Virtualization Flashcards

1
Q

What does consolidation ratio mean in the context of virtualization?

A

Consolidation ratio is the ratio of virtual servers to physical servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which type of hypervisor is most commonly used in enterprise production deployments?

A

Type 1, or bare-metal hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

From the hypervisor perspective, how is a virtual disk represented?

A

A virtual disk is represented as a file on the host-attached storage of a hypervisor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In network virtualization, what is the terminology given to the physical enterprise network that supports multiple logical overlay networks?

A

Underlay network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the software that makes server virtualization possible?

A

Hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What acts as the abstraction layer between the physical hardware and the guest operating system, which runs inside a virtual machine (VM)?

A

Hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A hosted hypervisor is also known as?

A

Type 2 hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which type of hypervisor provides better scalability and performance because it runs directly on top of the hardware and not inside another Windows or Linux operating system?

A

Type 1 hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

VMware ESXi, Microsoft Hyper-V, KVM, and Citrix Hypervisor are examples of which type of hypervisor?

A

Type 1 hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A type 2, or hosted, hypervisor runs inside what exactly?

A

Windows or Linux operating system installed on a physical host machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are some examples of type 2 hypervisors?

A

VMware Workstation, VMware Fusion, Parallels, and Oracle VirtualBox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is not an example of a type 1 hypervisor?

A. Citrix Hypervisor
B. VMware ESXi
C. Microsoft Hyper-V
D. VMware Fusion

A

VMware Fusion is a type 2 hypervisor that is built for use in a macOS environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is a benefit of having a higher server consolidation ratio?

A. Higher ROI
B. Higher power consumption
C. Allows for mixing of different hypervisor types
D. Allows for the creation of larger VMs

A

A. Higher ROI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Type 2 hypervisors are commonly deployed in what type of environment?

A

Test/development environments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is is a logical container that contains all the resources that an operating system requires for normal operation?

A

Virtual machine (VM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the components of a VM?

A

Its components include virtual CPU (vCPU), virtual memory, a virtual graphic adapter, and a virtual NIC (vNIC), among other resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the centralized management server responsible for managing multiple ESXi hosts?

A

vCenter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What typically contains an application and all the dependencies that the application needs to run and is physically smaller and more efficient than a VM?

A

A container

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following cannot be used to manage any VMware vCenter Server environment?

A. Flash-based vSphere Web Client
B. vSphere HTML5 Web Client
C. vSphere C# client
D. Microsoft Remote Desktop Protocol (RDP) client

A

D. Microsoft Remote Desktop Protocol (RDP) client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What term applies to the operating system that is installed within a virtual machine?

A

Guest operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

True or false: Memory can be overprovisioned in a virtualized environment deployment.

A

True. Memory can be overprovisioned. You can allocate more memory to VMs than you have installed on a physical host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does a VM vNIC connect to?

A

A VM vNIC connects to a virtual port on an internal switch called a virtual switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Can traffic flow directly from one vSwitch to another?

A

No. Due to this behavior of a vSwitch, there is no risk of a spanning tree loop within the virtual host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The grouping of ports is termed as what in a VMware ESXi environment?

A

a port group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a vSphere Distributed Switch (vDS) used for?

A

vDS is used for complex vSphere environments with requirements for advanced networking and high availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is an architectural approach that seeks to decouple individual network services such as access control lists (ACLs), Network Address Translation (NAT), quality of service (QoS), intrusion prevention systems (IPSs), intrusion detection systems (IDSs), Layer 3 routing, wireless LAN controllers (WLCs), and more from the underlying hardware?

A

Cisco Enterprise NFV

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are some examples of VNFs that are supported in Cisco Enterprise NFV?

A

Cisco Integrated Services Virtual Router (ISRv) for virtual routing

Cisco Adaptive Security Virtual Appliance (ASAv), which is a firewall

Cisco Firepower Next-Generation Firewall Virtual (NGFWv), which is an integrated virtual firewall with intrusion detection and intrusion prevention

Cisco virtual Wide Area Application Services (vWAAS) for virtualized WAN optimization

Cisco virtual Wireless LAN Controllers (vWLCs) for virtual WLCs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the term for the grouping of ports with similar properties within a VMware ESXi vSphere Standard Switch (vSS)?

A

Port group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

On which of the following virtual switches can the NX-OS CLI be used for administration?

A

Cisco Nexus 1000V

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which Cisco virtual switch is used in a Cisco ACI environment?

A

Cisco ACI Virtual Edge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A virtual switch in a VMware ESXi host has an uplink that maps to what?

A

Physical NIC or VMNIC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following are benefits of server virtualization? (Choose two.)

A. Hardware resource consolidation

B. Underutilization of CPU

C. Underutilization of memory

D. Reduction of TCO due to a less intense cooling requirement

E. Complete removal of physical networking

A

A. Hardware resource consolidation
D. Reduction of TCO due to a less intense cooling requirement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

True or false: NFV infrastructure can be deployed on any general-purpose x86 platform.

A

True. FV infrastructure can be deployed on any general-purpose x86 platform. There can be a mix of virtual and physical devices and Cisco and third-party devices and network services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which planes of operation can be virtualized?

A

Control plane and data plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What feature may need to be adjusted on a link to account for the additional overhead created by GRE?

A

Maximum transmission unit (MTU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What aspect of security ensures that data has not been altered or modified during transmission?

A

Data integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What consists of an IP routing table, a forwarding table, and the interface or interfaces assigned to the instance?

A

A VRF instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What uses a combination of VRF instances and 802.1Q trunking for hop-by-hop path isolation or Generic Routing Encapsulation (GRE)/Multipoint GRE (mGRE) for multi-hop path isolation?

A

VRF-Lite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Each VRF instance contains all except which of the following components?

A. Routing table
B. Forwarding table
C. Interface assigned to the VRF instance
D. ACL

A

D. ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What plane of operation includes protocols, databases, and tables that are involved in making forwarding decisions and maintaining a functional network topology that is loop free?

A

Control plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is a tunneling protocol that provides a path for transporting packets over an IP network by encapsulating a packet inside a transport protocol?

A

Generic Routing Encapsulation (GRE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is an inner packet that needs to be delivered to a destination network inside an outer IP packet?

A

payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What is additional control information about the payload that is being carried or the forwarding behavior that needs to be applied to the packets being tunneled at decapsulation—or both?

A

Encapsulation header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What indicates how the encapsulated payload data is transported to the other end of the tunnel?

A

Delivery or transport header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is a GRE stateless tunnel?

A

The tunnel endpoint does not keep information about the remote tunnel endpoint’s state or availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

How many bytes of overhead does a GRE tunnel add?

A

At least 24 bytes of overhead: This includes a new 20-byte IP header, which indicates the source and destination IP addresses of the GRE tunnel. The remaining 4 bytes are for the GRE header itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Does GRE support multiprotocol and ability to tunnel any OSI Layer 3 protocol?

A

Yes. It uses a protocol type field in the GRE header to support the encapsulation of any OSI Layer 3 protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Does GRE provide security features?

A

Nope. No strong confidentiality, data source authentication, or data integrity mechanism exists in GRE. GRE can, however, be used with IPsec to provide confidentiality, source authentication, and data integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What happens if packets are larger than the interface’s maximum transmission unit (MTU) permits?

A

the router must fragment the packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What can fragmentation cause?

A

Significant CPU overhead on a router, which can affect all packet forwarding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

How can you change MTU on an interface?

A

You change the MTU on an interface by using the command ip mtu mtu.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What might have to be done to prevent TCP sessions from being dropped?

A

Adjust the TCP maximum segment size (MSS) value by using the command ip tcp adjust-mss mss value for the interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Which of the following is not a characteristic of GRE?

A. GRE has weak security features.

B. GRE can tunnel any Layer 3 protocol.

C. GRE tunnels are stateful.

D. GRE can carry routing protocols within the tunnel.

A

C. GRE tunnels are stateful.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which of the following is not necessary to create a GRE tunnel?

A. IP address

B. Tunnel source

C. Tunnel destination

D. Routing protocol

A

Routing protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which of the following is performed by the routers in a tunnel path between two GRE router endpoints?

A. Parsing the payload

B. Parsing the IP packet

C. Encapsulating the payload packet

D. Decapsulating the payload packet

A

B. Parsing the IP packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What is a centralized architecture that provides ease of management and control for VPN deployments? It allows for easier scaling of large and small IPsec VPNs with GRE tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP).

A

Dynamic Multipoint VPN (DMVPN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What is a Cisco VTI?

A

Cisco IOS VTIs are used to provide a simplified configuration process for connecting remote sites. VTIs provide an alternative to the use of GRE or Layer 2 Tunneling Protocol (L2TP) for encapsulation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What is a unified solution that simplifies the deployment of multiple types of VPNs?

A

Cisco IOS FlexVPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What is a suite of protocols based on RFC 4301 that provides data confidentiality, data integrity, and data origin authentication of IP packets?

A

IPsec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

IPsec uses what three protocols?

A

IKE, AH, and ESP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What provides authentication of IPsec peers, negotiates IPsec security associations, and establishes IPsec keys?

A

Internet Key Exchange (IKE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What port does IKE use?

A

UDP port 500

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What uses protocol number 51 and provides encapsulation for user traffic authentication?

A

Authentication Header (AH)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Does AH provide encryption?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What uses protocol number 50 and provides encapsulation for user traffic encryption and authentication?

A

Encapsulating Security Payload (ESP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What command would you use to verify a Site-to-Site IPsec configuration?

A

show crypto isakmp sa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What are one of the downsides of using a GRE tunnel alone?

A

they transport packets in plaintext and offer no protection for the payload.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What does GRE support that IPsec doesn’t?

A

IP broadcast or IP multicast. It’s best to use them in conjuction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What are the two IPsec modes?

A

Tunnel and Transport mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What is Tunnel Mode?

A

Tunnel mode protects the original IP header within a new IPsec IP header. Tunnel mode is the default mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

What is Transport Mode?

A

Transport mode is used if the original IP header can be exposed. Transport mode is normally sufficient with GRE over IPsec because the GRE and IPsec endpoints are often the same.

72
Q

Is this a tunnel or transport mode packet?

A

Tunnel mode

73
Q

Is this a tunnel or transport mode packet?

A

Transport mode

74
Q

What VPN technology is used for the dynamic creation of IPsec tunnels between sites without the need for a permanent connection?

A

DMVPN

75
Q

VPN technology serves as a unifier for multiple types of VPNs?

A

Flex VPN

76
Q

What key management protocol introduced support for NAT traversal?

A

IKEv2

77
Q

Does IKEv1 offer EAP authenication?

A

No IKEv2 does. IKEv2 specifies that EAP must be used with ­public-key signature-based responder authentication.

78
Q

True or false: VRF-Lite technology provides true routing and forwarding separation.

A

True

79
Q

Which of the following is a multi-hop technique for data path virtualization?

A. mGRE

B. BGP

C. 802.1Q

D. Forwarding table

A

A. mGRE

80
Q

Which of the following is a characteristic of GRE?

A. GRE uses IP protocol 43

B. GRE uses IP protocol 47

C. GRE tunnels are stateful

D. GRE provides strong security features

A

IP protocol 47 defines GRE packets.

81
Q

Which of the following is not one of the protocols used with IPsec?

AH
ESP
IKE
EAP

A

EAP

82
Q

What routing architecture design separates the device identity, or endpoint identifier (EID), from its location or routing locator (RLOC)?

A

LISP

83
Q

What is the limitation of LISP?

A

It only supports Layer 3 overlays. It does not carry MAC addresses because it discards the Layer 2 Ethernet header.

84
Q

Because MAC addresses need to be carried in certain fabric technologies, such as SD-Access, you need what?

A

VXLAN

85
Q

VXLAN is a tunneling protocol that allows for the tunneling of -____ traffic over an IP network

A

Ethernet traffic

86
Q

What does Cisco’ SD-Access solution use as its control plane?

A

LISP

87
Q

What is the name for the VXLAN unique network ID?

A

VXLAN network identifier (VNI)

88
Q

What is assigned to an end host and is the IP address of the endpoint within the LISP site?

A

Endpoint identifier (EID)

89
Q

What is a site where LISP routers and EIDs reside?

A

LISP site

90
Q

What receives packets from endpoints within a LISP site and either encapsulates packets to remote LISP sites or natively forwards packets to non-LISP sites.

A

Ingress tunnel router (ITR)

91
Q

What receives packets from interfaces facing the network core and either decapsulates LISP packets or natively delivers non-LISP packets to local EIDs at the site?

A

Egress tunnel router (ETR)

92
Q

What is a router that performs the functions of both an ITR and an ETR?

A

Tunnel router (xTR)

93
Q

What is a LISP infrastructure device that provides connectivity between non-LISP sites and LISP sites?

A

Proxy ITR (PITR)

94
Q

What is a LISP infrastructure device that allows IPv6 LISP sites without native IPv6 RLOC connectivity to reach LISP sites that only have IPv6 RLOC connectivity?

A

Proxy ETR (PETR)

95
Q

It is likely that a LISP interworking device will implement both PITR and PETR functions. When this is the case, the device is referred to as what?

A

Proxy xTR (PxTR)

96
Q

What is a router that performs the functions of any or all of the following: ITR, ETR, PITR, and/or PETR.

A

LISP Router

97
Q

What is an IPv4 or IPv6 address assigned to a device (typically a router) in the global routing system?

It is an IPv4 or IPv6 address of an ETR that decapsulates LISP packets.

A

Routing locator (RLOC)

98
Q

What configures the LISP site policy for LISP ETRs that register to it?

A

Map server (MS)

99
Q

What receives map requests encapsulated to it from ITRs, and when configured with a service interface to the LISP alternative topology (ALT), it forwards map requests to the ALT?

A

Map resolver (MR)

100
Q

When the map server and map resolver functions are implemented on the same device, it is referred to as what?

A

Map server/map resolver (MS/MR)

101
Q

What are the three components of an LISP architecture?

A

LISP routing architecture, LISP control plane, and LISP data plane

102
Q

What enables LISP to separate the IP addresses into EIDs and RLOCs? This enables endpoints to roam from site to site, and the only thing that changes is their RLOCs. The EIDs remain the same.

A

LISP routing architecture

103
Q

What component determines where to send LISP traffic? It works similarly to Domain Name System (DNS).

A

LISP control plane.

As DNS can resolve a name to an IP address, LISP can resolve an EID to an RLOC by sending map requests to the MR. LISP uses map requests and map replies, which are similar to DNS requests and replies. LISP uses a distributed mapping system to map EIDs to RLOCs. When an ITR needs to find an RLOC address, a map request is sent to the mapping system. This makes the system an efficient and scalable on-demand routing protocol because it is based on a pull model instead of the push model used with traditional routing protocols.

104
Q

Which device in a LISP deployment receives map requests that are encapsulated to it from ITRs?

A

Map resolver (MR)

105
Q

Endpoint identifiers (EIDs)are assigned to what?

A

EIDs are assigned to end hosts.

106
Q

Can a endpoint identifier (EID) be both IPv4 and IPv6 or only IPv4?

A

Can be IPv4 or IPv6

107
Q

In environments where you need to preserve Layer 2 header information, you can use what?

A

VXLAN

108
Q

What provides a Layer 2 extension over a shared Layer 3 underlay infrastructure network, using MAC-in-IP or UDP tunneling encapsulation?

A

VXLAN

109
Q

VXLAN ID space is how many bits?

A

24 bits

110
Q

How many VXLAN identifiers can be supported?

A

16 million unique VXLAN identifiers

111
Q

What type of overlay emulates Layer 2 LAN segments?

A

Layer 2 overlay

112
Q

What type of overlays are helpful when you want to transport IP packets and you also want to abstract the underlying IP infrastructure?

A

Layer 3 overlay

113
Q

XLAN provides a unique network ID called a what?

A

VXLAN (or virtual) network identifier (VNI)

114
Q

What are the three drivers for VXLAN?

A

greater scalability, isolation for multitenancy, and any-to-any Layer 2 communications

115
Q

What component in VXLAN provides a tunnel for transporting the original payload?

A

VNI

116
Q

VXLAN uses MAC-in what encapsulation?

A

VXLAN uses MAC-in-UDP/IP encapsulation.

117
Q

VXLAN uses what to achieve optimal path usage over the transport network?

A

ECMP

118
Q

What is an entity that originates or terminates a VXLAN tunnel?

A

VXLAN tunnel endpoints (VTEPs).

119
Q

Each VTEP has two interfaces. What are they used for?

A

One interface provides a bridging function for local hosts (which can be a trunk port to the access switch).

The other interface has an IP identification in the core network for VXLAN encapsulation and decapsulation.

120
Q

VXLAN is a what plane protocol?

A

Data plane protocol

121
Q

MP-BGP and multicast are the most popular control planes for which environments?

A

Data centers and private cloud environments

122
Q

What are the various control planes that are supported with VXLAN?

A

VXLAN with LISP control plane
VXLAN with MP-BGP EVPN control plane
VXLAN with multicast underlay
VXLAN with static unicast VXLAN tunnels

123
Q

For campus deployment, Cisco’s Software-Defined Access (SD-Access) is an example of an implementation of VXLAN with what control plane?

A

LISP control plane

124
Q

In a VXLAN header, what is the size of the VXLAN ID field?

A

24 bits

125
Q

What kind of encapsulation does VXLAN use?

A

MAC-in-UDP

126
Q

What is the name of the unique network identity provided by VXLAN?

A

VXLAN network identifier (VNI)

127
Q

Which LISP device provides connectivity when traffic is flowing from a non-LISP site to a LISP site?

A

PITR is a LISP infrastructure device that provides connectivity between non-LISP sites and LISP sites.

128
Q

Which of the following describes a routing locator (RLOC)?

The IPv4 or IPv6 address of the customer router that is decapsulating a LISP packet

B. A logical topology that is deployed as part of the LISP infrastructure to provide scalable EID prefix aggregation

C. A block of IP addresses that are assigned to a site

D. The name of a site where LISP routers and EIDs reside

A

A logical topology that is deployed as part of the LISP infrastructure to provide scalable EID prefix aggregation

129
Q

What collective grouping of devices is responsible for transporting packets between network devices for the SD-Access fabric overlay?

A

Underlay network

130
Q

What SD-Access architecture component is part of the Layer 3 network used for interconnections between border nodes and edge nodes?

A

Intermediate node

131
Q

SD-Access can be considered an evolution of which of the following network environments?

Data center

Enterprise campus

WAN

Private cloud

A

Enterprise campus

132
Q

Which component integrates with the SD-Access environment to enable the dynamic mapping of users to scalable groups for end-to-end policy enforcement?

Cisco ISE

Cisco DNA Center

Cisco TrustSec

NMS

A

Cisco ISE

133
Q

What are the four SD-Access fabric architecture layers?

A

Physical, Network, Controller, and Management layers

134
Q

Which component of an SD-Access architecture provides a centralized dashboard that hides the complexities and dependencies of configuring the other layers?

Underlay network

Overlay network

Cisco DNA Center

Cisco ISE

A

Cisco DNA Center

135
Q

Which component of the controller layer in an SD-Access architecture provides the underlay and fabric automation and orchestration services for the physical and network layers?

NCP

NDP

Cisco ISE

LISP

A

NCP provides all the underlay and fabric automation and orchestration services for the physical and network layers.

136
Q

What are the four planes of operation in SD-Access?

A

Control, Data, Policy, & Management planes

137
Q

Which SD-Access plane involves the security and segmentation of network devices?

A

Policy plane

138
Q

Which SD-Access plane involves the orchestration, assurance, visibility, and management of the SD-Access solution?

A

Management plane

139
Q

What does SD-Access use as the control plane?

A

LISP

140
Q

What does SD-Access use as the data plane?

A

VXLAN

141
Q

What does SD-Access use as the policy plane?

A

Cisco TrustSec

142
Q

What does SD-Access use as the management plane?

A

DNA Center

143
Q

What technology is used to assign an SGT value to a packet at its ingress point into a network?

A

Cisco TrustSec

144
Q

The assignment of an SGT value as packets enter a network is associated with which operational plane of the SD-Access architecture?

Control plane

Data plane

Policy plane

Management plane

A

Policy plane

145
Q

What type of SD-Access node serves as a gateway between the SD-Access fabric site and external networks to the fabric?

A

Border node

146
Q

What component in an SD-Access architecture is represented as a switched virtual interface (SVI) with a hard-coded MAC address across all edge nodes?

Map resolver

Anycast Layer 3 gateway

EID

PxTR

A

Anycast Layer 3 gateway

147
Q

True or false: After an edge node detects an endpoint in the endpoint registration process, that endpoint is added to a local database known as the EID table.

A

True

148
Q

True or false: Cisco SD-Access architecture offers open and standards-based APIs for management.

A

True

149
Q

Which SD-Access operational plane deals with orchestration, assurance, and visibility in a Cisco SD-Access deployment?

A

Management plane

150
Q

Fabric-mode APs connect to which of the following component in an SD-Access environment?

Fabric WLC

Edge node

Intermediate mode

Border node

A

Edge Node

151
Q

What is a container?

A lightweight virtual machine

A software emulation of a physical server without an operating system

An application with its dependencies packaged inside a tarball

An isolated environment where containerized applications run.

A

An isolated environment where containerized applications run.

152
Q

Which of the following are container engines? (Choose all that apply.)

Rkt

Docker

vSphere hypervisor

LXD

A

Docker

153
Q

True or false: Only a single vSwitch is supported within a virtualized server.

A

False

154
Q

Which of the following is the virtual or software version of a network function and typically runs on a hypervisor as a VM?

VNF

NFV

NFVI

NFVIS

A

VNF

155
Q

Which of the following is an architectural framework created by ETSI that defines standards to decouple network functions from proprietary hardware-based appliances and have them run in software on standard x86 servers?

VNF

NFV

NFVI

NFVIS

A

NFV

156
Q

Which platform plays the role of the orchestrator in Cisco’s Enterprise NFV solution?

APIC-EM

Cisco DNA Center

Cisco Enterprise Service Automation (ESA)

APIC Controller

A

Cisco DNA Center

157
Q

Connecting VNFs together to provide an NFV service or solution is known as ______.

daisy chaining

bridging

switching

service chaining

linking

A

service chaining

158
Q

What is an architectural framework created by the European Telecommunications Standards Institute (ETSI) that defines standards to decouple network functions from proprietary hardware-based appliances and have them run in software on standard x86 servers?

A

Network functions virtualization (NFV)

159
Q

What is the virtual or software version of an NF, and it typically runs on a hypervisor as a VM?

A

virtual network function (VNF)

160
Q

What are some examples of Cisco VNFs?

A

Cisco Cloud Services Router 1000V (CSR 1000V)

Cisco Integrated Services Virtual Router (ISRv)

Cisco NextGen Firewall Virtual Appliance (NGFWv)

Cisco Adaptive Security Virtual Appliance (ASAv)

161
Q

What allows VNFs to have direct access to physical PCI devices, which appear and behave as if they were physically attached to the VNF?

A

PCI passthrough

162
Q

What maps EIDs to RLOCs?

control plane node
border node
edge node
intermediate node
WLC node

A

control plane node

163
Q

What connects the fabric to to external networks?

control plane node
border node
edge node
intermediate node
WLC node

A

border node

164
Q

What connects endpoint devices to the fabric?

control plane node
border node
edge node
intermediate node
WLC node

A

edge node

165
Q

What provides only underlay transport services?

control plane node
border node
edge node
intermediate node
WLC node

A

intermediate node

166
Q

What resides outside of the fabric?

control plane node
border node
edge node
intermediate node
WLC node

A

WLC node

167
Q

How does a VM uniquely identify itself to other virtually and physically networked devices

The administrator can set software and networking identifiers via the VM configuration file.

The operating system will automatically define unique identifiers by incrementing the default hardware addresses as needed.

The VM inherits its identifiers from the operating system and its associated hardware.

The administrator can set software and networking identifiers via the operating system.

A

The administrator can set software and networking identifiers via the VM configuration file

168
Q

What maps EIDs to RLOCs?

edge node
border node
control plane node
intermediate node
WLC node

A

control plane node

169
Q

What connects the fabric to external networks?

edge node
border node
control plane node
intermediate node
WLC node

A

border node

170
Q

What connects endpoint devices to the fabric?

edge node
border node
control plane node
intermediate node
WLC node

A

edge node

171
Q

What provides only underlay transport services?

edge node
border node
control plane node
intermediate node
WLC node

A

intermediate node

172
Q

What resides outside the fabric?

A

WLC node

173
Q

Which of the following are encryption protocols that should be avoided? (Choose two.)

DES
3DES
AES
GCM

A

DES
3DES

174
Q

Which of the following is the message exchange mode used to establish an IKEv1 IPsec SA?

Main mode
Aggressive mode
Quick mode
CREATE_CHILD_SA

A

Quick mode

175
Q

What is the destination UDP port used by the LISP data plane?

4341
4143
4342
4142

A

4341

176
Q

Which of the following UDP ports is the UDP port officially assigned by the IANA for VXLAN?

8947
4789
8472
4987

A

4789