Cisco 400-351 CCIE Wireless Written Exam Online Training
Cisco 400-351 Online Training
The questions for 400-351 were last updated at Oct 23,2025.
- Exam Code: 400-351
- Exam Name: CCIE Wireless Written Exam
- Certification Provider: Cisco
- Latest update: Oct 23,2025
Which three statements about the high availability configuration on the Cisco 5760 WLCs are true? (Choose three.)
- A . Cisco WLC with more reboots is elected as active when the default stack priority is in use.
- B . Active Cisco WLCs in a pair can be identified using LED state without issuing any command on the Cisco WLC console.
- C . Cisco 5760 WLC uses a dedicated high availability port for high availability and configuration synchronization.
- D . All configuration including certificates are automatically synced between active and standby Cisco WLC.
- E . Cisco WLC with the highest priority in a stack are elected as the active Cisco WLC during the election process.
- F . EitherChannel bundles all ports on both active and standby Cisco WLC on a logical port.
You are a network administrator at ACME corporation where you have a pair of Cisco 5760 Wireless LAN Controllers deployed for HA AP SSO mode. A failover event occurs and the secondary Cisco 5760 controller moves into the active role.
Which three statements about the failover event are true? (Choose three.)
- A . Rogue Aps and clients are not synced to the standby and are relearned upon switchover.
- B . NetFlow records are already exported upon switchover and collection starts resuming in the new active controller.
- C . Switchover during AP preimage download causes the Aps start image download all over again from the new active controller.
- D . With SSO, wIPS information is already synced with the standby unit and this information need not be relearned upon switchover.
- E . The new active controller does not need to relearn the shun list from IPS and other MCs, which eliminates the need to redistribute it to the MAs.
- F . Upon guest anchor controller switchover, mobility tunnels stay active, Aps remain connected, clients rejoin at MA or MC, and clients are anchored on the new active controller.
Two wireless IP phones are never able to call each other when connected to the same autonomous AP. However, they can place calls to other wireless IP phones that are connected to other APs or to wired IP phones. The wireless phones are operating on VLAN100.
Based on this output, which statement about the problem is true?
ap(config-subif)#do show run interface do 0.100
Building configuration…
Current configuration: 320 bytes
!
interface Dot11Radio1.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 port-protected
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
end
- A . P2P blocking is enabled via the no bridge-group 100 unicast-flooding command.
- B . P2P blocking is enabled via the bridge-group 100 block-unknown-source command.
- C . P2P blocking is enabled via the bridge-group 100 subscriber-loop-control command.
- D . P2P blocking is enabled via the no bridge-group 100 source-learning command.
- E . P2P blocking is enabled via the bridge-group 100 port-protected command.
Refer to the exhibit.
You cannot establish IP communication over interface GigabitEthernet 0/4 with an access point connected to it.
Which reason is the cause of the issue?
- A . Interface GigabitEthernet 0/4 is mirroring traffic and cannot be used at this time.
- B . Line protocol is down on the interface because “output flow-control is unsupported”.
- C . The problem is due to physical connectivity. The Ethernet cable must be revised.
- D . A SPAN session is configured on the Switch destination interface GigabitEthernet 0/4.
You are setting up a Cisco access point in repeater mode with a non-Cisco point as the parent and you use this interface configuration on your Cisco access point.
interface Dot11Radio0
no ip address
no ip route-cache
no ip route-cache
!
ssid my WIFInetwork
!
station-role repeater
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
You are getting the following error message.
Which reason for this issue is true?
%DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate. NO aironet Extension IE
- A . The parent AP MAC address has not been defined.
- B . Repeater made only works between Cisco access points.
- C . When repeater mode is used, unicast-flooding must be enabled to allow Aironet IE communications.
- D . “dot11 extension aironet” is missing under the interface Dot11Radio0 interface.
Your customer has a Cisco Unified Wireless Network running AireOS 8.0 and wants to learn about the FlexConnect mode that is available on his Aps.
Which two statements are true?
- A . When an AP is changed from Local mode to FlexConnect mode, a reboot is not required.
- B . When and AP is changed from Local mode to FlexConnect mode, a reboot is required.
- C . Enhanced FlexConnect mode allows to enable wIPS on FlexConnect APs.
- D . Using CCKM with FlexConnect APs requires the use of FlexConnect Groups.
- E . A newly connected AP can be booted in FlexConnect mode.
- F . FlexConnect was previously known as “H-TEEP”.
Which major block is not included in the ETSI Network Function Virtualization reference framework?
- A . Network Function Virtualization Infrastructure
- B . Network Function Virtualization Management and Orchestration
- C . Network Function Virtualization Policy Manager
- D . Virtualized Network Function / Element Management Systems
You have been hired to install new Cisco switches at ACME Corporation. The company has an existing Cisco network comprised of access layer switches that use multiple VLANs and VLAN trunking protocol to distribute the VLANs to the switches throughout the network.
Which two methods are best to accomplish your task? (Choose two.)
- A . Configure all new switches as VTP clients and relocated switches as VTP servers because they already have all the VLANs in their database.
- B . Prior to installation, ensure that all switches are running the same CISCO IOS software version as the VTP server.
- C . Configure the VLAN Trunking Protocol pruning on the new switches because they may not need all of the VLANs.Dd
- D . Ensure that all switches are running the same VTP version.
- E . Ensure that all switches have the same VLAN Trunking Protocol password and encryption level.
- F . Configure one of the new switches as a VTP server to distribute the VLANs appropriately.
- G . Ensure that all the new Cisco switches have their VTP domain name set to the default value of “null”.
Which two statements about header attacks are true? (Choose two.)
- A . An attacker can use IPv6 Next header attacks to steal user data and launch phishing attacks.
- B . An attacker can leverage an HTTP response header to write malicious cookies.
- C . An attacker can use vulnerabilities in the IPv6 routing header to launch attacks at the application layer.
- D . An attacker can execute a spoofing attack by populating the RH0 routing header subtype with multiple destination addresses.
- E . An Attacker can use HTTP Header attacks to launch a DoS attack.
- F . An attacker can leverage an HTTP response header to inject malicious code into an application.
Which statement about the integration of ISE with Cisco Prime Infrastructure version 2.2 is true?
- A . Cisco Prime Infrastructure can collect client authentication details from upto three configured ISE servers.
- B . Cisco Prime Infrastructure can display ISE profiling attributes for authenticated and unauthenticated clients.
- C . When two instances of ISE are added to Cisco Prime Infrastructure, one must be working in secondary mode.
- D . ISE can be added to Cisco Prime Infrastructure only using user credentials of admin user configured locally on ISE.
Latest 400-351 Dumps Valid Version with 192 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
