Test 1 Flashcards
What are structured data forms that are possible for use with RESTCONF as defined by YANG?
XML
JSON
Explanation
RESTCONF uses structured data (XML or JSON) and YANG to provide a REST-like APIs, enabling you to programmatically access different network devices. RESTCONF APIs use HTTPs methods.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/169/b_169_programmability_cg/restconf_programmable_interface.html
Your enterprise has invested in six Firepower NGFWs to help protect the network and end systems. What is the most powerful method of managing these systems?
FMC
The Firepower Management Center (FMC) is the recommended tool, especially when multiple devices are to be managed. Local management of a single system is possible using the FDM, if desired.
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp1010/firepower-1010-gsg/ftd-fmc.html
What decimal value is used for EF traffic marking in DSCP?
46
Explanation
101 110 are the markings for DSCP for EF traffic. This has a value of 46.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_0/qos/configuration/guide/nexus1000v_qos/qos_6dscp_val.pdf
statements regarding Access Control Lists in Cisco networking
Explanation
There are two incorrect statements here that you should not have chosen. The entry at the “end” of an ACL is an implicit DENY ALL, not a PERMIT ALL. You do not typically place a standard ACL close to the source of traffic as your only criteria is source address. You are most likely going to prevent the node from communicating with a wide variety of services. Extended ACLs can go close to the source of traffic more easily as they can be very precise in what they are filtering.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-create-ip-apply.html
What is is a core post-infection detection technology of Cisco AMP?
Explanation
There are four post-infection technologies - Cognitive Threat Analytics, Device Flow Correlation, Cloud Indication of Compromise, and Endpoint IOC.
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/amp-for-endpoints/white-paper-c11-740980.pdf
Cisco’s approach to location services in wireless LANs is to call upon a mapping of different areas that includes information on signal attenuation in the actual areas of the enterprise. What is this approach called?
Cisco RF Fingerprinting refers to a new and innovative approach that significantly improves the accuracy and precision available with traditional signal strength lateration techniques. Cisco RF Fingerprinting offers the simplicity of an RSSI-based lateration approach with customized calibration capabilities and improved indoor performance.”
Reference: https://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob30dg/Locatn.html
If you want to incorporate the status of an interface in HSRP, what keyword is critical?
track
You can use object tracking to incorporate the status of an interface in the HSRP calculations. For example: standby 10 track 1 decrement 20 In this configuration, there could be an object tracker (ID 1) that is tracking the interface status. Downing of the interface decrements priority by 20.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/15-mt/iap-15-mt-book/iap-eot.pdf
What does NETCONF use for the transport stack?
SSH/TCP
NETCONF uses SSH/TCP as the transport stack. SNMP uses UDP as transport.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cns/configuration/15-mt/cns-15-mt-book/netconf-sshv2.html
In Layer 3 roaming, what markings are used in order to facilitate successful communications following the wireless client roam?
ANCHOR
FOREIGN
In layer 3 roaming, the original controller marks the client with an “Anchor” entry in its own client database. The database entry is copied to the new controller client database and marked with a “Foreign” entry in the new controller.
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/overview.html
Which of the following FHRPs offers the lowest administrative overhead in a configuration that supports both HA and high performance?
GLBP
The Gateway Load Balancing Protocol features a simple configuration that can take advantage of load balancing using a variety of approaches and optimizations.
REFERENCE: https://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html
You are having issues with the BGP routing in your Enterprise. What is the second component of the BGP Best Path Selection Algorithm?
Highest Local_pref
The first attribute analyzed is WEIGHT. Larger is better. The second step is the largest LOCAL_PREF.
REFERENCE: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html
What component of the SD-WAN solution from Cisco Systems distributes routes and policy information via OMP?
vSmart - “This software-based component is responsible for the centralized control plane of the SD-WAN network. It maintains a secure connection to each WAN Edge router and distributes routes and policy information via the Overlay Management Protocol (OMP), acting as a route reflector. It also orchestrates the secure data plane connectivity between the WAN Edge routers by reflecting crypto key information originating from WAN Edge routers, allowing for a very scalable, IKE-less architecture.”
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
What component of the SD-WAN solution from Cisco Systems distributes routes and policy information via OMP?
You have a Cisco AP set to bridge mode. You have just performed a factory reset of the device. What mode is the AP in after the reset?
Bridge
“If the AP is in Bridge mode, then the same Bridge mode is retained after the factory reset of the AP; if the AP is in FlexConnect, Local, Sniffer, or any other mode, then the AP mode is set to Local mode after the factory reset of the AP. If you press the Reset button on the AP and perform a true factory reset, then the AP moves to a cookie configured mode.”
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/managing_aps.html
You are examining the configuration of a AAA method list on your Cisco router. You notice that the method list ends with the keyword none. What does this indicate?
When configuring a route map that modifies the MED value of a BGP prefix, what keyword is used for MED in the set statement?
You have configured a stub area in your OSPF network. What OSPF LSAs are dynamically filtered from appearing in the stub area? (Choose 2)
The stub area filters Type 4 and Type 5 LSAs. Remember, the Type 4 LSA defines the ASBR in the network, and the Type 5 LSAs are for the external prefixes.
REFERENCE: https://www.ajsnetworking.com/ospf-lsa-types/
You have client systems in the 10.10.10.0/24 subnet that need to be permitted access to an internal webserver at 10.20.20.100. Which permit entry for an ACL correctly defines this?
Permit tcp 10.10.10.0. 0.0.0.0.255 host 10.20.100 eq443
Here the traffic to filter is TCP. The source of the traffic is the subnet 10.10.10.0/24. Note the use of the host keyword to simplify the destination definition. Here we specify the 443 (HTTPS) port on the webserver to be granular with the permissions.
REFERENCE: https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html
In order to virtualize a workload recently, you had to install software on your Mac OS, and then install the virtual machine. What type of hypervisor is in use here?
Type 2
Type 1 hypervisors do not need to be installed within an OS. They can install on top of the “bare metal”. Type 2 hypervisors must be installed in an OS.
REFERENCE: https://searchservervirtualization.techtarget.com/definition/hosted-hypervisor-Type-2-hypervisor#:~:text=A%20Type%202%20hypervisor%2C%20also,Type%201%20and%20Type%202.
Several tests in the IP SLA feature require specialized software on the IP target system. What is this software called?
IP SLA responder
Some tests require the target to feature the IP SLA Responder feature. Note that many tests do not require this and the target can be any IP host on the network.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_overview-0.html
Which are valid reasons your OSPF speakers are stuck in the Exstart/Exchange state? (Choose 3)
Access list blocking the unicast packet
Both routers have the same RID
Mismatched MTU settings
A stub flag mismatch or an authentication failure would not result in a stuck state. REFERENCE: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13684-12.html#neighbors
You are curious about how Ansible is able to access and configure a remote node. What protocol is used for this?
SSH
Ansible is agentless. It does not need to install special software on the managed node. SSH is required to access and configure the remote device. REFERENCE: https://docs.ansible.com/ansible/latest/user_guide/connection_details.html
Which of the following syslog severity levels are considered more severe than WARNINGS? (Choose 2)
Errors
Warnings
Debugging are level 7 and are considered the least severe. Emergencies are level 0 and are the most severe.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html
When you are engaging in traffic engineering in BGP, you use the following regular expression syntax in your route map:
^65000$
What does this match?
Prefixes that have originated in the AS 65000
This regular expression matches those AS paths that begin (far right) with AS 65000. This position in the AS path indicates the prefix originated from that AS.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mt-book/irg-external-sp.html#GUID-BDECC44A-630D-4E5B-9FEC-7FC4ACE6130F
What technology permits the Cisco ISE to share key information (such as TrustSec data) with other Cisco and non-Cisco devices in your Enterprise solutions?
PxGrid
“A Cisco ISE node with pxGrid persona shares the context-sensitive information from Cisco ISE session directory with other network systems such as ISE ecosystem partner systems and Cisco platforms. The pxGrid framework can also be used to exchange policy and configuration data between nodes like sharing tags and policy objects. TrustSec information like tag definition, value, and description can be passed from Cisco ISE to other Cisco management platforms such as Cisco DNA Center and Cisco Stealthwatch.”
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
valid considering fabric-mode access points in the SD-Access solution
They must connect directly to the fabic edge node or the extended node switch
The AP is in Local mode
These APs will still use CAPWAP tunnels to the WLC. They will be in local mode. They will directly connect to the fabric edge node. These APs can still honor the access and QoS policies like normal.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
Python commands are often used in exception handling
Except
Try
The try and except commands are used together in a clause in order to help with exception handling. The commands work as follows: if no exception occurs, the except clause is skipped and execution of the try statement is finished.
REFERENCE: https://docs.python.org/3/tutorial/errors.html
You are interested in providing your WLC address to your Lightweight Access Point using DHCP. What option is used for this?
Option 43 in DHCP can carry the WLC IP address for the lightweight APs to call upon.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/1000/installation/guide/1000hig4/1000h_f.pdf
commands would be the most useful for monitoring CoPP
Show Policy-map control-plane
Remember, like policing under DiffServ, you use a class-map, policy-map, and service-policy approach to the configuration. Here, we use the show policy-map control-plane command to review the CoPP configuration.
Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/control_plane_policing_copp.pdf
Examine the configuration shown:
switch(config)# ntp access-group peer accesslist1
What keyword can you use in this command in order for the local device to receive time requests and NTP control queries from the servers specified in the access list but not to synchronize itself to the specified servers?
Serve
The serve keyword enables the device to receive time requests and NTP control queries from the servers specified in the access list but not to synchronize itself to the specified servers.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_3ntp.html#93976
In which OSPF router state does the DBD packet play a key role?
Exchange
In the exchange state, OSPF routers exchange database descriptor (DBD) packets. The contents of the DBD received are compared to the information contained in the routers link-state database to check if new or more current link-state information is available with the neighbor.
REFERENCE: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13685-13.html
What keyword indicates PAT is in use with a NAT configuration on a Cisco router?
Overload
The overload keyword is an easy indicator for the presence of PAT in the NAT configuration. For example:
ip nat inside source list 1 interface gi0/0 overload
Reference: https://www.cisco.com/c/en/us/support/docs/long-reach-ethernet-lre-digital-subscriber-line-xdsl/asymmetric-digital-subscriber-line-adsl/12905-827spat.html
What REST API response code would you expect to see if there was a problem with authorization during the REST API usage?
401
Remember, the 200 codes are for various successes. The 400 codes involve client issues, while the 500 codes involve server-side issues. Here, the most likely code would be 401 - UNAUTHORIZED.
REFERENCE: https://restfulapi.net/http-status-codes/
three statements about FlexConnect are true
It is used with wireless and branch offices
This was formerly called H-REAP
The AP can operate with a controller or without a controller (if necessary)
This tech was called H-REAP before. It is used with poor links to branch offices. It permits the WLC to not be available and have the APs still be able to accommodate clients.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/cg/cg_flexconnect.html
two of the following statements about wireless SSIDs
The SSID is typically broadcast throughout the Enterprise by default
The SSID must be manually configured if not broadcated
Most devices will default to a broadcast of the SSID for all clients to see.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-7/config-guide/b_cg87/wlans.html#ID72
Which type of WiFi antenna is not directional?
Dipole
The Yagi, Dish, and Patch antenna types are all considered directional. REFERENCE: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.html
What defines the data structures used by NETCONF and RESTCONF?
YANG
YANG is a standards based data modeling language used to create device configuration requests or the requests for operational (show command) data. It has a structured format similar to a computer program that is human readable. Several applications are available that can be run on a centralized management platform (for example a laptop) to create these configuration and operational data requests.
REFERENCE: https://www.cisco.com/c/en/us/support/docs/storage-networking/management/200933-YANG-NETCONF-Configuration-Validation.html
You want to use an interface on the Firepower NGFW for the exclusive use of syslog monitoring. You want to ensure this interface cannot be used for data traffic and does not support SSH connections. What interface should you use?
The diagnostic interface is used for this purpose.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/interface_overview_for_firepower_threat_defense.html#concept_9C4E970171294952B654154256F1A676
What STP tuning mechanism allows you to control the alternate port selection and is configured upstream of where you want to make the change?
You can use the STP port priority value to influence the alternate port selection. With this command, a lower value is a preferred. The default value is 128.
REFERENCE: https://www.ciscopress.com/articles/article.asp?p=2995351&seqNum=2
What SD-WAN component performs the initial authentication of WAN edge devices?
The vBond orchestrator is the central component for authentication of the SD-WAN components. Remember, to ensure security, the connections between the SD-WAN devices are protected with DTLS.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
You want to improve the performance of roaming in your FlexConnect infrastructure. Specifically, you want to employ the Fast Transition feature. What technology permits this?
“802.11r introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP, which is called Fast Transition (FT). The initial handshake allows the client and APs to do the Pairwise Transient Key (PTK) calculation in advance. These PTK keys are applied to the client and AP after the client does the reassociation request or response exchange with new target AP. In a FlexConnect Deployment scenario, 802.11r BSS FT roaming is supported between APs within the same FlexConnect group. To enable seamless roaming, the 802.11r Key Cache is distributed to all the APs in the same FlexConnect Group. The Key Cache distribution is done by the WLC after the client device does the initial FT association through Central Authentication.”
REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
What is the role played by the default gateway that is responsible for ensuring load balancing in GLBP? This device can be configured for the load balancing technique used.
The Active Virtual Gateway (AVG) is responsible for the load balancing, as well as how the load balancing will take place. This system can also simultaneously be an Active Virtual Forwarder (AVF) system.
Reference: https://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html
What is the top level of the Cisco DNA Center network hierarchy?
The network hierarchy consists of Sites, Buildings, and Floors. Sites can contain other sites. Be sure to spend some time with the sandbox DNA center that is available from Cisco DevNet.
Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3/user_guide/b_cisco_dna_center_ug_1_3/b_cisco_dna_center_ug_1_3_chapter_0110.html
In which component of Flexible NetFlow would you find the specification of the Flow Record?
The main Flexible NetFlow components are the Flow Monitor, the Flow Exporter, the Flow Sampler, and the Flow Record. The Flow Record is referenced in the Flow Monitor. The Flow Monitor is the component that is applied to an interface and be considered the component that is actually doing the network monitoring.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-16/fnf-xe-16-book.html
What technology uses HTTP methods to provide CRUD operations on a conceptual datastore containing YANG-defined data?
Note that RESTCONF is not really a replacement for NETCONF. It uses principles of NETCONF and adds the HTTP functionality. REFERENCE: https://tools.ietf.org/html/rfc8040
What DiffServ QoS component is a combination of CBWFQ and PQ and is often used today in order to accommodate VoIP in the enterprise?
LLQ
Low Latency Queuing is the most modern congestion management approach in DiffServ. It uses a strict PQ for VoIP in a CBWFQ structure. The CBWFQ provides service for the many other forms of traffic.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_conmgt/configuration/xe-3s/qos-conmgt-xe-3s-book/qos-conmgt-llq-pps.pdf
The SNR in wireless networking is calculated using the transmit power and what other value?
NOISE Floor
The SNR is a calculation from the transmit power (or desired signal) and the noise floor. SNR calculations can be either simple or complex, and it depends on the devices in question and your available data.
REFERENCE: https://resources.pcb.cadence.com/blog/2020-what-is-signal-to-noise-ratio-and-how-to-calculate-it
You have decided to increase the availability of your WLC by using LAG on this device. The WLC connects to a Cisco Layer 3 switch. What mode should you use on the switch for the LAG with the WLC?
ON
You have decided to increase the availability of your WLC by using LAG on this device. The WLC connects to a Cisco Layer 3 switch. What mode should you use on the switch for the LAG with the WLC?
What is the size of the SGT field used in CTS?
The Cisco TrustSec solution uses security tags in its operation. These SGTs can be assigned in a variety of ways and can help you segment and secure traffic. This tag is 16 bits.
REFERENCE: https://www.cisco.com/c/dam/en/us/solutions/collateral/borderless-networks/trustsec/C07-730151-00_overview_of_trustSec_og.pdf
Which of the following protocols are most likely to be used in your REST API security
SHA-384
AES
Remember, REST APIs are protected with HTTPS. Two potential protocols, therefore, are AES and SHA-384.
Reference: https://en.wikipedia.org/wiki/Transport_Layer_Security
In the configuration of a ZBF in Cisco IOS, what is placed in the default zone?
Any interfaces that are not members of any zone
The default zone is for all interfaces that are not assigned to a zone.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/15-mt/sec-data-zbf-15-mt-book/sec-zone-pol-fw.html
Examine the configuration shown. Which statement regarding this configuration is false?
ip sla 12 udp-jitter 10.10.10.100 5000 frequency 10 exit ip sla schedule 12 start-time now life forever end
There are actually four data measurements given. There is per-direction jitter, per-direction packet-loss, per-direction delay, and the round-trip delay.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/xe-16/sla-xe-16-book.html
statement about traffic policing and shaping is true?
Traffic policing can be a single or dual rate. It can also involve three actions or colours. These are dropping, remarking, or sending.
Reference: https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html
You have discovered that your two VRRP devices are configured with the same priority value of 100. What determines the election of the virtual router master?
You have discovered that your two VRRP devices are configured with the same priority value of 100. What determines the election of the virtual router master?
If both VRRP routers are configured with the priority of 100, the virtual router backup with the higher IP address is elected to become the virtual router master.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3se/3850/fhp-xe-3se-3850-book/fhp-vrrp.pdf
example of the Northbound APIs used with Cisco DNA Center?
“The Intent API is a Northbound REST API that exposes specific capabilities of the Cisco DNA Center platform. The Intent API provides policy-based abstraction of business intent, allowing focus on an outcome rather than struggling with individual mechanisms steps. The RESTful Cisco DNA Center Intent API uses HTTPS verbs (GET, POST, PUT, and DELETE) with JSON structures to discover and control the network.
Reference: https://developer.cisco.com/docs/dna-center/#!cisco-dna-center-platform-overview/cisco-dna-center-platform-overview
What QoS DiffServ component seeks to buffer traffic above a defined threshold?
Traffic shaping seeks to buffer traffic above the defined threshold. Traffic policing is similar, but the default action is to drop traffic above the threshold.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_dfsrv/configuration/15-mt/qos-dfsrv-15-mt-book/qos-dfsrv.html
What QoS DiffServ component seeks to buffer traffic above a defined threshold?
What is the main function of an alternate port in RSTP?
The alternate port can quickly replace the root port in an event of a failure or other type of topology change in the network. This type of functionality had previously been provided to 802.1D thanks to the Cisco invention of UplinkFast.
Reference: https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146.html
You are experiencing an issue with one of your devices in your Cisco wireless LAN. There is an AP that you have sent Option 43 information to using your DHCP server. You have just discovered that this AP is using a WLC that you did not specify with the Option 43 information. What is the most likely reason that this is happening?
Remember, the AP will use what it has been primed with first. It will then try Option 43 settings. If this does not work either, it will send broadcasts for its WLC.
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/ap_connectivity_to_cisco_wlc.html
True / false regarding traffic shaping versus traffic policing?
Traffic shaping is applicable to both inbound and outbound traffic if required
False
Only traffic policing can be configured for inbound and outbound traffic flows.
Reference: https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html
You are preparing to add a new node to your Cisco DNA Center cluster. What command should you run to verify your configuration before adding the new node?
maglev packages status
Before adding a new node to the cluster, be sure that all the installed packages are deployed on the primary node. You can check this by using SSH to log in to the primary node’s Cisco DNA Center Management port as the Linux User (maglev) and then running the maglev package status command. All the installed packages should appear in the command output as DEPLOYED.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3-3-0/install_guide/2ndGen/b_cisco_dna_center_install_guide_1_3_3_0_2ndGen/b_cisco_dna_center_install_guide_1_3_2_0_M5_chapter_0100.html
What form of QoS is most likely to cause TCP retransmissions?
Traffic policing will often be set to drop traffic above a defined threshold. The dropped traffic will cause TCP retransmissions. REFERENCE: https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html
Which of the following OSPF network types each uses a DR and BDR in their operation? (Choose 2)
broadcast
Non Broadcast
Note that the broadcast and non-broadcast network types for OSPF are compatible. This is because they each use a DR/BDR in their operation.
REFERENCE: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7039-1.html
Examine the JSON sample shown here. What data type is used with the key of Models?
{“Device”: “RGD12”,”Units”: 12,”Inuse”:true,”Models”:[“1250”,”1350”,”1375”]}
Array
This is the array data type. An array is an ordered collection of values. They begin with [ (left bracket) and end with ] (right bracket). The values are separated by , (commas).
REFERENCE: https://restfulapi.net/json-data-types/
When you issue the command show ip vrf, which of the following is not a column shown?
Examine the commands shown here. When might this command be most useful?
line con 0
logging synchronous
What technology available for the LAN today is similar to IPsec but operates at Layer 2?
MACsec allows unauthorized LAN connections to be identified and excluded from communication within the network. In common with IPsec and TLS, MACsec defines a security infrastructure to provide data confidentiality, data integrity, and data origin authentication. By assuring that a frame comes from the station that claimed to send it, MACSec can mitigate attacks on Layer 2 protocols.
REFERENCE: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.html
What Cisco security product uses Encrypted Traffic Analytics (ETA) telemetry in order to help with advanced security analytics regarding traffic in your enterprise?
Cisco Stealthwatch
Cisco Stealthwatch provides enterprise-wide network visibility and applies advanced security analytics to detect and respond to threats in real-time. Stealthwatch uses a combination of behavioral modeling, machine learning, and global threat intelligence. It also can analyze encrypted data using ETA.
Reference: https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch/datasheet-c78-739398.html
When using Cisco DNA Center, templates you create with the Template Editor are associated with what DNA Center component?
Network Profiles
“Before provisioning the template, ensure that the templates are associated with a network profile and the profile is assigned to a site.”
Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3/user_guide/b_cisco_dna_center_ug_1_3/b_cisco_dna_center_ug_1_3_chapter_0111.html
What value is often used to measure the strength of the WiFi signal?
RSSI - Received Signal Strength Indicator
Want to measure the strength of the signal that your client is receiving? The received signal strength indication value seeks to permit this. The greater the number, the stronger the signal.
REFERENCE: https://en.wikipedia.org/wiki/Received_signal_strength_indication
What SD-Access device is responsible for de-encapsulating LISP traffic for transport to non-LISP sites?
PETR
The Proxy Egress Tunnel Router would be responsible for LISP de-encapsulation and transport to a non-LISP site. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-cfg-lisp.html
What SD-Access device is responsible for Encapsulating LISP traffic for transport to non-LISP sites?
PITR
The Proxy Egress Tunnel Router would be responsible for LISP de-encapsulation and transport to a non-LISP site. REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-cfg-lisp.html
What SD-Access device is responsible for de-encapsulating LISP traffic for transport to non-LISP sites?
Which element of the SD-WAN solution from Cisco Systems represents the controller responsible for the management of the solution?
vSmart
The important word here is controller. The SD-WAN uses the vSmart controller for the management of the devices. The vManage tool provides the GUI. REFERENCE: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
Examine the syslog message shown. What does the component of LINEPROTO represent?
00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
The Severity
Beginning with LINEPROTO - we have the facility, the severity, the mnemonic, and the description.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html
Which automation tool is agentless and uses a push model?
Ansible is known for its simplicity and the fact that it is clientless and uses a push model. Ansible relies on SSH to send automation instructions to remote nodes.
Reference: https://www.ansible.com/resources/get-started
Does NTP use TCP port 123 in its operation, True / False?
False
NTP relies upon UDP for its operation.
Reference: https://www.cisco.com/c/en/us/td/docs/iosxr/ncs560/timing-and-sync/70x/b-network-sync-70x-ncs560/implementing_ntp.pdf
You have a user in your network that has an expired token for use with OAuth and your REST API. What response code is returned from the appliance based on the expired token?
401
In this case, the device returns a 401 error - this error indicates that the user is unauthorized.
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/ftd-api/guide/ftd-rest-api/auth-ftd-rest-api.pdf
Is SSH an Authentication Key Management option for WLAN security, True / False?
False - SSH is for remote connections that are secure. All the other options listed are valid options for WLAN security.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-7/config-guide/b_cg87/wlan_security.html
Correct answers are PSK, CCKM (Cisco Centralized Key Management) , 802.1x
What is the multicast address used by HSRPv2?
To match the HSRP group number to the VLAN ID of a subinterface, HSRPv2 can use a group number from 0 to 4095 and a MAC address from 0000.0C9F.F000 to 0000.0C9F.FFFF. HSRPv2 uses the multicast address 224.0.0.102 to send hello packets. HSRPv2 and CGMP leave processing are no longer mutually exclusive, and both can be enabled at the same time. HSRPv2 has a different packet format than HRSPv1.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swhsrp.html
least likely reasons your enterprise might choose to increase virtualization in the data center
Increased Security
Reduced MAC and IP address requirements
Virtualization, by itself, will not inherently improve the security of the enterprise. Also, you still require MAC addresses and IP addressing in the virtualized environment.
REFERENCE: https://www.cisco.com/c/en/us/solutions/enterprise-networks/what-is-virtualization.html
statements are correct regarding the RP in multicast
PIM-SM requires an RP
RP is only needed (by default) to start sessions with sources and receivers
The RP can be configured manually, or with AUTO-RP or BSR. Also, note that PIM-DM did not use a concept of an RP.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/ip_multicast/White_papers/rps.
What command do you use to configure SSH version 2?
Using the command ip ssh version 2 forces the router to only accept SSH version 2 connections.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-v2.html
What is the ACL entry to permit the 172.16.0.0/21 subnet?
Permit 172.16.0.0 0.0.7.255
Notice the wildcard mask here for the /21 - in binary it is: 00000000.00000000.00000111.11111111
REFERENCE: http://www.subnet-calculator.com/subnet.php?net_class=B
Which of the following EtherChannel mode combinations will form an EtherChannel?
If you want to do traffic analysis against wireless clients in an area of your Enterprise using Wireshark, what AP mode should you consider using?
Sniffer
Explanation
“The access point starts sniffing the air on a given channel. It captures and forwards all the packets from the clients on that channel to a remote machine that runs Airopeek or Wireshark (packet analyzers for IEEE 802.11 wireless LANs). It includes information on the time stamp, signal strength, packet size, and so on.”
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/cg/cg_lwap.html
Which LISP device is responsible for finding EID-to-RLOC mappings for all traffic destined for LISP-capable sites?
All of these are valid roles within the LISP architecture. The Ingress Tunnel Router (ITR) has the job of locating the correct mappings when receiving requests that are destined for the LISP site.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html
Which of the following is not a typical traffic flow that is identified in a heavily virtualized, modern, SDN in the modern data center?
It is not typical for us to define host to controller traffic flows, or controller to server.
Reference: https://www.optcore.net/do-you-know-the-data-center-network-architecture/
examples of directional antenna?
Sector
Patch
Yagi
The collinear and dipole are both examples of omnidirectional antenna.
Reference: https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.html
You need to create a function in order to script the required automation in your Cisco network solution. How is a function enumerated in Python?
def "The keyword def introduces a function definition. It must be followed by the function name and the parenthesized list of formal parameters. The statements that form the body of the function start at the next line, and must be indented."
Reference: https://docs.python.org/3/tutorial/controlflow.html#defining-functions
You are interested in using a new security model in your Enterprise network; one that is not based strictly on Layer 2 or Layer 3 addressing. What component of the SD-Access solution accommodates this?
SGTs in CTS
Security Group Tags in Cisco TrustSec offer many flexible methods of categorization and segmentation.
REFERENCE: https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Software-Defined-Access-Segmentation-Design-Guide-2018MAY.pdf
When configuring a route map that modifies the MED value of a BGP prefix, what keyword is used for MED in the set statement?
Metric
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mt-book/irg-external-sp.html#GUID-C62D6C7A-BE13-493C-9BFB-171CBAE04627
statements regarding VRRP are true
VRRPv3 adds support of IPv6
VRRP uses 224.0.0.18 for communications
Preemption is the default in VRRP and the priority value ranges from 0 to 255.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3s/fhp-xe-3s-book/fhp-vrrp.html
VXLAN is the data plane technology chosen for the SD-Access solution. Note that it is actually VXLAN will several modifications to accommodate the components of the SD-Access solution. LISP serves at the control plane, while CTS (Cisco TrustSec) is the policy plane.
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
Examine the commands shown here. When might this command be most useful?
line con 0
logging synchronous
When debugging
When you are typing commands in at the IOS CLI, you can have debug output interrupt your typing. The logging synchronous commands under the console line permits the integration of those messages with your command work. This command is considered a must have for most administrators.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swlog.html
This is an example of the layout of a policy that is calling upon Cisco TrustSec. Remember, you can have CTS as a result of the ISE in your SD-Access solution.
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/at_a_glance_c45-726831.pdf
EtherChannel mode combinations will form an EtherChannel?
The PAgP modes are auto and desirable. LACP are active and passive. Finally, the static mode is on.
on/on
active/passive
auto/desirable
REFERENCE: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swethchl.html
