ENCOR Test Flashcards

Question

25. Which two steps are required for a complete Cisco DNA Center upgrade? (Choose two.) ``` A. automation backup B. system update C. golden image selection D. proxy configuration E. application updates ```

Answer 1

B. system update | E. application updates

Answer 2

B. They provide a standardized data structure, which results in configuration scalability and consistency. Explanation: Yet Another Next Generation (YANG) is a language which is only used to describe data models (structure). It is not XML or JSON.

Answer 3

B. {“Name”: “Bob Johnson”, “Age”: 75, “Alive”: true, “Favorite Foods”: [“Cereal”, “Mustard”, “Onions”]} Explanation: JSON data is written as name/value pairs. A name/value pair consists of a field name (in double quotes), followed by a colon, followed by a value: “name”:”Mark” ``` JSON can use arrays. Array values must be of type string, number, object, array, boolean or null. For example: { “name”:”John”, “age”:30, “alive”:true, “cars”:[ “Ford”, “BMW”, “Fiat” ] } ```

Answer 4

B. not established Explanation: On Ethernet interfaces, the OSPF hello interval is 10 seconds by default so in this case there would be a Hello interval mismatch -> the OSPF adjacency would not be established.

Answer 5

B. Enter spanning-tree port-priority 32 on SW1. Explanation: SW1 needs to block one of its ports to SW2 to avoid a bridging loop between the two switches. Unfortunately, it blocked the fiber port Link2. But how does SW2 select its blocked port? Well, the answer is based on the BPDUs it receives from SW1. answer ‘Enter spanning-tree port-priority 32 on SW1’ BPDU is superior than another if it has: 1. answer ‘Enter spanning-tree port-priority 32 on SW1’ lower Root Bridge ID 2. answer ‘Enter spanning-tree port-priority 32 on SW1’ lower path cost to the Root 3. answer ‘Enter spanning-tree port-priority 32 on SW1’ lower Sending Bridge ID 4. answer ‘Enter spanning-tree port-priority 32 on SW1’ lower Sending Port ID These four parameters are examined in order. In this specific case, all the BPDUs sent by SW1 have the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). And the port index of Gi0/0 is lower than the port index of Gi0/1 so Link 1 has been chosen as the primary link. Therefore we must change the port priority to change the primary link. The lower numerical value of port priority, the higher priority that port has. In other words, we must change the port-priority on Gi0/1 of SW1 (not on Gi0/1 of SW2) to a lower value than that of Gi0/0.

Answer 6

C. {“switch”: {“name”: “dist1”, “interfaces”: [“gig1”, “gig2”, “gig3”]}} ``` Explanation: This JSON can be written as follows: { ‘switch’: { ‘name’: ‘dist1’, ‘interfaces’: [‘gig1’, ‘gig2’, ‘gig3’] }} ```

Answer 7

B. radar | E. rogue AP

Answer 8

C. logging host 10.2.3.4 vrf mgmt transport tcp port 6514 Explanation: The TCP port 6514 has been allocated as the default port for syslog over Transport Layer Security (TLS).

Answer 9

C. Each HSRP group reinitializes because the virtual MAC address has changed.

Answer 10

C. HTTPS Explanation: The REST API accepts and returns HTTP (not enabled by default) or HTTPS messages that contain JavaScript Object Notation (JSON) or Extensible Markup Language (XML) documents. You can use any programming language to generate the messages and the JSON or XML documents that contain the API methods or Managed Object (MO) descriptions

Answer 11

A. notification

Answer 12

D. 192.168.101.18 Explanation: The ‘>’ shown in the output above indicates that the path with the next hop of 192.168.101.2 is the current best path. Path Selection Attributes: Weight > Local Preference > Originate > AS Path > Origin > MED > External > IGP Cost > eBGP Peering > Router ID BGP prefers the path with the highest weight but the weights here are all 0 (which indicate all routes that are not originated by the local router) so we need to check the Local Preference. Answer ‘192.168.101.18’ path without LOCAL_PREF (LocPrf column) means it has the default value of 100. Therefore we can find the two next best paths with the next hop of 192.168.101.18 and 192.168.101.10. We have to move to the next path selection attribute: Originate. BGP prefers the path that the local router originated (which is indicated with the “next hop 0.0.0.0”). But none of the two best paths is self-originated. The AS-Path of the next-hop 192.168.101.18 is shorter than the AS Path of the next-hop 192.168.101.10 then the next-hop 192.168.101.18 will be chosen as the next best path.

Answer 13

D. auto/auto

Answer 14

B. router with the highest priority

Answer 15

C. marking Explanation: QoS Packet Marking refers to changing a field within a packet either at Layer 2 (802.1Q/p CoS, MPLS EXP) or Layer 3 (IP Precedence, DSCP and/or IP ECN).

Answer 16

A. default VRF

Answer 17

A. text string

Answer 18

C. encrypted authentication E. IP access list-based Explanation: The time kept on a machine is a critical resource and it is strongly recommended that you use the security features of NTP to avoid the accidental or malicious setting of incorrect time. The two security features available are an access list-based restriction scheme and an encrypted authentication mechanism.

Answer 19

C. MACsec Explanation: MACsec, defined in 802.1AE, provides MAC-layer encryption over wired networks by using out-of-band methods for encryption keying. The MACsec Key Agreement (MKA) Protocol provides the required session keys and manages the required encryption keys. MKA and MACsec are implemented after successful authentication using the 802.1x Extensible Authentication Protocol (EAP-TLS) or Pre Shared Key (PSK) framework. A switch using MACsec accepts either MACsec or non-MACsec frames, depending on the policy associated with the MKA peer. MACsec frames are encrypted and protected with an integrity check value (ICV). When the switch receives frames from the MKA peer, it decrypts them and calculates the correct ICV by using session keys provided by MKA. The switch compares that ICV to the ICV within the frame. If they are not identical, the frame is dropped. The switch also encrypts and adds an ICV to any frames sent over the secured port (the access point used to provide the secure MAC service to an MKA peer) using the current session key.

Answer 20

A. Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.

Answer 21

C. DHCP Option 43 | D. broadcasting on the local subnet

Answer 22

A. UDP jitter Explanation: Cisco IOS IP SLA Responder is a Cisco IOS Software component whose functionality is to respond to Cisco IOS IP SLA request packets. The IP SLA source sends control packets before the operation starts to establish a connection to the responder. Once the control packet is acknowledged, test packets are sent to the responder. The responder inserts a time-stamp when it receives a packet and factors out the destination processing time and adds time-stamps to the sent packets. This feature allows the calculation of unidirectional packet loss, latency, and jitter measurements with the kind of accuracy that is not possible with ping or another dedicated probe testing.

Answer 23

C. Type 1 hypervisor runs directly on the physical hardware of the host machine without relying on the underlying OS. Explanation: There are two types of hypervisors: type 1 and type 2 hypervisor. In type 1 hypervisor (or native hypervisor), the hypervisor is installed directly on the physical server. Then instances of an operating system (OS) are installed on the hypervisor. Type 1 hypervisor has direct access to the hardware resources. Therefore they are more efficient than hosted architectures. Some examples of type 1 hypervisor are VMware vSphere/ESXi, Oracle VM Server, KVM, and Microsoft Hyper-V. In contrast to a type 1 hypervisor, a type 2 hypervisor (or hosted hypervisor) runs on top of an operating system and not the physical hardware directly. answer ‘Type 1 hypervisor runs directly on the physical hardware of the host machine without relying on the underlying OS’ big advantage of Type 2 hypervisors is that management console software is not required. Examples of type 2 hypervisor are VMware Workstation (which can run on Windows, Mac, and Linux) or Microsoft Virtual PC (only runs on Windows).

Answer 24

B. permit tcp host 209.165.201.25 host 209.165.200.225 eq 80

Answer 25

D. type 4 Explanation: Summary ASBR LSA (Type 4) – Generated by the ABR to describe an ASBR to routers in other areas so that routers in other areas know how to get to external routes through that ASBR. For example, suppose R8 is redistributing an external route (EIGRP, RIP…) to R3. This makes R3 an Autonomous System Boundary Router (ASBR). When R2 (which is an ABR) receives this LSA Type 1 update, R2 will create LSA Type 4 and flood into Area 0 to inform them how to reach R3. When R5 receives this LSA it also floods into Area 2. In the above example, the only ASBR belongs to area 1 so the two ABRs (R2 & R5) send LSA Type 4 to area 0 & area 2 (not vice versa). This is an indication of the existence of the ASBR in area 1. Note: + Type 4 LSAs contain the router ID of the ASBR. + There are no LSA Type 4 injected into Area 1 because every router inside area 1 knows how to reach R3. R3 only uses LSA Type 1 to inform R2 about R8 and inform R2 that R3 is an ASBR.

Answer 26

D. SW1(config)#vtp pruning Explanation: SW3 does not have VLAN 60 so it should not receive traffic for this VLAN (sent from SW2). Therefore we should configure VTP Pruning on SW3 so that SW2 does not forward VLAN 60 traffic to SW3. Also notice that we need to configure pruning on SW1 (the VTP Server), not SW2.

Answer 27

A. It is in local mode and must be connected directly to the fabric edge switch. Explanation: Fabric mode APs continue to support the same wireless media services that traditional APs support; apply AVC, quality of service (QoS), and other wireless policies; and establish the CAPWAP control plane to the fabric WLC. Fabric APs join as local-mode APs and must be directly connected to the fabric edge node switch to enable fabric registration events, including RLOC assignment via the fabric WLC. The fabric edge nodes use CDP to recognize APs as special wired hosts, applying special port configurations and assigning the APs to a unique overlay network within a common EID space across a fabric. The assignment allows management simplification by using a single subnet to cover the AP infrastructure at a fabric site.

Answer 28

B. permit 10.0.0.1 0.0.0.254 Explanation: Remember, for the wildcard mask, 1s are I DON’T CARE, and 0s are I CARE. So now let’s analyze a simple ACL: access-list 1 permit 172.23.16.0 0.0.15.255 Two first octets are all 0’s meaning that we care about the network .x.x. The third octet of the wildcard mask, 15 (0000 1111 in binary), means that we care about the first 4 bits but don’t care about the last 4 bits so we allow the third octet in the form of 0001xxxx (minimum:00010000 = 16; maximum: 0001111 = 31). The fourth octet is 255 (all 1 bits) which means I don’t care. Therefore network 172.23.16.0 0.0.15.255 ranges from 172.23.16.0 to 172.23.31.255. Now let’s consider the wildcard mask of 0.0.0.254 (four-octet: 254 = 1111 1110) which means we only care about the last bit. Therefore if the last bit of the IP address is a “1” (0000 0001) then only odd numbers are allowed. If the last bit of the IP address is a “0” (0000 0000) then only even numbers are allowed. Note: In binary, odd numbers always end with a “1” while even numbers always end with a “0”. Therefore in this question, only the statement “permit 10.0.0.1 0.0.0.254” will allow all odd-numbered hosts in the 10.0.0.0/24 subnet.

Answer 29

A. R1(config)#router bgp 1 R1(config-router)#neighbor 192.168.10.2 remote-as 2 R1(config-router)#network 10.1.1.0 mask 255.255.255.0 R2(config)#router bgp 2 R2(config-router)#neighbor 192.168.10.1 remote-as 1 R2(config-router)#network 10.2.2.0 mask 255.255.255.0 Explanation: With BGP, we must advertise the correct network and subnet mask in the “network” command (in this case network 10.1.1.0/24 on R1 and network 10.2.2.0/24 on R2). BGP is very strict in the routing advertisements. In other words, BGP only advertises the network which exists exactly in the routing table. In this case, if you put the command “network x.x.0.0 mask 255.255.0.0” or “network x.0.0.0 mask 255.0.0.0” or “network x.x.x.x mask 255.255.255.255” then BGP will not advertise anything. It is easy to establish eBGP neighborship via the direct link. But let’s see what are required when we want to establish eBGP neighborship via their loopback interfaces. We will need two commands: + the command “neighbor 10.1.1.1 ebgp-multihop 2” on R1 and “neighbor 10.2.2.2 ebgpmultihop 2” on R1. This command increases the TTL value to 2 so that BGP updates can reach the BGP neighbor which is two hops away. + Answer ‘R1 (config) #router bgp 1 R1 (config-router) #neighbor 192.168.10.2 remote-as 2 R1 (config-router) #network 10.1.1.0 mask 255.255.255.0 R2 (config) #router bgp 2 R2 (config-router) #neighbor 192.168.10.1 remote-as 1 R2 (config-router) #network 10.2.2.0 mask 255.255.255.0 Quick Wireless Summary Cisco Access Points (APs) can operate in one of two modes: autonomous or lightweight + Autonomous: self-sufficient and standalone. Used for small wireless networks. + Lightweight: A Cisco lightweight AP (LAP) has to join a Wireless LAN Controller (WLC) to function. LAP and WLC communicate with each other via a logical pair of CAPWAP tunnels. – Control and Provisioning for Wireless Access Point (CAPWAP) is an IETF standard for control messaging for setup, authentication and operations between APs and WLCs. CAPWAP is similar to LWAPP except the following differences: +CAPWAP uses Datagram Transport Layer Security (DTLS) for authentication and encryption to protect traffic between APs and controllers. LWAPP uses AES. + CAPWAP has a dynamic maximum transmission unit (MTU) discovery mechanism. + CAPWAP runs on UDP ports 5246 (control messages) and 5247 (data messages) An LAP operates in one of six different modes: + Local mode (default mode): measures noise floor and interference, and scans for intrusion detection (IDS) events every 180 seconds on unused channels + FlexConnect, formerly known as Hybrid Remote Edge AP (H-REAP), mode: allows data traffic to be switched locally and not go back to the controller. The FlexConnect AP can perform standalone client authentication and switch VLAN traffic locally even when it’s disconnected to the WLC (Local Switched). FlexConnect AP can also tunnel (via CAPWAP) both user wireless data and control traffic to a centralized WLC (Central Switched). + Monitor mode: does not handle data traffic between clients and the infrastructure. It acts like a sensor for location-based services (LBS), rogue AP detection, and IDS + Rogue detector mode: monitor for rogue APs. It does not handle data at all. + Sniffer mode: run as a sniffer and captures and forwards all the packets on a particular channel to a remote machine where you can use protocol analysis tool (Wireshark, Airopeek, etc) to review the packets and diagnose issues. Strictly used for troubleshooting purposes. + Bridge mode: bridge together the WLAN and the wired infrastructure together. Mobility Express is the ability to use an access point (AP) as a controller instead of a real WLAN controller. But this solution is only suitable for small to midsize, or multi-site branch locations where you might not want to invest in a dedicated WLC. A Mobility Express WLC can support up to 100 Aps.

Answer 30

A. event manager applet ondemand event none action 1.0 syslog priority critical msg ‘This is a message from ondemand’ Explanation: An EEM policy is an entity that defines an event and the actions to be taken when that event occurs. There are two types of EEM policies: an applet or a script. An applet is a simple form of policy that is defined within the CLI configuration. answer ‘event manager applet ondemand event register action 1.0 syslog priority critical msg ‘This is a message from ondemand’ <=”” p=”” style=”box-sizing: border-box;”> There are two ways to manually run an EEM policy. EEM usually schedules and runs policies on the basis of an event specification that is contained within the policy itself. The event none command allows EEM to identify an EEM policy that can be manually triggered. To run the policy, use either the action policy command in applet configuration mode or the event manager run command in privileged EXEC mode.

Answer 31

D. local WLC

Answer 32

C. vManage Explanation: The primary components for the Cisco SD-WAN solution consist of the vManage network management system (management plane), the vSmart controller (control plane), the vBond orchestrator (orchestration plane), and the vEdge router (data plane). + vManage – This centralized network management system provides a GUI interface to easily monitor, configure, and maintain all Cisco SD-WAN devices and links in the underlay and overlay network. + vSmart controller – This software-based component is responsible for the centralized control plane of the SD-WAN network. It establishes a secure connection to each vEdge router and distributes routes and policy information via the Overlay Management Protocol (OMP), acting as a route reflector. It also orchestrates the secure data plane connectivity between the vEdge routers by distributing crypto key information, allowing for a very scalable, IKE-less architecture. + vBond orchestrator – This software-based component performs the initial authentication of vEdge devices and orchestrates vSmart and vEdge connectivity. It also has an important role in enabling the communication of devices that sit behind Network Address Translation (NAT). + vEdge router – This device, available as either a hardware appliance or software-based router, sits at a physical site or in the cloud and provides secure data plane connectivity among the sites over one or more WAN transports. It is responsible for traffic forwarding, security, encryption, Quality of Service (QoS), routing protocols such as Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF), and more.

Answer 33

C. It is provided using NGINX acting as a proxy web server. Explanation: When a device boots up with the startup configuration, the nginx process will be running. NGINX is an internal webserver that acts as a proxy webserver. It provides Transport Layer Security (TLS)-based HTTPS. RESTCONF request sent via HTTPS is first received by the NGINX proxy web server, and the request is transferred to the confd web server for further syntax/semantics check.

Answer 34

D. mismatched MTU size Explanation: When OSPF adjacency is formed, a router goes through several state changes before it becomes fully adjacent with its neighbor. The states are Down -> Attempt (optional) -> Init -> 2-Way -> Exstart -> Exchange -> Loading -> Full. Short descriptions about these states are listed below: Down: no information (hellos) has been received from this neighbor. Attempt: only valid for manually configured neighbors in an NBMA environment. In Attempt state, the router sends unicast hello packets every poll interval to the neighbor, from which hellos have not been received within the dead interval. Init: specifies that the router has received a hello packet from its neighbor, but the receiving router’s ID was not included in the hello packet 2-Way: indicates bi-directional communication has been established between two routers. Exstart: Once the DR and BDR are elected, the actual process of exchanging link state information can start between the routers and their DR and BDR. Exchange: OSPF routers exchange database descriptor (DBD) packets Loading: In this state, the actual exchange of link state information occurs Full: routers are fully adjacent with each other (Reference: Neighbors Stuck in Exstart/Exchange State the problem occurs most frequently when attempting to run OSPF between a Cisco router and another vendor’s router. The problem occurs when the maximum transmission unit (MTU) settings for neighboring router interfaces don’t match. If the router with the higher MTU sends a packet larger that the MTU set on the neighboring router, the neighboring router ignores the packet.

Answer 35

A. ETR Explanation: An Egress Tunnel Router (ETR) connects a site to the LISP-capable part of a core network (such as the Internet), publishes EID-to-RLOC mappings for the site, responds to Map-Request messages, and decapsulates and delivers LISP-encapsulated user data to end systems at the site.

Answer 36

C. Agent-based tools do not require a high-level language interpreter such as Python or Ruby on slave nodes. Explanation: Agentless tool means that no software or agent needs to be installed on the client machines that are to be managed. Ansible is such an agentless tool. In contrast to an agentless tool, the agent-based tool requires software or agent to be installed on the client. Therefore the master and slave nodes can communicate directly without the need of high-level language interpreter. An agentless tool uses standard protocols, such as SSH, to push configurations down to a device (and it can be considered a “messaging system”)

Answer 37

C. It maintains two tables in the data plane: the FIB and adjacency table. Explanation: Cisco Express Forwarding (CEF) provides the ability to switch packets through a device in a very quick and efficient way while also keeping the load on the router’s processor low. CEF is made up of two different main components: the Forwarding Information Base (FIB) and the Adjacency Table. These are automatically updated at the same time as the routing table. The Forwarding Information Base (FIB) contains destination reachability information as well as next-hop information. This information is then used by the router to make forwarding decisions. The FIB allows for very efficient and easy lookups. The adjacency table is tasked with maintaining the layer 2 next-hop information for the FIB. It uses a fast cache that is maintained in a router data plane’ fast cache is only used when fast switching is enabled while CEF is disabled.

Answer 38

C. The 10.1.1.0/27 subnet is assigned as the inside local addresses. D. Inside source addresses are translated to the 209.165.201.0/27 subnet.

Answer 39

C. RADIUS server

Answer 40

A. three parts separated by dots: header, payload, and signature Explanation: JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA. JSON Web Tokens are composed of three parts, separated by a dot (.): Header, Payload, Signature. Therefore, a JWT typically looks like the following: xxxxx.yyyyy.zzzzz The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA. The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional data. To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

Answer 41

C. The client made a request for a resource that does not exist. Explanation: The 404 (Not Found) error status code indicates that the REST API can’t map the client’s URI to a resource but may be available in the future. Subsequent requests by the client are permissible.

Answer 42

D. lower latency between systems that are physically located near each other Explanation: The difference between on-premise and cloud is essentially where this hardware and software reside. On-premise means that a company keeps all of this IT environment onsite either managed by themselves or a third-party. Cloud means that it is housed offsite with someone else responsible for monitoring and maintaining it.

Answer 43

D. Mobility Express

Answer 44

C. PATCH F. HEAD Explanation: RESTCONF operations include OPTIONS, HEAD, GET, POST, PATCH, DELETE.

Answer 45

B. Layer 3 intercontroller

Answer 46

A. VXLAN encapsulates a Layer 2 frame in an IP-UDP header, which allows Layer 2 adjacency across router boundaries. Explanation: 802.1Q VLAN identifier space is only 12 bits. The VXLAN identifier space is 24 bits. This doubling in size allows the VXLAN ID space to support 16 million Layer 2 segments -> Answer ‘VXLAN extends the Layer 2 Segment ID field to 24-bits, which allows up to 4094 unique Layer 2 segments over the same network’ is not correct. VXLAN is a MAC-in-UDP encapsulation method that is used in order to extend a Layer 2 or Layer 3 overlay network over a Layer 3 infrastructure that already exists.

Answer 47

C. It does not require a RADIUS server certificate.

Answer 48

C. interface between the controller and the network devices

Answer 49

C. CISCO-CAPWAP-CONTROLLER.local

Answer 50

A. MSS Explanation: The TCP Maximum Segment Size (TCP MSS) defines the maximum amount of data that a host is willing to accept in a single TCP/IP datagram. This TCP/IP datagram might be fragmented at the IP layer. The MSS value is sent as a TCP header option only in TCP SYN segments. Each side of a TCP connection reports its MSS value to the other side. Contrary to popular belief, the MSS value is not negotiated between hosts. The sending host is required to limit the size of data in a single TCP segment to a value less than or equal to the MSS reported by the receiving host. TCP MSS takes care of fragmentation at the two endpoints of a TCP connection, but it does not handle the case where there is a smaller MTU link in the middle between these two endpoints. PMTUD was developed in order to avoid fragmentation in the path between the endpoints. It is used to dynamically determine the lowest MTU along the path from a packet’s source to its destination.

Answer 51

B. A special VLAN type must be used as the RSPAN destination. Explanation: in all participating switches -> This VLAN can be considered a special VLAN type -> Answer ‘A special VLAN type must be used as the RSPAN destination’ is correct.

Answer 52

D. config t IP access-list extended EGRESS 5 permit IP 10.1.10.0 0.0.0.255 10.1.2.0 0.0.0.255

Answer 53

C. performs route leaking between user-defined virtual networks and shared services Explanation: Today the Dynamic Network Architecture Software-Defined Access (DNA-SDA) solution requires a fusion router to perform VRF route leaking between user VRFs and Shared-Services, which may be in the Global routing table (GRT) or another VRF. Shared Services may consist of DHCP, Domain Name System (DNS), Network Time Protocol (NTP), Wireless LAN Controller (WLC), Identity Services Engine (ISE), DNAC components which must be made available to other virtual networks (VN’s) in the Campus.

Answer 54

B. The port-channel on SW2 is using an incompatible protocol. Explanation: The Cisco switch was configured with PAgP, which is a Cisco proprietary protocol so the non-Cisco switch could not communicate.

Answer 55

B. It reads an SNMP variable, and when the value exceeds 75%, it triggers an action. Explanation: EEM offers the ability to monitor events and take informational or corrective action when the monitored events occur or reach a threshold. An EEM policy is an entity that defines an event and the actions to be taken when that event occurs. There are two types of EEM policies: an applet or a script. An applet is a simple form of policy that is defined within the CLI configuration. To specify the event criteria for an Embedded Event Manager (EEM) applet that is run by sampling Simple Network Management Protocol (SNMP) object identifier values, use the event snmp command in applet configuration mode. event snmp oid oid-value get-type {exact | next} entry-op operator entry-val entryvalue [exit-comb {or | and}] [exit-op operator] [exit-val exit-value] [exit-time exit-timevalue] poll-interval poll-int-value + oid: Specifies the SNMP object identifier (object ID) + get-type: Specifies the type of SNMP get operation to be applied to the object ID specified by the oid-value argument. – next – Retrieves the object ID that is the alphanumeric successor to the object ID specified by the oid-value argument. + entry-op: Compares the contents of the current object ID with the entry value using the specified operator. If there is a match, an event is triggered and event monitoring is disabled until the exit criteria are met. + entry-val: Specifies the value with which the contents of the current object ID are compared to decide if an SNMP event should be raised. + exit-op: Compares the contents of the current object ID with the exit value using the specified operator. If there is a match, an event is triggered and event monitoring is reenabled. + poll-interval: Specifies the time interval between consecutive polls (in seconds)

Answer 56

D. event manager applet boom event syslog pattern ‘UP’ action 1.0 puts ‘logging directly to console’

Answer 57

B. IP MTU | C. TCP MSS

Answer 58

C. distribute security information for tunnel establishment between vEdge routers Explanation: + Orchestration plane (vBond) assists in secure onboarding the SD-WAN WAN Edge routers into the SD-WAN overlay (-> Therefore answer “onboard vEdge nodes into the SD-WAN fabric” mentioned about vBond). The vBond controller, or orchestrator, authenticates and authorizes the SD-WAN components onto the network. The vBond orchestrator takes an added responsibility to distribute the list of vSmart and vManage controller information to the WAN Edge routers. vBond is the only device in SD-WAN that requires a public IP address as it is the first point of contact and authentication for all SD-WAN components to join the SD-WAN fabric. All other components need to know the vBond IP or DNS information. + Management plane (vManage) is responsible for central configuration and monitoring. The vManage controller is the centralized network management system that provides a single pane of a glass GUI interface to easily deploy, configure, monitor, and troubleshoot all Cisco SD-WAN components in the network. (-> Answer “manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric” and answer “gather telemetry data from vEdge routers” are about vManage) + Control plane (vSmart) builds and maintains the network topology and makes decisions on the traffic flows. The vSmart controller disseminates control plane information between WAN Edge devices, implements control plane policies, and distributes data plane policies to network devices for enforcement (-> Answer “distribute security information for tunnel establishment between vEdge routers” is about vSmart)

Answer 59

A. The access point is part of the fabric overlay. Explanation: Access Points + AP is directly connected to FE[FabricEdge] (or to an extended node switch) + AP is part of Fabric overlay

Answer 60

B. unequal-cost load balancing

Answer 61

B. weight, local preference, AS path, MED Explanation: Path Selection Attributes: Weight > Local Preference > Originate > AS Path > Origin > MED > External > IGP Cost > eBGP Peering > Router ID

Answer 62

B. northbound APIs

Answer 63

A. VXLAN Explanation: The tunneling technology used for the fabric data plane is based on Virtual Extensible LAN (VXLAN). VXLAN encapsulation is UDP based, meaning that it can be forwarded by any IP-based network (legacy or a third party) and creates the overlay network for the SD-Access fabric. Although LISP is the control plane for the SD-Access fabric, it does not use LISP data encapsulation for the data plane; instead, it uses VXLAN encapsulation because it is capable of encapsulating the original Ethernet header to perform MAC-in-IP encapsulation, while LISP does not. Using VXLAN allows the SD-Access fabric to support Layer 2 and Layer 3 virtual topologies (overlays) and the ability to operate over any IP-based network with built-in network segmentation (VRF instance/VN) and built-in group-based policy.

Answer 64

A. The enable secret password is protected via stronger cryptography mechanisms. Explanation: The “enable secret” password is always encrypted (independent of the “service password encryption” command) using MD5 hash algorithm. The “enable password” does not encrypt the password and can be view in clear text in the running-config. In order to encrypt the “enable password”, use the “service password-encryption” command. This command will encrypt the passwords by using the Vigenere encryption algorithm. Unfortunately, the Vigenere encryption method is cryptographically weak and trivial to reverse. The MD5 hash is a stronger algorithm than Vigenere so answer ‘The enable secret password is protected via stronger cryptography mechanisms’ is correct.

Answer 65

C. Permit tcp any any range 22 443 Deny tcp any any eq 80

Answer 66

C. Each virtual machine requires a unique IP and MAC addresses to be able to reach to other nodes. Explanation: A virtual machine (VM) is a software emulation of a physical server with an operating system. From an application’s point of view, the VM provides the look and feel of a real physical server, including all its components, such as CPU, memory, and network interface cards (NICs). The virtualization software that creates VMs and performs the hardware abstraction that allows multiple VMs to run concurrently is known as a hypervisor. There are two types of hypervisors: type 1 and type 2 hypervisor. In type 1 hypervisor (or native hypervisor), the hypervisor is installed directly on the physical server. Then instances of an operating system (OS) are installed on the hypervisor. Type 1 hypervisor has direct access to the hardware resources. Therefore they are more efficient than hosted architectures. Some examples of type 1 hypervisor are VMware vSphere/ESXi, Oracle VM Server, KVM and Microsoft Hyper-V. In contrast to type 1 hypervisor, a type 2 hypervisor (or hosted hypervisor) runs on top of an operating system and not the physical hardware directly. answer ‘Each virtual machine requires a unique IP and MAC addresses to be able to reach to other nodes’ big advantage of Type 2 hypervisors is that management console software is not required. Examples of type 2 hypervisor are VMware Workstation (which can run on Windows, Mac and Linux) or Microsoft Virtual PC (only runs on Windows).

Answer 67

A. The local router is attempting to open a TCP session with the neighboring router. Explanation: The BGP session may report in the following states 1 – Idle: the initial state of a BGP connection. In this state, the BGP speaker is waiting for a BGP start event, generally either the establishment of a TCP connection or the re-establishment of a previous connection. Once the connection is established, BGP moves to the next state. 2 – Connect: In this state, BGP is waiting for the TCP connection to be formed. If the TCP connection completes, BGP will move to the Open Sent stage; if the connection cannot complete, BGP goes to Active 3 – Active: In the Active state, the BGP speaker is attempting to initiate a TCP session with the BGP speaker it wants to peer with. If this can be done, the BGP state goes to Open Sent state. 4 – Open Sent: the BGP speaker is waiting to receive an OPEN message from the remote BGP speaker 5 – Open Confirm: Once the BGP speaker receives the OPEN message and no error is detected, the BGP speaker sends a KEEPALIVE message to the remote BGP speaker 6 – Established: All of the neighbor negotiations are complete. You will see a number, which tells us the number of prefixes the router has received from a neighbor or peer group.

Answer 68

B. ERSPAN Explanation: Encapsulated Remote SPAN (ERSPAN): encapsulated Remote SPAN (ERSPAN), as the name says, brings generic routing encapsulation (GRE) for all captured traffic and allows it to be extended across Layer 3 domains.

Answer 69

B. Use a virtual switch provided by the hypervisor. | D. Use a single routed link to an external router on stick.

Answer 70

A. EIRP Explanation: Once you know the complete combination of transmitter power level, the length of cable, and the antenna gain, you can figure out the actual power level that will be radiated from the antenna. This is known as the effective isotropic radiated power (EIRP), measured in dBm. EIRP is a very important parameter because it is regulated by governmental agencies in most countries. In those cases, a system cannot radiate signals higher than a maximum allowable EIRP. To find the EIRP of a system, simply add the transmitter power level to the antenna gain and subtract the cable loss. EIRP = Tx Power – Tx Cable + Tx Antenna Suppose a transmitter is configured for a power level of 10 dBm (10 mW). answer ‘SNR’ cable with 5-dB loss connects the transmitter to an antenna with an 8-dBi gain. The resulting EIRP of the system is 10 dBm – 5 dB + 8 dBi, or 13 dBm. You might notice that the EIRP is made up of decibel-milliwatt (dBm), dB relative to an isotropic antenna (dBi), and decibel (dB) values. Even though the units appear to be differrent, you can safely combine them because they are all in the dB “domain”. Reference: CCNA Wireless 640-722 Official Cert Guide

Answer 71

A. Yagi Explanation: A Yagi antenna is formed by driving a simple antenna, typically a dipole or dipole-like antenna, and shaping the beam using a well-chosen series of non-driven elements whose length and spacing are tightly controlled.

Answer 72

D. SwitchC(config)#interface port-channel 1 SwitchC(config-if)#switchport trunk allowed vlan remove 110 Explanation: From the “show vlan brief” we learn that Finance belongs to VLAN 110 and all VLANs (from 1 to 1005) are allowed to traverse the trunk (port-channel 1). Therefore we have to remove VLAN 110 from the allowed VLAN list with the “switchport trunk allowed vlan remove ” command. The pruning feature cannot do this job as Finance VLAN is active.

Answer 73

D. 7.0(3)I7(4)

Answer 74

B. Identity Service Engine

Answer 75

A. R4(config-router)#bgp default local-preference 200 Explanation: Local preference is an indication to the AS about which path has preference to exit the AS in order to reach a certain network. A path with a higher local preference is preferred. The default value for local preference is 100. Unlike the weight attribute, which is only relevant to the local router, local preference is an attribute that routers exchange in the same AS. The local preference is set with the “bgp default local-preference value” command. In this case, both R3 & R4 have exit links but R4 has higher local-preference so R4 will be chosen as the preferred exit point from AS 200.

Answer 76

C. RESTCONF Explanation: YANG (Yet another Next Generation) is a data modeling language for the definition of data sent over network management protocols such as the NETCONF and RESTCONF.

Answer 77

``` C. class-map match-all CoPP_SSH match access-group name CoPP_SSH ! Policy-map CoPP_SSH class CoPP_SSH police cir 100000 exceed-action drop ! ! ! Control-plane service-policy input CoPP_SSH ! ip access-list extended CoPP_SSH permit tcp any any eq 22 ! ``` Explanation: CoPP protects the route processor on network devices by treating route processor resources as a separate entity with its own ingress interface (and in some implementations, egress also). CoPP is used to police traffic that is destined to the route processor of the router such as: + routing protocols like OSPF, EIGRP, or BGP. + Gateway redundancy protocols like HSRP, VRRP, or GLBP. + Network management protocols like telnet, SSH, SNMP, or RADIUS. Therefore we must apply the CoPP to deal with SSH because it is in the management plane. CoPP must be put under “control-plane” command.

Answer 78

B. Stratum 1 Explanation: The stratum levels define the distance from the reference clock. A reference clock is a stratum 0 device that is assumed to be accurate and has little or no delay associated with it. Stratum 0 servers cannot be used on the network but they are directly connected to computers which then operate as stratum-1 servers. A stratum 1-time server acts as a primary network time standard. A stratum 2 server is connected to the stratum 1 server; then a stratum 3 server is connected to the stratum 2 server and so on. A stratum 2 server gets its time via NTP packet requests from a stratum 1 server. A stratum 3 server gets its time via NTP packet requests from a stratum-2 server… A stratum server may also peer with other stratum servers at the same level to provide a more stable and robust time for all devices in the peer group (for example a stratum 2 server can peer with other stratum 2 servers). NTP uses the concept of a stratum to describe how many NTP hops away a machine is from an authoritative time source. A stratum 1-time server typically has an authoritative time source (such as a radio or atomic clock, or a Global Positioning System (GPS) time source) directly attached, a stratum 2-time server receives its time via NTP from a stratum 1-time server, and so on.

Answer 79

B. It buffers and queue packets above the committed rate. Explanation: Traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of time. The result of traffic shaping is a smoothed packet output rate.

Answer 80

C. Policing drops traffic that exceeds the defined rate E. Policing should be performed as close to the source as possible Explanation: Traffic policing propagates bursts. When the traffic rate reaches the configured maximum rate (or committed information rate), excess traffic is dropped (or remarked). The result is an output rate that appears as a saw-tooth with crests and troughs. Unlike traffic shaping, traffic policing does not cause a delay. Classification (which includes traffic policing, traffic shaping and queuing techniques) should take place at the network edge. It is recommended that classification occur as close to the source of the traffic as possible.

Answer 81

A. PIM sparse mode uses a pull model to deliver multicast traffic Explanation: PIM dense mode (PIM-DM) uses a push model to flood multicast traffic to every corner of the network. This push model is a brute-force method of delivering data to the receivers. This method would be efficient in certain deployments in which there are active receivers on every subnet in the network. PIM-DM initially floods multicast traffic throughout the network. Routers that have no downstream neighbors prune the unwanted traffic. This process repeats every 3 minutes. PIM Sparse Mode (PIM-SM) uses a pull model to deliver multicast traffic. Only network segments with active receivers that have explicitly requested the data receive the traffic. PIM-SM distributes information about active sources by forwarding data packets on the shared tree. Because PIM-SM uses shared trees (at least initially), it requires the use of an RP. The RP must be administratively configured in the network. Answer C seems to be correct but it is not, PIM spare mode uses sources (not receivers) to register with the RP. Sources register with the RP, and then data is forwarded down the shared tree to the receivers.

Answer 82

B. RLOC E. EID Explanation: Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address: + Endpoint identifiers (EIDs)—assigned to end hosts. + Routing locators (RLOCs)—assigned to devices (primarily routers) that make up the global routing system.

Answer 83

A. GLBP Explanation: The main disadvantage of HSRP and VRRP is that only one gateway is elected to be the active gateway and used to forward traffic whilst the rest are unused until the active one fails. Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol and performs a similar function to HSRP and VRRP but it supports load balancing among members in a GLBP group.

Answer 84

A. R1 (config-if) #interface Gi0/0 R1 (config-if) #ip ospf network point-to-point R2 (config-if) #interface Gi0/0 R2 (config-if) #ip ospf network point-to-point Explanation: Broadcast and Non-Broadcast networks elect DR/BDR while Point-to-point/multipoint do not elect DR/BDR. Therefore we have to set the two Gi0/0 interfaces to point-to-point or point-to-multipoint network to ensure that a DR/BDR election does not occur.

Answer 85

A. vSwitch must interrupt the server CPU to process the broadcast packet B. The Layer 2 domain can be large in virtual machine environments Explanation: Broadcast radiation is the accumulation of broadcast and multicast traffic on a computer network. Extreme amounts of broadcast traffic constitute a broadcast storm. The amount of broadcast traffic you should see within a broadcast domain is directly proportional to the size of the broadcast domain. Therefore if the layer 2 domain in virtual machine environment is too large, broadcast radiation may occur -> VLANs should be used to reduce broadcast radiation. Also if virtual machines communicate via broadcast too much, broadcast radiation may occur. Another reason for broadcast radiation is using a trunk (to extend VLANs) from the network switch to the physical server. Note about the structure of virtualization in a hypervisor: Hypervisors provide virtual switch (vSwitch) that Virtual Machines (VMs) use to communicate with other VMs on the same host. The vSwitch may also be connected to the host’s physical NIC to allow VMs to get layer 2 access to the outside world. Each VM is provided with a virtual NIC (vNIC) that is connected to the virtual switch. Multiple vNICs can connect to a single vSwitch, allowing VMs on a physical host to communicate with one another at layer 2 without having to go out to a physical switch. Although vSwitch does not run Spanning-tree protocol but vSwitch implements other loop prevention mechanisms. For example, a frame that enters from one VMNIC is not going to go out of the physical host from a different VMNIC card.

Answer 86

C. two-tier Explanation: Intent-based Networking (IBN) transforms a hardware centric, manual network into a controller-led network that captures business intent and translates it into policies that can be automated and applied consistently across the network. The goal is for the network to continuously monitor and adjust network performance to help assure desired business outcomes. IBN builds on software-defined networking (SDN). SDN usually uses spine-leaf architecture, which is typically deployed as two layers: spines (such as an aggregation layer), and leaves (such as an access layer).

Answer 87

B. Not all of the controllers within the mobility group are using the same virtual interface IP address Explanation: A prerequisite for configuring Mobility Groups is “All controllers must be configured with the same virtual interface IP address”. If all the controllers within a mobility group are not using the same virtual interface, inter-controller roaming may appear to work, but the handoff does not complete, and the client loses connectivity for a period of time.

Answer 88

D. PBKDF2, BCrypt, and SCrypt Explanation: One of the best practices to secure REST APIs is using password hash. Passwords must always be hashed to protect the system (or minimize the damage) even if it is compromised in some hacking attempts. There are many such hashing algorithms which can prove really effective for password security e.g. PBKDF2, bcrypt and scrypt algorithms. Other ways to secure REST APIs are: Always use HTTPS, Never expose information on URLs (Usernames, passwords, session tokens, and API keys should not appear in the URL), Adding Timestamp in Request, Using OAuth, Input Parameter Validation. Reference: https://restfulapi.net/security-essentials/ We should not use MD5 or any SHA (SHA-1, SHA-256, SHA-512…) algorithm to hash password as they are not totally secure. Note: A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.

Answer 89

D. The RP is the multicast that is the root of the PIM-SM shared multicast distribution tree

Answer 90

B. m.lock (target=’running’) Explanation: The example below shows the usage of lock command: ! def demo(host, user, names): With manager. Connect(host=host, port=22, username=user) as m: With m.locked(target='running'): for n in names: m.edit_config (target='running', config=template % n) ! The command “m.locked (target=’running’)” causes a lock to be acquired on the running datastore.

Answer 91

C. edge node E. border node Explanation: There are five basic device roles in the fabric overlay: + Control plane node: This node contains the settings, protocols, and mapping tables to provide the endpoint-to-location (EID-to-RLOC) mapping system for the fabric overlay. + Fabric border node: This fabric device (for example, core layer device) connects external Layer 3 networks to the SDA fabric. + Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric. + Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the SDA fabric. + Intermediate nodes: These are intermediate routers or extended switches that do not provide any sort of SD-Access fabric role other than underlay services.

Answer 92

C. encapsulating and de-encapsulating VXLAN Ethernet frames Explanation: VTEPs connect between Overlay and Underlay network and they are responsible for encapsulating frame into VXLAN packets to send across IP network (Underlay) then decapsulating when the packets leaves the VXLAN tunnel.

Answer 93

C. intent-based APIs Explanation: The Cisco DNA Center open platform for intent-based networking provides 360- degree extensibility across multiple components, including: + Intent-based APIs leverage the controller to enable business and IT applications to deliver intent to the network and to reap network analytics and insights for IT and business innovation. These enable APIs that allow Cisco DNA Center to receive input from a variety of sources, both internal to IT and from line-of-business applications, related to application policy, provisioning, software image management, and assurance.

Answer 94

A. vBond Explanation: + Orchestration plane (vBond) assists in securely onboarding the SD-WAN WAN Edge routers into the SD-WAN overlay. The vBond controller, or orchestrator, authenticates and authorizes the SD-WAN components onto the network. The vBond orchestrator takes an added responsibility to distribute the list of vSmart and vManage controller information to the WAN Edge routers. vBond is the only device in SD-WAN that requires a public IP address as it is the first point of contact and authentication for all SD-WAN components to join the SD-WAN fabric. All other components need to know the vBond IP or DNS information.

Answer 95

B. Microsoft Hyper-V D. VMware ESX Explanation: A bare-metal hypervisor (Type 1) is a layer of software we install directly on top of a physical server and its underlying hardware. There is no software or any operating system in between, hence the name bare-metal hypervisor. A Type 1 hypervisor is proven in providing excellent performance and stability since it does not run inside Windows or any other operating system. These are the most common type 1 hypervisors: + VMware vSphere with ESX/ESXi + KVM (Kernel-Based Virtual Machine) + Microsoft Hyper-V + Oracle VM + Citrix Hypervisor (formerly known as Xen Server)

Answer 96

C. sensor mode

Answer 97

C. C.R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 ! R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any ! R1(config)#interface Gi0/1 R1(config-if)#ip access-group 150 in Explanation: We cannot filter traffic that is originated from the local router (R3 in this case) so we can only configure the ACL on R1 or R2. “Weekend hours” means from Saturday morning through Sunday night so we have to configure: “periodic weekend 00:00 to 23:59”. Note: The time is specified in 24-hour time (hh:mm), where the hours range from 0 to 23 and the minutes range from 0 to 59.

Answer 98

B. Template Editor Explanation: Cisco DNA Center provides an interactive editor called Template Editor to author CLI templates. Template Editor is a centralized CLI management tool to help design a set of device configurations that you need to build devices in a branch. When you have a site, office, or branch that uses a similar set of devices and configurations, you can use Template Editor to build generic configurations and apply the configurations to one or more devices in the branch.

Answer 99

D. intra-controller Explanation: Mobility, or roaming, is a wireless LAN client’s ability to maintain its association seamlessly from one access point to another securely and with as little latency as possible. Three popular types of client roaming are: Intra-Controller Roaming: Each controller supports same-controller client roaming across access points managed by the same controller. This roaming is transparent to the client as the session is sustained, and the client continues using the same DHCP-assigned or client-assigned IP address. Inter-Controller Roaming: Multiple-controller deployments support client roaming across access points managed by controllers in the same mobility group and on the same subnet. This roaming is also transparent to the client because the session is sustained and a tunnel between controllers allows the client to continue using the same DHCP- or client-assigned IP address as long as the session remains active. Inter-Subnet Roaming: Multiple-controller deployments support client roaming across access points managed by controllers in the same mobility group on different subnets. This roaming is transparent to the client because the session is sustained and a tunnel between the controllers allows the client to continue using the same DHCP-assigned or client-assigned IP address as long as the session remains active.

Answer 100

C. unicast discovery request to each WLC

Answer 101

A. The RSPAN VLAN is replaced by VLAN 223

Answer 102

B. to connect wired endpoint to the SD-Access fabric Explanation: + Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.

Answer 103

C. PAT Explanation: The command “ip nat inside source list 1 interface gigabitethernet0/0 overload” translates all source addresses that pass access list 1, which means 172.16.1.0/24 subnet, into an address assigned to gigabitethernet0/0 interface. Overload keyword allows mapping multiple IP addresses to a single registered IP address (manyto-one) by using different ports so it is called Port Address Translation (PAT).

Answer 104

B. Cisco Stealth watch system Explanation: The goal of the Cyber Threat Defense solution is to introduce a design and architecture that can help facilitate the discovery, containment, and remediation of threats once they have penetrated into the network interior. Cisco Cyber Threat Defense version 2.0 makes use of several solutions to accomplish its objectives: * NetFlow and the Lancope StealthWatch System – Broad visibility – User and flow context analysis – Network behavior and anomaly detection – Incident response and network forensics * Cisco FirePOWER and FireSIGHT – Real-time threat management – Deeper contextual visibility for threats bypassing the perimeters – URL control * Advanced Malware Protection (AMP) – Endpoint control with AMP for Endpoints – Malware control with AMP for networks and content * Content Security Appliances and Services – Cisco Web Security Appliance (WSA) and Cloud Web Security (CWS) – Dynamic threat control for web traffic – Outbound URL analysis and data transfer controls – Detection of suspicious web activity – Cisco Email Security Appliance (ESA) – Dynamic threat control for email traffic – Detection of suspicious email activity * Cisco Identity Services Engine (ISE) – User and device identity integration with Lancope StealthWatch – Remediation policy actions using pxGrid

Answer 105

A. load-balancing of unequal-cost paths

Answer 106

A. Use Cisco AMP deployment with the Malicious Activity Protection engine enabled. Explanation: Ransomware is malicious software that locks up the critical resources of the users. Ransomware uses well-established public/private key cryptography which leaves the only way of recovering the files being the payment of the ransom or restoring files from backups. Cisco Advanced Malware Protection (AMP) for Endpoints Malicious Activity Protection (MAP) engine defends your endpoints by monitoring the system and identifying processes that exhibit malicious activities when they execute and stops them from running. Because the MAP engine detects threats by observing the behavior of the process at run time, it can generically determine if a system is under attack by a new variant of ransomware or malware that may have eluded other security products and detection technology, such as legacy signature-based malware detection. The first release of the MAP engine targets identification, blocking, and quarantine of ransomware attacks on the endpoint.

Answer 107

A. the interface specified on the WLAN configuration

Answer 108

A. efficient scalability

Answer 109

A. increase the dynamic channel assignment interval Explanation: These message logs inform that the radio channel has been reset (and the AP must be down briefly). With dynamic channel assignment (DCA), the radios can frequently switch from one channel to another but it also makes disruption. The default DCA interval is 10 minutes, which is matched with the time of the message logs. By increasing the DCA interval, we can reduce the number of times our users are disconnected for changing radio channels.

Answer 110

A. Option 43

Answer 111

D. A local database is checked first. If that check fails, a TACACS+server is checked Explanation: The “aaa authentication login default local group tacacs+” command is broken down as follows: + The ‘aaa authentication’ part is simply saying we want to configure authentication settings. + The ‘login’ is stating that we want to prompt for a username/ password when a connection is made to the device. + The ‘default’ means we want to apply for all login connections (such as tty, vty, console and aux). If we use this keyword, we don’t need to configure anything else under tty, vty and aux lines. If we don’t use this keyword then we have to specify which line(s) we want to apply the authentication feature. + The ‘local group tacacs+” means all users are authenticated using router’s local database (the first method). If the credentials are not found on the local database, then the TACACS+ server is used (the second method).

Answer 112

B. It manages the control plane Explanation: Control plane (vSmart) builds and maintains the network topology and makes decisions on the traffic flows. The vSmart controller disseminates control plane information between WAN Edge devices, implements control plane policies, and distributes data plane policies to network devices for enforcement.

Answer 113

B. The API is joining a primed WLC

Answer 114

C. all devices in selected sites Explanation: When you click Deploy, Cisco DNA Center requests the Cisco Identity Services Engine (Cisco ISE) to send notifications about the policy changes to the network devices.

Answer 115

B. access tokens Explanation: The most common implementations of OAuth (OAuth 2.0) use one or both of these tokens: + access token: sent like an API key, it allows the application to access a user’s data; optionally, access tokens can expire. + refresh token: optionally part of an OAuth flow, refresh tokens retrieve a new access token if they have expired. OAuth2 combines Authentication and Authorization to allow more sophisticated scope and validity control.

Answer 116

D. ip access-list extended 100 deny tcp host 10.10.10.1 any eq 80 permit ip any any

Answer 117

D. Type 2 hypervisor Explanation: In contrast to a type 1 hypervisor, a type 2 hypervisor (or hosted hypervisor) runs on top of an operating system and not the physical hardware directly. A big advantage of Type 2 hypervisors is that management console software is not required. Examples of type 2 hypervisor are VMware Workstation (which can run on Windows, Mac and Linux) or Microsoft Virtual PC (only runs on Windows)

Answer 118

C. The Content-Type header sent was application/xml. Explanation: External RESTful service returns common HTTP response codes as described in the tables below. In addition to the status, codes returned in the response header, each response may have additional content [in JSON format] according to the nature of the request. This response can have several causes, and here are some common ones: - The content-type header is missing - Content-type does not match the submitted body data - Submitted body data does not respect the JSON or XML format.

Answer 119

C. OTP uses LISP encapsulation for dynamic multipoint tunneling Explanation: The EIGRP Over the Top solution can be used to ensure connectivity between disparate EIGRP sites. This feature uses EIGRP on the control plane and Locator ID Separation Protocol (LISP) encapsulation on the data plane to route traffic across the underlying WAN architecture. EIGRP is used to distribute routes between customer edge (CE) devices within the network, and the traffic forwarded across the WAN architecture is LISP encapsulated. EIGRP OTP only uses LISP for the data plane, EIGRP is still used for the control plane. Therefore we cannot say OTP uses LISP encapsulation for dynamic multipoint tunneling as this requires encapsulating both data and control plane traffic -> Answer ‘OTP uses LISP encapsulation for dynamic multipoint tunneling’ is not correct. In OTP, EIGRP serves as the replacement for LISP control plane protocols (therefore EIGRP will learn the next hop, not LISP -> Answer ‘LISP learns the next hop’ is not correct). Instead of doing dynamic EID-to-RLOC mappings in native LISP-mapping services, EIGRP routers running OTP over a service provider cloud create targeted sessions, use the IP addresses provided by the service provider as RLOCs, and exchange routes as EIDs.

Answer 120

A. network 20.1.1.2.0.0.0.0 area 0 Explanation: The network 20.0.0.0 0.0.0.255 area (” command on R2 did not cover the IP address of Fal/1 interface of R2 so OSPF did not run on this interface. Therefore we have to use the command “network 20.1.1.2 0.0.255.255 area 0” to turn on OSPF on this interface. Note: The command “network 20.1.1.2 0.0.255.255 area 0” can be used too so this answer is also correct but answer C is the best answer here. The network 0.0.0.0 255.255.255.255 area 0 command on R1 will run OSPF on all active interfaces of R1.

Answer 121

A. It can support multiple customers on a single switch B. It supports most routing protocols, including EIGRP, ISIS, and OSPF Explanation: In VRF-Lite, Route distinguisher (RD) identifies the customer routing table and allows customers to be assigned overlapping addresses. Therefore it can support multiple customers with overlapping addresses -> Answer ‘It can support multiple customers on a single switch’ is correct. VRFs are commonly used for MPLS deployments, when we use VRFs without MPLS then we call it VRF lite -> Answer ‘It supports MPLS-VRF label exchange and labeled packets’ is not correct. VRF-Lite supports the most popular routing protocols: BGP, OSPF, EIGRP, RIP, and static routing -> Answer ‘It supports most routing protocols, including EIGRP, ISIS, and OSPF’ is correct.

Answer 122

A. Cisco Express Forwarding uses a FIB to make IP destination prefix-based switching decisions correctly. Explanation: The Forwarding Information Base (FIB) table – CEF uses a FIB to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and these changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table.

Answer 123

D. RSPAN session 1 is incompletely configured for monitoring Explanation: SW1 has been configured with the following commands: SW1(config)#monitor session 1 source remote vlan 50 SW1(config)#monitor session 2 source interface fa0/14 SW1(config)#monitor session 2 destination interface fa0/15 Session 1 on SW1 was configured for Remote SPAN (RSPAN) while session 2 was configured for local SPAN. For RSPAN we need to configure the destination port to complete the configuration. Note: In fact, we cannot create such a session like session 1 because if we only configure Source RSPAN VLAN 50 (with the command monitor session 1 source remote vlan 50) then we will receive a Type: Remote Source Session (not Remote Destination Session).

Answer 124

B. stub Explanation: If we configured an EIGRP stub router so that it only advertises connected and summary routes. But we also want to have an exception to this rule then we can configure a leak-map. For example: ! R4(config-if)#router eigrp 1 R4(config-router)#eigrp stub R4(config)#ip access-list standard R4_L0opback0 R4(config-std-nacl)#permit host 4.4.4.4 R4(config)#route-map R4_L0opback0_LEAKMAP R4(config-route-map)#match ip address R4_L0opback0 R4(config)#router eigrp 1 R4(config-router)#eigrp stub leak-map ! As we can see the leak-map feature goes long with ‘eigrp stub’ command.

Answer 125

A. PETR C. MR Explanation: In this question, we suppose that we only need to send packets from the LISP site to the non-LISP site successfully. We don‘t care about the way back (if we care about the way back then all PETR, PITR, MS & MR are needed). Proxy Egress Tunnel Router (PETR): A LISP device that de-encapsulated packets from LISP sites to deliver them to non-LISP sites. When the xTR in LISP Site 1 wants to send traffic to the Non-LISP site, the ITR (not PETR) needs a Map-Resolver (MR) to send Map-Request to. When the ITR (the xTR in LISP Site 1 in the figure above) receives a negative MAP-Reply packet from MR, it caches that prefix and maps it to the PETR.

Answer 126

``` B. Sw1(config)# interface G0/0 Sw1(config-if)# no spanning-tree bpduguard enable Sw1(config-if)# shut Sw1(config-if)# no shut ```

Answer 127

B. The server that is providing the portal has a self-signed certificate

Answer 128

C. Add the auto command keyword to the username command Explanation: The “autocommand” causes the specified command to be issued automatically after the user logs in. When the command is complete, the session is terminated. Because the command can be any length and can contain embedded spaces, commands using the autocommand keyword must be the last option on the line. In this specific question, we have to enter the line “username CCNP autocommand show running-config”.

Answer 129

C. The tunnel mode is set to the default. Explanation: From the “Tunnel protocol/transport GRE/IP” line, we can deduce this tunnel is using the default IPv4 Layer-3 tunnel mode. We can return to this default mode with the "tunnel mode gre IP" command.

Answer 130

C. TCP traffic with the ACK bit set is allowed Explanation: The established keyword is only applicable to TCP access list entries to match TCP segments that have the ACK and/or RST control bit set (regardless of the source and destination ports), which assumes that a TCP connection has already been established in one direction only. Suppose you only want to allow the hosts inside your company to telnet to an outside server but not vice versa, you can simply use an “established” access-list like this: access-list 100 permit tcp any any established access-list 101 permit tcp any any eq telnet ! interface S0/0 ip access-group 100 in ip access-group 101 out !

Answer 131

C. The RIB includes many routes to the same destination prefix. The FIB contains only the best route

Answer 132

B. broadcast Explanation: The Broadcast network type is the default for an OSPF enabled ethernet interface (while Point-to-Point is the default OSPF network type for Serial interface with HDLC and PPP encapsulation).

Answer 133

B. This segment has no designated router because it is a p2p network type.

Answer 134

D. It combines the source and destination IP addresses to create a hash for each destination E. Each hash maps directly to a single entry in the adjacency table Explanation: Cisco IOS software basically supports two modes of CEF load balancing: On a per-destination or per-packet basis. For per-destination load balancing a hash is computed out of the source and destination IP address (- > Answer ‘It combines the source and destination IP addresses to create a hash for each destination’ is correct). This hash points to exactly one of the adjacency entries in the adjacency table (-> Answer ‘Each hash maps directly to a single entry in the adjacency table’ is correct), providing that the same path is used for all packets with this source/destination address pair. If per-packet load balancing is used the packets are distributed round-robin over the available paths. In either case, the information in the FIB and adjacency tables provide all the necessary forwarding information, just like for non-load balancing operation. The number of paths used is limited by the number of entries the routing protocol puts in the routing table, the default in IOS is 4 entries for most IP routing protocols with the exception of BGP, where it is one entry. The maximum number that can be configured is 6 different paths -> Answer ‘Cisco Express Forwarding can load-balance over a maximum of two destinations’ is not correct.

Answer 135

D. To segregate multiple routing tables on a single device

Answer 136

C. APIC uses a policy agent to translate policies into instructions Explanation: The southbound protocol used by APIC is OpFlex that is pushed by Cisco as the protocol for policy enablement across physical and virtual switches. Southbound interfaces are implemented with some called Service Abstraction Layer (SAL), which talks to the network elements via SNMP and CLI. Note: Cisco OpFlex is a southbound protocol in a software-defined network (SDN).

Answer 137

C. Ansible pushes the configuration to the client. Chef client pulls the configuration from the server. Explanation: Ansible works by connecting to your nodes and pushing out small programs, called “Ansible Modules” to them. These programs are written to be resource models of the desired state of the system. Ansible then executes these modules (over SSH by default) and removes them when finished. Chef is a much older, mature solution to configure management. Unlike Ansible, it does require an installation of an agent on each server, named chef-client. Also, unlike Ansible, it has a Chef server that each client pulls configuration from.

Answer 138

D. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+

Answer 139

D. overlay network Explanation: An overlay network creates a logical topology used to virtually connect devices that are built over an arbitrary physical underlay topology. An overlay network is created on top of the underlay network through virtualization (virtual networks). The data plane traffic and control plane signaling are contained within each virtualized network, maintaining isolation among the networks and independence from the underlay network. SD-Access allows for the extension of Layer 2 and Layer 3 connectivity across the overlay through the services provided by LISP.

Answer 140

``` B. R1(config)#interface GigabitEthernet0/0 R1(config)#ip nat outside R1(config)#interface GigabitEthernet0/1 R1(config)#ip nat inside ```

Answer 141

A. All traffic will be policed based on access-list 120.

Answer 142

A. HSRPv1 Explanation: The “virtual MAC address” is 0000.0c07.acXX (XX is the hexadecimal group number) so it is using HSRPv1. Note: HSRP Version 2 uses a new MAC address which ranges from 0000.0C9F.F000 to 0000.0C9F.FFFF.

Answer 143

C. permit host 192.168.0.5 eq 8080 host 172.16.0.2 Explanation: The inbound direction of G0/0 of SW2 only filter traffic from Web Server to PC-1 so the source IP address and port is of the Web Server.

Answer 144

B. 802.1s Explanation: Where to Use MST This diagram shows a common design that features access Switch A with 1000 VLANs redundantly connected to two distribution Switches, D1 and D2. In this setup, users connect to Switch A, and the network administrator typically seeks to achieve load balancing on the access switch Uplinks based on even or odd VLANs, or any other scheme deemed appropriate.

Answer 145

D. To provide human readability to scripting languages Explanation: replacing the process of manual configuration. Data models are written in a standard, industry-defined language. Although configurations using CLIs are easier (more human-friendly), automating the configuration using data models results in scalability.

Answer 146

C. Three versions of the VRRP protocol have been defined. | E. The TTL for VRRP packets must be 255.

Answer 147

B. While the AP is in standalone mode, the client will be placed in VLAN 10. F. When the AP transitions to connected mode, the client will remain associated. G. When the AP is in connected mode, the client will be placed in VLAN 15.

Answer 148

A. RLOC Explanation: Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address: + Endpoint identifiers (EIDs) – assigned to end hosts. + Routing locators (RLOCs) – assigned to devices (primarily routers) that make up the global routing system.

Answer 149

B. $_exit_status Explanation: With Synchronous ( sync yes), the CLI command in question is not executed until the policy exits. Whether or not the command runs depends on the value for the variable _exit_status. If_exit_status is 1, the command runs, if it is 0, the command is skipped.

Answer 150

``` D. interface Vlan10 no ip vrf forwarding Clients ip address 192.168.1.2 255.255.255.0 ! interface Vlan20 no ip vrf forwarding Servers ip address 172.16.1.2 255.255.255.0 ! interface Vlan30 no ip vrf forwarding Printers ip address 10.1.1.2 255.255.255.0 ``` Explanation: We must reconfigure the IP address after assigning or removing an interface to a VRF. Otherwise that interface does not have an IP address.

Answer 151

C. using BFD Explanation: The BFD (Bidirectional Forwarding Detection) is a protocol that detects link failures as part of the Cisco SD-WAN (Viptela) high availability solution, is enabled by default on all vEdge routers, and you cannot disable it.

Answer 152

C. traffic specification

Answer 153

B. YANG Explanation: Cisco IOS XE supports the Yet Another Next Generation (YANG) data modeling language. YANG can be used with the Network Configuration Protocol (NETCONF) to provide the desired solution of automated and programmable network operations. NETCONF(RFC6241) is an XML-based protocol that client applications use to request information from and make configuration changes to the device. YANG is primarily used to model the configuration and state data used by NETCONF operations.

Answer 154

B. spanning-tree mst 1 root primary E. spanning-tree mst 1 priority 4096 Explanation: Priority values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.

Answer 155

A. COS of 5 to DSCP 46 Explanation: CoS value 5 is commonly used for VOIP and CoS value 5 should be mapped to DSCP 46. DSCP 46 is defined as being for EF (Expedited Forwarding) traffic flows and is the value usually assigned to all interactive voice and video traffic. This is to keep the uniformity from end-to-end that DSCP EF (mostly for VOICE RTP) is mapped to COS 5. Note: + CoS is a L2 marking contained within an 802.1q tag,. The values for CoS are 0 – 7 + DSCP is a L3 marking and has values 0 – 63 + The default DSCP-to-CoS mapping for CoS 5 is DSCP 40

Answer 156

D. It is Layer 2 transport-independent correct E. It uses active traffic monitoring correct Explanation: IP SLAs allows Cisco customers to analyze IP service levels for IP applications and services, to increase productivity, to lower operational costs, and to reduce the frequency of network outages. IP SLAs use active traffic monitoring-the generation of traffic in a continuous, reliable, and predictable manner-for measuring network performance. Being Layer-2 transport-independent, IP SLAs can be configured end-to-end over disparate networks to best reflect the metrics that an end-user is likely to experience.

Answer 157

A. mandatory B. association-comeback D. saquery-retry-time

Answer 158

B. R2#no network 10.0.0.0 255.255.255.0 | C. R2#network 192.168.0.0 mask 255.255.0.0

Answer 159

D. The DF bit has been set Explanation: If the DF bit is set, routers cannot fragment packets. From the output below, we learn that the maximum MTU of R2 is 1492 bytes while we sent ping with 1500 bytes. Therefore these ICMP packets were dropped. Note: The record option displays the address(es) of the hops (up to nine) the packet goes through.

Answer 160

A. vrrp 10 ip 172.16.13.254 vrrp 10 preempt Explanation: In fact, VRRP has the preemption enabled by default so we don‘t need the vrrp 10 preempt command. The default priority is 100 so we don‘t need to configure it either. But notice that the correct command to configure the virtual IP address for the group is vrrp 10 ip {ipaddress} (not vrrp group 10 ip …) and this command does not include a subnet mask.

Answer 161

B. runs directly on a physical server and includes its own operating system Explanation: There are two types of hypervisors: type 1 and type 2 hypervisor. In type 1 hypervisor (or native hypervisor), the hypervisor is installed directly on the physical server. Then instances of an operating system (OS) are installed on the hypervisor. Type 1 hypervisor has direct access to the hardware resources. Therefore they are more efficient than hosted architectures. Some examples of type 1 hypervisor are VMware vSphere/ESXi, Oracle VM Server, KVM and Microsoft Hyper-V. In contrast to type 1 hypervisor, a type 2 hypervisor (or hosted hypervisor) runs on top of an operating system and not the physical hardware directly. A big advantage of Type 2 hypervisors is that management console software is not required. Examples of type 2 hypervisor are VMware Workstation (which can run on Windows, Mac and Linux) or Microsoft Virtual PC (only runs on Windows).

Answer 162

C. REST correct

Answer 163

A. by location Explanation: You can create a network hierarchy that represents your network‘s geographical locations. Your network hierarchy can contain sites, which in turn contain buildings and areas. You can create a site and building IDs to easily identify where to apply design settings or configurations later.

Answer 164

D. The packet arrives on router C fragmented. Explanation: Like any protocol, using GRE adds a few bytes to the size of data packets. This must be factored into the MSS and MTU settings for packets. If the MTU is 1,500 bytes and the MSS is 1,460 bytes (to account for the size of the necessary IP and TCP headers), the addition of GRE 24-byte headers will cause the packets to exceed the MTU: 1,460 bytes [payload] + 20 bytes [TCP header]+ 20 bytes [IP header] + 24 bytes [GRE header + IP header] = 1,524 bytes As a result, the packets will be fragmented. Fragmentation slows down packet delivery times and increases how much compute power is used, because packets that exceed the MTU must be broken down and then reassembled.

Answer 165

D. Routing Locator F. Endpoint Identifier Explanation: Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address: + Endpoint identifiers (EIDs)-assigned to end hosts. + Routing locators (RLOCs)-assigned to devices (primarily routers) that make up the global routing system.

Answer 166

C. SW2(config)#interface gi1/2 SW2(config)#switchport trunk allowed vlan 1-9,11-4094

Answer 167

A. northbound API B. business outcome-oriented Explanation: The Intent API is a Northbound REST API that exposes specific capabilities of the Cisco DNA Center platform. The Intent API provides the policy-based abstraction of business intent, allowing focus on an outcome rather than struggling with individual mechanisms steps.

Answer 168

A. ip nat inside source list 10 interface FastEthernet0/1 overload Explanation: The command ip nat inside source list 10 interface FastEthernet0/1 overload configures NAT to overload on the address that is assigned to the Fa0/1 interface.

Answer 169

D. There is instability in the network due to route flapping E. The tunnel destination is being routed out of the tunnel interface Explanation: The %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error message means that the generic routing encapsulation (GRE) tunnel router has discovered a recursive routing problem. This condition is usually due to one of these causes: + A misconfiguration that causes the router to try to route to the tunnel destination address using the tunnel interface itself (recursive routing) + A temporary instability caused by route flapping elsewhere in the network

Answer 170

C. The Port Cos value is 0

Answer 171

A. After you configure route-target import 999:999 for a VRF on PE1, the route will be accepted D. PE1 will reject the route due to automatic route filtering Explanation: Because some PE routers might receive routing information they do not require, a basic requirement is to be able to filter the MP-iBGP updates at the ingress to the PE router so that the router does not need to keep this information in memory. The Automatic Route Filtering feature fulfills this filtering requirement. This feature is available by default on all PE routers, and no additional configuration is necessary to enable it. Its function is to filter automatically VPN-IPv4 routes that contain a route target extended community that does not match any of the PE’s configured VRFs. This effectively discards any unwanted VPN-IPv4 routes silently, thus reducing the amount of information that the PE has to store in memory -> Answer ‘PE1 will reject the route due to automatic route filtering’ is correct.

Answer 172

B. Its virtual MAC is 0000.0C07.ACxx | D. It supports tracking

Answer 173

C. data plane forwarding

Answer 174

D. Yagi Explanation: Yagi Antenna Used to communicate in one direction (unidirectional) They have a longer range in comparison to Omni Antennas Typically only communicate with one other radio, however, can talk to multiple More common to see used in remote locations

Answer 175

B. standby 10 preempt Explanation: The preempt command enables the HSRP router with the highest priority to immediately become the active router.

Answer 176

A. send join messages toward a multicast source SPT

Answer 177

B. A path can be used for load balancing only if it is a feasible successor E. EIGRP supports 6 unequal-cost paths Explanation: EIGRP provides a mechanism to load balance over unequal cost paths (or called unequal cost load balancing) through the “variance” command. In other words, EIGRP will install all paths with metric < variance * best metric into the local routing table, provided that it meets the feasibility condition to prevent routing loop. The path that meets this requirement is called a feasible successor. If a path is not a feasible successor, it is not used in load balancing. Note: The feasibility condition states that, the Advertised Distance (AD) of a route must be lower than the feasible distance of the current successor route.

Answer 178

C. CEF uses the FIB and the adjacency table to make forwarding decisions, whereas process switching punts each packet. Explanation: “Punt” is often used to describe the action of moving a packet from the fast path (CEF) to the route processor for handling. Cisco Express Forwarding (CEF) provides the ability to switch packets through a device in a very quick and efficient way while also keeping the load on the router‘s processor low. CEF is made up of two different main components: the Forwarding Information Base (FIB) and the Adjacency Table. Process switching is the slowest switching methods (compared to fast switching and Cisco Express Forwarding) because it must find a destination in the routing table. Process switching must also construct a new Layer 2 frame header for every packet. With process switching, when a packet comes in, the scheduler calls a process that examines the routing table, determines which interface the packet should be switched to and then switches the packet. The problem is, this happens for the every packet.

Answer 179

E. WRED Explanation: Weighted Random Early Detection (WRED) is just a congestion avoidance mechanism. WRED drops packets selectively based on IP precedence. Edge routers assign IP precedences to packets as they enter the network. When a packet arrives, the following events occur: The average queue size is calculated. 2. If the average is less than the minimum queue threshold, the arriving packet is queued. 3. If the average is between the minimum queue threshold for that type of traffic and the maximum threshold for the interface, the packet is either dropped or queued, depending on the packet drop probability for that type of traffic. 4. If the average queue size is greater than the maximum threshold, the packet is dropped. WRED reduces the chances of tail drop (when the queue is full, the packet is dropped) by selectively dropping packets when the output interface begins to show signs of congestion (thus it can mitigate congestion by preventing the queue from filling up). By dropping some packets early rather than waiting until the queue is full, WRED avoids dropping large numbers of packets at once and minimizes the chances of global synchronization. Thus, WRED allows the transmission line to be used fully at all times. WRED generally drops packets selectively based on IP precedence. Packets with a higher IP precedence are less likely to be dropped than packets with a lower precedence. Thus, the higher the priority of a packet, the higher the probability that the packet will be delivered.

Answer 180

C. 6to4 Explanation: 6to4 tunnel is a technique that relies on reserved address space 2002::/16 (you must remember this range). These tunnels determine the appropriate destination address by combining the IPv6 prefix with the globally unique destination 6to4 border router’s IPv4 address, beginning with the 2002::/16 prefix, in this format: 2002:border-router-IPv4-address::/48 For example, if the border-router-IPv4-address is 64.101.64.1, the tunnel interface will have an IPv6 prefix of 2002:4065:4001:1::/64, where 4065:4001 is the hexadecimal equivalent of 64.101.64.1. This technique allows IPv6 sites to communicate with each other over the IPv4 network without explicit tunnel setup but we have to implement it on all routers on the path.

Answer 181

A. INIT B. listen E. speak Explanation: HSRP StatesWhen in operation, HSRP devices are configured into one of many states: Active – This is the state of the device that is actively forwarding traffic. Init or Disabled – This is the state of a device that is not yet ready or able to participate in HSRP. Learn – This is the state of a device that has not yet determined the virtual IP address and has not yet seen a hello message from an active device. Listen – This is the state of a device that is receiving hello messages. Speak – This is the state of a device that is sending and receiving hello messages. Standby – This is the state of a device that is prepared to take over the traffic forwarding duties from the active device.

Answer 182

B. Cloud costs adjust up or down depending on the amount of resources consumed. On- Prem costs for hardware, power, and space are ongoing regardless of usage D. Cloud resources scale automatically to an increase in demand. On-prem requires additional capital expenditure. Explanation: AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it’s easy to setup application scaling for

Answer 183

D. encrypted authentication mechanism E. access list-based restriction scheme Explanation: The time kept on a machine is a critical resource and it is strongly recommended that you use the security features of NTP to avoid the accidental or malicious setting of incorrect time. The two security features available are an access list-based restriction scheme and an encrypted authentication mechanism.

Answer 184

D. It enables HSRP to failover to the standby RP on the same device. Explanation: SSO HSRP alters the behavior of HSRP when a device with redundant Route Processors (RPs) is configured for stateful switchover (SSO) redundancy mode. When an RP is active and the other RP is standby, SSO enables the standby RP to take over if the active RP fails. The SSO HSRP feature enables the Cisco IOS HSRP subsystem software to detect that a standby RP is installed and the system is configured in SSO redundancy mode. Further, if the active RP fails, no change occurs to the HSRP group itself and traffic continues to be forwarded through the current active gateway device.

Answer 185

A. CDP C. LLDP F. a specified range of IP addresses Explanation: There are three ways for you to discover devices: Use Cisco Discovery Protocol (CDP) and provide a seed IP address. Specify a range of IP addresses. (A maximum range of 4096 devices is supported.) Use Link Layer Discovery Protocol (LLDP) and provide a seed IP address.

Answer 186

C. It immediately puts the port into the forwarding state when the switch is reloaded Explanation: Portfast feature should only be used on edge ports (ports directly connected to end stations). Neither edge ports or PortFast enabled ports generate topology changes when the link toggles so we cannot say Portfast reduces the STP convergence time. PortFast causes a switch or trunk port to enter the spanning-tree forwarding state immediately, bypassing the listening and learning states so answer ‘It immediately puts the port into the forwarding state when the switch is reloaded ‘ is the best choice.

Answer 187

C. Atlanta(config-route)#area 1 range 192.168.0.0 255.255.252.0

Answer 188

C. The EEM applet runs before the CLI command is executed D. The EEM applet requires a case-insensitive response Explanation: When you use the sync yes option in the event cli command, the EEM applet runs before the CLI command is executed. The EEM applet should set the _exit_status variable to indicate whether the CLI command should be executed (_exit_status set to one) or not (_exit_status set to zero). With the sync no option, the EEM applet is executed in background in parallel with the CLI command.

Answer 189

A. A NETCONF request was made for a data model that does not exist. Explanation: Missing Data Model RPC Error Reply Message If a request is made for a data model that doesn‘t exist on the Catalyst 3850 or a request is Reference:made for a leaf that is not implemented in a data model, the Server (Catalyst 3850) responds with an empty data response. This is expected behavior.

Answer 190

A. R3(config)#router bgp 200 R3(config-router)#neighbor 10.24.24.4 remote-as 100 R3(config-router)#bgp router-id 10.3.3.3 R4(config)#router bgp 100 R4(config-router)#neighbor 10.24.24.3 remote-as 200 R4(config-router)#bgp router-id 10.4.4.4

Answer 191

D. The remote router initiates the tunnel connection

Answer 192

D. Local authentication is maintained on the router | E. KRB5 authentication disables user access when an incorrect password is entered

Answer 193

D. access-list 110 permit tcp any any eq 21 established Explanation: The established keyword is only applicable to TCP access list entries to match TCP segments that have the ACK and/or RST control bit set (regardless of the source and destination ports), which assumes that a TCP connection has already been established in one direction only. Suppose you only want to allow the hosts inside your company to telnet to an outside server but not vice versa, you can simply use an ― ”established” access-list like this: access-list 100 permit tcp any any established access-list 101 permit tcp any any eq telnet ! interface S0/0 ip access-group 100 in ip access-group 101 out

Answer 194

D. LISP Explanation: We see in the traceroute result the packet could reach 10.99.69.5 (on R2) but it could not go any further so we can deduce an ACL on R3 was blocking it. Note: Record option displays the address(es) of the hops (up to nine) the packet goes through.

Answer 195

C. An ACL applied Inbound on fa0/1 of R3 is dropping the traffic. Explanation: We see in the traceroute result the packet could reach 10.99.69.5 (on R2) but it could not go any further so we can deduce an ACL on R3 was blocking it. Note: Record option displays the address(es) of the hops (up to nine) the packet goes through.

Answer 196

D. distribute policies that govern data forwarding performed within the SD-WAN fabric Explanation: Control plane (vSmart) builds and maintains the network topology and make decisions on the traffic flows. The vSmart controller disseminates control plane information between WAN Edge devices, implements control plane policies and distributes data plane policies to network devices for enforcement.

Answer 197

D. clustering Explanation: Clustering lets you group multiple Firepower Threat Defense (FTD) units together as a single logical device. Clustering is only supported for the FTD device on the Firepower 9300 and the Firepower 4100 series. A cluster provides all the convenience of a single device (management, integration into a network) while achieving the increased throughput and redundancy of multiple devices.

Answer 198

C. It holds a comprehensive database that tracks endpoints and networks in the fabric. Explanation: Fabric control plane node (C): One or more network elements that implement the LISP Map-Server (MS) and Map-Resolver (MR) functionality. The control plane node’s host tracking database keeps track of all endpoints in a fabric site and associates the endpoints to fabric nodes in what is known as an EID-to-RLOC binding in LISP.

Answer 199

D. must be combined with NSF to support uninterrupted Layer 3 operations E. requires synchronization between supervisors in order to guarantee continuous connectivity Explanation: against failure due to the Supervisor or loss of service because of software problems. The access layer typically provides Layer 2 services with redundant switches making up the distribution layer. The Layer 2 access layer can benefit from SSO deployed without NSF. Some Enterprises have deployed Layer 3 routing at the access layer. In that case, NSF/SSO can be used.

Answer 200

B. It determines which switch becomes active or standby Explanation: The Link Management Protocol (LMP) is activated on each link of the StackWise Virtual links as soon as the links are established. LMP ensures the integrity of SVL links and monitors and maintains the health of the links. The redundancy role of each switch is resolved by the StackWise Discovery Protocol (SDP). It ensures that the hardware and software versions are compatible to form the SVL and determines which switch becomes active or standby from a control plane perspective.

Answer 201

A. transmitter power

Answer 202

D. It enables Layer 2 and Layer 3 roaming between Itself and the primary controller.

Answer 203

A. mirrored wall C. fish tank Explanation: Windows can actually block your WiFi signal. How? Because the signals will be reflected by the glass. Some new windows have transparent films that can block certain wave types, and this can make it harder for your WiFi signal to pass through. Tinted glass is another problem for the same reasons. They sometimes contain metallic films that can completely block out your signal. Mirrors, like windows, can reflect your signal. They’re also a source of electromagnetic interference because of their metal backings. Reference: https://dis-dot-dat.net/what-materials-can-block-a-wifi-signal/ An incandescent light bulb, incandescent lamp or incandescent light globe is an electric light with a wire filament heated until it glows. WiFi operates in the gigahertz microwave band. The FCC has strict regulations on RFI (radio frequency interference) from all sorts of things, including light bulbs -> Incandesent lights do not interfere Wi-Fi networks. Note: + Many baby monitors operate at 900MHz and won’t interfere with Wi-Fi, which uses the 2.4GHz band. + DECT cordless phone 6.0 is designed to eliminate wifi interference by operating on a different frequency. There is essentially no such thing as DECT wifi interference.

Answer 204

C. The EIGRP metric Is calculated based on bandwidth and delay. The OSPF metric is calculated on bandwidth only. Explanation: By default, EIGRP metric is calculated: metric = bandwidth + delay While OSPF is calculated by: OSPF metric = Reference bandwidth / Interface bandwidth in bps (Or Cisco uses 100Mbps (108) bandwidth as reference bandwidth. With this bandwidth, our equation would be: Cost = 108/interface bandwidth in bps)

Answer 205

B. The RIB is a database of routing prefixes, and the FIB is the Information used to choose the egress interface for each packet. E. The RIB is derived from the control plane, and the FIB is derived from the RIB. Explanation: The Forwarding Information Base (FIB) contains destination reachability information as well as next-hop information. This information is then used by the router to make forwarding decisions. The FIB allows for very efficient and easy lookups. The FIB maintains next-hop address information based on the information in the IP routing table (RIB). Note: In order to view the Routing information base (RIB) table, use the show ip route command. To view the Forwarding Information Base (FIB), use the show ip cef command. RIB is in Control plane while FIB is in Data plane.

Answer 206

A. It creates two entries for each network node, one for Its identity and another for its location on the network. Explanation: Locator ID Separation Protocol (LISP) solves this issue by separating the location and identity of a device through the Routing locator (RLOC) and Endpoint identifier (EID): + Endpoint identifiers (EIDs) – assigned to end hosts. + Routing locators (RLOCs) – assigned to devices (primarily routers) that make up the global routing system.

Answer 207

D. The client database entry moves from controller A to controller B. Explanation: This is called Inter Controller-L2 Roaming. Inter-Controller (normally layer 2) roaming occurs when a client roam between two APs registered to two different controllers, where each controller has an interface in the client subnet. In this instance, controllers exchange mobility control messages (over UDP port 16666) and the client database entry is moved from the original controller to the new controller.

Answer 208

A. Configure the same protocol on the EtherChannel on switch SW1 and SW2. Explanation: In this case, we are using your EtherChannel without a negotiation protocol. As a result, if the opposite switch is not also configured for EtherChannel operation on the respective ports, there is a danger of a switching loop. The EtherChannel Misconfiguration Guard tries to prevent that loop from occuring by disabling all the ports bundled in the EtherChannel.

Answer 209

B. vSwitch Explanation: Each VM is provided with a virtual NIC (vNIC) that is connected to the virtual switch. Multiple vNICs can connect to a single vSwitch, allowing VMs on a physical host to communicate with one another at layer 2 without having to go out to a physical switch.

Answer 210

A. R1 becomes the active router. | D. If R1 goes down. R2 becomes active and remains the active device when R1 comes back online.

Answer 211

B. monitor session 1 source vlan 10 Explanation: A monitor session can source from interfaces or VLANs – not both at the same time. RSPAN consists of at least one RSPAN source session, an RSPAN VLAN, and at least one RSPAN destination session. You separately configure RSPAN source sessions and RSPAN destination sessions on different network devices. To configure an RSPAN source session on a device, you associate a set of source ports or source VLANs with an RSPAN VLAN. Traffic monitoring in a SPAN session has these restrictions: + Sources can be ports or VLANs, but you cannot mix source ports and source VLANs in the same session.

Answer 212

A. It creates device packs through the use of an SDK

Answer 213

C. VNID Explanation:VXLAN uses an 8-byte VXLAN header that consists of a 24-bit VNID and a few reserved bits. The VXLAN header together with the original Ethernet frame goes in the UDP payload. The 24-bit VNID is used to identify Layer 2 segments and to maintain Layer 2 isolation between the segments. [Outer MAC][Outer IP][UDP Header][VXLAN Header][L2 Frame][FCS] The key fields for the VXLAN packet in each of the protocol headers are: + Outer MAC header (14 bytes with 4 bytes optional) – Contains the MAC address of the source VTEP and the MAC address of the next-hop router. Each router along the packet‘s path rewrites this header so that the source address is the router‘s MAC address and the destination address is the next-hop router‘s MAC address. + Outer IP header (20 bytes)- Contains the IP addresses of the source and destination VTEPs. + (Outer) UDP header (8 bytes)- Contains source and destination UDP ports: – Source UDP port: The VXLAN protocol repurposes this standard field in a UDP packet header. Instead of using this field for the source UDP port, the protocol uses it as a numeric identifier for the particular flow between VTEPs. The VXLAN standard does not define how this number is derived, but the source VTEP usually calculates it from a hash of some combination of fields from the inner Layer 2 packet and the Layer 3 or Layer 4 headers of the original frame. – Destination UDP port: The VXLAN UDP port. The Internet Assigned Numbers Authority (IANA) allocates port 4789 to VXLAN. + VXLAN header (8 bytes)- Contains the 24-bit VNI (or VNID) + Original Ethernet/L2 Frame – Contains the original Layer 2 Ethernet frame. Let‘s see the structure of a VXLAN packet to understand how (note: VNI = VNID)

Answer 214

B. configure matching key-strings Explanation: From the output exhibit, we notice that the key-string of R1 is “Cisco123!” (letter “C”is in capital) while that of R2 is “cisco123!”. This causes a mismatch in the authentication so we have to fix their key-strings. Note: key-string [encryption-type] text-string: Configures the text string for the key. The textstring argument is alphanumeric, case-sensitive, and supports special characters.

Answer 215

C. Mismatched MTU size Explanation: When OSPF adjacency is formed, a router goes through several state changes before it becomes fully adjacent with its neighbor. The states are Down -> Attempt (optional) -> Init -> 2-Way -> Exstart -> Exchange -> Loading -> Full. Short descriptions about these states are listed below: Down: no information (hellos) has been received from this neighbor. Attempt: only valid for manually configured neighbors in an NBMA environment. In Attempt state, the router sends unicast hello packets every poll interval to the neighbor, from which hellos have not been received within the dead interval. Init: specifies that the router has received a hello packet from its neighbor, but the receiving router’s ID was not included in the hello packet 2-Way: indicates bi-directional communication has been established between two routers. Exstart: Once the DR and BDR are elected, the actual process of exchanging link state information can start between the routers and their DR and BDR. Exchange: OSPF routers exchange database descriptor (DBD) packets Loading: In this state, the actual exchange of link state information occurs Full: routers are fully adjacent with each other Neighbors Stuck in Exstart/Exchange State the problem occurs most frequently when attempting to run OSPF between a Cisco router and another vendor’s router. The problem occurs when the maximum transmission unit (MTU) settings for neighboring router interfaces don’t match. If the router with the higher MTU sends a packet larger that the MTU set on the neighboring router, the neighboring router ignores the packet.

Answer 216

C. Traffic received on VLANs 10, 11, and 12 is copied and sent to Interface g0/1.

Answer 217

A. R1 becomes the active router. | E. If R1 goes down, R2 becomes active and remains the active device when R1 comes back online.

Answer 218

D. It creates an SSH connection using the SSH key that is stored, and the password is ignored.

Answer 219

A. fabric control plane node Explanation: SD-Access Wireless Architecture Control Plane Node –A Closer Look Fabric Control-Plane Node is based on a LISP Map Server / Resolver Runs the LISP Endpoint ID Database to provide overlay reachability information + A simple Host Database, that tracks Endpoint ID to Edge Node bindings (RLOCs)+ Host Database supports multiple types of Endpoint ID (EID), such as IPv4 /32, IPv6 /128* or MAC/48 + Receives prefix registrations from Edge Nodes for wired clients, and from Fabric mode WLCs for wireless clients + Resolves lookup requests from FE to locate Endpoints + Updates Fabric Edge nodes, Border nodes with wireless client mobility and RLOC information

Answer 220

C. interface GigabitEthernet 0/0/0 ip flow monitor FLOW-MONITOR-1 sampler SAMPLER-1 input

Answer 221

D. Option D Explanation: The command ip nat inside source list 10 interface G0/3 overload configures NAT to overload (PAT) on the address that is assigned to the G0/3 interface.

Answer 222

``` B. Option B access-list 23 permit 10.10.10.0 0.0.0.255 line vty 0 15 access-class 23 in transport input ssh ```

Answer 223

B. OMP Explanation: Cisco SD-WAN uses Overlay Management Protocol (OMP) which manages the overlay network. OMP runs between the vSmart controllers and WAN Edge routers (and among vSmarts themselves) where control plane information, such as the routing, policy, and management information, is exchanged over a secure connection.

Answer 224

B. SSO Explanation: Stateful Switchover (SSO) provides protection for network edge devices with dual Route Processors (RPs) that represent a single point of failure in the network design, and where an outage might result in loss of service for customers.

Answer 225

B. The router with the lowest IP address Explanation: Query messages are used to elect the IGMP querier as follows: 1. When IGMPv2 devices start, they each multicast a general query message to the allsystems grou address of 224.0.0.1 with their interface address in the source IP address field of the message. 2. When an IGMPv2 device receives a general query message, the device compares the source IP address in the message with its own interface address. The device with the lowest IP address on the subnet is elected the IGMP querier. 3. All devices (excluding the querier) start the query timer, which is reset whenever a general query message is received from the IGMP querier. If the query timer expires, it is assumed that the IGMP querier has gone down, and the election process is performed again to elect a new IGMP querier.

Answer 226

A. event manager applet EEM_IP_SLA event track 10 state down Explanation: The ip sla 10 will ping the IP 192.168.10.20 every 3 seconds to make sure the connection is still up. We can configure an EEM applet if there is any problem with this IP SLA via the command event track 10 state down.

Answer 227

B. CPU and memory utilization are reduced | E. The number of packets to be analyzed are reduced

Answer 228

A. Option A R3(config)#route-map PREPEND permit 10 R3(config-route-map)#set as-path prepend 200 200 200 ! R3(config)#router bgp 200 R3(config-router)#neighbor 10.1.1.1 route-map PREPEND out Explanation: R3 advertises BGP updates to R1 with multiple AS 100 so R3 believes the path to reach AS 200 via R3 is farther than R2 so R3 will choose R2 to forward traffic to AS 200.

Answer 229

D. PC1 goes from ALSW1 to DSW2 to DSW1 Explanation: In the topology above, we see DSW2 has the lowest priority 24576 so it is the root bridge for VLAN 10 so surely all traffic for this VLAN must go through it. All the DSW2 ports must be in a forwarding state. And: + The direct link between DSW1 and ALSW1 is blocked by STP. + The direct link between DSW1 and ALSW2 is also blocked by STP. Therefore PC1 must go via this path: PC1 -> ALSW1 -> DSW2 -> DSW1.

Answer 230

A. hosted virtualization

Answer 231

D. interface tunnel1 IP address 10.111.111.1 255.255.255.0 tunnel source gigabitethernet0/0 tunnel destination 209.165.202.134

Answer 232

A. 10.111.111.1

Answer 233

A. The network device was receiving NTP time when the log messages were recorded

Answer 234

A. configure option 43 Hex F104.AC10.3205

Answer 235

A. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 global ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 global ip route 192.168.1.0 255.255.255.0 VlanlO ip route 172.16.1.0 255.255.255.0 Vlan20

Answer 236

D. It remains in err-disabled state until the spanning-tree portfast bpduguard disable command is entered in the interface configuration mode.

Answer 237

C. GO/1on Edge-01 and GO/1 on Edge-02

Answer 238

A. VXLAN Explanation: In SD-Access the control plane is based on LISP (Locator/ID Separation Protocol), the data plane is based on VXLAN (Virtual Extensible LAN), the policy plane is based on Cisco TrustSec, and the management plane is enabled and powered by Cisco DNA Center.

Answer 239

D. vrrp 5 IP 172.16.13.254 vrrp 5 priority 100

Answer 240

D. ability to operate on hardware that is running other OSs

Answer 241

A. Specify a VRF.

Answer 242

C. A route back to the R1 LAN network is missing in R2 | D. The source-interface is configured incorrectly.

Answer 243

C. HTTP Status Code 401 Explanation: A 401 error response indicates that the client tried to operate on a protected resource without providing the proper authorization. It may have provided the wrong credentials or none at all. Note: answer ‘HTTP Status Code 200’ 4xx code indicates a “client error” while a 5xx code indicates a “server error”.

Answer 244

D. omnidirectional antenna

Answer 245

C. line vty 0 15 exec-timeout 10 0

Answer 246

D. Router1(config-if)#tunnel source Loopback0

Answer 247

B. Those details are provided to Cisco DNA Center by the Identity Services Engine

Answer 248

B. Configure root guard and portfast on all access switch ports.

Answer 249

C. standby 300 priority 110 D. standby version 2 E. standby 300 preempt

Answer 250

D. fast roam

Answer 251

C. The access point is part the fabric overlay Explanation: Access Points + AP is directly connected to FE (or to an extended node switch) + AP is part of Fabric overlay

Answer 252

C. It is in local mode an must connected directly to the fabric edge switch. Explanation: Fabric mode APs continue to support the same wireless media services that traditional APs support; apply AVC, quality of service (QoS), and other wireless policies; and establish the CAPWAP control plane to the fabric WLC. Fabric APs join as local-mode APs and must be directly connected to the fabric edge node switch to enable fabric registration events, including RLOC assignment via the fabric WLC. The fabric edge nodes use CDP to recognize APs as special wired hosts, applying special port configurations and assigning the APs to a unique overlay network within a common EID space across a fabric. The assignment allows management simplification by using a single subnet to cover the AP infrastructure at a fabric site.

Answer 253

Traffic Policing: B. introduces no delay and jitter D. drops excessive traffic E. causes TCP retransmission when traffic is dropped Traffic Shaping: A. typically delays, rather than drops traffic C. buffers excessive traffic F. introduces delay and jitter

Answer 254

On-Premises: B. resources can be over or underutilized as requirements vary D. customizable hardware, purpose-built systems E. more suitable for companies with specific regulatory or security requirements Cloud: A. easy to scale and upgrade C. requires a strong and stable internet connection F. built-in, automated data backups, and recovery

Answer 255

OSPF: A. link-state routing protocol C. makes it easy to segment the network logically E. constructs three tables as part of its operation: neighbor table, topology table, and routing table EIGRP: B. supports unequal path load balancing D. distance vector routing protocol F. metric is based on delay and reliability by default (?)

Answer 256

A. accepts LISP encapsulated map requests: LISP map resolver B. learns of EID-prefix mapping entries from an ETR: LISP map server C. receives traffic from LISP sites and sends it to non-LISP sites: LISP proxy ETR D. receives packets from site-facing interfaces: LISP ITR

Answer 257

OSPF: A. uses areas to segment a network C. summarizes can be created in specific parts of the IGP topology EIGRP: B. DUAL algorithm D. summaries can be created anywhere in the IGP topology

Answer 258

StealthWatch: A. performs security analytics by collecting network flows ESA: B. protects against email threat vector AMP4E: C. provides malware protection on endpoints Umbrella: D. provides DNS protection FTD: E. provides IPS/IDS capabilities

Answer 259

OSPF C. Link State Protocol E. supports only equal multipath load balancing F. quickly computes new path upon link failure EIGRP A. maintains alternative loop-free backup path if available B. Advanced Distance Vector Protocol D. selects routes using the DUAL algorithm

Answer 260

On-Premises Infrastructure: B. slow upgrade lifecycle D. high capital expenditure E. enterprise owns the hardware Cloud-Hosted Infrastructure: A. low capital expenditure C. provider maintains the infrastructure F. fast upgrade lifecycle

Answer 261

HTTP basic authentication: A. username and password in an encoded string token-based authentication: B. authorization through an identity provider secure vault: C. public API resource OAuth : D. API-dependent secret

Answer 262

+ Step 1: DHCP Discover + Step 2: DHCP Offer + Step 3: DHCP Request + Step 4: DHCP ACK

Answer 263

A. bandwidth management technique which delays datagrams: shaping B. mechanism to create a scheduler for packets prior to forwarding: policy map C. portion of the IP header used to classify packets: DSCP D. mechanism to apply a QoS policy to an interface: service policy E. tool to enforce rate-limiting on ingress/egress: policing F. portion of the 802.1Q header used to classify packets: CoS

Answer 264

On-premises: A. significant initial investment but lower reoccurring costs B. company has control over the physical security of equipment Cloud: C. pay-as-you-go model D. physical location of data can be defined in the contract with a provider E. very scalable and fast delivery of changes in scale

Answer 265

A. IPv4 or IPv6 address of an endpoint within a LISP site: EID B. network infrastructure component that learns of EID-prefix mapping entries from an ETR: map server C. de-encapsulates LISP packets coming from outside of the LISP site to destinations inside of the site: ETR