Pass the Cisco CCIE Wireless 350-101 Questions and answers with CertsForce

In wireless antenna design, gain refers to the measure of an antenna’s ability to focus energy in a particular direction compared to a reference antenna, usually an isotropic radiator. Gain does not generate additional power; instead, it redistributes radiated energy to increase signal strength in the intended direction, enhancing the effective range and performance of the wireless link. This directional amplification is crucial in both point-to-point and point-to-multipoint deployments, as higher gain antennas can concentrate RF energy to overcome path loss and improve received signal strength at the target. Option A describes system loss calculation, which relates to link budgets, not antenna gain. Option B is unrelated, as checksum figures are part of digital error detection in wireless frames. Option D pertains to environmental tolerance, not RF signal characteristics. In Cisco Wireless Core Technologies, antenna gain is considered during RF planning, coverage modeling, and site surveys to ensure optimal signal distribution, proper overlap, and minimal interference, particularly for high-density deployments. Using high-gain directional antennas in corridors or long hallways, for instance, improves coverage and throughput while minimizing interference outside the target area. Reference topics:RF Fundamentals — Antenna gain, directional radiation patterns, link budget, site survey planning.

Device sensitivity in a wireless environment refers to receiver sensitivity: the minimum RF signal level a client or AP radio must receive to successfully detect, demodulate, and decode a transmission. Cisco defines receiver sensitivity as the minimum signal power level, expressed in dBm or mW, required for a receiver to accurately decode a given signal. Cisco RF design guidance further states that sensitivity indicates the lowest received power before the receiver considers the signal unintelligible.

Therefore, option A is correct because sensitivity is fundamentally about the radio’s capability to process a received signal at low power levels. A more sensitive receiver can decode weaker frames, improving effective coverage and receive performance, provided the signal-to-noise ratio and interference conditions remain acceptable. Cisco also notes that individual device sensitivity determines how well a device can hear and demodulate RF energy, which directly affects contention behavior and WLAN performance in dense environments. Redundant gateways, beacon interval synchronization, and key refresh schedules are Layer 3 availability, 802.11 timing, and security-key management topics; they do not define RF receiver sensitivity. Reference topics:RF Fundamentals — receiver sensitivity, RSSI, dBm, SNR, demodulation, and WLAN coverage behavior.

The correct answer isMake-before-break handover logic. This is a key feature in Cisco's Ultra-Reliable Wireless Backhaul (URWB) process that allows devices to establish a connection to the next AP (Access Point) before disconnecting from the current AP. This seamless transition ensures that there is no disruption in the wireless connection as the client roams between APs, which is especially important in environments where consistent, low-latency connectivity is essential, such as in real-time applications (e.g., voice or video).

Option A (Open roaming)refers to a method of allowing devices to roam freely across networks, but it doesn't address the specific need for a seamless handover process.

Option B (Fast client handoff)refers to methods used to speed up the roaming process, but it doesn’t specifically ensure that the next AP is connected before disconnecting from the current one.

Option C (802.11v high speed roaming)is an IEEE standard feature that helps optimize roaming behavior for fast-moving devices, butmake-before-break handover logicis the specific mechanism that allows for a seamless roaming experience.

Therefore,Make-before-break handover logic(Option D) is the correct answer as it directly addresses the need for devices to establish a reliable connection to the next AP during roaming before losing connectivity with the current one.

For configuring guest access on a Cisco Catalyst 9800 WLC using an external WebAuth server, the WLAN must be explicitly associated with the external server through a parameter map. The correct command syntax in Cisco IOS XE iswireless wlan < wlan-name > followed bysecurity web-auth external < parameter-map > . This configuration links the WLAN to the external WebAuth server defined in the parameter map, allowing guests to be redirected to the portal for authentication. The parameter map (webauth-ext) contains details such as server IP, port, and other authentication parameters required for the external WebAuth interaction. Option B is incorrect because it improperly uses multiple WLAN names in one command, which is not valid syntax. Option C usesparameter external security-map, which is invalid and does not associate the WLAN correctly with the WebAuth server. Option D incorrectly combines the security and parameter-map syntax and is not supported in IOS XE for external WebAuth. Cisco Wireless Core Technologies recommends this approach for centralized guest management, allowing consistent enforcement of guest policies, seamless authentication, and integration with external WebAuth servers across multiple WLANs and APs. Reference topics:Client Connectivity Configuration — WebAuth, external guest portal, WLAN parameter map configuration, Cisco IOS XE 17.x.

The correct answer isfast BSS transition protocol, which is IEEE 802.11r Fast Transition. Cisco describes 802.11r BSS Fast Transition as the mechanism used to provide seamless roaming for wireless clients by reducing the time required to roam between access points. It achieves this by allowing keying material to be prepared or cached so that the client does not perform a full authentication exchange every time it moves to another AP within the same mobility domain.

This is specifically relevant to Layer 2 roaming because the client remains in the same Layer 2 network while reassociating to a different BSS. Fast Transition reduces roam latency, which is critical for voice, video, collaboration, barcode scanners, and other real-time applications. Cisco also classifies fast secure roaming as the method used to accelerate client roaming when Layer 2 security is configured on the WLAN. Increased beacon intervals do not provide handoff acceleration. Optimized roaming helps with sticky-client behavior but is not the secure handoff protocol. Deferred probe response is an RF/client steering behavior, not an 802.11 Layer 2 roaming key-transition method. Reference topics:802.11r Fast BSS Transition, Layer 2 roaming, fast secure roaming, WLAN mobility, and Catalyst 9800 roaming design.

When a radio wavebends around an obstaclein its path, this phenomenon is calleddiffraction. Diffraction allows the RF signal to reach areas that are not in the direct line of sight of the transmitter, such as behind walls, corners, or other obstructions. The amount of bending depends on the wavelength of the signal relative to the size of the obstacle—longer wavelengths (lower frequencies) diffract more effectively than shorter wavelengths.

This property is crucial in wireless network design, especially in enterprise or mesh deployments, because it enables coverage in complex indoor environments and around obstructions where direct line-of-sight communication is impossible. Diffraction differs from other RF phenomena:absorption(option A) occurs when RF energy is partially absorbed by materials, reducing signal strength;diffusion(option B) refers to scattering of the signal in multiple directions; andreflection(option C) occurs when RF waves bounce off surfaces like walls or ceilings, which can lead to multipath interference.

Cisco wireless design guides emphasize understanding diffraction forcoverage planning, AP placement, and optimizing signal propagationin indoor and campus deployments, ensuring that signals can adequately reach shadowed or obstructed areas without excessive loss or dead spots. Reference topic:RF Fundamentals — diffraction, reflection, absorption, and indoor wireless propagation.

The correct command isreceiver ip address 198.51.100.10 57555 protocol tls-native profile spaces-profilebecause it matches the Cisco IOS XE model-driven telemetry subscription syntax used on Catalyst 9800 controllers. Cisco documents the receiver statement under telemetry ietf subscription as receiver ip address ip-address receiver-port protocol protocol profile name, and describes it as the command that configures the receiver IP address, port, protocol, and profile for telemetry notifications.

In the exhibit, the subscription already defines the telemetry feed: encode-tdl encoding, a native stream, the TDL URI for ewlc/wlan_config, the WLC source address, and an on-change update policy. What is missing is the collector destination. For Cisco Spaces or Catalyst Center-style integrations, the WLC must know where to export telemetry and which secure transport profile to use. Cisco troubleshooting examples for Catalyst 9800 telemetry use the same command structure: receiver ip address X.X.X.X 25103 protocol tls-native profile ... under the telemetry subscription.

Options A, B, and D are invalid because they reorder the CLI keywords. IOS XE telemetry configuration is parser-order sensitive: the command begins with receiver ip address, followed by the receiver port, then protocol, then profile. Reference topic:Wireless Monitoring and Management — Catalyst 9800 streaming telemetry, Cisco Spaces integration, TLS transport, and telemetry receiver configuration.

A high-gain patch antenna is a directional antenna that concentrates RF energy into a defined coverage area rather than radiating equally in all directions. Cisco’s Wireless RF Reference Guide explains that antenna gain determines how RF power is radiated and that higher-gain antennas do not create additional transmit power; they focus existing power in a given direction. Cisco also distinguishes omnidirectional high-gain patterns, which flatten coverage, from directional antennas, which focus energy toward a target area.

That makes option C correct: a patch antenna imparts a focused beam, typically useful for covering a hallway, warehouse aisle, seating section, point-to-point link, or defined flat service area. Cisco’s antenna documentation also states that higher-gain antennas provide longer coverage distance but with a coverage-area tradeoff, especially in a particular direction. Option A is incorrect because antenna gain does not restrict operation to a single narrow frequency; frequency support is determined by antenna design and radio band. Option B describes channel overlap, not antenna behavior. Option D does not describe a standard patch antenna radiation pattern. Reference topics:RF Fundamentals — antenna gain, directional antennas, patch antenna radiation patterns, beamwidth, and coverage-cell design.

The correct action is to expose only encrypted management services: HTTPS for WebUI administration and SSH for remote CLI administration. The exhibit confirms the WLC wireless management interface is VLAN 10 with IP address 10.10.1.2, but interface placement alone does not enforce secure management protocol policy. Cisco Catalyst 9800 documentation identifies web admin settings as controller management configuration that determines administrator access, protocols, and interfaces for remote management. Cisco further states that administrators can connect securely over HTTPS, while HTTP “is not a secure connection,” and that HTTPS encrypts data to and from the server.

For CLI access, Cisco’s Catalyst 9800 Secure Shell guidance states that SSH enables secure remote access, and usingtransport input sshprevents non-SSH Telnet connections, limiting the device to SSH-only access. Therefore, options A and B violate policy because they permit Telnet and/or HTTP. Option C fails because console access is local, not remote, and disabling only HTTP still leaves Telnet exposure unresolved. Reference topics:Wireless Monitoring and Management — WLC management access, secure administration, HTTPS, SSH, and management-plane hardening.

TACACS+ is used for device administration, especially for GUI and CLI access to infrastructure platforms such as Cisco Catalyst 9800 WLCs, switches, and routers. Cisco defines TACACS+ as a security application that provides centralized validation for users attempting to access a device or network access server, and it separates authentication, authorization, and accounting functions for administrative control. Cisco ISE device administration documentation further states that TACACS+ is used to control and audit network device configuration, allowing devices to query ISE for administrator authentication and authorization while sending accounting records for logging administrator actions.

Therefore, the primary benefit is streamlined administrator access across platforms. Instead of maintaining local administrator accounts independently on every WLC or network device, TACACS+ enables centralized identity validation, role-based authorization, and consistent audit trails. Option A is incorrect because TACACS+ supports differentiated authorization rather than static grouping. Option B is the opposite of centralized accounting. Option D is inaccurate because TACACS+ is mainly for device administration, whereas client or endpoint network access is typically handled with RADIUS. Reference topics:Wireless Monitoring and Management — AAA for WLC administration, TACACS+ device administration, role-based access, and centralized audit control.