Cisco DevNet Associate
What components go into a YANG model?
Header, Imports and Includes, Type Definitions, Configuration and Operational Data Declarations, Action (RPC) and Notifcation Declarations
How do you tell Git to sync your local repository to the remote repository?
"git push (remotename) (branchname) you can reference a branch name with git push in order to store your files in a separately tracked branch from the main repository. # git push origin master"
What if you make a mistake or want to remove remote tracking of your remote repository?
"git remote rm (name) Again, '#git remote -v' to check"
How do you start a new container?
"docker run ubuntu docker daemon checks local image repo, and if not pulls from DockerHub"
How do you start, stop or remove a container?
"docker start <container> docker stop <container> docker rm <container>"
How do you move branch?
"git checkout [-b] (branchname) The -b argument allows creating the branch and checking it out (switching to it) all at the same time. #git checkout newfeature"
How to you add files to your local repo on your machine?
"git commit [-a] [-m] <""your commit message""> -a option tells Git to add any and all changes you make to your files to the index."
How can you check the differences between the index and your last commit?
"git diff --cached You have to have added first"
How do you sync any changes from the remote repo?
"git pull (remotename) (branchname) Merges with local repo - conflicts are dealt with in the same way as git merge"
How do you remove a directory and all it's contents in Git?
"git rm -r -f folder -r option to remove recursively.- ie all the contents use the -f option to force removal from the index."
How do you build a dockerfile?
"in the directory where you created your Dockerfile, command: docker build -t ""appdev:Dockerfile"" ."
What are some of the popular Cisco modules in Ansible?
"ios_command to send mostly show commands to devices running IOS and IOS XE operating systems ios_config to send configuration commands to IOS and IOS XE devices nxos_command and nxos_config to interact with devices running the NX-OS operating system"
How can you check the DNS IP Address for a TLD?
"nslookup [-option] [name | -] [server] nslookup -type=any stanford.edu"
What two parameters are set to control pagination?
"offset and limit http://myhouse.cisco.com/devices?offset=110&limit=10"
How do you build your own requirements file?
"pip freeze > requirements.txt or pipenv run pip freeze > requirements.txt"
Cisco NSO splits the conguration into 2 layers joined by mapping , what are they?
"service manager component that provides an interface for the administrator to define the services in the network and a device manager component that handles the device configuration"
What type of statement defines a new data type?
"typedef YANG statement typedef percent { type uint16 { range ""0 .. 100""; } Description ""Percentage"":
How do you convert back to XML?
"with unparse (and use pretty=True to make easier to read). >>> print(xmltodict.unparse(xml_dict, pretty=True)) <?xml version=""1.0"" encoding=""utf-8""?>"
What safety feature exists when you convert YAML to Python?
"yaml.load Requires that you add an argument to tell it which loader you want to use. This is a security precaution. with open(""yaml_sample.yaml"") as data: yaml_sample = data.read() yaml_dict = yaml.load(yaml_sample, Loader=yaml.FullLoader)"
In Bash, how do you update a variable?
"you use the export command, allows you to append your additional path to BASH and exists for the duration of the session $ export PATH=$PATH:/Home/chrijack/bin"
How do you remove all inactive containers?
$ docker container prune
How do you list current directory including hidden files?
$ ls -a
How do you Lists permissions and user and group ownership?
$ ls -l
How do you make a new directory called test at /home/username/test
$ mkdir /home/username/test
How do you rename a file called caleb.txt to calebfinal.txt
$ mv caleb.txt calebfinal.txt
How do you run Nmap?
$ nmap -vv www.google.com Use the -vv option as shown in this example to see a more verbose output.
How do you start the Unittest Test Runner?
$ python -m unittest or python3 -m unittest -v (-v for verbose)
How do you force the deletion of the folder test and everything in it?
$ rm -rf test
How do you create a range of empty files called file1.txt to file20.txt?
$ touch file{1..20}.txt
In Bash, how do you display the contents of file1.txt and pipes the output to more to add page breaks?
$cat file1.txt | more
What address is a DHCP Discover message sent to?
(255.255.255.255) with a source address of 0.0.0.0
When was NETCONF defined?
2006 in RFC 4741 and updated in 2011 with RFC 6241 by the IETF under Network Configuration Protocol (NETCONF)
What is an Information API?
An information API allows one application to ask another application for information. Eg telemetry data
What does Bash stand for?
Bourne Again Shell
What are the 5 Essential Charcateristics of Cloud determined by NIST?
Broad network access: available over the network and accessed via standard protocols and communications technologies on any type of client device Rapid elasticity: automatically provisioned and decommissioned Measured service: measure resource utilization (compute, storage, and network) and charge for those services accordingly. On-demand self-service: consumer can provision compute, storage, and network as needed, through automation or self-service portals. Resource pooling: common pool of resources that can serve multiple customers
How else can you interact with the NetSIm devices in Cisco NSO?
By CLI.eg $ ncs_cli -C -u admin -C for Cisco
What security options can you use at the Data layer?
Clusters, Data Encryption, Secure Access
What is a CVE?
Common Vulnerabilities and Exposures (have CVE ID number and supervised by the MITRE Corporation with funding from the Cybersecurity and Infrastructure Security Agency)
What are southbound APIs?
Communication between the network controller and the data plane (network devices)
What happens at the build stage?
Compile and docker build.
What 2 data types are retreived from a NETCONF server?
Configuration data and Operational (statistical) data
What are the benefits of containers?
Consistency for deployment automation • Simplified lightweight image files measured in megabytes (whereas VM files are measured in gigabytes) • Providing only what the app needs and nothing else • Ability to work the same in production as on a developer's laptop • Open community-built best-of-breed containers for faster innovation • Ability to deploy applications in seconds
What is Cross-site scripting (XSS)?
An attacker attaches to a legitimate website code that will execute when the victim loads that website. Code typically copies cookies and sends to attacker's address who can then use to access sensitive data.
What is nornir?
An extendable, multithreaded framework with inventory management to work with large numbers of network devices
What format is the Ansible inventory?
Either INI or YAML format
What are the objectives of Lean?
Eliminate waste, just-in-time, Continuous Improvement (Kazan)
What is the adminstrators computer called in Chef?
The Chef workstation. Cookbooks are uploaded to the Chef Infra Server, and then the Chef Infra Client picks up via RSA protected connection
What is the name of the machine on which Ansible is installed?
The Control node - All flavors of Linux and BSD operating systems are supported (not Microsoft Windows) and can have multiple
What is the Docker host?
The Docker host is where the Docker daemon resides. Docker daemon (dockerd) is a service that runs on the host operating system and interfaces with the operating system kernel.
What transport type is DHCP?
UDP
What transport type is DNS?
UDP
What transport type is NTP?
UDP
What transport type is SNMP?
UDP
Why is the URI important?
URI is important in identifying the data being requested or configured: https://<ADDRESS>/<ROOT>/data/<[YANG_MODULE:]CONTAINER>/ <LEAF>[?<OPTIONS>]
What are the 4 strategies of URI Versioning?
URI path versioning Custom headers Content negotiation: allows you to version a single resource representation instead of versioning an entire API
What does a A CVE record consists of?
ID Description Impact (low/moderate/important/critical) Date published
What is the international standard for software lifecycle processes?
ISO/IEC 12207
What systems are supported by pyATS?
It is only available for Linux and macOS. Microsoft Windows is not directly supported, but could use Windows Subsystem for Linux (WSL).
What is napalm?
Network Automation and Programmability Abstraction Layer with Multivendor Support) is a Python module that provides functionality that works in a multivendor fashion
What is another anme for the SNMP Manager?
Network Management Station (NMS)
What is nmap?
Network Mapper, is a free open-source utility for network discovery and security auditing, available with macOS and Linux by default.
Does the managed device need to run anything in particular?
No it is agentless, and connects to managed devices just as a user - in most cases over SSH, but NETCONF and REST API interfaces are also supported.
Is Git the same as GitHub?
No, GitHub is not Git. GitHub is a cloud-based social networking platform for programmers that allows anyone to share and contribute to software projects (open source or private). Git is a distributed version control system
Does Cisco Network Service Orchestrator just manage cisco kit?
No, multivendor service-layer SDN controller for data center, enterprise, and service provider network
How should you differentiate a Class name from a function name?
Pep8 (introduced in Chapter 3) recommends capitalizing a class name to differentiate it from a variable.
What are the two ways of receiveing Model Driven Telemetry?
Periodic (as a fix Rate feed) or On Change (when a threshold crossed for example)
Name the 6 areas of the Software Development Lifecycle (SDLC)
Planning, Defining, Designing, Building, Testing , Deployment
What ports does NTP use?
Port 123
What is the planning area of the Software Development Lifecycle (SDLC) also known as?
Requirements Analysis
What is a key role of Network Controllers?
auditing and managing the configuration drift (when it has changed from its intended state) of the network elements
How do you log into RESTCONF connection on NetSim?
authorization header contains the basic authentication Base64 encoded for the admin username and the admin password.
How do import modules from you own device.py file?
from device import Router, Switch
What are the disadvantages of SNMP?
lack of writable MIBs (Management Information Bases) leads to poor configuration capabilities. lack of atomic transactions makes rollbacks to previous states difficult. SNMP is slow for monitoring purposes when large amounts of operational data CPU and memory resource intensive for large performance metrics
How do you enable RESTCONF on Cisco IOS XE device?
issuing ip http secure-server in configuration mode, and then restconf. It need to have a network admin account set up on the device.
How do you turn off a virtual environment?
just type 'deactivate'
What command imports native JSON and convert it to a Python dictionary (from JSON module)?
load()
What command imports JSON data from a string for parsing and manipulating within your program (from JSON module)?
loads()
What is the puppet project which enables orchestration called?
mcollective provides orchestration capabilities
What are the 4 attributes supported under NETCCONF's <edit-config> operation?
merge, replace, create, delete
What format do HTTP Header take?
name:value pairs. Multiple values, separated by commas
What 2 two capabilities does Docker use in the Linux kernel?
namespaces, which provide isolation for running processes, and cgroups, which make it possible to place resource limits on what a process can access.
What are the two modes of operation for NSO CLI?
operational mode, used primarily to monitor and maintain the platform, and configuration mode, used to configure the services, the devices, and the NSO server."
In unittest how do you check if it generates an error?
self.assertRaises(ValueError, area_of_circle, -1)
What pricniple does the Model-View-Controller (MVC) Design pattern leverage?
separation of concerns (SoC) principle - decouple an application's interdependencies and functions from its other parts,
What structure does YANG have?
tree in which each node has a name (and a concise description) and either a value or a set of child nodes.
How can you test for errors?
try-except-else-finally
How do you convert from YAML to Python and back?
yaml.load to convert from YAML objects into Python and yaml.dump to convert back to YAML.
How does a push request into Git trigger the CI/CD pipeline?
Using a webhook
What is the mitigation for Cross-Site Scripting?
Validate and sanitize input data. Employ cookie security, such as timeouts, encoding the client IP address, and so on.
Using Curl, what does -d allow you to do?
allows you to pass data to the remote server, either as a string or as a file
What is RESTCONF?
an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in the Network Configuration Protocol (NETCONF).
What is a Service API?
an application can call on another application to solve a particular problem (execute a task), eg payment systems
What library would you import for HTTP handling in Python?
Requests library response = requests.request(""GET"", url, headers=headers, params=querystring)
What two flavours of Puppet are available?
" Open source: community-driven collection of smaller projects and binaries (including mcollectiveand facter) Enterprise: streamlines installation + Enterprise Console, a single-pane-of-glass for all facts."
What two elements are a MAC Address made up of?
" Organizationally unique identifier (OUI): This 24-bit number identifies the manufacturer of the NIC. The IEEE assigns OUIs to NIC manufacturers. Vendor-assigned address: This 24-bit number uniquely identifies the Ethernet hardware."
How would you allow a function to use an unlimited number of arguments or keyword args?
" Python allows you to use * and ** (often referred to as *args and **kwargs) to define any number of arguments or keyword arguments.
Within the restconf HREF what 2 options for the top-level resources available?
" data and operations https://{{host}}:{{port}}/restconf/data/ietf-interfaces:interfaces-state/"
What do you import at the beginning of a unitest file?
"""import unitest"" and ""from file_name import function_to_be_tested"""
How do you check which git branch you are in?
"# git branch *master newfeature * symbolises the working branch"
How do you move or rename of a file in Git?
"# git mv -f oldfile.py newfile.py also updates the index at the same time, so there is no need to issue git add to add the change to Git. can use the -f argument if you are trying to overwrite an existing file or directory where the same target exists"
If you git init a directory, how do you add a remote Git repo to track?
"# git remote add origin https://github.com/chrijack/devnetccna.git git remote add (name) (url) git remote -v can be used to show which remote repository is configure"
Using the XMLTODICT module, how do you convert the data?
".parse with open(""xml_sample.xml"") as data: xml_example = data.read() xml_dict = xmltodict.parse(xml_example)"
What is a unit of action called in Ansible?
"A task $ ansible [pattern] -m [module] -a ""[module options]"""
How often do agents check their configs against the Puppet Master?
"Agents check their configuration every 30 minutes (by default). Software agents for Linux and Windows hosts, as well as Cisco NX-OS and IOS XR.
Give some examples of common HTTP response headers?
"Authorization: WWW-Authenticate: Sent by the server if it needs auth (with a 401) Accept-Charset: which character sets are acceptable Content-Type: eg. application/JSON Cache-Control: the cache policy defined by the server
What two parts manage Cisco NSO in general?
"Cisco NSO Core Engine (the communication backbone) manages critical operations (eg transactions, RBBAC, upgrades, rollback), which are handled by the transaction manager. Uses initial configuration defined in the ncs.conf file. And, the CDB stores all the platform data in a RAM database (all device and NSO info) -stored in RAM for speed"
What are the 2 types of approaches to infrastructure as code?
"Declarative: the desired state of the system is defined and then the system executes all the steps that need to happen in order to attain the desired state. Imperative: defines a set of commands that have to be executed in a certain order for the system to achieve the desired state."
What are the 2 ways of registering for Model Driven Telemetry?
"Dynamic: The subscriber sends a request, usually via the ietf-yangpush.yang data model. Cannot be changed but can be terminated Configured: configured via the CLI, NETCONF, or RESTCONF and is persistent between reboots."
How to start a local repo?
"Either use: $git clone https://github.com/CiscoDevNet/pyats-coding-101.git or: #git init newrepo"
How do you merge a git branch with master?
"First, commit your existing branch, and then change back to master. #git commit -a -m ""new feature"" #git checkout master Then issue git merge command identifying the other branch: # git merge newfeature"
What are the rules for naming a Python function?
"Must not start with a number Must not be a reserved Python word, a built-in function (for example, print(), input(), type()), or a name that has already been used as a function or variable Can be any combination of the A-Z, a-z, 0-9 and the underscore (_) and dash (-)"
What are two common use cases for pyATS?
"Profiling the current status of a network and taking a snapshot of both the configuration status as well as the operational data of the network, and Automating configuration changes and monitoring of devices"
How does the client keep track of NETCONF requests on the Server?
"The message id for the request <rpc message-id=""101"" xmlns=""urn:ietf:params:xml:ns:netconf:base:1.0"">
What does your file name and test functions need to be called?
"They need to start with ""test_"" to run automatically, and functions need to include (self) as an argument"
How do you skip a test in unittest?
"Use the decorator: @unittest.skip(""WIP"")"
How do you represent environment variables in Postman?
"With double curly brackets {{variable}} - eg [{""key"":""X-Auth-Token"",""type"":""text"",""value"":""{{api_token}}""}]"
How is XML made up?
"XML has a tree structure, with the root element being at the very top, parent/child relationship between elements Elements have a start tag (<>)and a closing tag (</>)."
Can you manage NetSim devices by RESTCONF?
"Yes, Cisco NSO exposes a RESTCONF northbound interface for automation. Eg: http://<NSO_Server_IP>:8080/restconf/data/tailf-ncs:devices/device"
How do you test just one function from the command line with unittest?
"You can name the function you wish to run, eg: python3 -m unittest test_maths.Block.test_values -v"
In Bash, how do you view a variable value?
"You can use the echo command and the variable you want to view $ echo $PATH"
In Bash, how do you reload reload the variables from the hidden configuration file .bashrc?
"You can use the source command - . Is an alias for source: $ source ~/.bashrc or $ . ~/.bashrc"
In Bash, if you've updated a variable how to do you retain the update for other sessions?
"You need to write the path statement to your .bashrc (or .zshrc if using Z shell) profile settings $ echo ""export PATH=$PATH:/Home/chrijack/bin"" >> .bashrc"
Name some of the tools in the Chef Library?
"chef and knife as well as testing tools such as Test Kitchen, ChefSpec, and Cookstyle. chef-repo, the central repository in which recipes and cookbooks are created, tested, and maintained "
What is netmiko?
"connection-handling library makes it easier to initiate SSH connections to network devices (pre-API devices)from netmiko import ConnectHandler"
What are some of the options for RESTCONF requests?
"depth = unbounded: default returned data should follow the nested models to the end. Or depth = integer value content = [all, config, nonconfig]: controls the type of data returned. Default = all fields = expr: limits what leafs are returned"
How can you map data on your local machine to a Docker container?
"docker container run --name test-nginx -p 80:80 -d -v ~/Documents/html:/usr/share/nginx/html nginx the mapping uses the -v or --volume flag when you launch your container
How do you see which running containers you have?
"docker ps -a -a shows the containers which were running but were exited"
How do you get an image off DockerHub?
"docker pull ubuntu or docker pull ubuntu14:04 for a more specific image"
How is the Ansible inventory made up?
(hostfile) a list of all the managed nodes: a list of IP addresses or hostnames for all the managed nodes as well as credentials and variables that can be referenced in playbooks. As get bigger, best practice to move the variables to dedicated files in group_vars/ (for groups of devices) and host_vars/ (for individual devices) folders. Variables can define: TCP/UDP port numbers, custom proxy configurations, timer values, etc.
How many principles in the Agile Manifesto?
12
How many keys are involved in Public Key Encryption?
2 - a public key (published) and a private key (or a public/private key pair).
How many components in the Observer design pattern?
2 - subject and observer.
What common NETCONF management operation, would be used to secure the the entire configuration data store system while operations are underway?
<lock> / <unlock>
What common NETCONF management operation, would be used to Gracefully terminate the NETCONF session?
<close-session>
What common NETCONF management operation, would be used to Retrieve all or part of the specified configuration data store?
<get-config>
What common NETCONF management operation, would be used to Retrieve running configuration and device state information?
<get>
How is the Union File System is a foundational building block for a container?
A file system service that was developed for Linux to allow different file systems to be layered on top of each other to create a combination, or union, to create a single merged representation of the contents. The layers are read-only, and are immutable. You don't update the code. There is no patching.
What is a set of tasks called in Ansible?
A playbook - an ordered set of tasks - written in YAML, common to name the main one site.yml
What is a YANG leaf-list?
A series of leaf nodes of a specific type. leaf-list trunk-interfaces { type string; description ""List of trunk interfaces""; }"
What is a reverse proxy?
A reverse proxy accepts a request from a user, forwards it to a server that can fulfill it, and returns the server's response to the client. It's the front face of the web service, and may be deployed with only one server.
What are northbound apis?
API communication from a network controller to its management software. Best practice is encrypted using TLS.
What is the name for the application of Lean to software development?
Agile
What is the commercial offering of Ansible called?
Ansible Tower offered by Redhat (includes a web user interface, a northbound REST API, role-based access control, statistics)
What replaces broadcast traffic in IPV6?
Anycast and Multicast (FF00::/8 prefix). Anycast addresses are allocated from the unicast global space, to accommodate the one-to-nearest data traffic requirement. Anycast is suitable for load balancing and content delivery services.
Name the 3 components of Cisco Application Centric Infrastructure (ACI)?
Application Network Profile: collection of endpoint groups (EPGs), their connections, and the policies Application Policy Infrastructure Controller (APIC): manages downstream switches and acts as a management plane. ACI fabric: spine and leaf switches, Cisco Nexus 9000 Series switches
How is authentication dealt with in RESTCONF?
Authentication is accomplished using typical HTTP authentication models (usernames and passwords are Base64 encoded).
What does a 401 response mean?
Authentication required
What are the 3 network configurations for allocating IP Addresses by DHCP?
Automatic allocation: assigns a permanent IP address to the client. Dynamic allocation: assigns an IP address to the client for a limited period of time called the lease time. Manual allocation: network configuration of the client is done manually by the network administrator,
What does a 400 response mean?
Bad request - The server could not interpret or understand the request;
What are the 5 application deployment models?
Bare Metal Virtualised Applications Cloud-Native Applications (application was written from the beginning to handle failures and redirect work to working nodes) Containerised Applications Serverless
What are cgroups in Linux?
Cgroups, or control groups, are used to manage the resource consumption of each container process.
What is the community-maintained central location called where cookbooks are created and shared?
Chef Supermarket
Which 3 Cisco Oses support YANG data models, NETCONF, RESTCONF, and gRPC?
Cisco IOS XE, a network operating system for enterprises, Cisco NX-OS, a network operating system for data centers, and Cisco IOS XR, a network operating system for service providers,
What 2 styles does the CLI come in with Cisco NSO?
Cisco style (Cisco CLI), and Juniper style (Juniper CLI). switch between them using the switch cli command.
What does CRUD stand for?
Create Read Uodate Delete
What is the down side of Basic Authentication?
Credentials are passed unencrypted (simple HTTP), so often used with SSL orTLS
What is CDRF?
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth.
What ports does DHCP use?
DHCP servers listen on UDP port 67 for requests from the clients and communicate with the DHCP clients on UDP port 68.
What is Dlint?
Dlint is a tool from Duo Labs (Cisco) that defines and checks for common best practices when it comes to writing secure Python. Dlint leverages Flake8. Flake8 does the heavy lifting of parsing Python's AST, allowing you to focus on writing robust rule sets.
How do you look at the docker images you have on your machine?
Docker images
What distinguishes XML?
Extensible Markup Language (XML) encodes information between descriptive tags.
What you the docker file say to install nginx?
FROM ubuntu:latest MAINTAINER Cisco Champion ([email protected]) RUN apt-get update && apt-get upgrade -y RUN apt-get install nginx -y EXPOSE 80 443 VOLUME /usr/share/nginx/html CMD ["nginx", "-g", "daemon off;"]
Name 5 common commands for a Dockerfile?
FROM: Selects the base image used to start the build process or can be set to scratch to build a totally new image. • MAINTAINER: Lets you select a name and email address for the image creator. • RUN: Creates image layers and executes commands within a container. • CMD: Executes a single command within a container. Only one can exist in a Dockerfile. • WORKDIR: Sets the path where the command defined with CMD is to be executed. • ENTRYPOINT: Executes a default application every time a container is created with the image. • ADD: Copies the files from the local host or remotely via a URL into the container's file system. • ENV: Sets environment variables within the container. • EXPOSE: Associates a specific port for networking binding. • USER: Sets the UID (or username) of the user that is to run the container. • VOLUME: Sets up a sharable directory that can be mapped to a local host directory. LABEL: Provides a label to identify the created Docker image.
What are the 7 benefits of working with CI?
Fewer bugs Automated builds, tests, documentation, and reports Multiple releases per day Dedicated build and test servers Frequent commits More features Stability
What security options can you use at the Application layer?
Firewalls, Load Balanacers, Proxies
What are the 3 ways of Dev Ops?
First Way: Agile Systems and Flow Second Way: Feedback Loop Third Way: Continuous Experimentation and Learning
How do you push a image to the repo on DockerHub?
First tag the image: $ docker image tag 04ae8c714993 chrijack/newrepo:firsttry Then, push the image: $ docker image push chrijack/newrepo:firsttry
What re the steps to starting Puppet?
First, need to define the state, then can do a dry run to see what needs changing, then can deploy. Puppet checks current state and configuration, and then applies the necessary changes
What does a 403 response mean?
Forbidden -
How are pyATS Test Suites stored?
Have the ability to build test suites through YAML-based text files.
What is the best process for troubleshooting?
From Bottom to Top of the OSI Model - start with the Physical
Name some SNMP Messages?
GetRequest: to request the value of a variable or list of variables. agent returns a Response message. SetRequest: request a change to a variable or a list of variables. agent returns a Response with the new values. GetNextRequest: discover available variables and their values, used to "walk" the entire MIB of an agent. Agent returns a Response message. GetBulkRequest: optimization of the GetNextRequest message- ntroduced with SNMPv2, contains multiple iterations of the GetNextRequest call. Response: SNMP agent generated message, as requested Trap: SNMP agent generates this notification message to signal when critical events take place InformRequest: SNMP agent sends this acknowledged notification to the SNMP manage
What other tools are there for HTTP Requests?
HTTPie, Simple JSON Server, and browser Dev Tools
Name to popular open source SDN Controllers?
OpenFlow and OpenDayLight (from Linux Foundation)
What are the four subconstraints of Uniformed Interface of REST?
Identification of resources: resources are uniquely identified by URIs. Manipulation of resources through representations: servers deciding if accepts. Self-descriptive messages: all info in message Hypermedia as the Engine of Application State (HATEOS): Hypermedia = links, the server can include in the response
What are the 5 elements of the NIST Cyber Security Framework?
Identify, Protect, Detect, Respond, Recover (IPDRR)
What are the 3 service models of Cloud deterined by NIST?
Infrastructure as a service (IaaS): (Managed up to OS) -- Platform as a service (PaaS) (managed up to application) --- Software as a Service (entired managed)
Other than Unit Testing what other types of testing are there?
Integration and Functional Testing
What does a 500 response mean?
Internal server error
What does iperf tool do?
It can be used to dynamically generate traffic and perform load stress on the network to ensure that large amounts of data can be transported between the source and destination
What is the Docker client?
It is a command-line utility (run with the docker command) that talks to the REST API of the Docker daemon
What is a webhook?
It is a reverse API - user-defined HTTP callbacks, triggered by an event
How do you know which configuration data stores a NETCONF device supports?
It is advertised through capabilities. When opening a new session with a NETCONF server, the first message that is sent by the server contains a list of all the capabilities that the server supports.
How is JSON made up?
It is made up of key/value pairs, with {} and [] There is no comma at the end of a block
What is the draw back to the Waterfall approach to software development?
It is serial, so each phase must be complete for others begin and the value is not achieved until the end of the whole process. Quality can also be a challenge.
What Is the Authoritative name server?
It is the final step in the resolution process. In the case of cisco.com, there are three authoritative servers: ns1.cisco.com, ns2.cisco.com, and ns3.cisco.com.
What is a YANG leaf node?
It is the simplest and has one value of a specific type: leaf intf-name { type string; description ""The name of the interface""; }
When would you use Simple Object Access Protocol (SOAP)?
It is used to communicate between apps in different languages Java, .NET, and PHP.
What is a YANG Container?
It is used to group related nodes within a subtree. It has only child nodes and no value. <statistics> <in-octets>5983247896</in-octets> <in-errors>2578</in-errors> <out-octets>678845633</out-octets> <out-errors>0</out-errors> </statistics>
What is Atomicity in automated Network Configuration?
It means that either the intended configuration has been applied to all network elements without error or, to deal with potential errors, there is a rollback mechanism in place to ensure that the partial configuration is removed and the devices are brought back to the initial state before there is any attempt to change the configuration.
What does /dev/null mean in a git diff output?
It means the file didn't exist before, and is a new addition
How does Cisco NSO let you test configurations?
It provides a network simulation tool called ncs-netsim.
What sort of tests does pyATS and the pyATS library perform?
It runs unit tests, regression tests, and end-to-end and integration tests for a large number of Cisco products.
What order does the Rescursive Resolver resolve the DNS query?
It sends to the Root Server first, then the TLD Server, then the Authorative Name Server before responding to the client with the IP Address.
What does the hostkey_verify parameter, do for the manager.connect module in ncclient?
It specifies whether the script should look for hostkey verification information in the ~/.ssh/known_hosts location.
How does Cisco NSO model changes to individual devices?
It uses Network Element Drivers (NEDs) to model native device CLIs into YANG models.
What language does Puppet use?
It uses a declarative resource-based language called Puppet Domain Specific Language (DSL).
What ports does DNS use?
It uses port 53 to serve resolution queries. Several Types of records are stored: including IP addresses (A records for IPv4 and AAAA records for IPv6 addresses), SMTP mail exchangers (MX records), IP addresses of name servers (NS records), and alias records (CNAME).
What remote operation does NETCONF use?
It uses remote procedure calls (RPCs), client sends its XML-formatted message to the server, nesting the request within an <rpc> XML element, and the server returns results within an <rpc-reply> element.
Using Curl, what does -X allow you to do?
Pass the HTTP method, which normally defaults to GET.
What distinguishes JSON?
JavaScript Object Notation is key: value data format that is typically rendered in curly braces {} and square brackets []. A key/value pair has a colon (:)
Name some popular CI/CD applications?
Jenkins, Travis CI, and Drone CI.
What is an artifact repository?
Just a fancy name for the place finished software is stored
Name some Container Orchestration programmes?
Kubernetes, DC/OS, and Docker Datacenter
What does a 405 response mean?
Method not allowed (eg GET, POST etc)
What are the 4 types of nodes for data modelling?
Leaf nodes Leaf-list nodes Container nodes List nodes
Is Chef agent-based or agent-less?
Like Puppet it is agent-based?
Who invented Git?
Linus Torvalds
What are the three main structures of Git?
Local workspace (stores files)/ Staging area:(stores files for synchronisation)/ Head, or local repository (store committed files)
Are RPCs synchronous or Asynchronous?
RPC calls are typically synchronous, but there are also asynchronous RPC calls,
How can you tell a manifest file?
Manifests are standard text files that contain Puppet DSL code and have the .pp extension. # Configuring the interface using Puppet cisco_interface { "Ethernet1/3" : switchport_mode => enabled, }
What are the 3 places data needs to be protected?
Network (data in motion) Storage (data at rest) Memory (data in use)
What design pattern do Django and Flask use?
Model-View-Controller (MVC) Design pattern
What 3 parts make up a YANG module?
Module-header statements describe the module Revision statements provide information about the history of the module. Definition statements are the body of the module
What does a 301 response mean?
Move permanently - The URL of the new location is given in the Location response header
What are the Northbound API (Connection) types for Cisco NSO?
NETCONF, RESTCONF, JSON/RPC, a CLI, a web user interface, and SNMP
How does Cisco NSO communicate with network devices southbound?
NETCONF, the CLI, SNMP, and OpenFlow.
What is an OID?
NMS are organized as a list of data objects called a Management Information Base (MIB). A MIB is organized as a tree-like structure with unique variables represented as leaves. Each variable in the tree is uniquely identified by an Object Identifier (OID)
What is NSE?
NSE is the Nmap Scripting Engine (NSE)- allows you to use a predefined script to check for vulnerabilities or even write your own by using Lua programming language
What does a 404 response mean?
Not found
When opening a file with open('filename.txt', 'a') - what does 'a' stand for?
Open for writing, appending to the end of the file if it exists
What is the Chef tool like facter which collects system information such as the operating system, network, memory, disk, CPU?
Ohai
What is the difference between the OpenConfig YANG models and the vendor specific ones?
Open data models provide lowest common denominator for platforms, while Native data models are specific for each network vendor. YANG is an extensible language,
What DHCP option do Cisco Phones use to get their config?
Option 150
What DHCP option do Cisco Wireless Aps get their WLC IP Addresses from?
Option 43
"What HTTP method ""Appends data to a specific destination""?"
PATCH (Adding an NTP server)
"What HTTP method ""Replaces data at a specific destination""?"
PUT (Updating an NTP server)
What are the 4 Appplication Deployment options for cloud defined by NIST?
Private Cloud - dedicated Resources Public Cloud - Resources are publicly shared Hybrid Cloud - (combination of public and private models.) Community Cloud - community of customer ( that have a common policy, security, compliance, or mission)
What are the three ways APIs can be consumed?
Private, Partner, Public
What are the 3 types of forwarding?
Process switching Fast switching Cisco Express Forwarding (CEF) switching
What is the difference between process switching and fast switching?
Process switching all packets go to the CPU. Fast switching - CPU is involved for only the first packet that is routed. Once the route cache is populated, the input interface driver does a route-cache lookup and fast switches
What is the community-based central repository for puppet manifests and modules called?
Puppet Forge
What is the main difference between Ansible and Puppet?
Puppet is agent-based. Some network devices can't take agents, so Proxy devices can be used in these (but this is far from ideal).
Is Puppet declarative or imperative?
Puppet manages systems in a declarative manner. Puppet models the desired system state, enforces that state, and reports any differences between the desired state and the current state of the system for tracking purposes.
What are the instruction files in Puppet called?
Puppet manifests.
What is model-driven telemetry?
Push method required -which can be subscribed to through YANG and NETCONF
Which module would you import for YAML?
PyYaml
What langauage does Ansible use?
Python
What does pyATS stand for?
Python Automated Test System
What does PEP stand for in Python?
Python Enhancement Proposals (PEPs) - PEP8 is a popular standard for styling Python code
What advantages for SDK provide?
Quicker integration Faster and more efficient development Brand control, eg Apple SDK provides similar look and feel for IOS apps. Increased security Metrics
How do you symbolise inheritence in Classes?
Reference the parent class when creating the class: eg class Switch(Router):
What is Cisco Express Forwarding (CEF)?
Removes the CPU from processing forwarding. CEF builds a route cache with forwarding information; this is known as the Forwarding Information Base (FIB) table, including precomputed reverse lookups and next-hop information for routes.
What algorithms can a load balancer use for chosing the right server for a request?
Round-robin: Selects servers in turn • Least connected: Selects the server with the lowest number of connections; this is recommended for more extended sessions • Source/IP-hash: Chooses a server based on a hash of the source IP • Cookie marking: Adds a field in the HTTP cookies, which could be used for decision making • Consistent IP-hash: Adds and removes servers without alarming cached items or session persistence
What language is Chef written in?
Ruby
What language is Puppet written in?
Ruby
What is an SDK?
SDK (software development kit) or devkit - are tools that developers can use to create software or applications for a certain platform
What ports does SNMP use?
SNMP agent listens on UDP port 161 for requests. Through notifications, the SNMP agent notifies the SNMP manager about critical events. NMS listens for these notifications on UDP port 162.
Which two versions of Simple Network Management Protocol (SNMP) are used in production these days?
SNMPv2c and SNMPv3
What transport mechanism does NETCONF use?
SSH or TLS (Username and password as well as SSL certificates can be used).
What are the differences between SSL and TLS?
SSL refers to Secure Sockets Layer whereas TLS refers to Transport Layer Security. SSL and TLS are cryptographic protocols that authenticate data transfer between servers, systems, applications and users. However, the differences between SSL and TLS are very minor, with TLS supporting more modern Cipher suites ( like RC4, Triple DES, AES, IDEA, etc.)
When was SSL deemed insecure?
SSL v3.0 deemed insecure in 2004 due to the POODLE attack.
How do you activate a virtualenvironment in Windows?
Scripts\activate.ps1
What security options can you use at the Presentation layer?
Secure Access, HTTPS, Authorisation, MFA
What advantages does a Reverse Proxy give?
Security Scalability and flexibility Web acceleration (Compression, SSL Termination, Caching) Content Filtering Authentication
Why do organisations implement rate-limiting?
Security (prevent DDoS), Business Impact (Monetization), Effiency (ensuring good response times)
The Cisco FASTMAP algorithm fulfils what 3 functions?
Service dry-run: NSO calculates device changes neccessary Service check-sync: service configuration is verified to be in sync with the actual device configuration. Checking config drift. Service re-deploy: configurations can be redeployed to restore a service.
What are the 4 components of Cisco NSO?
Service manager Device manage Mapping logic Configuration database
What does a 503 response mean?
Service unavailable
What 2 protocols does Simple Object Access Protocol (SOAP)?
Simple Mail Transfer Protocol (SMTP) or HTTP
What are the four stages in CI?
Source, Build, Test, Deploy
What is the TLD name servers?
TLD name servers host the last portion of a hostname (eg TLD for all .com and other domains)
Which version of TLS is current?
TLS v1.3 was released in August 2018, TLS v1.2 is also heavily in use, though earlier versions are depreciated from March 2020
What ways does pyATS support connecting to a device?
Telnet, SSH, REST, NETCONF, and RESTCONF.
Name one popular Infrastructure as Code solution?
Terraform from HashiCorp.
What does the -I stand for in: $ ansible-playbook -i hosts site.yml -u admin -k?
The -i option specifies the name of the inventory file
What is the main server called in Puppet?
The Puppet Master
What is the SNMP Agent?
The SNMP agent is the software component that runs on the managed device and translates between the local management information on the device and the SNMP version of that information
How can you check if a device has RESTCONF enabled?
The device should expose a resource called /.well-known/host-meta Can send a GET request to URI:port/.well-known/host-meta
How does a subject know to send info to an observer?
The subject has a registration process that allows other components of an application or even remote systems to subscribe to the process and the notified whenever there is a change in the subjects data.
What are Puppet modules?
They are groups of files/ manifests, kept in subdirectories for maintaining state
What is a link-local IPv6 address?
They are only on a particular physical link and are not forwarded by routers. Link-local addresses are part of the link-local prefix FE80::/10 and are extensively used in IPv6 routing protocols for neighbor and router discovery,
What are the DNS Root name servers?
They are the top of the DNS hierarchy are the servers that have lists of the top-level domain (TLD) name servers.
What is a Remote-procedure calls (RPCs) or subroutine call?
They make it possible to execute code or a program on a remote node in a network
What is pysnmp?
This is a Python implementation of an SNMP engine for network management
"What is a "distributed control plane architecture""?"
This is traditional routing, where all device manage control plane.
What are the 6 areas of Secure Development?
Threat Modeling, Secure Coding, Code Reviews, Secure Tooling, Security Testing, Training and Education
What sort of tests can be performed as part of CI process?
Unit tests and smoke tests that perform quick sanity checks. Integration Tests, code coverage, code standards, and end-to-end tests that try to mimic the way users interact with the software as closely as possible.
What stages can a file be in?
Untracked, unmodified, modified, staged
How do you move a file from modified to staged?
Use the git add command
How do you move a file from untracked to tracked?
Use the git add command
What are the 5 SOAP Fault Codes?
VersionMismatch MustUnderstand DataEncodingUnknown Sender Receiver"
Which version of SOAP is recommended by World Wide Web Consortium (W3C)?
W3C recommends using version 1.2 . A protocol binding must be used for the version of SOAP that the client intends to use.
What happens during a Remote Procedute Call to prevent DDoS attack?
While this communication is happening, the client is blocked, allowing the server time to process the call.
What data type is Simple Object Access Protocol (SOAP) based on?
XML
What format is YANG expressed in?
XML
What payload does NETCONF use?
XML
How can data be encoded with RESTCONF?
XML or JSON application/yang.api+xml for XML-encoded payloads application/yang.api+json for JSON-encoded data
How is a Ansible play marked in a playbook?
YAML files start with --- (and so do Ansible playbooks). one play - marked by the hyphen (-) character at the leftmost position. Name is optional but is displayed. - name: show version and ip interface brief ios_command: commands: - show version
When was YANG defined?
YET ANOTHER NEXT GENERATION was defined by the IETF in 2010 in RFC 6020 specifically to be used with NETCONF,
How do you create a Test Fixture with unittest?
You can create functions: def setUp(self) and def tearDown(self) to facilitate
What does each device have with Chef?
a Chef Infra Client
"What is ""Infrastructure as Code""?"
a new approach to infrastructure automation that focuses on consistent, repeatable steps for provisioning, configuring, and managing infrastructure.
What is test-driven development?
a software development process relying on software requirements being converted to test cases before software is fully developed, and tracking all software development by repeatedly testing the software against all test cases
What are Kubernetes?
an open source orchestration and automation framework that can be used to operationalize containers
In the inventory file in Ansible what do brackets denote?
brackets are used to define group names, used to classify hosts that share a common characteristic [iosxe] 10.10.30.171 [iosxe:vars] ansible_network_os=ios ansible_connection=network_cli
How do you move up one directory in bash?
cd ..
What are the principles of Agile?
close, daily cooperation , co-location, working software is measure of success, simplicity, changing requirements are welcomed,
What is the difference between datetime and time libraries?
datetime allows you to create, format, and work with calendar dates and time. Time allows you to add time-based delays and clock capabilities
In a SOAP fault message what 2 elements are optional?
faultActor (specifies which node caused a fault) and details (application-specific error messages;)
In a SOAP fault message what 2 elements are obligatory?
faultCode and faultString
How do you find out everything to do with the creation of your container, such as network and runtime environment, mappings, etc?
docker container inspect a583eac3cadb
How do you check how many docker containers and images you've got?
docker info
How do you see runnning containers?
docker ps or docker ls
How do you remove a docker image?
docker rmi ubuntu14:04
How do you get a container to run in the background?
docker run -d --name web -p 80:8080 nigelpoulton/pluralsight-docker-ci '- d' means start in detact mode - start but don;t throw it up on my terminal '--name' just give it a name, here it's web '-p' mapping the ports. Here it is saying map port 80 in the client to port 8080 inside the container
How do you launch ubuntu with BASH in docker?
docker run -it --name temp ubuntu:latest /bin/bash
How do you stop all docker containers?
docker stop $(docker ps -aq)
What command writes JSON data from Python objects to a file (from JSON module)?
dump()
What command takes JSON dictionary data and convert it into a serialized string for parsing and manipulating within Python. (from JSON module)?
dumps()
WHat is the binary which is used for telemetry and monitoring devices in Puppet called?
facter
What is gRPC?
gRPC is an open-source project started by Google to provide a modern remote procedure call (RPC) framework
How do you delete a branch?
git branch (-d) <branchname>
How do you create new branch?
git branch <branchname> [commit]
How do you pull down a remote repo?
git clone <url>
How to move a file from staged to local repo?
git commit
How can you check your commit history?
git log
How do you check the status of files in Git?
git status
What is a Hardware API?
hardware APIs are used gain access to the features of hardware or sensors devices, eg GPS location
What does the hosts key word denote in the Ansible Playbook?
hosts keyword specifies which hosts or machines the play will be executed against (defined in the inventory file). --- - name: Test Ansible ios_command on Cisco IOS XE hosts: iosxe tasks: - name: show version
Which client in the Python Library would you use for NETCONF?
ncclient
How do you enable NETCONF on the Cisco CSR1000V?
netconf-yang command in the configuration mode
How do the Puppet Master and the agents communicate?
over an encrypted SSL connection.
Hw do you load a requirements file if someone has included in their code?
pip install -r requirements.txt
Which port does NETCONF use?
port 830
How do you represent a YANG model as a tree using pyang?
pyang -f tree ietf-interfaces.yang.
What is pyats?
pyats is an incredible framework for constructing automated testing for infrastructure as code.
How do you create a virtualenv in Bash and Windows?
python3 -m venv myvenv
What are the 3 configuration data stores in NETCONF?
running (only one) , candidate (<commit> operation to turn to run), start-up (explciit <copy-config> for running)
Hwat does git diff HEAD show?
shows the differences between your most recent commit and your current working directory. Useful for seeing what will happen at your next commit.
What is a Dockerfile?
simply a text file with a structured set of commands that Docker executes. It must be named Dockerfile, and place it in the working directory where you want to create an image
How do you activate a venv in Bash?
source myvenv/bin/activate
Using Curl, what does -insecure allow you to do?
tells curl to ignore HTTPS certificate validation.
What is a unit test?
test that is conducted on small, functional aspects of code
What does the -k stand for in: $ ansible-playbook -i hosts site.yml -u admin -k?
the -k option specifies that the user should be asked for the connection password when the playbook is executed.
What would the -v command mean in running: $ ansible-playbook?
the -v option with the ansible-playbook means display it to screen
In ncclient which module handles the NETCONF connection?
the Manager module: with manager.connect( host=NXOS_HOST, port=NETCONF_PORT, username=USERNAME, password=PASSWORD, hostkey_verify=False ) as device:
What are the 3 components of the Docker architecture?
the client, the Docker host, and the docker registry
What is the digital signature?
the public/private key pair are hashed using A key exchange algorithm, such as Rivest-Shamir-Adleman (RSA). Rather than encrypting the data itself, you can create a one-way hash of the data and then use the private key to encrypt the hash. The encrypted hash, along with other information, such as the hashing algorithm, is known as a digital signature.
What is the DNS recursive resolver?
the server that receives DNS queries from client machines and is making additional requests in order to resolve the client query.
What is a module?
units of Python code that get executed by Ansible, for specific use.
When you create a class in unittest what does it need to inherit?
unittest.TestCase
To automatically run the unittest what do you need to put under the if __name__ == '__main__':?
unittest.main()
How is a Custom Token generated?
user to enter his or her username and password once and receive a unique auto-generated and encrypted token, which can be time-bound
How is YAML made up?
uses Python-like indentation to differentiate blocks of information, with JSON syntax (but features like comments which aren't available in JSON). Related data is at the same indent
Name the 4 Components of Cisco SDWAN?
vManage (for management): a GUI-based network management system vSmart (controller): vSmart is the main brain of SD-WAN, and it manages the control plane. vEdge (data plane): vBond (orchestrator):
What are Feilding's Constraints for REST?
® Client/server - exist separately ® Have to be Stateless ® Cache - must be explicit. GET by default cacheable, POST, PUT and DELETE non-cacheable. ® Uniform interface ® Layered system - should be easy to add layer (eg load balanacers) ® Code on demand
What are three ways that an API key can be passed to a server?
® String GET /something?api_key=abcdef12345 ® Request header X-API-Key: abcdef12345 ® Cookie Cookie: X-API-KEY=abcdef12345"
What are the 5 principles of DevOps?
• Culture: DevOps requires a culture of sharing. • Automation: Automation is the most easily identifiable benefit. speed up the deployment process, • Lean: continuous improvement and learning. • Measurement: Success with DevOps requires the measurement of performance, process, and people metrics as often as is feasible. • Sharing: DevOps requires a culture of feedback and sharing, and shared fate. Breaking down silo.
What are the 4 components of SOAP messages?
• Envelope • Header • Body • Fault (optional)
What 5 elements is a GET request made up of?
• GET: all uppercase. • Request URI: from the root / of the document base directory. • HTTP version: Either HTTP/1.0 or HTTP/1.1. This client negotiates the protocol to be used for the current session. • Request headers (optional): optional request headers (such as accept and accept language)prefers). Request body (optional): inc the query string "
What are the disadvantages of serverless?
• Latency: Spin-up time from idle for the function can cause significant delays that must be accounted for in application design. • Resource constraints: Some workloads need more resources than the service may typically be allocated for, causing heavy charges. • Monitoring and debugging: limited visibility into the underlying infrastructure => difficult to troubleshoot performance, with often proprietary tools • Security and privacy: use shared resources. Misconfiguration can result in compromises and data loss. There are on-premises options for serverless that can give businesses more control over their data and security posture. • Vendor lock-in: This is a big one. Each provider has its own tools and frameworks, so Migration between providers is not trivial.
What are the 3 components of SNMP service?
• Managed devices • SNMP agent • SNMP manager
What 4 things is the URI made up of?
• Protocol • Server/host address • Resource • Parameters
What are the 3 types of data in YAML?
• Scalars: The simplest is a keyvalue view. • Lists/sequences: Data can be ordered by indexes. • Dictionary mappings: These are similar to scalars but can contain nested data, including other data types.
What are the 6 data types which JSON can be?
• String • Number • Object • Array • Boolean (true or false) • Null
What 4 elements need to be included in a HTTP request?
• URL (uniform resource locator) • Method • List of headers • Body
What are the optional parameters for the ios_command in Ansible?
• interval: interval of time, in seconds, to wait between retries • retries: Configures the number of retries for a command before it is considered failed. wait_for: Specifies a list of conditions that have to be evaluated against the output of the command. In this example, it could be defined as wait_for: result[0] contains IOS-XE, which verifies that the output of the show version command contains the value IOS-XE
What are the 6 Linux namespaces which provide isolation for containers?
• mnt (mountpoints): This namespace is used for mapping access to host operating system storage resources to the container process. • pid (processes): This namespace is used to create a new process ID for an application. • net (networks): This namespace is responsible for network access and mapping communication ports. • ipc (System V IPC): Inter-process communication controls how the application can access shared memory locations between applications within containers. • uts (hostname): This namespace controls host and domain names, allowing unique values per process. • user (UIDs): This namespace is used to map unique user rights to processes.