2.0 Virtualization Domain 10%

Question 1

The basis of the SD-Access control plane and is used to manage the mappings between endpoint identifiers (EIDs) which are assigned to hosts and routing locators (RLOCs) which are assigned to routers.

Answer 1

Locator/ID Separation Protocol (LISP)

Question 2

Manages the endpoint to fabric node mapping

Answer 2

Host Tracking Database (HTDB)

Question 3

LISP device that encapsulates IP packets from Endpoint Identifiers (EIDs) that have destinations to a different LISP site.

Answer 3

Ingress Tunnel Router (ITR)

Question 4

Encapsulates traffic from non-LISP sites destined for EIDs at LISP sites

Answer 4

Proxy Ingress Tunnel Router
(PITR)

Question 5

device that de-encapsulates LISP packets from EIDs that reside outside the LISP site but have destinations the lie inside the LISP site

Answer 5

Egress Tunnel Router (ETR)

Question 6

ETR router uses to send traffic to non-LISP sites

Answer 6

Proxy Egress Tunnel Router
(PETR)

Question 7

Single device that combines both ITR and ETR LISP functions

Answer 7

Tunnel Router
(xTR)

Question 8

• accepts encapsulated Map-Request messages from the ITRs,
• dencapsulate those messages,
• forwards towards the ETRs

Answer 8

LISP Map Resolver
(MR)

Question 9

Basis of the SD-Access data plane and is used to extend and enchance VLAN capabilities by overlaying a layer 2 network on top of a layer 3 network

Answer 9

Virtual Extensible Local Area Network
(VXLAN)

Question 10

What encapsulation method is used in VXLAN to transport layer 2 data over an IP-based underlay?

Answer 10

User Datagram Protocol

Question 11

24-bit segment ID that replaces the VLAN ID and extends layer 2 segmentation from 4,094 possible VLANS to 16 million broadcast domains

Answer 11

VXLAN Network Identifier
(VNID)

Question 12

What does VXLAN use for loop protection?

Answer 12

Layer 3 routing protocols and Equal Cost Multipathing (ECMP)

Question 13

Draft IETF standard that redefines a reserved portion of the standard VXLAN header to inclue Security Group Tag (SGT) information.

Answer 13

VXLAN Group Policy Option
(VXLAN-GPO)

Question 14

device that provides the encapsulation and deencapsulation for the VXLAN

Answer 14

Virtual Tunnel Endpoint
(VTEP)

Question 15

logical interface where the VXLAN encapsulation and deencapsulation occurs

Answer 15

Network Virtual Interface (NVI)

Question 16

network virtualization mechanism that enables a single layer 3 router to function as multiple virtual routers

Answer 16

Virtual Routing and Forwarding
(VRF)

Question 17

an open standard that operates at the Network layer and is responsible for securing VPN traffic by providing device authentication, data encryption, and data integrity

Answer 17

IPSec

Question 18

What encryption methods are supported by IPSec

Answer 18

• Data Encrytpion Standard (DES)
• Triple DES (3DES)
• Advanced Encryption Standard (AES)

Question 19

What command creates and names a VRF?

Answer 19

ip vrf vrf-name

Question 20

What command within the VRF configuration is used to distinguish routing domains?

Answer 20

rd asn:arbitrary#

Question 21

What command is required if BGP is running in the VRF and creates a list of import and export route target (RT) communities for the VRF?

Answer 21

route-target {export | import | both} asn:arbitrary#

Question 22

What command is used to associate interfaces with the VRF?

Answer 22

within the interface configuration mode of each interface you want to participate in the VRF issue:
ip vrf forwarding vrf-name

Question 23

which command was issued to produce the following output:

Answer 23

show ip vrf detail vrf-name

Question 24

What command is used to create the logical interface of a tunnel?

Answer 24

interface tunnel tunnel-number

Question 25

Cisco IOS defaults to what mode of GRE?

Answer 25

IPv4 GRE

Question 26

What command with the tunnel configuration is used to assign the virtual interface of the tunnel?

Answer 26

**ip address** *ipv4-address*

Question 27

what commands identify the source and destination ip addresses of the physical intefaces?

Answer 27

**tunnel source** *ip-address of source router* **tunnel destination** *ip-address of destination router*

Question 28

What command produced the following output?

Answer 28

**show interfaces tunnel** *tunnel-number*

Question 29

What IP protocol needs to be allowed by and ACL or firewall if GRE tunnels are being used?

Answer 29

IP protocol 47

Question 30

What type of hypervisor doesn't require a host OS?

Answer 30

**Type 1**

Question 31

What are some examples of type 1 hypervisors?

Answer 31

**VMWare ESXi and Microsof Hyper-V**

Question 32

What are some examples of type 2 hypervisors?

Answer 32

**Oracle Virtual Box** **VMWare Fusion** **VMWare Player**

Question 33

Emulates the physical hardware of a host computer system such as a desktop or server

Answer 33

**Virtual Machine**

Question 34

Allows VMs to quickly and easily migrate between host machines

Answer 34

**Encapsulation**

Question 35

Ensures that a VM can migrate to any physical host with the appropriate resources

Answer 35

**Hardware Independance**

Question 36

* Is an ETSI standard that defines the decoupling of network functions (NFs) from hardware * used to create appliances, such as load balancers, firewalls and intrusion detection systems (IDSs), * can perform the functions of their physical counterparts without being confined to a dedicated hardware platform

Answer 36

**Network Functions Virtualization (NFV)**

Question 37

T/F a vSwitch is a virtualized switch that emulates a physical multilayer switch?

Answer 37

**False** a vSwitch can only emulate a physical layer 2 switch

Question 38

What are some common Cisco VNFs

Answer 38

**Cisco Cloud Services Router 1000v (CWR 1000v)** **Cisoco Integrated Services Virtual Router (ISRv)** **Cisco NextGen Firewall Virtual Appliance (NGFWv)**

Question 39

What are some limitations of a vSwitch?

Answer 39

* **cannot share a connection to a physical NIC with another vSwitch** * **two vSwitches cannot be connected together**

Question 40

What hash algorithms are used by IPSec to ensure data integrity?

Answer 40

**Message Digest 5 (MD5) or Secure Hash Algorithm 1 (SHA 1)**

Question 41

What are Authentication methods used by IPSec?

Answer 41

**Pre-Shared Keys** **Digital Signatures**