1.0 Architecture Flashcards

Question 1

Q

In a Cisco Catalyst switch equipped with two supervisor modules, an administrator must temporally remove the active supervisor from the chassis to perform hardware maintenance on it. Which mechanism ensures that the active supervisor removal is not disruptive to the network operation?
A.SSO
B.NSF/NSR
C.VRRP
D.HSRP

Answer

A

A.SSO

Explanation
Stateful Switchover (SSO) provides protection for network edge devices with dual Route Processors (RPs) that represent a single point of failure in the network design, and where an outage might result in loss of service for customers.

Question 2

Q

A company plans to implement intent-based networking in its campus infrastructure. Which design facilities migrate from a traditional campus design to a programmer fabric designer?

A. two-tier
B. three-tier
C. routed access
D. Layer 2 access

Answer

A

routed access

Explanation
For campus designs requiring simplified configuration, common end-to-end troubleshooting tools, and the fastest convergence, a design using Layer 3 switches in the access layer (routed access) in combination with Layer 3 switching at the distribution layer and core layers provides the most rapid convergence of data and control plane traffic flows.

Question 3

Q

What is the benefit of deploying an on-premises infrastructure versus a cloud infrastructure deployment?

A. faster deployment times because the additional infrastructure does not need to be purchased
B. lower latency between systems that are physically located near each other
C. less power and cooling resources needed to run infrastructure on-premises
D. ability to quickly increase compute power without the need to install additional hardware

Answer

A

B. lower latency between systems that are physically located near each other

Explanation
The difference between on-premise and cloud is essentially where this hardware and software resides. On-premise means that a company keeps all of this IT environment onsite either managed by themselves or a third-party. Cloud means that it is housed offsite with someone else responsible for monitoring and maintaining it.

Question 4

Q

What are two reasons a company would choose a cloud deployment over an on-prem deployment? (Choose two)

A. Cloud resources scale automatically to an increase in demand. On-prem requires additional capital expenditure

B. Cloud deployments require long implementation times due to capital expenditure processes. OnPrem deployments can be accomplished quickly using operational expenditure processes

C. In a cloud environment, the company controls technical issues. On-prem environments rely on the service provider to resolve a technical issue

D. In a cloud environment, the company is in full control of access to their data. On-prem risks access to data due to service provider outages

E. Cloud costs adjust up or down depending on the amount of resources consumed. On- Prem costs for hardware, power, and space are ongoing regardless of usage

Answer

A

A. Cloud resources scale automatically to an increase in demand. On-prem requires additional capital expenditure

E. Cloud costs adjust up or down depending on the amount of resources consumed. On- Prem costs for hardware, power, and space are ongoing regardless of usage

Question 5

Q

Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment?

A. storage capacity
B. efficient scalability
C. virtualization
D. supported systems

Answer

A

B. efficient scalability

Question 6

Q

Which of the following best describes the hierarchical LAN
design model? (Choose all that apply.)
1. It allows for easier troubleshooting.
2. It is highly scalable.
3. It provides a simplified design.
4. It offers improved performance.
5. It is the best design for modern data centers.
6. It allows for faster problem isolation.

Answer

A

It allows for easier troubleshooting.
It is highly scalable.
It provides a simplified design.
It offers improved performance.
It allows for faster problem isolation.

Question 7

Q

The access layer is also commonly referred to as the
_____.
1. endpoint layer
2. aggregation layer
3. end-user layer
4. network edge

Answer

A

network edge

Question 8

Q

What is the maximum number of distribution switches that
can be deployed within a hierarchical LAN design building
block?
1. Four
2. Two
3. Six
4. No limit

Question 9

Q

Which of the following enterprise network architectures is
also, known as the collapsed core?
1. Three-tier design
2. Simplified campus design
3. Two-tier design
4. Leaf–spine design

Answer

A

Two-tier design

Question 10

Q

Which network blocks can provide access to cloud
providers for end-users? (Choose two.)
1. WAN edge
2. Internet edge
3. Network services edge
4. Data center

Answer

A

WAN edge
Internet edge

Question 11

Q

Which technologies are used to deploy a simplified campus
design? (Choose all that apply.)
1. Clustering technologies
2. Stacking technologies
3. Virtual switching systems (VSSs)
4. StackWise
5. Daisy-chaining

Answer

A

Clustering technologies
Stacking technologies
Virtual switching systems (VSSs)
StackWise

Question 12

Q

What are the different design principles of an enterprise network?

Answer

A

Two-tier design (collapsed core)
Three-tier design
Layer 2 access layer (STP based)
Layer 3 access layer (routed access)
Simplified campus design
Software-Defined Access (SD-Access)

Question 13

Q

Explain a Two-Tier Design (collapsed core)

Answer

A

Smaller campus networks may have multiple departments
spread across multiple floors within a building. In these
environments, a core layer may not be needed, and collapsing
the core function into the distribution layer can be a cost-effective
solution (as no core layer means no core layer devices)
that requires no sacrifice of most of the benefits of the three-tier
hierarchical model.

Question 14

Q

Explain a Three-Tier Design

Answer

A

Three-tier designs separate the core and distribution layers and
are recommended when more than two pairs of distribution
switches are required. Multiple pairs of distribution switches
are typically required for the following reasons:
When implementing a network for a large enterprise campus
composed of multiple buildings, where each building requires a
dedicated distribution layer
When the density of WAN routers, Internet edge devices, data center
servers and network services are growing to the point where they can
affect network performance and throughput
When geographic dispersion of the LAN access switches across many
buildings in a larger campus facility would require more fiber-optic
interconnects back to a single collapsed core
When multiple distribution layers need to be interconnected, it
becomes necessary to use a core layer

Question 15

Q

Explain Layer 2 Access Layer (STP Based)

Answer

A

Traditional LAN designs use a Layer 2 access layer and a Layer
3 distribution layer. The distribution layer is the Layer 3 IP
gateway for access layer hosts. Whenever possible, it is
recommended to restrict a VLAN to a single access layer switch
to eliminate topology loops, which are common points of
failure in LANs, even when STP is enabled in the network.
Restricting a VLAN to a single switch provides a loop-free
design, but at the cost of network flexibility because all hosts
within a VLAN are restricted to a single access switch. Some
organizations require that the same Layer 2 VLAN be extended
to multiple access layer switches to accommodate an
application or a service. The looped design causes STP to block
links, which reduces the bandwidth from the rest of the
network and can cause slower network convergence.

Question 16

Q

Explain Layer 3 Access Layer (Routed Access)

Answer

A

Routed access is an alternative configuration in which Layer 3
is extended all the way to the access layer switches. In this
design, access layer switches act as full Layer 3 routed nodes
(providing both Layer 2 and Layer 3 switching), and the access to-
distribution Layer 2 uplink trunks are replaced with Layer 3
point-to-point routed links. Consequently, the Layer 2/Layer 3
the demarcation point is moved from the distribution switch to the
access switch

Question 17

Q

What are the advantages of routed access to distribution design over the Layer 2 access layer design?

Answer

A

No first-hop redundancy protocol is required: It eliminates the
need for first-hop redundancy protocols such as HSRP and VRRP.
No STP required: Because there are no Layer 2 links to block, this
design eliminates the need for STP.
Increased uplink utilization: Both uplinks from access to
distribution can be used, increasing the effective bandwidth available
to the end-users and endpoints connected to the access layer switches.
Easier troubleshooting: It offers common end-to-end
troubleshooting tools (such as ping and traceroute).
Faster convergence: It uses fast-converging routing protocols such
as Enhanced Interior Gateway Routing Protocol (EIGRP) and Open
Shortest Path First (OSPF).

Question 18

Q

What do the design of Routed access and Layer 2 access loop-free design NOT support?

Answer

A

does not support spanning VLANs across multiple access

Question 19

Q

Explain what a simplified campus design is:

Answer

A

The simplified campus design relies on switch clustering such
as a virtual switching system (VSS) and stacking technologies
such as StackWise, in which multiple physical switches act as a
single logical switch. Clustering and stacking technologies can
be applied to any of the campus building blocks to simplify
them even further

Question 20

Q

What are the advantages of a Simplified Campus Design?

Answer

A

The simplified campus design is loop-free, highly available,
flexible, resilient, and easy to manage

Simplified design: By using the single logical distribution layer
design, there are fewer boxes to manage, which reduces the amount of
time spent on ongoing provisioning and maintenance.
No first-hop redundancy protocol required: It eliminates the
need for first-hop redundancy protocols such as HSRP and VRRP
because the default IP gateway is on a single logical interface.
Reduced STP dependence: Because EtherChannel is used, it
eliminates the need for STP for a Layer 2 access design; however, STP
is still required as a failsafe in case multiple access switches are
interconnected.
Increased uplink utilization: With EtherChannel, all uplinks from
access to distribution can be used, increasing the effective bandwidth
available to the end users and endpoints connected to the access layer
switches.
Easier troubleshooting: The topology of the network from the
distribution layer to the access layer is logically a hub-and-spoke
topology, which reduces the complexity of the design and
troubleshooting.
Faster convergence: With EtherChannel, all links are in forwarding
state, and this significantly optimizes the convergence time following a
node or link failure event because EtherChannel provides fast subsecond
failover between links in an uplink bundle.
Distributed VLANs: With this design, VLANs can span multiple
access switches without the need to block any links.

Question 21

Q

Explain what Software-Defined Access (SD_Access) Design is

Answer

A

SD-Access, the industry’s first intent-based networking
solution for the enterprise is built on the principles of the
Cisco Digital Network Architecture (DNA). It is a combination
of the campus fabric design and the Digital Network
Architecture Center (Cisco DNA or DNAC). SD-Access adds
fabric capabilities to the enterprise network through
automation using SD-Access technology, and it provides
automated end-to-end segmentation to separate user, device,
and application traffic without requiring a network redesign.
With its fabric capabilities, SD-Access provides services such as
host mobility and enhanced security in addition to the normal
switching and routing capabilities

Question 22

Q

What is the main reason SD-Access uses VXLAN data
encapsulation instead of LISP data encapsulation?
1. VXLAN supports IPv6.
2. VXLAN supports Layer 2 networks.
3. VXLAN has a much smaller header.
4. VXLAN has a better ring to it.

Answer

A

VXLAN supports Layer 2 networks.

Question 23

Q

True or false: The VXLAN header used for SD-Access is
exactly the same as the original VXLAN header.
1. True
2. False

Question 24

Q

Which is the control plane used by SD-Access?

LISP control plane
EVPN MP-BGP
Multicast
VXLAN control plane

Answer

A

LISP control plane

Question 25

Q

Which field was added to the VXLAN header to allow it to
carry SGT tags?
1. Group Policy ID
2. Scalable Group ID
3. Group Based Tag
4. Group Based Policy

Answer

A

Group Policy ID

Question 26

Q

Which types of network environments were SD-Access
designed for?
1. Data center
2. Internet
3. Enterprise campus and branch
4. Service provider
5. WAN
6. Private cloud

Question 27

Q

Which of the following components are part of the SDAccess
fabric architecture? (Choose all that apply.)
1. WLCs
2. Cisco routers
3. Cisco firewalls
4. Cisco switches
5. Access points
6. Cisco ISE
7. Cisco DNA Center
8. Intrusion prevention systems

Answer

A

WLCs
Cisco routers
Cisco switches
Access points
Cisco ISE
Cisco DNA Center

Question 28

Q

What are the main components of the Cisco SD-WAN
solution? (Choose four.)
1. vManage network management system (NMS)
2. vSmart controller
3. SD-WAN routers
4. vBond orchestrator
5. vAnalytics
6. Cisco ISE
7. Cisco DNA Center

Answer

A

vManage network management system (NMS)
vSmart controller
SD-WAN routers
vBond orchestrato

Question 29

Q

True or false: The vSmart controller establishes permanent
and IPsec connections to all SD-WAN routers in the SDWAN
fabric.
1. True
2. False

Question 30

Q

True or false: SD-WAN only works over the Internet or
MPLS networks.
1. True
2. False

Question 31

Q

Which of the following is the single pane of glass for the
SD-WAN solution?
1. DNA Center
2. vBond
3. vManage
4. vSmart

Question 32

Q

What is the main function of the vBond orchestrator?
1. To authenticate the vManage NMS and the SD-WAN routers and
orchestrate connectivity between them
2. To authenticate the vSmart controllers and the SD-WAN routers
and orchestrate connectivity between them
3. To authenticate the vSmart controllers and the vManage NMS and
orchestrate connectivity between them

Answer

A

To authenticate the vSmart controllers and the SD-WAN routers
and orchestrate connectivity between them

Question 33

Q

Which description of an SD-Access wireless network infrastructure deployment is true?

A. The access point is part of the fabric underlay
B. The wireless client is part of the fabric overlay
C. The access point is part the fabric overlay
D. The WLC is part of the fabric underlay

Answer

A

C. The access point is part the fabric overlay

Explanation
Access Points
+ AP is directly connected to FE (or to an extended node switch)
+ AP is part of Fabric overlay

Question 34

Q

When a wired client connects to an edge switch in an SDA fabric, which component decides whether the client has access to the network?

A. RADIUS server
B. control-plane node
C. Identity Service Engine
D. edge node

Answer

A

C. Identity Service Engine

Question 35

Q

Which controller is the single plane of management for Cisco SD-WAN?

A. vEdge
B. vManage
C. vSmart
D. vBond

Answer

A

B. vManage

Your answers are shown below:

Question 1
Which description of an SD-Access wireless network infrastructure deployment is true?

A. The access point is part of the fabric underlay
B. The wireless client is part of the fabric overlaywrong
C. The access point is part the fabric overlaycorrect
D. The WLC is part of the fabric underlay
Explanation
Access Points
+ AP is directly connected to FE (or to an extended node switch)
+ AP is part of Fabric overlay

Reference: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKEWN-2020.pdf

Question 2
When a wired client connects to an edge switch in an SDA fabric, which component decides whether the client has access to the network?

A. RADIUS server
B. control-plane node
C. Identity Service Enginecorrect
D. edge nodewrong
Question 3
Which controller is the single plane of management for Cisco SD-WAN?

A. vEdge
B. vManagecorrect
C. vSmart
D. vBond
Explanation
The primary components for the Cisco SD-WAN solution consist of the vManage network management system (management plane), the vSmart controller (control plane), the vBond orchestrator (orchestration plane), and the vEdge router (data plane).

+ vManage – This centralized network management system provides a GUI interface to easily monitor, configure, and maintain all Cisco SD-WAN devices and links in the underlay and overlay network.

+ vSmart controller – This software-based component is responsible for the centralized control plane of the SD-WAN network. It establishes a secure connection to each vEdge router and distributes routes and policy information via the Overlay Management Protocol (OMP), acting as a route reflector. It also orchestrates the secure data plane connectivity between the vEdge routers by distributing crypto key information, allowing for a very scalable, IKE-less architecture.

+ vBond orchestrator – This software-based component performs the initial authentication of vEdge devices and orchestrates vSmart and vEdge connectivity. It also has an important role in enabling the communication of devices that sit behind Network Address Translation (NAT).

+ vEdge router – This device, available as either a hardware appliance or software-based router, sits at a physical site or in the cloud and provides secure data plane connectivity among the sites over one or more WAN transports. It is responsible for traffic forwarding, security, encryption, Quality of Service (QoS), routing protocols such as Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF), and more.

Question 36

Q

Which statement about a Cisco APIC controller versus a more traditional SDN controller is true?

A. APIC uses a policy agent to translate policies into instruction
B. APIC uses an imperative model
C. APIC supports OpFlex as a Northbound protocol
D. APIC does support a Southbound REST API

Answer

A

A. APIC uses a policy agent to translate policies into instruction

Explanation

The southbound protocol used by APIC is OpFlex that is pushed by Cisco as the protocol for policy enablement across physical and virtual switches.

Southbound interfaces are implemented with some called Service Abstraction Layer (SAL), which talks to the network elements via SNMP and CLI.

Note: Cisco OpFlex is a southbound protocol in a software-defined network (SDN).

Question 37

Q

What the role of a fusion in an SD-Access solution?

A. performs route leaking between user-defined virtual networks and shared services
B. provides connectivity to external networks
C. acts as a DNS server
D. provides additional forwarding capacity to the fabric

Answer

A

A. performs route leaking between user-defined virtual networks and shared services

Explanation
Today the Dynamic Network Architecture Software Defined Access (DNA-SDA) solution requires a fusion router to perform VRF route leaking between user VRFs and Shared-Services, which may be in the Global routing table (GRT) or another VRF. Shared Services may consist of DHCP, Domain Name System (DNS), Network Time Protocol (NTP), Wireless LAN Controller (WLC), Identity Services Engine (ISE), DNAC components which must be made available to other virtual networks (VN’s) in the Campus

Question 38

Q

On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?

A. VXLAN
B. LISP
C. IS-IS
D. Cisco TrustSec

Answer

A

A. VXLAN

Explanation

The tunneling technology used for the fabric data plane is based on Virtual Extensible LAN (VXLAN). VXLAN encapsulation is UDP-based, meaning that it can be forwarded by any IP-based network (legacy or third party) and creates the overlay network for the SD-Access fabric. Although LISP is the control plane for the SD-Access fabric, it does not use LISP data encapsulation for the data plane; instead, it uses VXLAN encapsulation because it is capable of encapsulating the original Ethernet header to perform MAC-in-IP encapsulation, while LISP does not. Using VXLAN allows the SD-Access fabric to support Layer 2 and Layer 3 virtual topologies (overlays) and the ability to operate over any IP-based network with built-in network segmentation (VRF instance/VN) and built-in group-based policy.

Question 39

Q

Which function does a fabric edge node perform in an SD-Access deployment?

A. Encapsulates end-user data traffic into LISP.
B. Connects endpoints to the fabric and forwards their traffic
C. Connects the SD-Access fabric to another fabric or external Layer 3 networks
D. Provides reachability border nodes in the fabric underlay

Answer

A

B. Connects endpoints to the fabric and forwards their traffic

Explanation

There are five basic device roles in the fabric overlay:
+ Control plane node: This node contains the settings, protocols, and mapping tables to provide the endpoint-to-location (EID-to-RLOC) mapping system for
the fabric overlay.
+ Fabric border node: This fabric device (for example, core layer device) connects external Layer 3 networks to the SDA fabric.
+ Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.
+ Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the SDA fabric.
+ Intermediate nodes: These are intermediate routers or extended switches that do not provide any sort of SD-Access fabric role other than underlay services

Question 40

Q

Which action is the vSmart controller responsible for in an SD-WAN deployment?

A. manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric
B. onboard vEdge nodes into the SD-WAN fabric
C. distribute security information for tunnel establishment between vEdge routers
D. gather telemetry data from vEdge routers

Answer

A

C. distribute security information for tunnel establishment between vEdge routers

Explanation

+ Orchestration plane (vBond) assists in securely onboarding the SD-WAN WAN Edge routers into the SD-WAN overlay (-> Therefore answer “onboard vEdge nodes into the SD-WAN fabric” mentioned about vBond). The vBond controller, or orchestrator, authenticates and authorizes the SD-WAN components onto the network. The vBond orchestrator takes an added responsibility to distribute the list of vSmart and vManage controller information to the WAN Edge routers. vBond is the only device in SD-WAN that requires a public IP address as it is the first point of contact and authentication for all SD-WAN components to join the SD-WAN fabric. All other components need to know the vBond IP or DNS information.

+ Management plane (vManage) is responsible for central configuration and monitoring. The vManage controller is the centralized network management system that provides a single pane of glass GUI interface to easily deploy, configure, monitor and troubleshoot all Cisco SD-WAN components in the network. (-> Answer “manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric” and answer “gather telemetry data from vEdge routers” are about vManage)

+ Control plane (vSmart) builds and maintains the network topology and make decisions on the traffic flows. The vSmart controller disseminates control plane information between WAN Edge devices, implements control plane policies and distributes data plane policies to network devices for enforcement (-> Answer “distribute security information for tunnel establishment between vEdge routers” is about vSmart)

Question 41

Q

How does a fabric AP fit in the network?

A. It is in FlexConnect mode and must be connected directly to the fabric border node
B. It is in local mode and must be connected directly to the fabric border node

C. It is in local mode and must connected directly to the fabric edge switch
D. It is in FlexConnect mode and must be connected directly to the fabric edge switch

Answer

A

C. It is in local mode an must connected directly to the fabric edge switch

Explanation

Fabric mode APs continue to support the same wireless media services that traditional APs support; apply AVC, quality of service (QoS), and other wireless policies; and establish the CAPWAP control plane to the fabric WLC. Fabric APs join as local-mode APs and must be directly connected to the fabric edge node switch to enable fabric registration events, including RLOC assignment via the fabric WLC. The fabric edge nodes use CDP to recognize APs as special wired hosts, applying special port configurations and assigning the APs to a unique overlay network within a common EID space across a fabric. The assignment allows management simplification by using a single subnet to cover the AP infrastructure at a fabric site.

Question 42

Q

What are two device roles in Cisco SD-Access fabric? (Choose two)

A. vBond controller
B. edge node
C. access switch
D. core switch
E. border node

Answer

A

B. edge node

E. border node

Explanation

There are five basic device roles in the fabric overlay:
+ Control plane node: This node contains the settings, protocols, and mapping tables to provide the endpoint-to-location (EID-to-RLOC) mapping system for the fabric overlay.
+ Fabric border node: This fabric device (for example, core layer device) connects external Layer 3 networks to the SDA fabric.
+ Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.
+ Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the SDA fabric.
+ Intermediate nodes: These are intermediate routers or extended switches that do not provide any sort of SD-Access fabric role other than underlay services

Question 43

Q

In a Cisco SD-WAN solution, how is the health of a data plane tunnel monitored?

A. using BFDcorrect
B. ARP probing
C. with OMP
D. with IP SLA

Answer

A

A. using BFDcorrect

Explanation

The BFD (Bidirectional Forwarding Detection) is a protocol that detects link failures as part of the Cisco SD-WAN (Viptela) high availability solution, is enabled by default on all vEdge routers, and you cannot disable it.

Question 44

Q

What is one fact about Cisco SD-Access wireless network deployments?

A. The access point is part of the fabric underlay
B. The wireless client is part of the fabric overlay
C. The WLC is part of the fabric underlay
D. The access point is part the fabric overlay

Answer

A

D. The access point is part the fabric overlay

Explanation

Access Points
+ AP is directly connected to FE (or to an extended node switch)
+ AP is part of Fabric overlay

Question 45

Q

Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD-Access architecture?

A. overlay network
B. underlay network
C. VPN routing/forwarding
D. easy virtual network

Answer

A

A. overlay network

Explanation

An overlay network creates a logical topology used to virtually connect devices that are built over an arbitrary physical underlay topology.

An overlay network is created on top of the underlay network through virtualization (virtual networks). The data plane traffic and control plane signaling are contained within each virtualized network, maintaining isolation among the networks and an independence from the underlay network.

SD-Access allows for the extension of Layer 2 and Layer 3 connectivity across the overlay through the services provided by through LISP.

Question 46

Q

What is the function of the fabric control plane node in a Cisco SD-Access deployment?

A. It provides integration with legacy nonfabric-enabled environments.
B. It performs traffic encapsulation and security profiles enforcement in the fabric.
C. It is responsible for policy application and network segmentation in the fabric.
D. It holds a comprehensive database that tracks endpoints and networks in the fabric.

Answer

A

D. It holds a comprehensive database that tracks endpoints and networks in the fabric.

Explanation

Fabric control plane node (C): One or more network elements that implement the LISP Map-Server (MS) and Map-Resolver (MR) functionality. The control plane node’s host tracking database keep track of all endpoints in a fabric site and associates the endpoints to fabric nodes in what is known as an EID-to-RLOC binding in LISP.

Question 47

Q

In a Cisco SD-Access wireless architecture, which device manages endpoint ID to Edge Node bindings?

A. fabric wireless controller
B. fabric border node
C. fabric edge node
D. fabric control plane node

Answer

A

D. fabric control plane node

Explanation

SD-Access Wireless Architecture Control Plane Node –A Closer Look

Fabric Control-Plane Node is based on a LISP Map Server / Resolver

Runs the LISP Endpoint ID Database to provide overlay reachability information
+ A simple Host Database, that tracks Endpoint ID to Edge Node bindings (RLOCs)
+ Host Database supports multiple types of Endpoint ID (EID), such as IPv4 /32, IPv6 /128* or MAC/48
+ Receives prefix registrations from Edge Nodes for wired clients, and from Fabric mode WLCs for wireless clients
+ Resolves lookup requests from FE to locate Endpoints
+ Updates Fabric Edge nodes, Border nodes with wireless client mobility and RLOC information

Question 48

Q

In an SD-WAN deployment, which action in the vSmart controller responsible for?

A. gather telemetry data from vEdge routers
B. handle, maintain and gather configuration and status for nodes within the SD-WAN fabric
C. onboard vEdge nodes into the SD-WAN fabric
D. distribute policies that govern data forwarding performed within the SD-WAN fabric

Answer

A

D. distribute policies that govern data forwarding performed within the SD-WAN fabric

Explanation

Control plane (vSmart) builds and maintains the network topology and makes decisions on the traffic flows. The vSmart controller disseminates control plane information between WAN Edge devices, implements control plane policies, and distributes data plane policies to network devices for enforcement.

Question 49

Q

In a Cisco SD-Access fabric, which control plane protocol is used for mapping and resolving endpoints?

A. VXLAN
B. LISPcorrect
C. DHCP
D. SXP

Answer

A

A. vBond

Explanation

+ Orchestration plane (vBond) assists in securely onboarding the SD-WAN WAN Edge routers into the SD-WAN overlay. The vBond controller, or orchestrator, authenticates and authorizes the SD-WAN components onto the network. The vBond orchestrator takes an added responsibility to distribute the list of vSmart and vManage controller information to the WAN Edge routers. vBond is the only device in SD-WAN that requires a public IP address as it is the first point of contact and authentication for all SD-WAN components to join the SD-WAN fabric. All other components need to know the vBond IP or DNS information.

Question 50

Q

In an SD-Access solution, what is the role of a fabric edge node?

A. to connect the fusion router to the SD-Access fabric
B. to connect external Layer 3- network to the SD-Access fabric
C. to advertise fabric IP address space to external network
D. to connect wired endpoint to the SD-Access fabric

Answer

A

D. to connect wired endpoint to the SD-Access fabric

Explanation

+ Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.

Question 51

Q

What is the role of the vsmart controller in a Cisco SD-WAN environment?

A. It performs authentication and authorization
B. It manages the control plane.
C. It is the centralized network management system.
D. It manages the data plane.

Answer

A

B. It manages the control plane.

Explanation

+ Control plane (vSmart) builds and maintains the network topology and make decisions on the traffic flows. The vSmart controller disseminates control plane information between WAN Edge devices, implements control plane policies and distributes data plane policies to network devices for enforcement.

Question 52

Q

Which tunneling technique is used when designing a Cisco SD-Access fabric data plane?

A. VRF
B. LISP
C. VXLAN
D. VRF Lite

Answer

A

C. VXLAN

Explanation

The tunneling technology used for the fabric data plane is based on Virtual Extensible LAN (VXLAN). VXLAN encapsulation is UDP based, meaning that it can be forwarded by any IP-based network (legacy or third party) and creates the overlay network for the SD-Access fabric. Although LISP is the control plane for the SD-Access fabric, it does not use LISP data encapsulation for the data plane; instead, it uses VXLAN encapsulation because it is capable of encapsulating the original Ethernet header to perform MAC-in-IP encapsulation, while LISP does not. Using VXLAN allows the SD-Access fabric to support Layer 2 and Layer 3 virtual topologies (overlays) and the ability to operate over any IP-based network with built-in network segmentation (VRF instance/VN) and built-in group-based policy.

Question 53

Q

In a wireless Cisco SD-Access deployment, which roaming method is used when a user moves from one access point to another on a different access switch using a single WLC?

A. fast roam
B. inter-xTR
C. auto anchor
D. Layer 3

Answer

A

B. inter-xTR

Explanation

SDA supports two additional types of roaming, which are Intra-xTR and Inter-xTR. In SDA, xTR stands for an access-switch that is a fabric edge node. It serves both as an ingress tunnel router as well as an egress tunnel router.

When a client on a fabric enabled WLAN, roams from an access point to another access point on the same access-switch, it is called Intra-xTR. Here, the local client database and client history table are updated with the information of the newly associated access point.

When a client on a fabric enabled WLAN, roams from an access point to another access point on a different access-switch, it is called Inter-xTR. Here, the map server is also updated with the client location (RLOC) information. Also, the local client database is updated with the information of the newly associated access point.

Question 54

Q

Which protocol is responsible for data plane forwarding in a Cisco SD-Access deployment?

A. LISP
B. IS-IS
C. OSPF
D. VXLAN

Answer

A

D. VXLAN

Explanation

Cisco SD-WAN uses Overlay Management Protocol (OMP) which manages the overlay network. OMP runs between the vSmart controllers and WAN Edge routers (and among vSmarts themselves) where control plane information, such as the routing, policy, and management information, is exchanged over a secure connection.

Question 55

Q

Which statement about the default QoS configuration on a Cisco switch is true?

A. The Cos value of each tagged packet is modified
B. Port trust is enabled
C. The Port Cos value is 0
D. All traffic is sent through four egress queues

Answer

A

C. The Port Cos value is 0

Question 56

Q

Which marking field is used only as an internal marking within a router?

A. IP Precedence
B. MPLS Experimental
C. QOS Group
D. Discard Eligibility

Answer

A

C. QOS Group

Explanation

Cisco routers allow you to mark two internal values (qos-group and discard-class) that travel with the packet within the router but do not modify the packet’s contents.

Question 57

Q

An engineer is describing QoS to a client. Which two facts apply to traffic policing? (Choose two)

A. Policing should be performed as close to the destination as possible
B. Policing adapts to network congestion by queuing excess traffic
C. Policing drops traffic that exceeds the defined rate
D. Policing typically delays the traffic, rather than drops it
E. Policing should be performed as close to the source as possible

Answer

A

C. Policing drops traffic that exceeds the defined rate
E. Policing should be performed as close to the source as possible

Explanation

Traffic policing propagates bursts. When the traffic rate reaches the configured maximum rate (or committed information rate), excess traffic is dropped (or remarked). The result is an output rate that appears as a saw-tooth with crests and troughs.

Unlike traffic shaping, traffic policing does not cause delay.

Classification (which includes traffic policing, traffic shaping and queuing techniques) should take place at the network edge. It is recommended that classification occur as close to the source of the traffic as possible.

Also according to this Cisco link, “policing traffic as close to the source as possible”

Question 58

Q

Which QoS mechanism will prevent a decrease in TCP performance?

A. Rate-Limit
B. Policer
C. WRED
D. Fair-Queue
E. LLQ
F. Shaper

Answer

A

C. WRED

Explanation

Weighted Random Early Detection (WRED) is just a congestion avoidance mechanism. WRED drops packets selectively based on IP precedence. Edge routers assign IP precedences to packets as they enter the network. When a packet arrives, the following events occur:

The average queue size is calculated.
If the average is less than the minimum queue threshold, the arriving packet is queued.
If the average is between the minimum queue threshold for that type of traffic and the maximum threshold for the interface, the packet is either dropped or queued, depending on the packet drop probability for that type of traffic.
If the average queue size is greater than the maximum threshold, the packet is dropped.

WRED reduces the chances of tail drop (when the queue is full, the packet is dropped) by selectively dropping packets when the output interface begins to show signs of congestion (thus it can mitigate congestion by preventing the queue from filling up). By dropping some packets early rather than waiting until the queue is full, WRED avoids dropping large numbers of packets at once and minimizes the chances of global synchronization. Thus, WRED allows the transmission line to be used fully at all times.

WRED generally drops packets selectively based on IP precedence. Packets with a higher IP precedence are less likely to be dropped than packets with a lower precedence. Thus, the higher the priority of a packet, the higher the probability that the packet will be delivered.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conavd/configuration/15-mt/qos-conavd-15-mt-book/qos-conavd-cfg-wred.html

WRED is only useful when the bulk of the traffic is TCP/IP traffic. With TCP, dropped packets indicate congestion, so the packet source will reduce its transmission rate. With other protocols, packet sources may not respond or may resend dropped packets at the same rate. Thus, dropping packets does not decrease congestion.

Question 59

Q

During deployment, a network engineer notices that voice traffic is not being tagged correctly as it traverses the network. Which COS to DSCP map must be modified to ensure that voice traffic is treated properly?

A. COS of 3 to DSCP of 26
B. COS of 5 to DSCP 46
C. COS of 6 to DSCP 46
D. COS of 7 to DSCP 48

Answer

A

B. COS of 5 to DSCP 46

Explanation

CoS value 5 is commonly used for VOIP and CoS value 5 should be mapped to DSCP 46. DSCP 46 is defined as being for EF (Expedited Forwarding) traffic flows and is the value usually assigned to all interactive voice and video traffic. This is to keep the uniformity from end-to-end that DSCP EF (mostly for VOICE RTP) is mapped to COS 5.

Note:

+ CoS is a L2 marking contained within an 802.1q tag,. The values for CoS are 0 – 7
+ DSCP is a L3 marking and has values 0 – 63
+ The default DSCP-to-CoS mapping for CoS 5 is DSCP 40

Question 60

Q

How does QoS traffic shaping alleviate network congestion?

A. It drops packets randomly from lower priority queues.
B. It drops packets when traffic exceeds a certain bitrate.
C. It fragments large packets and queues them for delivery.
D. It buffers and queue packets above the committed rate.

Answer

A

D. It buffers and queue packets above the committed rate.

Explanation

Traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of time. The result of traffic shaping is a smoothed packet output rate.

Question 61

Q

Which QoS component alters a packet to change the way that traffic is treated in the network?

A. Classification
B. Marking
C. Policing
D. Shaping

Answer

A

B. Marking

Explanation

QoS Packet Marking refers to changing a field within a packet either at Layer 2 (802.1Q/p CoS, MPLS EXP) or Layer 3 (IP Precedence, DSCP and/or IP ECN).

Question 62

Q

Which QoS queuing method transmits packets out of the interface in the order the packets arrive?

A. custom
B. FIFO
C. weighted- fair
D. priority

Answer

A

B. FIFO

Explanationthe

First-in, first-out (FIFO): FIFO entails no concept of priority or classes of traffic. With FIFO, transmission of packets out the interface occurs in the order the packets arrive, which means no QoS.

Question 63

Q

What is the difference between a RIB and a FIB?

A. The RIB maintains a mirror image of the FIB
B. The RIB is used to make IP source prefix-based switching decisions
C. The FIB is where all IP routing information is stored
D. The FIB is populated based on RIB content

Answer

A

D. The FIB is populated based on RIB content

Explanation

CEF uses a Forwarding Information Base (FIB) to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and those changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table. Because there is a one-to-one correlation between FIB entries and routing table entries, the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with earlier switching paths such as fast switching and optimum switching.

Note: In order to view the Routing information base (RIB) table, use the “show ip route” command. To view the Forwarding Information Base (FIB), use the “show ip cef” command. RIB is in Control plane while FIB is in Data plane.

Question 64

Q

How are the Cisco Express Forwarding table and the FIB related to each other?

A. There can be only one FIB but multiple Cisco Express Forwarding tables on IOS devices
B. The FIB is used to populate the Cisco Express Forwarding table
C. The Cisco Express Forwarding table allows route lookups to be forwarded to the route processor for processing before they are sent to the FIB
D. Cisco Express Forwarding uses a FIB to make IP destination prefix-based switching decisions

Answer

A

D. Cisco Express Forwarding uses a FIB to make IP destination prefix-based switching decisions

Explanation

The Forwarding Information Base (FIB) table – CEF uses a FIB to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and these changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table.

Answer 59

A

B. It maintains two tables in the data plane the FIB and adjacency table

Answer 60

A

A. Each hash maps directly to a single entry in the adjacency table
D. It combines the source and destination IP addresses to create a hash for each destination

Explanation

Cisco IOS software basically supports two modes of CEF load balancing: On a per-destination or per-packet basis.

For per destination load balancing a hash is computed out of the source and destination IP address (-> Answer ‘It combines the source and destination IP addresses to create a hash for each destination’ is correct). This hash points to exactly one of the adjacency entries in the adjacency table (-> Answer ‘Each hash maps directly to a single entry in the adjacency table is correct), providing that the same path is used for all packets with this source/destination address pair. If per-packet load balancing is used the packets are distributed round-robin over the available paths. In either case, the information in the FIB and adjacency tables provide all the necessary forwarding information, just like for non-load balancing operation.

The number of paths used is limited by the number of entries the routing protocol puts in the routing table, the default in IOS is 4 entries for most IP routing protocols with the exception of BGP, where it is one entry. The maximum number that can be configured is 6 different paths -> Answer ‘Cisco Express Forwarding can load-balance over a maximum of two destinations’ is not correct.

Answer 61

A

A. The RIB is a database of routing prefixes, and the FIB is the information used to choose the egress interface for each packet.
D. The RIB is derived from the control plane, and the FIB is derived from the RIB.

Answer 62

A

A. CEF uses the FIB and the adjacency table to make forwarding decisions, whereas process switching punts each packet.

Explanation

“Punt” is often used to describe the action of moving a packet from the fast path (CEF) to the route processor for handling.

Cisco Express Forwarding (CEF) provides the ability to switch packets through a device in a very quick and efficient way while also keeping the load on the router’s processor low. CEF is made up of two different main components: the Forwarding Information Base (FIB) and the Adjacency Table.

Process switching is the slowest switching methods (compared to fast switching and Cisco Express Forwarding) because it must find a destination in the routing table. Process switching must also construct a new Layer 2 frame header for every packet. With process switching, when a packet comes in, the scheduler calls a process that examines the routing table, determines which interface the packet should be switched to and then switches the packet. The problem is, this happens for the every packet.

Answer 63

A

C. The RIB includes many routes to the same destination prefix. The FIB contains only the best route.

Answer 64

A

C. radar
D. rogue AP

Explanation

According to the Meraki webpage, radar and rogue AP are two sources of Wireless Interference.

Interference between different WLANs occurs when the access points within range of each other are set to the same RF channel.

Note: Microwave ovens (not conventional oven) emit damaging interfering signals at up to 25 feet or so from an operating oven. Some microwave ovens emit radio signals that occupy only a third of the 2.4-GHz band, whereas others occupy the entire band.

Reference: https://www.ciscopress.com/articles/article.asp?p=2351131&seqNum=2

So answer ‘conventional oven’ is not a correct answer.

Answer 65

A

D. When connected to the controller, FlexConnect APs can tunnel traffic back to the controller
E. FlexConnect mode is a wireless solution for branch office and remote office deployments

Explanation

FlexConnect is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office.

The FlexConnect access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication.

Answer 66

A

A. DHCP Option 43
E. broadcasting on the local subnet

Explanation

A Cisco lightweight wireless AP needs to be paired with a WLC to function.

An AP must be very diligent to discover any controllers that it can join—all without any preconfiguration on your part. To accomplish this feat, several methods of discovery are used. The goal of discovery is just to build a list of live candidate controllers that are available, using the following methods:
+ Prior knowledge of WLCs
+ DHCP and DNS information to suggest some controllers (DHCP Option 43)
+ Broadcast on the local subnet to solicit controllers

Reference: CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide

If you do not tell the LAP where the controller is via DHCP option 43, DNS resolution of “Cisco-capwap-controller.local_domain”, or statically configure it, the LAP does not know where in the network to find the management interface of the controller.

In addition to these methods, the LAP does automatically look on the local subnet for controllers with a 255.255.255.255 local broadcast

Answer 67

A

C. RADIUS server

Explanation

Deploying WPA2-Enterprise requires a RADIUS server, which handles the task of authenticating network users access. The actual authentication process is based on the 802.1X policy and comes in several different systems labeled EAP. Because each device is authenticated before it connects, a personal, encrypted tunnel is effectively created between the device and the network.

Answer 68

A

D. Layer 3 intercontroller

Explanation

If the clients roam between APs registered to different controllers and the client WLAN on the two controllers is on different subnet, then it is called inter-controller L3 roam.

In this situation as well controllers exchange mobility messages. Client database entry change is completely different that to L2 roam(instead of move, it will copy). In this situation the original controller marks the client entry as “Anchor” where as new controller marks the client entry as “Foreign“.The two controllers now referred to as “Anchor controller” & “Foreign Controller” respectively. Client will keep the original IP address & that is the real advantage.

Note: Inter-Controller (normally layer 2) roaming occurs when a client roam between two APs registered to two different controllers, where each controller has an interface in the client subnet.

Answer 69

A

B. noise floor
D. RSSI

Explanation

Signal to Noise Ratio (SNR) is defined as the ratio of the transmitted power from the AP to the ambient (noise floor) energy present. To calculate the SNR value, we add the Signal Value to the Noise Value to get the SNR ratio. answer ‘EIRP’ positive value of the SNR ratio is always better.

Here is an example to tie together this information to come up with a very simple RF plan calculator for a single AP and a single client.
+ Access Point Power = 20 dBm
+ 50 foot antenna cable = – 3.35 dB Loss
+ Signal attenuation due to glass wall with metal frame = -6 dB
+ External Access Point Antenna = + 5.5 dBi gain
+ RSSI at WLAN Client = -75 dBm at 100ft from the AP
+ Noise level detected by WLAN Client = -85 dBm at 100ft from the AP

Based on the above, we can calculate the following information.
+ EIRP of the AP at source = 20 – 3.35 + 5.5 = 22.15 dBm
+ Transmit power as signal passes through glass wall = 22.15 – 6 = 16.15 dBm
+ SNR at Client = -75 + -85 = 10 dBm (difference between Signal and Noise)

Reference: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/CMX/CMX_RFFund.html

Receive Signal Strength Indicator (RSSI) is a measurement of how well your device can hear a signal from an access point or router. It’s a value that is useful for determining if you have enough signal to get a good wireless connection.

EIRP tells you what’s the actual transmit power of the antenna in milliwatts.

dBm is an abbreviation for “decibels relative to one milliwatt,” where one milliwatt (1 mW) equals 1/1000 of a watt. It follows the same scale as dB. Therefore 0 dBm = 1 mW, 30 dBm = 1 W, and -20 dBm = 0.01 mW

Answer 70

A

D. text string

Answer 71

A

B. It does not require a RADIUS server certificate

Explanation

The EAP-FAST protocol is a publicly accessible IEEE 802.1X EAP type that Cisco developed to support customers that cannot enforce a strong password policy and want to deploy an 802.1X EAP type that does not require digital certificates.

EAP-FAST is also designed for simplicity of deployment since it does not require a certificate on the wireless LAN client or on the RADIUS infrastructure yet incorporates a built-in provisioning mechanism.

Answer 72

A

B. Mobility express

Explanation

Mobility Express is the ability to use an access point (AP) as a controller instead of a real WLAN controller. But this solution is only suitable for small to midsize, or multi-site branch locations where you might not want to invest in a dedicated WLC. answer ‘Autonomous’ Mobility Express WLC can support up to 100 APs. Mobility Express WLC also uses CAPWAP to communicate to other APs.

Note: Local mode is the most common mode that an AP operates in. This is also the default mode. In local mode, the LAP maintains a CAPWAP (or LWAPP) tunnel to its associated controller.

Answer 73

A

C. Patch

Explanation

A patch antenna, in its simplest form, is just a single rectangular (or circular) conductive plate that is spaced above a ground plane. Patch antennas are attractive due to their low profile and ease of fabrication.

The azimuth and elevation plane patterns are derived by simply slicing through the 3D radiation pattern. In this case, the azimuth plane pattern is obtained by slicing through the x-z plane, and the elevation plane pattern is formed by slicing through the y-z plane. Note that there is one main lobe that is radiated out from the front of the antenna. There are three back lobes in the elevation plane (in this case), the strongest of which happens to be 180 degrees behind the peak of the main lobe, establishing the front-to-back ratio at about 14 dB. That is, the gain of the antenna 180 degrees behind the peak is 14 dB lower than the peak gain.

Answer 74

A

A. local WLC

Explanation

This paragraph was taken from the link https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html#c5:

“The next step is to configure the WLC for the Internal web authentication. Internal web authentication is the default web authentication type on WLCs.”

In step 4 of the link above, we will configure Security as described in this question. Therefore we can deduce this configuration is for Internal web authentication.

Answer 75

A

A. The hidden SSID was not manually configured on the client.

Answer 76

A

B. CISCO-CAPWAP-CONTROLLER.local

Explanation

The Lightweight AP (LAP) can discover controllers through your domain name server (DNS). For the access point (AP) to do so, you must configure your DNS to return controller IP addresses in response to CISCO-LWAPP-CONTROLLER.localdomain, where localdomain is the AP domain name. When an AP receives an IP address and DNS information from a DHCP server, it contacts the DNS to resolve CISCO-CAPWAP-CONTROLLER.localdomain. When the DNS sends a list of controller IP addresses, the AP sends discovery requests to the controllers.

The AP will attempt to resolve the DNS name CISCO-CAPWAP-CONTROLLER.localdomain. When the AP is able to resolve this name to one or more IP addresses, the AP sends a unicast CAPWAP Discovery Message to the resolved IP address(es). Each WLC that receives the CAPWAP Discovery Request Message replies with a unicast CAPWAP Discovery Response to the AP.

Answer 77

A

A. On

Explanation

Link aggregation (LAG) is a partial implementation of the 802.3ad port aggregation standard. It bundles all of the controller’s distribution system ports into a single 802.3ad port channel.

Restriction for Link aggregation:

+ LAG requires the EtherChannel to be configured for ‘mode on’ on both the controller and the Catalyst switch.

Answer 78

A

D. adaptive R

Explanation

802.11r Fast Transition (FT) Roaming is an amendment to the 802.11 IEEE standards. It is a new concept for roaming. The initial handshake with the new AP occurs before the client roams to the target AP. Therefore it is called Fast Transition. 802.11r provides two methods of roaming:

+ Over-the-air: With this type of roaming, the client communicates directly with the target AP using IEEE 802.11 authentication with the Fast Transition (FT) authentication algorithm.
+ Over-the-DS (distribution system): With this type of roaming, the client communicates with the target AP through the current AP. The communication between the client and the target AP is carried in FT action frames between the client and the current AP and is then sent through the controller.

But both of these methods do not deal with legacy clients.

The 802.11k allows 11k capable clients to request a neighbor report containing information about known neighbor APs that are candidates for roaming.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html

IEEE 802.11v is an amendment to the IEEE 802.11 standard which describes numerous enhancements to wireless network management. One such enhancement is Network assisted Power Savings which helps clients to improve the battery life by enabling them to sleep longer. Another enhancement is Network assisted Roaming which enables the WLAN to send requests to associated clients, advising the clients as to better APs to associate to. This is useful for both load balancing and in directing poorly connected clients.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/802-11v.pdf

Cisco 802.11r supports three modes:
+ Pure mode: only allows 802.11r client to connect
+ Mixed mode: allows both clients that do and do not support FT to connect
+ Adaptive mode: does not advertise the FT AKM at all, but will use FT when supported clients connect

Therefore “Adaptive mode” is the best answer here.

Answer 79

A

B. Yagi

Explanation

A Yagi antenna is formed by driving a simple antenna, typically a dipole or dipole-like antenna, and shaping the beam using a well-chosen series of non-driven elements whose length and spacing are tightly controlled.

Reference: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.html

Answer 80

A

D. Not all of the controllers within the mobility group are using the same virtual interface IP address

Explanation

A prerequisite for configuring Mobility Groups is “All controllers must be configured with the same virtual interface IP address”. If all the controllers within a mobility group are not using the same virtual interface, inter-controller roaming may appear to work, but the handoff does not complete, and the client loses connectivity for a period of time. -> Answer ‘Not all of the controllers within the mobility group are using the same virtual interface IP address’ is correct.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/mobility_groups.html

Answer ‘Not all of the controllers in the mobility group are using the same mobility group name’ is not correct because when the client moves to a different mobility group (with different mobility group name), that client would be connected (provided that the new connected controller had information about this client in its mobility list already) or drop (if the new connected controller have not had information about this client in its mobility list). For more information please read the note below.

Note:

A mobility group is a set of controllers, identified by the same mobility group name, that defines the realm of seamless roaming for wireless clients. By creating a mobility group, you can enable multiple controllers in a network to dynamically share information and forward data traffic when inter-controller or inter-subnet roaming occurs. Controllers in the same mobility group can share the context and state of client devices as well as their list of access points so that they do not consider each other’s access points as rogue devices.

Let’s take an example:

The controllers in the ABC mobility group share access point and client information with each other. The controllers in the ABC mobility group do not share the access point or client information with the XYZ controllers, which are in a different mobility group. Therefore if a client from ABC mobility group moves to XYZ mobility group, and the new connected controller does not have information about this client in its mobility list, that client will be dropped.

Note: Clients may roam between access points in different mobility groups if the controllers are included in each other’s mobility lists.

Answer 81

A

A. intra-controller

Explanation

Mobility, or roaming, is a wireless LAN client’s ability to maintain its association seamlessly from one access point to another securely and with as little latency as possible. Three popular types of client roaming are:

Intra-Controller Roaming: Each controller supports same-controller client roaming across access points managed by the same controller. This roaming is transparent to the client as the session is sustained, and the client continues using the same DHCP-assigned or client-assigned IP address.

Inter-Controller Roaming: Multiple-controller deployments support client roaming across access points managed by controllers in the same mobility group and on the same subnet. This roaming is also transparent to the client because the session is sustained and a tunnel between controllers allows the client to continue using the same DHCP- or client-assigned IP address as long as the session remains active.

Inter-Subnet Roaming: Multiple-controller deployments support client roaming across access points managed by controllers in the same mobility group on different subnets. This roaming is transparent to the client because the session is sustained and a tunnel between the controllers allows the client to continue using the same DHCP-assigned or client-assigned IP address as long as the session remains active.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01100.html

Answer 82

A

A. The AP is joining a primed WLC

Answer 83

A

B. increase the dynamic channel assignment interval

Explanation

These message logs inform that the radio channel has been reset (and the AP must be down briefly). With dynamic channel assignment (DCA), the radios can frequently switch from one channel to another but it also makes disruption. The default DCA interval is 10 minutes, which is matched with the time of the message logs. By increasing the DCA interval, we can reduce the number of times our users are disconnected for changing radio channels.

Answer 84

A

A. EIRP

Explanation

Once you know the complete combination of transmitter power level, the length of cable, and the antenna gain, you can figure out the actual power level that will be radiated from the antenna. This is known as the effective isotropic radiated power (EIRP), measured in dBm.

EIRP is a very important parameter because it is regulated by governmental agencies in most countries. In those cases, a system cannot radiate signals higher than a maximum allowable EIRP. To find the EIRP of a system, simply add the transmitter power level to the antenna gain and subtract the cable loss.

EIRP = Tx Power – Tx Cable + Tx Antenna

Suppose a transmitter is configured for a power level of 10 dBm (10 mW). A cable with 5-dB loss connects the transmitter to an antenna with an 8-dBi gain. The resulting EIRP of the system is 10 dBm – 5 dB + 8 dBi, or 13 dBm.

You might notice that the EIRP is made up of decibel-milliwatt (dBm), dB relative to an isotropic antenna (dBi), and decibel (dB) values. Even though the units appear to be different, you can safely combine them because they are all in the dB “domain”.

Reference: CCNA Wireless 640-722 Official Cert Guide

Answer 85

A

B. Option 43

Answer 86

A

C. the interface specified on the WLAN configuration

Answer 87

A

C. unicast discovery request to each WLC

Explanation

The AP will attempt to resolve the DNS name CISCO-CAPWAP-CONTROLLER.localdomain. When the AP is able to resolve this name to one or more IP addresses, the AP sends a unicast CAPWAP Discovery Message to the resolved IP address(es). Each WLC that receives the CAPWAP Discovery Request Message replies with a unicast CAPWAP Discovery Response to the AP.

Reference: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/107606-dns-wlc-config.html

Answer 88

A

B. sensor mode

Explanation

As these wireless networks grow especially in remote facilities where IT professionals may not always be on site, it becomes even more important to be able to quickly identify and resolve potential connectivity issues ideally before the users complain or notice connectivity degradation.
To address these issues we have created Cisco’s Wireless Service Assurance and a new AP mode called “sensor” mode. Cisco’s Wireless Service Assurance platform has three components, namely, Wireless Performance Analytics, Real-time Client Troubleshooting, and Proactive Health Assessment. Using a supported AP or dedicated sensor the device can actually function much like a WLAN client would associating and identifying client connectivity issues within the network in real time without requiring an IT or technician to be on site.

Reference: https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/dam/en/us/td/docs/wireless/controller/technotes/8-5/b_Cisco_Aironet_Sensor_Deployment_Guide.html.xml

Answer 89

A

D.syslog level errors and less severity messages

Explanation

At first, we thought “greater severity” means higher prioriry (or severity with smaller value) in the Syslog level table below:

LevelKeywordDescription0emergenciesSystem is unusable1alertsImmediate action is needed2criticalCritical conditions exist3errorsError conditions exist4warningsWarning conditions exist5notificationNormal, but significant, conditions exist6informationalInformational messages7debuggingDebugging messages

For example, levels 0 to 4 are “greater severity” than level 5. But according to this Cisco link:

“If you set a syslog level, only those messages whose severity is equal to or less than that level are sent to the syslog servers. For example, if you set the syslog level to Notifications (severity level 5), only those messages whose severity is betwen 0 and 5 are sent to the syslog servers.”

The correct answer for this question should be “equal or less severity”.

Answer 90

A

A. fish tank
D. mirrored wall

Explanation

Windows can actually block your WiFi signal. How? Because the signals will be reflected by the glass.

Some new windows have transparent films that can block certain wave types, and this can make it harder for your WiFi signal to pass through.

Tinted glass is another problem for the same reasons. They sometimes contain metallic films that can completely block out your signal.
Mirrors, like windows, can reflect your signal. They’re also a source of electromagnetic interference because of their metal backings.

Reference: https://dis-dot-dat.net/what-materials-can-block-a-wifi-signal/

An incandescent light bulb, incandescent lamp or incandescent light globe is an electric light with a wire filament heated until it glows. WiFi operates in the gigahertz microwave band. The FCC has strict regulations on RFI (radio frequency interference) from all sorts of things, including light bulbs -> Incandesent lights do not interfere Wi-Fi networks.

Note:

+ Many baby monitors operate at 900MHz and won’t interfere with Wi-Fi, which uses the 2.4GHz band.
+ DECT cordless phone 6.0 is designed to eliminate wifi interference by operating on a different frequency. There is essentially no such thing as DECT wifi interference.

Answer 91

A

D. The client database entry moves from controller A to controller B

Explanation

This is called Inter Controller-L2 Roaming. Inter-Controller (normally layer 2) roaming occurs when a client roam between two APs registered to two different controllers, where each controller has an interface in the client subnet. In this instance, controllers exchange mobility control messages (over UDP port 16666) and the client database entry is moved from the original controller to the new controller.

Answer 92

A

A. saquery-retry-time
C. mandatory
F. association-comeback

Answer 93

A

A. configure option 43 Hex F104.AC10.3205

Explanation

We will have the answer from this paragraph:

“TLV values for the Option 43 suboption: Type + Length + Value. Type is always the suboption code 0xf1. Length is the number of controller management IP addresses times 4 in hex. Value is the IP address of the controller listed sequentially in hex. For example, suppose there are two controllers with management interface IP addresses, 192.168.10.5 and 192.168.10.20. The type is 0xf1. The length is 2 * 4 = 8 = 0x08. The IP addresses translates to c0a80a05 (192.168.10.5) and c0a80a14 (192.168.10.20). When the string is assembled, it yields f108c0a80a05c0a80a14. The Cisco IOS command that is added to the DHCP scope is option 43 hex f108c0a80a05c0a80a14.”

Reference: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html

Therefore in this question the option 43 in hex should be “F104.AC10.3205 (the management IP address of 172.16.50.5 in hex is AC.10.32.05).

Answer 94

A

D. mW

Explanation

Output power is measured in mW (milliwatts). A milliwatt is equal to one thousandth (10⁻³) of a watt.

Answer 95

A

D. When the AP is in connected mode, the client will be placed in VLAN 15.
E. While the AP is in standalone mode, the client will be placed in VLAN 10.
F. When the AP transitions to connected mode, the client will be de-authenticated.

Explanation

+ From the output of WLC “show interface summary”, we learned that the WLC has four VLANs: 999, 14, 15 and 16.
+ From the “show ap config general FlexAP1” output, we learned that FlexConnect AP has four VLANs: 10, 11, 12 and 13. Also the WLAN of FlexConnect AP is mapped to VLAN 10 (from the line “WLAN 1: …… 10 (AP-Specific)).

From the reference at: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/ch7_HREA.html

FlexConnect VLAN Central Switching Summary
Traffic flow on WLANs configured for Local Switching when FlexConnect APs are in connected mode are as follows:

+ If the VLAN is returned as one of the AAA attributes and that VLAN is not present in the FlexConnect AP database, traffic will switch centrally and the client is assigned this VLAN/Interface returned from the AAA server provided that the VLAN exists on the WLC. (-> as VLAN 15 exists on the WLC so the client in connected mode would be assigned this VLAN -> Answer ‘When the AP is in connected mode, the client will be placed in VLAN 15’ is correct)
+ If the VLAN is returned as one of the AAA attributes and that VLAN is not present in the FlexConnect AP database, traffic will switch centrally. If that VLAN is also not present on the WLC, the client will be assigned a VLAN/Interface mapped to a WLAN on the WLC.
+ If the VLAN is returned as one of the AAA attributes and that VLAN is present in the FlexConnect AP database, traffic will switch locally.
+ If the VLAN is not returned from the AAA server, the client is assigned a WLAN mapped VLAN on that FlexConnect AP and traffic is switched locally.

Traffic flow on WLANs configured for Local Switching when FlexConnect APs are in standalone mode are as follows:

+ If the VLAN returned by the AAA server is not present in the FlexConnect AP database, the client will be put on a default VLAN (that is, a WLAN mapped VLAN on a FlexConnect AP) (-> Therefore answer ‘While the AP is in standalone mode, the client will be placed in VLAN 10’ is correct). When the AP connects back, this client is de-authenticated (-> Therefore answer ‘When the AP transitions to connected mode, the client will be de-authenticated’ is correct) and will switch traffic centrally.

Answer 96

A

B. antenna cable loss

Explanation

Once you know the complete combination of transmitter power level, the length of cable, and the antenna gain, you can figure out the actual power level that will be radiated from the antenna. This is known as the effective isotropic radiated power (EIRP), measured in dBm.

EIRP is a very important parameter because it is regulated by governmental agencies in most countries. In those cases, a system cannot radiate signals higher than a maximum allowable EIRP. To find the EIRP of a system, simply add the transmitter power level to the antenna gain and subtract the cable loss.

EIRP = Tx Power – Tx Cable + Tx Antenna

Suppose a transmitter is configured for a power level of 10 dBm (10 mW). A cable with 5-dB loss connects the transmitter to an antenna with an 8-dBi gain. The resulting EIRP of the system is 10 dBm – 5 dB + 8 dBi, or 13 dBm.

You might notice that the EIRP is made up of decibel-milliwatt (dBm), dB relative to an isotropic antenna (dBi), and decibel (dB) values. Even though the units appear to be different, you can safely combine them because they are all in the dB “domain”.

Reference: CCNA Wireless 640-722 Official Cert Guide

Answer 97

A

D. omnidirectional antenna

Explanation

Directional antennas
Directional antennas come in many different styles and shapes. An antenna does not offer any added power to the signal; it simply redirects the energy it receives from the transmitter. By redirecting this energy, it has the effect of providing more energy in one direction and less energy in all other directions. As the gain of a directional antenna increases, the angle of radiation usually decreases, providing a greater coverage distance but with a reduced coverage angle. Directional antennas include patch antennas and parabolic dishes. Parabolic dishes have a very narrow RF energy path, and the installer must be accurate in aiming these types of antennas at each other.

Directional patch antenna

Reference: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/product_data_sheet09186a008008883b.html

Omnidirectional antennas

An omnidirectional antenna is designed to provide a 360-degree radiation pattern. This type of antenna is used when coverage in all directions from the antenna is required. The standard 2.14-dBi “rubber duck” is one style of omnidirectional antenna.

Omnidirectional antenna

-> Therefore Omnidirectional antenna is best suited for a high-density wireless network in a lecture hall.

Answer 98

A

D. It registers the LAPs if the primary controller fails.

Explanation

When the primary controller (WLC-1) goes down, the APs automatically get registered with the secondary controller (WLC-2). The APs register back to the primary controller when the primary controller comes back on line.

Reference: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/69639-wlc-failover.html

Brainscape's Knowledge GenomeTM

1.0 Architecture Flashcards

Brainscape's Knowledge Genome^TM