416
Appendix
■
Answers to Practice Test Questions
93. B. The Cisco License Manager (CLM) can be installed on Windows, Solaris, or Linux.
It allows for discovery of Cisco devices and inventory of Cisco device licenses and
connects to Cisco for access to current and new licenses purchased. The CLM allows for
management of the software activation process through its user interface.
94. A. The Virtual Extensible LAN (VXLAN) protocol is commonly found on the overlay
of a software-defined network (SDN). It allows for the transport of layer 2 frames over
a layer 3 network. The Open Shortest Path First (OSPF) protocol is a layer 3 networking
protocol commonly found on the underlay of SDN. OpenFlow is a protocol that is used
for the programming of network devices from the Southbound interface (SBI) of the SDN
controller. JavaScript Object Notation (JSON) is a data-interchange format used with
many different SDN controllers.
95. C. The Python programming language is commonly used with the Northbound interface
(NBI) of a software-defined network (SDN) controller. The term CLOS describes Spine/
Leaf network switching. The OpenFlow and NETCONF protocols are commonly used
with the Southbound interface (SBI) of an SDN controller for the programming of SDN
devices.
96. A. The Design section allows you to create a hierarchical design of the network with
a graphical map. In addition, the Design section also allows you to specify the default
servers that will be applied after discovery. The Discovery tool is not a major section of
Cisco DNA Center, and it is not used to specify server defaults. The Provision section
allows you to view and edit the discovered inventory of network devices. The Policy
section allows you to create policies based upon applications, traffic, and IP-based access
control lists (ACLs), just to name a few. The Platform section allows you to perform
upgrades and search the API catalog.
97. D. The REST-based HTTP verb PUT is used to update or replace data via the API. The
POST verb is used to create data. The GET verb is used to read data. The UPDATE verb
does not exist within the CREATE, READ, UPDATE, DELETE (CRUD) framework;
therefore, it is an invalid answer.
98. C. A 400 status code from the REST-based service means that it is a bad request. The
data being sent to the REST-based service could be wrong or wrongly formatted. A 200
status code is used to signify that everything is okay and nothing is wrong. A forbidden
request will return a 403 status code. On rare occasions, you may receive a 500 status
code; this signifies that there is an internal server error.
99. A. The Chef configuration management utility uses Ruby as its reference language.
Python is used by Ansible as its reference language. PowerShell is used by Microsoft’s
Desired State Configuration (DSC) as its reference language. YAML is not a reference
language; it’s a mechanism to transfer data and store data in a structured manner.
100. D. A JavaScript Object Notation (JSON) file starts with curly brackets and ends with
curly brackets, also called braces. Inside of the curly brackets, the keys and values are
encapsulated in double quotes. Single quotes are not used for formatting purposes with
JSON. Square brackets can signify that more than one key-value pair exists for a specific
item.
A
A records in DNS, 147
aaa authentication login default group
tacacs+ local command, 188
AAA servers
centralize authentication, 187
ports, 251
remote authentication, 222
router lockout, 188
TACACS+, 242
Telnet, 188
ABRs (area border routers)
example, 126
OSPF, 119–120
access control lists (ACLs)
applications, 177
applying, 167, 177, 181
configuring, 177–180
creating, 167
deny any any rules, 176
extended, 176
GRE tunnels, 251
NAT, 143
packet comparisons, 176
placing, 181–182
ports, 178
processing overhead, 176
ranges, 175–176
removing entries, 178
routers, 232
rule modification, 252
SNMP, 149
source addresses, 176, 179
spoofing protection, 163
SSH, 180
Telnet, 252
traffic classification QoS, 154
access layer
collision domains, 12
hybrid topology, 10
switches, 11
access-list deny command, 178
access-list deny tcp command, 252
access-list deny tcp any host command, 180
access-list deny tcp host command, 179
access-list permit command, 144, 167, 178
access-list permit host command, 232
access-list permit ip any command, 252
access-list permit tcp host command, 180
access mode in port security, 49
access ports, 61
default VLANs, 62
PortFast mode, 75
switch ports, 60, 218
VLAN IDs, 48
WLCs, 80
access switches in link configuration, 76
access violations in port security, 186
ACK flag in three-way-handshake process,
237
acknowledgments
DHCP, 147
TCP, 22
UDP, 22
untrusted ports, 232
ACLs. See access control lists (ACLs)
active mode
LACP, 68
port channels, 68–69
active routers
HSRP, 133–134
link repairs, 248
active virtual forwarders (AVFs), 134
active virtual gateways (AVGs), 134
AD. See administrative distance (AD)
Ad-hoc interface in Ansible, 207
Adaptive Security Appliances (ASAs), 8
Address Resolution Protocol (ARP)
caches, 98
destination addresses, 97
entry ages, 245
MAC addresses, 96
ROAS, 114
switches, 41
TCP/IP packet routing, 106
adjacencies
Frame Relay, 131
hello and dead timers, 127
OSPF, 120
routers, 125
administrative distance (AD)
default routes, 95
directly connected networks, 94
displaying, 95
EIGRP, 94
OSPF, 131, 224
RIP, 93
route statements, 94
routing tables, 93
static routes, 93, 244
administrative domains in IGPs, 103
administrative status, disabled, 83–84
administrative units in OSPF, 118
administratively shut down interfaces, 107
administrator intervention in static routing, 115
ADSL (Asymmetrical Digital Subscriber
Line), 15
Advanced Encryption Standard (AES)
SSH, 82
WPA 2, 190
advertisements
BPDU Guard, 77
CDP, 66
configuring, 104
LLDP, 65
OSPF
link-state, 124–125
wildcard masks, 122–123
RIP, 244
RIPv2
configuring, 225
inspection, 224
intervals, 224
multicasts, 89
routers, 228
AES-CCMP encryption, 189
agents
Ansible, 206
DHCP, 152–153
aging time for MAC addresses, 37–38
AH (Authentication Header) protocol in
IPsec, 231
alternate ports in RSTP, 71
Amazon Web Services (AWS), 15
ANDing subnet masks, 97
ANSIBLE_CONFIG variable, 207
Ansible tool
agents, 206
configuration management, 206, 208
connection information, 206
JSON format, 209
module information, 207
root SSH, 234
settings file, 207
setup ease, 208
YAML and Python, 234
YANG data model, 206
Ansible Tower tool, 208
anti-malware software, 165
antivirus software, 231
anycasts
configuring, 31
IP addresses, 31
AP
local mode, 242
monitor mode, 222, 242
WorkGroup Bridge mode, 222
API references in scripts, 195
Application Centric Infrastructure (ACI),
198
Application Policy Infrastructure
Controller - Enterprise Module
(APIC-EM)
Cisco DNA Center, 201
enterprise connectivity, 199
application program interfaces (APIs)
description, 200
REST. See representational state
transfer (REST) APIs
application/yang-data+json content type,
204
applications, filtering, 177
area border routers (ABRs)
example, 126
OSPF, 119–120
area IDs for routers, 129
areas, OSPF
Cisco DNA Center, 202
configuring, 122
required, 118
routers in, 248
scalability, 121
ARP. See Address Resolution Protocol
(ARP)
Index
418
ASAs (Adaptive Security Appliances) – Cisco Discovery Protocol (CDP)
ASAs (Adaptive Security Appliances), 8
Assurance section in Cisco DNA Center,
202
Asymmetrical Digital Subscriber Line
(ADSL), 15
asymmetrical encryption, 81
authentication
802.1X, 169
AAA servers, 187, 222
Cisco DNA Center, 203–204
EAP-TLS, 231
PPP, 13–14
pre-shared keys, 34
RADIUS, 82, 188
smart cards, 170
SNMP, 148
SSH and Telnet, 158, 168–169
tokens, 164–165
wireless LAN controllers, 9
WPA 3, 189
Authentication Header (AH) protocol in
IPsec, 231
authentication tokens, applying, 204
authenticators in 802.1X, 170
auto-disconnect, disabled, 168
auto-negotiate setting for speed and
duplex, 21
automation
change effect considerations, 253
configuration conflicts, 233
DevOps, 194
fabric, 203
human error reduction, 194
Lean and Agile, 194
monitoring, 194
reason for, 194
scripts. See scripts
static routes, 194
autonomous system boundary router
(ASBRs), 119
autonomous systems for routers, 89
autonomous WAPs
console, 82
independence, 78
star topology, 214
AVFs (active virtual forwarders), 134
AVGs (active virtual gateways), 134
B
backup ports in RSTP, 73
backups
device configuration, 203
FTP servers, 159
Bad mask /24 for address error, 112
bad requests in REST-based API, 254
bandwidth
broadcast domains, 236
collision domains, 236
DNS in cloud, 215
EIGRP, 94
email, 16
FastEthernet, 67
Gigabit Ethernet, 79
OSPF, 95, 121
ROAS, 100
setting, 130
static routing, 108, 114
VMs, 215
bandwidth command, 130
banner login command, 231
banners
configuring, 231
exec, 169
SSH, 158
Base64 encoding, 204
basic authentication in Cisco DNA Center,
204
Bellman-Ford routing algorithm
RIP, 102
route calculations, 225
best routes in EIGRP, 94
BGP (Border Gateway Protocol), 103
binding port numbers, 23
Bluetooth devices
frequency spectrum, 34
interference, 77
Bookshelf in Chef tool, 208
boot system command, 158
booting routers, 158
Border Gateway Protocol (BGP), 103
BPDU Guard
access switch links, 76
advertisements, 77
configuring, 76
edge switches, 77
enabled status, 77
err-disabled state, 242
removing, 76
switches, 75
BPDUs (Bridge Protocol Data Units) for
loops, 69
bridge IDs
PVST+, 73
switches, 72
bridge ports in STP, 72
Bridge Protocol Data Units (BPDUs) for
loops, 69
bridges
CST, 70
default priority, 73
electing, 71
point-to-multipoint, 78
STP, 71–72
switches, 242
broadcast domains
bandwidth, 236
number of, 3
broadcast networks, 121
broadcast storms in STP, 217
broadcasts
DHCP, 29
IP addresses, 26
RIP, 101
subnets, 30
C
cable
nodes, 20
speed, 17
switches, 17
caches
ARP, 98
DNS, 147
campus networks
core layer switches, 11
distribution layers, 198
three-tier model, 12
captive portals for guests, 222
CAPWAP (Control And Provisioning of
Wireless Access Points)
Lightweight AP, 9
tunnels in Local mode, 84
Cat5e cable speed, 17
CBWFQ (Class-Based Weighted Fair
Queuing), 156
CDP. See Cisco Discovery Protocol (CDP)
CE (customer edge) routers, 131
CEF (Cisco Express Forwarding), 97,
246
central management in Ansible Tower,
208
central offices, 215
central remote monitoring of routers and
switches, 197
centralized authentication
AAA server, 187
wireless LAN controllers, 9
centralized switches in star topology, 10
certificates
EAP-TLS authentication, 231
security, 85
WPA2-Enterprise, 189
Challenge Handshake Authentication
Protocol (CHAP), 13
channel-group mode active command,
241
channel-group mode desirable command,
220
channel-group mode passive command,
241
channels in 802.11 wireless, 33
CHAP (Challenge Handshake
Authentication Protocol), 13
Chef tool
configuration management, 206
Cookbook, 208
Knife, 208
node management, 207
Ruby, 254
system state information, 207
CIDR (Classless Inter-Domain Routing),
24
CIR (committed information rate)
Metro Ethernet connections, 237
QoS policing, 156
Cisco Discovery Protocol (CDP)
advertisement interfaces, 66
details, 66
disabling, 64
frame frequency, 64
holddown timers, 64
management plane, 199
native VLAN mismatches, 63
neighboring devices, 64
network mapping, 219, 233
turning off, 64
VoIP phones, 51
Cisco DNA Center – default mode in STP
419
Cisco DNA Center
APIC-EM replacement, 201
Assurance section, 202
automation, 203
basic authentication, 204
configuration templates, 202
Design section, 254
discovery process., 202
IOS upgrades, 234
network discovery, 203
network health, 202
OSPF areas, 202
Platform section, 203
POST requests, 203
Provision section, 202
Python scripts, 203
REST-based API requests, 209
SD-Access, 203
southbound interface, 205
Cisco Express Forwarding (CEF), 97, 246
Cisco License Manager (CLM), 253
Cisco Prime Infrastructure
device configuration backups, 203
SNMP, 197
Class A IP addresses
example, 23
private, 26
Class B IP addresses
example, 23–24
private, 26
Class-Based Weighted Fair Queuing
(CBWFQ), 156
Class C IP addresses, 27
Class D IP addresses, 238
Class of Service field in 802.1Q frames,
155
Classless Inter-Domain Routing (CIDR),
24
classless routing in RIP, 103
clear ip nat translation * command, 143
clear ip ospf command, 124
clear ip ospf process x command, 131
clear line vty command, 169
clear mac-address-table dynamic
command, 239
clear text with line passwords, 169
CLI (command-line interface) for Knife,
208
client SSL/VPN, 175
CLM (Cisco License Manager), 253
clock router settings, 146
clock set command, 146
clock timezone command, 145
cloud service
catalog, 16
DNS, 215
NIST computing criteria, 15
PaaS, 237
collapsed core layer switches in star
topology, 11
collapsed core model
small enterprises, 11
uses, 11
collision domains
access layer, 12
bandwidth, 236
frame collisions, 4
micro-segmentation, 6
number of, 3–5
switches, 4, 6, 214
comma-separated values (CSV) files vs.
JSON, 209
command-line interface (CLI) for Knife,
208
commands
breaking, 247
previously entered, 151
committed information rate (CIR)
Metro Ethernet connections, 237
QoS policing, 156
Common Spanning Tree (CST), 70
community strings in SNMP, 149
compatibility, equipment, 214
complexity of passwords, 170
compute capability in rapid elasticity, 237
compute resources, distributing, 34
configuration backups in Cisco Prime
Infrastructure, 203
configuration management tools, 206
configuration templates in Cisco DNA
Center, 202
conflicts from automation changes, 233
congestion avoidance tools, 156
connect command, 81
connected routes in default routing, 105
connection information in Ansible tool,
206
connection speed of console, 82
connections for Adaptive Security
Appliances, 8
connectivity, layer 3, 228
console
autonomous WAP setup, 82
connection speed, 82
disrupted messages, 251
logging, 151
syslog messages, 152
WAP debugging, 81
contention methods in 802.11, 33
Control And Provisioning of Wireless
Access Points (CAPWAP)
Lightweight AP, 9
tunnels in Local mode, 84
control planes
controller-based networking, 196
routing protocols, 199
SDN, 198
STP, 199
web interfaces, 201
controller-based networking
logically centralized control plane,
196
maturity, 197
SD-WAN, 196
security, 196
Spine/Leaf architecture model, 198
convergence
OSPF, 125
RIPv2, 224
routing tables, 102
STP, 74–75
Cookbook in Chef tool, 208
copy tftp flash command, 158
copy tftp: running-config command, 158
core layer
campus switches, 11
star topology, 10
switching, 10
costs
Metro Ethernet connections, 237
OSPF, 121
ROAS, 113
CPU utilization by routers, 151
CRC checking
frames, 36
switches, 216
CREATE, READ, UPDATE, DELETE
(CRUD) framework, 204
crossover cable
switches, 17
wiring, 18
crypto key generate rsa command, 157,
168
CST (Common Spanning Tree), 70
CSV (comma-separated values) files vs.
JSON, 209
Ctrl+Shift+6 keys, 247
curly brackets ({}) in JSON files, 209, 254
customer edge (CE) routers, 131
D
DAD (Duplicate Address Detection), 216
dashes (-) in YAML, 195
data actions in CRUD framework, 204
data center focused SDN, 198
data integrity for VPNs, 175
data items in HTTP actions, 205
data planes for traffic flow, 199–200
databases for VLANs
configuring, 53
synchronization, 240
DDoS (distributed denial of service), 162
dead timers for adjacencies, 127
debug ip dhcp server packet command,
153
debug ip nat command, 143
debug ip packet command, 247
debug ip rip command, 224
debug ntp packets command, 145
debug standby command, 137
Debugging severity level in syslog facility
logging, 152
debugging WAPs, 81
decapsulating packets, 98
default administrative distance for static
routes, 93
default automatic trunking configuration,
250
default bridge priority in STP, 73
default destination in syslog messages, 152
default encapsulation for serial
connections, 214
default gateways
address relevance, 105
HSRP, 133
IP addresses, 25, 229
default-information originate command,
117, 130
default mode in STP, 71
420
default priority – dynamic VLANs
default priority
HSRP, 132
OSPF, 131
default QoS for WLANs, 243
default routes and routing
administrative distance, 95
connected routes, 105
destination, 95
implementing, 117
IPv6, 105
OSPF, 129–130
propagation in RIPv2, 117
RAM usage, 101
routing tables, 91
static routing, 114
default VLANs
vs. native, 62
switch configuration, 49
delay
description, 250
IP address reachability, 241
switching path, 248
VoIP traffic, 155
deleting VLANs, 46, 49, 55
demarcation points, 18
demilitarized zones (DMZs)
email servers, 236
firewalls, 7, 162
server placement, 8
denial of service attacks, 163
deny any rules, 176
Design section in Cisco DNA Center, 254
designated ports
defined, 72
STP, 73
designated routers (DRs)
displaying, 129
example, 126
OSPF, 120, 131
preventing selection of, 130
selecting, 128–129
designated state in switch ports, 221
destination interfaces, displaying, 239
destination IP addresses
ARP, 97
routing decisions, 96
destination MAC address, 217, 238
destination unreachable messages, 99
destinations, interfaces as, 244
devices
configuration backups, 203
trust boundaries, 230
DevOps, 194
DHCP. See Dynamic Host Configuration
Protocol (DHCP)
DHCPv6
DNS server addresses, 216
IPv6 addresses, 238
router interfaces, 154
SLAAC, 153
stateful, 154
diagnostics in HSRP, 137
Differentiated Services Code Point
(DSCP), 155, 250
Diffusing Update Algorithm (DUAL), 102
Digital Network Architecture (DNA). See
Cisco DNA Center
Digital Subscriber Line (DSL) access
multipliers, 237
Dijkstra routing algorithm, 117
Direct-Sequence Spread Spectrum (DSSS),
33
directly connected networks,
administrative distance, 94
disabled administrative status, 83–84
disabled auto-disconnect, 168
disabled VLANs, 52
disabling
CDP, 64
LLDP advertisements, 65
discarding port mode in RSTP, 74
disconnection
idle time, 169
network admins, 169
discontinuous networks, support for, 225
distance-vector protocols
Bellman-Ford routing algorithm, 102
re-advertising routes, 102
RIP, 99
router limits, 102
routing loops, 102–103
routing table convergence, 102
distributed denial of service (DDoS), 162
distributed process in STP, 69
distribution layer
campus networking model, 198
full mesh topology, 10
partial mesh topology switches, 12
redistribution of routing protocols, 12
switches for redundancy, 11
distribution switches, End of Row, 5
DMVPNs (Dynamic Multipoint VPNs)
hub-and-spoke topology, 13, 174
NHRP, 174
remote offices, 201
DMZs (demilitarized zones)
email servers, 236
firewalls, 7, 162
server placement, 8
DNA Command Runner, 202
DNA (Digital Network Architecture). See
Cisco DNA Center
Domain Name System (DNS)
A records, 147
administrator errors, 32
caches, 147
cloud, 215
hostname queries, 146
NTP, 145
protocols and ports, 249
PTR records, 147
stateless DHCPv6 servers, 216
TTL, 147
UDP, 23
verifying, 33
domain names in DNS resolution, 146
doors, locking, 250
double tagging in native VLANs, 164
drift prevention, 208
dropping
frames, 40
packets, 105
DRs. See designated routers (DRs)
DS1 connection speed, 18
DSCP (Differentiated Services Code
Point), 155, 250
DSL (Digital Subscriber Line) access
multipliers, 237
DSSS (Direct-Sequence Spread Spectrum),
33
DTP (Dynamic Trunking Protocol)
turning off, 58
VLAN hopping, 230
DUAL (Diffusing Update Algorithm), 102
dual-homed systems in EGPs, 103
duplex
auto-negotiate setting, 21
intermittent outages, 20
logon times, 36
mismatches, 19
status, 21
switches, 21, 240
troubleshooting, 19
Duplicate Address Detection (DAD), 216
duplicate IP addresses
DHCP, 148
IPv6 addresses, 216
dynamic access lists, 178
Dynamic Host Configuration Protocol
(DHCP)
acknowledgment messages, 147
broadcasting, 29
DHCPv6. See DHCPv6
down, 153
GIADDR field, 152
IP addresses
acquiring, 147
duplicate, 148
life cycle, 147
leases, 147, 154
Offer packets, 152
rebinding, 154
relay agents, 152–153
routers, 249
servers
active, 152
down, 27
ipconfig /all command, 33
snooping, 164, 232, 252
UDP, 148
Dynamic Multipoint VPNs (DMVPNs)
hub-and-spoke topology, 13, 174
NHRP, 174
remote offices, 201
Dynamic NAT pools, 143
dynamic routing
description, 100
Dijkstra routing algorithm, 117
EIGRP, 94–95
IPv6 addresses, 105
optimized route selection, 101
overhead, 101
RAM storage, 99
reason for, 89
resiliency, 101
route summarization, 115
routing tables, 98
Dynamic Trunking Protocol (DTP)
turning off, 58
VLAN hopping, 230
dynamic VLANs, 47
E-Tree services in hub-and-spoke design – flooding attacks
Do'stlaringiz bilan baham: |