Ccna ® Certification Practice Tests Jon Buhagiar

switching and routing data. Any data that is destined for

endpoints is switched or routed on the data plane. Switch plane

is not a term normally used to describe data types; therefore,

option D is an invalid answer.

35. A.  The data plane is responsible for switching and routing data.

Any data that is destined for endpoints is switched or routed on

the data plane. For example, when one computer pings another,

the ping is switched and routed on the data plane. The control

plane refers to any mechanism that controls the data plane. The

management plane is any mechanism that helps in the

management of a router or switch. Switch plane is not a term

normally used to describe data types; therefore, option C is an

invalid answer.

36. B.  Routing protocols such as OSPF and EIGRP would perform

their function on the control plane since they are controlling the

routing of the data plane. The data plane is responsible for

switching and routing data. Any data that is destined for

endpoints is switched or routed on the data plane. For example,

when one computer pings another, the ping is switched and

routed on the data plane. The management plane is any

mechanism that helps in the management of a router or switch.

Routing plane is not a term normally used to describe data

types; therefore, option D is an invalid answer.

37. D.  The Cisco Discovery Protocol (CDP) functions on the

management plane of the SDN model. It helps with

management of the routers and switches and does not directly

impact the data plane. The data plane is responsible for

switching and routing data. Any data that is destined for

endpoints is switched or routed on the data plane. Network

plane is not a term normally used to describe data types;

therefore, option C is an invalid answer. The management plane

is any mechanism that helps in the management of a router or

switch.

38. B.  The southbound interface (SBI) directly communicates with

the SDN devices. This control is done via several different types

of SBI protocols, such as OpenFlow, OpFlex, and CLI

(Telnet/SSH). The northbound interface (NBI) is responsible for

allowing communication between applications and the core of

the controller. The core of the controller is the mechanism that

connects the NBI to the SBI. Applications hosted on the

controller interface with the NBI.

39. C.  An application program interface (API) is a method the

programmer has created to allow other programs to

communicate with their program. The interprogrammability is

required when another program wants to share data with the

API. Although an API allows data transfer, it is not a program

specifically written for the transfer of data. An API is used for

network programmability, but it is not a language for network

programmability. An API does not allow for a program to be

virtualized.

40. C.  The northbound interface (NBI) is responsible for allowing

communication between applications and the core of the

controller. Applications therefore directly communicate with the

core through the northbound interface. The southbound

interface (SBI) directly communicates with the SDN devices.

The core of the controller is the mechanism that connects the

NBI to the SBI. The Simple Network Management Protocol

(SNMP) is used for the monitoring and collection of device

metrics.

41. B.  The data plane is responsible for the routing of packets to

specific destinations. The control plane would be responsible for

the management of the routes for the functional routing of

packets. The management plane would be responsible for the

management of all functions of the router. There is no plane

called the routing plane; therefore, option D is an invalid

answer.

42. B.  The maximum hop count on fabric switching is a total of 3

hops. When a host transmits, it will enter a Leaf switch; the Leaf

switch will then forward traffic to the Spine switch. The Spine

switch will in turn forward traffic to the corresponding Leaf

switch and to the destination host. Of course, traffic could be 1

hop away, if both hosts are on the same Leaf switch. However,

the maximum hop count is 3 hops.

43. D.  The underlay is where you will set the maximum

transmission unit (MTU). The overlay is where the tunnel or

virtual circuit is built using the underlay as the transport. A Leaf

switch is a part of the software-defined network (SDN), along

with the Spine switch; both need to have the same MTU set.

44. D.  When you configure access control lists (ACLs) through any

interface, you are affecting the control plane. This is because you

are controlling the flow of data with the ACL. You are accessing

the router through the management plane when you are

connected to either the web interface or the command-line

interface (CLI). The data plane is what you are controlling with

the control plane. The data plane is the actual flow of

information.

45. A.  Dynamic Multipoint Virtual Private Network (DMVPN) is a

wide area network (WAN) technology that allows for virtual

private networks (VPNs) to be created using the overlay of

software-defined networking (SDN). Virtual Extensible LAN

(VXLAN) is used to transport virtual local area network (VLAN)

traffic over routed connections. Equal-cost multi-path routing

(ECMP) is used by Leaf and Spine switches to provide a next-

hop packet forwarding decision.

46. C.  The Virtual Extensible LAN (VXLAN) protocol is used to

create layer 2 tunnels over a layer 3 network. The VXLAN

protocol functions by encapsulating layer 2 traffic inside of a

layer 3 packet. The Equal Cost Load Balancing Protocol (ECMP)

is used by Leaf and Spine switches to provide next-hop packet

forwarding decisions. Dynamic Multipoint Virtual Private

Network (DMVPN) is a point-to-multipoint VPN technology

used for layer 3 connectivity over a wide area network (WAN)

connection. The Enhanced Interior Gateway Routing Protocol

(EIGRP) is a Cisco proprietary layer 3 routing protocol.

47. A.  The Simple Network Management Protocol (SNMP) is a

protocol used on the management plane. SNMP is used for the

management of routers and switches because it can be writeable

and allow for configuration. The Cisco Discovery Protocol (CDP)

is a control protocol because it communicates port properties via

layer 2 frames, such as power requirements. The Internet

Control Message Protocol (ICMP) is a control protocol, because

it is used to send control messages back to the originating

device. The VLAN Trunking Protocol (VTP) is used to

communicate the control information of VLANs to other

participating switches.

48. A.  The equal-cost multi-path routing (ECMP) packet forwarding

protocol is used to calculate next-hop forwarding with SDN

switching networks. The Open Shortest Path First (OSPF)

protocol is a layer 3 routing protocol and not used with SDN

switching networks. The Multiprotocol Label Switching Protocol

(MPLS) is a protocol used with MPLS wide area network (WAN)

providers and not used with SDN switching networks. The CLOS

network is also known as a Leaf/Spine network, but it is the

topology and not a next-hop packet forwarding protocol.

49. C.  The Cisco DNA Center is Cisco’s next-generation software-

defined network (SDN) controller; it replaces Cisco’s

Application Policy Infrastructure Controller - Enterprise Module

(APIC-EM) platform. OpenFlow is a protocol used to configure

software-defined networks. Cisco Prime Infrastructure (CPI) is a

network management software suite, but it does not provide

SDN functionality. Cisco Software Defined - Wide Area Network

(SD-WAN) is an SDN controller for building WAN connections.

50. D.  After the Cisco Digital Network Architecture (Cisco DNA)

discovery process has found a device, it will use SSH, Telnet,

SNMPv2, SNMPv3, HTTP, HTTPS, and NETCONF. The

discovery process will not use OpenFlow, since this is a

configuration protocol that is mainly used by open platforms.

51. C.  The Assurance section of the Cisco DNA Center allows you to

see the overall health of network devices managed by the DNA

Center. The Design section allows you to create a hierarchical

design of the network with a graphical map. The Policy section

allows you to create policies based upon applications, traffic,

and IP-based access control lists (ACLs), just to name a few. The

Platform section allows you to perform upgrades and search the

API catalog.

52. B.  Plug and Play (PnP) is a feature inside of the Cisco DNA

Center that allows you to onboard network devices and apply

standard configuration such as DNS servers, NTP servers, and

AAA servers, just to name a few. IP-based access control allows

us to create a policy based upon access control lists (ACLs).

Group-based access control allows us to use group information

populated from the Cisco Identity Services Engine (ISE) to

create policies based upon user groups. Assurance is a section in

the Cisco DNA Center that allows us to view the health of the

network.

53. A.  Under the Provision section, you can click on the hierarchy

item that contains the site; then you will select the topology icon

in the result pane. This will allow you to view how everything is

connected at a particular site. The Assurance section of the Cisco

DNA Center allows you to see the overall health of network

devices managed by the DNA Center. The Platform section

allows you to perform upgrades and search the API catalog. The

Policy section allows you to create policies based upon

applications, traffic, and IP-based access control lists (ACLs),

just to name a few.

54. C.  The easiest method for adding an OSPF area to a group of

routers is using the DNA Command Runner tool. With this tool,

you can execute a command on a group of devices. IP-based

access control allows you to create policies based upon an IP-

based access control list. Although Python can be used to add an

OSPF area to a group of routers, it is harder to accomplish the

task using Python than it is using DNA Command Runner. The

Inventory section allows you to see the modules installed in a

router or switch, as well as the firmware and IOS versions

installed.

55. A.  The Provision section allows you to view and edit the

discovered inventory of network devices. The Policy section

allows you to create policies based upon applications, traffic,

and IP-based access control lists (ACLs), just to name a few. The

Design section allows you to create a hierarchical design of the

network with a graphical map. The Assurance section of the

Cisco DNA Center allows you to see the overall health of network

devices managed by the DNA Center.

56. D.  You can see the details of an API for the Cisco DNA Center by

using the Platform section, then clicking Developer Toolkit and

then APIs in the drop-down. The Design section allows you to

create a hierarchical design of the network with a graphical map.

The Policy section allows you to create policies based upon

applications, traffic, and IP-based access control lists (ACLs),

just to name a few. The Provision section allows you to apply

configurations to network devices, such as DNS servers, AAA

servers, or NTP servers, just to name a few.

57. B.  The Cisco feature Software Defined-Access (SD-Access) is an

automated Plug and Play (PnP) solution that automates the

underlay and overlay of the fabric. Easy-QOS was a feature in

the original Application Policy Infrastructure Controller-

Enterprise Module (APIC-EM); it has since been renamed

Application Policies in Cisco DNA Center. The System 360

feature inside of Cisco DNA Center allows you to view all of the

settings and health of the controller. The Cisco Identity Services

Engine (ISE) is a product that integrates with Cisco DNA Center

to provide information about security groups and identity of

security principals.

58. C.  Cisco DNA Center cannot provide device configuration

backups; that function still requires Cisco Prime Infrastructure

(CPI). Cisco DNA Center can perform client coverage heat maps,

client triangulation, and application health reports.

59. D.  In order for network discovery to find new network devices,

you must configure a command-line interface (CLI) of SSH or

Telnet and Simple Network Management Protocol (SNMP).

Logging is not required for network discovery.

60. B.  Representational state transfer (REST) APIs normally utilize

HyperText Transfer Protocol (HTTP) for moving data. It

performs this via a get URI and it receives a response in XML,

JSON, or another data transfer language. Although you can

encrypt the HTTP traffic with SSL (HTTPS), its core language is

still HTTP. Simple Network Management Protocol (SNMP) and

Simple Network Time Protocol (SNTP) are not used with REST

APIs. Simple Object Access Protocol (SOAP) is considered an

alternate technology to REST for API access.

61. B.  You will authenticate with Cisco DNA Center by sending a

POST request to the API for an authentication token. You can

then use the authentication token for all subsequent requests to

Cisco DNA Center. You will not pass the username and

password; the username and password must be encoded in

Base64 to obtain the authentication token. The

dna/system/api/v1/auth/token

 API requires a POST request to

obtain the authentication token, not a GET request. The Cisco

DNA Center does not use public-private key pairs for API

authentication.

62. D.  The CREATE, READ, UPDATE, DELETE (CRUD)

framework describes the various actions that can be performed

on data via the REST-based API. Although CRUD sounds like it

might clean up memory, it has nothing to do with memory

cleanup. It works in conjunction with REST-based APIs as a

framework for the manipulation of data. The Base64 algorithm

is used for data encoding, when it is needed.

63. A.  Basic authentication is used for token requests with the Cisco

DNA Center. Active Directory (AD) integrated authentication

and pass-through authentication are Microsoft-only types of

authentication, and the Cisco DNA Center does not support

them. Secure Sockets Layer (SSL) is a method of encryption for

authentication requests, but it is not an authentication method.

64. B.  After the initial POST to obtain the authentication token, it

should be placed in the header of subsequent requests as an X-

Auth-Token element. You will most likely use a variable to store

the token, but a variable by itself is not enough to authenticate

subsequent requests. The token is not passed in the URI of

subsequent requests. Although performing a POST within 10

seconds of the subsequent request is a good idea, if the token is

not placed in the header, it will not authenticate you.

65. C.  When you process the POST to obtain the X-Auth-Token

from the Cisco DNA Center, you will pass the username and

password encoded in Base 64 encoding. Although you will

request the X-Auth-Token over Secure Sockets Layer (SSL), it is

an encryption protocol and not an encoding method.

Authentication, authorization, and accounting (AAA) services

are a means for authentication and often used with 802.1X; AAA

is not an encoding method. When you request an X-Auth-Token,

you will request it via basic authentication; this is a HyperText

Transfer Protocol (HTTP) method of submitting the username

and password and not an encoding method.

66. B.  You will perform this task using the RESTCONF protocol.

RESTCONF will encapsulate the YANG data model containing

the configuration in a RESTCONF transport protocol. OpenFlow

is used with the OpenDayLight Protocol and not commonly used

with Cisco switches. The Simple Network Management Protocol

(SNMP) does not support the YANG data model. A REST-based

API is another API style that switches do not support directly,

but Cisco DNA Center does.

67. A.  When a request is made with RESTCONF, the data is sent via

the HyperText Transfer Protocol (HTTP) using the

Multipurpose Internet Mail Extensions (MIME) content type of

application/yang-data+json. This MIME type is used because

the request is interfacing with an application and the data is

encapsulated inside of the Yet Another Next Generation (YANG)

data model in the form of JavaScript Object Notation (JSON).

68. D.  The most likely course of action is to restart the REST-based

service, since a 500 status code means that there is an internal

server error. If a 400 status code was returned, it would most

likely be the formatting of your request. If a 403 status code was

returned, it would suggest that you have not authenticated to the

software-defined network (SDN) controller or you are not

authorized to access the API. A 200 status code means that

everything was successful and the request is OK.

69. D.  RESTCONF requests are used outbound to network devices

on the southbound interface (SBI) of Cisco DNA Center. REST-

based APIs are accessible via the northbound interface (NBI) of

the Cisco DNA Center so that programmability can be achieved.

The eastbound interface is used for events and notification on

the Cisco DNA Center controller. The westbound interface is

used for integration with third-party management products.

70. A.  The status code is passed back to the client via the HyperText

Transfer Protocol (HTTP) header. Web-based browsers do not

show HTTP headers, and this is why using a tool such as

Postman is recommended. The HTTP body is where the

returned data of the request can be found. Script variables are

used internally by the script so that data can be loaded into the

variable and passed to other procedures within the script. Script

data objects are also used internally by the script to load and

pass complex data structures called objects.

71. A.  A status code of 201 means that the item has been created;

normally only a POST command can create a data item. A GET

HyperText Transfer Protocol (HTTP) verb will read an item and

return a 200 status code. A PATCH HTTP verb will update an

existing item and return a 200 status code. A DELETE HTTP

verb will delete an item and return a 200 status code.

72. C.  The question mark signifies the starting point for a series of

request query parameters in a Uniform Resource Identifier

(URI) string. For example, the URI string might look something

like this: 

https://server/path/api?para1=test1¶2=test2

.

The backslash is not used in a URI. The forward slash helps

delimit the various components of a URI. The ampersand

delimits the various request query parameters if there is more

than one.

73. C.  The HyperText Transfer Protocol (HTTP) action verb POST

will insert or create a data item when referencing an application

programming interface (API). The HTTP action verb GET will

read data from an API. The HTTP action verb UPDATE is not a

valid verb; therefore, this is an invalid answer. The HTTP action

verb PUT will only replace or update a data item; it will not

insert a data item.

74. B.  A status code of 504 means that the command that was sent

to the server did not return in a timely fashion and timed out. A

status code of 400 would depict that the command is missing

parameters. If a command is restricted for the authentication

supplied, a status code of 403 would be returned. If a service is

down or improperly responding, a status code of 500 would be

returned.

75. B.  Ansible, Chef, and Puppet are configuration management

tools. They operate by applying specific configurations to server

or network devices. A network management station (NMS) is

typically used with the Simple Network Management Protocol

(SNMP) to centralize polling of SNMP counters and allow for

devices to send alerts. Software-defined networking (SDN) is a

method of centralizing the control and management planes of a

network so that the network device can focus on the data plane.

Centralized logging is used with syslog so that all logs can be

sent to a centralized area for analysis.

76. A.  Ansible uses the YAML format to store configuration. The

Cisco DNA Center stores configuration internally inside of its

database, but many things are exportable via JavaScript Object

Notation (JSON). Chef and Puppet both use Embedded Ruby

(ERB) templates to store configuration.

77. C.  The Inventory component defines the various hosts and their

connection information in an Ansible setup. The Playbook

component defines the script to execute to perform the

configuration management. The 

ansible.cfg

 file controls the

settings for the Ansible server. The Modules component allows

Ansible to connect to and understand various systems.

78. A.  Ansible does not require an agent to apply changes to a

Linux-based server or other network device. It uses Secure Shell

(SSH) TCP port 22 to apply the configuration. Puppet and Chef

both require agents to be installed on the managed hosts.

Although Cisco DNA Center is installed on top of a Linux

distribution, Cisco DNA Center does not support Linux servers;

it is primarily used for the management of Cisco devices. You

could certainly create an extensible package to send commands

to a Linux box through an SNMP agent, but currently it would

need to be developed. Ansible supports Linux-based servers

without an agent and without any development for

communications.

79. A.  The Manifest component of Puppet contains the

configuration for the managed hosts. The Agent component of

Puppet is used to apply the configuration from the master

server. The Class component is used to organize the

configuration inside of the Manifest. The Module component is

similar to a Class with the exception that it is used to organize

and create tasks for the Manifest component.

80. C.  The Recipe component of Chef contains the set of

instructions that are carried out to configure a server. The

Recipes are collected into the Cookbook component so that the

task can be organized and applied to hosts. The Crock Pot

component does not exist inside of Chef; therefore, it is an

invalid answer. The Chef Node component is a host that is

managed by a Chef Server component.

81. C.  The Ohai component is the second of two parts installed on

the Chef Node; the first part is the Chef-Client component. Ohai

is responsible for monitoring system state information and

reporting back to the Chef Server component. If Ohai detects

that an attribute of the system state is out of compliance, the

system state for that component will be reapplied. The Chef

Workstation command-line interface (CLI) component is called

the Knife and interacts with the Chef Server to configure tasks

when you are creating a Cookbook.

82. B.  The variable 

ANSIBLE_CONFIG

 is used to determine the location

of the Ansible setting file named 

ansible.cfg

. The variable

ANSIBLE_SETTINGS

 is not used with Ansible and therefore option

A is an invalid answer. The 

ansible_connection

 variable is used

inside of the Inventory file to explain to Ansible how to connect

to a remote system. The file 

/etc/ansible/hosts

 is not a

variable; it specifies the various target nodes, also called the

Inventory.

83. D.  The command 

ansible-doc

 will give you detailed information

on Ansible modules. The command is followed by the module

name to give specific information on a particular module. For

example, 

ansible-doc ios_vlan

 will display all of the

configuration for VLANs on Cisco IOS. The 

man

 command will

give Linux/Unix manual information of the command of

ansible-doc

, but not the individual modules. The 

cat

 command

is short for concatenate; it allows you to display or create the

contents of a file. Ad-hoc is not a command; it is a configuration

mode in which you can test commands before they are run

network wide.

84. C.  The Ad-hoc interface allows you to try commands against a

host without making a Playbook. The Knife interface is a

command-line interface (CLI) for the Chef configuration

management utility. The 

ansible_playbook

 command is used to

execute an Ansible playbook. Ansible Tower is a paid version of

Ansible supported by Red Hat that adds central management.

85. D.  In the Puppet configuration management utility, the term

Facts describes global variables that contain information that is

specific to Puppet. One example of a global variable is the IP

address of the Puppet system. A Resource declares a task to be

executed and how the task should be executed. The Class

component is used to organize the configuration inside of the

Manifest. The Module component is similar to a Class with the

exception that it is used to organize and create tasks for the

Manifest component.

86. A.  Once you have completed a Cookbook for Chef, you will

upload the Cookbook to the Bookshelf located on the Chef

Server. This will allow the Chef Server to execute the

configuration management contained within the Cookbook. The

Chef Workstation is where you manage the Chef Server. The

Chef Node is the computer that is controlled by the Chef Server.

The Chef Node has the Chef-Client installed, which calls back to

the Chef Server for configuration management instructions.

87. A.  Ansible Tower is a paid version of Ansible supported by Red

Hat that adds central management. Ansible Tower also allows

for role-based access control (RBAC) for the execution of

Playbooks. The addition of RBAC adds greater security to

Ansible while allowing users a specific role to administer their

responsibilities inside of Ansible. All of the other options are

incorrect.

88. A.   The Ansible configuration management utility allows for

easy configuration of Cisco network devices because it has many

modules dedicated to Cisco IOS. Ansible also does not require

the installation of an agent, which Puppet and Chef require.

Python can be used for configuration management, but it will

not allow for periodic checks to make sure that the configuration

does not drift.

89. C.  The Knife utility is a command-line interface (CLI) that

allows for the management of Chef. The storage of the Bookshelf

is contained on the Chef Server. The configuration of Chef is also

contained on the Chef Server. The Client-side agent has two

parts: Ohai, which checks the current system state of the Chef

Node, and the Chef Agent, which talks directly to the Chef Server

for execution tasks.

90. C.  Configuration management uses Infrastructure as Code (IaC)

to prevent drift with the applied theory of Idempotence.

Idempotence states that only required changes will be applied to

servers that fall outside of the desired system state.

Infrastructure as a Service (IaaS) is a cloud model that defines

components that can be purchased for a period, such as virtual

router, switches, and virtual machines (VMs), just to name a

few. Configuration management can install the Network Time

Protocol (NTP) so time does not drift, but NTP will not prevent

configuration drift. Configuration management software does

not always require per-host licensing. Most configuration

management utilities offer a community edition that is free; if

you want enterprise features, you can then purchase licensing

from the parent company.

91. C.  Ansible is the easiest configuration management utility to set

up as well as use. Chef and Puppet are a bit more involved to set

up because they require clients to be installed on the hosts being

managed. Cisco DNA Center is not a configuration management

utility outside of Cisco devices; therefore, option D is an invalid

answer.

92. C.  Ansible is installed with a number of modules compiled

already. However, if you want to make custom modules, they

must be created in JSON format. All of the other options are

incorrect.

93. D.  JavaScript Object Notation (JSON) always starts with a curly

bracket, sometimes called a brace. If the file starts with three

dashes, the file is most likely YAML. A square bracket is found

inside of JSON files when more than one key-value pair exists. A

double quote is often found at the beginning of each line in a

comma-separated values (CSV) file.

94. B.  When a square bracket is in place of a value inside a

JavaScript Object Notation (JSON) file, it means there is a series

of key-value pairs for the initial value. These key-value pairs are

often called collections. All of the other options are incorrect.

95. C.  There is a missing curly bracket that ends the address value.

The capitalization of Fa0/1 is fine because it is within double

quotes, so therefore it is read literally. The address does not

need to have square brackets unless there will be more than one

address.

96. D.  JavaScript Object Notation (JSON) allows for a hierarchical

structure that allows for programmability; this is somewhat

similar to Extensible Markup Language (XML). Both JSON and

comma-separated values (CSV) can contain spaces, because the

values are enclosed within double quotes. Both JSON and CSV

can have multiple values for a particular key. Only CSV can be

read line by line; JSON files must be read in their entirety.

97. A.  Cisco DNA Center will return REST-based requests in

JavaScript Object Notation (JSON) format. All of the other

options are incorrect.

98. B.  The collection of routes contains two individual route

statements that are named route (singular). All collections must

be contained within square brackets, also called braces. All of

the other options are incorrect.

99. D.  Nothing is wrong with the exhibit. The IP address is defined

as a collection of IP addresses using the JSON tag of 

ipaddress

.

Although for completeness a second subnet mask should be

stated in the JSON data, it may be in the proper format that is

expected. The last comma is not needed in JSON files, as it

defines the end of the hierarchy. The underscore in a JSON key

or value data is not considered an illegal character.

100. B.  The JavaScript Object Notation (JSON) data is incorrect

because it is missing a closing square bracket after the IP

addresses. The last comma is not needed in JSON files, as it

defines the end of the hierarchy. The underscore in a JSON key

or value data is not considered an illegal character.

Download 10,86 Mb.

Do'stlaringiz bilan baham: