1.0 Architecture Additional Study Questions Flashcards

1
Q

Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?

A. DTLS

B. IPsec

C. PGP

D. HTTPS

A

A. DTLS

Datagram Transport Layer Security (DTLS) channel for subsequent AP-WLC control messages. This is located in the CAPWAP Tunnel. The DTLS tunnel is used to secure their CAPWAP control messages vSmart Controllers (brains of SD-WAN) after successful authentication each vSmart controller establishes a permanent DTLS Tunnel to each SD-WAN router. Then runs a proprietary routing protocol called Overlay Management Protocol (OMP) neighborship over each of the DTLS tunnels to exchange routing information. Datagram Transport Layer Security (DTLS) A communications protocol designed to provide authentication, data integrity, and confidentiality for communications between two applications, over a datagram transport protocol such as User Datagram Protocol (UDP). DTLS is based on TLS, and it includes enhancements such as sequence numbers and retransmission capability to compensate for the unreliable nature of UDP. DTLS is defined in IETF RFC 4347.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Refer to the exhibit. An engineer is troubleshooting an application running on Apple phones. The application is receiving incorrect QoS markings. The systems administrator confirmed that all configuration profiles are correct on the Apple devices. Which change on the WLC optimizes QoS for these devices?

A. Enable Fastlane.

B. Set WMM to required.

C. Change the QoS level to Platinum.

D. Configure AVC Profiles.

A

C. Change the QoS level to Platinum.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Drag and Drop

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the function of the Cisco DNA Center in a Cisco SD-Access deployment?

A. It is responsible for routing decisions inside the fabric.

B. It is responsible for the design, management, provisioning, and assurance of the fabric network devices.

C. It possesses information about all endpoints, nodes, and external networks related to the fabric.

D. It provides integration and automation for all nonfabric nodes and their fabric counterparts

A

B. It is responsible for the design, management, provisioning, and assurance of the fabric network devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In Cisco SD-WAN, which protocol is used to measure link quality?

A. OMP

B. BFD

C. RSVP

D. IPsec

A

B. BFD

Bidirectional Forwarding Detection (BFD) runs through the DTLS session between the remote site and the regional hub. BFD is a detection protocol originally designed to provide fast forwarding path failure detection times between two adjacent routers. SD-WAN uses BFD to make appropriate forwarding decisions, sending application traffic down the best-performing path toward the cloud SaaS application device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is used to perform QoS packet classification?

A. The Options field in the Layer 3 header.

B. The Type field in the Layer 2 frame.

C. The Flags field in the Layer 3 header.

D. The ToS field in the Layer 3 header.

A

D. The ToS field in the Layer 3 header.

Type of Service (TOS) An 8-bit field where only the first 3 bits, referred to as IP Precedence (IPP), is used for marking, and the rest of the bits are unused. IPP values range from 0 to 7 and allow the traffic to be partitioned into up to six usable classes of service; IPP 6 and 7 are reserved for internal network use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which technology is used as the basis for the Cisco SD-Access data plane?

A. IPsec

B. LISP

C. VXLAN

D. 802.1Q

A

C. VXLAN

VXLAN An overlay data plane encapsulation scheme was developed to address the various issues seen in traditional Layer 2 networks. It does this by extending Layer 2 and Layer 3 overlay networks over a Layer 3 underlay network, using MAC-in- IP/UDP tunneling.

Each overlay is termed a VXLAN segment. Unlike the VLAN ID, which has only 12 bits and allows for 4000 VLANs, VXLAN has a 24-bit VXLAN network identifier (VNI), which allows for up to 16 million VXLAN segments (more commonly known as overlay networks) to coexist within the same infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the four different VXLAN control and data planes supported by Cisco?

A

VXLAN with Multicast underlay

VXLAN with static unicast

VXLAN tunnels

VXLAN with MP-BGP EVPN control plane VXLAN with LISP control plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the function of a fabric border node in a Cisco SD-Access environment?

A. To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks.

B. To collect traffic flow information toward external networks.

C. To attach and register clients to the fabric.

D. To handle an ordered list of IP addresses and locations for endpoints in the fabric

A

A. To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a consideration when designing a Cisco SD-Access underlay network?

A. End user subnets and endpoints are part of the underlay network.

B. The underlay switches provide endpoint physical connectivity for users.

C. Static routing is a requirement.

D. It must support IPv4 and IPv6 underlay networks.

A

B. The underlay switches provide endpoint physical connectivity for users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the centralized control policy in a Cisco SD-WAN deployment?

A. List of ordered statements that define user access policies.

B. List of enabled services for all nodes within the cloud.

C. Set of rules that governs nodes authentication within the cloud.

D. Set of statements that defines how routing is performed.

A

D. Set of statements that defines how routing is performed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which new enhancement was implemented in Wi-Fi 6?

A. Wi-Fi Protected Access 3

B. 4096 Quadrature Amplitude Modulation Mode

C. Uplink and Downlink Orthogonal Frequency Division Multiple Access

D. Channel bonding

A

C. Uplink and Downlink Orthogonal Frequency Division Multiple Access

Orthogonal Frequency Division Multiplexing (OFDM): Used in both 2.4 and 5 GHz bands, where a single 20 MHz channel contains data that is sent in parallel over multiple frequencies. Each channel is divided into many subcarriers (also called subchannels or tones); both phase and amplitude are modulated with quadrature amplitude modulation (QAM) to move the most data efficiently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which congestion queuing method on Cisco IOS-based routers uses four static queues?

A. Low Latency

B. Custom

C. Weighted Fair

D. Priority

A

D. Priority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Where is radio resource management performed in a Cisco SD-access wireless solution?

A. control plane node

B. DNA Center

C. Cisco CMX

D. wireless controller

A

D. wireless controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does an on-premises infrastructure compare to a cloud infrastructure?

A. On-premises can increase compute power faster than cloud.

B. On-premises offers faster deployment than cloud.

C. On-premises offers lower latency for physically adjacent systems than cloud.

D. On-premises requires less power and cooling resources than cloud.

A

C. On-premises offers lower latency for physically adjacent systems than cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which design principle states that a user has no access by default to any resource, and unless a resource is explicitly granted, it should be denied?

A. complete mediation

B. least privilege

C. economy of mechanism

D. fail-safe defaults

A

D. fail-safe defaults

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Drag and Drop

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the function of vBond in a Cisco SDWAN deployment?

A. Onboarding of SDWAN routers into the SD-WAN overlay.

B. Pushing of configuration toward SD-WAN routers.

C. Initiating connections with SD-WAN routers automatically.

D. Gathering telemetry data from SD-WAN routers.

A

A. Onboarding of SDWAN routers into the SD-WAN overlay.

vBond is available with physical applicances

vSmart controller also works in conjunction with the vBond orchestrator to authenticate the devices as they join the network and to orchestrate connectivity between the SD-WAN routers.

The vBond orchestrator authenticates the vSmart controllers
and the SD-WAN routers and orchestrates connectivity
between them. It is the only device that must have a public IP
address so that all SD-WAN devices in the network can connect
to it. A vBond orchestrator is an SD-WAN router that only
performs vBond orchestrator functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the Major components of the vBond orchestrator:

A
  • Control plane connection: Each vBond orchestrator has a
    permanent control plane connection over a DTLS tunnel with each
    vSmart controller. In addition, the vBond orchestrator uses DTLS
    connections to communicate with SD-WAN routers when they come
    online, to authenticate them and to facilitate their ability to join the
    network. Basic authentication of an SD-WAN router is done using
    certificates and RSA cryptography.
  • NAT traversal: The vBond orchestrator facilitates the initial
    orchestration between SD-WAN routers and vSmart controllers when
    one or both of them are behind NAT devices. Standard peer-to-peer
    techniques are used to facilitate this orchestration.
  • Load balancing: In a domain with multiple vSmart controllers, the
    vBond orchestrator automatically performs load balancing of SDWAN
    routers across the vSmart controllers when routers come online.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How do cloud deployments differ from on-prem deployments?
A. Cloud deployments require longer implementation times than on-premises deployments.
B. Cloud deployments are more customizable than on-premises deployments.
C. Cloud deployments have lower upfront costs than on-premises deployments.
D. Cloud deployments require less frequent upgrades than on-premises deployments.

A

C. Cloud deployments have lower upfront costs than on-premises deployments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which function is handled by vManage in the Cisco SD-WAN fabric?
A. Establishes IPsec tunnels with nodes.
B. Distributes policies that govern data forwarding.
C. Performs remote software upgrades for WAN Edge, vSmart and vBond.
D. Establishes BFD sessions to test liveliness of links and nodes

A

C. Performs remote software upgrades for WAN Edge, vSmart and vBond.

vManageis only available as a VM

vManage Network Management System (NMS): This is a single
pane of glass (GUI) for managing the SD-WAN solution. It enables centralized
provisioning and simplifies network changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which function does a fabric AP perform in a Cisco SD-Access deployment?
A. It manages wireless clients’ membership information in the fabric.
B. It connects wireless clients to the fabric.
C. It updates wireless clients’ locations in the fabric.
D. It configures security policies down to wireless clients in the fabric.

A

B. It connects wireless clients to the fabric.

Fabric APs establish a VXLAN tunnel to the fabric edge to
transport wireless client data traffic through the VXLAN tunnel
instead of the CAPWAP tunnel. For this to work, the AP must
be directly connected to the fabric edge or a fabric extended
node.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which design principle should be followed in a Cisco SD-Access wireless network deployment?
A. The WLC is part of the fabric overlay.
B. The WLC is part of the fabric underlay.
C. The WLC is connected outside of the fabric.
D. The access point is connected outside of the fabric.

A

C. The WLC is connected outside of the fabric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

An engineer is configuring a GRE tunnel interface in the default mode. The engineer has assigned an IPv4 address on the tunnel and sourced the tunnel from an Ethernet interface. Which option also is required on the tunnel interface before it is operational?
A. (config-if)#tunnel destination {ip address}
B. (config-if)#keepalive {seconds retries}
C. (config-if)#ip mtu {value}
D. (config-if)#ip tcp adjust-mss {value}

A

A. (config-if)#tunnel destination {ip address}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are two characteristics of Cisco SD-Access elements? (Choose two)
A. Fabric endpoints are connected directly to the border node.
B. The border node is required for communication between fabric and nonfabric devices.
C. The control plane node has the full RLOC-to-EID mapping database.
D. Traffic within the fabric always goes through the control plane node.
E. The border node has the full RLOC-to-EID mapping database.

A

B. The border node is required for communication between fabric and nonfabric devices.
C. The control plane node has the full RLOC-to-EID mapping database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Refer to the exhibit.

  • Current configuration: 142 bytes*
  • vrf definition STAFF*
  • !*
  • !*
  • interface GigabitEthernet1*
  • vrf forwarding STAFF*
  • no ip address*
  • negotiation auto*
  • no mop enabled*
  • no mop sysid*
  • end*

An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEthemet1 interface. Which two
commands must be added to the existing configuration to accomplish this task? (Choose two)
A. Router(config-vrf)#address-family ipv6
B. Router(config-if)#ip address 192.168.1.1 255.255.255.0
C. Router(config-vrf)#ip address 192.168.1.1 255.255.255.0
D. Router(config-if)#address-family ipv4
E. Router(config-vrf)#address-family ipv4

A

B. Router(config-if)#ip address 192.168.1.1 255.255.255.0
E. Router(config-vrf)#address-family ipv4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the data policy in a Cisco SD-WAN deployment?
A. List of ordered statements that define node configurations and authentication used within the SD-WAN
overlay.
B. Set of statements that defines how data is forwarded based on IP packet information and specific VPNs.
C. Detailed database mapping several kinds of addresses with their corresponding location.
D. Group of services tested to guarantee devices and links liveliness within the SD-WAN overlay.

A

B. Set of statements that defines how data is forwarded based on IP packet information and specific VPNs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is a VPN in a Cisco SD-WAN deployment?
A. Virtual channel used to carry control plane information.
B. Attribute to identify a set of services offered in specific places in the SD-WAN fabric.
C. Common exchange point between two different services.
D. Virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric.

A

D. Virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Drag and Drop

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

In a three-tier hierarchical campus network design, which action is a design best-practice for the core layer?
A. Provide QoS prioritization services such as marking, queueing, and classification for critical network traffic.
B. Provide advanced network security features such as 802. IX, DHCP snooping, VACLs, and port security.
C. Provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster
convergence.
D. Provide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP.

A

C. Provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

In a Cisco SD-Access solution, what is the role of the Identity Services Engine?
A. It provides GUI management and abstraction via apps that share context.
B. It is leveraged for dynamic endpoint to group mapping and policy definition.
C. It is used to analyze endpoint to app flows and monitor fabric status.
D. It manages the LISP EID database

A

B. It is leveraged for dynamic endpoint to group mapping and policy definition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which controller is capable of acting as a STUN server during the onboarding process of Edge devices?
A. vManage
B. vSmart
C. vBond
D. PNP server

A

C. vBond

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is the recommended MTU size for a Cisco SD-Access Fabric?
A. 4464
B. 9100
C. 1500
D. 17914

A

B. 9100

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?
A. IKE
B. DTLS
C. IPSec
D. ESP

A

B. DTLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which two southbound interfaces originate from Cisco DNA Center and terminate at fabric underlay switches?
(Choose two)
A. UDP 67: DHCP
B. ICMP: Discovery
C. TCP 23: Telnet
D. UDP 162: SNMP
E. UDP 6007: NetFlow

A

B. ICMP: Discovery
C. TCP 23: Telnet

36
Q

Which two results occur if Cisco DNA Center loses connectivity to devices in the SD-Access fabric? (Choose
two)
A. All devices reload after detecting loss of connection to Cisco DNA Center.
B. Already connected users are unaffected, but new users cannot connect.
C. Users lose connectivity.
D. Cisco DNA Center is unable to collect monitoring data in Assurance.
E. User connectivity is unaffected.

A

D. Cisco DNA Center is unable to collect monitoring data in Assurance.
E. User connectivity is unaffected.

37
Q

Refer to the exhibit. A port channel is configured between SW2 and SW3. SW2 is not running Cisco operating system. When all physical connections are made, the port channel does not establish. Based on the configuration excerpt of SW3, what is the cause of the problem?

interface gi1/2
channel-group 30 mode desirable
port-channel load-balance src-ip
interface gi1/3
channel-group 30 mode desirable
port-channel load-balance src-ip
interface PortChannel 30
switchport mode trunk
switchport encapsulation dot1q
switchport trunk allowed vlan 10-100

A. The port-channel on SW2 is using an incompatible protocol.
B. The port-channel trunk is not allowing the native VLAN.
C. The port-channel should be set to auto.
D. The port-channel interface load balance should be set to src-mac.

A

A. The port-channel on SW2 is using an incompatible protocol.

38
Q

Refer to the exhibit.

SW2#
08:33:23: %PM-4-ERR_DISABLE: channel-misconfig error detection on Gi0/0, putting
Gi0/0 in err-disable state
08:33:23: %PM-4-ERR_DISABLE: channel-misconfig error detection on Gi0/1, putting
Gi0/1 in err-disable state

After an engineer configures an EtherChannel between switch SW1 and switch SW2, this error message is logged on switch SW2.
Based on the output from SW1 and the log message received on Switch SW2, what action should the engineer
take to resolve this issue?

A. Configure the same protocol on the EtherChannel on switch SW1 and SW2.
B. Correct the configuration error on interface Gi0/1 on switch SW1.
C. Define the correct port members on the EtherChannel on switch SW1.
D. Correct the configuration error on interface Gi0/0 switch SW1.

A

A. Configure the same protocol on the EtherChannel on switch SW1 and SW2.

39
Q

Which function does a fabric edge node perform in an SD-Access deployment?
A. Connects the SD-Access fabric to another fabric or external Layer 3 networks.
B. Connects endpoints to the fabric and forwards their traffic.
C. Provides reachability border nodes in the fabric underlay.
D. Encapsulates end-user data traffic into LISP.

A

B. Connects endpoints to the fabric and forwards their traffic.

40
Q

Which action is the vSmart controller responsible for in an SD-WAN deployment?
A. Onboard vEdge nodes into the SD-WAN fabric.
B. Distribute security information for tunnel establishment between vEdge routers.
C. Manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric.
D. Gather telemetry data from vEdge routers.

A

B. Distribute security information for tunnel establishment between vEdge routers.

41
Q

Which statement about a Cisco APIC controller versus a more traditional SDN controller is true?
A. APIC uses a policy agent to translate policies into instructions.
B. APIC supports OpFlex as a Northbound protocol.
C. APIC does support a Southbound REST API.
D. APIC uses an imperative model.

A

A. APIC uses a policy agent to translate policies into instructions.

42
Q

What the role of a fusion in an SD-Access solution?
A. Provides connectivity to external networks.
B. Acts as a DNS server.
C. Performs route leaking between user-defined virtual networks and shared services.
D. Provides additional forwarding capacity to the fabric.

A

C. Performs route leaking between user-defined virtual networks and shared services.

43
Q

Which statement about a fabric access point is true?
A. It is in local mode and must be connected directly to the fabric border node.
B. It is in FlexConnect mode and must be connected directly to the fabric border node.
C. It is in local mode and must connected directly to the fabric edge switch.
D. It is in FlexConnect mode and must be connected directly to the fabric edge switch.

A

C. It is in local mode and must connected directly to the fabric edge switch.

44
Q

On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?
A. LISP
B. IS-IS
C. Cisco TrustSec
D. VXLAN

A

D. VXLAN

45
Q

Which description of an SD-Access wireless network infrastructure deployment is true?
A. The access point is part of the fabric underlay.
B. The WLC is part of the fabric underlay.
C. The access point is part the fabric overlay.
D. The wireless client is part of the fabric overlay.

A

C. The access point is part the fabric overlay.

46
Q

Which controller is the single plane of management for Cisco SD-WAN?
A. vBond
B. vEdge
C. vSmart
D. vManage

A

D. vManage

47
Q

When a wired client connects to an edge switch in an SDA fabric, which component decides whether the client
has access to the network?
A. control-plane node
B. Identity Service Engine
C. RADIUS server
D. edge node

A

B. Identity Service Engine

48
Q

What are two device roles in Cisco SD-Access fabric? (Choose two)
A. core switch
B. vBond controller
C. edge node
D. access switch
E. border node

A

C. edge node
E. border node

49
Q

Which component handles the orchestration plane of the Cisco SD-WAN?
A. vBond
B. vSmart
C. vManage
D. vEdge

A

A. vBond

50
Q

In an SD-Access solution, what is the role of a fabric edge node?
A. To connect external Layer 3- network to the SD-Access fabric.
B. To connect wired endpoint to the SD-Access fabric.
C. To advertise fabric IP address space to external network.
D. To connect the fusion router to the SD-Access fabric.

A

B. To connect wired endpoint to the SD-Access fabric.

51
Q

What is the role of the vSmart controller in a Cisco SD-WAN environment?
A. It performs authentication and authorization.
B. It manages the control plane.
C. It is the centralized network management system.
D. It manages the data plane.

A

B. It manages the control plane.

52
Q

In a Cisco SD-WAN solution, how is the health of a data plane tunnel monitored?
A. with IP SLA
B. ARP probing
C. using BFD
D. with OMP

A

C. using BFD

53
Q

Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD-Access
architecture?
A. underlay network
B. overlay network
C. VPN routing/forwarding
D. easy virtual network

A

B. overlay network

54
Q

In an SD-WAN deployment, which action in the vSmart controller responsible for?
A. Handle, maintain, and gather configuration and status for nodes within the SD-WAN fabric.
B. Onboard vEdge nodes into the SD-WAN fabric.
C. Gather telemetry data from vEdge routers.
D. Distribute policies that govern data forwarding performed within the SD-WAN fabric

A

D. Distribute policies that govern data forwarding performed within the SD-WAN fabric

55
Q

In a Cisco SD-Access fabric, which control plane protocol is used for mapping and resolving endpoints?
A. LISP
B. DHCP
C. SXP
D. VXLAN

A

A. LISP

56
Q

What is one fact about Cisco SD-Access wireless network deployments?
A. The access point is part of the fabric underlay.
B. The WLC is part of the fabric underlay.
C. The access point is part of the fabric overlay.
D. The wireless client is part of the fabric overlay

A

C. The access point is part of the fabric overlay.

57
Q

What is the function of the fabric control plane node in a Cisco SD-Access deployment?
A. It is responsible for policy application and network segmentation in the fabric.
B. It performs traffic encapsulation and security profiles enforcement in the fabric.
C. It holds a comprehensive database that tracks endpoints and networks in the fabric.
D. It provides integration with legacy nonfabric-enabled environments

A

C. It holds a comprehensive database that tracks endpoints and networks in the fabric.

58
Q

In a Cisco SD-Access wireless architecture, which device manages endpoint ID to Edge Node bindings?
A. fabric control plane node
B. fabric wireless controller
C. fabric border node
D. fabric edge node

A

A. fabric control plane node

59
Q

Which control plane protocol is used between Cisco SD-WAN routers and vSmart controllers?
A. BGP
B. OMP
C. TCP
D. UDP

A

B. OMP

60
Q

In a wireless Cisco SD-Access deployment, which roaming method is used when a user moves from one
access point to another on a different access switch using a single WLC?
A. Layer 3
B. inter-xTR
C. auto anchor
D. fast roam

A

B. inter-xTR

61
Q

Which protocol is responsible for data plane forwarding in a Cisco SD-Access deployment?
A. VXLAN
B. IS-IS
C. OSPF
D. LISP

A

A. VXLAN

62
Q

Which tunneling technique is used when designing a Cisco SD-Access fabric data plane?
A. VXLAN
B. VRF Lite
C. VRF
D. LISP

A

A. VXLAN

63
Q

Which statement about the default QoS configuration on a Cisco switch is true?
A. All traffic is sent through four egress queues.
B. Port trust is enabled.
C. The Port CoS value is 0.
D. The CoS value of each tagged packet is modified.

A

C. The Port CoS value is 0.

64
Q

Which QoS mechanism will prevent a decrease in TCP performance?
A. Shaper
B. Policer
C. WRED
D. Rate-Limit
E. LLQ
F. Fair-Queue

A

C. WRED

65
Q

Which QoS component alters a packet to change the way that traffic is treated in the network?
A. Marking
B. Classification
C. Shaping
D. Policing

A

A. Marking

66
Q

Which marking field is used only as an internal marking within a router?
A. QoS Group
B. Discard Eligibility
C. IP Precedence
D. MPLS Experimental

A

A. QoS Group

67
Q

How does QoS traffic shaping alleviate network congestion?
A. It drops packets when traffic exceeds a certain bitrate.
B. It buffers and queue packets above the committed rate.
C. It fragments large packets and queues them for delivery.
D. It drops packets randomly from lower priority queues.

A

B. It buffers and queue packets above the committed rate.

68
Q

An engineer is describing QoS to a client. Which two facts apply to traffic policing? (Choose two)
A. Policing adapts to network congestion by queuing excess traffic.
B. Policing should be performed as close to the destination as possible.
C. Policing drops traffic that exceeds the defined rate.
D. Policing typically delays the traffic, rather than drops it.
E. Policing should be performed as close to the source as possible.

A

C. Policing drops traffic that exceeds the defined rate.
E. Policing should be performed as close to the source as possible.

69
Q

During deployment, a network engineer notices that voice traffic is not being tagged correctly as it traverses the
network. Which CoS to DSCP map must be modified to ensure that voice traffic is treated properly?
A. CoS of 5 to DSCP of 46
B. CoS of 7 to DSCP of 48
C. CoS of 6 to DSCP of 46
D. CoS of 3 to DSCP of 26

A

A. CoS of 5 to DSCP of 46

70
Q

Which QoS queuing method transmits packets out of the interface in the order the packets arrive?
A. custom
B. weighted-fair
C. FIFO
D. priority

A

C. FIFO

71
Q

Which two namespaces does the LISP network architecture and protocol use? (Choose two)
A. TLOC
B. RLOC
C. DNS
D. VTEP
E. EID

A

B. RLOC
E. EID

72
Q

Which action is performed by Link Management Protocol in a Cisco stackwise virtual
domain?
A. It discovers the stackwise domain and brings up SVL interfaces.
B. It rejects any unidirectional link traffic forwarding.
C. It determines if the hardware is compatible to form the stackwise virtual domain.
D. It determines which switch becomes active or standby.

A

B. It rejects any unidirectional link traffic forwarding.

73
Q

What does Call Admission Control require the client to send in order to reserve the
bandwidth?
A. SIP flow information
B. Wi-Fi multimedia
C. traffic specification
D. VoIP

A

C. traffic specification

74
Q

What are two considerations when using SSO as a network redundancy feature? (Choose
two)
A. Must be combined with NSF to support uninterrupted Layer 2 operations.
B. Must be combined with NSF to support uninterrupted Layer 3 operations.
C. Both supervisors must be configured separately.
D. The multicast state is preserved during switchover.
E. Requires synchronization between supervisors in order to guarantee continuous connectivity.

A

B. Must be combined with NSF to support uninterrupted Layer 3 operations.
E. Requires synchronization between supervisors in order to guarantee continuous connectivity.

75
Q

Drag and Drop

A
76
Q

Drag and Drop

A
77
Q

Drag and Drop

A
78
Q

Drag and Drop

A
79
Q

Drag and Drop

A
80
Q

Refer to the exhibit. Which command set enables router R2 to be configured via NETCONF?
Administrator with PC  LAN with a RADIUS Server, two PCs 10.0.1.0/24, R2  a link to the Internet cloud.
A. R2(config)#username Netconf privilege 15 password example_password
R2(config)#netconf-yang
R2(config)# netconf-yang feature candidate-datastore
B. R2(config)#snmp-server manager
R2(config)#snmp-server community ENCOR ro
C. R2(config)#snmp-server manager
R2(config)#snmp-server community ENCOR rw
D. R2(config)#netconf
R2(config)#ip http secure server

A

A. R2(config)#username Netconf privilege 15 password example_password
R2(config)#netconf-yang
R2(config)# netconf-yang feature candidate-datastore

81
Q

Which two actions are recommended as security best practice to protect REST API (Choose two)
A. Use TACACACS+ authentication
B. Enable dual authentication of the session
C. Enable out-of band authentication
D. Use SSL for encryption
E. Use a password hash

A

D. Use SSL for encryption
E. Use a password hash

82
Q

What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two)
A. It provides resilient and effective traffic flow using MPLS
B. It improves endpoint protection by integrating embedded and cloud security features
C. It allows configuration of application-aware policies with real time enforcement
D. It simplifies endpoint provisioning through standalone router management
E. It enforces a single, scalable, hub-and-spoke topology

A

C. It allows configuration of application-aware policies with real time enforcement
D. It simplifies endpoint provisioning through standalone router management

83
Q

What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two)
A. It provides resilient and effective traffic flow using MPLS
B. It improves endpoint protection by integrating embedded and cloud security features
C. It allows configuration of application-aware policies with real time enforcement
D. It simplifies endpoint provisioning through standalone router management
E. It enforces a single, scalable, hub-and-spoke topology

A

C. It allows configuration of application-aware policies with real time enforcement
D. It simplifies endpoint provisioning through standalone router management

84
Q

Which two features does the Cisco SD-Access architecture add to a traditional campus network? (Choose two)
A. private VLANs
B. software-defined segmentation
C. SD-WAN
D. identity services
E. modular QoS

A

B. software-defined segmentation
D. identity services

85
Q

Which feature is used to propagate ARP broadcast, and link-local frames across a Cisco SD-Access fabric to
address connectivity needs for silent hosts that require reception of traffic to start communicating?
A. Native Fabric Multicast
B. Layer 2 Flooding
C. SOA Transit
D. Multisite Fabric

A

B. Layer 2 Flooding

Explanation/Reference:
Cisco SD-Access fabric provides many optimizations to improve unicast traffic flow, and to reduce the
unnecessary flooding of data such as broadcasts. But, for some traffic and applications, it may be desirable to
enable broadcast forwarding within the fabric.
By default, this is disabled in the Cisco SD-Access architecture. If broadcast, Link local multicast and Arp
flooding is required, it must be specifically enabled on a per-subnet basis using Layer 2 flooding feature.
Layer 2 flooding can be used to forward broadcasts for certain traffic and application types which may require
leveraging of Layer 2 connectivity, such as silent hosts, card readers, door locks, etc.
Reference: https://