nerdexam
Cisco

350-401 · Question #533

Refer to the exhibit. A company requires that all wireless users authenticate using dynamic key generation. Which configuration must be applied?

The correct answer is D. AP(config-if-ssid)# authentication open eap eap_methods. For wireless users requiring dynamic key generation, the configuration must utilize EAP authentication, as it facilitates dynamic key exchange through a RADIUS server.

Submitted by tunde_lagos· Mar 6, 2026Security

Question

Refer to the exhibit. A company requires that all wireless users authenticate using dynamic key generation. Which configuration must be applied?

Exhibits

350-401 question #533 exhibit 1
350-401 question #533 exhibit 2

Options

  • AAP(config-if-ssid)# authentication open wep wep_methods
  • BAP(config-if-ssid)# authentication dynamic wep wep_methods
  • CAP(config-if-ssid)# authentication dynamic open wep_dynamic
  • DAP(config-if-ssid)# authentication open eap eap_methods

How the community answered

(35 responses)
  • A
    3% (1)
  • B
    6% (2)
  • C
    9% (3)
  • D
    83% (29)

Why each option

For wireless users requiring dynamic key generation, the configuration must utilize EAP authentication, as it facilitates dynamic key exchange through a RADIUS server.

AAP(config-if-ssid)# authentication open wep wep_methods

`authentication open wep wep_methods` configures WEP, which uses static keys and does not provide dynamic key generation, making it insecure and not meeting the requirement.

BAP(config-if-ssid)# authentication dynamic wep wep_methods

`authentication dynamic wep wep_methods` is not a standard or valid command for enabling dynamic key generation in the context of modern wireless security protocols; WEP inherently uses static keys.

CAP(config-if-ssid)# authentication dynamic open wep_dynamic

`authentication dynamic open wep_dynamic` uses an incorrect syntax and combines 'dynamic' with WEP, which is fundamentally static in its key management, failing to meet the dynamic key generation requirement.

DAP(config-if-ssid)# authentication open eap eap_methodsCorrect

The command `authentication open eap eap_methods` configures the Access Point to use EAP (Extensible Authentication Protocol) for client authentication. EAP, typically combined with 802.1X and a RADIUS server, enables dynamic key generation and distribution per client session, providing robust security compared to static WEP keys.

Concept tested: Wireless EAP authentication for dynamic keys

Source: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-4_MR/configuration/guide/s4240.html

Topics

#802.1X#EAP authentication#Wireless AP configuration#WPA Enterprise

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice