Switch plane is not a term normally used to describe data types;
therefore, option D is an invalid answer.
34. C. The management plane is any mechanism that helps in the
management of a router or switch. Some of the common
mechanisms are SSH and Telnet. However, any mechanism that
the router uses for management is considered part of the
management plane. The control plane refers to any mechanism
that controls the data plane. The data plane is responsible for
switching and routing data. Any data that is destined for
endpoints is switched or routed on the data plane. Switch plane
is not a term normally used to describe data types; therefore,
option D is an invalid answer.
35. A. The data plane is responsible for switching and routing data.
Any data that is destined for endpoints is switched or routed on
the data plane. For example, when one computer pings another,
the ping is switched and routed on the data plane. The control
plane refers to any mechanism that controls the data plane. The
management plane is any mechanism that helps in the
management of a router or switch. Switch plane is not a term
normally used to describe data types; therefore, option C is an
invalid answer.
36. B. Routing protocols such as OSPF and EIGRP would perform
their function on the control plane since they are controlling the
routing of the data plane. The data plane is responsible for
switching and routing data. Any data that is destined for
endpoints is switched or routed on the data plane. For example,
when one computer pings another, the ping is switched and
routed on the data plane. The management plane is any
mechanism that helps in the management of a router or switch.
Routing plane is not a term normally used to describe data
types; therefore, option D is an invalid answer.
37. D. The Cisco Discovery Protocol (CDP) functions on the
management plane of the SDN model. It helps with
management of the routers and switches and does not directly
impact the data plane. The data plane is responsible for
switching and routing data. Any data that is destined for
endpoints is switched or routed on the data plane. Network
plane is not a term normally used to describe data types;
therefore, option C is an invalid answer. The management plane
is any mechanism that helps in the management of a router or
switch.
38. B. The southbound interface (SBI) directly communicates with
the SDN devices. This control is done via several different types
of SBI protocols, such as OpenFlow, OpFlex, and CLI
(Telnet/SSH). The northbound interface (NBI) is responsible for
allowing communication between applications and the core of
the controller. The core of the controller is the mechanism that
connects the NBI to the SBI. Applications hosted on the
controller interface with the NBI.
39. C. An application program interface (API) is a method the
programmer has created to allow other programs to
communicate with their program. The interprogrammability is
required when another program wants to share data with the
API. Although an API allows data transfer, it is not a program
specifically written for the transfer of data. An API is used for
network programmability, but it is not a language for network
programmability. An API does not allow for a program to be
virtualized.
40. C. The northbound interface (NBI) is responsible for allowing
communication between applications and the core of the
controller. Applications therefore directly communicate with the
core through the northbound interface. The southbound
interface (SBI) directly communicates with the SDN devices.
The core of the controller is the mechanism that connects the
NBI to the SBI. The Simple Network Management Protocol
(SNMP) is used for the monitoring and collection of device
metrics.
41. B. The data plane is responsible for the routing of packets to
specific destinations. The control plane would be responsible for
the management of the routes for the functional routing of
packets. The management plane would be responsible for the
management of all functions of the router. There is no plane
called the routing plane; therefore, option D is an invalid
answer.
42. B. The maximum hop count on fabric switching is a total of 3
hops. When a host transmits, it will enter a Leaf switch; the Leaf
switch will then forward traffic to the Spine switch. The Spine
switch will in turn forward traffic to the corresponding Leaf
switch and to the destination host. Of course, traffic could be 1
hop away, if both hosts are on the same Leaf switch. However,
the maximum hop count is 3 hops.
43. D. The underlay is where you will set the maximum
transmission unit (MTU). The overlay is where the tunnel or
virtual circuit is built using the underlay as the transport. A Leaf
switch is a part of the software-defined network (SDN), along
with the Spine switch; both need to have the same MTU set.
44. D. When you configure access control lists (ACLs) through any
interface, you are affecting the control plane. This is because you
are controlling the flow of data with the ACL. You are accessing
the router through the management plane when you are
connected to either the web interface or the command-line
interface (CLI). The data plane is what you are controlling with
the control plane. The data plane is the actual flow of
information.
45. A. Dynamic Multipoint Virtual Private Network (DMVPN) is a
wide area network (WAN) technology that allows for virtual
private networks (VPNs) to be created using the overlay of
software-defined networking (SDN). Virtual Extensible LAN
(VXLAN) is used to transport virtual local area network (VLAN)
traffic over routed connections. Equal-cost multi-path routing
(ECMP) is used by Leaf and Spine switches to provide a next-
hop packet forwarding decision.
46. C. The Virtual Extensible LAN (VXLAN) protocol is used to
create layer 2 tunnels over a layer 3 network. The VXLAN
protocol functions by encapsulating layer 2 traffic inside of a
layer 3 packet. The Equal Cost Load Balancing Protocol (ECMP)
is used by Leaf and Spine switches to provide next-hop packet
forwarding decisions. Dynamic Multipoint Virtual Private
Network (DMVPN) is a point-to-multipoint VPN technology
used for layer 3 connectivity over a wide area network (WAN)
connection. The Enhanced Interior Gateway Routing Protocol
(EIGRP) is a Cisco proprietary layer 3 routing protocol.
47. A. The Simple Network Management Protocol (SNMP) is a
protocol used on the management plane. SNMP is used for the
management of routers and switches because it can be writeable
and allow for configuration. The Cisco Discovery Protocol (CDP)
is a control protocol because it communicates port properties via
layer 2 frames, such as power requirements. The Internet
Control Message Protocol (ICMP) is a control protocol, because
it is used to send control messages back to the originating
device. The VLAN Trunking Protocol (VTP) is used to
communicate the control information of VLANs to other
participating switches.
48. A. The equal-cost multi-path routing (ECMP) packet forwarding
protocol is used to calculate next-hop forwarding with SDN
switching networks. The Open Shortest Path First (OSPF)
protocol is a layer 3 routing protocol and not used with SDN
switching networks. The Multiprotocol Label Switching Protocol
(MPLS) is a protocol used with MPLS wide area network (WAN)
providers and not used with SDN switching networks. The CLOS
network is also known as a Leaf/Spine network, but it is the
topology and not a next-hop packet forwarding protocol.
49. C. The Cisco DNA Center is Cisco’s next-generation software-
defined network (SDN) controller; it replaces Cisco’s
Application Policy Infrastructure Controller - Enterprise Module
(APIC-EM) platform. OpenFlow is a protocol used to configure
software-defined networks. Cisco Prime Infrastructure (CPI) is a
network management software suite, but it does not provide
SDN functionality. Cisco Software Defined - Wide Area Network
(SD-WAN) is an SDN controller for building WAN connections.
50. D. After the Cisco Digital Network Architecture (Cisco DNA)
discovery process has found a device, it will use SSH, Telnet,
SNMPv2, SNMPv3, HTTP, HTTPS, and NETCONF. The
discovery process will not use OpenFlow, since this is a
configuration protocol that is mainly used by open platforms.
51. C. The Assurance section of the Cisco DNA Center allows you to
see the overall health of network devices managed by the DNA
Center. The Design section allows you to create a hierarchical
design of the network with a graphical map. The Policy section
allows you to create policies based upon applications, traffic,
and IP-based access control lists (ACLs), just to name a few. The
Platform section allows you to perform upgrades and search the
API catalog.
52. B. Plug and Play (PnP) is a feature inside of the Cisco DNA
Center that allows you to onboard network devices and apply
standard configuration such as DNS servers, NTP servers, and
AAA servers, just to name a few. IP-based access control allows
us to create a policy based upon access control lists (ACLs).
Group-based access control allows us to use group information
populated from the Cisco Identity Services Engine (ISE) to
create policies based upon user groups. Assurance is a section in
the Cisco DNA Center that allows us to view the health of the
network.
53. A. Under the Provision section, you can click on the hierarchy
item that contains the site; then you will select the topology icon
in the result pane. This will allow you to view how everything is
connected at a particular site. The Assurance section of the Cisco
DNA Center allows you to see the overall health of network
devices managed by the DNA Center. The Platform section
allows you to perform upgrades and search the API catalog. The
Policy section allows you to create policies based upon
applications, traffic, and IP-based access control lists (ACLs),
just to name a few.
54. C. The easiest method for adding an OSPF area to a group of
routers is using the DNA Command Runner tool. With this tool,
you can execute a command on a group of devices. IP-based
access control allows you to create policies based upon an IP-
based access control list. Although Python can be used to add an
OSPF area to a group of routers, it is harder to accomplish the
task using Python than it is using DNA Command Runner. The
Inventory section allows you to see the modules installed in a
router or switch, as well as the firmware and IOS versions
installed.
55. A. The Provision section allows you to view and edit the
discovered inventory of network devices. The Policy section
allows you to create policies based upon applications, traffic,
and IP-based access control lists (ACLs), just to name a few. The
Design section allows you to create a hierarchical design of the
network with a graphical map. The Assurance section of the
Cisco DNA Center allows you to see the overall health of network
devices managed by the DNA Center.
56. D. You can see the details of an API for the Cisco DNA Center by
using the Platform section, then clicking Developer Toolkit and
then APIs in the drop-down. The Design section allows you to
create a hierarchical design of the network with a graphical map.
The Policy section allows you to create policies based upon
applications, traffic, and IP-based access control lists (ACLs),
just to name a few. The Provision section allows you to apply
configurations to network devices, such as DNS servers, AAA
servers, or NTP servers, just to name a few.
57. B. The Cisco feature Software Defined-Access (SD-Access) is an
automated Plug and Play (PnP) solution that automates the
underlay and overlay of the fabric. Easy-QOS was a feature in
the original Application Policy Infrastructure Controller-
Enterprise Module (APIC-EM); it has since been renamed
Application Policies in Cisco DNA Center. The System 360
feature inside of Cisco DNA Center allows you to view all of the
settings and health of the controller. The Cisco Identity Services
Engine (ISE) is a product that integrates with Cisco DNA Center
to provide information about security groups and identity of
security principals.
58. C. Cisco DNA Center cannot provide device configuration
backups; that function still requires Cisco Prime Infrastructure
(CPI). Cisco DNA Center can perform client coverage heat maps,
client triangulation, and application health reports.
59. D. In order for network discovery to find new network devices,
you must configure a command-line interface (CLI) of SSH or
Telnet and Simple Network Management Protocol (SNMP).
Logging is not required for network discovery.
60. B. Representational state transfer (REST) APIs normally utilize
HyperText Transfer Protocol (HTTP) for moving data. It
performs this via a get URI and it receives a response in XML,
JSON, or another data transfer language. Although you can
encrypt the HTTP traffic with SSL (HTTPS), its core language is
still HTTP. Simple Network Management Protocol (SNMP) and
Simple Network Time Protocol (SNTP) are not used with REST
APIs. Simple Object Access Protocol (SOAP) is considered an
alternate technology to REST for API access.
61. B. You will authenticate with Cisco DNA Center by sending a
POST request to the API for an authentication token. You can
then use the authentication token for all subsequent requests to
Cisco DNA Center. You will not pass the username and
password; the username and password must be encoded in
Base64 to obtain the authentication token. The
dna/system/api/v1/auth/token
API requires a POST request to
obtain the authentication token, not a GET request. The Cisco
DNA Center does not use public-private key pairs for API
authentication.
62. D. The CREATE, READ, UPDATE, DELETE (CRUD)
framework describes the various actions that can be performed
on data via the REST-based API. Although CRUD sounds like it
might clean up memory, it has nothing to do with memory
cleanup. It works in conjunction with REST-based APIs as a
framework for the manipulation of data. The Base64 algorithm
is used for data encoding, when it is needed.
63. A. Basic authentication is used for token requests with the Cisco
DNA Center. Active Directory (AD) integrated authentication
and pass-through authentication are Microsoft-only types of
authentication, and the Cisco DNA Center does not support
them. Secure Sockets Layer (SSL) is a method of encryption for
authentication requests, but it is not an authentication method.
64. B. After the initial POST to obtain the authentication token, it
should be placed in the header of subsequent requests as an X-
Auth-Token element. You will most likely use a variable to store
the token, but a variable by itself is not enough to authenticate
subsequent requests. The token is not passed in the URI of
subsequent requests. Although performing a POST within 10
seconds of the subsequent request is a good idea, if the token is
not placed in the header, it will not authenticate you.
65. C. When you process the POST to obtain the X-Auth-Token
from the Cisco DNA Center, you will pass the username and
password encoded in Base 64 encoding. Although you will
request the X-Auth-Token over Secure Sockets Layer (SSL), it is
an encryption protocol and not an encoding method.
Authentication, authorization, and accounting (AAA) services
are a means for authentication and often used with 802.1X; AAA
is not an encoding method. When you request an X-Auth-Token,
you will request it via basic authentication; this is a HyperText
Transfer Protocol (HTTP) method of submitting the username
and password and not an encoding method.
66. B. You will perform this task using the RESTCONF protocol.
RESTCONF will encapsulate the YANG data model containing
the configuration in a RESTCONF transport protocol. OpenFlow
is used with the OpenDayLight Protocol and not commonly used
with Cisco switches. The Simple Network Management Protocol
(SNMP) does not support the YANG data model. A REST-based
API is another API style that switches do not support directly,
but Cisco DNA Center does.
67. A. When a request is made with RESTCONF, the data is sent via
the HyperText Transfer Protocol (HTTP) using the
Multipurpose Internet Mail Extensions (MIME) content type of
application/yang-data+json. This MIME type is used because
the request is interfacing with an application and the data is
encapsulated inside of the Yet Another Next Generation (YANG)
data model in the form of JavaScript Object Notation (JSON).
68. D. The most likely course of action is to restart the REST-based
service, since a 500 status code means that there is an internal
server error. If a 400 status code was returned, it would most
likely be the formatting of your request. If a 403 status code was
returned, it would suggest that you have not authenticated to the
software-defined network (SDN) controller or you are not
authorized to access the API. A 200 status code means that
everything was successful and the request is OK.
69. D. RESTCONF requests are used outbound to network devices
on the southbound interface (SBI) of Cisco DNA Center. REST-
based APIs are accessible via the northbound interface (NBI) of
the Cisco DNA Center so that programmability can be achieved.
The eastbound interface is used for events and notification on
the Cisco DNA Center controller. The westbound interface is
used for integration with third-party management products.
70. A. The status code is passed back to the client via the HyperText
Transfer Protocol (HTTP) header. Web-based browsers do not
show HTTP headers, and this is why using a tool such as
Postman is recommended. The HTTP body is where the
returned data of the request can be found. Script variables are
used internally by the script so that data can be loaded into the
variable and passed to other procedures within the script. Script
data objects are also used internally by the script to load and
pass complex data structures called objects.
71. A. A status code of 201 means that the item has been created;
normally only a POST command can create a data item. A GET
HyperText Transfer Protocol (HTTP) verb will read an item and
return a 200 status code. A PATCH HTTP verb will update an
existing item and return a 200 status code. A DELETE HTTP
verb will delete an item and return a 200 status code.
72. C. The question mark signifies the starting point for a series of
request query parameters in a Uniform Resource Identifier
(URI) string. For example, the URI string might look something
like this:
https://server/path/api?para1=test1¶2=test2
.
The backslash is not used in a URI. The forward slash helps
delimit the various components of a URI. The ampersand
delimits the various request query parameters if there is more
than one.
73. C. The HyperText Transfer Protocol (HTTP) action verb POST
will insert or create a data item when referencing an application
programming interface (API). The HTTP action verb GET will
read data from an API. The HTTP action verb UPDATE is not a
valid verb; therefore, this is an invalid answer. The HTTP action
verb PUT will only replace or update a data item; it will not
insert a data item.
74. B. A status code of 504 means that the command that was sent
to the server did not return in a timely fashion and timed out. A
status code of 400 would depict that the command is missing
parameters. If a command is restricted for the authentication
supplied, a status code of 403 would be returned. If a service is
down or improperly responding, a status code of 500 would be
returned.
75. B. Ansible, Chef, and Puppet are configuration management
tools. They operate by applying specific configurations to server
or network devices. A network management station (NMS) is
typically used with the Simple Network Management Protocol
(SNMP) to centralize polling of SNMP counters and allow for
devices to send alerts. Software-defined networking (SDN) is a
method of centralizing the control and management planes of a
network so that the network device can focus on the data plane.
Centralized logging is used with syslog so that all logs can be
sent to a centralized area for analysis.
76. A. Ansible uses the YAML format to store configuration. The
Cisco DNA Center stores configuration internally inside of its
database, but many things are exportable via JavaScript Object
Notation (JSON). Chef and Puppet both use Embedded Ruby
(ERB) templates to store configuration.
77. C. The Inventory component defines the various hosts and their
connection information in an Ansible setup. The Playbook
component defines the script to execute to perform the
configuration management. The
ansible.cfg
file controls the
settings for the Ansible server. The Modules component allows
Ansible to connect to and understand various systems.
78. A. Ansible does not require an agent to apply changes to a
Linux-based server or other network device. It uses Secure Shell
(SSH) TCP port 22 to apply the configuration. Puppet and Chef
both require agents to be installed on the managed hosts.
Although Cisco DNA Center is installed on top of a Linux
distribution, Cisco DNA Center does not support Linux servers;
it is primarily used for the management of Cisco devices. You
could certainly create an extensible package to send commands
to a Linux box through an SNMP agent, but currently it would
need to be developed. Ansible supports Linux-based servers
without an agent and without any development for
communications.
79. A. The Manifest component of Puppet contains the
configuration for the managed hosts. The Agent component of
Puppet is used to apply the configuration from the master
server. The Class component is used to organize the
configuration inside of the Manifest. The Module component is
similar to a Class with the exception that it is used to organize
and create tasks for the Manifest component.
80. C. The Recipe component of Chef contains the set of
instructions that are carried out to configure a server. The
Recipes are collected into the Cookbook component so that the
task can be organized and applied to hosts. The Crock Pot
component does not exist inside of Chef; therefore, it is an
invalid answer. The Chef Node component is a host that is
managed by a Chef Server component.
81. C. The Ohai component is the second of two parts installed on
the Chef Node; the first part is the Chef-Client component. Ohai
is responsible for monitoring system state information and
reporting back to the Chef Server component. If Ohai detects
that an attribute of the system state is out of compliance, the
system state for that component will be reapplied. The Chef
Workstation command-line interface (CLI) component is called
the Knife and interacts with the Chef Server to configure tasks
when you are creating a Cookbook.
82. B. The variable
ANSIBLE_CONFIG
is used to determine the location
of the Ansible setting file named
ansible.cfg
. The variable
ANSIBLE_SETTINGS
is not used with Ansible and therefore option
A is an invalid answer. The
ansible_connection
variable is used
inside of the Inventory file to explain to Ansible how to connect
to a remote system. The file
/etc/ansible/hosts
is not a
variable; it specifies the various target nodes, also called the
Inventory.
83. D. The command
ansible-doc
will give you detailed information
on Ansible modules. The command is followed by the module
name to give specific information on a particular module. For
example,
ansible-doc ios_vlan
will display all of the
configuration for VLANs on Cisco IOS. The
man
command will
give Linux/Unix manual information of the command of
ansible-doc
, but not the individual modules. The
cat
command
is short for concatenate; it allows you to display or create the
contents of a file. Ad-hoc is not a command; it is a configuration
mode in which you can test commands before they are run
network wide.
84. C. The Ad-hoc interface allows you to try commands against a
host without making a Playbook. The Knife interface is a
command-line interface (CLI) for the Chef configuration
management utility. The
ansible_playbook
command is used to
execute an Ansible playbook. Ansible Tower is a paid version of
Ansible supported by Red Hat that adds central management.
85. D. In the Puppet configuration management utility, the term
Facts describes global variables that contain information that is
specific to Puppet. One example of a global variable is the IP
address of the Puppet system. A Resource declares a task to be
executed and how the task should be executed. The Class
component is used to organize the configuration inside of the
Manifest. The Module component is similar to a Class with the
exception that it is used to organize and create tasks for the
Manifest component.
86. A. Once you have completed a Cookbook for Chef, you will
upload the Cookbook to the Bookshelf located on the Chef
Server. This will allow the Chef Server to execute the
configuration management contained within the Cookbook. The
Chef Workstation is where you manage the Chef Server. The
Chef Node is the computer that is controlled by the Chef Server.
The Chef Node has the Chef-Client installed, which calls back to
the Chef Server for configuration management instructions.
87. A. Ansible Tower is a paid version of Ansible supported by Red
Hat that adds central management. Ansible Tower also allows
for role-based access control (RBAC) for the execution of
Playbooks. The addition of RBAC adds greater security to
Ansible while allowing users a specific role to administer their
responsibilities inside of Ansible. All of the other options are
incorrect.
88. A. The Ansible configuration management utility allows for
easy configuration of Cisco network devices because it has many
modules dedicated to Cisco IOS. Ansible also does not require
the installation of an agent, which Puppet and Chef require.
Python can be used for configuration management, but it will
not allow for periodic checks to make sure that the configuration
does not drift.
89. C. The Knife utility is a command-line interface (CLI) that
allows for the management of Chef. The storage of the Bookshelf
is contained on the Chef Server. The configuration of Chef is also
contained on the Chef Server. The Client-side agent has two
parts: Ohai, which checks the current system state of the Chef
Node, and the Chef Agent, which talks directly to the Chef Server
for execution tasks.
90. C. Configuration management uses Infrastructure as Code (IaC)
to prevent drift with the applied theory of Idempotence.
Idempotence states that only required changes will be applied to
servers that fall outside of the desired system state.
Infrastructure as a Service (IaaS) is a cloud model that defines
components that can be purchased for a period, such as virtual
router, switches, and virtual machines (VMs), just to name a
few. Configuration management can install the Network Time
Protocol (NTP) so time does not drift, but NTP will not prevent
configuration drift. Configuration management software does
not always require per-host licensing. Most configuration
management utilities offer a community edition that is free; if
you want enterprise features, you can then purchase licensing
from the parent company.
91. C. Ansible is the easiest configuration management utility to set
up as well as use. Chef and Puppet are a bit more involved to set
up because they require clients to be installed on the hosts being
managed. Cisco DNA Center is not a configuration management
utility outside of Cisco devices; therefore, option D is an invalid
answer.
92. C. Ansible is installed with a number of modules compiled
already. However, if you want to make custom modules, they
must be created in JSON format. All of the other options are
incorrect.
93. D. JavaScript Object Notation (JSON) always starts with a curly
bracket, sometimes called a brace. If the file starts with three
dashes, the file is most likely YAML. A square bracket is found
inside of JSON files when more than one key-value pair exists. A
double quote is often found at the beginning of each line in a
comma-separated values (CSV) file.
94. B. When a square bracket is in place of a value inside a
JavaScript Object Notation (JSON) file, it means there is a series
of key-value pairs for the initial value. These key-value pairs are
often called collections. All of the other options are incorrect.
95. C. There is a missing curly bracket that ends the address value.
The capitalization of Fa0/1 is fine because it is within double
quotes, so therefore it is read literally. The address does not
need to have square brackets unless there will be more than one
address.
96. D. JavaScript Object Notation (JSON) allows for a hierarchical
structure that allows for programmability; this is somewhat
similar to Extensible Markup Language (XML). Both JSON and
comma-separated values (CSV) can contain spaces, because the
values are enclosed within double quotes. Both JSON and CSV
can have multiple values for a particular key. Only CSV can be
read line by line; JSON files must be read in their entirety.
97. A. Cisco DNA Center will return REST-based requests in
JavaScript Object Notation (JSON) format. All of the other
options are incorrect.
98. B. The collection of routes contains two individual route
statements that are named route (singular). All collections must
be contained within square brackets, also called braces. All of
the other options are incorrect.
99. D. Nothing is wrong with the exhibit. The IP address is defined
as a collection of IP addresses using the JSON tag of
ipaddress
.
Although for completeness a second subnet mask should be
stated in the JSON data, it may be in the proper format that is
expected. The last comma is not needed in JSON files, as it
defines the end of the hierarchy. The underscore in a JSON key
or value data is not considered an illegal character.
100. B. The JavaScript Object Notation (JSON) data is incorrect
because it is missing a closing square bracket after the IP
addresses. The last comma is not needed in JSON files, as it
defines the end of the hierarchy. The underscore in a JSON key
or value data is not considered an illegal character.
Do'stlaringiz bilan baham: |