Exam: 642-586 Title: Cisco Advanced Wireless LAN For System Ver: 05-27-2009

Exam : 642-586
Title : Cisco Advanced Wireless LAN for System

Engineers
Ver : 05-27-2009
642-586
QUESTION 1:
Certkiller .com is adding a new branch office with 60 access points and 120 users that
requires WDS to support a wireless VoIP application on a single subnet. Additionally,
the customer requires local authentication services to provide authentication capability in
the event of a WAN failure. Which product will support the customer requirements?
A. Cisco 2811 Integrated Services Router

B. Cisco 3745 Multiservice Access Router
C. Cisco 3845 Integrated Services Router
D. Cisco 2851 Integrated Services Router
Answer: C
QUESTION 2:
The Cisco wireless LAN controller supports multiple secure authentication types. Which
authentication type provides Layer 3 security?
A. WPA2
B. Cranite
C. AirFortress
D. IPSec
Answer: D
QUESTION 3:
The Cisco WCS logs which two security events? (Choose two.)
A. TKIP and MIC Failures

B. Securitymisconfigurations on the controller
C. Wireless Protocol analyzer Detection
D. Rogue access points
E. Rogue Clients
Answer: D,E
QUESTION 4:
Which EAP authentication is used by the Cisco Wireless LAN controller for local
authentication?
A. EAP-MD5
B. No EAP authentication is used.
Actualtests.com - The Power of Knowing

642-586
C. EAP-TLS
D. PEAP-MSCHAP
E. PEAP-GTC
Answer: B
QUESTION 5:
Which method is used to determine the best path across a wireless mesh network?
A. AWP
B. hop count
C. STP
D. EIGRP
Answer: A
QUESTION 6:
OFDM provides which improvement over DSSS in the 2.4-GHz range?
A. greater resistance to multipath interference

B. more bandwidth per channel
C. more nonoverlapping channels
D. full duplex communication
Answer: A
QUESTION 7:
DRAG DROP
You work as a network technician at Certkiller .com. Your boss, Mrs. Certkiller, is
curious about the Cisco Compatible Extensions program. You tell her that it is divided
into three phases.
Match the phases with the appropriate definitions.
Use each phase once and only once.

642-586
Answer:
QUESTION 8:
Which two activities are included in a Wireless Security Posture Assessment? (Choose
two.)
A. scan all host systems and log all open ports

B. check access point configurations and compare them against recommended security
practices
C. ensure that the client is using a strong password policy
D. check all systems to ensure that the patches are being applied in a timely manner
E. find WLAN traffic that is leaking from the customer building
Answer: B,E
QUESTION 9:
Which three authentication methods are supported on the WLSE Express local

642-586
authentication server? (Choose three.)
A. EAP-TTLS
B. EAP-Cisco Wireless (LEAP)
C. EAP-SIM
D. EAP-FAST
E. EAP-MD5
F. EAP-PEAP
Answer: B,D,F
QUESTION 10:
DRAG DROP
curious about the advanced feature set products. You are required to detect and move the
correct three.
Answer:

642-586
Explanation:
The "CiscoWorks Wireless LAN Solution Engine" is the management of the Core
Feature set products.
This is the description for the class -"Cisco Wireless LAN Advanced Topics
(CWLAT)v1.0":
This course is designed to give students a firm understanding of the components, features
and proper deployment of the Cisco Unified Wireless Network. The course focuses on
advanced WLAN design, integrating Cisco wireless components into a wired
infrastructure. Deployment topics include managing the WLAN by using the Cisco
Wireless Control System (WCS) to manage the advanced feature set and using the
CiscoWorks Wireless LAN Solutions Engine (WLSE) to manage the core feature set.
QUESTION 11:
Certkiller .com wants to use the 4.9-GHz band to provide connectivity for public service
vehicles. The customer also wishes to have 802.11 wireless connectivity from PDAs to
the vehicles. Which configuration option would provide the desired support?
A. 4.9-GHz interface in bridge mode, 802.11 interface in bridge mode

B. 4.9-GHz interface in bridge mode, 802.11 interface in access point mode
C. 4.9-GHz interface in access point mode, 802.11 interface in access point mode
D. 4.9-GHz interface in access point mode, 802.11 interface in bridge mode
Answer: B
QUESTION 12:
Which three faults are generated by radio management? (Choose three.)
A. interference detection
B. AAA server availability
C. ad-hoc networks
D. security misconfiguration
E. friendly access point
F. rogue access point
Answer: A,C,F
QUESTION 13:
Certkiller .com in the United States requires connectivity between two campus locations
that are located 6 miles (9.65 km) apart. The customer also needs a minimum data rate of
54 Mbps in an area that is known to have 2.4-GHz interference. Choose two appropriate
devices that will provide a bridge link and avoid the interference. (Choose two.)

642-586
A. Cisco Aironet 1400 Series wireless bridge

B. Cisco Aironet 1210 Series access point
C. Cisco Aironet 1100 Series access point
D. Cisco Aironet 1242AG Access Point
E. Cisco Aironet 1300 Series outdoor access point/bridge
Answer: A,D
QUESTION 14:
A wireless using core feature set products uses which protocol for radio management?
A. LWAPP
B. CCKM
C. WLCCP
D. SNMP
Answer: C
QUESTION 15:
Which two statements correctly describe the Cisco Catalyst Wireless Services Module
(WiSM)? (Choose two.)
A. It requires a supervisor 32 or 720.

B. It has a maximum of 24 modules per mobility group.
C. It has a maximum of 18 modules per mobility group.
D. It requires a supervisor 720 only.
E. It requires a supervisor 32 only.
F. It has a maximum of 12 modules per mobility group.
Answer: D,F
QUESTION 16:
How is the bridge group name used in a wireless mesh deployment?
A. It is used to retrieve the secret shared key.

B. It is used as a password in communication preceding LWAPP.
C. It is used to join the outdoor mesh network with the controller mobility group.
D. It logically groups access points to avoid interference from neighboring networks.
Answer: D
QUESTION 17:

642-586
Which device, which uses advanced feature set products, encrypts and decrypts client
data?
A. switch
B. access point
C. Cisco WCS
D. controller
Answer: B
QUESTION 18:
The Cisco 2700 Series wireless location appliance can store up to how many days of
historical information?
A. 15
B. 30
C. 60
D. 90
Answer: B
QUESTION 19:
How many WLAN controllers can Cisco WCS, with a base default license, support?
A. 75
B. 125
C. 50
D. 100
Answer: C
QUESTION 20:
Certkiller .com brings you a previously completed site survey for the initial wireless
implementation from 12 months ago. The customer currently has six access points
deployed in the warehouse. The survey shows that the installed coverage provides for a
15-percent overlap between cells at 5.5 Mbps, and a 5-percent overlap at 11 Mbps. This
solution has proven to provide adequate coverage and roaming capabilities for the data
applications. However, the customer has recently moved to a VoIP telephony solution
and has attempted to add seven Cisco 7920 wireless IP phones with limited success. Why
has the customer only had limited success with the current deployment to meet the data
needs?
A. inadequate throughput

642-586
B. inadequate overlap
C. inadequate data rate
D. too many Cisco 7920 wireless IP phones per access point
Answer: B
Explanation:
Voice coverage requires an overlap of 15 to 20 percent
QUESTION 21:
Which authentication mechanism was introduced in Cisco Compatible Extensions

program version 2?
A. CKIP and CMIC

B. PEAP-GTC
C. AES
D. EAP-Cisco Wireless (LEAP)
Answer: B
QUESTION 22:
How many prior configuration versions can be archived on the WLSE?
A. four
B. six
C. eight
D. two
Answer: A
QUESTION 23:
Which WEP key protection method was introduced in Cisco Compatible Extensions
program version 1?
A. AES
B. CKIP and CMIC
C. radio management
Answer: B
QUESTION 24:

642-586
Which property of the advanced feature set products protects against the loss of network
information, such as passwords and IP addressing schemes, in case of access point theft?
A. The access point and the controller use X.509 certificates to verify identity.
B. The controller does not retain its configuration when it is removed from the network.
C. All management traffic is encrypted between the access point and the controller.
D. The access point does not retain its configuration when it is removed from the
network.
Answer: D
QUESTION 25:
Certkiller .com has a small remote site with 10 access points. In which scenario would a
WLSE Express be appropriate to implement?
A. EAP-Cisco Wireless (LEAP) security is required and no external AAA server is

available.
B. EAP-FAST security is required and an AAA server is available.
C. EAP-Cisco Wireless (LEAP) security is required and an external AAA server is
available.
D. EAP-FAST security is required and no external AAA server is available.
Answer: D
QUESTION 26:
Which three authentication methods are supported by Cisco Secure ACS? (Choose three.)
A. EAP-SIM
C. EAP-FAST
D. EAP-MD5
E. EAP-PEAP
F. EAP-TTLS
Answer: B,C,E
QUESTION 27:
Which proposed IEEE 802.11 standard will increase the data rate beyond 54 Mbps?
A. 802.11j
B. 802.11n
C. 802.11s
D. 802.11c

642-586
Answer: B
QUESTION 28:
When using Cisco advanced feature set products, integrated guest access supports how
many users?
A. 2000
B. 1500
C. 2500
D. 1000
Answer: C
QUESTION 29:
Certkiller .com is initially deploying 37 lightweight access points per site with local
WLAN controllers at each site. If the customer plans to expand to a maximum of 45
access points, which WLAN controller is most appropriate?
A. Cisco 4136 Wireless LAN Controller

B. Cisco 4402 Wireless LAN Controller
C. Cisco 2006 Wireless LAN Controller
D. Cisco 4404 Wireless LAN Controller
Answer: B
QUESTION 30:
In a mesh network, what is the recommended hop count limit of a pole-top access point
from its associated roof-top root access point?
A. 4
B. 2
C. 10
D. 8
Answer: A
QUESTION 31:
What is a component of the Cisco trust and identity management system?
A. CiscoWorks WLSE
B. Cisco WLAN controller

642-586
C. Cisco WCS
D. Cisco Secure ACS
Answer: D
QUESTION 32:
Which two statements correctly describe the Cisco Catalyst Wireless Services Module
(WiSM)? (Choose two.)
A. It has a maximum of five modules per chassis.

B. It supports up to 100 access points per module.
C. It has a maximum of four modules per chassis.
D. It has a maximum of six modules per chassis.
E. It supports up to 200 access points per module.
F. It supports up to 300 access points per module.
Answer: A,F
QUESTION 33:
The Worthington, Lane, Andrews and Newton manufacturing company has three
facilities that are located in the city of Columbia, South Carolina, with the corporate
office located in downtown Columbia. The R&D facility is located on the north side of
the city 4 miles (6.4 km) from the corporate office, and is leasing office space in a
five-story building. The manufacturing facility is located 6 miles (9.6 km) to the
northwest of the corporate office and 2 miles (3.2 km) west of the R&D facility. Users at
the manufacturing plant require network connectivity for file sharing and e-mailing,
while the users at the R&D facility require high-speed Internet access with the ability to
send large CAD drawings to the corporate office and large machine control files to the
manufacturing facility. Presently, the manufacturing facility is connected to the corporate
office by a 64-Kbps leased-line, and the R&D facility is connected to both the corporate
office and the manufacturing facility by a dedicated T1 line. The company plans to add a
second line of development at the R&D facility within the next 60 days. However, the
current T1 lines are at a constant 70-percent utilization rate. Currently, a T1 line costs
US$750 per month for each line. The current projected lead time for installation of
additional lines is 90 days, if the current cable plant will support it. A wireless bridging
solution would provide which three benefits to the customer? (Choose three.)
A. rapid deployment
B. increased bandwidth
C. lower total cost of ownership
D. immunity to weather
E. elimination of monthly charges
F. guaranteed bandwidth

642-586
Answer: A,B,C
QUESTION 34:
The Cisco 4404 Wireless LAN Controller will support a maximum of how many REAPs?
A. 100
B. 150
C. 200
D. 50
Answer: A
QUESTION 35:
In a non-WDS environment, the local authentication services on an autonomous access

point can be used to authenticate which three devices? (Choose three.)
A. root access point

B. workgroup bridge
C. clients that are using the native Microsoft wireless supplicant
D. nonroot bridge
E. root bridge
F. repeater access point
Answer: B,D,F
QUESTION 36:
Which advanced feature set device is provided with a Kensington lock slot?
A. switch
B. access point
C. Cisco WCS
D. controller
Answer: B
QUESTION 37:
Which two threats are detected by the Cisco WCS? (Choose two.)
A. rogue access points

B. spam
C. out-of-date antivirus definitions

642-586
D. denial of service attacks

E. malware
Answer: A,D
QUESTION 38:
The Cisco 3200 Series mobile access router has integrated wireless support for which
two frequency ranges? (Choose two.)
A. 5.725 to 5.825 GHz

B. 5.150 to 5.250 GHz
C. 900 to 928 MHz
D. 2.400 to 2.4835 GHz
E. 4.940 to 4.990 GHz
Answer: D,E
QUESTION 39:
How many access points can be placed on a floor map in Cisco WCS?
A. 200
B. 50
C. 150
D. 100
Answer: D
QUESTION 40:
Which feature was introduced in Cisco Compatible Extensions program version 1?
A. EAP-FAST
B. radio management
C. EAP-Cisco Wireless (LEAP)
D. WMM
Answer: C
QUESTION 41:
When using advanced feature set products and web authentication, integrated guest
access allows secure guest authentication via which protocol?
A. PEAP-GTC

642-586
B. HTTPS
C. Cisco Wireless
D. IPSec
Answer: B
QUESTION 42:
Which threat is detected by the WLSE?
A. rogue access points

B. malware
C. phishing attacks
D. out-of-date antivirus definitions
Answer: A
QUESTION 43:
Centralized authentication with Cisco Secure ACS provides which security benefit to the
WLAN?
A. MD5
B. PAP
C. PEAP-GTC
D. CHAP
Answer: C
QUESTION 44:
Which two threats are detected by means of the Cisco Network Admission Control?
(Choose two.)
A. spam
B. malware
C. denial of service attacks
D. rogue access points
E. out-of-date antivirus definitions
Answer: B,E
QUESTION 45:
Typical mesh access-point placements in a suburban environment should be separated by

how many feet?

642-586
A. 300 to 350 feet

B. 800 to 1000 feet
C. the average reachable distance that a backhaul link is capable of establishing
D. 100 to 150 feet
Answer: A
QUESTION 46:
Which statement describes how RSSI information is processed in a WLAN with a

location manager using advanced feature set products?
A. Access points aggregate RSSI information.

B. The location appliance computes the RSSI information.
C. WLAN controllers compute RSSI information.
D. The WCS collects the RSSI information from the 802.11 devices.
Answer: B
Explanation:
The answer should be "The location appliance computes the RSSI information.".
The APs collect notaggregate - the controllers aggregate. I am using the same link that it
stated. Look at the next line:
http://www.cisco.com/en/US/products/ps6386/products_qanda_item09186a008078ece3.shtml#newfaq
A. The Cisco Wireless Location Appliance uses the same Cisco lightweight access points
that deliver traffic as location "readers" for 802.11 wireless clients and Wi-Fi tags. These
access points collect received-signal-strength-indication (RSSI) information from all
Wi-Fi devices, which include Wi-Fi enabled laptops, voice handsets, Wi-Fi tags, rogue
(unauthorized) devices, and rogue access points. The collected RSSI information is then
sent through the Lightweight Access Point Protocol (LWAPP) to the Cisco wireless LAN
controllers or certain wireless integrated switches or routers. The Cisco wireless LAN
controllers then aggregate the RSSI information and send it to the Cisco Wireless
Location Appliance through Simple Network Management Protocol (SNMP).
The Cisco Wireless Location Appliance performs location computations based on the
RSSI information received from the Cisco wireless LAN controllers. The Cisco wireless
LAN controllers that gather the RSSI information must be associated with the Cisco
Wireless Location Appliance.
QUESTION 47:
DRAG DROP
You work as a network technician at Certkiller .com. Your Certkiller trainee asks you to
place the advance feature set product icon in the appropriate location on the following
diagram for a Layer 2 transport mode.
Each item can be used several times.

642-586
There is one controller and one AP per subnet.

Choices:
1. Access Point (AP)
2. Cisco Secure ACS
Answer:
QUESTION 48:
DRAG DROP
curious about the wireless core feature set products. You need to select the three correct
products. Select three.

642-586
Answer:
QUESTION 49:
A wireless security assessment has been performed for a network that is composed of
Windows 2000 and Windows XP wireless clients. The client wishes to use 802.1x
authentication using certificate services. Which EAP types are appropriate?
A. PEAP-GTC and EAP-FAST

B. EAP-Cisco Wireless (LEAP) and EAP-FAST
C. EAP-Cisco Wireless (LEAP) and PEAP-GTC
D. PEAP-MSCHAP and EAP-Cisco Wireless (LEAP)
Answer: B
QUESTION 50:
Which security protocols are supported by a REAP in standalone mode?
A. WPA-PSK, PEAP MSCHAP, and WEP

B. TLS, WEP, and WPA TKIP
C. WEP, WPA-PSK, and WPA2-PSK
D. WPA AES, WPA-PSK, and WPA2-PSK
Answer: C
QUESTION 51:
Which security feature was introduced in Cisco Compatible Extensions program version
3?
A. CKIP and CMIC

B. AES
C. radio management

642-586
Answer: B
QUESTION 52:
When a wireless controller loses connectivity to a remote Cisco Aironet 1030

Lightweight Access Point, what will be the next step for that remote access point?
A. continue to provide local connectivity

B. lose its configuration
C. support no more than 10 wireless clients
D. disconnect all associated clients
Answer: A
QUESTION 53:
The local authentication service on an autonomous access point supports which two
authentication types? (Choose two.)
A. EAP-TLS
B. EAP-FAST
C. PEAP-MSCHAP
D. PEAP-GTC
E. EAP-Cisco Wireless (LEAP)
Answer: B,E
QUESTION 54:
What is used to encrypt data traffic between the access point and the controller?
A. Data traffic is not encrypted.

B. Data traffic is encrypted with AES CBMAC.
C. Data traffic is encrypted with AES CCMP.
D. Data traffic is encrypted with MD5 hashing.
Answer: A
QUESTION 55:
The WLSE can update firmware on which two devices? (Choose two.)
A. bridge
B. access point
C. switch

642-586
D. router
E. client
Answer: A,B
QUESTION 56:
Which two key features are unique to the wireless advanced feature set using lightweight
access points? (Choose two.)
A. access point participation in RF management

B. fast secure roaming
C. dynamic RF control without advanced management
D. rogue access point detection
E. access point registration via digital certificate
Answer: C,E
QUESTION 57:
Which feature was introduced in Cisco Compatible Extensions program version 2?
A. EAP-FAST
C. WMM
D. radio management
Answer: D
QUESTION 58:
Which property of the advanced feature set products prevents rogue access points from
attaching to the network?
A. The access point does not retain its configuration when it is removed from the
network.
B. All management traffic is encrypted between the access point and the controller.
C. The access point and the controller use X.509 certificates to verify identity.
D. The controller does not retain its configuration when it is removed from the network.
Answer: C
QUESTION 59:
When using the Cisco Wireless IP Phone 7920, a separate voice VLAN is recommended.
Which two security statements indicate why? (Choose two.)

642-586
A. The Cisco Wireless IP Phone 7920 uses Cisco Wireless (LEAP).

B. The Cisco Wireless IP Phone 7920 uses 802.11b.
C. Quality of service can be applied to the voice VLAN.
D. The voice VLAN can provide Layer 3 fast secure roaming.
E. Appropriate ACLs can be applied to the voice VLAN.
Answer: A,E
QUESTION 60:
Which two AAA servers are supported by the Cisco wireless LAN controller? (Choose
two.)
A. Meetinghouse
B. Interlink
C. Microsoft Internet Authentication Service
D. Cisco Secure ACS
E. Aradial Technologies
Answer: C,D
QUESTION 61:
Which three are key components of a site survey? (Choose three.)
A. documentation
B. client configuration
C. pre-survey assessment
D. coverage verification
E. facility walkthrough
F. access point staging
Answer: A,C,E
QUESTION 62:
Which component of the Cisco Integrated Security Solution is responsible for preventing
Day Zero security risks, such as Internet worms?
A. Cisco Security Agent

B. Cisco Secure ACS
C. Cisco Catalyst 6500 Series wireless LAN services module
D. CiscoWorks Wireless LAN Solution Engine
Answer: A

642-586
QUESTION 63:
Certkiller .com brings you a previously completed site survey for the initial wireless
implementation from 12 months ago. The customer currently has six access points
deployed in the facility. The survey shows that installed coverage provides for a
15-percent overlap between cells at a data rate of 5.5 Mbps, and a 5-percent overlap at a
data rate of 11 Mbps. In this scenario, the site survey shows that this installation would
be adequate to support what?
A. data collection
B. 802.11a clients
C. videoconferencing
D. wireless VoIP
Answer: A
QUESTION 64:
When designing a wireless VoIP network and using the G.711 codec, what is the
maximum number of concurrent calls for a single 802.11b cell?
A. 9
B. 7
C. 5
D. 11
Answer: B
QUESTION 65:
The WLSE Express local authentication server supports a maximum how many clients?
A. 2500
B. 1000
C. 300
D. 100
Answer: B
QUESTION 66:
Implementing Wireless Domain Services on an autonomous access point provides which

two benefits? (Choose two.)
A. quality of service

642-586
B. fast secure roaming

C. local authentication services
D. radio management
E. VLAN support
Answer: B,D
QUESTION 67:
Which product manages the Cisco 2700 Series wireless location appliance?
A. wireless LAN controller

B. integrated services router
C. Wireless Control System
D. CiscoWorks for Mobile Wireless
Answer: C
QUESTION 68:
The WLAN IDS that is provided by Cisco protects the network if a client has not
received the proper antivirus updates. Which action is taken by the WLAN IDS until the
client has received the updates?
A. remotely disable the client network card

B. quarantine the client
C. issue a remote shutdown command to the client
D. disassociate the client
Answer: B
QUESTION 69:
When designing a wireless VoIP network, what is the recommended lowest data rate?
A. 1 Mbp
B. 11 Mbps
C. 5.5 Mbps
D. 2 Mbps
Answer: B
QUESTION 70:
An integrated services router that is configured as a backup RADIUS server for wireless
clients can support a maximum of how many user accounts?

642-586
A. 400 to 500
B. 900 to 1000
C. 1 to 50
D. none
Answer: B
QUESTION 71:
In order for a controller-based access point to be allowed to participate in aggressive load

balancing, it must have heard the client within how many seconds?
A. 1
B. 5
C. 10
D. 15
Answer: B
QUESTION 72:
You are troubleshooting a problem with a Cisco 7920 wireless IP phone on a standalone
WLAN. The phone rings but, when you answer, the call is dropped. What may cause this
problem?
A. The minimum data rate is not set to 11 Mbps.

B. An address resolution protocol is enabled.
C. Publicly Secure Packet forwarding is enabled.
D. The access point is set to the least congested channel.
Answer: C
QUESTION 73:
A Cisco Wireless Location Appliance has been added to track RFID tags placed on
laptops being used in a school. Classrooms at the school have concrete block walls.
During testing, you discover that the accuracy of the system needs to be improved. You
decide to edit the map in the Cisco WCS to add the interior walls. How many interior
walls can you add to improve the accuracy of the location appliance?
A. 50
B. 100
C. 150
D. 200

642-586
Answer: A
QUESTION 74:
The IOS of a North American Cisco Aironet 1130AG Series standalone access point has
become corrupt. You must therefore reload the TFTP firmware. Before you press and
hold the MODE button, you should verify that the file name is which of the following?
A. c1130-k9w7-tar.boot
B. c1130-k9w7-tar.default
C. c1130-k9w7-tar.recover
D. c1130-k9w7-tar.123-7.JA1.tar
Answer: B
QUESTION 75:
How many WLANs can a Cisco Aironet 1242 in H-REAP mode support when actively
connected to a wireless controller?
A. 4
B. 8
C. 16
D. 32
Answer: B
QUESTION 76:
Cisco WCS version 4.0 is supported on which operating system?
A. Solaris 10
B. Vista
C. Windows XP Pro
D. Windows 2000 SP4
E. Windows Server 2003
Answer: E
QUESTION 77:
A mobility group is created by a Cisco WLCM and 4402 Series Wireless LAN
Controller. A client that is anchored on the Cisco WLCM roams to an access point on the
4402 controller. You then run a debug command on the 4402 controller. Which message
would best describe the establishment of the tunnel from the foreign controller's

642-586
perspective?
A. Transmit Mobile Anchor Export message

B. Receive Mobile Anchor Export message
C. Transmit Plumbing duplex mobility tunnel message
D. Receive Plumbing duplex mobility tunnel message
Answer: A
QUESTION 78:
You are configuring an RF group of controllers that coordinate Radio Resource

Management calculations. What is the maximum number of WLAN controllers that you
can add?
A. 12
B. 17
C. 20
D. 24
Answer: C
QUESTION 79:
Which Cisco Aironet Series devices can be powered using 802.3af inline power?
A. Cisco Aironet 1100 Series

B. Cisco Aironet 1300 Series
C. Cisco Aironet 1400 Series
D. Cisco Aironet 1240AG Series
Answer: D
QUESTION 80:
You are installing a Cisco Aironet 1000 Series controller-based access point. When you
boot it, all the LEDs on the access point blink together. What does this indicate about the
access point?
A. normal operation
B. duplicate IP address
C. code upgrade in progress
D. searching for primary controller
Answer: C

642-586
QUESTION 81:
You have a very few Cisco 7920 wireless IP phones on your network, but lots of wireless
laptops. You want to increase the bandwidth available for the laptops by decreasing the
bandwidth reserved for the Cisco 7920 phones. What is the lowest percentage of
voice-allocated bandwidth you can select on the WLAN controller?
A. 25 percent
B. 40 percent
C. 55 percent
D. 75 percent
Answer: B
QUESTION 82:
Which of the following statements explains why it is normally best to have more than
one controller-based access point participate in the containment of one rogue access
point?
A. Multiple controller-based access points will load-balance the containment task using
fewer resources than a single access point.
B. Clients connected to the rogue access point may be out of the range of the
controller-based access point providing containment.
C. Each controller-based access point can handle only a limited amount of clients
connected to the rogue access point.
D. Clients connected to the rogue access point must be able to connect to the containment
controller-based access point.
Answer: B
QUESTION 83:
Which authentication types are allowed with the Cisco ADU when selecting
WPA/WPA2/CCKM under the security options?
A. Cisco-LEAP, EAP-FAST, EAP-PEAP (GTC), EAP-TLS

B. Cisco -LEAP, EAP-MD5, EAP-PEAP (GTC), EAP-TTLS
C. Cisco-LEAP, EAP-PSK, EAP-PEAP (MS-CHAP v2), EAP-TLS
D. Cisco-LEAP, EAP-FAST, EAP-PEAP (MS-CHAP v2), EAP-TTLS
Answer: A
QUESTION 84:
On a Cisco Aironet 802.11 a/b/g wireless LAN client adapter, the status LED and activity

642-586
LED are alternating on and off. What does this indicate?
A. The client card has failed.

B. The client card is not associated to the network.
C. The driver has been installed incorrectly.
D. The client card has awakened from power-save mode.
Answer: B
QUESTION 85:
You have just finished aligning a Cisco Aironet 1400 Series Wireless Bridge link using
installation mode. When you set the link back to operational mode you loose association
to the root bridge. Which action will correct the problem?
A. Configure the proper channel.

B. Enable passwords on both bridges.
C. Configure the distance parameter value.
D. Configure the bridge to force infrastructure devices to associate only to the SSID
parameter.
Answer: C
QUESTION 86:
Which of the following settings will reduce packet overhead and overall latency in a
standalone point-to-point bridge deployment?
A. enable concatenation on the root bridge only

B. enable concatenation on the non-root bridge only
C. enable concatenation on both the root bridge and non-root bridge
D. enable concatenation on the root bridge and set it as desirable on the non-root bridge
E. set concatenation as desirable on the root bridge and enable it on the non-root bridge
Answer: C
QUESTION 87:
By default, on the WLAN controller for a voice application using Cisco 7921 wireless IP
phones, what is the percentage of RF bandwidth that can be dedicated to the phones?
A. 55 percent
B. 56 percent
C. 75 percent
D. 85 percent

642-586
Answer: C
QUESTION 88:
When configuring Cisco Secure ACS to support wireless EAP authentication, which
device must be configured as a AAA client?
A. Wireless Control System

B. Wireless clients
C. Wireless controllers
D. Control-based access points
E. Location Appliance
Answer: C
QUESTION 89:
What is the maximum number of wireless controllers that the highest-end Cisco WCS
server can manage?
A. 35
B. 50
C. 100
D. 250
Answer: D
QUESTION 90:
On a WLAN controller, what is the default roaming bandwidth percentage reserved for
voice clients?
A. 6 percent
B. 12 percent
C. 18 percent
D. 24 percent
Answer: A
QUESTION 91:
You are trying to change the polling parameters used by the location manager via the
Cisco WCS, and your request is being denied. What is wrong?
A. Your login does not have the correct permissions.

642-586
B. You must wait for the location server to become available.

C. Polling values can be changed only on the location server.
D. Polling values can be changed only in the maintenance window.
Answer: A
QUESTION 92:
If all client exclusion policies are enabled, on which number of tries will 802.1X
authentications be excluded using controller-based access points?
A. three
B. four
C. five
D. six
Answer: B
QUESTION 93:
On a Cisco Aironet 1240AG Series standalone access point, the radio LED is dark blue
and blinking, but the status LED and Ethernet LED are both off. What does this indicate?
A. A firmware upgrade is in progress.

B. An access point buffer overflow is occurring.
C. The internal radio has failed.
D. The access point is booting.
Answer: A
Explanation: Blinking dark blue mean software upgrade in progress therefore

answer is A.
QUESTION 94:
How many RADIUS servers can be added to a controller and thereafter assigned to the
authentication or accounting of individual WLAN IDs?
A. 14
B. 15
C. 16
D. 17
Answer: D

642-586
QUESTION 95:
You are troubleshooting a one-way call problem with a Cisco 7920 wireless IP phone on
a standalone WLAN. What may cause this problem?
A. The minimum data rate is not set to 11 Mbps.

B. An address resolution protocol has been disabled
C. Publicly Secure Packet forwarding is enabled
D. The access point is set to the least congested channel.
Answer: B
QUESTION 96:
Which command will enable DHCP debugging on a WLAN controller?
A. debug dhcp enable

B. debug dhcp status enable
C. debug dhcp packet enable
D. enable debug dhcp packet
Answer: C
QUESTION 97:
Clients using Cisco-LEAP and EAP-FAST authentication are having no problems

logging on to the wireless network, but clients using PEAP are failing to log on. Which
situation would result in this type of problem?
A. The AAA server is set to accept both MS-CHAP v2 and GTC for PEAP
authentication.
B. Clients have been set to validate the server identity.
C. Posture validation has not been enabled.
D. Clients and server are not using certificates.
Answer: D
QUESTION 98:
A Cisco WCS version 4.0 has been installed on a server with a dual Pentium 3.0 GHz
processor, 4GB RAM, and an 80 GB hard drive. A location appliance has been
incorporated into the network and is being monitored by the Cisco WCS. There are 3000
devices to be tracked but not all of them are being tracked on the Cisco WCS. What can
be done to correct the problem?
A. Add 4GB RAM to the Cisco WCS.

642-586
B. Add a 120 GB hard drive to the Cisco WCS.

C. Add a new location appliance.
D. Add a new Cisco WCS server dedicated to the location appliance.
Answer: C
QUESTION 99:
When optimizing a standalone point-to-multipoint bridge installation with eight non-root

bridges, which of the following RTS threshold and CWmin settings would be correct for
the non-root bridges?
A. RTS threshold=4000, CWmin=3

B. RTS threshold=1, CWmin=4
C. RTS threshold=4000, CWmin=5
D. RTS threshold=1, CWmin=5
Answer: D
QUESTION 100:
What is the correct order of steps for upgrading a Cisco WCS
A. back up the database, stop the WCS, upgrade the WCS, restore the database, start the
WCS
B. stop the WCS, back up the database, upgrade the WCS, restore the database, start the
WCS
C. back up the database, stop the WCS, upgrade the WCS, start the WCS, restore the
database
D. stop the WCS, back up the database, upgrade the WCS, start the WCS, restore the
database
Answer: B
QUESTION 101:
Which protocol does the RADIUS server use inside the secure tunnel of EAP-FAST to
authenticate the client when one-time passwords are in use?
A. MS-CHAP v2
B. PAP
C. GTC
D. MD5
Answer: C

642-586
QUESTION 102:
When configuring a WLAN controller for a voice application using Cisco 7920 wireless
IP phones, which two general control settings should you select? (Choose two.)
A. Aggressive Load Balancing on

B. Aggressive Load Balancing off
C. Multicast on
D. Multicast off
E. AP Fallback on
F. AP Fallback off
Answer: B,D
QUESTION 103:
You are charges with implementing a secure wireless installation which will provide
Internet access to client devices but will not allow communications between wireless
clients. In addition to implementing PSPF or peer-to-peer blocking on the wireless side,
which of the following actions should you perform on the wired infrastructure?
A. Take no action, you have achieved your goal.

B. Implement a Cisco Secure IPS sensor.
C. Implement a protected port on the access switches.
D. Implement 802.1X on the switch ports.
Answer: C
QUESTION 104:
You are troubleshooting a problem with a Cisco 7920 wireless IP phone that is causing
the phone to drop calls. The problem appears to be roaming bandwidth issue. In order to
verify what kind of issue it is, you decide to increase the bandwidth reserve for roaming
on the WLAN controller to maximum. What level do you set the bandwidth to?
A. 5 percent
B. 15 percent
C. 25 percent
D. 35 percent
Answer: C
QUESTION 105:
You want to dynamically assign users to an 802.1Q VLAN as a result of their

authentication. In order to accomplish this, which two IETF RADIUS attributes should

642-586
you configure on the Cisco Secure ACS? (Choose two.)
A. 064 Tunnel-Type
B. 066 Tunnel-Client-Endpoint
C. 067 Tunnel-Server-Endpoint
D. 081 Tunnel-Private-Group-ID
E. 082 Tunnel-Assignment-ID
F. 083 Tunnel-Preference
Answer: A,D
QUESTION 106:
A client roams from H-REAP AP1 to H-REAP AP2. The client is unable to associate to
H-REAP AP2. H-REAP AP2 has six other clients associated to it, which continue to pass
traffic. What has caused this problem?
A. H-REAP AP1 lost its connection to the controller.

B. H-REAP AP2 lost its connection to the controller.
C. H-REAP AP1 has reached its client limit.
D. H-REAP AP2 has reached its client limit
Answer: B
QUESTION 107:
You are configuring a wireless LAN controller for QoS. Which 802.11e user priority tag
should you apply to voice applications?
A. 1
B. 3
C. 4
D. 6
Answer: D
QUESTION 108:
You are using ADU and are authenticated and associated to an access point. However,
you are unable to obtain an IP address. Which of these has caused this problem?
A. invalid SSID
B. invalid 802.1X authentication type
C. invalid encryption type
D. invalid WEP key

642-586
Answer: D
QUESTION 109:
Which parameter, when enabled on a standalone access point, gives the highest priority
to a voice packet even when QoS is not enabled?
A. QoS Element for Wireless Phones

B. IGMP Snooping
C. WMM
D. AVVID Priority Mapping
Answer: A
QUESTION 110:
You review the Failed Attempts logs on an AAA server and find: "unknown network
access server error." Which failure could produce this error?
A. failure of the wireless client and AAA server handshake

B. supplicant authentication failure
C. AAA client and AAA server handshake
D. Wrong password used by the supplicant
Answer: C
QUESTION 111:
If it is properly deployed, a controller-based access point is capable of monitoring all

VLANs on a network when you select which of the following modes from the AP Mode
drop-down menu on the controller?
A. Monitor
B. Rogue Detector
C. Sniffer
D. Mirror
Answer: B
QUESTION 112:
On a WLAN controller, what is the default limit on the number of entries in the database
that will be used for local authentication?
A. 50

642-586
B. 128
C. 512
D. 1024
Answer: C
QUESTION 113:
Which Cisco Aironet Series has a built-in digital thermometer designed to protect the
radio?
A. Cisco Aironet 1500 Series

B. Cisco Aironet 1400 Series
C. Cisco Aironet 1300 Series
D. Cisco Aironet 1200 Series
Answer: C
QUESTION 114:
A Cisco 4404 WLAN controller is being connected to a Cisco 6500 Catalyst Series
Switch. How would you interconnect and configure LAG for connectivity and ensure
redundancy?
A. All four ports from the Cisco WLC terminated to the same Catalyst gigabit module
and channel group.
B. All four ports from the Cisco WLC terminated to the same Catalyst gigabit module
using two channel groups.
C. Ports 1 and 2 from Cisco WLC to Catalyst gigabit module slot 1 channel group 20 and
Cisco WLC ports 3 and 4 to Catalyst gigabit module slot 2 channel group 40.
D. Ports 1 and 2 from Cisco WLC to Catalyst gigabit module slot 1 channel group 10 and
Cisco WLC ports 3 and 4 to Catalyst gigabit module slot 2 channel group 10.
Answer: D
QUESTION 115:
Which of the following commands on the wireless interface of a Cisco 3845 Integrated
Service Router allows the SSID to broadcast?
A. router(config-ssid)# enable
B. router(config-ssid)# advertise
C. router(config-ssid)# broadcast
D. router(config-ssid)# guest-mode
Answer: D

642-586
QUESTION 116:
You have been called upon to add location-based services into an existing
controller-based wireless design which primarily encompasses handheld devices such as
barcode scanners and Cisco 7920 wireless IP phones. In which mode should you deploy
the additional access points to achieve the density required without excessive co-channel
interference?
A. sniffer mode
B. monitor mode
C. location mode
D. tracking mode
Answer: B
QUESTION 117:
What is the maximum number of WLAN controllers that can join a single mobility
group?
A. 12
B. 24
C. 36
D. 48
Answer: B
QUESTION 118:
When attempting to connect to the WLAN using HTTP authentication, a client is

automatically redirected to a login page. The login page is on which device that uses the
controller-based products?
A. Access Point
B. Cisco Location Appliance
C. Cisco WCS
D. WirelessLan Controller
Answer: D
Explanation:
The key here is to remember that it is asking you to what device are you being redirected.
This is an example of the guest access network using Web Authentication.

642-586
QUESTION 119:
Which of the following statements are true regarding the benefits of the guest tunnel and
auto-anchor mobility features of WLAN controllers? (Choose three.)
A. Only one controller may be specified as the mobility anchor for a given WLAN.
B. Client traffic travels and asymmetric path.
C. Prime application is "guest WLAN," in which it is desirable to limit guest access to
the corporate network by first passing through the corporate firewall, maintaining
consistent security policies.
D. All WLAN controllers can be configured for either side of the tunnel as the foreign or
anchor controller.
E. The auto-anchor mobility feature tunnels all client traffic from a specific WLAN
(SSID) to a specific WLAN controller to provide a physical IP point of presence.
F. They allow the implementation of geographic access policies, which can restrain client
traffic to a specific sub-network, regardless of its physical location.
Answer: C,E,F
QUESTION 120:
Cisco Identity Based Network Services used with Cisco Secure ACS provides which two
of the following benefits? (Choose two.)
A. Strong mutual authentication using public key infrastructure, tokens, and smart cards
B. Both user-based and device-based identified entities mapped to policies that are
centrally created and administered by Cisco WCS
C. User accounting and auditing and the abilityto track and display users on a map
D. Flexible policy assignments such as per-user quotas and virtual LAN assignments
E. High accuracy location of identity-based users
Answer: A,D
QUESTION 121:
The Cisco WCS makes WLAN configuration, monitoring, and management as simple
and effective as wired systems management. Which three functions are associated with
core capabilities of the Cisco WCS?
A. Customized Reports
B. Software Updates
C. Network Mapping
D. ACL Enforcement
E. RADIUS Authentication
F. Management of Cisco Clean Access

642-586
Answer: A,B,C
QUESTION 122:
What is the Cisco-recommended signal-to-noise ratio for a data rate of 54 Mbps on a

5-GHz data network?
A. 25 dB
B. 35 dB
C. 30 dB
D. 40 dB
Answer: C
Explanation:
The key to this answer is that they are looking at the 54 Mbps data rate in the 5Ghz
frequency.
QUESTION 123:
If the Cisco WLAN controller cannot reach the primary AAA server, it will proceed to
the next server on the list by priority index. The Cisco WLAN controller will return to
the primary AAA server, when reachable, upon which of these events?
A. The primary server has been active for a preset dead-server time.
B. The secondary server is unreachable.
C. The primary server has become reachable.
D. The secondary server had been used for a preset dead-server time.
Answer: A
QUESTION 124:
What is the maximum number of wireless devices that a Cisco 2700 Series Wireless
Location Appliance can track, operating with Cisco WCS version 4.0?
A. 2500
B. 500
C. 1500
D. 1000
Answer: A
Explanation:

642-586
The version of WCS is irrelevant here, since a Location appliance can only track a total
of 2500 client simultaneously.
QUESTION 125:
Which three items are associated with the wireless standalone product set? (Choose
three.)
A. CiscoWorks Wireless LAN Solution Engine

B. Wireless LAN Context Control Protocol
C. Wireless Domain Services
D. Cisco Wireless Control System
E. Lightweight Access Point Protocol
Answer: A,B,C
QUESTION 126:
The CiscoWorks Wireless LAN Solution Engine uses which protocol for radio
managment?
A. CCKM
B. LWAPP
C. WLCCP
D. SNMP
Answer: C
QUESTION 127:
Which of the following integrated services routers supports the integrated 2.4-GHz b/g
access points?
A. Cisco 1803
B. Cisco 1841
C. Cisco 1811
D. Cisco 1812
Answer: B
Explanation:
This is a tough question because based on today's options all the above units support an
802.11a/b/g access point, but only earlier versions of the 1841 supported it.
QUESTION 128:

642-586
Which WEP key protection method was introduced in Cisco Compatible extensions
version 1?
A. TKIP and MIC

B. EAP-Cisco Wireless (Cisco Leap)
C. AES
D. Cisco Key Integrity Protocol and Cisco MIC (CKIP/CMIC)
Answer: D
QUESTION 129:
What is the minimum recommended dBm when designing a VOIP network with
54-Mbps cells, and no more than one access point per overlapping channel set?
A. -67
B. -56
C. -86
D. -35
Answer: B
Explanation:
You must be aware that they are asking for the cut off for the 54-Mbps data rate, not the
11-Mbps data rate.
QUESTION 130:
How many mesh access points can be placed on a map with efficient link rendering in
Cisco WCS?
A. 100
B. 150
C. 50
D. 200
Answer: A
QUESTION 131:
The recommended channel utilization QOS Basic Service Set load for a VOIP network
should be less than which value?
A. 45
B. 40
C. 50

642-586
D. 35
Answer: A
QUESTION 132:
The source port of LWAPP Layer 3 data traffic is UDP Port 1024 or greater. What is the
destination port?
A. 12223
B. 12225
C. 12222
D. 12224
Answer: C
QUESTION 133:
Guest tunneling is a feature used for the guest WLAN. How many tunnels can a virtual
anchor WLAN controller support?
A. 70
B. 40
C. 30
D. 60
E. 50
Answer: B
QUESTION 134:
.The Newton Manufacturing Company has three facilities that are located in Columbia,
South Carolina. The corporate office is located in an 11-story building downtown. The
R&D facility is located on the north side of the city approximately 4 miles (6.4 km) from
the corporate office in a five story building. The manufacturing facility is located
approximately 6 mile (9.6 km) to the northwest of the corporate office. Line of sight
exists from the downtown office to all facilities. Users at the manufacturing plant require
network connectivity for file-sharing and e-mail, while users at the R&D facility require
high-speed internet access with the ability to send large CAD drawings to the corporate
office and large machine control files to the manufacturing facility. Presently, the
manufacturing facility is connected to the corporate office by a 64-kbps leased line, and
the R&D facility is connected to both the corporate office and the manufacturing facility
by a dedicated T1 li!
ne. The company plans to add a second line of development to the R&D facility within
the next 60 days. The current T1 lines are at a constant 70 percent utilization rate. The
current projected lead time for the installation of additional lines is 90 days if the cable

642-586
plant will support it.

Which deployment option would provide the most benefit to the customer?
A. Point-To-Multipoint solution with the root bridge located at the manufacturing

facility.
B. Point-To-Multipoint solution with the root bridge located at the corporate office.
C. Point-to-Point link from the corporate to manufacturing, and a Point-To-Point link
from corporate to R&D.
D. Point-To-Multipoint solution with the root bridge located at the R&D facility.
Answer: D
Explanation:
This solution provides the greatest level of bandwidth from R&D to both Manufacturing
and Corporate offices.
QUESTION 135:
In a controller-based architecture, a control message sent between the access point and
the controller is secured using which protocol?
A. CCKM
B. TKIP
C. LWAPP
D. AES
Answer: D
Explanation:
LWAPP is incorrect because it stands for Light Weight Access Point Protocol
QUESTION 136:
How many signatures does the Cisco IPS 4200 Series Sensor platform support?
A. 1500 to 1600 signatures

B. More than 1700 signatures
C. Up to 1400 signatures
D. 1600 to 1700 signatures
Answer: B
QUESTION 137:
Which three settings should be set on the WLAN controller for a VOIP network designed
for Cisco Unified Wireless IP Phone 7920? (Choose three.)

642-586
A. GoldQoS
B. AES Encryption
C. Multicast-disabled
D. Multicast-enabled
E. TKIP Encryption
F. PlatinumQoS
Answer: C,E,F
QUESTION 138:
Certkiller .com has a small remote site with 10 standalone access points. In which two of
the following scenarios would it be appropriate to implement CiscoWorks WLSE
Express? (Choose two.)
A. MAC Authentication is required and an external AAA server is available.

B. EAP-FAST security is required and no external AAA server is available.
C. MAC Authentication is required and no external AAA server is available.
D. EAP-FAST security is required and an external AAA server is available.
E. EAP-Cisco Wireless (Cisco LEAP) security is required and no external AAA server is
available.
F. EAP-Cisco Wireless (Cisco LEAP) security is required and an external AAA server is
available.
Answer: B,E
QUESTION 139:
Which DSCP value is mapped to the IEEE 802.11e user priority for voice in a Cisco
WLAN?
A. 46
B. 34
C. 48
D. 56
Answer: A
QUESTION 140:
Why is a separate voice VLAN recommended when you use the Cisco Unified Wireless
IP Phone 7920?
A. The Cisco Unified Wireless IP Phone 7920 uses IEEE 802.11b.

B. The voice VLAN can provide Layer 3 fast secure roaming.

642-586
C. AppropriateALCs can be applied to the voice VLAN.

D. Quality of service can be applied to the voice VLAN.
Answer: C
QUESTION 141:
As a result of a security site survey, the following is discovered.

An RF signal is available in the parking lot.
Six access points are found belonging to employees.
Static WEP keys are in use in the receiving department.
No security is being used on the access point in Human Resources.
Wireless VOIP clients in use do not support EAP-FAST.
There is no strong password policy in place.
EAP-Cisco Wireless (Cisco LEAP) is being used for wireless VOIP security.
All clients can support WPA.
VLANs are in use.
Based on these findings, what is recommended to enhance the security of the wireless
VOIP network?
A. Enable static WEP on access points that are supporting wireless VOIP traffic
B. Enforce a strong password policy
C. Enable EAP-FAST authentication
D. Create a separate management VLAN
Answer: B
QUESTION 142:
What is the maximum number of WLAN controllers that can be supported on one
instance of Cisco WCS running on a high-end server?
A. 100 Controllers
B. 250 Controllers
C. 500 Controllers with up to 25 access points each
D. 1500 Controllers
E. 50 Controllers
F. 250 Controllers with up to 50 access points each
Answer: B
Explanation:
This answer is very version specific; prior to version 4.2 this limit was 250 Controllers,
after version 4.2 it is 750 Controllers.

642-586
QUESTION 143:
What is the minimum recommended dBm when designing a VOIP network with
11-Mbps cells, and no more than one access point per overlapping channel set?
A. -67
B. -86
C. -35
D. -56
Answer: A
Explanation:
You must be aware that they are asking for the cut off for the 11-Mbps data rate, not the
54-Mbps data rate.
QUESTION 144:
How many VLANs are supported on the Cisco 1242AG Series Access Point in
controller-based networking?
A. 20
B. 16
C. 8
D. 12
Answer: C
Explanation:
Currently the Cisco 1242AG can only support 8 SSID's and therefore only 1 VLAN per
SSID for a total of 8 VLANs .
QUESTION 145:
Before a Cisco Unified Wireless IP Phone 7920 can place a call, it will compare the
QBSS in the beacon from the access point with the QBSS threshold in the phone. What
actions will the Unified Wireless IP Phone 7920 take if the QBSS threshold in the beacon
is exceeded?
A. Prompt Number Busy

B. Place the call
C. Disconnect from the access point
D. Prompt Network Busy
Answer: D

642-586
QUESTION 146:
At the end of the time frame set by the Lobby Ambassador for the guest user account to
be active, which of the following actions must be taken by the administrator regarding
the deletion of the account, if it exists on multiple controllers?
A. The administrator must delete the template from the Cisco WCS.
B. Take no action, the WLAN controller will generate an SNMP trap and the Cisco WCS
will delete the account.
C. Take no action, the WLAN controller will generate an SNMP trap and delete the
account.
D. The administrator must delete the account from the local net user database on all
controllers.
Answer: B
QUESTION 147:
When deploying wireless networks, a trade-off must often be made between the cost of
the initial network deployment and the percentage of areas with marginal service or
coverage holes. Which of the following represents a reasonable coverage hole percentage
for a network lauch?
A. 0 - 2 percent
B. 5 - 15 percent
C. 0 - 10 percent
D. 10 - 15 percent
Answer: C
QUESTION 148:
Which two services are provided by the Cisco Unified Communications Manager?
(Choose two.)
A. Receiving and outside call on a desktop phone or a cellular phone

B. Programming an interface to external voice-processing applications
C. Tight integration with existing directories such as Microsoft Active Directory
D. Moving back from a cellular phone to a desktop phone
E. Initiating a mobility call from a remote phone, such as a cellular phone
Answer: B,C
QUESTION 149:
Which two threat categories are reported in a security summary display by the WCS?

642-586
(Choose two.)
A. Spam
B. Out-of-date antivirus definitions
C. Death flood attacks
D. Rogue access points
E. Malware
Answer: C,D
Explanation:
Malware & Out-of-date antivirus definitions are features of the Cisco NAC appliance.
QUESTION 150:
Which statement describes how RSSI information is processed in a WLAN with a

location appliance using controller-based products?
A. Access points aggregate RSSI information

B. The location appliance collects the RSSI information
C. The Cisco WCS collects and aggregates the RSSI information and forwards it to the
location appliance
D. WLAN controllers compute RSSI information
Answer: B
QUESTION 151:
When IPS sensors identify a properly authenticated wireless client who is attempting to
introduce a network virus into your environment, they alert the controller to perform
which of the following actions?
A. Transfer the client intoa quarantine VLAN

B. Trigger an alert
C. Contain the client
D. Shun the client
Answer: D
QUESTION 152:
A wireless security assessment has been performed for a network that is composed of
Windows 2000 and Windows XP wireless clients. The customer wishes to use IEEE
802.1x authentication using certificate services. Which EAP-type combinations are
appropriate?

642-586
A. EAP-Cisco Wireless (Cisco LEAP) and PEAP-GTC

B. PEAP-MSCHAP and EAP-TL.
C. PEAP-GTC and EAP-MD5
D. PEAP-MSCHAP and EAP-SIM
Answer: B
QUESTION 153:
Which two individual user parameters can be restricted by administrators of

controller-based wireless networking using Identity Based Networking Services?
(Choose two.)
A. IP Restrictions
B. WLAN Assignment
C. RF Utilization
D. Time Restrictions
E. Password length enforcement
Answer: A,C
QUESTION 154:
The Cisco WLAN controller examines a variety of real-time RF characteristics to

efficiently handle channel assignments. These characteristics include which of the three
following? (Choose three.)
A. Utilization
B. Switch Load
C. EMI
D. Client RSSI
E. Client Load
F. Noise
Answer: A,E,F
Explanation:
Switch Load and EMI are not known by the controller.
Client RSSI has no effect on channel selection, and only has effect on power selection
when a coverage hole occurs.
QUESTION 155:
How many SSID's are supported on a standalone access point with dual radios?
A. 20

642-586
B. 16
C. 12
D. 8
Answer: B
Explanation:
Currently the Cisco 1242AG can only support 8 SSID's per radio and therefore only 1
VLAN per SSID for a total of 8 VLANs per radio and 2 radios thus equaling.
QUESTION 156:
What is the Cisco-recommended signal-to-noise ratio for a data rate of 54 Mbps on a

2.4-GHz data network?
A. 35 dB
B. 25 dB
C. 40 dB
D. 30 dB
Answer: A
Explanation:
The key to this answer is that they are looking at the 54 Mbps data rate not 11 Mbps.
Also it is the 2.4-GHz frequency.
QUESTION 157:
When a wireless controller loses connectivity to a remote Cisco Aironet 1030

Lightweight Access Point in REAP mode, what will be the next step for that remote
access point?
A. Continue to provide local WLAN1 connectivity for shared key authentication only
B. Provide local WLAN1 connectivity using local-site AAA authentication server
C. Disconnect all associated clients
D. Lose its configuration
E. Support no more than 10 wireless clients
Answer: A
QUESTION 158:
What is the Cisco-recommended limit of standalone access points to be managed by a

CiscoWorks WLSE 1130-19 with RF management enabled?
A. 1500

642-586
B. 1800
C. 1000
D. 2500
Answer: B
QUESTION 159:
Which four criteria does the Cisco Unified Wireless IP Phone 7921G use to associate
with the access point? (Choose four.)
A. Same Encryption
B. Highest RSSI
C. Highest QBSS
D. Lowest QBSS
E. Lowest RSSI
F. Same SSID
Answer: A,B,D,F
Explanation:
Remember that the lower the QBSS value the Better, the Higher the RSSI value the
better.
QUESTION 160:
Which two devices support role flexibility? (Choose two.)
A. CiscoAironet 1400 Series Wireless Bridge

B. CiscoAironet 1242AG Series Access Point
C. CiscoAironet 1230AG Series Access Point
D. CiscoAironet 1100 Series Access Point
E. CiscoAironet 1300 Series Outdoor Access Point/Bridge
Answer: B,C
QUESTION 161:
The Cisco Wireless LAN Controller can support a maximum of how many VLANs?
A. Only supports the untagged VLAN 0

B. 16VLANs, one per SSID
C. 512VLANs
D. 4095VLANs
E. 8VLANs, one per SSID

642-586
Answer: C
QUESTION 162:
Which two key features are unique to the controller-based feature set?
A. Access Point registration via Digital certificate

B. Rogue Access Point Detection
C. Dynamic RF control without a dedicated management platform
D. Access Point participation in RF management
E. Fast Secure Roaming
Answer: A,C
QUESTION 163:
Cisco Secure ACS ensures enforcement of which three assigned policies by the
administrator? (Choose three.)
A. The creation and management of mobility groups

B. The privileges each user has in the network
C. Who can log into the network or access network
D. The placement of access points on a map.
E. The assignment of users to an access point
F. The accounting information recorded in terms of security audits or accounting billing
Answer: B,C,F
QUESTION 164:
Which three items are associated with the controller-based feature set products? (Choose
three.)
A. CiscoAironet 1400 Series Wireless Bridge

B. CiscoWorks Wireless Lan Solution Engine
C. Access point based authentication services
E. Wireless Services Module
F. CiscoAironet 1000 Series Lightweight Access Point
Answer: D,E,F
Explanation:
The others are autonomous Core products.

642-586
QUESTION 165:
Which three wireless intrusion-prevention signatures are part of the standard signature set
provided by the wireless LAN Controller? (Choose three.)
A. Deauth Flood Detection

B. NetStumbler Detection
C. Rogue Network Detection
D. Ad-hoc Network Detection
E. Rogue Access Point Detection
F. Fake Access Point Detection
Answer: A,B,F
QUESTION 166:
Controller-based products use X.509 certificates for which of the following?
A. 3DES user data frame encryption

B. AES user data frame encryption
C. LWAPP Tunneling
D. IPSec Tunneling
Answer: C
QUESTION 167:
. What is the maximum round-trip delay that an H-REAP will tolerate from a centralized
controller?
A. 1000 milliseconds
B. 100 milliseconds
C. 500 milliseconds
D. 1500 milliseconds
Answer: B
QUESTION 168:
Which three devices are required to implement a Cisco 2700 Location Appliance?
(Choose three.)
A. Standalone Access Point

B. CiscoWorks Wireless LAN Solution Engine
C. Wireless LAN Controller

642-586
E. Controller-based Access Point

F. Wireless Domain Server
Answer: C,D,E
Explanation:
These are all core feature products of the controller-based network products.
QUESTION 169:
Certkiller .com employs a Cisco 4404 Wireless LAN Controller, supporting 100 access
points across four distribution ports. They are also using link aggregation on this
controller. Which three of the following statements are true about Link Aggregation for
this customer? (Choose three.)
A. If only one functional physical link survives, all 100 access points will be supported
on the link.
B. If only one functional physical link survives, only 48 access points will be supported
on the link.
C. If any single link goes down, traffic will migrate to the user-configured backup port.
D. Only one functional physical port is needed for the controller to pass client traffic.
E. Requires multiple access point-manager interfaces.
F. Eliminates the need to configure primary and backup ports for each interface.
Answer: A,D,F
QUESTION 170:
Which feature should you implement to detect a hacker involving denial-of-service

attacks, flooding the network with associations and probes, inserting rogue access points,
and affecting network performance by attacking the quality of service?
A. Management Frame Protection

B. Cisco Message Integrity Check
C. NTP Synchronization
D. Custom Signature Monitoring
Answer: A
QUESTION 171:
In order to prevent many common attacks against WLANs from becoming effective,
Management Frame Protection should be implemented in which mode?
A. Access Point Only

B. Controller and Access Point

642-586
C. Client Only
D. Infrastructure Only
E. Controller Only
F. Client and Infrastructure
Answer: F
QUESTION 172:
The Cisco WCS logs which two security events? (Choose two.)
A. security misconfigurations on the controller

B. TKIP/MIC failures
C. rogue access points
D. wireless protocol analyzer detection
E. rogue clients
Answer: C,E
QUESTION 173:
Certkiller .com in the united states requires connectivity between two campus locations
that are located 6 miles (9.65 km) apart. The customer also needs a minimum of 54 mbps
in an area that is known to have 2.4-ghz interference. Which two devices will provide a
bridge link and avoid the interference? (Choose two.)
A. CiscoAironet 1210 Series Access Point

B. CiscoAironet 1400 Series Wireless Bridge
C. CiscoAironet 1242AG Series Access Point
D. CiscoAironet 1100 Series Access Point
E. CiscoAironet 1300 Series Outdoor Access Point/Bridge
Answer: B,C
Explanation:
These two devices support the 5.3/5.8GHz frequency range which will avoid the
interference.
QUESTION 174:
Which two requirements must be met when installing a Cisco 1400 Series Outdoor
Wireless Bridge in order to achieve a 54-Mbps link? (Choose two.)
>
A. An indoor location within 150m of the outdoor unit.

B. A Clear Channel

642-586
C. Visual Line of Sight

D. A Distance of less than 12 miles
E. A Distance of less than 15 miles
Answer: A, D
Explanation:
The maximum distance from outdoor unit to indoor unit is 150 meters. Visual line of
sight is not possible over 5 miles, but it is still possible and for a 54-Mbps link it must be
less than 12 miles.
QUESTION 175:
Which two are part of the Cisco Self-Defending Network? (Choose two.)
A. IPS
B. IDS
C. BN
D. IBN
E. RF
Answer: A, B
QUESTION 176:
Which are two advantages of performing a site survey ? (Choose two.)
A. Select the frequency

B. Identify the environmental obstacles
C. Determine the appropriate client types
D. Determine the throughput requirements
E. Determine the optimum placement of the access points
Answer: BE
QUESTION 177:
The WCS has alarms that are displayed that indicate level of severity with regard to the
WLAN.
(Choose 3 ).
A. Acknowledged
B. Active
C. Severe
D. Critical
E. Major

642-586
F. Minor
Answer: DEF

Exam: 642-586 Title: Cisco Advanced Wireless LAN For System Ver: 05-27-2009

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Exam: 642-586 Title: Cisco Advanced Wireless LAN For System Ver: 05-27-2009

Caricato da

Copyright:

Formati disponibili

Exam : 642-586

Title : Cisco Advanced Wireless LAN for System

A. Cisco 2811 Integrated Services Router

A. TKIP and MIC Failures

Actualtests.com - The Power of Knowing

OFDM provides which improvement over DSSS in the 2.4-GHz range?

A. greater resistance to multipath interference

Actualtests.com - The Power of Knowing

A. scan all host systems and log all open ports

Actualtests.com - The Power of Knowing

authentication server? (Choose three.)

Actualtests.com - The Power of Knowing

A. 4.9-GHz interface in bridge mode, 802.11 interface in bridge mode

Which three faults are generated by radio management? (Choose three.)

Actualtests.com - The Power of Knowing

A. Cisco Aironet 1400 Series wireless bridge

A. It requires a supervisor 32 or 720.

How is the bridge group name used in a wireless mesh deployment?

A. It is used to retrieve the secret shared key.

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Which authentication mechanism was introduced in Cisco Compatible Extensions

A. CKIP and CMIC

How many prior configuration versions can be archived on the WLSE?

Actualtests.com - The Power of Knowing

A. EAP-Cisco Wireless (LEAP) security is required and no external AAA server is

Actualtests.com - The Power of Knowing

A. Cisco 4136 Wireless LAN Controller

What is a component of the Cisco trust and identity management system?

Actualtests.com - The Power of Knowing

A. It has a maximum of five modules per chassis.

Actualtests.com - The Power of Knowing

In a non-WDS environment, the local authentication services on an autonomous access

A. root access point

A. rogue access points

Actualtests.com - The Power of Knowing

D. denial of service attacks

A. 5.725 to 5.825 GHz

Which feature was introduced in Cisco Compatible Extensions program version 1?

Actualtests.com - The Power of Knowing

Which threat is detected by the WLSE?

A. rogue access points

Typical mesh access-point placements in a suburban environment should be separated by

Actualtests.com - The Power of Knowing

A. 300 to 350 feet

Which statement describes how RSSI information is processed in a WLAN with a

A. Access points aggregate RSSI information.

Actualtests.com - The Power of Knowing

There is one controller and one AP per subnet.

Actualtests.com - The Power of Knowing

A. PEAP-GTC and EAP-FAST

Which security protocols are supported by a REAP in standalone mode?

A. WPA-PSK, PEAP MSCHAP, and WEP

A. CKIP and CMIC

Actualtests.com - The Power of Knowing

When a wireless controller loses connectivity to a remote Cisco Aironet 1030

A. continue to provide local connectivity

A. Data traffic is not encrypted.

Actualtests.com - The Power of Knowing

A. access point participation in RF management

Which feature was introduced in Cisco Compatible Extensions program version 2?

Actualtests.com - The Power of Knowing