1.0 Architecture Additional Study Questions Flashcards

Question 1

Q

Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?

A. DTLS

B. IPsec

C. PGP

D. HTTPS

Answer

A

A. DTLS

Datagram Transport Layer Security (DTLS) channel for subsequent AP-WLC control messages. This is located in the CAPWAP Tunnel. The DTLS tunnel is used to secure their CAPWAP control messages vSmart Controllers (brains of SD-WAN) after successful authentication each vSmart controller establishes a permanent DTLS Tunnel to each SD-WAN router. Then runs a proprietary routing protocol called Overlay Management Protocol (OMP) neighborship over each of the DTLS tunnels to exchange routing information. Datagram Transport Layer Security (DTLS) A communications protocol designed to provide authentication, data integrity, and confidentiality for communications between two applications, over a datagram transport protocol such as User Datagram Protocol (UDP). DTLS is based on TLS, and it includes enhancements such as sequence numbers and retransmission capability to compensate for the unreliable nature of UDP. DTLS is defined in IETF RFC 4347.

Question 2

Q

Refer to the exhibit. An engineer is troubleshooting an application running on Apple phones. The application is receiving incorrect QoS markings. The systems administrator confirmed that all configuration profiles are correct on the Apple devices. Which change on the WLC optimizes QoS for these devices?

A. Enable Fastlane.

B. Set WMM to required.

C. Change the QoS level to Platinum.

D. Configure AVC Profiles.

Answer

A

C. Change the QoS level to Platinum.

Question 3

Q

Drag and Drop

Question 4

Q

What is the function of the Cisco DNA Center in a Cisco SD-Access deployment?

A. It is responsible for routing decisions inside the fabric.

B. It is responsible for the design, management, provisioning, and assurance of the fabric network devices.

C. It possesses information about all endpoints, nodes, and external networks related to the fabric.

D. It provides integration and automation for all nonfabric nodes and their fabric counterparts

Answer

A

B. It is responsible for the design, management, provisioning, and assurance of the fabric network devices.

Question 5

Q

In Cisco SD-WAN, which protocol is used to measure link quality?

A. OMP

B. BFD

C. RSVP

D. IPsec

Answer

A

B. BFD

Bidirectional Forwarding Detection (BFD) runs through the DTLS session between the remote site and the regional hub. BFD is a detection protocol originally designed to provide fast forwarding path failure detection times between two adjacent routers. SD-WAN uses BFD to make appropriate forwarding decisions, sending application traffic down the best-performing path toward the cloud SaaS application device.

Question 6

Q

What is used to perform QoS packet classification?

A. The Options field in the Layer 3 header.

B. The Type field in the Layer 2 frame.

C. The Flags field in the Layer 3 header.

D. The ToS field in the Layer 3 header.

Answer

A

D. The ToS field in the Layer 3 header.

Type of Service (TOS) An 8-bit field where only the first 3 bits, referred to as IP Precedence (IPP), is used for marking, and the rest of the bits are unused. IPP values range from 0 to 7 and allow the traffic to be partitioned into up to six usable classes of service; IPP 6 and 7 are reserved for internal network use.

Question 7

Q

Which technology is used as the basis for the Cisco SD-Access data plane?

A. IPsec

B. LISP

C. VXLAN

D. 802.1Q

Answer

A

C. VXLAN

VXLAN An overlay data plane encapsulation scheme was developed to address the various issues seen in traditional Layer 2 networks. It does this by extending Layer 2 and Layer 3 overlay networks over a Layer 3 underlay network, using MAC-in- IP/UDP tunneling.

Each overlay is termed a VXLAN segment. Unlike the VLAN ID, which has only 12 bits and allows for 4000 VLANs, VXLAN has a 24-bit VXLAN network identifier (VNI), which allows for up to 16 million VXLAN segments (more commonly known as overlay networks) to coexist within the same infrastructure

Question 8

Q

What are the four different VXLAN control and data planes supported by Cisco?

Answer

A

VXLAN with Multicast underlay

VXLAN with static unicast

VXLAN tunnels

VXLAN with MP-BGP EVPN control plane VXLAN with LISP control plane

Question 9

Q

What is the function of a fabric border node in a Cisco SD-Access environment?

A. To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks.

B. To collect traffic flow information toward external networks.

C. To attach and register clients to the fabric.

D. To handle an ordered list of IP addresses and locations for endpoints in the fabric

Answer

A

A. To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks.

Question 10

Q

What is a consideration when designing a Cisco SD-Access underlay network?

A. End user subnets and endpoints are part of the underlay network.

B. The underlay switches provide endpoint physical connectivity for users.

C. Static routing is a requirement.

D. It must support IPv4 and IPv6 underlay networks.

Answer

A

B. The underlay switches provide endpoint physical connectivity for users.

Question 11

Q

What is the centralized control policy in a Cisco SD-WAN deployment?

A. List of ordered statements that define user access policies.

B. List of enabled services for all nodes within the cloud.

C. Set of rules that governs nodes authentication within the cloud.

D. Set of statements that defines how routing is performed.

Answer

A

D. Set of statements that defines how routing is performed.

Question 12

Q

Which new enhancement was implemented in Wi-Fi 6?

A. Wi-Fi Protected Access 3

B. 4096 Quadrature Amplitude Modulation Mode

C. Uplink and Downlink Orthogonal Frequency Division Multiple Access

D. Channel bonding

Answer

A

C. Uplink and Downlink Orthogonal Frequency Division Multiple Access

Orthogonal Frequency Division Multiplexing (OFDM): Used in both 2.4 and 5 GHz bands, where a single 20 MHz channel contains data that is sent in parallel over multiple frequencies. Each channel is divided into many subcarriers (also called subchannels or tones); both phase and amplitude are modulated with quadrature amplitude modulation (QAM) to move the most data efficiently.

Question 13

Q

Which congestion queuing method on Cisco IOS-based routers uses four static queues?

A. Low Latency

B. Custom

C. Weighted Fair

D. Priority

Answer

A

D. Priority

Question 14

Q

Where is radio resource management performed in a Cisco SD-access wireless solution?

A. control plane node

B. DNA Center

C. Cisco CMX

D. wireless controller

Answer

A

D. wireless controller

Question 15

Q

How does an on-premises infrastructure compare to a cloud infrastructure?

A. On-premises can increase compute power faster than cloud.

B. On-premises offers faster deployment than cloud.

C. On-premises offers lower latency for physically adjacent systems than cloud.

D. On-premises requires less power and cooling resources than cloud.

Answer

A

C. On-premises offers lower latency for physically adjacent systems than cloud.

Question 16

Q

Which design principle states that a user has no access by default to any resource, and unless a resource is explicitly granted, it should be denied?

A. complete mediation

B. least privilege

C. economy of mechanism

D. fail-safe defaults

Answer

A

D. fail-safe defaults

Question 17

Q

Drag and Drop

Question 18

Q

What is the function of vBond in a Cisco SDWAN deployment?

A. Onboarding of SDWAN routers into the SD-WAN overlay.

B. Pushing of configuration toward SD-WAN routers.

C. Initiating connections with SD-WAN routers automatically.

D. Gathering telemetry data from SD-WAN routers.

Answer

A

A. Onboarding of SDWAN routers into the SD-WAN overlay.

vBond is available with physical applicances

vSmart controller also works in conjunction with the vBond orchestrator to authenticate the devices as they join the network and to orchestrate connectivity between the SD-WAN routers.

The vBond orchestrator authenticates the vSmart controllers
and the SD-WAN routers and orchestrates connectivity
between them. It is the only device that must have a public IP
address so that all SD-WAN devices in the network can connect
to it. A vBond orchestrator is an SD-WAN router that only
performs vBond orchestrator functions.

Question 19

Q

What are the Major components of the vBond orchestrator:

Answer

A

Control plane connection: Each vBond orchestrator has a
permanent control plane connection over a DTLS tunnel with each
vSmart controller. In addition, the vBond orchestrator uses DTLS
connections to communicate with SD-WAN routers when they come
online, to authenticate them and to facilitate their ability to join the
network. Basic authentication of an SD-WAN router is done using
certificates and RSA cryptography.
NAT traversal: The vBond orchestrator facilitates the initial
orchestration between SD-WAN routers and vSmart controllers when
one or both of them are behind NAT devices. Standard peer-to-peer
techniques are used to facilitate this orchestration.
Load balancing: In a domain with multiple vSmart controllers, the
vBond orchestrator automatically performs load balancing of SDWAN
routers across the vSmart controllers when routers come online.

Question 20

Q

How do cloud deployments differ from on-prem deployments?
A. Cloud deployments require longer implementation times than on-premises deployments.
B. Cloud deployments are more customizable than on-premises deployments.
C. Cloud deployments have lower upfront costs than on-premises deployments.
D. Cloud deployments require less frequent upgrades than on-premises deployments.

Answer

A

C. Cloud deployments have lower upfront costs than on-premises deployments.

Question 21

Q

Which function is handled by vManage in the Cisco SD-WAN fabric?
A. Establishes IPsec tunnels with nodes.
B. Distributes policies that govern data forwarding.
C. Performs remote software upgrades for WAN Edge, vSmart and vBond.
D. Establishes BFD sessions to test liveliness of links and nodes

Answer

A

C. Performs remote software upgrades for WAN Edge, vSmart and vBond.

vManageis only available as a VM

vManage Network Management System (NMS): This is a single
pane of glass (GUI) for managing the SD-WAN solution. It enables centralized
provisioning and simplifies network changes.

Question 22

Q

Which function does a fabric AP perform in a Cisco SD-Access deployment?
A. It manages wireless clients’ membership information in the fabric.
B. It connects wireless clients to the fabric.
C. It updates wireless clients’ locations in the fabric.
D. It configures security policies down to wireless clients in the fabric.

Answer

A

B. It connects wireless clients to the fabric.

Fabric APs establish a VXLAN tunnel to the fabric edge to
transport wireless client data traffic through the VXLAN tunnel
instead of the CAPWAP tunnel. For this to work, the AP must
be directly connected to the fabric edge or a fabric extended
node.

Question 23

Q

Which design principle should be followed in a Cisco SD-Access wireless network deployment?
A. The WLC is part of the fabric overlay.
B. The WLC is part of the fabric underlay.
C. The WLC is connected outside of the fabric.
D. The access point is connected outside of the fabric.

Answer

A

C. The WLC is connected outside of the fabric.

Question 24

Q

An engineer is configuring a GRE tunnel interface in the default mode. The engineer has assigned an IPv4 address on the tunnel and sourced the tunnel from an Ethernet interface. Which option also is required on the tunnel interface before it is operational?
A. (config-if)#tunnel destination {ip address}
B. (config-if)#keepalive {seconds retries}
C. (config-if)#ip mtu {value}
D. (config-if)#ip tcp adjust-mss {value}

Answer

A

A. (config-if)#tunnel destination {ip address}

Question 25

Q

What are two characteristics of Cisco SD-Access elements? (Choose two)
A. Fabric endpoints are connected directly to the border node.
B. The border node is required for communication between fabric and nonfabric devices.
C. The control plane node has the full RLOC-to-EID mapping database.
D. Traffic within the fabric always goes through the control plane node.
E. The border node has the full RLOC-to-EID mapping database.

Answer

A

B. The border node is required for communication between fabric and nonfabric devices.
C. The control plane node has the full RLOC-to-EID mapping database.

Question 26

Q

Refer to the exhibit.

Current configuration: 142 bytes*
vrf definition STAFF*
!*
!*
interface GigabitEthernet1*
vrf forwarding STAFF*
no ip address*
negotiation auto*
no mop enabled*
no mop sysid*
end*

An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEthemet1 interface. Which two
commands must be added to the existing configuration to accomplish this task? (Choose two)
A. Router(config-vrf)#address-family ipv6
B. Router(config-if)#ip address 192.168.1.1 255.255.255.0
C. Router(config-vrf)#ip address 192.168.1.1 255.255.255.0
D. Router(config-if)#address-family ipv4
E. Router(config-vrf)#address-family ipv4

Answer

A

B. Router(config-if)#ip address 192.168.1.1 255.255.255.0
E. Router(config-vrf)#address-family ipv4

Question 27

Q

What is the data policy in a Cisco SD-WAN deployment?
A. List of ordered statements that define node configurations and authentication used within the SD-WAN
overlay.
B. Set of statements that defines how data is forwarded based on IP packet information and specific VPNs.
C. Detailed database mapping several kinds of addresses with their corresponding location.
D. Group of services tested to guarantee devices and links liveliness within the SD-WAN overlay.

Answer

A

B. Set of statements that defines how data is forwarded based on IP packet information and specific VPNs.

Question 28

Q

What is a VPN in a Cisco SD-WAN deployment?
A. Virtual channel used to carry control plane information.
B. Attribute to identify a set of services offered in specific places in the SD-WAN fabric.
C. Common exchange point between two different services.
D. Virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric.

Answer

A

D. Virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric.

Question 29

Q

Drag and Drop

Question 30

Q

In a three-tier hierarchical campus network design, which action is a design best-practice for the core layer?
A. Provide QoS prioritization services such as marking, queueing, and classification for critical network traffic.
B. Provide advanced network security features such as 802. IX, DHCP snooping, VACLs, and port security.
C. Provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster
convergence.
D. Provide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP.

Answer

A

C. Provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster

Question 31

Q

In a Cisco SD-Access solution, what is the role of the Identity Services Engine?
A. It provides GUI management and abstraction via apps that share context.
B. It is leveraged for dynamic endpoint to group mapping and policy definition.
C. It is used to analyze endpoint to app flows and monitor fabric status.
D. It manages the LISP EID database

Answer

A

B. It is leveraged for dynamic endpoint to group mapping and policy definition.

Question 32

Q

Which controller is capable of acting as a STUN server during the onboarding process of Edge devices?
A. vManage
B. vSmart
C. vBond
D. PNP server

Question 33

Q

What is the recommended MTU size for a Cisco SD-Access Fabric?
A. 4464
B. 9100
C. 1500
D. 17914

Question 34

Q

Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?
A. IKE
B. DTLS
C. IPSec
D. ESP

Question 35

Q

Which two southbound interfaces originate from Cisco DNA Center and terminate at fabric underlay switches?
(Choose two)
A. UDP 67: DHCP
B. ICMP: Discovery
C. TCP 23: Telnet
D. UDP 162: SNMP
E. UDP 6007: NetFlow

Answer

A

B. ICMP: Discovery
C. TCP 23: Telnet

Question 36

Q

Which two results occur if Cisco DNA Center loses connectivity to devices in the SD-Access fabric? (Choose
two)
A. All devices reload after detecting loss of connection to Cisco DNA Center.
B. Already connected users are unaffected, but new users cannot connect.
C. Users lose connectivity.
D. Cisco DNA Center is unable to collect monitoring data in Assurance.
E. User connectivity is unaffected.

Answer

A

D. Cisco DNA Center is unable to collect monitoring data in Assurance.
E. User connectivity is unaffected.

Question 37

Q

Refer to the exhibit. A port channel is configured between SW2 and SW3. SW2 is not running Cisco operating system. When all physical connections are made, the port channel does not establish. Based on the configuration excerpt of SW3, what is the cause of the problem?

interface gi1/2
channel-group 30 mode desirable
port-channel load-balance src-ip
interface gi1/3
channel-group 30 mode desirable
port-channel load-balance src-ip
interface PortChannel 30
switchport mode trunk
switchport encapsulation dot1q
switchport trunk allowed vlan 10-100

A. The port-channel on SW2 is using an incompatible protocol.
B. The port-channel trunk is not allowing the native VLAN.
C. The port-channel should be set to auto.
D. The port-channel interface load balance should be set to src-mac.

Answer

A

A. The port-channel on SW2 is using an incompatible protocol.

Question 38

Q

Refer to the exhibit.

SW2#
08:33:23: %PM-4-ERR_DISABLE: channel-misconfig error detection on Gi0/0, putting
Gi0/0 in err-disable state
08:33:23: %PM-4-ERR_DISABLE: channel-misconfig error detection on Gi0/1, putting
Gi0/1 in err-disable state

After an engineer configures an EtherChannel between switch SW1 and switch SW2, this error message is logged on switch SW2.
Based on the output from SW1 and the log message received on Switch SW2, what action should the engineer
take to resolve this issue?

A. Configure the same protocol on the EtherChannel on switch SW1 and SW2.
B. Correct the configuration error on interface Gi0/1 on switch SW1.
C. Define the correct port members on the EtherChannel on switch SW1.
D. Correct the configuration error on interface Gi0/0 switch SW1.

Answer

A

A. Configure the same protocol on the EtherChannel on switch SW1 and SW2.

Question 39

Q

Which function does a fabric edge node perform in an SD-Access deployment?
A. Connects the SD-Access fabric to another fabric or external Layer 3 networks.
B. Connects endpoints to the fabric and forwards their traffic.
C. Provides reachability border nodes in the fabric underlay.
D. Encapsulates end-user data traffic into LISP.

Answer

A

B. Connects endpoints to the fabric and forwards their traffic.

Question 40

Q

Which action is the vSmart controller responsible for in an SD-WAN deployment?
A. Onboard vEdge nodes into the SD-WAN fabric.
B. Distribute security information for tunnel establishment between vEdge routers.
C. Manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric.
D. Gather telemetry data from vEdge routers.

Answer

A

B. Distribute security information for tunnel establishment between vEdge routers.

Question 41

Q

Which statement about a Cisco APIC controller versus a more traditional SDN controller is true?
A. APIC uses a policy agent to translate policies into instructions.
B. APIC supports OpFlex as a Northbound protocol.
C. APIC does support a Southbound REST API.
D. APIC uses an imperative model.

Answer

A

A. APIC uses a policy agent to translate policies into instructions.

Question 42

Q

What the role of a fusion in an SD-Access solution?
A. Provides connectivity to external networks.
B. Acts as a DNS server.
C. Performs route leaking between user-defined virtual networks and shared services.
D. Provides additional forwarding capacity to the fabric.

Answer

A

C. Performs route leaking between user-defined virtual networks and shared services.

Question 43

Q

Which statement about a fabric access point is true?
A. It is in local mode and must be connected directly to the fabric border node.
B. It is in FlexConnect mode and must be connected directly to the fabric border node.
C. It is in local mode and must connected directly to the fabric edge switch.
D. It is in FlexConnect mode and must be connected directly to the fabric edge switch.

Answer

A

C. It is in local mode and must connected directly to the fabric edge switch.

Question 44

Q

On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?
A. LISP
B. IS-IS
C. Cisco TrustSec
D. VXLAN

Question 45

Q

Which description of an SD-Access wireless network infrastructure deployment is true?
A. The access point is part of the fabric underlay.
B. The WLC is part of the fabric underlay.
C. The access point is part the fabric overlay.
D. The wireless client is part of the fabric overlay.

Answer

A

C. The access point is part the fabric overlay.

Question 46

Q

Which controller is the single plane of management for Cisco SD-WAN?
A. vBond
B. vEdge
C. vSmart
D. vManage

Answer

A

D. vManage

Question 47

Q

When a wired client connects to an edge switch in an SDA fabric, which component decides whether the client
has access to the network?
A. control-plane node
B. Identity Service Engine
C. RADIUS server
D. edge node

Answer

A

B. Identity Service Engine

Question 48

Q

What are two device roles in Cisco SD-Access fabric? (Choose two)
A. core switch
B. vBond controller
C. edge node
D. access switch
E. border node

Answer

A

C. edge node
E. border node

Question 49

Q

Which component handles the orchestration plane of the Cisco SD-WAN?
A. vBond
B. vSmart
C. vManage
D. vEdge

Question 50

Q

In an SD-Access solution, what is the role of a fabric edge node?
A. To connect external Layer 3- network to the SD-Access fabric.
B. To connect wired endpoint to the SD-Access fabric.
C. To advertise fabric IP address space to external network.
D. To connect the fusion router to the SD-Access fabric.

Answer

A

B. To connect wired endpoint to the SD-Access fabric.

Question 51

Q

What is the role of the vSmart controller in a Cisco SD-WAN environment?
A. It performs authentication and authorization.
B. It manages the control plane.
C. It is the centralized network management system.
D. It manages the data plane.

Answer

A

B. It manages the control plane.

Question 52

Q

In a Cisco SD-WAN solution, how is the health of a data plane tunnel monitored?
A. with IP SLA
B. ARP probing
C. using BFD
D. with OMP

Answer

A

C. using BFD

Question 53

Q

Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD-Access
architecture?
A. underlay network
B. overlay network
C. VPN routing/forwarding
D. easy virtual network

Answer

A

B. overlay network

Question 54

Q

In an SD-WAN deployment, which action in the vSmart controller responsible for?
A. Handle, maintain, and gather configuration and status for nodes within the SD-WAN fabric.
B. Onboard vEdge nodes into the SD-WAN fabric.
C. Gather telemetry data from vEdge routers.
D. Distribute policies that govern data forwarding performed within the SD-WAN fabric

Answer

A

D. Distribute policies that govern data forwarding performed within the SD-WAN fabric

Question 55

Q

In a Cisco SD-Access fabric, which control plane protocol is used for mapping and resolving endpoints?
A. LISP
B. DHCP
C. SXP
D. VXLAN

Question 56

Q

What is one fact about Cisco SD-Access wireless network deployments?
A. The access point is part of the fabric underlay.
B. The WLC is part of the fabric underlay.
C. The access point is part of the fabric overlay.
D. The wireless client is part of the fabric overlay

Answer

A

C. The access point is part of the fabric overlay.

Question 57

Q

What is the function of the fabric control plane node in a Cisco SD-Access deployment?
A. It is responsible for policy application and network segmentation in the fabric.
B. It performs traffic encapsulation and security profiles enforcement in the fabric.
C. It holds a comprehensive database that tracks endpoints and networks in the fabric.
D. It provides integration with legacy nonfabric-enabled environments

Answer

A

C. It holds a comprehensive database that tracks endpoints and networks in the fabric.

Question 58

Q

In a Cisco SD-Access wireless architecture, which device manages endpoint ID to Edge Node bindings?
A. fabric control plane node
B. fabric wireless controller
C. fabric border node
D. fabric edge node

Answer

A

A. fabric control plane node

Question 59

Q

Which control plane protocol is used between Cisco SD-WAN routers and vSmart controllers?
A. BGP
B. OMP
C. TCP
D. UDP

Question 60

Q

In a wireless Cisco SD-Access deployment, which roaming method is used when a user moves from one
access point to another on a different access switch using a single WLC?
A. Layer 3
B. inter-xTR
C. auto anchor
D. fast roam

Answer

A

B. inter-xTR

Question 61

Q

Which protocol is responsible for data plane forwarding in a Cisco SD-Access deployment?
A. VXLAN
B. IS-IS
C. OSPF
D. LISP

Question 62

Q

Which tunneling technique is used when designing a Cisco SD-Access fabric data plane?
A. VXLAN
B. VRF Lite
C. VRF
D. LISP

Question 63

Q

Which statement about the default QoS configuration on a Cisco switch is true?
A. All traffic is sent through four egress queues.
B. Port trust is enabled.
C. The Port CoS value is 0.
D. The CoS value of each tagged packet is modified.

Answer

A

C. The Port CoS value is 0.

Question 64

Q

Which QoS mechanism will prevent a decrease in TCP performance?
A. Shaper
B. Policer
C. WRED
D. Rate-Limit
E. LLQ
F. Fair-Queue

Answer 52

A

A. Marking

Answer 53

A

A. QoS Group

Answer 54

A

B. It buffers and queue packets above the committed rate.

Answer 55

A

C. Policing drops traffic that exceeds the defined rate.
E. Policing should be performed as close to the source as possible.

Answer 56

A

A. CoS of 5 to DSCP of 46

Answer 57

A

B. RLOC
E. EID

Answer 58

A

B. It rejects any unidirectional link traffic forwarding.

Answer 59

A

C. traffic specification

Answer 60

A

B. Must be combined with NSF to support uninterrupted Layer 3 operations.
E. Requires synchronization between supervisors in order to guarantee continuous connectivity.

Answer 61

A

A. R2(config)#username Netconf privilege 15 password example_password
R2(config)#netconf-yang
R2(config)# netconf-yang feature candidate-datastore

Answer 62

A

D. Use SSL for encryption
E. Use a password hash

Answer 63

A

C. It allows configuration of application-aware policies with real time enforcement
D. It simplifies endpoint provisioning through standalone router management

Answer 64

A

C. It allows configuration of application-aware policies with real time enforcement
D. It simplifies endpoint provisioning through standalone router management

Answer 65

A

B. software-defined segmentation
D. identity services

Answer 66

A

B. Layer 2 Flooding

Explanation/Reference:
Cisco SD-Access fabric provides many optimizations to improve unicast traffic flow, and to reduce the
unnecessary flooding of data such as broadcasts. But, for some traffic and applications, it may be desirable to
enable broadcast forwarding within the fabric.
By default, this is disabled in the Cisco SD-Access architecture. If broadcast, Link local multicast and Arp
flooding is required, it must be specifically enabled on a per-subnet basis using Layer 2 flooding feature.
Layer 2 flooding can be used to forward broadcasts for certain traffic and application types which may require
leveraging of Layer 2 connectivity, such as silent hosts, card readers, door locks, etc.
Reference: https://

Brainscape's Knowledge GenomeTM

1.0 Architecture Additional Study Questions Flashcards

Brainscape's Knowledge Genome^TM