a location services design.Which task do you need to complete?

A. Disable the DSSS speeds for RFID compatibility.B. Use fewer APs to avoid RFID 3D imaging.C. Set APs to maximum power for RF fingerprinting.D. Locate APs at the edges of your coverage area for trilateration.

Correct Answer: DSection: (none)Explanation


QUESTION 8Which statement about heat maps on Cisco WCS is true?

A. They are predictive and rely only on the accuracy of the information that is provided with the map.B. They are based on real-time actual values if Cisco Compatible Extensions is enabled on the APs.C. They are predictive but can be converted to real values by using the Refresh from network button.D. They are based on real-time actual values because of fingerprinting.

Correct Answer: ASection: (none)Explanation


QUESTION 9_________ is classified as an 802.11i RSN with _________ as the mandatory encryption protocol.

A. WEP, TKIPB. WPA2,TKIPC. WPA, AESD. WPA2, AES



QUESTION 10You are designing an autonomous wireless network for an office building that is located near a local airport.The customer requires the use of 802.11a/n clients only, and the APs must never change their channel afterthey are configured. Which two UNII bands and channels should you restrict the APs to use on the 5 GHzradios? (Choose two.)

A. UNII-1 and UNII-3B. UNII-1 and UNII-2 extendedC. 36-52 and 149-161D. 36-48 and 100-140

E. 52-64 and 149-161F. 36-48 and 149-161

Correct Answer: AFSection: (none)Explanation


QUESTION 11You have been hired to install an outdoor wireless network for a small city. The design must provide 360degrees of coverage from a central location and at least 33 Mb/s of aggregate bandwidth for clause 18 radioclients. How do you design this solution?

A. Threeor more patch antennas installed in a circular pattern on the same supporting structureB. Onehigh-gain omni-directional antennaC. Threeor more parabolic dish antennas installed in a circular pattern on the same supporting structureD. Threeor more sector array antennas installed in a circular pattern on the same supporting structureE. Threeor more Yagi antennas installed in a circular pattern on the same supporting structure



QUESTION 12Which of the following are required components for Client MFP? (Choose two.)

A. CCXv4B. CCXv5C. 802.11nD. WPA2 w/TKIP or AES-CCMPE. AnyConnect 3.0



QUESTION 13Which of the following statements are true regarding RLDP? (Choose two)

A. RLDP works only on APs configured in Open Authentication mode.B. RLDP only works if the AP is in Monitor Mode.C. RLDP will attempt to identify each Rogue AP only once.D. RLDP only works if the Rogue AP is connected to a VLAN that is reachable by the WLC.E. RLDP only works if the AP is in Local Mode.

Correct Answer: ADSection: (none)

Explanation


QUESTION 14Which of the following statements are not correct about Client Management Frame Protection (MFP)? (Choose2.)

A. Client MFP can replace Infrastructure MFP in case only CCXv5 clients are used.B. Client MFP encrypts class 3Unicastmanagement frames using the security mechanisms defined by 802.11i.C. In order to use Client MFP the client must support CCXv5 and negotiate WPA2 with AES-CCMP or TKIP.D. The only supported method to obtain the pre-user MFP encryption keys is EAP authentication.E. CCXv5 client and access points must discard broadcast class 3 management frames.

Correct Answer: ADSection: (none)Explanation


QUESTION 15Which of the below parameters are used in calculating the range - maximum distance - of an outdoor linkbetween two bridges? Choose two.

A. The cable length between bridge and the connecting switch.B. The bridge transmission power.C. The outside temperature.D. The modulation type.E. The length of the antenna.



QUESTION 16When viewed from the side (in the H-plane), how can the radiation pattern of a patch and Yagi antennas bedescribed? (Choose two.)

A. the patch patterns are egg-shaped.B. the patch patterns are conical.C. the patch patterns are doughnut-shaped.D. the Yagi patterns are conical.E. the Yagi patterns are egg-shaped.F. the Yagi patterns are doughnut-shaped.



QUESTION 17The transmit power level on an 802.11a radio is configured for 25 mW. What is the corresponding value indecibels?

A. 2.5 dBmB. 3 dBmC. 14 dBmD. 18 dBmE. none of the above

Correct Answer: CSection: (none)Explanation


QUESTION 18Users complain about intermittent wireless connectivity issues. You see the following message on your CiscoWCS, corresponding the time the connectivity issues occurred. AP 'building-1-entrance', interface '802.11b/g'on Controller '10.1.1.2'. Noise threshold violated.What do you do?

A. Increase the interference threshold from the default 10%.B. Use a spectrum analyzer to discover the noise source.C. Check the logs for rogues in the area, and turn on rogue mitigation.D. Increase the power of the APs in the entrance hall.



QUESTION 19You are working for a South American services integrator. Your customer has a working unified Cisco WLCsolution in Costa Rica (-A domain). You need to integrate an office in Panama (-N domain); correct APs arealready deployed for this domain. Which approach do you take?

A. Do nothing. These APs will work on the same Cisco WLC because the countries are neighbors.B. Change the APs in the Panama office to AIR-CAP3502E-N-K9, which have external antennae.C. Use the config domain add -N command on the Cisco WLC.D. Add the country code for Panama (PA) through the Cisco WLC web GUI.



QUESTION 20One of your customers is thinking of deploying wireless in a building. Which two items should you establish in a

pre-site survey? (Choose two.)

A. the exact channels that should be usedB. the agreed coverage areas for the designC. the access security arrangements for getting into the buildingD. the type of deployment (data-only service, voice service, or location services)E. sources of RF interference



QUESTION 21On AIR-CAP3500 Series APs, which AP mode allows you to intensively analyze the frequency spectrum anddetect interferers?

A. SnifferB. MonitorC. SE-ConnectD. AnalyzerE. Rogue Detector



QUESTION 22Which type of indoor Cisco AP should you deploy to make use of spatial multiplexing?

A. AIR-LAP1242AGB. AIR-BR1310GC. AIR-LAP1131AGD. AIR-LAP1252AGE. AIR-LAP1524AG



QUESTION 23You have been hired to conduct a predeployment indoor wireless site survey. Which item is not needed beforestarting the project?

A. a statement of work that details the areas of the facility in which the customer wants to deploy wirelessB. architecture drawings of the facilityC. topographical maps

D. a list of client devices and applications that will use wireless at the facilityE. Layer 2 security requirements for the WLAN



QUESTION 24Which regulatory body develops standards for European information and communication technologies?

A. European UnionB. European Telecommunications Standards InstituteC. European Radio and Telecommunications Terminal Equipment DirectiveD. International Organization for Standardization



QUESTION 25ABC Company end users are reporting voice roaming issues. Which two situations are possible causes?(Choose two.)

A. The RF coverage cells have only 10-percent overlap; 15- to 20-percent cell overlap is typically needed forseamless roaming.

B. The RF coverage is colocated.C. There is interference from a 5 GHz DECT-like phone.D. The RF coverage cells have only 20-percent overlap; 25- to 30-percent cell overlap is typically needed for

seamless roaming.E. There is interference from the cellular network.

Correct Answer: ACSection: (none)Explanation


QUESTION 26After interviewing the customer to understand its wireless client requirements, you determine that 802.11b mustbe enabled to support legacy clients within a mixed-mode environment. What recommendation will have thegreatest mitigation on the effects of 802.11b clients on the rest of the network?

A. Restrict the use of OFDM modulation.B. Make 11 Mb/s the lowest mandatory rate.C. Enable a separate SSID for 802.11b clients.D. Enable short preamble.

Correct Answer: B

Section: (none)Explanation


QUESTION 27Which of the below devices can cause unintentional RF jamming attacks against an 802.11 wireless network?(Choose two.)

A. Rogue Access PointsB. Microwave OvenC. RadarD. 900 Mhz cordless phones



QUESTION 28When conducting a greenfield RF site survey with multiple APs, which information element should be enabledto ensure your site survey software will display the hostname of each AP?

A. IE 0B. IE 1C. IE 133D. IE 221



QUESTION 29Corporation XYZ has 25 buildings (with a total of 12000 employees) and would like to implement a single SSIDacross their entire site. Which feature would be helpful to prevent wireless internet access from 1 of the 25buildings?

A. AP groupsB. AAA overrideC. WLAN overrideD. MAC filtering



QUESTION 30

Which three of these are considered Cisco RF guidelines for a proper VoWLAN deployment? (Choose three.)

A. Cell edge should be -67 dBm with 20 to 30 percent overlap.B. Channel utilization should be kept under 30 percent.C. Noise levels should not exceed -92 dBm.D. Packet loss should not exceed 5 percent.E. Jitter should be kept at a minimum (less than 300 ms).F. 802.11 retransmissions should be less than 20 percent.

Correct Answer: ACFSection: (none)Explanation


QUESTION 31Which IEEE standard allows for the use of multiple 2-MHz communication channels within the 2.4-GHzspectrum?

A. 802.14B. 802.15.4C. 802.16.1D. 802.18E. 802.19



QUESTION 32While reviewing data gathered during a passive RF site survey for an existing network of Cisco Aironet 1260Series Access Points, you discover a high amount of potential co-channel interference throughout the network.Which two of these are potential causes? (Choose two.)

A. an inconsistent beacon intervalB. EDRRM is not enabledC. the APs are placed too close togetherD. a static channel plan is usedE. the radio policy is inadvertently set identically for all SSIDs

Correct Answer: CDSection: (none)Explanation


QUESTION 33You are tasked with creating a controller-based high-density RF design. Which three factors determine the cellsize? (Choose three.)

A. antenna typeB. ClientLink supportC. basic data rateD. TPC threshold settingE. AP placementF. free space path loss

Correct Answer: ACDSection: (none)Explanation


QUESTION 34You are tasked with designing a wireless network to support a specific 5-GHz wireless phone. During the initialdesign phase you are unable to obtain the client device radio specifications. From a network configurationperspective, which of these cannot be configured before you obtain the radio specifications?

A. band selectB. WMM queue selectionC. DCA channel listD. channel width



QUESTION 35You are configuring an autonomous wireless guest network for your customer. The customer requires thatguest users be unable to communicate with one another. Which solution best meets this requirement?

A. public secure packet forwarding on the AP and switch-port protected on the AP switch portB. public secure packet forwarding on the AP and limiting the AP switch port to the guest VLAN onlyC. port security on the AP and 802.1X on the AP switch portD. MAC filtering on the AP radio interface and switch-port protected on the AP switch portE. public secure packet forwarding on the AP and configuring the guest VLAN on the switched network as a

private VLAN

Correct Answer: ESection: (none)Explanation


QUESTION 36What is the advantage of EAP-FAST compared to LEAP?

A. EAP-FAST exchanges user credentials within a TLS tunnel whereas LEAP exchanges credentialsinformation in clear, which allows possible offline "dictionary attacks."

B. EAP-FAST allows authenticated in-band PAC provisioning, whereas LEAP uses anonymous in-band PAC

provisioning, which is transparent to the user.C. LEAP only supports user and password changes in conjunction with MS-CHAPv2, whereas EAP-FAST

supports user and password changes when using MS-CHAPv2 or OTP or PAC.D. EAP-FAST works with the 802.11 authentication algorithm "open eap," and also with "network-eap,"

whereas LEAP is limited to the 802.11 authentication algorithm "network-eap" only.



QUESTION 37Which of the below statement is correct with regards to configuring local MAC authentication on an AP?

A. A MAC address can be spoofed, so it is insecure.B. The MAC address is used in stead of the username in the EAP certificate exchange.C. The MAC address may be used in the key hash, if WEP is used as a key cipher.D. MAC address authentication can not co-exist with EAP authentication.



QUESTION 38Which two statements are not correct about client MFP? (Choose two.)

A. Client MFP can replace infrastructure MFP if only CCXv5 clients are used.B. Client MFP encrypts class 3 unicast management frames using the security mechanisms defined by

802.11i.C. In order to use client MFP, the client must support CCXv5 and negotiate WPA2 with AES-CCMP or TKIP.D. The only supported method to obtain the pre-user MFP encryption keys is EAP authentication.E. The CCXv5 client and access points must discard broadcast class 3 management frames.



QUESTION 39Company XYZ has a wireless network in place. Which three general guidelines should be followed to overlay aCisco Context-Aware Mobility Solution? (Choose three.)

A. The maximum effective AP spacing should be between 40 feet and 70 feet.B. There should be a minimum of two APs within range of each client.C. APs at the perimeter of the coverage area need to be deployed.D. The physical placement of APs must be collinear.E. Equilateral triangle placement of the APs yields better accuracy.

Correct Answer: ACESection: (none)Explanation


QUESTION 40You are designing a wireless infrastructure for an enterprise customer in the busy international banking districtof Tokyo. All the client adapters are fairly modern, so you have turned off 802.11b speeds to reduce the size ofyour cells. Which channels will you choose to make optimum use of the available spectrum?

A. 1, 5, 9, 13B. 1, 6, 11C. 1, 6, 11, 14D. 1, 4, 7, 11, 14E. 1, 5, 9



QUESTION 41Which three are equivalent forms of the IPv6 address 2011:0000:0000:0000:2010:0000:0000:000F? (Choosethree.)

A. 2011:0:0:0:2010:0:0:FB. 2011::2010::000FC. 2011:0:0000:0000:2010::000FD. 2011::2010:0:0:FE. 2011::201:0000:0000:000FF. 2011::201:0010:0010:000F



QUESTION 42Which of the following is not a valid IPv6 address type?

A. link-local unicastB. unique-local unicastC. anycastD. multicastE. broadcast



QUESTION 43To avoid classification at all switches within a QoS domain, a switch port may be configured in a trusted state.Which two statements are true regarding the trust state configuration of a switch port? (Choose two.)

A. When mls qos trust is not configured on the port, the default port trust state is DSCP.B. When mls qos trust is not configured on the port, the default port trust state is CoS.C. The port trust state can be CoS or DSCP only.D. When mls qos trust cos is configured on the port, the port default CoS value is used for an untagged

packet.E. When mls qos trust cos is configured on the port, the switch classifies an ingress packet by using the

packet CoS value.

Correct Answer: DESection: (none)Explanation


QUESTION 44Which aggregate of the IPv6 addresses 2001:0303:0000:5000:0000:052B:0000:0000/96 and2001:0303:0000:5000:0000:052C:0000:0000/96 has the longest possible mask?

A. 2001:0303:0000:5000:0000:052A:0000:0000/96B. 2001:0303:0000:5000:0000:052A:0000:0000/95C. 2001:0303:0000:5000:0000:0528:0000:0000/93D. 2001:0303:0000:5000:0000:0520:0000:0000/92



QUESTION 45Which two protocols or processes can be used for a switched network to control distribution of multicast trafficat Layer 2? (Choose two.)

A. PIMB. CGMPC. IGMP v2D. IGMP v3E. IGMP snooping

Correct Answer: CESection: (none)Explanation


QUESTION 46A router has two interfaces: Ethernet 0 is connected to the LAN and Ethernet 1 is connected to the Internet.The LAN is 20.20.20.0/24. All hosts on the LAN must be able to form TCP connections to any host on theInternet. Hosts on the Internet may not form TCP connections to hosts on the LAN, except to port 25 of a mailserver on the LAN. The web server IP address is 20.20.20.100. Which configuration fulfills all therequirements?

A. interface ethernet 1 ip access-group 123 in ! access-list 123 permit tcp any 20.20.20.0 0.0.0.255 access-list123 permit tcp any host 20.20.20.100 eq 25

B. interface ethernet 1 ip access-group 123 in ! access-list 123 permit tcp any 20.20.20.0 0.0.0.255 establishedaccess-list 123 permit tcp any host 20.20.20.100 eq 25

C. interface ethernet 1 ip access-group 123 in ! access-list 123 permit tcp any host 20.20.20.100 eq 25access-list 123 deny tcp any 20.20.20.0 0.0.0.255

D. interface ethernet 1 ip access-group 123 in ! access-list 123 deny tcp any 20.20.20.0 0.0.0.255 access-list123 permit tcp any host 20.20.20.100 eq 25

E. interface ethernet 1 ip access-group 123 in ! access-list 123 permit tcp any host 20.20.20.100 eq 25access-list 123 permit tcp 20.20.20.0 0.0.0.255 any access-list 123 deny tcp any 20.20.20.0 0.0.0.255



QUESTION 47Cisco WiSM controllers have multiple interface types. Which three statements about the interface types of thecontrollers are true? (Choose three.)

A. The service-port interface is the default interface for in-band management of the controller.B. If the service port is in use, then the management interface must be on a different subnet than the service

port.C. You cannot ping the AP-manager interface.D. The virtual gateway interface is used to support mobility management.E. The management interface is used as the source IP address for all Layer 3 communications between the

controller and the lightweight APs.F. On the Cisco WiSM, the management interface is used to synchronize the supervisor engine and the Cisco

WiSM.

Correct Answer: BCDSection: (none)Explanation


QUESTION 48You have 2 WLCs with management IP addresses of 192.168.11.5 and 192.168.11.6 respectively. Your APsreside on a different subnet. Which of the below DHCP options needs to be configured?

A. option 43 hex f102c0a80b05c0a80b06B. option 43 hex f108c0a80b05c0a80b06C. option 43 hex f102c0a81105c0a81106D. option 43 hex f108c0a81105c0a81106

Correct Answer: B

Section: (none)Explanation


QUESTION 49Which two statements about the IPv4 ToS byte are true? (Choose two.)

A. The ToS byte is located in the Layer 2 header.B. The ToS byte is located in the Layer 3 header.C. The DSCP values range from 0 to 7.D. The IP precedence and the DSCP fields have two overlapping bits.E. The class selector in the DSCP field is defined for backward compatibility with IP precedence.

Correct Answer: BESection: (none)Explanation


QUESTION 50Which three protocols does IEEE 802.1X access control allow until the client is authenticated? (Choose

three.)

A. Cisco Discovery ProtocolB. VLAN Trunking ProtocolC. Spanning Tree ProtocolD. Extensible Authentication Protocol over LANE. Dynamic Host Control Protocol



QUESTION 51Cisco WiSM controllers have multiple interface types. Which two interfaces must be present and configured atsetup time? (Choose two.)

A. virtualB. virtual gatewayC. service portD. operator defined



QUESTION 52IN CUWN, what DHCP option needs to be configured for APs to join specific WLCs, if the WLCs and APsreside in different subnets?

A. option 43B. option 60C. option 82D. option 150



QUESTION 53When LAG is enabled, all ports participate in LAG by default. Which statement about LAG is true?

A. The failure of one link affects only management access, not traffic throughput.B. If any single link fails, traffic will automatically migrate to the remaining links.C. If only two switch ports are in the LAG group, and one switch port fails, then the other switch port will fail

also.D. If there are only two LAG connections, then all VLANs must be allowed.



QUESTION 54Two switches are connected by an EtherChannel. Which setting does not have to match on the connectedports in order to form an EtherChannel?

A. the allowed VLAN listB. the spanning-tree PortFast settingsC. DTP negotiation settingsD. the native VLANE. the spanning-tree port priorities for each VLAN



QUESTION 55Refer to the exhibit.Which two statements are true? (Choose two.)

A. 10.10.10.9 is the IP address of the multicast source.B. 10.10.10.9 is the IP address of the multicast receiver.C. 10.10.10.9 is the RP address for multicast group 239.5.5.5.D. The Ethernet 0/0 interface of the router and 10.10.10.9 are in the same broadcast domain.E. The Ethernet 0/0 interface of the router and 10.10.10.9 do not need to be in the same broadcast domain.



QUESTION 56DSCP values can be expressed in decimal form or by PHB. Which PHB is the equivalent of DSCP 20?


A. AF20B. AF22C. AF26D. AF28



QUESTION 57You are configuring a TACACS+ server and the security team asks you for details about this protocol. Whichthree statements about the TACACS+ protocol are true? (Choose three.)

A. It is TCP based.B. It is UDP based.C. It uses port 49 by default.D. It uses port 59 by default.

E. The username is sent in cleartext.F. The username is encrypted.

Correct Answer: ACFSection: (none)Explanation


QUESTION 58Refer to the exhibit.All the guest users that associate to the guest SSID on the Cisco WLC are receiving this message from theirbrowser each time that they try to reach an Internet website. Which two changes will allow the guest users toavoid this message in a simple and secure way? (Choose two.)

A. Generate and install a new certificate for the Cisco WLC web-auth, signed by the Cisco CA.B. Configure a FQDN in the management interface of the Cisco WLC and add that FQDN to the DNS server.C. Configure a FQDN in the virtual interface of the Cisco WLC and add that FQDN to the DNS server.D. Generate and install a new certificate for the Cisco WLC web-auth, signed by a CA trusted by the browser.E. Generate and install a new certificate for the Cisco WLC web-auth, signed by the local CA.

Correct Answer: CDSection: (none)Explanation


QUESTION 59Which local DHCP pools that are configured on an autonomous IOS AP will properly work and lease IPaddresses to the wireless clients without using the "ip helper-address" command?

A. only the pool configured for the native VLANB. only the pool configured for the VLAN assigned to the SSID where the wireless clients are connectedC. all of the configured local DHCP poolsD. all of the configured local DHCP pools, if static routing is configured appropriately



QUESTION 60Refer to the exhibit.Which two statements are true about the RADIUS attributes listed? (Choose two.)

A. They are used for dynamic VLAN assignment for wireless or wired clients.B. They are used for dynamic VLAN assignment for VPN tunnels.C. They correspond to the RADIUS attribute numbers 64, 65, and 81.D. They correspond to the RADIUS attribute numbers 64, 65, and 71.E. They correspond to the RADIUS attribute numbers 74, 75, and 81.F. They correspond to the RADIUS attribute numbers 74, 75, and 91.



QUESTION 61DNS is configured to respond with a list containing multiple controller addresses. Upon DNS discovery, whichstatement is true?

A. The AP sends a discovery request to the first controller on the list, and then goes down the listchronologically until it receives a discovery response.

B. The AP sends a discovery request to the last controller on the list, and then goes up the list chronologically

until it receives a discovery response.C. The AP sends a discovery request to all controllers on the list simultaneously.D. Multiple controller IP addresses in a DNS response are not supported.



QUESTION 62Refer to the exhibit.The ACS RADIUS Authentication Report shows the output for a failed client authentication. Which action canresolve this issue?

A. Re-generate the client certificate, which is expired.B. Install the complete ACS certificate CA chain on the client operating system.C. Re-generate the local ACS certificate, which was issued by an unknown CA.D. Import the complete client certificate CA chain on the ACS.



QUESTION 63Which two statements about the management access control on Cisco WLC, using an external TACACS+server, are true? (Choose two.)

A. The Cisco WLC supports TACACS+ command authorization.B. The Cisco WLC AAA authorization is role-based, using custom TACACS+ attributes.C. The Cisco WLC AAA authorization is role-based, using Cisco VSA attributes.D. The Cisco WLC requires the TACACS+ server to return a Privilege-Level attribute.E. If a user is not entitled to a specific task, then the user is not allowed to access that task.F. If a user is not entitled to a specific task, then the user is allowed to have read-only access to that task.

Correct Answer: BFSection: (none)Explanation


QUESTION 64What is the benefit of using a CA-signed certificate over a self-signed certificate?

A. You can generate a certificate with a longer validity period.B. Fewer steps need to be generated.C. More authentication types are supported.D. You can avoid impersonation attacks.E. You can use bigger keys.



QUESTION 65Refer to the exhibit.Which DHCP option is shown?

A. 32B. 43C. 60D. 150E. 241



QUESTION 66Refer to the exhibit.Which Cisco WLC IP addresses will be returned to a Cisco AP that requests an IP address from this DHCPpool?

A. 192.168.129.12 and 192.168.129.20B. 192.168.129.11 and 192.168.129.19C. 192.168.129.12 and 192.168.129.17D. 192.168.129.11 and 192.168.129.18E. none of the above



QUESTION 67Refer to the exhibit.What can be filtered by using this DNIS filter on ACS?

A. wireless clients, based on the SSID to which they are associatingB. wireless IP phones, based on the phone number that they are calling

C. authentications from AAA clients, based on their assigned locationD. authentications from a specific Cisco WLC interfaceE. authentications, based on part of the username



QUESTION 68Which statement about using the internal DHCP server feature on a Cisco WLC is true?

A. DHCP option 43 must be configured on the internal DHCP server.B. The DHCP server IP address must be set to the Cisco WLC management interface IP address.C. The internal DHCP server can serve both wireless and wired clients.D. Autonomous APs are supported.



QUESTION 69When using DNS discovery, you must configure DNS to respond to which of the following?

A. CISCO-WAP-CONTROLLER.localdomainB. CISCO-CONTROLLER.localdomainC. CISCO-CAPWAP-CONTROLLER.localdomain or CISCO-LWAPP-CONTROLLER.localdomainD. CISCO-CONTROLLER-LWAPP.localdomain or CISCO-CONTROLLER-CAPWAP.localdomain



QUESTION 70Which two methods can be used in Cisco Secure ACS 5.2 to assign client authentication requests to differentaccess services or authorization policies, based on the SSID to which the client is associated? (Choose two.)

A. DNIS-based end station filterB. CLI-based end station filterC. condition based on the RADIUS-IETF.Filter-ID(11) attributeD. condition based on the RADIUS-IETF:Called-Station-ID(30) attributeE. condition based on the RADIUS-IETF:Calling-Station-ID(31) attribute



QUESTION 71Refer to the exhibit.What might be the reason of these failed attempts in ACS?

A. The wrong shared secret is configured on the AAA client or ACS.B. The request is coming from a AAA client that is configured only for RADIUS on ACS.C. The request is coming from a AAA client that is configured only for TACACS+ on ACS.D. The PC that is trying to access the device is outside the known subnet.



QUESTION 72How can you configure an NTP server address for Cisco Secure ACS 5.2?

A. through the ACS GUI onlyB. through the ACS CLI onlyC. through both the ACS GUI and CLID. on the hosting Microsoft Windows operating systemE. not possible because there are no NTP settings for ACS



QUESTION 73You have configured ACS to perform machine authentication against Active Directory. Both ACS and ActiveDirectory hosts can ping each other, there is no firewall between them, and ACS trusts the correct CA. Yet theclients that are performing machine authentication with EAP-TLS and using valid certificates are failing toauthenticate. What might the reason be?

A. The wrong UDP port for Active Directory is configured on ACS.B. Machine access restrictions is enabled on ACS.C. The client certificate key is less than 2048 bit.D. The wrong date and time are on the ACS server.E. The host is not configured in the ACS internal database.



QUESTION 74Refer to the exhibit.Which DHCP option is shown?

A. Option 60 B. Option 241B. Option 32C. Option 150D. Option 43

Correct Answer: Section: (none)Explanation


QUESTION 75Refer to the exhibit.Cisco Secure ACS 5.2 shows successful TACACS+ authentication and authorization for the user, but access tothe Cisco WLC GUI fails. What is the reason for this failure?

A. The user password is incorrect.B. The authorization response does not include a Privilege-Level attribute.C. The assigned role is incorrect.D. The received TACACS+ packet is not encrypted.



QUESTION 76You are configuring a RADIUS server and the security team asks you for details about this protocol. Whichthree statements about the RADIUS protocol are true? (Choose three.)

A. It is TCP based.B. It is UDP based.C. RADIUS servers use port 1645 or port 1812 for authentication.D. RADIUS servers use port 1646 or port 1813 for authorization.E. The username is sent in cleartext.F. The username is encrypted.

Correct Answer: BCESection: (none)Explanation


QUESTION 77In a bridge-to-bridge setup, the network administrator wants to allow only the root bridge the ability to associateto the non-root bridge. To achieve this goal, the administrator decides to implement a MAC filter. If0017.dfa6.cdf0 is the MAC address of the root AP (ROOT_AP) and 0017.dfa6.ae13 is the MAC address of thenon-root AP (NON-ROOT_AP), which command set will achieve this goal?

A. ROOT_AP# configure terminal ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 ROOT_AP

(config)# dot11 association mac-list 700B. NON-ROOT_AP# configure terminal NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 NON-

ROOT_AP(config)# dot11 association mac-list 700C. NON-ROOT_AP# configure terminal NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.ae13 NON-

ROOT_AP(config)# dot11 association mac-list 700D. NON-ROOT_AP# configure terminal NON-ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 NON-

ROOT_AP(config)# dot11 ssid bridge NON-ROOT_AP(config-ssid)# dot11 association mac-list 700E. ROOT_AP# configure terminal ROOT_AP(config)# access-list 700 permit 0017.dfa6.cdf0 ROOT_AP

(config)# interface Dot11Radio0 ROOT_AP(config-if)# dot11 association mac-list 700



QUESTION 78When a wireless client connects to an autonomous AP, which sequence of events will occur when connectingto a SSID that does not broadcast itself?

A. probe request, probe response, association request, association response, authentication request,authentication response

B. authentication request, authentication response, probe request, probe response, association request,association response

C. probe request, probe response, authentication request, authentication response, association request,association response

D. authentication request, authentication response, association request, association response, probe request,probe response



QUESTION 79Refer to the exhibit.Given the following GUI output on an autonomous AP, how many additional infrastructure APs are registered tothe Cisco WDS AP that is shown in the exhibit, and which Cisco WDS master AP MAC address is used for theWDS registration process?

A. Zero and 0022.bd1a.0680B. Oneand 0022.bd1a.0680C. Twoand 0026.cb53.6d40D. Zero and 0026.cb53.6d40E. Oneand 0026.cb53.6d40F. Oneand 0024.d70c.7ca4 or 001b.7766.d253



QUESTION 80The QoS implementation for WLANs differs from QoS implementations on other Cisco devices. Which twoactions do QoS enabled autonomous bridges perform? (Choose two)

A. They do not classify packets; they prioritize packets based on DSCP value, client type (such as a wirelessphone), or the priority value in the 802.1q or 802.1p tag.

B. They construct internal DSCP values and support mapping by assigning IP Differentiated Services CodePoint (DSCP), Precedence, or Protocol values to Layer 2 COS values.

C. They do not match packets using ACL; they use only modular quality of service (MQC) class-map formatching clauses.

D. They do not construct internal DSCP values; they only support mapping by assigning IP DifferentiatedServices Code Point (DSCP), Precedence, or Protocol values to Layer 2 COS values.



QUESTION 81The QoS implementation for WLANs differs from QoS implementation on other Cisco devices. With QoSenabled on autonomous APs, which two statements are true? (Choose two.)

A. Autonomous APs do not prioritize packets; they classify packets based on DSCP value, client type, or thepriority value in the 802.1Q or 802.1p tag.

B. Autonomous APs do not construct internal DSCP values; they only support mapping by assigning IP DSCP,precedence, or protocol values to Layer 2 CoS values.

C. Autonomous APs do not support 802.1Q or 802.1p tagged packets.D. Autonomous APs prioritize the traffic from voice clients over traffic from other clients when the QoS Element

for Wireless Phones feature is enabled.



QUESTION 82When you have an AP in autonomous mode, you can configure the AP to only allow console or Telnet accessto authorized users. What is the correct command sequence to achieve RADIUS login authentication viaconsole?

A. configure terminal aaa new-model aaa authentication login default line console 0 login authentication defaultradius-server host 172.10.0.1 auth-port 1645 acct-port 1646

B. configure terminal aaa new-model aaa authentication login default group radius line console 0 loginauthentication default radius-server host 172.10.0.1 auth-port 1645 acct-port 1646

C. configure terminal aaa new-model aaa authentication login default group radius login authentication defaultradius-server host 172.10.0.1 auth-port 1645 acct-port 1646

D. configure terminal aaa new-model aaa authentication login default group radius line console 0 loginauthentication default group radius radius-server host 172.10.0.1 auth-port 1645 acct-port 1646



QUESTION 83When viewing the configuration of an autonomous AP, you see these SNMP commands:snmp-server community comaccess ro 4snmp-server enable traps snmp authenticationsnmp-server host cisco.com version 2c publicWhich statement about these commands is true?

A. These commands block read-only access for all objects to access list 4 members that use the comaccesscommunity string. All other SNMP managers have access to any objects. SNMPv2c sends SNMPAuthentication Failure traps to the host cisco.com, using the public community string.

B. These commands allow write-only access for all objects to access list 4 members that use the comaccesscommunity string. No other SNMP managers have access to any objects. SNMPv2c sends SNMPAuthentication Failure traps to the host cisco.com, using the public community string.

C. These commands allow read-only access for all objects to access list 4 members that use the comaccesscommunity string. No other SNMP managers have access to any objects. SNMPv2c sends SNMPAuthentication Failure traps to the host cisco.com, using the public community string.

D. These commands allow read-only access to access list 4 members that use the comaccess communitystring. SNMPv2c sends SNMP Authentication Failure traps to the host cisco.com, using the publiccommunity string.



QUESTION 84Refer to the exhibit.This portion of a Cisco IOS AP configuration refers to a multiple SSID and VLAN configuration. Whichstatement is false?

A. The mbssid guest-mode command allows guest users to connect to the SSID.B. All SSIDs are broadcast by and visible to clients.C. The EAP SSID allows client to connect to it by using PEAP as an authentication method.D. The AP needs to have subinterfaces 80, 81, and 82 configured, both on the radio 0 and Ethernet interfaces.



QUESTION 85When you set up an 802.11n-capable network using autonomous APs, which two settings let you achieve802.11n rates? (Choose two.)

A. no encryptionB. WPA2 AES-CCMP encryptionC. WEP encryptionD. Cisco Key Integrity Protocol encryptionE. WPA1 TKIP encryptionF. WPA2 TKIP encryptionG. PSK

Correct Answer: ABSection: (none)Explanation


QUESTION 86Refer to the exhibit.Given this debug output from the debug wlccp wds mn command, which event has occurred?

A. A wireless client with an IP address of 192.168.200.33 has joined the Cisco WDS domain.B. A wireless client with an IP address of 192.168.200.33 has re-associated to the Cisco WDS domain.C. A wireless client has been removed from the Cisco WDS domain.D. A wireless client has failed authentication.



QUESTION 87You want to prevent a wireless client with a MAC address of 00:40:96:a5:b5:d4 from associating with an

autonomous AP. Which commands do you use on the autonomous AP?

A. dot11 association mac-list 700 access-list 700 deny 0040.96a5.b5d4 ffff.ffff.ffffB. dot11 association mac-list 700 access-list 700 permit 0000.0000.0000 ffff.ffff.ffff access-list 700 deny

0040.96a5.b5d4 0000.0000.0000C. dot11 association mac-list 700 access-list 700 deny 0040.96a5.b5d4 0000.0000.0000 access-list 700 permit

0000.0000.0000 ffff.ffff.ffffD. dot11 association mac-list 700 access-list 700 deny 0040.96a5.b5d4 ffff.ffff.ffff access-list 700 permit

0000.0000.0000 ffff.ffff.ffffE. none of the above



QUESTION 88Which set of steps shows the correct order for adding an SSID with WPA security on a new VLAN via the GUIon an autonomous AP?

A. Create the SSID, create the VLAN, and then set up encryption.B. Create the VLAN, set up encryption, and then create the SSID.C. Set up encryption, create the VLAN, and then create the SSID.D. Create the VLAN, create the SSID, and then set up encryption.



QUESTION 89What is the function of the distance command on an autonomous 802.11 bridge?

A. to adjust the data rate of the packet transmissionB. to adjust the bridge timeout values to account for the time that is required for radio signals to travel from

bridge to bridgeC. to give the person reading the configuration an idea of how far apart the bridge links areD. to increase the time that is needed for authentication



QUESTION 90Which command can you use to configure the standalone AP to use the NTP server at IP address192.168.1.99?

A. ntp server 192.168.1.99

B. sntp server 192.168.1.99C. ntp broadcast client 192.168.1.99D. sntp broadcast client 192.168.1.99



QUESTION 91When configuring multiple BSSIDs in autonomous APs, which three requirements and guidelines should youfollow? (Choose three.)

A. APs must contain an 802.11a or 802.11b/g radio that supports multiple BSSIDs.B. RADIUS-assigned VLANs are supported when you enable multiple BSSIDs.C. VLANs cannot be configured.D. When you enable BSSIDs, the AP automatically maps a BSSID to each SSID. You cannot manually map a

BSSID to a specific SSID.E. Any Wi-Fi certified client device can associate to an AP that uses multiple BSSIDs.F. You cannot enable multiple BSSIDs on APs that participate in WDS.

Correct Answer: ADESection: (none)Explanation


QUESTION 92Which debug command is best to use when you suspect that a client will not connect to an autonomous APbecause of an incorrect WPA PSK?

A. debug dot11 mgmt stationB. debug dot11 aaa authenticator processC. debug dot11 station connection failureD. debug dot11 encryption



QUESTION 93Refer to the exhibit.You are troubleshooting a client that is not able to associate to an SSID configured on an autonomous AP.What is most likely the cause of the association failure, given the debug output seen in the exhibit?

A. The RADIUS server is not reachable.B. The username and password combination is incorrect.C. The SSID is secured with PSK and the shared secret is wrong.D. There is no login method configured under the AAA configuration.E. The aaa authentication command is pointing to a nonexistent RADIUS server.F. The interface dot11radio0 does not require authentication and the client is requesting it.



QUESTION 94You are setting up a wireless network using autonomous APs. Which two statements are true? (Choose two.)

A. A wireless device always attempts to transmit at the highest datarate that is set to Basic, (orRequire in theGUI).

B. At least one data rate must be set to Basic.C. The AP sends multicast and management frames at the lowest basic rate.D. The 5-GHz radios do not support 40-MHz channel width.



QUESTION 95Refer to the exhibit.You have setup an autonomous AP and configured an SSID to serve clients. While troubleshooting a client thatis not able to associate to the SSID, you enable some debugs. Given the debug output seen in the exhibit, whatis most likely the cause of association failure?

A. The SSID is configured with TKIP encryption and the client PC is using AES encryption.B. The authenticating EAP method is PEAP and the username and password combination is incorrect.C. The SSID is secured with PSK and the shared secret is wrong.D. The RADIUS server is rejecting the dot1x authentication due to a message integrity check failure.



QUESTION 96Refer to the exhibit.Client stations are trying to associate to a given SSID and fail to do so for some time before associatingsuccessfully. Considering the debug output that was collected, what could be the cause of the issue?

A. The WLC is connected to two switches and LAG is not configured.B. The client was roaming and the SSID does not have the same WLAN ID on all company controllers.C. The client was already associated to another corporate SSID and Fast SSID change is disabled.D. The WLAN is constantly brought down because of CAPWAP tunnel flapping.E. An administrator changed the WLAN ID during the time in question.



QUESTION 97What is the correct procedure to install a chained certificate (if multiple certification authorities are involved)when you do web authentication on a WLC?

A. In the Security > Web Authentication menu, download first the root CA certificate, apply, then download theintermediate CA and then the device certificate.

B. Upload the WLC certificate through the Security > Web Authentication menu and the CA certificates bydownloading with datatype Vendor CA Certificate.

C. Zip all the certificates and download them on the WLC as datatype WebAuth Bundle.D. Only through command line with the command "transfer download data type webauth chained cert".E. Concatenate the device and intermediate CA certificates into one file along with the private key generated

for the WLC CSR and upload that file in the Security > Web Authentication menu.



QUESTION 98When configuring NAC in-band to work with a Cisco WLC, which statement is true, from a WLC perspective?

A. NAC always needs to be enabled in the WLAN configuration.B. The Clean Access Server always needs to be configured as a RADIUS accounting server on the Cisco

WLC.C. The Clean Access Manager always needs to be configured in the SNMP trap receiver.D. Only the quarantine VLAN ID needs to be configured as the WLAN interface.



QUESTION 99You are on the U.S. East Coast (EST time zone, UTC-5) and configure NTP on your Cisco WLC. The CiscoWLC web GUI shows the correct time and date, but your APs are off by 5 hours. Which statement is true?

A. This behavior is normal because the APs show UTC time.B. You need to configure the time zone on the APs.C. You need to configure the NTP server on the APs.D. You need to enable time-zone synchronization between the APs and Cisco WLC.E. APs support only an SNTP server, not an NTP server.



QUESTION 100Which three statements about the VideoStream feature (also known as MediaStream) on the Cisco WLC aretrue? (Choose three.)

A. It unicasts the stream only to clients that are subscribed via IGMP.B. It works both ways (from network to client and from client to network).C. It unicasts the stream only to APs on which you enable the feature.D. It sends unicast, so it can usually use higher data rates.E. It unicasts the multicast stream over the air only; it multicasts on wired connections.F. It multicasts, so a large number of subscribed clients on the AP will not consume more bandwidth.



QUESTION 101What is the minimum number of rules that is necessary in a CPU ACL to allow all access from a single VLAN tothe management interface, yet prevent management access from all other VLANs while permitting all othertraffic?

A. fiveB. sixC. sevenD. eight



QUESTION 102A wireless network administrator needs to limit guest user TCP traffic to no more than 50,000 kb/s, to conservebandwidth on the guest WLAN. To do this, the administrator configures the average real-time rate to 50,000 kb/s and the burst real-time rate to 60,000 kb/s. Why does a test of the guest account show no restriction for theclient TCP traffic?

A. The administrator should have configured the average data rate and burst data rate.B. The average real-time rate and burst real-time rate should always be equal.C. The average real-time rate should always be higher than the burst real-time rate.D. The administrator should have configured the average data rate and the average real-time rate.



QUESTION 103Refer to the exhibit.You are a senior wireless network administrator and have just completed the configuration of TACACS+ onyour production Cisco WLC server. You can successfully log into the Cisco WLC by using your domaincredentials. However, junior administrators, who have only local management accounts on the Cisco WLC, arecomplaining that they can no longer log into the Cisco WLC GUI or CLI. What is the cause of this problem?

A. When TACACS+ is configured on the Cisco WLC, local authentication is permanently disabled.B. TACACS+ is the first authentication priority. The ACS is responding, so the Cisco WLC never queries the

local database.C. TACACS+ was configured and the ACS is responding, so all local accounts on the Cisco WLC are disabled.D. The junior administrators must also have domain accounts with the same username but different passwords

than the local Cisco WLC accounts, so the ACS is returning an access-reject. This prevents the Cisco WLCfrom querying the local database.



QUESTION 104After performing a wireless site survey, you determine that to achieve proper HR-DSSS coverage within therooms along a hallway area, the AP radios that service the hallway must be at 12 mW or higher. After

the APs are all installed, you note that RRM is decreasing the power on the AP radios in the hallway to 6 mW.Which two methods can you use to prevent the HRDSSS AP radio power levels from dropping below 12 mW?(Choose two.)

A. Configure the minimum power-level assignment for the 2.4 GHz radio to 11 dBm under the individual TPCsettings on the hallway APs.

B. Configure the minimum power-level assignment for the 5 GHz radio to 11 dBm under the individual TPCsettings on the hallway APs.

C. Configure the minimum power-level assignment to 11 dBm under the global 802.11b/g/n TPC settings.D. Configure the minimum power-level assignment to 11 dBm under the global 802.11a/n TPC settings.E. Statically configure the 5 GHz radios on the hallway APs to power level 4.F. Statically configure the 2.4 GHz radios on the hallway APs to power level 4.

Correct Answer: CFSection: (none)Explanation


QUESTION 105A wireless ISP has hired you to help set up a new Cisco WLC to provide wireless access to subscription-basedcustomers. Each customer that uses the wireless network needs to pay their bill every 30 days. How do youconfigure the WLAN security to help meet this requirement?

A. no Layer 2 security, conditional web redirect Layer 3 securityB. WPA2 802.1X Layer 2 security, splash page web redirect Layer 3 securityC. 802.1X Layer 2 security, splash page web redirect Layer 3 securityD. WPA2 PSK Layer 2 security, conditional web redirect Layer 3 securityE. no Layer 2 security, splash page web redirect Layer 3 securityF. WPA 802.1X Layer 2 security, conditional web redirect Layer 3 security

Correct Answer: FSection: (none)Explanation


QUESTION 106A 7-Mb multicast traffic stream is being sent to wireless clients and it is using up most of the available wirelessspectrum in the 2.4-GHz unlicensed band. As a result, many of the data applications have become sluggishand the video is choppy. What is the best option to send the multicast over the wireless network more efficientlyand leave some bandwidth for the data applications (assuming the network is capable of supporting thisoption)?

A. Raise the DTIM to 10B. Enable WMM QoSC. Turn on multicast-multicast modeD. Turn off the lower data rates



QUESTION 107The helpdesk is reporting that many users are reporting slow wireless connections in one of the office buildings.You look at the CleanAir statistics and do not see any interferers, but you see very high 2.4-GHz channelutilization from the Wi-Fi devices. WCS is reporting the following mix of 802.11 chipsets in the building: 10percent 802.11b, 75 percent 802.11g and 15 percent 802.11a. You do a

survey and see that you have a very dense deployment of APs and a lot of co-channel interference. Which twosteps would help lower your channel utilization in this area? (Choose two.)

A. Raise the power on the 2.4-GHz radios.B. Lower the power on the 2.4-GHz radios.C. Lower the DTIM.D. Raise the DTIM.E. Disable 1-, 2-, 5.5-, 6-, and 9-Mb data rates.F. Enable 1-, 2-, 5.5-, 6-, and 9-Mb data rates.

Correct Answer: BESection: (none)Explanation


QUESTION 108Which two statements about virtual interfaces on a WLC are true? (Choose two.)

A. A virtual interface serves as the redirect address for the web authentication login page.B. A virtual interface must have a DNS host name in order to prevent web authentication clients from getting a

security warning on their web browser.C. A virtual interface acts as the DHCP server placeholder for wireless clients that obtain their IP address from

a DHCP server.D. A virtual interface acts as a RADIUS proxy for wireless clients.



QUESTION 109Which statement describes the operation of an access point in Rogue Location Discovery Protocol mode?

A. The AP uses the existing wireless infrastructure in order to scan for rogue APs. Once discovered, theserogues are added to a local list that includes the rogues' BSSIDs, MAC addresses, and any discoveredsecurity provisions (WPA, WEP, etc.).

B. The AP detects a rogue client, and then the network administrator is able to contain both the rogue AP andthe rogue clients. This can be achieved because 802.11 deauthentication packets are sent to clients thatare associated to rogue APs, so threats such as holes are mitigated.

C. The AP moves to the rogue channel and attempts to connect to the rogue as a client. The AP then tries toobtain an IP address and forwards a UDP packet to the controller through the rogue. If the controllerreceives this packet, the network administrator is notified that a rogue AP has been discovered on the wirednetwork.

D. The AP determines whether or not a rogue access point is on a trusted network. It does not provide RFservice of any kind, but rather receives periodic rogue access point reports from the controller, and sniffs allARP packets. If it finds a match between an ARP request and a MAC address it receives from thecontroller, it generates a rogue access point alert to the controller.



QUESTION 110Refer to the exhibit.You want to use 3500e APs to setup an indoor mesh deployment. After you change the AP mode, the AP willnot rejoin the Cisco WLC. Which debug command was run, according to the exhibit, and why is the AP notrejoining the Cisco WLC?

A. debug capwap packet was run, and 3500e APs do not support indoor mesh.B. debug pm pki was run, and you must disable VLAN transparent for 3500e indoor mesh deployments.C. debug mesh security was run, and the 3500e radio MAC address is not in the local MAC filter list on the

Cisco WLC.D. debug ap join was run, and you must disable VLAN transparent for 3500e indoor mesh deployments.E. debug capwap events enable was run, and the 3500e Ethernet MAC address is not in the local MAC filter

list on the Cisco WLC.



QUESTION 111You calculate that your AP should transmit at 6 dBm to provide appropriate wireless coverage, while still

complying with EIRP, with the antennas that you selected. However, the AP is transmitting at 1 dBm only, eventhough it is on power level 1. How can you increase the transmitting power?

A. Choose appropriate antennas types.B. Decrease the antenna gain that is configured on the Cisco WLC.C. Switch to a custom Tx power level and increase the power level.D. Disable auto-RF.E. Activate 802.11n legacy beamforming on the Cisco WLC.



QUESTION 112What does disabling broadcast SSID in the WLAN configuration do?

A. causes beacons to be unicast instead of broadcastB. prevents beacons from being sent and allows only probesC. allows beacons to be sent but leaves the SSID name field emptyD. forbids all broadcasts for that SSIDE. makes the SSID respond only to blank probes



QUESTION 113You are designing a wireless guest anchoring solution for a large company. Forty-five Cisco WLCs running7.0.116.0 code are deployed in the corporate network. You expect about 3000 devices to use the guest networkat any one time. A junior wireless administrator has suggested using a single 4402-12 WLC running 7.0.116.0as the anchor controller. What is your response?

A. Using a 4402-12 WLC is the best option, based on the design requirements, because it is currently the leastexpensive WLC that supports auto-anchoring.

B. Using a 4402 WLC is not feasible because 4402 WLCs do not support the 7.0 release of code.C. A single 4402 WLC supports only 2500 client database entries and therefore does not meet the design

requirements.D. A single 4402-12 WLC, regardless of code. supports only 40 simultaneous EoIP tunnels and therefore does

not meet the design requirements.



QUESTION 114You are going to create a new WLAN on your production 5508 WLC running 7.0.116.0 code. You do not wantthis WLAN to be in the default AP group on the Cisco WLC until you have thoroughly tested it. How can you

achieve this goal when creating the WLAN on the production controller?

A. Create the new WLAN on the Cisco WLC by using WLAN ID 13.B. A new WLAN will always be in the default AP group until you move the WLAN to a different AP group on the

Cisco WLC.C. Use a Cisco WCS to create the WLAN by using WLAN ID 17.D. Create the new WLAN on the Cisco WLC using WLAN ID 20.



QUESTION 115Refer to the exhibit.Two Cisco WLCs on a Cisco WiSM and in the same mobility group are both running 4.2.209.0 code. All theWLANs on both Cisco WLCs are configured for H-REAP local switching. Based on the configurations that areshown, which WLAN or WLANs will still be correctly mapped to a local VLAN if an H-REAP mode AP movesbetween the two controllers?

A. WLANs 2, 3, 4, and 5

B. All the WLANsC. WLAN 1D. WLANs 2 and 5E. WLANs 1, 2, 4, and 5F. WLAN 5



QUESTION 116Refer to the exhibit.You have just configured multicast on the wired network and the controller. You configured the multicastaddress on the Cisco WLC to be 239.0.1.25, with IGMP snooping disabled. Clients 1 and 3 are associated toAP1, and Client 2 is associated to AP2. All three clients are associated and authenticated to WLAN 1. UsingClient 1, you send an IGMP join request to test the multicast application on the wireless network.Which client or clients will need to process the multicast traffic?

A. none of the clientsB. Client 1C. Clients 1 and 2D. Clients 1, 2, and 3E. Clients 1 and 3



QUESTION 117Where is Ethernet bridged traffic terminated in a mesh network?

A. WLCB. WGBC. MAPD. RAP



QUESTION 118Which two statements about the CleanAir and AP modes are true? (Choose two.)

A. The CleanAir chipset on local mode APs can scan all channels simultaneously.B. The CleanAir chipset on local mode APs scans only the current channel and only when the AP is silent.C. Monitor mode AP interferer reports cannot be merged unless you have a Cisco MSE.D. Monitor mode APs have no advantage over local mode APs for CleanAir.E. Enhanced local mode (wIPS) allows the CleanAir chipset to scan all channels.



QUESTION 119What is the MAPs behavior if you enable mesh ethernet-bridging vlan-transparent on them?

A. The MAPs bridge traffic that came from the Ethernet port, but only if the vlan tag matches the Cisco WLCconfigured VLANs and interfaces.

B. The MAPs bridge traffic according to the VLAN configuration.C. The MAPs bridge toward the backhaul all traffic that arrives on the Ethernet port, without touching the vlan

tag.D. The MAPs bridge toward the backhaul only traffic that arrives as untagged on the Ethernet port.E. The MAPs untag all traffic that arrives on the Ethernet port and bridge all the traffic toward the backhaul.



QUESTION 120Which statement about the beamforming (ClientLink) feature on the Cisco WLC is true?

A. It works only with 802.11n APs and clients.B. It works only with 802.11n APs and 802.11b/g clients.C. It provides a signal gain when the AP transmits towards the client.D. It provides a signal gain in both directions (AP to client and client to AP).



QUESTION 121To improve the overall wireless experience of your users, you do not want any clients to use 802.11b data ratesto associate to your wireless network. You do not want 802.11a/g/n data rates to be affected in any way. Whichtwo configuration tasks on the Cisco WLC will achieve this goal? (Choose two.)

A. Disable the 1, 2, 5.5, and 11 Mb/s data rates.B. Disable all data rates below 12 Mb/s.C. Configure the WLAN radio policies to 802.11a/g only.D. Disable the 802.11b network on the Cisco WLC.E. Disable the 2.4 GHz radio on all the APs.F. Disable the DSSS data rates.



QUESTION 122After a scheduled downtime of your 5508 WLC, you notice that only a handful of the 100 APs are rejoining thecontroller. All the APs are in the same subnet and use default settings. Cisco WLC debugs indicate that theAPs are sending discovery and join requests. Only after shutting down all the switch ports that connect to theAPs and turning five ports back on at a time can you rejoin all the APs. Why were the APs unable to rejoin theCisco WLC, and how can you prevent this from happening in the future?

A. Having all the APs in the same VLAN created a Layer 2 broadcast storm, preventing the APs from receivingdiscovery and join responses from the Cisco WLC. You can prevent this by configuring the APs to sendsyslog messages to a multicast address, using the Cisco WLC CLI only.

B. Having all the APs in the same VLAN created a Layer 2 broadcast storm, preventing the APs from receivingdiscovery and join responses from the Cisco WLC. You can prevent this by configuring the APs to sendsyslog messages to a unicast address, using the Cisco WLC CLI only.

C. Having all the APs in the same VLAN created a Layer 3 broadcast storm, preventing the APs from receivingdiscovery and join responses from the Cisco WLC. You can prevent this by configuring the APs to sendsyslog messages to a unicast address, using the Cisco WLC CLI only.

D. Having all the APs in the same VLAN created a Layer 2 broadcast storm. You cannot prevented this fromhappening again.



QUESTION 123Which statement about H-REAP and FlexConnect APs on a Cisco WLC is false?

A. Cisco CKM roaming is supported within an H-REAP group of APs.B. Cisco CKM roaming is unsupported between local mode APs and H-REAP APs.C. HREAP AP in standalone mode can authenticate new clients for CCKM roaming.D. H-REAP APs can have some locally switched WLANs and some centrally switched WLANs.



QUESTION 124In order to configure the MAP authorization using an external AAA server for the indoor MAP 1260 with theEthernet MAC address 00:1d:a1:fe:e5:44 and base radio MAC address 00:1f:9d:2a:3f:10, which two useraccounts are to be created on the RADIUS server? (Choose two.)

A. 00:1f:9d:2a:3f:10B. 001da1fee544C. c1260-001da1fee544D. ap3g1-001da1fee544E. c1260-001f9d2a3f10F. ap3g1-001f9d2a3f10



QUESTION 125Corporation XYZ is enabling multicast on its WLANs in order to enable company meetings to be streamed toemployee laptops. The company wishes to block specific unwanted multicast traffic from traversing the wirelessnetwork. What is the best way to filter multicast traffic going toward wireless clients?

A. use a WLC ACL on the management interfaceB. use a CPU ACL on the WLCC. use a WLC ACL on the dynamic interface for all WLANsD. use an ACL on the first-hop router



QUESTION 126Refer to the exhibit.The wireless clients at your company are all on the 192.168.1.0/24 network. Given the applied ACL in the

exhibit, which two statements are true? (Choose two.)

A. DNS requests from the wireless clients will be blocked.B. ICMP requests will be allowed to travel to the wireless clients.C. ICMP replies will be allowed to travel from the wireless clients.D. DNS requests from the wireless clients will be allowed.



QUESTION 127Your company is using wireless voice clients that have a unicast push-to-talk-function. DTIM is set to 10. Usersreport that the audio is choppy. Which action should you take to try to resolve this issue?

A. Lower the DTIM to 2.B. Lower the DTIM to 1.C. Disable power saving on the wireless device.D. Enable power saving on the wireless device.E. Raise the DTIM to 15.



QUESTION 128Corporation XYZ is enabling wireless guest access for its guests. You will be using the Cisco WCS LobbyAmbassador feature to provision guest user accounts and want to make sure that the web authentication for

guest access is not susceptible to brute force attacks. What is the best way to accomplish this?

A. Configure web authentication max retries on the WCS.B. Implement a CPU ACL on the terminating WLC.C. Configure web authentication max retries on the WLC.D. Configure client exclusion.



QUESTION 129You wish to configure a Cisco WCS to provide an additional layer of security by outlining which APs your DHCPservers will respond to. Which two pieces or combinations of information can be used to achieve this objective?(Choose two.)

A. AP MAC addressB. AP MAC address and AP host nameC. AP host nameD. AP MAC address and AP SSID



QUESTION 130The IT administrator can confirm the air quality and existing non-Wi-Fi interference on the Cisco WLC butcannot find any non-Wi-Fi interference on the Cisco WCS. What are two possible reasons for this issue?(Choose two.)

A. The administrator did not add Cisco MSE to Cisco WCS.B. The administrator added Cisco MSE to Cisco WCS but forgot to sync Cisco MSE with Cisco WLC and the

floor map.C. The administrator needs to enable the CleanAir function from the Cisco WCS GUI again.D. The administrator needs to restart Cisco WCS after adding Cisco WLC, to enable the CleanAir function.



QUESTION 131Refer to the exhibit.The IT manager is demonstrating the Cisco WCS to the CIO. During the demonstration of the client-troubleshooting feature, the CIO notices that some clients have the Test analysis, Messaging, and Event logoptions, whereas other clients do not. What is causing this difference?

A. Cisco Compatible Extensions v5 clients have more troubleshooting options than other clients.B. When clients associate to the diagnostic channel, the Cisco WCS has more troubleshooting options.C. Associated clients have more troubleshooting options than other clients.D. Authenticated clients have more troubleshooting options than other clients.



QUESTION 132Which statement about the Cisco WCS WLAN configuration template is true?

A. A WLAN template can be used to configure SSID settings on an AP.B. A WLAN template can be used to configure mandatory and supported data rates on a WLC.C. A WLAN template can be used to configure SSID settings on a WLC.D. A WLAN template can be used to configure channel and power level options on an AP.



QUESTION 133Refer to the exhibit.Which method was used to define this rogue AP as malicious?

A. This rogue AP matched a WCS malicious rogue AP classification rule.B. A WCS switch port trace was performed and the MAC address of the rogue AP was found connected to a

Cisco switch port.C. This rogue AP was discovered using RLDP.D. A rogue AP alert was enabled that defines all rogues with open SSIDs as malicious.



QUESTION 134Refer to the exhibit.The IT manager is monitoring the wireless coverage of a floor. The manager sees the floor view that is shown.Which identifying information is displayed for the APs on the map view?

A. Tx power levelB. utilizationC. profilesD. average air qualityE. associated clientsF. coverage hole



QUESTION 135Refer to the exhibit.

Which statement about the Cisco WCS RRM event message is true?

A. Excessive non-802.11 interference caused the channel change.B. Being near another managed AP on the same channel caused the channel change.C. A CleanAir AP detected a persistence interferer and forced an RRM reassignment of channels.D. Event-driven RRM caused the channel change.



QUESTION 136Which three statements about the Cisco WCS auto-provisioning feature are true? (Choose three.)

A. Auto-provisioning allows WCS to automatically configure a new or replace a current wireless LAN controller.B. The service port of the WLAN controller is required to have network connectivity for the auto-provisioning

process to begin.C. DHCP Option 43 (vendor-specific information) has to be configured in the DHCP scope options for the auto-

provisioning process to begin.D. DHCP Option 150 (TFTP server address) has to be configured in the DHCP scope options for the auto-

provisioning process to begin.E. Using the add filter command in WCS will create a controller configuration file.F. WCS auto-provisions the management interface of the WLAN controller by pushing a predefined template.



QUESTION 137Following the instructions in the configuration guide, the IT staff backs up the historical data of the installedCisco MSE. Where does this data gets stored?

A. On the Cisco MSE, in the root path.B. In the FTP directory that is specified during Cisco WCS installation.C. In the directory that is specified during the backup operation.D. In the TFTP directory that is specified during Cisco WCS installation.



QUESTION 138Which two statements about the Cisco WCS alarms and events are true? (Choose two.)

A. An alarm is the listing of an SNMP trap from a WLAN controller.B. An event can be a report about radio interference crossing a threshold.C. An alarm is a Cisco WCS response to one or more related events.D. An event summary of critical, major, and minor events is displayed at the top of the Cisco WCS page.



QUESTION 139Refer to the exhibit.According to the Cisco WCS CleanAir dashboard, which interferer is causing the most interference at the timeof the capture?

A. video cameraB. Bluetooth linkC. DECT-like phoneD. DECT phone



QUESTION 140Refer to the exhibit.Which statement about this Cisco WCS wIPS configuration is true?

A. Only a Cisco WLC and an AP are required to detect these wIPS signatures.B. APs in monitor mode are required to detect these wIPS signatures.C. Cisco WCS, a Cisco WLC, Cisco MSE, and an AP in enhanced local mode are required to detect these

wIPS signatures.D. Cisco WCS, a Cisco WLC, Cisco MSE, and an AP in FlexConnect mode are required to detect these wIPS

signatures.



QUESTION 141Refer to the exhibit.Which menu option in the Cisco Wireless Control Systems (WCS) planning mode will create a report detailingAP placement and signal coverage?

A. HomeB. Add APsC. Delete APsD. Map EditorE. SynchronizeF. Generate ProposalG. Planned AP Association



QUESTION 142Company ABC has a deployment plan that includes multiple controllers. To start the deployment and managethe controllers more efficiently, the IT administrator decides to use controller autoprovisioning on Cisco WCS.Which three controller options are available as matching criteria? (Choose three.)

A. hostnameB. MAC addressC. serial numberD. management IP address

E. device typeF. UDI

Correct Answer: ABCSection: (none)Explanation


QUESTION 143The IT manager acknowledges that some security issues that are shown in a detailed security index reportviolate company policies. However, the security index does not change after synchronizing the configuration ofthe Cisco WLC on Cisco WCS. What are two possible reasons for this issue? (Choose two.)

A. The acknowledged issue is on a controller that does not directly affect the security index score (for instance,it is not the controller with the lowest score).

B. The acknowledged issue is on a WLAN that does not directly affect the security index score. Only the lowestscoring WLAN of the lowest scoring controller affects the security index score.

C. The acknowledged issue is on a controller that does not directly affect the security index score (for instance,it is not the controller with the highest score).

D. The acknowledged issue is on a WLAN that does not directly affect the security index score. Only thehighest scoring WLAN of the highest scoring controller affects the security index score.



QUESTION 144Which statement about Cisco WCS virtual domains (partitioning) is true?

A. The WCS root user is contained to the root virtual domain and cannot view other virtual domains.B. Each virtual domain can be configured to include or exclude selected maps, WLCs, or APs based on the

hierarchical level of each domain.C. Any AP managed by WCS will be visible in all virtual domains.D. Each virtual domain can be configured to include or exclude selected reports, configuration templates, or

WCS background tasks based on the hierarchical level of each domain.



QUESTION 145Refer to the exhibit.The client troubleshooting feature on Cisco WCS is very useful. You can collect the log message that is loggedagainst a specific client on Cisco WCS. What statement about the log function in client troubleshooting is true?

A. The log messages are collected automatically when the administrator starts to troubleshoot the client.The administrator needs to stop the log collection manually.

B. The log messages are collected when the administrator clicks "Start". Log collection stops only after theadministrator clicks "Stop".

C. The log messages are collected automatically as soon as the administrator starts to troubleshoot the client.The log collection stops automatically after a period of 10 minutes.

D. The log messages are collected when the administrator clicks "Start". The log collection stops automaticallyafter 10 minutes.



QUESTION 146Refer to the exhibit.What appears to be the issue with the wireless client device?

A. The client 802.1x configuration is incorrect.B. There is RF interference.C. The client WPA2 parameters are incorrect.D. No response is being received from the DHCP server.E. The client is configured with the wrong WEP key.F. No response is being received from the RADIUS server for 802.1x authentication.



QUESTION 147You are developing a context-aware application with customized middleware. The Cisco MSE is configured tosend northbound notifications to the middleware as well as to the Cisco WCS via SOAP/XML. You created thenotification definitions via the WCS and see notifications coming in on the middleware, but you do not seenotification messages showing up in the WCS.What could be causing this problem?

A. The notification receiver is not correctly configured in the WCS. Make sure the WCS is correctly configuredwith a northbound notification receiver using SNMPv2 and the correct community string.

B. The notification group does not have an MSE assigned and the MSE is not synchronized.C. The WCS does not understand SOAP/XML. To correct this, change the transport protocol to SNMP/plain

text.

D. The WCS does not understand SOAP/XML. To correct this, change the transport protocol to SNMP/XML.E. The WCS does not understand SOAP/XML. To correct this, change the transport protocol to Syslog/plain

text.F. The WCS does not understand SOAP/XML. To correct this, change the transport protocol to Syslog/XML.



QUESTION 148You have been getting reports of voice disruption over wireless communications in your network. Your

SSID is configured to use WPA1 with TKIP and Cisco Centralized Key Management. You see a lot of TKIPreplay messages on the WLC logs.What is the most probable reason for the voice disruptions?

A. TKIP replay causes access point to reboot as a security measure. This causes voice disruptions for theassociated clients until they scan and reconnect to another AP.

B. The TKIP countermeasure timer is putting the AP down for a specified time and causing the voicedisruptions.

C. TKIP replay activates MFP. If MFP detects the replays, it will trigger a disassociation to all wireless clients.D. The use of WPA1 with TKIP is the main reason for the voice disruptions. It is better to use WPA2 with AES

to avoid this problem.



QUESTION 149A user runs the Cisco Unified Wireless IP Phone 7921 with an AP that runs autonomous Cisco IOS Software.How does the 7921 decide whether to associate to an AP to avoid over congestion?

A. The 7921 monitors the QBSS information element, which includes the Min and Max contention windowfields, and uses the information to evaluate contention and channel utilization.

B. The 7921 monitors the QBSS information element, which includes channel load information in the beaconand probe response frames.

C. The 7921 monitors the QBSS information element, which includes EDCF such as queuing on the radioegress port, and uses the information to evaluate AP load and make an association decision.

D. The 7921 monitors the QBSS information element, which includes radio access categories and the Min andMax contention window fields, to evaluate AP load.



QUESTION 150You want to expand the services of your wireless network and add location tracking on top of voice over

wireless. Although the existing wireless network offers excellent voice over wireless services, tracking accuracyis not working well enough. You decide to contract a site survey engineer. What is this engineer most likely torecommend?

A. Disable 2.4 GHz and higher data rates, which interfere with location tracking.B. Add wireless APs that are not from Cisco, to accomplish location tracking.C. Add more APs to the perimeters of the floors.D. Choose between voice over wireless and location tracking; you cannot use both simultaneously.E. Install chokepoints to perform good location accuracy.



QUESTION 151Refer to the exhibit.A Cisco Wireless IP Phone is unable to seamlessly roam on 2.4 GHz. There are interruptions of severalseconds on each roaming. No problems are reported on 5 GHz. A full site survey for voice has been completedon both bands.Which Cisco WLC feature does this issue involve?

A. client load balancingB. Aironet information elementC. coverage-hole detectionD. client band select

Correct Answer: DSection: (none)

Explanation


QUESTION 152When designing a WLAN network using Cisco 1142 APs to support both voice services (Cisco 7921 IPPhones) and data services, what design principles are true? (Choose 2)

A. 802.11n data rates should be enabled to improve overall performance even if the Cisco 7921 IP Phones donot support 802.11n data rates.

B. 802.11n data rates should not be enabled as the Cisco 7921 IP Phones are not 802.11n capable. As such,no performance improvement is expected for the voice clients upon enabling 802.11n data rates.

C. Ensure proper floor coverage to ensure good voice quality (-67 dBm, 20% cell overlap, and 19 dB channelseparation).

D. -67 dBm, 20% cell overlap, and 19 dB channel separation is impossible to achieve. Therefore, a site surveyto ensure required RSSI coverage is top priority to ensure good voice quality.

E. RRM should not be used as it is not designed for wireless voice services and will adjust the channel and Txpower settings to non optimized values for voice services.

F. RRM should be used because it is the only way to ensure that channel and Tx power are configured tosupport voice services.



QUESTION 153When designing a WLAN network to support both voice and context-aware services, which set of designprinciples should you follow?

A. An AP must be placed at the perimeter and in each of the four corners of the floor. All APs must be enabledto ensure proper coverage on the floor to provide -67 dBm, 20 percent celloverlap, and 19 dB channelseparation.

B. An AP must be placed at the perimeter and in each of the four corners of the floor. Some APs may bedisabled to ensure proper coverage on the floor to provide -67 dBm, 20 percent celloverlap, and 19 dBchannel separation.

C. An AP must be placed at the perimeter and in each of the four corners of the floor to ensure propercoverage on the floor to provide -67 dBm, 20 percent cell overlap, and 19 dB channel separation. SomeAPs may be in monitor mode.

D. If a conflict occurs between the AP placement for voice design and for context-aware location design, thenthe voice design should take precedence, to protect against delays and dropping of sensitive voice traffic.

E. In a design that includes both voice and context-aware services, voice design always requires more APs tobe deployed to ensure -67 dBm coverage, 20 percent cell overlap, 19 dB channel separation, and propercapacity planning.

F. In a design that includes both voice and context-aware services, voice design should take precedence toavoid co-channel interference, which can negatively affect voice quality. Voice design also requires -67 dBmcoverage, 20 percent cell overlap, and 19 dB channel separation, which is more difficult to achieve.



QUESTION 154To support efficient bandwidth utilization for broadcasting multicast packets to all WLANs on the AP, which twomechanisms can you configure on the Cisco WLCs? (Choose two.)

A. VideoStream can be used to convert multicast transmissions to broadcast transmissions at the AP, toenable the AP to receive ACKs from the clients and to determine the frames that need to be retransmitted.

B. VideoStream can be used to convert multicast transmissions to unicast transmissions at the AP. The samedata rate will be used, but the unicast stream allows the AP to receive ACKs from the clients and todetermine the frames that need to be retransmitted.

C. RRC in a Cisco WLC will use channel utilization as a metric to determine capacity and perform admissioncontrol, but it does not deny requests that would cause oversubscription.

D. RRC in a Cisco WLC will use channel utilization as a metric to determine capacity and perform admissioncontrol, and it denies requests that would cause oversubscription by sending SAP messages to clients ondrop.

E. VideoStream can be used to convert multicast transmission to unicast transmission at the AP.Because of the unreliable nature of wireless media, no ACKs are expected from the clients; however,unicast transmission will effectively reduce multicast PLR to between 0.1 and 0.5 percent.

F. VideoStream can be used to convert multicast transmission to unicast transmission at the AP, to enable theAP to receive ACKs from the clients and to determine the frames that need to be retransmitted.

Correct Answer: DFSection: (none)Explanation


QUESTION 155A hospital has four Cisco WLCs, a WCS, and an MSE. All devices are correctly synchronized via the WCS. Youhave been called to inspect a location tracking problem. In some areas, tracked elements are being reported onwrong floors. After troubleshooting, you find out that the hospital building does not provide enough interfloorattenuation.What is the best way to solve the problem?

A. Assign a separate WLC to each floor in order to make sure that tags do not get reported on wrong floors.B. Do not use more than 10 APs on each floor. Using more than 10 causes signals to propagate across floors

and pushes tags to wrong floors.C. Vertically align APs across floors for better accuracy.D. Turn on Cisco Compatible Extensions location measurements on the WLC to enhance location accuracy.




cisco braindumps 646-048 exam questions & answers · · 2015-08-12cisco braindumps 646-048...

Documents