Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-401ScenariosWireless LAN and WLC Scenarios
Scenario PracticeCisco · 350-401

350-401 Wireless LAN and WLC Scenarios

Wireless questions on the CCNA cover 802.11 standards (ax/ac/n), WPA3, SSID/BSSID concepts, WLC architecture (FlexConnect, local switching), and client connectivity troubleshooting. These are mostly MCQ and multi-select.

Start Scenario Practice

Other Scenarios

Refer to the ExhibitSW1 and SW2 VLAN TrunkingRouter R1 Cannot Reach R3Show IP Route OutputWhich Command Should the Administrator UseDrag and Drop Ordering QuestionsDrag and Drop Matching QuestionsSelect Two (Multi-Select) QuestionsPerformance-Based Questions (PBQs)Hard Difficulty QuestionsTroubleshooting Scenario QuestionsShow Command Output QuestionsOSPF Troubleshooting ScenariosVLAN and Inter-VLAN Routing ScenariosSpanning Tree Protocol ScenariosNAT and PAT Configuration ScenariosAccess Control List (ACL) ScenariosDHCP Troubleshooting ScenariosEtherChannel and LACP ScenariosIPv6 Configuration Scenarios

Study Tools

Practice TestTopic PracticeMock Exam

Common Traps on Wireless LAN and WLC Scenarios

  • ·Confusing SSID (the network name) with BSSID (the AP's MAC address — unique per radio).
  • ·Saying 'Wi-Fi 6 only supports 5 GHz' — 802.11ax supports both 2.4 GHz and 5 GHz.
  • ·Choosing WPA2 as the 'current' standard — WPA3 replaced it and is what Cisco now positions as current.
  • ·Confusing FlexConnect with local mode — FlexConnect switches client traffic locally; local mode tunnels it to the WLC.

Sample Questions

Practice all 15 →
1.

Which THREE of the following are valid considerations when planning a wireless network for high-density environments?

A.Use a channel reuse plan that minimizes co-channel interference.
B.Prefer the 5 GHz band over 2.4 GHz for client connectivity.
C.Lower AP transmit power to reduce cell size and increase capacity.
D.Increase AP transmit power to maximize coverage.

Explanation: Option A is correct because a channel reuse plan that minimizes co-channel interference is essential in high-density environments to ensure that adjacent access points (APs) do not use the same or overlapping channels, which would degrade throughput. By carefully planning channel assignments (e.g., using non-overlapping channels in the 5 GHz band), you maximize spatial reuse and overall network capacity.

2.

A network engineer is deploying a new WLAN and needs to ensure that client traffic is encrypted using AES with a pre-shared key. Which security configuration should be applied to the wireless SSID?

A.WPA2-PSK with AES
B.WPA3-PSK with AES
C.WPA2-PSK with TKIP
D.WEP with AES

Explanation: WPA2-PSK with AES is the correct choice because the requirement specifies AES encryption with a pre-shared key. WPA2-PSK (Wi-Fi Protected Access 2 – Pre-Shared Key) mandates AES-CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) as the encryption protocol, providing strong, standards-compliant security for client traffic. This configuration directly satisfies the need for both AES encryption and PSK authentication.

3.

A network engineer is deploying a new wireless LAN controller (WLC) in a campus network. The WLC must manage 200 access points across three buildings. The engineer configures the WLC with a management IP address and enables CAPWAP. However, the access points fail to join the WLC. The APs are in the same VLAN as the WLC and can ping the WLC's management IP. What is the most likely cause of the APs not joining?

A.The WLC does not have a CAPWAP source interface configured.
B.The APs are not configured with DHCP option 43 to point to the WLC.
C.The APs are running an incompatible IOS version that does not support CAPWAP.
D.The APs must be assigned a static IP address to join the WLC.

Explanation: The correct answer is that the APs are unable to discover the WLC via CAPWAP because the WLC's CAPWAP source interface is not configured or is misconfigured. Even though the APs can ping the management IP, CAPWAP discovery requires the WLC to respond from a consistent source IP. The other options are less likely: DHCP option 43 is not needed if APs are in the same subnet, APs do not need a specific IOS version to join, and APs do not need a static IP if they can obtain one via DHCP.

4.

An engineer is configuring a new Cisco 9800 WLC in a branch office. The WLC will manage 50 APs and must provide guest access with a captive portal. The engineer configures a guest SSID with open authentication and a redirect ACL for the captive portal. However, after the configuration, clients can associate to the guest SSID but cannot reach the captive portal page. What is the most likely cause?

A.The guest SSID is configured with open authentication, which does not support captive portal.
B.The redirect ACL is missing entries for DNS and HTTP traffic to the captive portal server.
C.The WLC does not have a dedicated guest interface configured.
D.The captive portal requires a RADIUS server to be configured on the WLC.

Explanation: The correct answer is that the redirect ACL is not properly configured to allow DNS and HTTP traffic to the captive portal server. Without proper ACL entries, the client's HTTP request is not redirected to the portal. The other options are incorrect because open authentication does not require a pre-shared key, the WLC does not need a specific interface for guest traffic (it can use a service port or management interface), and captive portal does not require RADIUS authentication by default.

5.

A company is deploying a new wireless network in a large warehouse. The network engineer must choose between using a centralized WLC architecture (with CAPWAP tunnels) or a converged access (SD-Access) wireless architecture. The warehouse has high-density client areas and requires low latency for real-time applications like voice and video. Which architecture should the engineer choose and why?

A.Centralized WLC architecture, because it provides better RF management and security.
B.Converged access (SD-Access) wireless, because it allows local switching of traffic at the access layer, reducing latency.
C.Centralized WLC architecture, because it requires fewer access points to cover the warehouse.
D.Converged access (SD-Access) wireless, because it requires fewer WLCs to manage the network.

Explanation: The correct answer is converged access (SD-Access) because it enables local switching of traffic at the access layer, reducing latency and improving performance for real-time applications. Centralized CAPWAP tunnels would force all traffic back to the WLC, increasing latency. The other options are incorrect because centralized architecture does not inherently provide better RF management, and SD-Access does not require more APs or more WLCs.

+10 more scenario questions available

Practice all Wireless LAN and WLC Scenarios

Related Topics

802.11 standardswpa3 securitywlc architecture

Frequently asked questions

How do "Wireless LAN and WLC Scenarios" appear on the real 350-401?

Wireless questions on the CCNA cover 802.11 standards (ax/ac/n), WPA3, SSID/BSSID concepts, WLC architecture (FlexConnect, local switching), and client connectivity troubleshooting. These are mostly MCQ and multi-select. These appear throughout the 350-401 and require you to apply your knowledge, not just recall facts.

How many scenario questions are on the 350-401 exam?

Cisco doesn't publish an exact breakdown, but scenario-based questions (especially exhibit and command-output formats) make up a significant portion of the 350-401. Practicing each scenario type ensures you're ready for any format.

Are these 350-401 scenario practice questions free?

Yes. Courseiva provides free 350-401 scenario practice across all official exam domains. The platform includes scenario-based questions, command-output interpretation, topic-based practice, mock exams, and readiness tracking — no account required.

Ready to practice this scenario type?

Launch a full Wireless LAN and WLC Scenarios session with instant scoring and detailed explanations.

Start Scenario Practice →

Scenario Info

Type

Scenario Practice

Exam

350-401

Questions

15+