1.0 Architecture Additional Study Questions Flashcards
Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?
A. DTLS
B. IPsec
C. PGP
D. HTTPS
A. DTLS
Datagram Transport Layer Security (DTLS) channel for subsequent AP-WLC control messages. This is located in the CAPWAP Tunnel. The DTLS tunnel is used to secure their CAPWAP control messages vSmart Controllers (brains of SD-WAN) after successful authentication each vSmart controller establishes a permanent DTLS Tunnel to each SD-WAN router. Then runs a proprietary routing protocol called Overlay Management Protocol (OMP) neighborship over each of the DTLS tunnels to exchange routing information. Datagram Transport Layer Security (DTLS) A communications protocol designed to provide authentication, data integrity, and confidentiality for communications between two applications, over a datagram transport protocol such as User Datagram Protocol (UDP). DTLS is based on TLS, and it includes enhancements such as sequence numbers and retransmission capability to compensate for the unreliable nature of UDP. DTLS is defined in IETF RFC 4347.
Refer to the exhibit. An engineer is troubleshooting an application running on Apple phones. The application is receiving incorrect QoS markings. The systems administrator confirmed that all configuration profiles are correct on the Apple devices. Which change on the WLC optimizes QoS for these devices?
A. Enable Fastlane.
B. Set WMM to required.
C. Change the QoS level to Platinum.
D. Configure AVC Profiles.
C. Change the QoS level to Platinum.
Drag and Drop
What is the function of the Cisco DNA Center in a Cisco SD-Access deployment?
A. It is responsible for routing decisions inside the fabric.
B. It is responsible for the design, management, provisioning, and assurance of the fabric network devices.
C. It possesses information about all endpoints, nodes, and external networks related to the fabric.
D. It provides integration and automation for all nonfabric nodes and their fabric counterparts
B. It is responsible for the design, management, provisioning, and assurance of the fabric network devices.
In Cisco SD-WAN, which protocol is used to measure link quality?
A. OMP
B. BFD
C. RSVP
D. IPsec
B. BFD
Bidirectional Forwarding Detection (BFD) runs through the DTLS session between the remote site and the regional hub. BFD is a detection protocol originally designed to provide fast forwarding path failure detection times between two adjacent routers. SD-WAN uses BFD to make appropriate forwarding decisions, sending application traffic down the best-performing path toward the cloud SaaS application device.
What is used to perform QoS packet classification?
A. The Options field in the Layer 3 header.
B. The Type field in the Layer 2 frame.
C. The Flags field in the Layer 3 header.
D. The ToS field in the Layer 3 header.
D. The ToS field in the Layer 3 header.
Type of Service (TOS) An 8-bit field where only the first 3 bits, referred to as IP Precedence (IPP), is used for marking, and the rest of the bits are unused. IPP values range from 0 to 7 and allow the traffic to be partitioned into up to six usable classes of service; IPP 6 and 7 are reserved for internal network use.
Which technology is used as the basis for the Cisco SD-Access data plane?
A. IPsec
B. LISP
C. VXLAN
D. 802.1Q
C. VXLAN
VXLAN An overlay data plane encapsulation scheme was developed to address the various issues seen in traditional Layer 2 networks. It does this by extending Layer 2 and Layer 3 overlay networks over a Layer 3 underlay network, using MAC-in- IP/UDP tunneling.
Each overlay is termed a VXLAN segment. Unlike the VLAN ID, which has only 12 bits and allows for 4000 VLANs, VXLAN has a 24-bit VXLAN network identifier (VNI), which allows for up to 16 million VXLAN segments (more commonly known as overlay networks) to coexist within the same infrastructure
What are the four different VXLAN control and data planes supported by Cisco?
VXLAN with Multicast underlay
VXLAN with static unicast
VXLAN tunnels
VXLAN with MP-BGP EVPN control plane VXLAN with LISP control plane
What is the function of a fabric border node in a Cisco SD-Access environment?
A. To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks.
B. To collect traffic flow information toward external networks.
C. To attach and register clients to the fabric.
D. To handle an ordered list of IP addresses and locations for endpoints in the fabric
A. To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks.
What is a consideration when designing a Cisco SD-Access underlay network?
A. End user subnets and endpoints are part of the underlay network.
B. The underlay switches provide endpoint physical connectivity for users.
C. Static routing is a requirement.
D. It must support IPv4 and IPv6 underlay networks.
B. The underlay switches provide endpoint physical connectivity for users.
What is the centralized control policy in a Cisco SD-WAN deployment?
A. List of ordered statements that define user access policies.
B. List of enabled services for all nodes within the cloud.
C. Set of rules that governs nodes authentication within the cloud.
D. Set of statements that defines how routing is performed.
D. Set of statements that defines how routing is performed.
Which new enhancement was implemented in Wi-Fi 6?
A. Wi-Fi Protected Access 3
B. 4096 Quadrature Amplitude Modulation Mode
C. Uplink and Downlink Orthogonal Frequency Division Multiple Access
D. Channel bonding
C. Uplink and Downlink Orthogonal Frequency Division Multiple Access
Orthogonal Frequency Division Multiplexing (OFDM): Used in both 2.4 and 5 GHz bands, where a single 20 MHz channel contains data that is sent in parallel over multiple frequencies. Each channel is divided into many subcarriers (also called subchannels or tones); both phase and amplitude are modulated with quadrature amplitude modulation (QAM) to move the most data efficiently.
Which congestion queuing method on Cisco IOS-based routers uses four static queues?
A. Low Latency
B. Custom
C. Weighted Fair
D. Priority
D. Priority
Where is radio resource management performed in a Cisco SD-access wireless solution?
A. control plane node
B. DNA Center
C. Cisco CMX
D. wireless controller
D. wireless controller
How does an on-premises infrastructure compare to a cloud infrastructure?
A. On-premises can increase compute power faster than cloud.
B. On-premises offers faster deployment than cloud.
C. On-premises offers lower latency for physically adjacent systems than cloud.
D. On-premises requires less power and cooling resources than cloud.
C. On-premises offers lower latency for physically adjacent systems than cloud.
Which design principle states that a user has no access by default to any resource, and unless a resource is explicitly granted, it should be denied?
A. complete mediation
B. least privilege
C. economy of mechanism
D. fail-safe defaults
D. fail-safe defaults
Drag and Drop
What is the function of vBond in a Cisco SDWAN deployment?
A. Onboarding of SDWAN routers into the SD-WAN overlay.
B. Pushing of configuration toward SD-WAN routers.
C. Initiating connections with SD-WAN routers automatically.
D. Gathering telemetry data from SD-WAN routers.
A. Onboarding of SDWAN routers into the SD-WAN overlay.
vBond is available with physical applicances
vSmart controller also works in conjunction with the vBond orchestrator to authenticate the devices as they join the network and to orchestrate connectivity between the SD-WAN routers.
The vBond orchestrator authenticates the vSmart controllers
and the SD-WAN routers and orchestrates connectivity
between them. It is the only device that must have a public IP
address so that all SD-WAN devices in the network can connect
to it. A vBond orchestrator is an SD-WAN router that only
performs vBond orchestrator functions.
What are the Major components of the vBond orchestrator:
-
Control plane connection: Each vBond orchestrator has a
permanent control plane connection over a DTLS tunnel with each
vSmart controller. In addition, the vBond orchestrator uses DTLS
connections to communicate with SD-WAN routers when they come
online, to authenticate them and to facilitate their ability to join the
network. Basic authentication of an SD-WAN router is done using
certificates and RSA cryptography. -
NAT traversal: The vBond orchestrator facilitates the initial
orchestration between SD-WAN routers and vSmart controllers when
one or both of them are behind NAT devices. Standard peer-to-peer
techniques are used to facilitate this orchestration. -
Load balancing: In a domain with multiple vSmart controllers, the
vBond orchestrator automatically performs load balancing of SDWAN
routers across the vSmart controllers when routers come online.
How do cloud deployments differ from on-prem deployments?
A. Cloud deployments require longer implementation times than on-premises deployments.
B. Cloud deployments are more customizable than on-premises deployments.
C. Cloud deployments have lower upfront costs than on-premises deployments.
D. Cloud deployments require less frequent upgrades than on-premises deployments.
C. Cloud deployments have lower upfront costs than on-premises deployments.
Which function is handled by vManage in the Cisco SD-WAN fabric?
A. Establishes IPsec tunnels with nodes.
B. Distributes policies that govern data forwarding.
C. Performs remote software upgrades for WAN Edge, vSmart and vBond.
D. Establishes BFD sessions to test liveliness of links and nodes
C. Performs remote software upgrades for WAN Edge, vSmart and vBond.
vManageis only available as a VM
vManage Network Management System (NMS): This is a single
pane of glass (GUI) for managing the SD-WAN solution. It enables centralized
provisioning and simplifies network changes.
Which function does a fabric AP perform in a Cisco SD-Access deployment?
A. It manages wireless clients’ membership information in the fabric.
B. It connects wireless clients to the fabric.
C. It updates wireless clients’ locations in the fabric.
D. It configures security policies down to wireless clients in the fabric.
B. It connects wireless clients to the fabric.
Fabric APs establish a VXLAN tunnel to the fabric edge to
transport wireless client data traffic through the VXLAN tunnel
instead of the CAPWAP tunnel. For this to work, the AP must
be directly connected to the fabric edge or a fabric extended
node.
Which design principle should be followed in a Cisco SD-Access wireless network deployment?
A. The WLC is part of the fabric overlay.
B. The WLC is part of the fabric underlay.
C. The WLC is connected outside of the fabric.
D. The access point is connected outside of the fabric.
C. The WLC is connected outside of the fabric.
An engineer is configuring a GRE tunnel interface in the default mode. The engineer has assigned an IPv4 address on the tunnel and sourced the tunnel from an Ethernet interface. Which option also is required on the tunnel interface before it is operational?
A. (config-if)#tunnel destination {ip address}
B. (config-if)#keepalive {seconds retries}
C. (config-if)#ip mtu {value}
D. (config-if)#ip tcp adjust-mss {value}
A. (config-if)#tunnel destination {ip address}
What are two characteristics of Cisco SD-Access elements? (Choose two)
A. Fabric endpoints are connected directly to the border node.
B. The border node is required for communication between fabric and nonfabric devices.
C. The control plane node has the full RLOC-to-EID mapping database.
D. Traffic within the fabric always goes through the control plane node.
E. The border node has the full RLOC-to-EID mapping database.
B. The border node is required for communication between fabric and nonfabric devices.
C. The control plane node has the full RLOC-to-EID mapping database.
Refer to the exhibit.
- Current configuration: 142 bytes*
- vrf definition STAFF*
- !*
- !*
- interface GigabitEthernet1*
- vrf forwarding STAFF*
- no ip address*
- negotiation auto*
- no mop enabled*
- no mop sysid*
- end*
An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEthemet1 interface. Which two
commands must be added to the existing configuration to accomplish this task? (Choose two)
A. Router(config-vrf)#address-family ipv6
B. Router(config-if)#ip address 192.168.1.1 255.255.255.0
C. Router(config-vrf)#ip address 192.168.1.1 255.255.255.0
D. Router(config-if)#address-family ipv4
E. Router(config-vrf)#address-family ipv4
B. Router(config-if)#ip address 192.168.1.1 255.255.255.0
E. Router(config-vrf)#address-family ipv4
What is the data policy in a Cisco SD-WAN deployment?
A. List of ordered statements that define node configurations and authentication used within the SD-WAN
overlay.
B. Set of statements that defines how data is forwarded based on IP packet information and specific VPNs.
C. Detailed database mapping several kinds of addresses with their corresponding location.
D. Group of services tested to guarantee devices and links liveliness within the SD-WAN overlay.
B. Set of statements that defines how data is forwarded based on IP packet information and specific VPNs.
What is a VPN in a Cisco SD-WAN deployment?
A. Virtual channel used to carry control plane information.
B. Attribute to identify a set of services offered in specific places in the SD-WAN fabric.
C. Common exchange point between two different services.
D. Virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric.
D. Virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric.
Drag and Drop
In a three-tier hierarchical campus network design, which action is a design best-practice for the core layer?
A. Provide QoS prioritization services such as marking, queueing, and classification for critical network traffic.
B. Provide advanced network security features such as 802. IX, DHCP snooping, VACLs, and port security.
C. Provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster
convergence.
D. Provide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP.
C. Provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster
In a Cisco SD-Access solution, what is the role of the Identity Services Engine?
A. It provides GUI management and abstraction via apps that share context.
B. It is leveraged for dynamic endpoint to group mapping and policy definition.
C. It is used to analyze endpoint to app flows and monitor fabric status.
D. It manages the LISP EID database
B. It is leveraged for dynamic endpoint to group mapping and policy definition.
Which controller is capable of acting as a STUN server during the onboarding process of Edge devices?
A. vManage
B. vSmart
C. vBond
D. PNP server
C. vBond
What is the recommended MTU size for a Cisco SD-Access Fabric?
A. 4464
B. 9100
C. 1500
D. 17914
B. 9100
Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?
A. IKE
B. DTLS
C. IPSec
D. ESP
B. DTLS