Virtualization Flashcards
What does consolidation ratio mean in the context of virtualization?
Consolidation ratio is the ratio of virtual servers to physical servers.
Which type of hypervisor is most commonly used in enterprise production deployments?
Type 1, or bare-metal hypervisor
From the hypervisor perspective, how is a virtual disk represented?
A virtual disk is represented as a file on the host-attached storage of a hypervisor.
In network virtualization, what is the terminology given to the physical enterprise network that supports multiple logical overlay networks?
Underlay network
What is the software that makes server virtualization possible?
Hypervisor
What acts as the abstraction layer between the physical hardware and the guest operating system, which runs inside a virtual machine (VM)?
Hypervisor
A hosted hypervisor is also known as?
Type 2 hypervisor
Which type of hypervisor provides better scalability and performance because it runs directly on top of the hardware and not inside another Windows or Linux operating system?
Type 1 hypervisor
VMware ESXi, Microsoft Hyper-V, KVM, and Citrix Hypervisor are examples of which type of hypervisor?
Type 1 hypervisor
A type 2, or hosted, hypervisor runs inside what exactly?
Windows or Linux operating system installed on a physical host machine.
What are some examples of type 2 hypervisors?
VMware Workstation, VMware Fusion, Parallels, and Oracle VirtualBox
Which of the following is not an example of a type 1 hypervisor?
A. Citrix Hypervisor
B. VMware ESXi
C. Microsoft Hyper-V
D. VMware Fusion
VMware Fusion is a type 2 hypervisor that is built for use in a macOS environment
Which of the following is a benefit of having a higher server consolidation ratio?
A. Higher ROI
B. Higher power consumption
C. Allows for mixing of different hypervisor types
D. Allows for the creation of larger VMs
A. Higher ROI
Type 2 hypervisors are commonly deployed in what type of environment?
Test/development environments
What is is a logical container that contains all the resources that an operating system requires for normal operation?
Virtual machine (VM)
What are the components of a VM?
Its components include virtual CPU (vCPU), virtual memory, a virtual graphic adapter, and a virtual NIC (vNIC), among other resources
What is the centralized management server responsible for managing multiple ESXi hosts?
vCenter
What typically contains an application and all the dependencies that the application needs to run and is physically smaller and more efficient than a VM?
A container
Which of the following cannot be used to manage any VMware vCenter Server environment?
A. Flash-based vSphere Web Client
B. vSphere HTML5 Web Client
C. vSphere C# client
D. Microsoft Remote Desktop Protocol (RDP) client
D. Microsoft Remote Desktop Protocol (RDP) client
What term applies to the operating system that is installed within a virtual machine?
Guest operating system
True or false: Memory can be overprovisioned in a virtualized environment deployment.
True. Memory can be overprovisioned. You can allocate more memory to VMs than you have installed on a physical host.
What does a VM vNIC connect to?
A VM vNIC connects to a virtual port on an internal switch called a virtual switch.
Can traffic flow directly from one vSwitch to another?
No. Due to this behavior of a vSwitch, there is no risk of a spanning tree loop within the virtual host.
The grouping of ports is termed as what in a VMware ESXi environment?
a port group
What is a vSphere Distributed Switch (vDS) used for?
vDS is used for complex vSphere environments with requirements for advanced networking and high availability.
What is an architectural approach that seeks to decouple individual network services such as access control lists (ACLs), Network Address Translation (NAT), quality of service (QoS), intrusion prevention systems (IPSs), intrusion detection systems (IDSs), Layer 3 routing, wireless LAN controllers (WLCs), and more from the underlying hardware?
Cisco Enterprise NFV
What are some examples of VNFs that are supported in Cisco Enterprise NFV?
Cisco Integrated Services Virtual Router (ISRv) for virtual routing
Cisco Adaptive Security Virtual Appliance (ASAv), which is a firewall
Cisco Firepower Next-Generation Firewall Virtual (NGFWv), which is an integrated virtual firewall with intrusion detection and intrusion prevention
Cisco virtual Wide Area Application Services (vWAAS) for virtualized WAN optimization
Cisco virtual Wireless LAN Controllers (vWLCs) for virtual WLCs
What is the term for the grouping of ports with similar properties within a VMware ESXi vSphere Standard Switch (vSS)?
Port group
On which of the following virtual switches can the NX-OS CLI be used for administration?
Cisco Nexus 1000V
Which Cisco virtual switch is used in a Cisco ACI environment?
Cisco ACI Virtual Edge
A virtual switch in a VMware ESXi host has an uplink that maps to what?
Physical NIC or VMNIC
Which of the following are benefits of server virtualization? (Choose two.)
A. Hardware resource consolidation
B. Underutilization of CPU
C. Underutilization of memory
D. Reduction of TCO due to a less intense cooling requirement
E. Complete removal of physical networking
A. Hardware resource consolidation
D. Reduction of TCO due to a less intense cooling requirement
True or false: NFV infrastructure can be deployed on any general-purpose x86 platform.
True. FV infrastructure can be deployed on any general-purpose x86 platform. There can be a mix of virtual and physical devices and Cisco and third-party devices and network services.
Which planes of operation can be virtualized?
Control plane and data plane
What feature may need to be adjusted on a link to account for the additional overhead created by GRE?
Maximum transmission unit (MTU)
What aspect of security ensures that data has not been altered or modified during transmission?
Data integrity
What consists of an IP routing table, a forwarding table, and the interface or interfaces assigned to the instance?
A VRF instance
What uses a combination of VRF instances and 802.1Q trunking for hop-by-hop path isolation or Generic Routing Encapsulation (GRE)/Multipoint GRE (mGRE) for multi-hop path isolation?
VRF-Lite
Each VRF instance contains all except which of the following components?
A. Routing table
B. Forwarding table
C. Interface assigned to the VRF instance
D. ACL
D. ACL
What plane of operation includes protocols, databases, and tables that are involved in making forwarding decisions and maintaining a functional network topology that is loop free?
Control plane
What is a tunneling protocol that provides a path for transporting packets over an IP network by encapsulating a packet inside a transport protocol?
Generic Routing Encapsulation (GRE)
What is an inner packet that needs to be delivered to a destination network inside an outer IP packet?
payload
What is additional control information about the payload that is being carried or the forwarding behavior that needs to be applied to the packets being tunneled at decapsulation—or both?
Encapsulation header
What indicates how the encapsulated payload data is transported to the other end of the tunnel?
Delivery or transport header
What is a GRE stateless tunnel?
The tunnel endpoint does not keep information about the remote tunnel endpoint’s state or availability.
How many bytes of overhead does a GRE tunnel add?
At least 24 bytes of overhead: This includes a new 20-byte IP header, which indicates the source and destination IP addresses of the GRE tunnel. The remaining 4 bytes are for the GRE header itself.
Does GRE support multiprotocol and ability to tunnel any OSI Layer 3 protocol?
Yes. It uses a protocol type field in the GRE header to support the encapsulation of any OSI Layer 3 protocol.
Does GRE provide security features?
Nope. No strong confidentiality, data source authentication, or data integrity mechanism exists in GRE. GRE can, however, be used with IPsec to provide confidentiality, source authentication, and data integrity.
What happens if packets are larger than the interface’s maximum transmission unit (MTU) permits?
the router must fragment the packet.
What can fragmentation cause?
Significant CPU overhead on a router, which can affect all packet forwarding.
How can you change MTU on an interface?
You change the MTU on an interface by using the command ip mtu mtu.
What might have to be done to prevent TCP sessions from being dropped?
Adjust the TCP maximum segment size (MSS) value by using the command ip tcp adjust-mss mss value for the interface.
Which of the following is not a characteristic of GRE?
A. GRE has weak security features.
B. GRE can tunnel any Layer 3 protocol.
C. GRE tunnels are stateful.
D. GRE can carry routing protocols within the tunnel.
C. GRE tunnels are stateful.
Which of the following is not necessary to create a GRE tunnel?
A. IP address
B. Tunnel source
C. Tunnel destination
D. Routing protocol
Routing protocol
Which of the following is performed by the routers in a tunnel path between two GRE router endpoints?
A. Parsing the payload
B. Parsing the IP packet
C. Encapsulating the payload packet
D. Decapsulating the payload packet
B. Parsing the IP packet
What is a centralized architecture that provides ease of management and control for VPN deployments? It allows for easier scaling of large and small IPsec VPNs with GRE tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP).
Dynamic Multipoint VPN (DMVPN)
What is a Cisco VTI?
Cisco IOS VTIs are used to provide a simplified configuration process for connecting remote sites. VTIs provide an alternative to the use of GRE or Layer 2 Tunneling Protocol (L2TP) for encapsulation.
What is a unified solution that simplifies the deployment of multiple types of VPNs?
Cisco IOS FlexVPN
What is a suite of protocols based on RFC 4301 that provides data confidentiality, data integrity, and data origin authentication of IP packets?
IPsec
IPsec uses what three protocols?
IKE, AH, and ESP
What provides authentication of IPsec peers, negotiates IPsec security associations, and establishes IPsec keys?
Internet Key Exchange (IKE)
What port does IKE use?
UDP port 500
What uses protocol number 51 and provides encapsulation for user traffic authentication?
Authentication Header (AH)
Does AH provide encryption?
No
What uses protocol number 50 and provides encapsulation for user traffic encryption and authentication?
Encapsulating Security Payload (ESP)
What command would you use to verify a Site-to-Site IPsec configuration?
show crypto isakmp sa
What are one of the downsides of using a GRE tunnel alone?
they transport packets in plaintext and offer no protection for the payload.
What does GRE support that IPsec doesn’t?
IP broadcast or IP multicast. It’s best to use them in conjuction.
What are the two IPsec modes?
Tunnel and Transport mode
What is Tunnel Mode?
Tunnel mode protects the original IP header within a new IPsec IP header. Tunnel mode is the default mode.