Part_11 Flashcards
Question 1
Router R1 must be configured as a UDP responder on port 6336. Which configuration accomplishes this task?
A. (config)#ip sla responder udp-echo ipaddress 10.10.10.1 port 6336
B. (config-if)#ip sla responder udp-port ipaddress 10.10.10.1 port 6336
C. (config)#ip sla responder ipaddress 10.10.10.1 port 6336
D. (config)#ip sla responder udp-echo ipv4 10.10.10.1 port 6336
Answer:A
Question 2
A network engineer wants to configure console access to a router without using AAA so that the privileged exec mode is entered directly after a user provide the correct login credentials. Which action achieves this goal?
A. Configure login authentication privileged on line con 0
B. Configure a local username with privilege level 15
C. Configure privilege level 15 on line con 0
D. Configure a RADIUS or TACACS+ server and use it to send the privilege level
Answer:C
Explanation
Putting theprivilege-level 15on the console is one way to work around the issue. And it works – as long as you are comfortable with the fact that everyone who logs in on the console will be immediately placed directly into privilege/enable mode.
Reference:https://community.cisco.com/t5/network-access-control/privileged-exec-at-line-con-0/td-p/1705892
We also tested both “login authentication privileged” and “privilege level 15” commands. Only the latter exists:
Question 3
Refer to the exhibit.
*Sep 16 09:13:40:974: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk GigabitEthernet0/0 VLAN0001.
*Sep 16 09:13:40:977: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking GigabitEthernet0/0 on VLAN0001. Inconsistent port type.
Two switches are interconnected using interface GigabitEthernet0/0 on both sides. While configuring one of the switches, a network engineer receives the logging message. Which action resolves this issue?
A. Shutdown interface GigabitEthernet0/0 and bring it back up
B. Configure interface GigabitEthernet0/0 as a trunk port
C. Block VLAN1 on the trunk interface GigaEthernet0/0
D. Configure interface GigabitEthernet0/0 as an access port
Answer:B
Question 6
Which virtual mac address does HSRP group 12 use?
A. 00:5e:0c:07:ac:12
B. 00:00:0c:07:ac:0c
C. 00:05:5e:00:0c:12
D. 05:43:97:80:88:1c
Answer:B
Question 7
How is OAuth framework used in REST API?
A. by providing the external application a token that authorizes access to the account
B. by providing the user credentials to the external application
C. as a framework to hide the security information in the REST URL
D. as a framework to hash the security information in the REST URL
Answer:A
Explanation
Auth0 generates access tokens for API authorization scenarios, in JSON web token (JWT) format. The permissions represented by the access token, in OAuth terms, are known as scopes. When an application authenticates with Auth0, it specifies the scopes it wants. If those scopes are authorized by the user, then the access token will represent these authorized scopes.
Reference:https://auth0.com/docs/authenticate/protocols/oauth
Question 9
A wireless administrator must create a new web authentication corporate SSID that will be using ISE as the external RADIUS server. The guest VLAN must be specified after the authentication completes. Which action must be performed to allow the ISE server to specify the guest VLAN?
A. enable NAC state
B. set AAA Policy name
C. enable AAA Override
D. set RADIUS Profiling
Answer:A
Explanation
ISE NAC
After the client completes the assessment,a RADIUS CoA-Req with reauth service is sent to the controller. This initiates reauthentication of the client (by sending EAP-START). Once reauthentication succeeds, the Cisco ISE sends an access accept message with a new ACL (if any) and no URL redirect, oraccess VLAN.
Reference:https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_0110001.pdf
Question 12
Which feature is available to clients using Layer 2 roaming in a wireless infrastructure?
A. Roam to a different wireless controller that is on a different subnet and maintain the same IP address.
B. Associate to a new access point on a different wireless controller and change the IP address without connectivity interruption.
C. Associate to a new access point on the same wireless controller and change the IP address without connectivity interruption.
D. Roam to a different wireless controller that shares the same subnet and maintain the same IP address.
Answer:D
Explanation
Layer 2 roaming happens when a user moves to another AP but stays on the same VLAN and the same IP subnet. As far as the user is concerned, nothing special has happened. The client isn’t notified that he is roaming. He also keeps his IP address, and all active transmissions stay active.
Reference:https://www.ccexpert.us/wireless-networks/the-layer-2-roaming-process.html
+ If the roaming takes place within a single controller -> Layer 2 intracontroller roaming
+ If the roaming takes place between two different wireless controllers -> Layer 2 intercontroller roaming
Both intracontroller roaming and intercontroller roaming allow the user to roam and remain on the same IP subnet.
-> Therefore this question mentioned about Layer 2 intercontroller roaming.
Question 13
What is one difference between the RIB and the FIB?
A. The RIB works at the data plane, and the FIB works at the control plane.
B. The RIB is known as the CEF table, and the FIB is known as the routing table.
C. The FIB contains routing prefixes, and the RIB contains the Layer 2 and Layer 3 information necessary to make a forwarding decision.
D. The RIB keeps all routing information received from peers, and the FIB keeps the minimum information necessary to make a forwarding decision.
Answer:D
Explanation
RIB is in Control plane (and it is not used for forwarding) while FIB is in Data plane (and it is used for forwarding) -> Answer A is not correct.
FIB, not RIB is known as the CEF table and we can view the FIB table with the “show ip cef” command:
-> Answer B is not correct.
The RIB is focused on Layer 3 information, such as network prefixes, next-hop IP addresses, and routing protocols, which are used to calculate and maintain the best path for data packets to reach their destinations. The RIB does not typically include Layer 2 information, such as MAC addresses or VLAN IDs, which are used for local network forwarding decisions -> Answer C is not correct.
TheRIBactually consists of three sections: a set of input databases (Adj-RIBs-In) thathold routing information received from peers, a local database (Loc-RIB) that contains the router’s current routes, and a set of output databases (Adj-RIBs-Out) used by the router to send its routing information to other routers.
Reference:http://www.tcpipguide.com/free/t_BGPRouteStorageandAdvertisementandBGPRoutingInform-2.htm
Forwarding Information BaseEntry definition: A single entry within a forwarding information base. This entry consists of theminimum amount of information necessary to make a forwarding decisionon a particular packet.
Reference:https://www.rfc-editor.org/rfc/rfc3222.html
-> Answer D is correct.
Question 15
Which language defines the structure or modeling of data for NETCONF and RESTCONF?
A. YAML
B. XML
C. JSON
D. YANG
Answer:D
Question 16
What is a benefit of YANG modules?
A. tightly coupled models with encoding to improve performance
B. easier multivendor interoperability provided by common or industry models
C. avoidance of ecosystem fragmentation by having fixed modules that cannot be changed
D. single protocol and model coupling to simplify maintenance and support
Answer:B
Question 17
What is the purpose of an integration API in Cisco DNA Center?
A. Allow the platform into approval chains in ITSM.
B. Enable external systems to take actions in response to an event.
C. Enable discovery and control of the network by using HTTPS verbs.
D. Obtain information about clients, sites, and topology from Cisco DNA Center.
Answer:A
Explanation
Integrationcapabilities are part of Westbound interfaces. To meet the need to scale and accelerate operations in modern data centers, IT operators require intelligent, end-to-end work flows built with open APIs. The Cisco DNA Center platform provides mechanisms for integrating Cisco DNA Assurance workflows and datawith third-party IT Service Management (ITSM) solutions.
IT Service Management (ITSM) minimizes handoffs, reduces duplication of issues, and optimizes processes by integrating the Cisco DNA Center platform into incident-management, change-management and problem-management systems. It also integrates the Cisco DNA Center platform into approval- and pre-approval chains, and it links the Cisco DNA Center platform with formal change- and maintenance-window schedules.
Reference:https://developer.cisco.com/docs/dna-center/#!cisco-dna-center-platform-overview/integration-api-westbound
Question 18
A customer requires their wireless network to be fully functional, even if the wireless controller fails. Which wireless design supports these requirements?
A. FlexConnect
B. mesh
C. centralized
D. embedded
Answer:A
Explanation
FlexConnect, formerly known asHybrid Remote Edge AP (H-REAP), mode: allows data traffic to be switched locally and not go back to the controller. The FlexConnect AP can perform standalone client authentication and switch VLAN traffic locally even when it’s disconnected to the WLC (Local Switched).
Question 19
Which two conditions occur when the primary route processor fails on a switch that is using dual route processors with stateful switchover? (Choose two)
A. Data forwarding can continue along known paths until routing protocol information is restored.
B. Data forwarding is stopped until the routing protocols reconverge after the switchover.
C. The standby route processor is fully initialized and state information is maintained.
D. User sessions are immediately recreated on the new active route processor.
E. The standby route processor initialization is started when the primary router processor fails.
Answer:A E
Explanation
The forwarding can continue despite the loss of routing protocols peering sessions with other peering routers. The now active route processor (which was the standby) willinitially have no active routing session(s) with any peers(no neighbors, link-state database, BGP table …), however it has an identical FIB and Adjacency information synced from the former Active route processor. Routing information is recovered dynamically, in the background, while packet forwarding proceeds uninterrupted using the FIB and Adjacency information synced from the former Active router processor.
Reference:https://www.networkers-online.com/blog/2008/11/cisco-and-nonstop-forwarding/
Question 21
In Cisco DNA Center, what is used to publish events and notifications to a third-party product such as IPAM?
A. intent API
B. southbound SDK
C. integration API
D. RESTful API
Answer:C
Explanation
+Westbound(Integration) APIs: provide the capability to publish the network data, events and notifications to the external systems and consume information in Cisco DNA Center from the connected systems. Through integration APIs, Cisco DNA Center platform can power end-to-end IT processes across the value chain by integrating various domains such as IT Service Management (ITSM), IP address management (IPAM), and reporting. By leveraging the REST-based Integration Adapter APIs, bi-directional interfaces can be built to allow the exchange of contextual information between Cisco DNA Center and the external, third-party IT systems.
Question 24
Which function does a virtual switch provide?
A. RAID storage for virtual machines
B. connectivity between virtual machines
C. CPU context switching for multitasking between virtual machines
D. emulation of power for virtual machines
Answer:B
Explanation
Hypervisors providevirtual switch(vSwitch) that Virtual Machines (VMs) use to communicate with other VMs on the same host. The vSwitch may also be connected to the host’s physical NIC to allow VMs to get layer 2 access to the outside world.
