Virtualization Flashcards
What does consolidation ratio mean in the context of virtualization?
Consolidation ratio is the ratio of virtual servers to physical servers.
Which type of hypervisor is most commonly used in enterprise production deployments?
Type 1, or bare-metal hypervisor
From the hypervisor perspective, how is a virtual disk represented?
A virtual disk is represented as a file on the host-attached storage of a hypervisor.
In network virtualization, what is the terminology given to the physical enterprise network that supports multiple logical overlay networks?
Underlay network
What is the software that makes server virtualization possible?
Hypervisor
What acts as the abstraction layer between the physical hardware and the guest operating system, which runs inside a virtual machine (VM)?
Hypervisor
A hosted hypervisor is also known as?
Type 2 hypervisor
Which type of hypervisor provides better scalability and performance because it runs directly on top of the hardware and not inside another Windows or Linux operating system?
Type 1 hypervisor
VMware ESXi, Microsoft Hyper-V, KVM, and Citrix Hypervisor are examples of which type of hypervisor?
Type 1 hypervisor
A type 2, or hosted, hypervisor runs inside what exactly?
Windows or Linux operating system installed on a physical host machine.
What are some examples of type 2 hypervisors?
VMware Workstation, VMware Fusion, Parallels, and Oracle VirtualBox
Which of the following is not an example of a type 1 hypervisor?
A. Citrix Hypervisor
B. VMware ESXi
C. Microsoft Hyper-V
D. VMware Fusion
VMware Fusion is a type 2 hypervisor that is built for use in a macOS environment
Which of the following is a benefit of having a higher server consolidation ratio?
A. Higher ROI
B. Higher power consumption
C. Allows for mixing of different hypervisor types
D. Allows for the creation of larger VMs
A. Higher ROI
Type 2 hypervisors are commonly deployed in what type of environment?
Test/development environments
What is is a logical container that contains all the resources that an operating system requires for normal operation?
Virtual machine (VM)
What are the components of a VM?
Its components include virtual CPU (vCPU), virtual memory, a virtual graphic adapter, and a virtual NIC (vNIC), among other resources
What is the centralized management server responsible for managing multiple ESXi hosts?
vCenter
What typically contains an application and all the dependencies that the application needs to run and is physically smaller and more efficient than a VM?
A container
Which of the following cannot be used to manage any VMware vCenter Server environment?
A. Flash-based vSphere Web Client
B. vSphere HTML5 Web Client
C. vSphere C# client
D. Microsoft Remote Desktop Protocol (RDP) client
D. Microsoft Remote Desktop Protocol (RDP) client
What term applies to the operating system that is installed within a virtual machine?
Guest operating system
True or false: Memory can be overprovisioned in a virtualized environment deployment.
True. Memory can be overprovisioned. You can allocate more memory to VMs than you have installed on a physical host.
What does a VM vNIC connect to?
A VM vNIC connects to a virtual port on an internal switch called a virtual switch.
Can traffic flow directly from one vSwitch to another?
No. Due to this behavior of a vSwitch, there is no risk of a spanning tree loop within the virtual host.
The grouping of ports is termed as what in a VMware ESXi environment?
a port group
What is a vSphere Distributed Switch (vDS) used for?
vDS is used for complex vSphere environments with requirements for advanced networking and high availability.
What is an architectural approach that seeks to decouple individual network services such as access control lists (ACLs), Network Address Translation (NAT), quality of service (QoS), intrusion prevention systems (IPSs), intrusion detection systems (IDSs), Layer 3 routing, wireless LAN controllers (WLCs), and more from the underlying hardware?
Cisco Enterprise NFV
What are some examples of VNFs that are supported in Cisco Enterprise NFV?
Cisco Integrated Services Virtual Router (ISRv) for virtual routing
Cisco Adaptive Security Virtual Appliance (ASAv), which is a firewall
Cisco Firepower Next-Generation Firewall Virtual (NGFWv), which is an integrated virtual firewall with intrusion detection and intrusion prevention
Cisco virtual Wide Area Application Services (vWAAS) for virtualized WAN optimization
Cisco virtual Wireless LAN Controllers (vWLCs) for virtual WLCs
What is the term for the grouping of ports with similar properties within a VMware ESXi vSphere Standard Switch (vSS)?
Port group
On which of the following virtual switches can the NX-OS CLI be used for administration?
Cisco Nexus 1000V
Which Cisco virtual switch is used in a Cisco ACI environment?
Cisco ACI Virtual Edge
A virtual switch in a VMware ESXi host has an uplink that maps to what?
Physical NIC or VMNIC
Which of the following are benefits of server virtualization? (Choose two.)
A. Hardware resource consolidation
B. Underutilization of CPU
C. Underutilization of memory
D. Reduction of TCO due to a less intense cooling requirement
E. Complete removal of physical networking
A. Hardware resource consolidation
D. Reduction of TCO due to a less intense cooling requirement
True or false: NFV infrastructure can be deployed on any general-purpose x86 platform.
True. FV infrastructure can be deployed on any general-purpose x86 platform. There can be a mix of virtual and physical devices and Cisco and third-party devices and network services.
Which planes of operation can be virtualized?
Control plane and data plane
What feature may need to be adjusted on a link to account for the additional overhead created by GRE?
Maximum transmission unit (MTU)
What aspect of security ensures that data has not been altered or modified during transmission?
Data integrity
What consists of an IP routing table, a forwarding table, and the interface or interfaces assigned to the instance?
A VRF instance
What uses a combination of VRF instances and 802.1Q trunking for hop-by-hop path isolation or Generic Routing Encapsulation (GRE)/Multipoint GRE (mGRE) for multi-hop path isolation?
VRF-Lite
Each VRF instance contains all except which of the following components?
A. Routing table
B. Forwarding table
C. Interface assigned to the VRF instance
D. ACL
D. ACL
What plane of operation includes protocols, databases, and tables that are involved in making forwarding decisions and maintaining a functional network topology that is loop free?
Control plane
What is a tunneling protocol that provides a path for transporting packets over an IP network by encapsulating a packet inside a transport protocol?
Generic Routing Encapsulation (GRE)
What is an inner packet that needs to be delivered to a destination network inside an outer IP packet?
payload
What is additional control information about the payload that is being carried or the forwarding behavior that needs to be applied to the packets being tunneled at decapsulation—or both?
Encapsulation header
What indicates how the encapsulated payload data is transported to the other end of the tunnel?
Delivery or transport header
What is a GRE stateless tunnel?
The tunnel endpoint does not keep information about the remote tunnel endpoint’s state or availability.
How many bytes of overhead does a GRE tunnel add?
At least 24 bytes of overhead: This includes a new 20-byte IP header, which indicates the source and destination IP addresses of the GRE tunnel. The remaining 4 bytes are for the GRE header itself.
Does GRE support multiprotocol and ability to tunnel any OSI Layer 3 protocol?
Yes. It uses a protocol type field in the GRE header to support the encapsulation of any OSI Layer 3 protocol.
Does GRE provide security features?
Nope. No strong confidentiality, data source authentication, or data integrity mechanism exists in GRE. GRE can, however, be used with IPsec to provide confidentiality, source authentication, and data integrity.
What happens if packets are larger than the interface’s maximum transmission unit (MTU) permits?
the router must fragment the packet.
What can fragmentation cause?
Significant CPU overhead on a router, which can affect all packet forwarding.
How can you change MTU on an interface?
You change the MTU on an interface by using the command ip mtu mtu.
What might have to be done to prevent TCP sessions from being dropped?
Adjust the TCP maximum segment size (MSS) value by using the command ip tcp adjust-mss mss value for the interface.
Which of the following is not a characteristic of GRE?
A. GRE has weak security features.
B. GRE can tunnel any Layer 3 protocol.
C. GRE tunnels are stateful.
D. GRE can carry routing protocols within the tunnel.
C. GRE tunnels are stateful.
Which of the following is not necessary to create a GRE tunnel?
A. IP address
B. Tunnel source
C. Tunnel destination
D. Routing protocol
Routing protocol
Which of the following is performed by the routers in a tunnel path between two GRE router endpoints?
A. Parsing the payload
B. Parsing the IP packet
C. Encapsulating the payload packet
D. Decapsulating the payload packet
B. Parsing the IP packet
What is a centralized architecture that provides ease of management and control for VPN deployments? It allows for easier scaling of large and small IPsec VPNs with GRE tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP).
Dynamic Multipoint VPN (DMVPN)
What is a Cisco VTI?
Cisco IOS VTIs are used to provide a simplified configuration process for connecting remote sites. VTIs provide an alternative to the use of GRE or Layer 2 Tunneling Protocol (L2TP) for encapsulation.
What is a unified solution that simplifies the deployment of multiple types of VPNs?
Cisco IOS FlexVPN
What is a suite of protocols based on RFC 4301 that provides data confidentiality, data integrity, and data origin authentication of IP packets?
IPsec
IPsec uses what three protocols?
IKE, AH, and ESP
What provides authentication of IPsec peers, negotiates IPsec security associations, and establishes IPsec keys?
Internet Key Exchange (IKE)
What port does IKE use?
UDP port 500
What uses protocol number 51 and provides encapsulation for user traffic authentication?
Authentication Header (AH)
Does AH provide encryption?
No
What uses protocol number 50 and provides encapsulation for user traffic encryption and authentication?
Encapsulating Security Payload (ESP)
What command would you use to verify a Site-to-Site IPsec configuration?
show crypto isakmp sa
What are one of the downsides of using a GRE tunnel alone?
they transport packets in plaintext and offer no protection for the payload.
What does GRE support that IPsec doesn’t?
IP broadcast or IP multicast. It’s best to use them in conjuction.
What are the two IPsec modes?
Tunnel and Transport mode
What is Tunnel Mode?
Tunnel mode protects the original IP header within a new IPsec IP header. Tunnel mode is the default mode.
What is Transport Mode?
Transport mode is used if the original IP header can be exposed. Transport mode is normally sufficient with GRE over IPsec because the GRE and IPsec endpoints are often the same.
Is this a tunnel or transport mode packet?
Tunnel mode
Is this a tunnel or transport mode packet?
Transport mode
What VPN technology is used for the dynamic creation of IPsec tunnels between sites without the need for a permanent connection?
DMVPN
VPN technology serves as a unifier for multiple types of VPNs?
Flex VPN
What key management protocol introduced support for NAT traversal?
IKEv2
Does IKEv1 offer EAP authenication?
No IKEv2 does. IKEv2 specifies that EAP must be used with public-key signature-based responder authentication.
True or false: VRF-Lite technology provides true routing and forwarding separation.
True
Which of the following is a multi-hop technique for data path virtualization?
A. mGRE
B. BGP
C. 802.1Q
D. Forwarding table
A. mGRE
Which of the following is a characteristic of GRE?
A. GRE uses IP protocol 43
B. GRE uses IP protocol 47
C. GRE tunnels are stateful
D. GRE provides strong security features
IP protocol 47 defines GRE packets.
Which of the following is not one of the protocols used with IPsec?
AH
ESP
IKE
EAP
EAP
What routing architecture design separates the device identity, or endpoint identifier (EID), from its location or routing locator (RLOC)?
LISP
What is the limitation of LISP?
It only supports Layer 3 overlays. It does not carry MAC addresses because it discards the Layer 2 Ethernet header.
Because MAC addresses need to be carried in certain fabric technologies, such as SD-Access, you need what?
VXLAN
VXLAN is a tunneling protocol that allows for the tunneling of -____ traffic over an IP network
Ethernet traffic
What does Cisco’ SD-Access solution use as its control plane?
LISP
What is the name for the VXLAN unique network ID?
VXLAN network identifier (VNI)
What is assigned to an end host and is the IP address of the endpoint within the LISP site?
Endpoint identifier (EID)
What is a site where LISP routers and EIDs reside?
LISP site
What receives packets from endpoints within a LISP site and either encapsulates packets to remote LISP sites or natively forwards packets to non-LISP sites.
Ingress tunnel router (ITR)
What receives packets from interfaces facing the network core and either decapsulates LISP packets or natively delivers non-LISP packets to local EIDs at the site?
Egress tunnel router (ETR)
What is a router that performs the functions of both an ITR and an ETR?
Tunnel router (xTR)
What is a LISP infrastructure device that provides connectivity between non-LISP sites and LISP sites?
Proxy ITR (PITR)
What is a LISP infrastructure device that allows IPv6 LISP sites without native IPv6 RLOC connectivity to reach LISP sites that only have IPv6 RLOC connectivity?
Proxy ETR (PETR)
It is likely that a LISP interworking device will implement both PITR and PETR functions. When this is the case, the device is referred to as what?
Proxy xTR (PxTR)
What is a router that performs the functions of any or all of the following: ITR, ETR, PITR, and/or PETR.
LISP Router
What is an IPv4 or IPv6 address assigned to a device (typically a router) in the global routing system?
It is an IPv4 or IPv6 address of an ETR that decapsulates LISP packets.
Routing locator (RLOC)
What configures the LISP site policy for LISP ETRs that register to it?
Map server (MS)
What receives map requests encapsulated to it from ITRs, and when configured with a service interface to the LISP alternative topology (ALT), it forwards map requests to the ALT?
Map resolver (MR)
When the map server and map resolver functions are implemented on the same device, it is referred to as what?
Map server/map resolver (MS/MR)
What are the three components of an LISP architecture?
LISP routing architecture, LISP control plane, and LISP data plane
What enables LISP to separate the IP addresses into EIDs and RLOCs? This enables endpoints to roam from site to site, and the only thing that changes is their RLOCs. The EIDs remain the same.
LISP routing architecture
What component determines where to send LISP traffic? It works similarly to Domain Name System (DNS).
LISP control plane.
As DNS can resolve a name to an IP address, LISP can resolve an EID to an RLOC by sending map requests to the MR. LISP uses map requests and map replies, which are similar to DNS requests and replies. LISP uses a distributed mapping system to map EIDs to RLOCs. When an ITR needs to find an RLOC address, a map request is sent to the mapping system. This makes the system an efficient and scalable on-demand routing protocol because it is based on a pull model instead of the push model used with traditional routing protocols.
Which device in a LISP deployment receives map requests that are encapsulated to it from ITRs?
Map resolver (MR)
Endpoint identifiers (EIDs)are assigned to what?
EIDs are assigned to end hosts.
Can a endpoint identifier (EID) be both IPv4 and IPv6 or only IPv4?
Can be IPv4 or IPv6
In environments where you need to preserve Layer 2 header information, you can use what?
VXLAN
What provides a Layer 2 extension over a shared Layer 3 underlay infrastructure network, using MAC-in-IP or UDP tunneling encapsulation?
VXLAN
VXLAN ID space is how many bits?
24 bits
How many VXLAN identifiers can be supported?
16 million unique VXLAN identifiers
What type of overlay emulates Layer 2 LAN segments?
Layer 2 overlay
What type of overlays are helpful when you want to transport IP packets and you also want to abstract the underlying IP infrastructure?
Layer 3 overlay
XLAN provides a unique network ID called a what?
VXLAN (or virtual) network identifier (VNI)
What are the three drivers for VXLAN?
greater scalability, isolation for multitenancy, and any-to-any Layer 2 communications
What component in VXLAN provides a tunnel for transporting the original payload?
VNI
VXLAN uses MAC-in what encapsulation?
VXLAN uses MAC-in-UDP/IP encapsulation.
VXLAN uses what to achieve optimal path usage over the transport network?
ECMP
What is an entity that originates or terminates a VXLAN tunnel?
VXLAN tunnel endpoints (VTEPs).
Each VTEP has two interfaces. What are they used for?
One interface provides a bridging function for local hosts (which can be a trunk port to the access switch).
The other interface has an IP identification in the core network for VXLAN encapsulation and decapsulation.
VXLAN is a what plane protocol?
Data plane protocol
MP-BGP and multicast are the most popular control planes for which environments?
Data centers and private cloud environments
What are the various control planes that are supported with VXLAN?
VXLAN with LISP control plane
VXLAN with MP-BGP EVPN control plane
VXLAN with multicast underlay
VXLAN with static unicast VXLAN tunnels
For campus deployment, Cisco’s Software-Defined Access (SD-Access) is an example of an implementation of VXLAN with what control plane?
LISP control plane
In a VXLAN header, what is the size of the VXLAN ID field?
24 bits
What kind of encapsulation does VXLAN use?
MAC-in-UDP
What is the name of the unique network identity provided by VXLAN?
VXLAN network identifier (VNI)
Which LISP device provides connectivity when traffic is flowing from a non-LISP site to a LISP site?
PITR is a LISP infrastructure device that provides connectivity between non-LISP sites and LISP sites.
Which of the following describes a routing locator (RLOC)?
The IPv4 or IPv6 address of the customer router that is decapsulating a LISP packet
B. A logical topology that is deployed as part of the LISP infrastructure to provide scalable EID prefix aggregation
C. A block of IP addresses that are assigned to a site
D. The name of a site where LISP routers and EIDs reside
A logical topology that is deployed as part of the LISP infrastructure to provide scalable EID prefix aggregation
What collective grouping of devices is responsible for transporting packets between network devices for the SD-Access fabric overlay?
Underlay network
What SD-Access architecture component is part of the Layer 3 network used for interconnections between border nodes and edge nodes?
Intermediate node
SD-Access can be considered an evolution of which of the following network environments?
Data center
Enterprise campus
WAN
Private cloud
Enterprise campus
Which component integrates with the SD-Access environment to enable the dynamic mapping of users to scalable groups for end-to-end policy enforcement?
Cisco ISE
Cisco DNA Center
Cisco TrustSec
NMS
Cisco ISE
What are the four SD-Access fabric architecture layers?
Physical, Network, Controller, and Management layers
Which component of an SD-Access architecture provides a centralized dashboard that hides the complexities and dependencies of configuring the other layers?
Underlay network
Overlay network
Cisco DNA Center
Cisco ISE
Cisco DNA Center
Which component of the controller layer in an SD-Access architecture provides the underlay and fabric automation and orchestration services for the physical and network layers?
NCP
NDP
Cisco ISE
LISP
NCP provides all the underlay and fabric automation and orchestration services for the physical and network layers.
What are the four planes of operation in SD-Access?
Control, Data, Policy, & Management planes
Which SD-Access plane involves the security and segmentation of network devices?
Policy plane
Which SD-Access plane involves the orchestration, assurance, visibility, and management of the SD-Access solution?
Management plane
What does SD-Access use as the control plane?
LISP
What does SD-Access use as the data plane?
VXLAN
What does SD-Access use as the policy plane?
Cisco TrustSec
What does SD-Access use as the management plane?
DNA Center
What technology is used to assign an SGT value to a packet at its ingress point into a network?
Cisco TrustSec
The assignment of an SGT value as packets enter a network is associated with which operational plane of the SD-Access architecture?
Control plane
Data plane
Policy plane
Management plane
Policy plane
What type of SD-Access node serves as a gateway between the SD-Access fabric site and external networks to the fabric?
Border node
What component in an SD-Access architecture is represented as a switched virtual interface (SVI) with a hard-coded MAC address across all edge nodes?
Map resolver
Anycast Layer 3 gateway
EID
PxTR
Anycast Layer 3 gateway
True or false: After an edge node detects an endpoint in the endpoint registration process, that endpoint is added to a local database known as the EID table.
True
True or false: Cisco SD-Access architecture offers open and standards-based APIs for management.
True
Which SD-Access operational plane deals with orchestration, assurance, and visibility in a Cisco SD-Access deployment?
Management plane
Fabric-mode APs connect to which of the following component in an SD-Access environment?
Fabric WLC
Edge node
Intermediate mode
Border node
Edge Node
What is a container?
A lightweight virtual machine
A software emulation of a physical server without an operating system
An application with its dependencies packaged inside a tarball
An isolated environment where containerized applications run.
An isolated environment where containerized applications run.
Which of the following are container engines? (Choose all that apply.)
Rkt
Docker
vSphere hypervisor
LXD
Docker
True or false: Only a single vSwitch is supported within a virtualized server.
False
Which of the following is the virtual or software version of a network function and typically runs on a hypervisor as a VM?
VNF
NFV
NFVI
NFVIS
VNF
Which of the following is an architectural framework created by ETSI that defines standards to decouple network functions from proprietary hardware-based appliances and have them run in software on standard x86 servers?
VNF
NFV
NFVI
NFVIS
NFV
Which platform plays the role of the orchestrator in Cisco’s Enterprise NFV solution?
APIC-EM
Cisco DNA Center
Cisco Enterprise Service Automation (ESA)
APIC Controller
Cisco DNA Center
Connecting VNFs together to provide an NFV service or solution is known as ______.
daisy chaining
bridging
switching
service chaining
linking
service chaining
What is an architectural framework created by the European Telecommunications Standards Institute (ETSI) that defines standards to decouple network functions from proprietary hardware-based appliances and have them run in software on standard x86 servers?
Network functions virtualization (NFV)
What is the virtual or software version of an NF, and it typically runs on a hypervisor as a VM?
virtual network function (VNF)
What are some examples of Cisco VNFs?
Cisco Cloud Services Router 1000V (CSR 1000V)
Cisco Integrated Services Virtual Router (ISRv)
Cisco NextGen Firewall Virtual Appliance (NGFWv)
Cisco Adaptive Security Virtual Appliance (ASAv)
What allows VNFs to have direct access to physical PCI devices, which appear and behave as if they were physically attached to the VNF?
PCI passthrough
What maps EIDs to RLOCs?
control plane node
border node
edge node
intermediate node
WLC node
control plane node
What connects the fabric to to external networks?
control plane node
border node
edge node
intermediate node
WLC node
border node
What connects endpoint devices to the fabric?
control plane node
border node
edge node
intermediate node
WLC node
edge node
What provides only underlay transport services?
control plane node
border node
edge node
intermediate node
WLC node
intermediate node
What resides outside of the fabric?
control plane node
border node
edge node
intermediate node
WLC node
WLC node
How does a VM uniquely identify itself to other virtually and physically networked devices
The administrator can set software and networking identifiers via the VM configuration file.
The operating system will automatically define unique identifiers by incrementing the default hardware addresses as needed.
The VM inherits its identifiers from the operating system and its associated hardware.
The administrator can set software and networking identifiers via the operating system.
The administrator can set software and networking identifiers via the VM configuration file
What maps EIDs to RLOCs?
edge node
border node
control plane node
intermediate node
WLC node
control plane node
What connects the fabric to external networks?
edge node
border node
control plane node
intermediate node
WLC node
border node
What connects endpoint devices to the fabric?
edge node
border node
control plane node
intermediate node
WLC node
edge node
What provides only underlay transport services?
edge node
border node
control plane node
intermediate node
WLC node
intermediate node
What resides outside the fabric?
WLC node
Which of the following are encryption protocols that should be avoided? (Choose two.)
DES
3DES
AES
GCM
DES
3DES
Which of the following is the message exchange mode used to establish an IKEv1 IPsec SA?
Main mode
Aggressive mode
Quick mode
CREATE_CHILD_SA
Quick mode
What is the destination UDP port used by the LISP data plane?
4341
4143
4342
4142
4341
Which of the following UDP ports is the UDP port officially assigned by the IANA for VXLAN?
8947
4789
8472
4987
4789
