[Lead2pass New] Easily Pass 200-355 Exam With Lead2pass New Cisco 200-355 Brain Dumps (321-340)
2017 October Cisco Official New Released 200-355 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Lead2pass provides 100% pass 200-355 exam questions and answers for your Cisco 200-355 exam. We provide Cisco 200-355 exam questions from Lead2pass dumps and answers for the training of 200-355 practice test.
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/200-355.html
QUESTION 321
Which interface is considered a dynamic interface?
A. the virtual interface
B. the AP manager interface
C. the LAG interface
D. the management interface
E. the service port interface
F. a WLAN client data interface
Answer: F
Explanation:
Dynamic interfaces, also known as VLAN interfaces, are created by users and designed to be analogous to VLANs for wireless LAN clients. A controller can support up to 512 dynamic interfaces (VLANs). Each dynamic interface is individually configured and allows separate communication streams to exist on any or all of a controller’s distribution system ports. Each dynamic interface controls VLANs and other communications between controllers and all other network devices, and each acts as a DHCP relay for wireless clients associated to WLANs mapped to the interface.
QUESTION 322
Which three items do you need to establish a wireless connection to an enterprise wireless network? (Choose three.)
A. SSID name
B. RF channel
C. RF signal
D. 802.1X/EAP credentials
E. pre-shared key
F. web page
G. WPA/WPA2 settings
Answer: ACD
Explanation:
Most clients enable you to associate to a detected network (broadcasted SSID) or configure a specific profile. In all cases, you must configure the network name (SSID), the operating mode (ad-hoc or infrastructure), and some security settings (that will be different depending on whether the SSID uses Pre-Shared Key Security or Enterprise [EAP/802.1x] security).
QUESTION 323
You have brought your MacBook Pro running OS 10.6 to work and intend use the enterprise wireless network. This network is using EAP-FAST and 2.4 GHz for data and 5 GHz for VoWLAN.
Which statement about the laptop configuration and wireless connection is true?
A. Install a USBwireless adapter and configure
B. Install AppleEAP-Fast plug-in and configure
C. Install Cisco AnyConnect v2.4 and configure
D. Configure Apple network preferences for EAP-FAST
E. The laptop does not support EAP-FAST and will be unable to connect
F. The laptop only supports 5 GHz and will be unable to connect
Answer: D
Explanation:
MacBook Pro using 10.6 supports 2.4Ghz only, so the EAP-FAST should be used. 5Ghz support was added to MacBook later.
QUESTION 324
Which Cisco AnyConnect module allows troubleshooting for core Cisco AnyConnect problems?
A. telemetry
B. web security
C. VPN
D. NAM
E. DART
F. posture
G. CSSC
Answer: E
Explanation:
AnyConnect offers the DART module that can be used to analyze and troubleshoot connections. The information collected by DART can be examined locally or exported and sent to a network support desk for analysis.
QUESTION 325
Which Cisco AnyConnect module provides wireless connectivity?
A. telemetry
B. web security
C. VPN
D. NAM
E. DART
F. posture
G. CSSC
Answer: D
Explanation:
The Cisco AnyConnect Secure Mobility Client is a multifunctional and modular security client. It was built to enable you to use the same interface across various hardware and software platforms (operating systems) to manage and secure your connections to the network. It contains several modules:
QUESTION 326
Which option is needed to earn the Cisco Compatible credential for Cisco Compatible Extensions Lite?
A. Foundation and Management are required.
B. Location and Management are required.
C. Foundation and Location are required.
D. Foundation and Voice are required.
E. Voice is required.
F. Foundation is required.
G. Location is required.
H. Management is required.
Answer: F
Explanation:
Historically, there have been five versions of the Cisco Compatible Extension (CCX) specification labeled Version 1(V1) to Version 5(V5). Each version built upon its predecessors. For example, CCXv5 added MFP, real-time reporting between client and AP, a diagnostic channel to help troubleshooting clients and optional location services, and improved several CCXv4 features. Each version contains a list of features. In summer 2011, Cisco separated the CCX features into four subfamilies to help vendors integrate only those features that are needed for their specific wireless clients (called application-specific devices, which are devices built for a specific function [for example, barcode scanners or VoWLAN phones] and therefore do not need all the CCX features that a data laptop would need).
QUESTION 327
In a typical wireless network using WPA, WPA2 or VPN, why is it still possible for a rogue client to launch a DOS attack?
A. WPA and WPA2 are not considered strong encryption algorithms and are easily cracked.
B. 802.11 management frames are easily compromised.
C. Cisco Compatible Extensions v5 are required with WPA, WPA2, or VPN to keep rogues from
launching attacks in the wireless network.
D. The message integrity check frames are never encrypted or authenticated, which allows rogues to
spoof clients.
Answer: B
Explanation:
A different receiver is needed for each 802.11a, b, g, and n radios, so using all simultaneously would severely impact the overall battery life of a mobile device.
QUESTION 328
Strong security is required, but a centralized RADIUS authenticator has not been implemented.
Which two steps must you take to provide maximum security when using a pre-shared key? (Choose two.)
A. Change the TKIP on a weekly basis.
B. Use a key that includes mixed-case letters, numbers, and symbols with a length greater than 10
characters.
C. Use only with WPA and WPA2, following proper strong key guidelines.
D. Use the longest possible WEP key in your security policy.
Answer: BC
Explanation:
Another form of basic security now available is WPA or WPA2 Pre-Shared Key (PSK). The PSK verifies users via a password, or identifying code, (also called a passphrase) on both the client station and the access point. A client may only gain access to the network if the client’s password matches the access point’s password. The PSK also provides keying material that TKIP or AES use to generate an encryption key for each packet of transmitted data. While more secure than static WEP, PSK is similar to static WEP in that the PSK is stored on the client station and can be compromised if the client station is lost or stolen. A strong PSK passphrase that uses a mixture of letters, numbers, and non-alphanumeric characters is recommended.
http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1200-access-point/prod_brochure09186a00801f7d0b.html
QUESTION 329
What is the impact of configuring a single SSID to support TKIP and AES encryption simultaneously?
A. The overhead associated with supporting both encryption methods degrades client throughput
significantly.
B. Some wireless client drivers might not handle complex SSID settings and may be unable to associate
to the WLAN.
C. This configuration is unsupported and the Cisco Wireless Control System generates alarms continuously
until the configuration is corrected.
D. This configuration is common for migrating from WPA to WPA2. No problem is associated with using
this configuration.
Answer: B
Explanation:
AES encryption uses hardware so there is almost no overhead when using it. TKIP is based on software. So when we support both TKIP and AES the client throughput will not significantly degrade -> A is not correct.
When choosing both AES and TKIP, the router will support both encryption algorithms. Because not all wireless NICs support AES, some only support TKIP, so this option is probably the best
choice -> B is not correct.
As the picture below, Cisco Wireless Control System does support both simultaneously -> C is not correct.
QUESTION 330
Which key is established using the four-way handshake during the WPA authentication process?
A. Pairwise Master Key
B. Pairwise Multiple Key
C. Pairwise Session Key
D. Pairwise Transient Key
E. Pairwise Transverse Key
Answer: D
Explanation:
The authentication process leaves two considerations: the access point (AP) still needs to authenticate itself to the client station (STA), and keys to encrypt the traffic need to be derived. The earlier EAP exchange or WPA2-PSK configuration has provided the shared secret key PMK (Pairwise Master Key). To derive the PMK from the WPA-PSK, the PSK is put through PBKDF2-SHA1 as the cryptographic hash function. This key is, however, designed to last the entire session and should be exposed as little as possible. Therefore the four-way handshake is used to establish another key called the PTK (Pairwise Transient Key). The PTK is generated by concatenating the following attributes: PMK, AP nonce (ANonce), STA nonce (SNonce), AP MAC address, and STA MAC address. The product is then put through a pseudo random function.
http://en.wikipedia.org/wiki/IEEE_802.11i-2004
QUESTION 331
What are four features of WPA? (Choose four.)
A. a larger initialization vector, increased to 48 bits
B. a message integrity check protocol to prevent forgeries
C. authenticated key management using 802.1X
D. support for a key caching mechanism
E. unicast and broadcast key management
F. requires AES-CCMP
Answer: ABCE
Explanation:
TKIP and the related WPA standard implement three new security features to address security problems encountered in WEP protected networks. First, TKIP implements a key mixing function that combines the secret root key with the initialization vector before passing it to the RC4 initialization. WEP, in comparison, merely concatenated the initialization vector to the root key, and passed this value to the RC4 routine. This permitted the vast majority of the RC4 based WEP related key attacks. Second, WPA implements a sequence counter to protect against replay attacks. Packets received out of order will be rejected by the access point. Finally, TKIP implements a 64-bit Message Integrity Check (MIC).
To be able to run on legacy WEP hardware with minor upgrades, TKIP uses RC4 as its cipher. TKIP also provides a rekeying mechanism. TKIP ensures that every data packet is sent with a unique encryption key.
Key mixing increases the complexity of decoding the keys by giving an attacker substantially less data that has been encrypted using any one key. WPA2 also implements a new message integrity code, MIC. The message integrity check prevents forged packets from being accepted. Under WEP it was possible to alter a packet whose content was known even if it had not been decrypted.
http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol
http://documentation.netgear.com/reference/fra/wireless/WirelessNetworkingBasics-3-14.html
QUESTION 332
When the enterprise-based authentication method is used for WPA2, a bidirectional handshake exchange occurs between the client and the authenticator.
Which five options are results of that exchange being used on a controller-based network? (Choose five.)
A. a bidirectional exchange of a nonce used for key generation
B. binding of a Pairwise Master Key at the client and the controller
C. creation of the Pairwise Transient Key
D. distribution of the Group Transient Key
E. distribution of the Pairwise Master key for caching at the access point
F. proof that each side is alive
Answer: ABCDF
Explanation:
Regardless of whether WPA or WPA2 is used during the initial connection between the station and the AP, the two agree on common security requirements. Following that agreement, a series of important key related activities occur in this specific order:
QUESTION 333
When a guest client is authenticated, which type of connection is created between the controller- based AP and the client?
A. as SSL connection
B. a TLS encrypted tunnel
C. an unsecured connection
D. a 802.1x/EAP tunnel
E. an IPsec tunnel
Answer: C
Explanation:
The wireless network at UNCG allows visitors to establish an unsecured connection. The unsecured network is available as a self-service wireless profile.
http://its.uncg.edu/Network_Services/Wireless/Connect/Guest/
QUESTION 334
Refer to the exhibit. Which GUI item do you click to configure authentication and authorization in Cisco WCS?
A. Security
B. Monitor
C. Configure
D. Services
E. Administration
F. Tools
Answer: E
Explanation:
The Administration menu enables you to schedule tasks like making a backup, checking a device status, auditing your network, synchronizing the location server, and so on. You can also choose Logging to enable various logging modules and specify restart requirements. You can also choose AAA for user administration such as changing passwords, establishing groups, setting application security settings, and so on.
http://www.cisco.com/c/en/us/td/docs/wireless/wcs/5-2/configuration/guide/WCS5_2cg/5_2wst.html#wp1060607
QUESTION 335
When adding a controller to manage through Cisco WCS, which address type is used and which SNMP function does the Cisco WCS perform?
A. The controller is managed through its MAC address and the Cisco WCS acts as a SNMP TRAP
authenticator.
B. The IP address of the controller is used and the Cisco WCS acts as a SNMP TRAP receiver.
C. The controller is managed through its MAC address and the Cisco WCS acts as a SNMP agent.
D. The controller connects through its MAC address to the Cisco WCS and the Cisco WCS uses the
SNMP to manage the controller for all configured SNMP parameters.
Answer: B
QUESTION 336
Which three severity levels are in the Cisco WCS alarm dashboard? (Choose three.)
A. Critical
B. Flash
C. Major
D. Minor
E. Trivial
F. Urgent
Answer: ACD
Explanation:
Alarms are color coded as follows:
Red –Critical Alarm
Orange –Major Alarm
Yellow –Minor Alarm
The Alarm Summary displays the number of current critical, major, and minor alarms.
http://www.cisco.com/c/en/us/td/docs/wireless/wcs/6-0/configuration/guide/WCS60cg/6_0event.html
QUESTION 337
The existing Cisco Unified Wireless Controller is running version 7.0 code for both the controllers and the Cisco WCS. A controller has been configured with an appropriate rogue rule condition to report discovered APs to the Cisco WCS.
Which default alarm level is used to display all rogue APs in the Alarm Summary?
A. Critical
B. Flash
C. Urgent
D. Major
E. Minor
Answer: E
Explanation:
Yellow-Minor alarm is used to display all rogue Aps in alarm summary.
QUESTION 338
Which Cisco WCS tool allows you to view current reports, open specific types of reports, create and save new reports, and manage scheduled runs?
A. Reports menu
B. Reports launch page
C. Scheduled Run results
D. saved reports
Answer: B
Explanation:
The report launch pad provides access to all NCS reports from a single page. From this page, you can view current reports, open specific types of reports, create and save new reports, and manage scheduled runs.
http://www.cisco.com/c/en/us/td/docs/wireless/ncs/1-0/configuration/guide/NCS10cg/reps.html#wp1089982
QUESTION 339
Which path do you take to manage the results of a report that had been run on network utilization?
A. Reports > Report Launch Pad > Device > Utilization
B. Reports > Report Launch Pad > Scheduled Run Results
C. Reports > Saved Reports > Scheduled Run Results
D. Reports > Scheduled Run Results
Answer: D
Explanation:
There are five menus on each window: Monitor, Reports, Configure, Location, Administration , and Help. When you move the mouse over any of the menus, a drop-down menu appears.
QUESTION 340
Which CLI command is used on a Cisco WLC to troubleshoot mobility, rogue detection, and load- balancing events?
A. debug dot11
B. debug capwap all
C. show dot11 details
D. show capwap details
Answer: A
Explanation:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-3/command/reference/cr73/b_cr_7-3_chapter_010.html#wp3619872221
Lead2pass is the leader in 200-355 certification test questions with training materials for Cisco 200-355 exam dumps. Lead2pass Cisco training tools are constantly being revised and updated. We 100% guarantee Cisco 200-355 exam questions with quality and reliability which will help you pass Cisco 200-355 exam.
200-355 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDd3NzLWRUUTRLME0
2017 Cisco 200-355 exam dumps (All 500 Q&As) from Lead2pass:
https://www.lead2pass.com/200-355.html [100% Exam Pass Guaranteed]