Download New Updated (Spring 2015) Cisco 350-050 Actual Tests 71-80

Ensurepass

 

QUESTION 71

Refer to the exhibit. The ACS RADIUS Authentication Report shows the output for a failed client authentication. Which action can resolve this issue?

 

clip_image002

 

A.

Re-generate the client certificate, which is expired.

B.

Install the complete ACS certificate CA chain on the client operating system.

C.

Re-generate the local ACS certificate, which was issued by an unknown CA.

D.

Import the complete client certificate CA chain on the ACS.

 

Correct Answer: D

 

 

QUESTION 72

Which two statements about the management access control on Cisco WLC, using an external TACACS+ server, are true? (Choose two.)

 

A.

The Cisco WLC supports TACACS+ command authorization.

B.

The Cisco WLC AAA authorization is role-based, using custom TACACS+ attributes.

C.

The Cisco WLC AAA authorization is role-based, using Cisco VSA attributes.

D.

The Cisco WLC requires the TACACS+ server to return a Privilege-Level attribute.

E.

If a user is not entitled to a specific task, then the user is not allowed to access that task.

F.

If a user is not entitled to a specific task, then the user is allowed to have read-only access to that task.

 

Correct Answer: BF

 

 

QUESTION 73

What is the benefit of using a CA-signed certificate over a self-signed certificate?

 

A.

You can generate a certificate with a longer validity period.

B.

Fewer steps need to be generated.

C.

More authentication types are supported.

D.

You can avoid impersonation attacks.

E.

You can use bigger keys.

 

Correct Answer: D

 

 

 

 

 

 

 

QUESTION 74

Refer to the exhibit. Which DHCP option is shown?

 

clip_image003

 

A.

32

B.

43

C.

60

D.

150

E.

241

 

Correct Answer: C

 

 

QUESTION 75

Refer to the exhibit. Which Cisco WLC IP addresses will be returned to a Cisco AP that requests an IP address from this DHCP pool?

 

clip_image004

 

A.

192.168.129.12 and 192.168.129.20

B.

192.168.129.11 and 192.168.129.19

C.

192.168.129.12 and 192.168.129.17

D.

192.168.129.11 and 192.168.129.18

E.

none of the above

 

Correct Answer: B

 

 

 

 

QUESTION 76

Which three EAP types are supported when using an LDAP backend database that does not return a cleartext password? (Choose three.)

 

A.

EAP-FAST-GTC

B.

EAP-TLS

C.

PEAPv0-MS-CHAPv2

D.

PEAPv1-GTC

E.

EAP-FAST-MS-CHAPv2

F.

LEAP

 

Correct Answer: ABD

 

 

QUESTION 77

Refer to the exhibit. What can be filtered by using this DNIS filter on ACS?

 

clip_image006

 

A.

wireless clients, based on the SSID to which they are associating

B.

wireless IP phones, based on the phone number that they are calling

C.

authentications from AAA clients, based on their assigned location

D.

authentications from a specific Cisco WLC interface

E.

authentications, based on part of the username

 

Correct Answer: A

 

 

QUESTION 78

Which statement about using the internal DHCP server feature on a Cisco WLC is true?

 

A.

DHCP option 43 must be configured on the internal DHCP server.

B.

The DHCP server IP address must be set to the Cisco WLC management interface IP address.

C.

The internal DHCP server can serve both wireless and wired clients.

D.

Autonomous APs are supported.

 

Correct Answer: B

 

QUESTION 79

When using DNS discovery, you must configure DNS to respond to which of the following?

 

A.

CISCO-WAP-CONTROLLER.localdomain

B.

CISCO-CONTROLLER.localdomain

C.

CISCO-CAPWAP-CONTROLLER.localdomain or CISCO-LWAPP-CONTROLLER.localdomain

D.

CISCO-CONTROLLER-LWAPP.localdomain or CISCO-CONTROLLER-CAPWAP.localdomain

 

Correct Answer: C

 

 

QUESTION 80

Which two methods can be used in Cisco Secure ACS 5.2 to assign client authentication requests to different access services or authorization policies, based on the SSID to which the client is associated? (Choose two.)

 

A.

DNIS-based end station filter

B.

CLI-based end station filter

C.

condition based on the RADIUS-IETF.Filter-ID(11) attribute

D.

condition based on the RADIUS-IETF:Called-Station-ID(30) attribute

E.

condition based on the RADIUS-IETF:Calling-Station-ID(31) attribute

 

Correct Answer: AD

 

Free VCE & PDF File for Cisco 350-050 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …