[PDF&VCE] Official 200-355 Exam Preparation Download From Lead2pass (231-255)
2016 September Cisco Official New Released 200-355 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Lead2pass 200-355 latest updated braindumps including all new added 200-355 exam questions from exam center which guarantees you can 100% success 200-355 exam in your first try!
Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/200-355.html
QUESTION 231
Which wireless topology supports roaming?
A. IBSS
B. BSS
C. ESS
D. bridging
Answer: C
QUESTION 232
You are configuring an IP address on an autonomous access point. Which interface do you use to configure the IP address?
A. BVI1
B. FastEthernet 0
C. Dot11Radio0
D. VLAN 1
Answer: A
Explanation:
Assigning the IP Address to the BVI
When you assign an IP address to the access point by using the CLI, you must assign the address to the bridge-group virtual interface (BVI). Beginning in a privileged EXEC mode, follow these steps to assign an IP address to the access point BVI using the access point console port.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface bvi1
Enters interface configuration mode for the BVI.
Step 3
ip address ip_address net_mask
Assigns an IP address and subnet mask address to the BVI.
http://www.cisco.com/c/en/us/td/docs/wireless/access_point/1140/autonomous/getting_started/gui de/ap1140aut_getstart.html
QUESTION 233
You run minimum PEAP-GTC authentication in your wireless environment. Which version of Cisco Compatible Extensions supports PEAP-GTC?
A. Cisco Compatible Extensions v1
B. Cisco Compatible Extensions v2
C. Cisco Compatible Extensions v3
D. Cisco Compatible Extensions v4
E. Cisco Compatible Extensions v5
Answer: B
Explanation:
* PEAP/GTC is supported on Cisco Compatible Version 2 clients and above.
http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1300-series/prod_qas09186a00802030dc.html
QUESTION 234
Which device divides a signal between two antennas?
A. splitter
B. lightening arrestor
C. attenuator
D. amplifier
Answer: A
Explanation:
A splitter causes insertion loss and divides available power between two antennas.
QUESTION 235
What does RF determine?
A. cycle pattern size
B. how often a wave occurs
C. signal size
D. quantity of energy injected in a signal
Answer: B
Explanation:
RF communication works by creating electromagnetic waves at a source and being able to pick up those electromagnetic waves at a particular destination. These electromagnetic waves travel through the air at near the speed of light. The wavelength of an electromagnetic signal is inversely proportional to the frequency; the higher the frequency, the shorter the wavelength.
http://www.digi.com/technology/rf-articles/rf-basic
QUESTION 236
Which module does the Cisco AnyConnect Secure Mobility client integrate into the AnyConnect client package for access to both wired and wireless networks?
A. Network Access Manager
B. Telemetry
C. Web Security
D. DART
Answer: A
Explanation:
The main components used in IUWNE are the Cisco AnyConnect Mobility Client itself, associated with the Network Access Module (NAM) used to manage existing profiles and provide the wireless connectivity.
QUESTION 237
Access points must discover a wireless LAN controller before they can become an active part of the network. In which order does an access point try to discover a controller?
A. Layer 3 CAPWAP or LWAPP broadcast discovery
DHCP option 43
Locally stored controller IP address discovery
DNS controller name resolution
B. Layer 3 CAPWAP or LWAPP broadcast discovery
Locally stored controller IP address discovery
DNS controller name resolution
DHCP option 43
C. Layer 3 CAPWAP or LWAPP broadcast discovery
Locally stored controller IP address discovery
DHCP option 43
DNS controller name resolution
D. DNS controller name resolution
DHCP option 43
Layer 3 CAPWAP or LWAPP broadcast discovery
Locally stored controller IP address discovery
Answer: C
Explanation:
The different methods by which the access point (AP) discovers the controller are:
https://supportforums.cisco.com/document/8446/how-configure-lightweight-ap-order-join-respective-wlan-controller
QUESTION 238
You are configuring SNMPv1/v2c on a WLC. What should you do for improved security?
A. Remove the default SNMPv1 community.
B. Remove the default SNMPv1 and SNMPv2 communities.
C. Remove the default SNMPv2 community.
D. Remove the default SNMPv3 users.
Answer: B
Explanation:
The controller has commonly known default values of “public” and “private” for the read-only and read-write SNMP community strings. Using these standard values presents a security risk. If you use the default community names, and since these are known, the community names could be used to communicate to the controller using SNMP. Therefore, we strongly advise that you change these values.
Step 1
Choose Management and then Communities under SNMP. The SNMP v1 / v2c Community page appears.
Step 2
If “public” or “private” appears in the Community Name column, hover your cursor over the blue drop-down arrow for the desired community and choose Remove to delete this community.
Step 3
Click New to create a new community. The SNMP v1 / v2c Community > New page appears.
Step 4
In the Community Name text box, enter a unique name containing up to 16 alphanumeric characters. Do not enter “public” or “private.”
Step 5
In the next two text boxes, enter the IPv4/IPv6 address and IP Mask/Prefix Length from which this device accepts SNMP packets with the associated community and the IP mask.
Step 6
Choose Read Only or Read/Write from the Access Mode drop-down list to specify the access level for this community.
Step 7
Choose Enable or Disable from the Status drop-down list to specify the status of this community.
Step 8
Click Apply to commit your changes.
Step 9
Click Save Configuration to save your settings.
Step 10
Repeat this procedure if a “public” or “private” community still appears on the SNMP v1 / v2c Community page.
QUESTION 239
Which spread spectrum technique uses 11-bit chips to transmit 1 bit of data over a 22-MHz channel?
A. DSSS
B. FHSS
C. OFDM
D. MIMO
E. CCK
Answer: A
Explanation:
For every 0 or 1 you want to send, DSSS generates a code representing that 0 or that 1. This code, also called symbol or chip, can be a sequence of up to 11 bits (this is called the Barker 11 code), and these 11 bits are sent in parallel over the 22 MHz channel. You can lose up to nine of these 11 bits due to interferences and still understand whether the code sent was supposed to represent a 0 or a 1.
QUESTION 240
The network administrator has used VLANs to separate VoIP frames from data frames in the wired network. What must the administrator use to separate those frames in the wireless network?
A. multiple SSIDs
B. multiple authentications
C. multiple WEP or WPA keys
D. multiple channels
E. multiple 802.11 radios (a, b, g, n)
Answer: A
Explanation:
Multiple IEEE 802.11 service set identifiers (SSIDs) allow you to create different levels of network access and to access virtual LANs (VLANs).You can configure up to 16 separate SSIDs to support up to 16 VLANs. Each VLAN can have a different wireless security configuration so that the devices that support the latest Cisco security enhancements can exist alongside legacy devices. This additional access point functionality enables a variety of users having different security levels to access different parts of the network.
http://www.cisco.com/en/US/docs/wireless/access_point/350/configuration/guide/ap350ch1_ps458_TSD_Products_Configuration_Guide_Chapter.html
QUESTION 241
Refer to the exhibit. At which point in the network topology must the trunk be configured to support multiple SSIDs for voice and data separation?
A. A
B. B
C. C
D. D
Answer: D
Explanation:
Controllers typically map WLANs to VLANs. When configuring a switch port to a controller, you would set the port to support 802.1Q (switchport trunk encapsulation dot1q), then set the port to trunk (switchport mode trunk) and only allow the VLANs needed by the controller (for example, switchport trunk allowed VLANs 10,20,30 if your controller needs only VLANs 10, 20, and 30).
QUESTION 242
What is the IEEE name for a group of access points that are connected by using the Ethernet?
A. ESS
B. BSS
C. IBSS
D. ISS
Answer: A
Explanation:
The wired section of the network that can be reached through the AP is called, from the perspective of the wireless side, the Distribution System (DS). When the distribution system links two APs, or two cells, via Ethernet, the group is called an Extended Service Set (ESS).
QUESTION 243
Which type of frames are ACK and CF-ACK?
A. control
B. management
C. RTS/CTS
D. association
Answer: A
Explanation:
Wireless LANs come in three frame types:
Frame Types Table
Management
Control
Data
Beacon
Request to Send (RTS)
Simple data
Probe Request
Clear to Send (CTS)
Null function
Probe Response
Acknowledgment
Data+CF-ACK
Association Request
Power-Save-Poll (PS-Poll)
Data+CF-Poll
Association Response
Contention Free End (CF-End)
Data+CF-Ack
Authentication Request
Contention Free End + Acknowledgment (CF-End +ACK)
ACK+CF-Poll
Authentication Response
CF-ACK
Deauthentication
CF-ACK+CF-Poll
Reassociation request
Reassociation response
Announcement traffic indication message (ATIM)
http://www.ciscopress.com/articles/article.asp?p=1271797&seqNum=2
QUESTION 244
The network administrator wants an access point to be able to find rogue APs and to support
location-based services. Which AP mode meets this requirement while having the radios up and preventing client connections?
A. monitor
B. sniffer
C. rogue-detection
D. H-REAP
Answer: A
Explanation:
If you have enough access points, you can even dedicate an AP to making it’s only job picking up other networks, this a mode that the AP can be in and is called “Monitor Mode” to change an AP to monitor mode, navigate to the following on the WLC:
This will place the AP into a dedicated monitor mode, it will not service clients but will sit and scan for you.
QUESTION 245
What are the interface statuses of a lightweight AP working in rogue-detection mode?
A. radios turned off, Ethernet interface up
B. radios and Ethernet interfaces up
C. radios turned on, Ethernet interface shut down
D. radios turned on, Ethernet interface status controlled by Cisco WLC
Answer: A
Explanation:
In this mode, the AP radio is turned off, and the AP listens to wired traffic only. The controller passes the APs configured as rogue detectors as well as lists of suspected rogue clients and AP MAC addresses. The rogue detector listens for ARP packets only, and can be connected to all broadcast domains through a trunk link if desired.
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/70987-rogue-detect.html
QUESTION 246
Which Cisco AnyConnect module allows you to set the parameters that are needed to connect to the wireless network?
A. NAM
B. DART
C. posture
D. telemetry
Answer: A
Explanation:
The main components used in IUWNE are the Cisco AnyConnect Mobility Client itself, associated with the Network Access Module (NAM) used to manage existing profiles and provide the wireless connectivity. You also can click Advanced to open the NAM front end. You can then manage profiles (create, delete, reorder). The network administrator can restrict the types of networks that the end user can manipulate on the NAM.
QUESTION 247
What is the function of the Cisco AnyConnect DART tool?
A. creates a compressed bundle of client logs and information
B. visualizes a WLAN environment, showing the possible locations of problems
C. gathers statistics from neighboring clients for comparison to the baseline
D. helps to troubleshoot a WLAN connection by using easy-to-use wizards and statistic viewers
Answer: A
Explanation:
AnyConnect offers the DART module that can be used to analyze and troubleshoot connections.
The information collected by DART can be examined locally or exported and sent to a network support desk for analysis. The DART tool is able to create a bundle to log information for all the wireless clients.
QUESTION 248
Which Cisco program for WLAN client vendors helps to ensure that their devices are interoperable with Cisco WLAN infrastructure?
A. CCX
B. CCMP
C. ASDM
D. WLSE
Answer: A
Explanation:
IEEE and industry standards define how a Wi-Fi radio interoperates with a wireless LAN infrastructure, and the Wi-Fi CERTIFIEDTM seal ensures interoperability. For many organizations that rely on mobile computers, however, Wi-Fi CERTIFIED is not enough. These organizations need assurance that their mobile computers will interoperate with a Cisco wireless LAN infrastructure and support Cisco wireless LAN innovations for enhanced security, mobility, quality of service, and network management. The Cisco Compatible seal gives organizations the assurance that they seek.
A mobile computer earns the Cisco Compatible seal through a program called Cisco Compatible Extensions, or CCX. Like the Wi-Fi certification program, CCX:
The CCX specification is a superset of that used for Wi-Fi certification. In fact, a device cannot be certified for CCX unless it, or the Wi-Fi radio inside it, is Wi-Fi CERTIFIED.
http://www.digikey.com/Web%20Export/Supplier%20Content/Laird_776/PDF/laird-wireless-value-cisco-compatible-extenstion.pdf?redirected=1
QUESTION 249
Which information on the Monitoring page of a Cisco WLC verifies that the wireless network is operational?
A. In the Access Point Summary section, the All APs number in the Up column is the same as in the
Total column.
B. In the Client Summary section, the Current Clients number is positive.
C. In the Controller Summary section, the 802.11b/g Network State is shown as Enabled.
D. In the Controller Summary section, the CPU Usage number is positive.
Answer: A
Explanation:
The output from the access point summary section of the Cisco WLC can be seen at the reference link below:
http://www.cisco.com/c/en/us/td/docs/wireless/wcs/6-0/configuration/guide/WCS60cg/6_0mon.html
QUESTION 250
What is a risk when initiating the containment of a rogue AP?
A. disassociating clients of valid access points that are operated by a neighboring organization
B. disrupting transmission of neighboring AP clients
C. breaking the radio of the containing AP
D. breaking the rogue client radio or its firmware
Answer: A
Explanation:
Rogue Containment Caveats
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html
QUESTION 251
Refer to the exhibit. What does the yellow shield with the exclamation mark indicate?
A. The network uses open authentication and no encryption.
B. The network uses an unsupported channel.
C. The signal is too distorted to connect.
D. The AP that is transmitting this SSID uses the wrong RF domain.
E. This is the ad-hoc network.
Answer: A
Explanation:
an exclamation mark inside a yellow shield is displayed if the SSID has no security [Open authentication, no encryption]), clicking Connect and completing the security parameters when applicable.
QUESTION 252
Which method is used to shield the client from class 3 management attacks?
A. client MFP
B. WEP
C. WPA
D. client protection suite
E. 802.1X
Answer: A
Explanation:
With MFP, all management frames are cryptographically hashed to create a Message Integrity Check (MIC). The MIC is added to the end of the frame (before the Frame Check Sequence (FCS)).
When MFP is enabled on one or more WLANs configured in the WLC, the WLC sends a unique key to each radio on each registered AP. Management frames are sent by the AP over the MFP-enabled WLANs. These APs are labeled with a frame protection MIC IE. Any attempt to alter the frame invalidates the message, which causes the receiving AP that is configured to detect MFP frames to report the discrepancy to the WLAN controller.
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/82196-mfp.html
QUESTION 253
Which protocol helps the administrator to determine whether a detected rogue AP is in the network of the organization?
A. RLDP
B. RCP
C. RDP
D. RAPP
Answer: A
Explanation:
RLDP is an active approach, which is used when rogue AP has no authentication (Open Authentication) configured. This mode, which is disabled by default, instructs an active AP to move to the rogue channel and connect to the rogue as a client. During this time, the active AP sends deauthentication messages to all connected clients and then shuts down the radio interface. Then, it will associate to the rogue AP as a client.
The AP then tries to obtain an IP address from the rogue AP and forwards a User Datagram Protocol (UDP) packet (port 6352) that contains the local AP and rogue connection information to the controller through the rogue AP. If the controller receives this packet, the alarm is set to notify the network administrator that a rogue AP was discovered on the wired network with the RLDP feature.
https://supportforums.cisco.com/discussion/10941011/rd-rogue-detector-or-rldp-rogue-location-discovery-protocol
QUESTION 254
Which wireless client attempts to authenticate by using 802.1X?
A. supplicant
B. authenticator
C. EAP
D. RADIUS
Answer: A
Explanation:
802.1x is an Institute of Electrical and Electronics Engineers (IEEE) standard that provides an authentication framework for WLANs. 802.1x uses the Extensible Authentication Protocol (EAP) to exchange messages during the authentication process. The authentication protocols that operate inside the 802.1x framework that are suitable for wireless networks include EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), and EAP-Tunneled TLS (EAP-TTLS). These protocols allow the network to authenticate the client while also allowing the client to authenticate the network.
802.1x authentication consists of three components:
http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/802.1x.php
QUESTION 255
Which EAP protocol requires a certificate only on the server side?
A. EAP-PEAP
B. EAP-FAST
C. EAP-TLS
D. EAP-SSL
Answer: A
Explanation:
PEAP is not an encryption protocol; as with other EAP types it only authenticates a client into a network.
PEAP uses only server-side public key certificates to authenticate clients by creating an encrypted SSL/TLS tunnel between the client and the authentication server, which protects the ensuing exchange of authentication information from casual inspection.
http://wiki.freeradius.org/protocol/EAP-PEAP
Lead2pass regular updates of Cisco 200-355 dumps, with accurate answers, keeps the members one step ahead in the real 200-355 exam. The experts with more than 10 years experience in Certification Field work with us.
200-355 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDS2dtNHE0NWQwQzQ
2016 Cisco 200-355 exam dumps (All 410 Q&As) from Lead2pass:
http://www.lead2pass.com/200-355.html [100% Exam Pass Guaranteed]