Cisco 400-351 CCIE Wireless Written Exam Online Training
Cisco 400-351 Online Training
The questions for 400-351 were last updated at Oct 23,2025.
- Exam Code: 400-351
- Exam Name: CCIE Wireless Written Exam
- Certification Provider: Cisco
- Latest update: Oct 23,2025
Refer to the exhibit.
Your customer is testing native supplicant provisioning using Cisco ISE (192.168.1.2) and a Cisco WLC. The Cisco WLS has an ACL configured on it called onboarding. During the testing of many different client devices (Android, Apple, Windows) it appears that these devices are never redirected to the onboarding portal, though they can access the Internet.
Which statement explains this behavior?
- A . The source and destination port in the ACL lines are not set up correctly.
- B . The ACL has a permit any at the end. Redirection does not take a place unless the client hits a web safe that gets denied.
- C . There is nothing wrong with the ACL. The problem must exist either on the client side or on the configured ISE authorization profile.
- D . The ISE ACLs have a permit statement. Redirection will not take place unless the ISE IP address is denied.
DRAG DROP
Consider the association process of a wireless client to an SSID. Drag and drop the client actions from left into the correct order of operation on the right.
Which two statements are true about adding Identity Services Engines 1.3 to Prime Infrastructure 2.2?
(Choose two.)
- A . If you add two ISEs, one should be primary and the other should be standby.
- B . You need to use superuser credentials on ISE for PI integration to work.
- C . Configuration templates within PI can be used to set up ISE.
- D . A maximum of three ISEs can be added to PI.
DRAG DROP
Drag and drop the AVC configuration features from the left onto their respective function on the right:
Which two advanced WLAN options are required when deploying central web authentication with Cisco ISE? (Choose two.)
- A . NAC State RADIUS NAC.
- B . DHCP Addr. Assighment disabled.
- C . NAC State SNMP NAC.
- D . P2P Blocking Action set to Drop.
- E . Allow AAA Override enabled.
Which option in the Cisco Identity Services Engine check that the user authentication comes from a domain computer?
- A . An identify source sequence can be used to perform this check.
- B . Active Directory Attributes
- C . Machine Access Restriction
- D . Group Policy Objects
- E . It is not possible to validate the computer domain membership through ISE.
Which two IETF RADIUS attributes the Cisco WLC can be used to differentiate authentication requests based on the user location? (Choose two.)
- A . RADIUS attribute [95] NAS-IPv6-Address
- B . RADIUS attribute [32] NAS-Identifier
- C . RADIUS attribute [303] Source-IP
- D . RADIUS attribute [31] Calling-Station-Id
- E . RADIUS attribute [4] NAS-IP-Address
- F . RADIUS attribute [30] Called-Station-id
What are two features that help to mitigate man-in-the-middle attacks? (Choose two.)
- A . DHCP snooping
- B . ARP sniffing on specific ports
- C . ARP spoofing
- D . dynamic ARP inspection
- E . destination MAC ACLs
Which statement about the high availability feature on Cisco Prime Infrastructure version 2.2 is correct?
- A . With Manual Failover configured, e-mail notification is sent when the primary server goes down.
- B . Port number 8088 is used to connect to the web interface of the secondary Cisco Prime Infrastructure server.
- C . Server high availability role, that is, primary or secondary can be configured post installation from Cisco Prime Infrastructure GUI interface.
- D . Cisco Prime Infrastructure supports multiple high availability configurations, that is, one primary and two or more secondary systems.
DRAG DROP
Drag and drop the OpenStack function from the left onto the corresponding OpenStack project on the right.
Latest 400-351 Dumps Valid Version with 192 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
