Test 1 Flashcards
(98 cards)
What are structured data forms that are possible for use with RESTCONF as defined by YANG?
XML
JSON
Explanation
RESTCONF uses structured data (XML or JSON) and YANG to provide a REST-like APIs, enabling you to programmatically access different network devices. RESTCONF APIs use HTTPs methods.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/169/b_169_programmability_cg/restconf_programmable_interface.html
Your enterprise has invested in six Firepower NGFWs to help protect the network and end systems. What is the most powerful method of managing these systems?
FMC
The Firepower Management Center (FMC) is the recommended tool, especially when multiple devices are to be managed. Local management of a single system is possible using the FDM, if desired.
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp1010/firepower-1010-gsg/ftd-fmc.html
What decimal value is used for EF traffic marking in DSCP?
46
Explanation
101 110 are the markings for DSCP for EF traffic. This has a value of 46.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_0/qos/configuration/guide/nexus1000v_qos/qos_6dscp_val.pdf
statements regarding Access Control Lists in Cisco networking
Explanation
There are two incorrect statements here that you should not have chosen. The entry at the “end” of an ACL is an implicit DENY ALL, not a PERMIT ALL. You do not typically place a standard ACL close to the source of traffic as your only criteria is source address. You are most likely going to prevent the node from communicating with a wide variety of services. Extended ACLs can go close to the source of traffic more easily as they can be very precise in what they are filtering.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-create-ip-apply.html
What is is a core post-infection detection technology of Cisco AMP?
Explanation
There are four post-infection technologies - Cognitive Threat Analytics, Device Flow Correlation, Cloud Indication of Compromise, and Endpoint IOC.
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/amp-for-endpoints/white-paper-c11-740980.pdf
Cisco’s approach to location services in wireless LANs is to call upon a mapping of different areas that includes information on signal attenuation in the actual areas of the enterprise. What is this approach called?
Cisco RF Fingerprinting refers to a new and innovative approach that significantly improves the accuracy and precision available with traditional signal strength lateration techniques. Cisco RF Fingerprinting offers the simplicity of an RSSI-based lateration approach with customized calibration capabilities and improved indoor performance.”
Reference: https://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob30dg/Locatn.html
If you want to incorporate the status of an interface in HSRP, what keyword is critical?
track
You can use object tracking to incorporate the status of an interface in the HSRP calculations. For example: standby 10 track 1 decrement 20 In this configuration, there could be an object tracker (ID 1) that is tracking the interface status. Downing of the interface decrements priority by 20.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/15-mt/iap-15-mt-book/iap-eot.pdf
What does NETCONF use for the transport stack?
SSH/TCP
NETCONF uses SSH/TCP as the transport stack. SNMP uses UDP as transport.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cns/configuration/15-mt/cns-15-mt-book/netconf-sshv2.html
In Layer 3 roaming, what markings are used in order to facilitate successful communications following the wireless client roam?
ANCHOR
FOREIGN
In layer 3 roaming, the original controller marks the client with an “Anchor” entry in its own client database. The database entry is copied to the new controller client database and marked with a “Foreign” entry in the new controller.
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/overview.html
Which of the following FHRPs offers the lowest administrative overhead in a configuration that supports both HA and high performance?
GLBP
The Gateway Load Balancing Protocol features a simple configuration that can take advantage of load balancing using a variety of approaches and optimizations.
REFERENCE: https://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html
You are having issues with the BGP routing in your Enterprise. What is the second component of the BGP Best Path Selection Algorithm?
Highest Local_pref
The first attribute analyzed is WEIGHT. Larger is better. The second step is the largest LOCAL_PREF.
REFERENCE: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html
What component of the SD-WAN solution from Cisco Systems distributes routes and policy information via OMP?
vSmart - “This software-based component is responsible for the centralized control plane of the SD-WAN network. It maintains a secure connection to each WAN Edge router and distributes routes and policy information via the Overlay Management Protocol (OMP), acting as a route reflector. It also orchestrates the secure data plane connectivity between the WAN Edge routers by reflecting crypto key information originating from WAN Edge routers, allowing for a very scalable, IKE-less architecture.”
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
What component of the SD-WAN solution from Cisco Systems distributes routes and policy information via OMP?
You have a Cisco AP set to bridge mode. You have just performed a factory reset of the device. What mode is the AP in after the reset?
Bridge
“If the AP is in Bridge mode, then the same Bridge mode is retained after the factory reset of the AP; if the AP is in FlexConnect, Local, Sniffer, or any other mode, then the AP mode is set to Local mode after the factory reset of the AP. If you press the Reset button on the AP and perform a true factory reset, then the AP moves to a cookie configured mode.”
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/managing_aps.html
You are examining the configuration of a AAA method list on your Cisco router. You notice that the method list ends with the keyword none. What does this indicate?
When configuring a route map that modifies the MED value of a BGP prefix, what keyword is used for MED in the set statement?
You have configured a stub area in your OSPF network. What OSPF LSAs are dynamically filtered from appearing in the stub area? (Choose 2)
The stub area filters Type 4 and Type 5 LSAs. Remember, the Type 4 LSA defines the ASBR in the network, and the Type 5 LSAs are for the external prefixes.
REFERENCE: https://www.ajsnetworking.com/ospf-lsa-types/
You have client systems in the 10.10.10.0/24 subnet that need to be permitted access to an internal webserver at 10.20.20.100. Which permit entry for an ACL correctly defines this?
Permit tcp 10.10.10.0. 0.0.0.0.255 host 10.20.100 eq443
Here the traffic to filter is TCP. The source of the traffic is the subnet 10.10.10.0/24. Note the use of the host keyword to simplify the destination definition. Here we specify the 443 (HTTPS) port on the webserver to be granular with the permissions.
REFERENCE: https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html
In order to virtualize a workload recently, you had to install software on your Mac OS, and then install the virtual machine. What type of hypervisor is in use here?
Type 2
Type 1 hypervisors do not need to be installed within an OS. They can install on top of the “bare metal”. Type 2 hypervisors must be installed in an OS.
REFERENCE: https://searchservervirtualization.techtarget.com/definition/hosted-hypervisor-Type-2-hypervisor#:~:text=A%20Type%202%20hypervisor%2C%20also,Type%201%20and%20Type%202.
Several tests in the IP SLA feature require specialized software on the IP target system. What is this software called?
IP SLA responder
Some tests require the target to feature the IP SLA Responder feature. Note that many tests do not require this and the target can be any IP host on the network.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_overview-0.html
Which are valid reasons your OSPF speakers are stuck in the Exstart/Exchange state? (Choose 3)
Access list blocking the unicast packet
Both routers have the same RID
Mismatched MTU settings
A stub flag mismatch or an authentication failure would not result in a stuck state. REFERENCE: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13684-12.html#neighbors
You are curious about how Ansible is able to access and configure a remote node. What protocol is used for this?
SSH
Ansible is agentless. It does not need to install special software on the managed node. SSH is required to access and configure the remote device. REFERENCE: https://docs.ansible.com/ansible/latest/user_guide/connection_details.html
Which of the following syslog severity levels are considered more severe than WARNINGS? (Choose 2)
Errors
Warnings
Debugging are level 7 and are considered the least severe. Emergencies are level 0 and are the most severe.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html
When you are engaging in traffic engineering in BGP, you use the following regular expression syntax in your route map:
^65000$
What does this match?
Prefixes that have originated in the AS 65000
This regular expression matches those AS paths that begin (far right) with AS 65000. This position in the AS path indicates the prefix originated from that AS.
REFERENCE: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-mt/irg-15-mt-book/irg-external-sp.html#GUID-BDECC44A-630D-4E5B-9FEC-7FC4ACE6130F