MEF-SDN/NFV Flashcards

1
Q
  1. An organization just failed an SEC test audit. Packet flooding and redundancy in an emergency are two problems
    cited in the audit. The security staff in the organization is advocating for expensive appliances to be purchased. The
    CTO wants the network architect to investigate SDN. Which characteristics of SDN are reasons to adopt the CTO’s
    recommendation?

 Security-defined interoperability will deliver routes that leverage the existing infrastructure and optimize
traffic
 Packet-based routing will be providing a better accounting of all traffic in the network through better audit
log information for the auditors
 SDN will deliver better isolation of data plane traffic and will provide more flexibility to address
redundancy needs
 The ability to separate control plane from the data plane automatically makes data management easier and
more secure

A

SDN will deliver better isolation of data plane traffic and will provide more flexibility to address
redundancy needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. A Service Provider is upgrading a set of SDN Switches in a given region. The maintenance window for network
    upgrades is 2 am to 4 am. The downtime must be minimized as much as possible. What should the network
    administrator do to minimize the downtime?

 Reactively program a flow in the controller to redirect traffic toward the region at 1 am
 Proactively program a flow in the controller to redirect traffic away from the region at 1 am
 Proactively program a flow in the SDN Switches to redirect traffic away from the region at 1 am
 Reactively program a flow in the SDN Switches to redirect traffic toward the region at 1 am

A

 Proactively program a flow in the controller to redirect traffic away from the region at 1 am

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. A customer requests its VPN provider to prohibit FTP traffic between its branch offices. The VPN provider’s
    network is fully SDN controlled, but does NOT offer a self-service portal to its customers.
    Which SDN component does the VPN provider’s SDN support engineer need to interact with?

 The policy/intent interface of the SDN Controller
 The user interface of the OpenFlow instance
 The command line interface (CLI) of the VPN gateways
 The SNMP interface of the optical network EMS

A

 The policy/intent interface of the SDN Controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. The network operator is troubleshooting a connection issue for a user TCP/IP connection through the SDN
    Network. Which component implements the routing logic for the IP path?

 Control plane in the SDN Switch
 Control plane in the SDN Controller
 Forwarding plane in the SDN Controller
 Forwarding plane in the SDN Switch

A

 Control plane in the SDN Controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. A media content provider struggles with data growth on its SDN network and adds an SDN controller to distribute
    the load and increase robustness. Which communication interface should the SDN controllers use to synchronize
    their operation and provide a single controller view to the applications?

 Eastbound/Westbound interface
 Infrastructure layer interface
 Application layer interface
 Northbound/Southbound interface

A

 Eastbound/Westbound interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. A Service Provider plans to provide a service portal to allow customers to interact with an SDN network to be
    able to view the status and statistics of their services. Which interface does the service portal use to retrieve this
    information?

 The SDN Switches east/west interfaces
 The SDN Controller northbound interface
 The SDN Controller OpenFlow interface
 The SDN Switches southbound interface

A

 The SDN Controller northbound interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. A company is evaluating the move to SDN. The CTO fears that the implementation of the OpenFlow protocol
    throughout the environment may have a performance impact that affects business operations. How can the
    company mitigate risk while still being able to deploy SDN technologies?

 Deploy a separate network for OpenFlow protocol traffic
 Find a network edge use case that would allow an interoperable OpenFlow solution to be deployed for
deep packet inspection
 Find a hybrid networking solution by deploying custom APIs to manage switch traffic from the nonOpenFlow switches
 Deploy an overlay SDN solution like VxLAN.

A

 Deploy a separate network for OpenFlow protocol traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. A customer has an existing network and wants to extend it with new OpenFlow switches. What southbound
    protocol must customer use to manage the legacy switches?

 YANG
 OpenFlow
 OF-Config
 NETCONF

A

 NETCONF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. A Service Provider is implementing an SDN solution. Due to budget constraints, the Service Provider will
    implement incremental network upgrades and leverage the legacy switching network. Which southbound protocols
    must the SDN Controller support to facilitate this architecture?

 Ansible and NETCONF
 NFV and OpenFlow
 OpenFlow and SNMP
 OpenFlow and YANG

A

 OpenFlow and SNMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. A company is planning to roll out all of its new applications to take advantage of SDN. They need to use
    OpenFlow 1.3. The new network equipment will be deployed in three phases. The existing network supports 1,200
    nodes. Which critical variable should the network architect consider when specifying the new applications to the
    development team?

 Whether the application should be data center-based or a cloud-based SDN solution
 The nature of the SDN/Virtualization application and infrastructure
 The ability for OpenFlow 1.3 to support IPv6 and multicast traffic
 The interoperability of the legacy and the OpenFlow 1.3 compatible switches

A

 The interoperability of the legacy and the OpenFlow 1.3 compatible switches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. There is a recurring connectivity failure between an SDN Controller and one of the switches. A Network
    Operator is unable to isolate the issue. How should the operator resolve these issues?

 Upgrade the SDN Controller to the latest software version
 Upgrade the network switch to the latest firmware and OpenFlow protocol version
 Identify the issue through the analytics component and follow a more specific troubleshooting process
 Move the SDN Controller on a new server in a new location

A

 Upgrade the network switch to the latest firmware and OpenFlow protocol version

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. An Enterprise is upgrading a part of its current network of Ethernet switches to SDN with OpenFlow switches.
    The Enterprise needs to consider the following:
    o The legacy Ethernet part of the network uses VLAN 20
    o The new SDN part of the network uses VLAN 10
    This file is a study guide in preparation for the MEF-SNCP Exam intended for Globe Telecom employees.
    Please do not share outside.
    o An OpenFlow-hybrid switch connects the legacy Ethernet part and SDN part to L3 gateway using an IEEE
    802.1Q trunk. Which OpenFlow rule should be specified in the hybrid switch to match and forward VLAN
    20 traffic to the traditional Ethernet pipeline?

 If VLAN ID = 20, forward to ANY port
 If VLAN ID = 20, forward to CONTROLLER port
 If VLAN ID = 20, forward to IN_PORT port
 If VLAN ID = 20, forward to NORMAL port

A

 If VLAN ID = 20, forward to NORMAL port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. A Service Provider offers data and voice services to its customers. The Service Provider offers a link with a
    capacity of 10 Gbps between two OpenFlow switches. The Service Provider wants to limit the data traffic to 70%
    of the link capacity and leave the remaining capacity for voice services. The network administrator created an
    OpenFlow queue that was attached to the port and connected to the link. The link directed all data traffic (NOT
    voice) to that queue. What is the proper configuration of the queue?

 Minimum rate = 3 Gbps; Maximum rate = 3 Gbps
 Minimum rate = 7 Gbps; Maximum rate = 7 Gbps
 Minimum rate = 3 Gbps; Maximum rate = 10 Gbps
 Minimum rate = 7 Gbps; Maximum rate = 10 Gbps

A

 Minimum rate = 7 Gbps; Maximum rate = 7 Gbps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. A Service Provider offers a data plan to customers that contains the following SLAs: a guaranteed rate of 1
    Mbps and a maximum rate of 2 Mbps. The Service Provider deploys OpenFlow switches in their network and
    wants to implement the SLAs using OpenFlow meters. Customer traffic is subject to a meter band with 2 meters.
    What is the proper configuration of the 2 meters in the meter band?

 Meter 1: rate = 1 Mbps, type = DSCP remark; Meter 2: rate = 2 Mbps, type = drop
 Meter 1: rate = 1 Mbps, type = drop; Meter 2: rate = 2 Mbps, type = drop
 Meter 1: rate = 1 Mbps, type = DSCP remark; Meter 2: rate = 1.5 Mbps, type = DSCP remark
 Meter 1: rate = 1 Mbps, type = drop; Meter 2: rate = 2 Mbps, type = DSCP remark

A

 Meter 1: rate = 1 Mbps, type = DSCP remark; Meter 2: rate = 2 Mbps, type = drop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Network operations wants to confirm that the SDN Controller to SDN Switch communication path is
    functional. Which protocol should the operator use to verify latency and continuity?

 UDP Connection
 Hello Messages
 TLS Sequencing
 Echo Request/Reply

A

 Echo Request/Reply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. In a mobile network, several base stations are attached to the core via a single mobile backhaul wireless link.
    Power is available only at the remote end of the backhaul link. The installation of an SDN switch at the remote
    end to connect the base stations via the backhaul link to the network core is the first step toward a dynamically
    configurable network. Which approach allows the SDN controller located in the core to control the remote SDN
    switch?

 The SDN control connection is established in-band and isolated from the data traffic
 The SDN switch at the remote location is equipped with a battery backup unit
 The SDN control connection uses an unreliable transport protocol (such as UDP)
 The SDN control connections are established to both master and slave SDN controller

A

 The SDN control connection is established in-band and isolated from the data traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. The Service Provider is deploying this SDN topology with the following configuration:
    • OpenFlow channel used to exchange OF messages between the controller and the OF switches is on a dedicated
    network using the out-of-band OF switch interface
    • The subnet address of this dedicated network is 192.168.1.0/24; controller IP = 192.168.1.100
    • The connection to the SDN controller must be secured
    After establishing the above connections and rebooting the switches, the OF switches failed to establish
    connection with the SDN controller. The IT Administrator suspected that it is a connection URl configuration
    problem in the OF switches. What should the IT administrator verify when troubleshooting this problem?

 The connection URl configured in both OF switches is TLS:192.168.1.100:6653
 The connection URl configured in the first OF switch is TCP:192.168.1.1:6653
 The connection URl configured in both OF switches is TLS:192.168.1.1:6653
 The connection URl configured in both OF switches is TCP:192.168.1.100:6653

A

 The connection URl configured in both OF switches is TLS:192.168.1.100:6653

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. The network engineer wants to design the network to be resilient and be able to continue OpenFlow Switch
    forwarding even if communications to the SDN Controller is lost. Which SDN Switch Mode must be enabled?

 Fail normal mode
 Fail secure mode
 Fail switch mode
 Fail secure drop mode

A

Fail secure mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. A client wants to create a level of network resilience that prevents dynamic SDN traffic sent from the
    controller to continue in the Switch OpenFlow Pipeline processing if the switch loses connectivity to the SDN
    Controller. The degraded operation will result in the switch continuing to operate in its native underlying switch
    or router mode. Which configuration mode will provide this level of functionality?

 Fail secure mode
 Fail standalone mode
 Fail normal mode
 Fail secure drop mode

A

 Fail standalone mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. An SDN network is built using OpenFlow version 1.3 as the Southbound API. Both the master and slave SDN
    Controller have experienced a catastrophic failure. The switches are configured in Fail-Secure mode. How will the
    forwarding plane behave in this situation?

 The SDN Switches will drop all traffic received through the active physical ports
 The SDN Switches will only forward new flows through the active physical ports
 The SDN Switches will forward all traffic through the active physical ports
 The SDN Switches will forward already configured flows through the active physical ports

A

 The SDN Switches will forward already configured flows through the active physical ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. An Operator is trying to create 6,000 virtualized networks that are interconnected through a common Layer 2
    closed user group. The Layer 2 networks must support both unicast and broadcast delivery. Because there is a 4K
    limitation when using VLANs, which IP-based overlay can accomplish this task?

 VXLAN
 IPv6
 IPSEC
 MPLS

A

 VXLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. An SDN application subscribes to Emergency Alert Systems for the locations where SDN Switches are present.
    The application receives an earthquake alert. What should the SDN Controller do to mitigate connectivity loss to
    customer-facing traffic?

 Broadcast the traffic to all SDN Switches in the affected areas
 Dispatch a technician to the unaffected area
 Redirect the traffic away from the affected areas
 Configure more ports on the SDN Switches in the affected areas

A

 Redirect the traffic away from the affected areas

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  1. A user is deploying an SDN solution to upgrade a decade-old legacy routed network. The user prefers to
    deploy the SDN network in a mixed mode/hybrid fashion with some devices managed via OpenFlow and other
    devices managed via NETCONF/YANG. Which SDN Controller should the user select?

 OpenStack
 OpenDaylight
 Open Source Networking
 Open Software Defined System

A

 OpenDaylight

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. A network is experiencing long delays in acknowledging communication between the network switches and
    the SDN Controllers. The use of multiple protocols between the controllers and the switches is causing an
    increase in latency. The SDN Controllers were originally Beacon but have been upgraded to Ryu since Beacon
    failed to meet the network’s requirements. Which approach addresses this problem?

 Roll back to the Beacon SDN Controller
 Implement high availability functionality for all network elements
 Fix the APIs for each of the applications on the network
 Replace Ryu with two OpenDaylight controllers in active/active mode

A

 Replace Ryu with two OpenDaylight controllers in active/active mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
  1. Several employees on the same floor report erratic network behavior. The SDN control channel to the switch
    on that floor is NOT established. What is the first step the SDN engineer should do to troubleshoot the OpenFlow
    connection?

 Reboot the SDN Controller and wait for the problem to resolve automatically
 Trigger a connection re-establishment from the SDN Controller
 Make sure that the SDN Switch has the correct SDN Controller configured
 Unplug all cables from the SDN Switch to avoid a security risk

A

 Make sure that the SDN Switch has the correct SDN Controller configured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
  1. The new “Aggregation 2” switch must to be added to handle the traffic growth. The entire network is
    controlled through the SDN Controller. Which configuration must be performed to integrate the new Aggregation
    2 switch into the SDN network?

 Configure the flow tables in the new switch so that traffic is forwarded to the appropriate destination
 Configure the activation of the spanning tree protocol because it will automatically set up connectivity
 Configure the routing protocol parameters and neighboring nodes and next hops
 Configure the SDN controller and the control connection parameters such as encryption, protocol, etc.

A

 Configure the SDN controller and the control connection parameters such as encryption, protocol, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
  1. An organization has assigned the network architect to design an SDN network in a hybrid switch environment.
    The network has the following requirements:
    • The SDN solution should be OpenFlow 1.3 or later with an open source SDN controller solution
    • There has to be encrypted route traffic information between the SDN controllers
    What should the architect do to meet the network design requirements?

 Replicate the TCAM information in the non-OpenFlow switches to the OpenFlow switches
 Mandate that all applications use network overlays to populate the inter-switch links in the network
 Recommend that all of the switches meet a tuple-parsing minimum in the packet header that is faster
than traditional non-SDN switches
 Recommend the ODL Neutron SDN Controller, since it provides the most thorough addressing of the
requirements

A

Recommend the ODL Neutron SDN Controller, since it provides the most thorough addressing of the
requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q
  1. The Service Provider has deployed SD-WAN software in their network. After a controller upgrade, the system
    administrator tried to deploy a white box branch device, which failed during the usual deployment procedures.
    What could be causing the failure of this deployment?

 The underlay network needs to be downgraded to the previous software version
 The branch device software needs to be supported by the controller software
 The controller and all the white box devices need to be rebooted
 The white box device needs to be replaced with a new one

A

The branch device software needs to be supported by the controller software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q
  1. Network Operations wants to be notified whenever a new switch or device is added to the SDN Network.
    What type of SDN application is needed?

 Reactive application
 Proactive application
 RESTful application
 Preemptive application

A

 Reactive application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q
  1. An Operator is upgrading a legacy network to SDN. The upgrade should be transparent to the legacy
    networking devices. What should the Operator do to meet this requirement?

 Install an SDN Controller supporting OpenFlow and replace the networking devices with devices
supporting OpenFlow
 Install a NETCONF Agent on the networking devices and install an SDN Controller supporting
NETCONF/YANG
 Install an SDN Controller that can support the legacy southbound interfaces and install the relevant
applications
 Install an OpenFlow Agent on the networking devices and install an SDN Controller supporting OpenFlow

A

 Install an SDN Controller that can support the legacy southbound interfaces and install the relevant
applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q
  1. A network company buys another network company. The engineers and architects must determine how to
    merge the two networks. Both have an MPLS backbone with the presence of BGP route reflectors and use various
    routing protocols in their networks such as IS-IS and OSPF. Both have a mixture of traditional equipment and SDN
    equipment. For certain applications, they both use ODL. It is recommended to use an SDN architecture.
    Which SDN solution should be used for the merge?

 Replace the two local ODL controllers with a central ODL controller using Path Computation Element
Protocol (PCEP) and OpenStack

 Create a single Network to Network Interface and use BGP
 Update the VNF forwarding graph with a new virtual link
 Replace the two local ODL controllers with a central ODL controller using BGP-LS and Path Computation
Element Protocol (PCEP)

A
Replace the two local ODL controllers with a central ODL controller using BGP-LS and Path Computation 
Element Protocol (PCEP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q
  1. The CTO and management want the SDN applications introduced into production as soon as possible, even if
    there is a risk that the hybrid SDN solution may not scale. The architect has the promises of all the different
    vendors - network switch, SDN controller, and SDN applications - that the solution will work. None of those
    promises are in writing. What is the most compelling argument for pausing to deploy a formal test lab for SDN
    applications?

 SDN gives greater management control to the network, so it is important to investigate all aspects of
that management prior to deployment.
 Advocate for an agile framework so that any programming modifications can be swiftly modified in the
SDN applications.
 As long as the vendors have promised interoperability verbally, what remains is to secure a written SLA
from each of the vendors.
 SDN reduces operational expense of running the network, so additional resources can be added to apply
out-of-band management solutions.

A

SDN gives greater management control to the network, so it is important to investigate all aspects of
that management prior to deployment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q
  1. A company’s network infrastructure has been upgraded to OpenFlow-based white box switches. The network
    architect is selecting an open-source SDN controller. The architect has several options, but none fully support the
    planned deployment. They all require some extensions. The goal of the deployment is to implement priority
    treatment for the network traffic of the company’s CEO, who regularly visits branch offices located in many
    locations around the world.
    Based on these requirements, which features are most important for this deployment?

 Secure north-bound interfaces and automatic conflict detection
 Isolation of various tenants and wide-range of accounting and reporting options
 Flexible QoS management and a unified network model
 Support for multiple SDN control protocols and model-based extensibility

A

Flexible QoS management and a unified network model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q
  1. An SDN controller is using NETCONF to configure SDN switches. An engineer is attempting to provision a new
    service that requires configuring multiple switches along the traffic path. However, one of the nodes along the
    path is NOT responding. What should the SDN controller do?

 Configure every other node along the path
 Configure the first node along the path and raise an alarm
 Configure none of the nodes and raise an alarm
 Configure only the non-responsive node

A

Configure none of the nodes and raise an alarm

35
Q
  1. A Service Provider is building their SDN network using an SDN Controller and OpenFlow Switches. The Service
    Provider needs to mitigate the following security challenge: attackers may launch a Denial of Service (DoS) attack
    by sending a high volume of unique flows, which could result in a high volume Packet-In messages from OpenFlow
    switches to the SDN Controller making the controller inaccessible.
    Which solution should the network architect select to keep the SDN controller safe from this DoS attack?

 Increase link capacity or reserved bandwidth for Packet-In messages
 Upgrade hardware with higher CPU power and memory capacity
 Install rate limits for Packet-In messages using queue or meter bands
 Install more SDN Controllers to form a load-balancing cluster

A

 Install rate limits for Packet-In messages using queue or meter bands

36
Q
  1. A Service Provider plans to deploy a network made up of 5,000 OpenFlow switches. The switches are
    partitioned in domains, and each domain is controlled by a separate controller. The controllers are organized in a
    federated arrangement. Each controller can support up to 1,000 OpenFlow switches, but must be able to
    completely support another domain if the controller that controls that domain fails.
    How many controllers must the Service Provider deploy to support this arrangement?

 7 controllers
 8 controllers
 10 controllers
 5 controllers

A

 10 controllers

37
Q
  1. A Service Provider deployed an SDN system to support 100,000 services. The system has the following
    configuration:
    • 2 SDN controllers in active/active configuration
    • Each SDN controller is sized for 100,000 services
    The system must grow to support 150,000 services with the same level of redundancy. What should the network
    architect do to support system growth?

 Increase the bandwidth between two existing SDN controllers and the available system memory
 Increase the disk space on the existing SDN controllers and increase the write cache for better
performance
 Identify potential services that are duplicative and get permission for them to be removed
 Deploy an additional SDN controller of the same capacity as the existing controllers

A

Deploy an additional SDN controller of the same capacity as the existing controllers

38
Q
  1. The network architect needs to design a native SDN network in a greenfield environment. The network spans
    3,000 miles and three data centers. The controllers must be configured in a federated model. Which aspect of the
    recommended solution must be considered as the top priority in designing both the scalability and resilience of
    the new SDN network?

 The need to increase the interconnect speed and reduce the latency between switches in the data centers
of the organization
 The key management infrastructure that must be designed to efficiently retrieve performance
information from the network
 Adopting the OpenDaylight SDN solution that will feature the ability to replicate controller switch
information
 Addressing the long propagation delays among controllers that can lead to a long response time in the
replication of the controllers

A

Addressing the long propagation delays among controllers that can lead to a long response time in the
replication of the controllers

39
Q
  1. As part of the SDN deployment, the SDN Controllers must be secured. The controllers are deployed in a High
    Availability (HA) configuration. The Linux OS servers are hardened to avoid malware hosts, and the data center
    has been physically hardened. How can the administrator avoid the insertion of unauthorized controllers
    (“controller-in-the-middle”) that could hijack the controller infrastructure?

 Creating an audit log of all controller access to document anomalies in the network
 Deploying an authentication protocol between the controllers
 Replicating key management systems to the controllers’ instruction database to redundant servers
 Leveraging DPI for all controller traffic to identify a potential DDoS attack

A

Deploying an authentication protocol between the controllers

40
Q
  1. A Service Provider deploys SDN Controllers in a hierarchical configuration. The parent SDN Controller interacts
    with child SDN Controllers. Each child SDN Controller manages the respective networking domain. Which method
    should be used to minimize network downtime?

 High availability configured only for child SDN Controllers because they manage the immediate network
 High availability NOT required for either the parent or the child SDN Controllers because they are always
stable
 High availability configured only for parent SDN Controller because it maintains all global data
 High availability configured for both parent SDN Controller and child SDN Controllers

A

High availability configured for both parent SDN Controller and child SDN Controllers

41
Q
  1. A company considers building an SDN network based on the OpenFlow protocol. The OpenFlow connection
    setup between an OpenFlow switch and an SDN controller must meet privacy, integrity, and identity security
    requirements. Which connection setup should the network architect select to meet the requirements?

 TLS connection with switch side certificate
 TCP connection in a separated control place network/VLAN
 TLS connection with certificates from both sides
 TLS connection with controller side certificate

A

TLS connection with certificates from both sides

42
Q
  1. When dealing with third-party proactive SDN applications, a network operator must address the following
    security challenges:
    • An error in the third-party application could cause the SDN controller to crash
    • Third-party applications can gain access into the internal data structures of SDN controllers
    What is the proper protection mechanism?

 Ask the developers of third-party applications to follow security guidelines
 Apply an audit check before a third-party application is allowed to run
 Run third-party applications in separate processes from the SDN controllers
 Run third-party applications as plugins of the SDN controllers

A

Run third-party applications in separate processes from the SDN controllers

43
Q
  1. A white box server hosting an SDN controller deployed at the customer site fails during an upgrade process.
    Connectivity to the controller has been lost. How should the network administrator access the device?

 Console
 FTP
 SSH
 Telnet

A

Console

44
Q
  1. A misbehaving VNF is generating too much traffic and consuming too many resources. How can the VNF
    deployment be modified to address this problem?

 Containerization of Virtual Network Functions
 Replication of VNF service chains
 White-box system deployments
 A custom vendor appliance

A

Containerization of Virtual Network Functions

45
Q
  1. Field trials for an organization’s VNF instances have ended with success. Now, VNFs must be deployed across
    thousands of network segments in the global network. Which organizational goal presents the greatest challenge
    in the management of the new deployment?

 A comprehensive global domain VNF catalogue function
 A comprehensive MANO solution
 A robust service-chaining solution
 A multi-domain VNF replication function

A

A comprehensive MANO solution

46
Q
  1. System architects are planning a new NFV deployment. The architects decide to group the NFV-MANO
    functional blocks and design the interfaces to all other functional blocks that are part of the architectural
    framework based on shared reference points. Based on the NFV architectural framework, which set of functional
    blocks share reference points with the NFV-MANO?

 OSS/BSS, EMS, VNFM, NFVI
 EMS, VNF, NFVI, OSS/BSS
 NFVO, EMS, NFVI, OSS/BSS
 NFVO, VNFM, EMS, VIM

A

 EMS, VNF, NFVI, OSS/BSS

47
Q
  1. An NFVO system receives a network service instantiation request. Which components does the NFVO need to
    interact with to execute request?

 VNFM and SDN Controller
 VNFM and VIM
 VIM and SDN Controller
 VNFM and EMS

A

VNFM and VIM

48
Q
  1. An Operator is creating a service using a set of service components located on the customer premises. How
    should the Operator perform this task?

 Instantiate and configure the service to chain between adjacent service components
 Instantiate and configure the service using the Service Activation Testing (SAT) function
 Instantiate and configure the service using automated Fault Management notifications
 Instantiate and configure the service deploying an automated Service Assurance function

A

Instantiate and configure the service to chain between adjacent service components

49
Q
  1. An organization is deploying a virtualized network over its existing network infrastructure. The CTO has
    requested that the organization use NFV service chains. The network designer will instantiate resources including
    compute, memory, and grouping in NFV service chains. Which element of the NFV infrastructure should be used
    to instantiate these service chains?

 The NFV Orchestrator (NFVO)
 The VNF Deployment Manager (VDM)
 The Virtualized Link Descriptor (VLD)
 The VNF Forwarding Graph Manager (VFGM)

A

 The NFV Orchestrator (NFVO)

50
Q
  1. A customer requests a Service Provider to deploy a VNF that is made up of three Virtual Deployment Units
    (VDUs). Each VDU requires 4 vCPUs and 8 GB RAM for its operation. Three servers with the following capabilities
    are identified as NFVI compute resources:
    Server A: 64 vCPU and 64 GB RAM
    Server B: 32 vCPU and 48 GB RAM
    Server C: 12 vCPU and 24 GB RAM
    The customer requests node anti-affinity policies to be enforced.
    Which VDU placement is appropriate to meet this requirement?

 All three VDUs on Server A
 Each VDU on a different server
 Two VDUs on Server A and 1 VDU on Server B
 Two VDUs on Server B and 1 VDU on Server C

A

Each VDU on a different server

51
Q
  1. A Service Provider has installed an NFV software framework into their network. An operator needs to view
    alerts and events from the deployed VNFs. Which component provides this information?

 VNF Manager
 Analytics/Service Assurance node
 Access Manager
 NFV Infrastructure

A

VNF Manager

52
Q
  1. A company is running a simple web service made up of a front-end web server and a back-end database
    server. Users connect to the front-end web server. The company has 200 customers that generate the given CPU
    and memory utilization rates. The company plans to expand and the user base and workload is expected to
    double. The network architect needs to make the existing service capable of scale-out for the upcoming
    expansion. The architect also needs to identify additional service components required.
    What should the network architect recommend to achieve a minimum design change while maintaining quality of
    service?

 Add 1 back-end database and deploy 1 load-balancer in front of the database as a new service component
 Add 1 front-end web server and deploy 1 load-balancer in front of the web server as a new service
component
 Add 1 front-end web server and 1 back-end database and deploy a backup server as a new service
component
 Add 1 back-end database and 3 front-end web servers and deploy load-balancers as a new service
component

A

Add 1 front-end web server and deploy 1 load-balancer in front of the web server as a new service
component

53
Q
  1. An administrator needs to modify the Virtualization Domain, Compute Domain, and Infrastructure Networking
    Domain within a Service Provider’s NFV infrastructure. Which component is responsible for managing and
    controlling these domains within the NFVI functional block?
     NFV Infrastructure (NFVI)
     Virtual Network Functions (VNFs)
     VNF Manager (VNFM)
     Virtual Infrastructure Manager (VIM)
A

 Virtual Infrastructure Manager (VIM)\

54
Q
  1. An Operator plans to deploy an NFV system. The system must be able to manage the VNF infrastructure and
    orchestrate the workflow of instantiating the VNFs, as well as configure them and manage their lifecycle. Which
    architectural building block as defined by ETSI NFV Industry Specification Group (ISG) should the Operator use to
    configure an instantiated VNF?

 OSS
 VIM
 LSO
 EMS

A

EMS

55
Q
  1. A customer subscribes to a Service Provider’s managed SDN-based service based on a vCPE that includes a
    virtual router and virtual firewall. All configuration of the VNFs must be performed by the Service Provider. The
    customer suffered a security attack and requests that the Service Provider update the firewall policies to address
    the issue. Which component should be used by the Service Provider to update the firewall policies?

 OSS
 SDN Controller
 NFVO
 VIM

A

SDN Controller

56
Q
  1. An Operator plans to deploy a network service composed of a chain of VNFs. When deploying the service,
    what should the Operator create and configure?

 An intrusion/detection mechanism in front of the first VNF in the service chain
 A logical overlay tunnel between adjacent VNFs in the service chain
 An OpenStack instance to manage and monitor the service chain
 A secure overlay tunnel between each VNF and an SDN Controller

A

A logical overlay tunnel between adjacent VNFs in the service chain

57
Q
  1. An enterprise customer subscribes for a low-delay 10 Mbps pipe from the Service Provider and requests a
    network service to allow all traffic to pass through Firewall and IDS functions before reaching their remote sites.
    The NFV Orchestrator deploys two virtual functions (1 for Firewall and 1 for IDS) to deliver this network service.
    Each virtual function has two virtual NICs connected to the virtual switches within the hypervisor. The NFVI
    infrastructure has 10 Gbps and 40 Gbps ports.
    To enable service to this customer, what operations must be performed by the SDN Controller?

 Configure Forwarding and QoS Policies only in the virtual infrastructure because only virtual functions are
used
 Configure Forwarding Policies only at the entry of the physical network where this customer traffic enters
the network
 Configure the Forwarding policies only at the exit of physical infrastructure where customer traffic exits
the network
 Configure Forwarding and QoS policies in both the physical infrastructure and virtual infrastructure for
this customer

A

Configure Forwarding and QoS policies in both the physical infrastructure and virtual infrastructure for
this customer

58
Q
  1. An operator is trying to edit a deployment template to make changes to the links between connected VNFs on
    a TOSCA-enabled NFV architecture. Which NFV component describes the relationship between the VNF links?

 Physical Network Function (PNF)
 Virtual Network Function (VNF)
 Virtual Deployment Units (VDU)
 Network Service Descriptor (NSD)

A

Network Service Descriptor (NSD)

59
Q
  1. The MANO component of an NFV system includes a service catalogue, a VNF image store, a VM deployment
    function, and an SDN controller. A customer of the NFV system is running a vCPE service made up of several VNFs
    including a vNAT. The customer wants to replace this vCPE from vendor A with a vCPE from vendor B. Images for
    the new VNFs were loaded to the image store and triggered to redeploy/update the service.
    Which step is required for this replacement?

 Develop and activate a test plan for the new service
 Update the vCPE service descriptor in the catalogue
 Upload a new load-balancer VNF to the image store
 Remove the old vCPE VNF images from the image store

A

Update the vCPE service descriptor in the catalogue

60
Q
  1. A Service Provider’s NFV infrastructure (NFVI) is hosting VNFs from multiple vendors to support real-time
    applications like VoLTE. The application requirements need to be hosted in multiple data centers connected
    through WAN and support deployment of both green-field VNFs and VNFs of existing Physical Network Functions
    (PNFs). Which three domains can support these requirements within the NFVI architecture?

 Compute Domain, Virtualization Domain, Infrastructure Networking Domain
 Application Domain, Transport Domain, Physical Domain
 Data Center Domain, Service Provider Domain, Enterprise Domain
 Virtual Domain, Physical Domain, Orchestration Domain

A

Compute Domain, Virtualization Domain, Infrastructure Networking Domain

61
Q
  1. An Operator is creating a network service made up of several VNFs in an active NFV system. The Operator’s
    design team needs to execute a set of procedures to create this service. What should the team do to meet this
    requirement?

 Use the EMS to configure each VNF respectively
 Use the VIM to plan and deploy the VNFI environment
 Request the VIM to install and instantiate the VNFs
 Design, onboard, and instantiate the network service

A

A request to the NFVO to instantiate a network service

62
Q
  1. Troubleshooting of a service interruption identified that suboptimal routing occurred that was caused by one
    specific application. The Network Service is deployed using NFV technology. The applications are on separate
    VMs. The VMs run over Open Virtual Switch (OVS). What action should the SDN engineer recommend to
    immediately address the problem?

 Delete the congested virtual link
 Create and instantiate a new VNF instance
 Route around the congested link using Fast ReRoute
 Configure the SDN Controller to bypass the application

A

Configure the SDN Controller to bypass the application

63
Q
  1. A disaster recovery test revealed insufficient isolation between VNFs and the chance of a security breach
    affecting a neighboring VNF. How should the isolation of the VNFs be improved?

 Increase logging and monitoring of the VNF behavior
 Distribute the VNFs across additional NFVI instances
 Actively manage the authentication of new VNFs
 Replicate the VNF catalogue across domains

A

Distribute the VNFs across additional NFVI instances

64
Q
  1. A provider is offering services via several VNFs. After a major service outage, engineers find that the outage
    was due to a bug that caused a few of the VNFs to operate incorrectly. A new software version is available that
    fixes the problem. The new software also introduces new services that will be used by some of the VNFs. The old
    services still must be offered to a selected group of VNFs.
    How should the engineer proceed with the upgrade?

 Deploy the new and old version at the same time while directing new service requests to the new
software version
 Deploy the VNFs as active/standby with the old version on the standby VNF and the new version on the
active VNF
 Deploy only the new software version and upgrade the other VNFs to be compatible with the new
services in the next release
 Deploy the VNFs as active/standby with the old version on the active VNF and the new version on the
standby VNF

A

Deploy the new and old version at the same time while directing new service requests to the new
software version

65
Q
  1. A Service Provider deploys a cloud center with servers built to run VNFs. The host OS is Linux Ubuntu Server
    version 16.04 and the Open-vSwitch (OVS) version is 2.7.0. The OVS is managed by an OpenDaylight SDN
    controller. Each server must be able to monitor each VM’s Ingress/Egress traffic.
    How can each VM’s ingress/egress traffic monitoring be done using the NFV architecture?

 Add a monitor VNF in a new VM and configure it to communicate with each deployed VNF and get its
Ingress / Egress traffic
 Replace OVS with monitoring SDN application that will communicate with ODL
 Add a monitor VNF in a new VM and configure OVS to mirror each VNF virtual port traffic to the new
VNF virtual port
 Modify each of the NFVs deployed in the server to collect traffic and send it to ODL

A

Add a monitor VNF in a new VM and configure OVS to mirror each VNF virtual port traffic to the new
VNF virtual port

66
Q
  1. The network test engineer is tasked with developing the optimum test environment for evaluating network
    elements and services for the organization’s NFV environment. Security and usability have already been
    addressed. The test environment is per ETSI-NFV specification, illustrated above. The primary deliverable is to
    validate the SLA for high availability in convergence failover times in the simulated environment.
    What key area needs to be considered in testing to make certain the organization is prepared before these VNFs
    are introduced in a production context?

 Ensuring the SLA provides for multiple service chaining in case of catastrophic failure
 Simulating a multiple VNF environment to load balance the network throughput
 Running stress traffic rates (150%) over 5 hours for SLA validation
 Identifying multiple VNFs that are associated with the same physical server

A

Identifying multiple VNFs that are associated with the same physical server

67
Q
  1. In a Service Provider NFV deployment, a VM is declared unavailable if it does NOT respond in the following
    configured periods:
    • VM supporting VoLTE VNF: 10 ms
    • VM supporting VoLTE Business Support System (BSS): 2000 ms
    Live migration of a VM takes 1000 to 1500 ms for any workload. High availability is NOT configured for any of the
    VMs. The Service Provider plans a live migration of VMs to manage data center resources.
    Which strategy should be used to support live migration?

 Migrate both VoLTE BSS and VoLTE VNF at the same time
 Migrate VoLTE VNF but ensure VoLTE BSS is NOT migrated
 Migrate the VoLTE BSS but ensure VoLTE VNF is NOT migrated
 Migrate both VoLTE BSS and VoLTE VNF in sequence

A

Migrate the VoLTE BSS but ensure VoLTE VNF is NOT migrated

68
Q
  1. A Service Provider needs to create a network service that contains an Intrusion Detection System (IDS) to
    detect malicious traffic. The network uses OpenFlow switches.
    Solution requirements:
    • Minimize delay for user traffic
    • Minimize processing load on the IDS system
    How should the Service Provider implement the IDS system?

 Deploy the ISD as bump-in-the-wire network device
 Install OpenFlow rules to mirror all user traffic to the IDS system
 Use Switched Port Analyzer (SPAN) port to mirror all traffic to the IDS system
 Install OpenFlow rules to mirror selected traffic to the IDS system

A

Install OpenFlow rules to mirror selected traffic to the IDS system

69
Q
  1. A Service Provider deploys VNFs from various vendors to build a single Service Function Chain (SFC). A
    software upgrade on one of the VNFs (VNF A) is planned. The Service Provider is building a testbed to test the
    new version of VNF A to minimize interoperability issues.
    How should the Service Provider build the testbed?

 All VNFs in the chain
 Only the VNFs adjacent to VNF A in the SFC
 VNF A and VNFs adjacent to VNF A in the SFC
 VNF A only

A

All VNFs in the chain

70
Q
  1. A Service Provider is designing a Service Function Chaining (SFC) that includes a DPI VNF and a Load Balancer
    VNF. The DPI VNF looks into the payload of the subscriber packets to do traffic classification and appends an
    application ID to be delivered to the Load Balancer VNF using either inband metadata or out-of-band metadata.
    The Load Balancer VNF will use the application ID to steer a packet into a link that is assigned to that application
    ID.
    The following information must be considered:
    • Total network delay between DPI VNF and Load Balancer VNF for subscriber packets must not exceed 1 ms
    • Total network delay for out-of-band metadata including the insert of metadata into a local cache at Load
    Balancer VNF is 2 ms
    • Total number of possible values of application IDs is 5000
    • VLAN tag is 12 bits
    • MPLS label is 20 bits
    Which design should the Service Provider use to map the application ID?

 Inband metadata mapping into a MPLS label
 Inband metadata mapping into a VLAN tag
 Out-of-band and inband metadata
 Out-of-band metadata

A

Inband metadata mapping into a MPLS label

71
Q
  1. A Service Provider carries various traffic types: email, voice, video, and web. The Service Provider introduces
    SDN and NFV service chaining to improve its business model. Each traffic type is routed through its appropriate
    service chain. For example, the email service chain includes virus, spam, and phishing detection. The web traffic is
    routed through a chain that includes virus scanning and an Application Delivery Controller (ADC).
    What should follow the edge router at the customer premises to implement this NFV service chaining?

 A DPI service that marks traffic according to the traffic type
 A Layer 2 switch that switches the traffic to a different port according to its VLAN
 An SDN controller that creates the appropriate service chain according to the traffic type
 Virus, spam, phishing detection and then virus scanning and ADC\

A

A DPI service that marks traffic according to the traffic type

72
Q
  1. The operator wants to deploy the service chain shown.
    in —> VNF1 —(W)—VNF2—(X)—VNF4 —> out
    | |
    | |
    (Y)—VNF3—-(Z)
    To avoid customer dissatisfaction, the operator defines performance constraints. One constraint is the network
    delay through the service chain. A processing delay of 3 ms per VNF occurs.
    Which combination of link delays satisfies a delay limit of 20 ms for the whole service chain?
     W: 5 ms, X: 5 ms, Y: 1 ms, and Z: 2 ms
     W: 4 ms, X: 4 ms, Y: 3 ms, and Z: 3 ms
     W: 8 ms, X: 2 ms, Y: 2 ms, and Z: 3 ms
     W: 3 ms, X: 9 ms, Y: 2 ms, and Z: 1 ms
A

W: 5 ms, X: 5 ms, Y: 1 ms, and Z: 2 ms

73
Q
  1. Why do Service Providers offer SD-WAN services with Quality of Service utilizing MPLS and Public Internet?

 Because SD-WAN can steer network traffic over multiple paths
 Because Public Internet has the same characteristics as MPLS
 Because SD-WAN enables Class of Service over the Public Internet
 Because SD-WAN eliminates queuing that exists in traditional WAN networks

A

Because SD-WAN can steer network traffic over multiple paths

74
Q
  1. An SD-WAN is deployed using different transport technologies:
    • A low-cost Internet access that provides best-effort transport for traffic (bandwidth of 40 Mbps and expected
    average delay of 30 ms)
    • Premium MPLS transport that provides guaranteed traffic (bandwidth of 10 Mbps and delay below 10 ms)
    The following traffic types are expected to cross the SD-WAN. Each traffic type has SLAs such as bandwidth and
    packet delay:
    [1] Business critical applications (packet delay < 5 ms)
    [2] Voice and video communications (packet delay < 50 ms)
    [3] Social media and web content (packet delay < 10 ms)
    [4] Backup of branch-office data (packet delay < 70 ms)
    [5] Guest WiFi (packet delay < 100 ms)
    A client must make sure the SD-WAN system uses both transport options.
    What is the most cost-efficient way to transport the traffic?

 Traffic type 1 and 3 to MPLS and the other types to the Internet
 Traffic type 2 and 3 to MPLS and the other types to the Internet
 Traffic type 3 and 5 to MPLS and the other types to the Internet
 Traffic type 2 and 4 to MPLS and the other types to the Internet

A

 Traffic type 1 and 3 to MPLS and the other types to the Internet

75
Q
  1. Which OpenStack project has orchestration capabilities?
    a. Heat
    b. Horizon
    c. Sahara
    d. Cinder
A

A. HEAT

76
Q
  1. There are many initiatives and platforms implementing SDN features. Also, there are now various implementations of SDN in the data center environments. The three main flavors are: Open SDN, SDN by APIs and SDN via overlays.
    Which of the following describes SDN via APIs?

a. SDN implementation where controller programs, control plane of device thru legacy interfaces (SNMP, CLI, RADIUS) or newer interfaces (NETCONF/YANG, REST, XMPP, BGP-LS, PCEP)
b. SDN implementation where virtualized networks are erected on top of existing infrastructure
c. SDN implementation where network devices are programmable and control is centralized, controller communicates to network devices using only the standard protocol OpenFlow

A

SDN implementation where controller programs,
control plane of device thru legacy interfaces (SNMP, CLI, RADIUS) or newer interfaces (NETCONF/YANG, REST, XMPP, BGP-LS, PCEP)

77
Q
  1. Which role does OpenStack serve in SDN?
    a. vRouter
    b. Orchestrator
    c. Controller
    d. Gateway
A

b. Orchestrator

78
Q
  1. In an NFV environment, what is the role of an SDN controller?

a. Dynamically controls all of the software components
b. Spins up the VMs that are required to build the NFVs
c. Dynamically scales up and scales down VM resources
d. Connects the virtualized networking devices through a common policy-based model

A

D. Connects the virtualized networking devices through a common policy-based model

79
Q
  1. What is the function of an NFV Orchestrator (NFVO)?

a. It manages the infrastructure.
b. It manages the NFVI compute, storage, and network resources in the cloud data center.
c. It coordinates the life cycle of VNFs that jointly instantiate a network service.
d. It is responsible for service life-cycle management, including instantiating, scaling, upgrading, downgrading, modifying, and terminating VNFs.

A

d. It is responsible for service life-cycle management, including instantiating, scaling, upgrading, downgrading, modifying, and terminating VNFs.

80
Q
  1. What are the two advantages of SDN? Choose 2.

a. Programmability
b. Centralized management
c. Static networking
d. Decentralized management

A

a. Programmability

b. Centralized management

81
Q
  1. You want to rapidly deploy elastic Layer 3 through Layer 7 services in a data center. What would be used to accomplish this task?

a. NFV
b. MPLS
c. VPLS
d. VXLAN

A

a. NFV

82
Q
  1. Listed below are some descriptions of the relevant efforts made by IETF for network operations in the SDN world:

1) provides mechanisms to install, manipulate, and delete configuration of network devices; use XML-based data encoding; operations realized as RPCs
2) data modeling language used to model configuration and state data
3) provides a programmatic interface over HTTP for accessing data
Match the list above with the corresponding protocol.

a. 1)NETCONF; 2)YANG; 3)RESTCONF
b. 1)YANG; 2)NETCONF; 3)RESTCONF
c. 1)NETCONF; 2)RESTCONF; 3)YANG
d. 1)RESTCONF; 2)YANG; 3)NETCONF

A

d. 1)RESTCONF; 2)YANG; 3)NETCONF

83
Q
  1. Which two statements about SDN and NFV are true? Choose two.
    a. SDN decouples network services from hardware appliances so they can run in software.
    b. SDN separates network control and forwarding functions and provides a centralized view of the network.
    c. NFV decouples network services from hardware appliances so they can run in software.
    d. NFV separates network control and forwarding functions and provides a centralized view of the network
A

B. SDN separates network control and forwarding functions and provides a centralized view of the network.