Encor Book
What is the SaltStack GUI called
SynDic
Etherchannel common setting issues
Type/mode/native vlan/allowed vlan/speed/duplex/mtu/load intereval/storm control
How to enable UDLD globally
UDLD enable
How to set the VTP Version
VTP Version ""
What type of quote is used around a key / value
"
What does RID stand for with OSPF
Router ID
Ebgp AD
20
What is the language associated with Chef?
Ruby
What is Chef written in
Ruby and Erlang
What is DSL based on
Ruby mostly
How to see NTP Seettings
Show ntp status
What does TCI stand for
Tag Control Information
What does TPID stand for
Tag protocol Identifier
TPID
Tag protocol identifier
How many AVF and AVG can you have in one GLBP?
4 AVF, 1 AVG, can colocate
System Priority
4 bit value - preference for a switch to be root
What is the code for Bad Request
400
What is the HTTP status code for Unauthorized?
401
What is the code for Unauthorized
401
What is the RFC for MGBP
4760
10. Which of the following UDP ports is the UDP port officially assigned by the IANA for VXLAN?
4789
How to verify adjacencies
Sh ip ospf neighbor
What is the major difference between eBGP and iBGP
One is for routing inside an AS, one is for routing with other AS
How often are keepalives sent
One third of the time of a Hold timer
Which of the following transmission methods is multicast known for?
One-to-many
Common Loop Causers
STP Disabled / Load Balancer Misconfigured / Bridged ports on vSwitch / Hubs
EIGRP uses a reference bandwidth of ________ with the default metrics.
10 Gbps
Downside of a QoS Policer
Causes retransmits, best for voice
What is a Protocol Independent Multicast
Multicast that works with any unicast protocol
Show OSPFV3 inteface status
Show ospf3 interface gigabitethernet 0/1
How to see OSPFV3 interface status
Show ospfv3 interface
Show PID/Cost/State
Show ospfv3 interface brief
How to show OSPFV3 Adjacency
Show ospfv3 ipv6 neighbor
How to see traffic between zone pairs
Show policy-map inspect zone-pair
Display STP Root Bridge and Cost
Show spanning-tree "vlan"
How to see MST info on an instance
Show spanning-tree mst "instance"
How to see instance / vlan MST config
Show spanning-tree mst configuration
How to see MST settings for in interface
Show spanning-tree mst interface gig ""
How to view status of HSRP
Show standby 10
How to show established BGP connections
Show tcp brief
Command to see tracking configured
Show track
How to show UDLD settings
Show udld
Command to see VRRP status
Show vrrp
How to show VTP Version and Domain Name an Mode and number of VLAN's
Show vtp status
What does BPDU guard do
Shuts down ports configured with Portfast when they receive a BPDU
How to calculate SNR
Signal - noise floor
AMP Cloud
Signature Based
Set MST Root with Script
Spanning-tree mst "instance" root {primary / secondary}
How to enable BPDU Guard Globally
Spanning-tree portfast bpduguard default
How to enable Portfast globally
Spanning-tree portfast default
How to set STP max age
Spanning-tree vlan "" max-age
How to verify an OSPF P2P interface
Show ip ospf interface s0/1| include type
OSPF Ethernet Cost
10
What does AFI stand for
Address Family
What RFC defines OSPF
ABR
Algorithm run by OSPF
Dijkstra / SPF
What are the two packet header types for IPSEC
Auth header / encap sec payload (ESP)
What are the two models of underlay
Automation / Manual
IPSec Encryptions
DES/3DES/AES/MD5/SHA/DH/RSA/PSK
What does DSSS stand for
Direct Swequence Spread Spectrum
802.1x components
EAP / EAP Method / EAPoL / Radius
2 color types of traffic
Exceed / Conform
How to manage Firepower FTD
FMC / FDM
Who assigns ASN's
IANA
Three kinds of Fabric Border Nodes
Internal Default (Outside) Internal and Default
Model best for Voice / Video
IntServ
OSPF V3 LSA Type 9
Intra-area prefix
What does LLQ stand for in QoS
Low-latency queuing
MSP stands for
Multiple Spanning-Tree Protocol
Link State Protocol
OSPF
What tests can you do under "Client Test"
Ping, Connection, Packet Capture, Event Log
What RFC defines global commnities
RFC 1997
What is SE-Connect
Spectrum Analysis with 3rd party
What is the Threat Grid?
The Cisco sandbox malware analysis solution
How are multiple metrics summarized in OSPF
The lowest Metric is taken
What does Drop Eligible Indicator mean
The packet can be dropped if needed
How to stop debugging globally
Undebug all
Versions of VRRP
Version 2 and Version 3 (ipv6)
Why the heck would you use SXP
Your shit doesn't support inline of course dummy
What is the advertised network for the loopback interface with IP address 10.123.4.1/30?
10.123.4.1/32
Examples of a Prefix Match
10.168.0.0/13 ge 24 10.0.0.0/8 ge 22 le 26
Which network prefixes match the prefix match pattern 10.168.0.0/13 ge 24? (Choose two.)
10.168.0.0/24
What seperates a Key from its Value
": " without the quotes
Which of the following is a YAML example?
# HR Employee record Employee1: Name: John Dough Title: Developer Nickname: Mr. DBug
What are some NFV's
(Cloud Service Router) CSR 1000V (Cloud System Platform) CSP 2100 ISRv NGFWv ASAv
Consider a scenario with a transmitter and a receiver that are separated by some distance. The transmitter uses an absolute power level of 20 dBm. A cable connects the transmitter to its antenna. The receiver also has a cable connecting it to its antenna. Each cable has a loss of 2 dB. The transmitting and receiving antennas each have a gain of 5 dBi. What is the resulting EIRP?
+23 dBm
What symbol ends a line with a key/value
,
Type 4 LSA
ASBR Summary - Summary LSA for a ASBR
When it is 1/10 the original power how many DB is it
-10
When the power is halved, what is the DB decrease
-3
OSPF automatically assigns a link cost to an interface based on a reference bandwidth of ___________.
100 Mbps
What is the longest prefix typically accepted by an ISP
/24
Connected AD
0
What is the instance number for an IST
0
How is Air Quality Rated
0 - 100, 100 being best
Three default priv levels
0 / 1 / 15
Two transmitters are each operating with a transmit power level of 100 mW. When you compare the two absolute power levels, what is the difference in dB?
0 dB
What range is RSSI
0 to 255, 255 is weakest
Types of Cisco Passwords
0,5,7,8,9
Which password types are not secure
0,7
Multicast MAC address starts with what address
01:00:5E
The first 24 bits of a multicast MAC address always start with ______.
01:00:5E
What is the MacSec ethernet type
0x88e5
How many ACL per interface on router
1
OSPF 10GigE Cost
1
OSPF FE Cost
1
OSPF GigE Cost
1
Static AD
1
What is the default TTL for eBGP
1
How much does a QoS token represent by default
1 byte or 8 bits
Allowed ACL numbers
1-199 / 2000 - 2699
What is the max recommended RTT for an AP and Controller
100ms
What is the default PIM-SM Hello time
105 seconds
OSPF AD
110
IS-IS AD
115
System ID Extension
12 bit value - VLAN that BPDU correlates to Switch Identification
RIP AD
120
What port is used by NTP
123
Using default settings, how long does a port stay in the listening state?
15 seconds
What is the recommended max latency for realltime traffic
150ms
How many MST instances can a cisco switch support
16
How many VLAN's can VXLAN have
16 Million
What fields does MacSec add
16 byte ICV
AS Numbers - How many bits
16 originally, then 32
EIGRP (External) AD
170
What port does BGP and MBGP use for session peering
176
What port does BGP use to communicate?
179
BGP Default Hold Time
180 Seconds
When does a router OSPF LSA age require a re-advertisement?
1800 Seconds
Port for Radius
1812 / 1813
RFC for VPN
1918
Cisco AP's can function in how many modes
2
How many tiers in OSPF
2
Is PFS Phase 1 or Phase 2
2
How many bits are TPID / TCI
2 and 2 bytes
What is the actual wavelength of 2.4
2.412 - 2.4835Ghz
None of these answers are correct; you need a calculator to fi gure this out. Transmitter A has a power level of 1 mW, and transmitter B is 100 mW. Compare transmitter B to A using dB, and then identify the correct answer from the following choices.
20 dB
What is the code for OK
200
iBGP AD
200
When was N released
2009
What is the code for Created
201
When was AC released
2013
OSPF Multicast IP Address
224.0.0.5
OSPF ALLDRouters Multicast
224.0.0.6
Which of the following multicast address ranges match the administratively scoped block? (Choose two.)
239.0.0.0 to 239.255.255.255 239.0.0.0/8
Default IKE phase 1 lifetime
24 hours
The IP translation table times out and clears dynamic TCP connection entries from the translation table after how long?
24 hours
Default setting from STP script for Primary/Secondary
24577/28673
RFC for Single-rate three-color poilcer
2697
A transmitter is configured to use a power level of 17 mW. One day it is reconfigured to transmit at a new power level of 34 mW. How much has the power level increased, in dB?
3 dB
How frequently does PIM-DIM prune
3 minutes
802.1W vs D Port Roles
3 vs 4
What is the default PIM-SM DR Hold Time
3.5 Seconds
How frequent do CAPWAP heartbeats get sent
30 sec
How many bits is the Area ID in OSPF
32
How many bits is the MED
32
A centralized wireless network is built with 1 WLC and 32 lightweight APs. Which one of the following best describes the resulting architecture?
32 CAPWAP tunnels—1 tunnel from the WLC to each AP, with no IP subnet restrictions
What RFC defines OSPF
3509
The original 802.1D specification assigns what value to a 1 Gbps interface?
4
What is the code for Forbidden
403
What is the code for Not Found
404
A switch's STP priority can be configured in increments of ______.
4096
What is the DHCP Option for WLC discovery
43
What is the destination UDP port used by the LISP data plane?
4341
Port for Tacacs
49 TCP
EIGRP Summary AD
5
Which password type can only be cracked by brute force
5
The default EIGRP hello timer for a high-speed interface is ______.
5 seconds
Port used by IKEv1
500 UDP
802.1D vs W port states
6 vs 3
Min messages for IKEv1 vs V2
6/9 vs 4
How often does a C-RP announce its willingness by default?
60 sec
OSPF T1 Cost
64
Which of the following autonomous systems are private? (Choose two.)
64,512-65,535 4,200,000,000-4,294,967,294
Private ASN numbers
64512 - 65535 (16 bit), 4200000000 - 4294967294 (32 bit)
What else does AX bring
6Ghz, ability to transmit during same window of airtime
How many levels of priority in a PCP field
7, which is the highest
What RFC for IKEv2
7296
What's the 801.whatver for Macsec?
802.1AE
Types of Spanning Tree
802.1D PVST PVST+ RSTP MST
What iEEE spec is for the PCP Field
802.1p
Etherchannel Protocol
802.3AD
EIGRP uses the protocol number _______ to identify its packets.
88
OSPF V3 LSA Protocol ID
89
OSPF uses the protocol number ___________ for its inter-router communication
89
EIGRP (internal) AD
90
What RFC introduced NTP
958
What's a Drother
A DR-Enabled segment that is not the DR or BDR
What is an OSPF Area
A Logical grouping of router interfaces
What is First-Hop redundancy protocol
A VIP for a gateway on a team of routers or switches
You can run the WLC where
A WLC, a Switch, an AP
What is an Autonomous System?
A collection of routers under an org control
Which static route should be used to avoid unintentional forwarding paths with an Ethernet link failure?
A fully specified static route
What's a collection
A group of API's
What is an atomic-aggregate in BGP
A loss of routes due to summarization
What is a QoS Trust Boundry
A place where QoS classification / marking takes place
What is a virtual machine?
A software emulation of a physical server with an operating system
What is a virtual switch (vSwitch)?
A software version of a physical Layer 2 switch
VTP Off
A switch does not participate in VTP advertisements and does not forward them out of any ports either. VLANs are configured only locally
What happens to a switch port when a BPDU is received on it when BPDU guard is enabled on that port?
A syslog message is generated, and the port is shut down.
What is a Token Bucket in QoS
A way of granting a certain amount of tokens of bandwidth
What is Object Tracking
A way to track objects on network and take certain actions when something changes
Why are IS-IS and IGP recommended for SD-Access
Agnostic treatment of IPV4 vs IPV6 / no IP-Dependency for neighbor adjacency
Which routers in an OSPF area maintain a copy of the LSDB?
All
Two roles of GLBP
AVG / AVF
What amendment supported up to 1.2Gbps per spacial stream
AX
How to put in-place once added a AAA server
Aaa authorization exec Aaa authorization console
How to create an AAA group
Aaa group server tacacs+ Server name boom
Which Auth WPA modes support PSK and Enterprise?
All 3
Which of the following are features that can be disabled to improve the overall security posture of a router?
CDP LLDP
What is the name of an Area Router connected to the backbone
ABR
What's needed for COPP Policing
ACL / Policy Map / Class Map
Best Encryption Alt
AES
What comprises an address family
AFI + SAFI
Example of a QoS Markdown
AFx1 downgraded to AFx2
What is GTA
AKA CTA, or Cognitive Threat analytics, it analyzes web traffic and other data to identify sensitive data
What is the only tool useful throughout the entire attack continuum?
AMP
Some other IPS capabilities
API / Snort / ISE Integration / HA / Talos
OSPF V3 LSA Type 5
AS External - Redistribution
Type 5 LSA
AS External - Routes from outside OSPF that are being redistributed
BGP Path attributes
AS-Path, MED, Origin, Next Hop, Local Pref, Atomic Aggregate, Aggregator
What software is supported by Firepower appliances
ASA Image / NGIPS / FTD
Key Differentiator of TaCACS+ to Radius
Able to separate Auth and Authorization, can authorize repeatedly during a session
Heirarchical layers
Access / Distribution / Core
What is an ACE as it relates to an ACL
Access Control Entry
What two things does a Lightweight AP require
Access Layer switch access, WLC connectivity
Which of the following AAA functions can help log the commands executed by a user on a network device?
Accounting
Fifth BGP Step
Activate Address Fam for Neighbor - neighbor ip-address activate
What does AVF stand for
Active Virtual Forwarder
What does AVG stand for
Active Virtual Gateway
How to calculate connection score on WLC
Actual connection rate divided by potential
Where do you chain multiple VNF together in ENFV?
Add Services window
Well how do we get it to include that
Add encapsulation replicate to the end
OSPF V3 Step 4
Address-family "ipv6/ipv4
What 3 tables used by BGP
Adj-RIB-In / Loc-RIB / Adj-RIB-Out
What's the downside of staticly setting the RP?
Admin Overhead
After attack tools
Advanced Malware Protection / Behavior Analysis / Security Analytics
Before the attack tools
Advanced Malware Protection / NGFW / NAC
WTF is Puppet Bolt
Agentless version of Puppet
What does LISP address
Agg / routing / multi-homing
How to prevent loopbacks or other networks from being distributed via BGP
Aggregate address 192.168.0.0 255.255.0.0 summary only
How to do route summarization on BGP for IPV4 and IPV6
Aggregate-address 192.168.0.0 255.255.0.0
What is Yang format
All curly, but structured kind of like XML, but it is heirarchical
What is shown in the "Mobility State"?
All devices in chain, IP's, wifi type, Model Numbers, AP number, WLC
One main benefit of EEM
All in one device
Which of the four methods of BGP Route Policy Processing use an implicit deny?
All of them
What happens when the route map route-map QUESTION permit 20 does not contain a conditional match statement?
All routes are accepted.
When PSK authentication is used on a WLAN, without the use of an ISE server, which of the following devices must be configured with the key string? (Choose two.)
All wireless clients
QAM alters which of the following aspects of an RF signal? (Choose two.)
Amplitude Phase
Which one of the following has the shortest effective range in free space, assuming that the same transmit power level is used for each?
An 802.11a device
What is the safest way to configure SNMP
An ACL
What is a clean air interferer
An AP that is generating interference
What is the most resiliant design for MultiHoming
An IBGP between two internal routers in one AS, two external routers each with their own AS
Which of the following unique features is true in an embedded wireless network architecture?
An access layer switch can also function as a WLC.
What is a BGP Community
An additional capacity for tagging routes
What is unplanned internal transit connectivity
An internal router serving as a jump point for another internal router that was unexpected
What is a container?
An isolated environment where containerized applications run
A client roams from controller A to controller B. If it undergoes a Layer 3 roam, which one of the following best describes the role of controller A?
Anchor controller
What AP info can you see
CDP Data, IP, State, Connections, Status, Air Quality, Capabilities speed, Mac, Serial, Usage etc.
Which of these tools are agentless in operation? (Choose three.)
Ansible Puppet Bolt Salt SSH
What configuration management software is built on Python? (Choose two.)
Ansible SaltStack
Ansible CLI Commands
Ansible / Ansible-playbook / sansible-docs / ansible-pull / ansible-vault
Token Bucket Algorithms
CIR, TC, BCC, Token, Token Bucket
How to manage ASA
CLI/CSM/ASDM/CDO
What is in IKEv2 IKE_Auth
Certificates and Identities, established IKE SA, MM5-MM6 and QM1-QM2
What does Online mean in WLC Status for a client
Device has passed Layer 2 and Layer 3 shtufff
What is the authenticator
Device providing access
What is the Supplicant
Device requesting access
Common EAP methods
Challenge-based / TLS / Tunneled / Inner
Why would you clear BGP
Change in routes needs to be reset
What do the Tabs in Postman do
Each can be a different API call to a different device, or the same device
True or false: In a large Layer 2 switch topology that is running RSTP, the infrastructure must fully converge before any packets can be forwarded.
False
True or false: In a large Layer 2 switch topology, the infrastructure must fully converge before any packets can be forwarded.
False
True or false: OSPF is only enabled on a router interface by using the command network ip-address wildcard-mask area area-id under the OSPF router process.
False
True or false: OSPF uses the shortest total path metric to identify the best path for every internal OSPF route (intra-area and interarea).
False
True or false: OSPFv3 support for IPv4 networks only requires that an IPv4 address be assigned to the interface and that the OSPFv3 process be initialized for IPv4.
False
True or false: On a brand-new router installation, OSPFv3 requires only that an IPv6 link-local address be configured and that OSPFv3 be enabled on that interface to form an OSPFv3 neighborship with another router.
False
True or false: Only a single vSwitch is supported within a virtualized server.
False
True or false: Python is considered one of the most difficult programming languages to learn and adopt.
False
Where should traffic be classified
Close to the edge
What does the Web Security Appliance do during an attack
Cloud Access Security (broker) / Parallel AV Scanning / File Reputation / DLP
What can Ansible Do
Cloud Provisioning / Deployment of Apps / Config Management
What does Root Guard do
Configured at the port level, prevents a switch from becoming root
When does BGP do a 3-way handshake?
Connect
What does a Fabric Border Node do
Connect L3 networks to fabric
How are multiple radios used
Connect multiple users, or team-up on single users
True or false: SD-WAN only works over the Internet or MPLS networks.
False
True or false: SGT tags extend all the way down to the endpoints.
False
True or false: The DiffServ field is an 8-bit Differentiated Services Code Point (DSCP) field that allows for classification of up to 64 values (0 to 63).
False
What happens to existing passwords when you type service password encryption
Nada
True or false: The IPv4 address family must be initialized to establish a BGP session with a peer using IPv4 addressing.
False
True or false: The MST configuration version is locally significant
False
True or false: The MST root bridge advertises the VLAN-to-instance mappings to all other MST switches.
False
True or false: The OSPF process ID must match for routers to establish a neighbor adjacency
False
True or false: The VXLAN header used for SD-Access is exactly the same as the original VXLAN header.
False
True or false: The VXLAN specification defines a data plane and a control plane for VXLAN.
False
True or false: The advertised path cost includes the advertising link's port cost as part of the configuration BPDU advertisement.
False
How to use a route map on a neighbor
Neighbor 10.10.20.50 route-map filter5 in
True or false: The command aaa authorization exec default group ISE-TACACS+ if-authenticated enables authorization for all terminal lines on the router, including the console line.
False
How to enable Communities in BGP
Neighbor ip-address send-community standard
True or false: The router with the highest IP address is the designated router when using a serial point-to-point link.
False
What is Recursive Routing
OSPF advertising the tunnel endpoint address across the tunnel
True or false: The vSmart controller establishes permanent and IPsec connections to all SD-WAN routers in the SD-WAN fabric.
False
True or false: Traffic classification should always be performed in the core of the network.
False
True or false: When an ABR receives a network LSA, the ABR forwards the network LSA to the other connected areas.
False
field that allows for classification of up to 64 values (0 to 63).
False
Will Equal Cost Multipathing only LB across the same protocol?
False, beoch
802.11R does what
Fast Roaming, pre-authenticates with nearby AP's in prep for a roam
Benefit of PAgP Non-Silent Mode
Faster
Commands to enable VRRP
Fhrp version vrrp v3 Vrrp 57 ipv4 Address 192.168.1.1 Priority 110 (optional) Track 57 decrement (optional)
The 16-bit TCI field is composed of which fields? (Choose three.)
Priority Code Point (PCP) Drop Eligible Indicator (DEI) VLAN Identifi er (VLAN ID)
Steps for a GRE tunnel
Interface tunnel 10 Tunnel source ethernet 1/1 Tunnel destination 64.150.12.252 Ip address 120.20.102.124 255.255.255.255 Bandwidth 10000 Keepalive 10
RFP Interface
Interface with lowest metric cost
How to enable Loop Guard
Interface\Spanning-tree guard loop
How to set port priority MST
Interface\Spanning-tree mst 0 port-priority 64
How to assign an interface to a security zone
Interface\Zone-member security outside
Configure OSPF on IOS for a specific interface
Interface\gigabitethernet Ip address 10.0.0.1 255.255.255.0 Ip ospf 1 area 1
How to set interface priority
Interface\ip ospf priority 255
How to set LACP port priority
Interface\lacp port-priority 1
Can you combine CBWFQ and LLQ
Hell yeah brother
OSPF V2/V3 Packet Types
Hello / Database Description / Link-state Request / Link-state Update / Link-state Ack
PIM Messages
Hello / Register / Register Stop / Join/Prune / Bootstrap / Assert / Candidate RP / State Refresh / DF Election
How to set OSPFV3 to P2p
Interface\ospfv3 network point-to-point
How to configure PAT
Ip nat inside source list acl interface ethernet1/1 (overload)
5 Types of OSPF Packets
Hello, Database Description (DBD/DPD), Link-State Request (LSR), Link-State update (LSU), Link-State ack
EIGRP Packet Types
Hello, Request, Update, Query, Reply
Virtual routing and forwarding (VRF) is useful with _____ addresses.
IPv4 and IPv6
The OSPFv3 hello packet uses the ___________ for the destination address.
IPv6 address FF02::5
How to configure pooled nat
Ip nat pool nat-pool10 192.168.1.10 192.168.1.20 prefix-length 24
How to set OSPF Dead-interval
Ip ospf dead-interval (seconds)
Which of the following parameters is useful for computing a client device's location with respect to an AP?
RSS
Prefix List example
Ip prefix-list inbound-prefix 1 permit 10.0.0.0/8 ge 22 le 26 Ip prefix-list RFC1918 seq 5 permit 192.168.0.0/13 ge 32
How to setup IP-SLA
Ip sla 1 Icmp-echo 192.168.1.1 source-interface loopback 0 End
How to schedule ip-sla
Ip sla schedule 5 life 300 start-time 10:10:5
OSPF V3 Step 1-3
Ipv6 unicast-routing Router ospfv3 Router ID
What happens if you choose both WPA and WPA2
Backwards Compatible
3 Leading cuases of quality issues
Bandwidth Latency / jittter Packet loss
What was Talos comprised from
Ironport / Sourcefire VRT, Cisco Threat Research Analysis and Com TRAC
What are antenna compared with
Isotropic antenna
How do location services work
RSS (Received Signal Strength) and Fingerprinting
How to show Etherchannel running L3 Up
RU - Routing / Up
Script to simplify root bridge set
Spanning-tree vlan "" root "primary/secondary" diameter
BPDU
Bridge Protocol Data Unit
What attributes are used to elect a root bridge?
Bridge priority
What is the LSA age field in the LSDB used for?
To age out old LSAs by removing an LSA when it reaches 3600 seconds
How are L2 QOS Marked
COS bits
What does CRUD stand for?
CREATE, READ, UPDATE, DELETE
What is the DevNet Community page used for? (Choose two.)
To ask questions To access DevNet ambassadors and evangelists
Which of the following best describe the hierarchical LAN design model? (Choose all that apply.)
It allows for easier troubleshooting. It is highly scalable. It provides a simplifi ed design. It offers improved performance. It allows for faster problem isolation.
What happens to a Type 1 LSA when it crosses into another area
It gets converted into a Type 3 LSA
STP Convergance Time on a down link
Max Age timer 20, BPDU 2, Listening State 15, Learning State 15 - 52 sec total
Max Age
Max age before a bridge port saves its BPDU Default 20
What is the main function of the vBond orchestrator?
To authenticate the vSmart controllers and the SD-WAN routers and orchestrate connectivity between them
Which are Cisco DNA Center components? (Choose three.)
Assurance Design Provision
In Python, why would you use three quotation marks in a row? (Choose two.)
To begin a multiple-line string To end a multiple-line string
How do you shortcut 0.0.0.0 255.255.255.255 in an ACL
Any
What does ASIC stand for in SD-Access
Application-specific Integration Circuits
How does IntServ work
Applications signal their requirements to the network
What is the last step in configuring Netflow
Apply it to an interface
How to do filtering with summarization
Area "area ID" range "network/mask" not-advertise
How to do Area Filtering
Area "area-id" filter-list prefix "prefix list name" in/out
Command to do interarea summarizaiton
Area "area-id" range network subnet-mask cost "metric"
What does ISE do for this whole shitshow
Aside from standard ISE stuff, group-based policy programming, Scallable group assignment, info to NCP/NDP
A Cisco WLC is configured for 802.1x authentication, using an external RADIUS server. The controller takes on which one of the following roles?
Authenticator
Which of the following is a group-to-RP mapping mechanism developed by Cisco?
Auto-RP
How to set a higher cost metric for OSPF
Auto-cost reference-bandwidth mbps
Ways that AP's can failover
Automatically Config secondary/tertiary (more controlled)
What is an Anchor in a WLC
Automatically chosen, it's the controller to which you associate, can be chosen i/e. for guest
Benefits of SD-Access
Automation, Network Assurance and Analysis, Host Mobility, Policy Enforcement, Secure Segmentation, Network Virtualization
What does AS stand for
Autonomous System
What is an EIGRP AS
Autonomous system
What 802.11 wifi standard supported up to 11mbps
B
Which of these commands are available to a user logged in with privilege level 0?
disable enable exit logout
Path Vector Algorithm
BGP
What protocol is typically used by ISP to route MPLS traffic
BGP
Which of the following routing protocols is classified as an EGP?
BGP
What is in an Open Message
BGP Version/ASN/Hold Time, BGP Id
Hello Time
BPDU advertise time, default is 2 Forward Delay
When a client moves its association from one autonomous AP to another, it is actually leaving and joining which one of the following?
BSS
What is special about Area 0
Backbone area, uplink
What frameworks are supported by Chef
Bash / Minitest / Rspec / Serverspec
When using the Cisco DNA Center Token API, what authentication method is used?
Basic authentication
What is the recommended QoS Bc value
Bc should be larger or equal to the largest IP packet
TxBF stands for what
Beamforming
What does 3 Quotation marks in Python indicate
Beginning and End to a Multi-Line string
Distance vector algorithms
Bellman Ford / Ford-Fulkerson
Three QoS smodles
Best Effort integrated services (InServ) differentiated services (DiffServ)
Which of the following is not a QoS PHB?
Best Effort (BE)
What does BFD stand for
Best Forwarding Direction - works with On-Ramp
Second (optional BGP step)
Bgp router-id ""
What does BPDU Filter do?
Blocks BPDU's from transmitting out of a port
How to remotely run a script in Bolt
Bolt Script Run
How to run a command in Puppet Bolt
Bolt command run
How to see bolt tasks running
Bolt task show
AP States
Boot / WLC Discovery / CAPWAP / WLC Join / Image / Config / Run
What is a QoS Shaper
Buffer and delay peaks
Sections of Postman
Builder / history / Collections / New Tab / URL Bar
Upon receipt of a configuration BPDU with the topology change flag set, how do the downstream switches react?
By fl ushing out all old MAC addresses from the MAC address table
How is the process of summarizing routes on an OSPF router accomplished?
By using the OSPF process confi guration command area area-id range network subnet-mask
Ways Cisco simplifies Auth during roam
CCKM / Key Caching / 802.11r
The _________ can be directly correlated to the MAC address table.
CAM
What are the current queuing algorithms for Rich-media networks
CBWFQ or LLQ
Which of the following is used to cache authentication key information to make roaming more efficient?
CCKM
What does CAC stand for
Call adminssion control
Benefit of Manual SD-Access Underlay
Can customize / specialize, i.e. use OSPF
Diff between two-rate three color and single-rate three-color
Can have two different drop rates on top of everything else. Buckets have different uses
Benefit of Flexible Netflow
Can monitor multiple flows Can reuse config
Benefit of PCI Passthrough vs SR-IOV
Can share pNIC's
What is Flex Auth
Can try to do multiple auth at a time vs. waiting sequentially
What is a C-RP
Candidate Rondezvous Point
Drawback of IntServ
Cannot scale well on large networks
What is ERSPAN for?
Capturing packets from one device and sending the capture across a Layer 3
Chapter 10
Chapter 10
Chapter 11
Chapter 11
Chapter 12
Chapter 12
Chapter 13
Chapter 13
Chapter 14
Chapter 14
Chapter 16
Chapter 16
Chapter 17
Chapter 17
Chapter 18
Chapter 18
Chapter 19
Chapter 19
Chapter 2
Chapter 2
Chapter 20
Chapter 20
Chapter 21
Chapter 21
Chapter 22
Chapter 22
Chapter 23
Chapter 23
Chapter 24
Chapter 24
Chapter 25
Chapter 25
Chapter 26
Chapter 26
Chapter 27
Chapter 27
Chapter 28
Chapter 28
Chapter 29
Chapter 29
Chapter 3
Chapter 3
Chapter 4
Chapter 4
Chapter 5
Chapter 5
Chapter 6
Chapter 6
Chapter 8
Chapter 8
Chapter 9
Chapter 9
Chapter 15
Chaptr 15
What are the SD-WAN Control Plane Policies
Chining, Traffic engineering, segmentation
What are the tiers
Choice / Leaf / Type / Enum
What does the LACP master get to do
Choose which member interface is active
Two Components of SD-Access
Cisco Campus Fabric Solution / Cisco DNA Center
What does CCKM stand for
Cisco Centralized Key Management
What does SD-Access build on
Cisco DNA
Which platform plays the role of the orchestrator in Cisco's Enterprise NFV solution?
Cisco DNA Center
What is CDO
Cisco Defense Orchestrator
The Cisco security architectural framework is known as ______.
Cisco SAFE
What is CSM
Cisco Security Manager
Which of the following relies on NetFlow data for security analysis?
Cisco Stealthwatch
Which of the following is the Cisco threat intelligence organization?
Cisco Talos
What's a CS
Class Selector
4 kinds of PHB
Class Selector (CS) Default Forwarding (DF) best effort Asssured Forwarding (AF)Guaranteed Expedited Forwarding (EF)Low Delay
What does CBWFQ stand for in QoS
Class-based weighted fair queuing
Which of the following are the recommended congestion management mechanisms for modern rich-media networks? (Choose two.)
Class-based weighted fair queuing (CBWFQ)
Which of the following three phases are defined by Cisco TrustSec?
Classifi cation Enforcement Propagation
How to clear BGP
Clear ip bgp 10.1.10.1 soft
How to force DR election process
Clear ip ospf process
How to clear PAGP counters
Clear pagp counters
What does Key Caching stand for
Client maintains keys and they are used to associate with other AP's
Architecture of AMP
Cloud/Connectors/endpoints/networks/email/web/meraki
Which technologies are used to deploy a simplified campus design?
Clustering technologies Stacking technologies Virtual switching systems (VSSs) StackWise
Which of the following features was developed specifically to protect the CPU of a router?
CoPP
Common uses for Netconf
Collect status of specific fields Change Configuration of certain fields Taking Admin Action Send Event Info Backup/Restore Config Testing Config before finalizing
What does StealthWatch do?
Collector/Aggregator/analysis/monitoring/analytics
Transform Set
Combination of protocols and algorithms
Root Path Cost
Combined cost for a specific path
What is Prefix Matching
Combining standard ACL with some Regular Expressions
What things does SaltStack listen for?
Command-Line Config / Disk memory processor util / Status of Services
What does Bc stand for in QoS
Commited Burst Size (bytes)
What does CIR stand for
Commited Information Rate
What does CIR Stand for in QoS
Commited Information Rate (bps)
What does Tc stand for in QoS
Commited Time Interval (Ms)
What does Tc stand for? (Choose two.)
Committed time interval Bc bucket token count
How to configure Inside Static NAT
Configure ip nat outside on outside interface, ip nat inside on inside interface and ip nat inside source static 192.168.1.1 192.168.10.1
What are the concepts behind Ansible
Consistent / Secure / Reliable / Easy
Components of vBond
Control Plane Connection / NAT Traversal / Load Balancing
5 roles of the Fabric Overlay
Control Plane Node / Fabric Border Node / Fabric Edge Node / Fabric WLAN Controller / Intermediate Nodes
What are the 3 planes of the SD-Access Fabric
Control Plane(LISP) / Data Plane(LAN/VXLAN) / Policy Plane (Trustsec)
What goes over IKE
Control plane and data plane traffic for IPSec
How to apply policy to Control Plane
Control-Plane \ service-policy input COPP Policy
Module is to Puppet as what is to Chef
Cookbook
Steps to ERSPAN
Create session Name session Define source Define destination
IGMP V3 Exclude does what?
Creates a list of those who do not want to be included in the multicast
What is in IKEv2 IKE_SA_INIT
Crypto / Alg / DH, MM1-MM4
Ways to encrypt traffic of VRE
Crypto Maps/Ipsec profiles
Commands for a VPN
Crypto isakmp policy 10 Auth pre-share Hash sha256 Enc aes Group 14
Things server auth supports that local does not
Customization / User Acceptance pages / VLAN assignment / DACL / Posture / Reg
What capabilities does ESA have
Threat Intel / Reputation / Spam / Phishing / Machine Learning / Domain Protection / Malware / Graymail / URL / URL Re-Write / Top Users / Top URL's / Encryption
Which of the following are encryption protocols that should be avoided? (Choose two.)
DES GCM
One possible issue with intercontroller roaming
DHCP
Based upon Classification
DIffServ
What controllers are required for SD-Access
DNA / ISE
What's on the Controller layer of SD-Access
DNA Center / ISE
What is on the Management Layer of SD-Access
DNA Center GUI / Base Automation
ENFV Architecture
DNA Center on top, VNF's below, Physical stuff on the bottom
OSPF Server Roles
DR / BDR / Drother
What is it called when devices adjust modulating and coding schemes based upon RSSI and SNR
DRS
How are L3 marked
DSCP / IPP
What language does Puppet use
DSL
Types of spread-spectrum categories
DSSS / OFDM
Enhanced distance vector algorithm
DUAL
For Netflow, what two things must be configured
Data Capture / Data Export
What does NDP do
Data analysis and provide input for changes to be made by NCP and ISE
Which of the following are Cisco SAFE's PINs in the network? (Choose all that apply.)
Data center Branch office Edge Campus Cloud WAN
Forwarding of network traffic from a Layer 2 perspective uses what information?
Destination MAC address
What is the command to debug OSPF Hello issues
Debug IP OSPF Hello
What is the command to debug OSPF Adjacency issues
Debug IP OSPF adj
How to troubleshoot events
Debug event manager all
How to debug an interface and IP
Debug interface loopback1 Debug ip packet 100
What is NBAR2
Deep packet inspection for L3 to L7
What is DF
Default Forwarding, for that which is not-applicable
PAGP Silent mode is to
Default, for connecting etherchannel and non-PAgP capable
How to do an OSPF Default Route
Default-information originate
How to RSPAn
Define RSPAN VLAN Monitor with the destintation being that vlan
How does BGP communicate with neighbors
Defined by IP Addresses
What is IP SLA used to monitor? (Choose four.)
Delay Jitter Packet loss Voice quality scores
4 workflows of SD-Access
Design / Provision / Policy / Assurance
All of the ports on a root bridge are assigned what role?
Designated port
Forwarding of network traffic from a Layer 3 perspective uses what information?
Destination IP address
Most popular
DiffServ
What model is more scalable
DiffServ
Which of the following is the most popular QoS implementation model?
DiffServ
Algorithm used by OSPF
Dijkstra
Types of Static Routes
Directly Connected / Recursive / Fully Specified
What can 0 do
Disable / enable / exit / help / logout
802.1D Port States
Disabled/Blocking/Listening/Learning/Forwarding/Broken
802.1W RSTP Port States
Discarding/Learning/Forwarding
What does a VTEP do
Discover VNI over the L3 network
Which one of the following comes first in a lightweight AP's state machine after it boots?
Discovering WLCs
What antenna has the smallest degree of spread
Dish
Which of the following antennas would probably have the greatest gain?
Dish
EIGRP Reported Distance
Distance reported by a router to reach a prefix
What are the four methods of BGP Route Policy Processing
Distribute List, Prefix List, AS Path ACL/Filtering, Route maps
How to filter network prefixes by neighbor
Distribute list filtering
How to do Local Filtering
Distribute-list "acl-number|acl-name|prefix "prefix-list-name | route-map "route-map name
A ___________ forwarding architecture provides increased port density and
Distributed
What is the purpose of a Passive OSPF interface
Does not send advertisements
Shortcoming of Distance Vector
Does not take into account speed
Downside of Auth Header
Doesn't support encryption or NAT-T
What's DSL
Domain Spacific Language
Why do Crypto Maps suck
Don't support MPLS natively, complex,
OSPF Neighbor States
Down/Attempt/Init/2-Way/ExStart/Exchange/Loading/Full
What's DEI
Drop Eligible Indicator
What is a QoS Traffic Policer?
Drop or re-mark incoming or outgoing traffic beyond a rate
Etherchannel destination hashes
Dst-ip/dst-mac/dst-mixed-ip-port/dst-port
Requirements for an ASN
Dual ISP, Public IP's, Need
What is the Auth Sever
Duh
What does DRS stand for
Dynamic Rate Shifting
2 ways to classify sgt tags
Dynamically or statically
What is Talos
Threat Intel Org / team of security experts
Which one of the following is used as the authentication method when 802.1x is used on a WLAN?
EAP
What is eap chaining?
EAP FAST can auth both machine and user in one auth request
Which of the following EAP methods supports EAP chaining?
EAP-FAST
Enhanced Distance Vector Routing Protocol
EIGRP
Unequal-Cost Load Balancing
EIGRP can LB over unequal-cost links, uses ratio based on metric to determine split
How does an EIGRP router indicate that a path computation is required for a specific route?
EIGRP sends out an EIGRP query with the delay set to infinity.
Where can you host NFVIS?
ENCS / CCSP / Cisco 4000 ISR / UCS C-Series
What is Traffic Copy?
ERSpan for monitoring between two entities
Diff between VM and Containers
Each VM needs a Host OS, containers all share a host OS
What is in the Internet Edge block
Ecommerce, Remote Branches, VPN, Cloud Provider Connectivity
Diff between a Fabric Border Node and Fabric Edge Node
Edge Node is for Wired edge devices, Border Node is like an Aggregate or Distribution switch
802.1W Port Types
Edge/Root/P2P
What does EITP stand for
Effective isotropic radiated power
What does ETR / ITR stand for
Egress / Ingress Tunnel Router
What does RESTCONF use, XML or JSON?
Either
What must a Edge Node be
Either a switch or router in the Overlay
What is an EM
Element Manager
What is a Cisco ESA
Email Security Appliance
What is EEM
Embedded Event Manager
What is an EPC
Embedded Packet Capture
How can you avoid flooding of multicast frames in a Layer 2 network?
Enable IGMP snooping
What is IGMP snooping
Enabled on a switch to manage multicast traffic
Which of the following issues does MST solve? (Choose two.
Enables traffic load balancing for specific VLANs Reduces the CPU and memory resources needed for environments with large numbers of VLANs
Uplink MacSec vs Downlink
Endpoint to switch vs switch to switch
Two kinds of Stealthwatch
Enterprise / Cloud
What is ENFV
Enterprise Network Function Virtualization
Which types of network environments was SD-Access designed for?
Enterprise campus and branch
What protocol options are there
Eq / lt / gt
How to enable BPDU Guard Recovery
Errdisable recovery cause bpduguard
Diff between SNMP V1 and V2c
Error Handling
Difference between rspan and erspan
Erspan can route
What is SD-WAN vSmart Controller
Establish DTLS tunnels, establish OMP neighbors, calculate routes, Control Plane Policies
What does ECN stand for
Explicit Congestion Notification
What is ETSI
European Telecommunications Standards Institute
What does FMC do
Event and policy management
Two primary building blocks of EEM
Events and Actions
How frequent are AFI and SAFI packets sent
Every Advertisement
3 color types of traffic
Exceed / Conform / Violate
What does Be stand for in QoS
Excess burst
What can 1 do
Exec Mode only
Which of the following is not a QoS implementation model?
Expedited forwarding
True or false: For MED to be used as a selection criterion, the routes must come from different autonomous systems.
False
True or false: IGMPv3 was designed to work exclusively with SSM and is not backward compatible with PIM-SM.
False
Definition of EGP
Exterior Gateway Protocol
OSPF V3 Multicast AllSPFRouters
FF02::05:
OSPF V3 Multicast DR
FF02::06:
What do you call the first router after a Multicast source
FHR (First Hop Router)
Tech your Distribution layer should support
FHRP's
True or false: When PIM is configured in dense mode, it is mandatory to choose one or more routers to operate as rendezvous points (RPs).
FalsE
Ansible uses the TAML syntax, which starts with three dashes (---), in the creation of playbook files.
False
The traceroute command tries 20 hops by default before quitting.
False
True or false: A BGP session is always one hop away from a neighbor.
False
True or false: A default route advertised with the command default informationoriginate in OSPF will always appear as an OSPF inter-area route.
False
True or false: A member router contains a complete copy of the LSDBs for every area in the routing domain.
False
True or false: A router with an interface associated with Area 1 and Area 2 will be able to inject routes learned from one area into another area.
False
True or false: An NTP client can be configured with multiple NTP servers and can synchronize its local clock with all the servers.
False
True or false: BGP advertises all its paths for every prefix so that every neighbor can build its own topology table.
False
True or false: BGP supports dynamic neighbor discovery by both routers.
False
True or false: Cisco DNA Center Assurance can only manage routers and switches.
False
True or false: Configuring network components by using the CLI is considered the fastest approach when dealing with a large number of devices.
False
True or false: Containers do not need vSwitches to communicate with each other or with the outside world.
False
True or false: EIGRP summarization occurs for network prefixes as it crosses all network interfaces.
False
True or false: ETRs are the only devices responsible for responding to map requests originated by ITRs.
False
How do you enable OSPFv3 on an interface?
Use the command ospfv3 process-id ipv6 area area-id under the interface.
What is a FPGA in SD-Access
Field Programmable Gate Array
What does FDM stand for
Firepower Device Manager
What does FMC stand for
Firepower Management Center
What does FHRP stand for
First Hop Redundancy Protocol
What does FHRP stand for
First Hop Routing Protocol
EIGRP uses _______ packet types for inter-router communication.
Five
OSPF uses ___________ packet types for inter-router communication.
Five
Which of the following allows for matching key fields?
Flexible NetFlow
What happens when an OSPF Router adds or removes a directly connecte dnetwork link
Floods LSA out all activer OSPF interfaces
What are the optional Stealthwatch components
Flow Sensor UDP Director
What are the core components of Stealthwatch
Flow Sensor / Flow Rate License / Flow Collector / Management Console
Which of the following are required to configure Flexible NetFlow? (Choose three.)
Flow exporter Flow record Flow monitor
EIGRP Feasibility condition
For a route to be considered as a backup route, reported distance received must be < feasible disance
FIB
Forward information base
CEF is composed of which components? (Choose two.)
Forwarding Information Base/Adjacency table
What is FSPL?
Free Space Path Loss
If a lightweight AP needs to download a new software image, how does it get the image?
From a WLC
How to use IP-SLA to monitor a website
From the IP-SLA context type: Get http http://192.168.1.10
What amendments supported up to 54mbps
G and A
Which of the following FHRPs supports load balancing?
GLBP
What method does ICV use
GMAC
Which of the following is considered to be the best first step in troubleshooting a wireless problem?
Gather more information to fi nd the scope of the problem
NETCONF Operations
Get / get-config / edit-config / copy-config / delete-config
Commands to setup GLBP
Glbp 57 ip 192.168.1.1 Glbp 57 preempt (optional) Glbp 57 priority 10 (optional) Glbp 57 timers 10 (optional) Glbp 57 auth password10 (optional) Glbp 57 load-balancing "" (optional)
Steps for WLAN wizard
Go to WLAN and create new, then walk through general, secrity, qos, policy-mapping and advanced
What happens if CEF cant' handle it
Goes to CPU
Which field was added to the VXLAN header to allow it to carry SGT tags?
Group Policy ID
What does Anyconnect do besides VPN
HIP, Umbrella tunneling
Which of the following FHRPs are considered Cisco proprietary? (Choose two.)
HSRP
What are some FHRP's
HSRP, VRRP, GLBP
What are three types of FHRP's
HSRP, VRRP, GLBP
Which controller to join
Have I joined it before? If multiple that I have joined, which is less crowded
What is ASA
Old School
Does BGP Prioritize newer or older routes
Older
A receiver picks up an RF signal from a distant transmitter. Which one of the following represents the best signal quality received? Example values are given in parentheses.
High SNR (30 dB), high RSSI (−55 dBm)
How to show unequal cost load balancing ratios
Ho ip route x.x.x.x
How do you shortcut 192.168.1.1 0.0.0.0 in an ACL
Host 192.168.1.1
What is a Host Pool
Hosts assigned to an IP Pool, hosts have SVI and use EID's to map
What does the vBond Orchestrator do
Hosts the Public IP for connections, authenticates, orchestrates connectivity
What's a Scalable Group
Hosts with similar policies Host pools and Scalable Groups map up
What is the main difference between IGMPv2 and IGMPv3?
IGMPv3 introduced a new IGMP membership report with source fi ltering support.
What are the three BGP Origin types in order of preference
IGP / EGP / Incomplete
Other names for an RFP Interface
IIF (incoming interface) Upstream interface
IKEv2 Exchange 2
IKE_Auth
IkeV2 Exchange 1
IKE_SA_INIT
What does IPP stand for
IP Preference
Which of the following destination addresses does EIGRP use when feasible? (Choose two.)
IP address 224.0.0.10 MAC address 01:00:5E:00:00:0A
What destination addresses does OSPF use, when feasible? (Choose two.
IP address 224.0.0.5 / MAC address 01:00:5E:00:00:05
How to see top 10 talkers in netflow
IP flow-top-talkers Top 10
Set OSPF Hello Timer
IP ospf hello-interval (seconds)
IPV6 how to setup
IPV6 unicast routing Ipv6 route x:x:x::x:2930:fb9:13:30
What are the recommended routing protocols for the Underlay network
IS-IS / IGP
LISP Data Path
ITR sends map request to MR on Port 4342, request goes to MS, MS forwards to ETR, ETR talks to the ITR
Third BGP step
Identify a neighbor IP neighbor "ip-address" remote-as ""
What does IBNS stand for
Identity Based Network Services
BGP Neighbor States
Idle / Connect / Active / OpenSent / OpenConfirm / Established
BGP Order of Operation
Idle / Connect / Open Sent / Open Received / Open Confirm / Established / Updates
What's better for ensuring DR Placement, RID or Interface Priority
Interface Priority
Root Port
Interface associated with lowest path cost
Order of ACL operation Routed (across VLaN's)
Inbound PACL / Inbound VACL / Inbound ACL / Outbound ACL / Outbound VACL
Order of ACL Operation Bridged Traffic (same vlan)
Inbound PACL / Inbound VAcL / outbound VACL
IGMP V3 Modes
Include and Exclude
Fully Specified Static Route
Includes both Next Hop IP and Interface
TrustSec Phases
Ingress Classification / Propogation / Egress Enforcement
Con's of PACL
Ingress only / no L2 / Hardware only / no IPV6/ARP/MPLS
Fourth BGP step
Initialize the address family - address-family "afi / safi"
2 ways to propogate an SGT Tag
Inline / SXP
NAT address types
Inside local / inside global / outside local / outside global
When a type 3 LSA is received in a nonbackbone area, what does the ABR do?
Installs the type 3 LSA for only the area where it was received
With MST, VLANs are directly associated with ______
Instances
Which of the following is the QoS implementation model that requires a signaling protocol?
IntServ
What's an ICV? Insane Clown Vossie?
Integrity Check Value
OSPF V3 LSA Type 4
Interarea Router - AS Boundry Routers
OSPF V3 LSA Type 3
Interarea prefix - ABR Only
How to modify an STP cost
Interface "" \Spanning-tree cost ""
Definition of IGP
Interior Gateway Protocol
Typical traffic descriptors
Internal Layer 1 Layer 2 Mac 802.1q/p Layer 2.5 MPLS Layer 3 IP / DSCP / IPP Layer 4 Ports Layer 7Application
Types of Local Web Auth
Internal DB on WLC Exernal DB on Radius or LDAP server External redirect after auth External splash page
What does MST IST stand for
Internal Spanning Tree
Transit routing between a multihomed enterprise network and a service provider is generally not recommend in which scenarios? (Choose all that apply.)
Internet connections at data centers Internet connections at branch locations MPLS branch locations
What are some well known BGP Communities
Internet, No_Advertise, No_Export
OSPF Route Types
Intra-Area "O", interarea "O IA"
Ten lightweight APs are joined to a wireless LAN controller. If a client roams from one of the APs to another, which one of the following correctly describes the roam?
Intracontroller roaming
Which of the following provides the most efficient means for roaming, as measured by the time to complete the roam?
Intracontroller roaming
What's a Wildcard mask
Inverted, 255.255.255.0 = 0.0.0.255
How to define an extended ACL
Ip access-list extended 28 outbound-list 1 permit ip host 192.168.1.4 host 255.240.0.0 2 permit ip 10.0.0.0 0.0.255.0 255.255.255.0 0.0.0.0
How to do PACL
Ip access-list extended PACL Interface\ip access-group PACL in
How to define a standard ACL
Ip access-list standard 27 inbound-list 1 permit 192.168.1.4 255.255.255.255 2 deny 192.168.1.0 255.255.255.0
How to show communities in new format
Ip bgp-community new-format
How to create a community list
Ip community list 57 standard inbound_list permit 333:333
How to configure netflow
Ip flow-export version 9 Ip flow-export destination 192.168.1.1 Interface ethernet1/1 Ip flow ingress
If an AP tries every available method to discover a controller but fails to do so, what happens next?
It reboots or starts discovering again.
What does an FHR do when an attached source becomes active and there are no interested receivers?
It unicasts encapsulated register messages to the RP and stops after a register stop from the RP.
What does JSON stand for
Java Script Object Notation
What does JSESSIONID stand for
Java Session ID
What kind of Virtualization does NFVIS support
KVM
What's one reason to run conditional Debug
Keep older devices from crashing
What are some of the benefits of Puppet Forge and GitHub? (Choose all that apply.)
Keeping track of various versions of code Knowing which developers are involved with code revisions Collaborating with other developers and sharing code Increasing the speed in working on software projects
How does JSON annotate an object and its attribute?
Key / Value
What command uploads from a workstation to a Chef server
Knife
What is a vSwitch
L2 switch
Where are root switches normally placed
L2/L3 Boundries
How to set LACP system prioirty
LACP System-Priority 1
What do you call the last router before and endpoing
LHR (Last Hop Router)
Which is the control plane used by SD-Access?
LISP control plane
OSPF Advertisement called what
LSA
What happens if an LSA Sequence number received is greater than one in the LSDB
LSA gets processed
OSPF Database is called
LSDB
Which of the following are the leading causes of quality of service issues?
Lack of bandwidth Latency and jitter Packet loss
lACP how to set Max bundles
Lacp max-bundle ""
How to enable fast LACP Packets
Lacp rate fast
Which of the following are part of the YANG model?
Leaf Container
Benefit of QoS 3 color
Less retransmits, more efficient use of AFx1, AFx2, AFx3 etc
What are they
Lightweight / autonomous
What are the PPDIOO lifecycle components?
Prepare, Plan, Design, Implement, Operate, Optimize
How does BGP prevent loops
Prepending ASN then checking for it again
How to apply an ACL to a VTY
Line vty 0 4 Access-class 1 in
How to configure just SSH on a VTY
Line vty 4 \ Transport input ssh
OSPF V3 LSA Type 8
Link
OSPF is what kind of routing protocol
Link State / IGP
What does LSR stand for
Link State Request
Etherchannel common issues
Link has only two devices/ports all active/staticaly set to on, one active/consistancy/receipt on both sides
What does LACP Passive do
Link only responds to an LACP initiation, does not initiate
What is service chaining
Linking a few NFV's into a logical group
. Which of the following is not an RSTP port state?
Listening
Benefit of Auto-RP
Load-spligging across diff RP's Eawsy to use multiple RP's Prevents inconsistancies
What is the name of the BGP RIB table
Loc-RIB
2 kinsa of webauth
Local / server
Which of the following techniques is the second selection criterion for the BGP best path?
Local preference
Cisco AP modes
Local/Monitor/FlexConnect/Sniffer/Rogue Detector/Bridge/Flex+Bridge/SE-Connect
What does LISP stand for?
Location/ID Separation Protocol
How to set logging buffer size
Logging buffer 10000
How to ship logs
Logging host 192.168.1.1 Logging trap 7
Another issue that can cause reservation delays
Long distances
What is Multi-Hop technology
Looks up one routing table, then the next, then the next
Common use of Static Null Route
Loop Prevention
What is an OSPF Discard route for
Loop prevention
How to set Router ID
Loopback ID
Drawback of COS Markings
Lost when they leave an 802.1q link
What does the NCP do?
Lots, overlay, underlay, orchestration, status
An omnidirectional antenna usually has which of the following characteristics?
Low gain Large beamwidth
As a tiebreaker, does BGP prefer the lower or higher IP address of a peer
Lower
What is IPV6 BGP
MBGP
What is Type 5
MD5 Hash
Where is Multicast forwarding information stored
MFIB (Multicast Forwarding Information Base)
How many Main Mode messages
MM1-MM6
How are L2.5 marked
MPLS EXP bits
What does DNA Center do
Machine Learning to find issues, can go back to issues that occurred in the past
And MKA
Macsek Key Agreement
How to search a user in DNA
Magnifine Glass
Which of the following is the message exchange mode used to establish an IKEv1 IPsec SA?
Main mode
What does an Elemenet Manager do
Manage one or more VMF's, or be a VMF
4 layers of SD-Access
Management / Controller / Network / Physical
Cisco SAFE Areas
Management / Security Intel / Compliance / Segmentation / Threat Defense / Secure Services
What is the difference between well known discretionary and mandatory
Mandatory means if the attribute does not exist the peering will be torn down
What components do Puppet Modules have
Manifests / Templates / Files
What can you do with Puppet Bolt
Manual or Orchestrated tasks
What does a Fabric Control Plane do
Maps EID of the current fabric LISP map/server resolver
Policer options
Markdown or Drop traffic
What is a markdown
Marks traffic as a lower priority
What is the main server of SaltStack called
Master
How does Puppet work
Master / Agent
What is a Pupper MoM
Master of masters, for huge deployments
Differences between HSRP and VRRP
Master/backup, preemption on by default, diff multicast
Example of a Route Map
Match ip address ACL-One Set metric 20
Example of a advanced conditional match
Match ip address ACL-One | ACL-Two Match metric {1-4294967295 | external 1-4294967295}[+- deviation] Match tag 0 to 60000
What is one interface in an etherchannel bundle called
Member Interface
What is FTD
Merged ASA and Firepower services
EIGRP Feasible Distance
Metric value for the lowest metric path to a destination
Saltstack grains are run on what
Minions
How is SaltStack Architected
Minions on systems have Beacons / Returners / Trains that feed up to the Master
Steps for MST
Mode Set / Root set / Name / Revision / Instance and VLAN
How is that configured on the switch where monitoring will occur
Monitor session 57 remote vlan 99 Monitor session 57 destination interface ethernet 1/10
How to specify source ports in span
Monitor session 57 source intrface ethernet1/1 vlan 5 rx
How to Erspan
Monitor session 57 span type erspan
How to filter an existing Monitor session to just a vlan
Monitor session 57 vlan 1
How to monitor Destination port
Monitor session 58 destination interface ethernet 1/2
Two presentations in a WLC User interface
Monitoring / Configuration
What kind of deployment do you need for 4-20k
Monolithic with Compile Master
For 20k+
Monolithic with compile masters and PE-PostgreSQL
What kind of deployment do you need for 4k or under
Monollithic
VXLAN purpose
More VLAN's Large Mac Address Tables
What is DPDK
Moves OVS into the User Space from the Kernel Space, i.e. NIC talks directly to VMF not translating
What does MBGP stand for
Multi-Protocal Border Gateway Protocol
What is in a BSR message
Multicast Group Range / RP Priority / RP Address / Hash / Bidir Flag
What is SAFI for
Multicast or unicast
One large reason for a three-tier
Multiple buildings (Campus) Density of WAN routers Geo Dispersed
What does BGP MED stand for?
Multiple-exit discriminator
What comprises the DNA Center
NCP / NDP
What 3 SD-Access subsystems all talk through API
NDP/ISE/NCP
Which of the following is an architectural framework created by ETSI that defines standards to decouple network functions from proprietary hardware-based appliances and have them run in software on standard x86 servers?
NFV
How to manage it all?
NFVI
During the attack tools
NGIPS / Web Security with AMP / Email Security with AMP
What additional info does MBGP carry
NLRI info for Multiple Protocols such as IPPV6
Diff between adj-rib and loc-rib
NLRI's in original form, LOC-RIB Local or remote routes
Components of SD-WAN
NMS / vSmart Controller / SD-WAN routers / vBond orchestrator / vAnalytics
OSPF V3 LSA Type 7
NSSA Autonomous Stub
Type 7 LSA
NSSA External - Redistributed routes in NSSAs
Where the **** do you use Yang
Netconf
OSPF V3 LSA Type 2
Network
How do you advertise OSPF
Network "IP" "Mask" area "Area ID"
Type 2 LSA
Network - Multi-access network segment attached to a DR
How to configure OSPF for a large network
Network 10.0.0.10 255.255.255.0 Ara 0
How to configure a network to be OSPF
Network 10.0.0.10 0.0.0.0 Area 0 Or Network 10.0.0.10 0.0.0.255
What is NCP
Network Control Platform
What is NDP
Network Data Platform
What can AAA be used for
Network Device Access Control / Secure Network Access Control
What does NFVIS stand for
Network Function Virtualization Infrastructure Server
What does NFVI stand for
Network Function Virtualized Infrastructure
What is an NLRI
Network Layer Reachability Information
What is in the EIGRP Topology Table
Network Prefix/EIGRP Neighbors/Metric for each Neighbor/Load, reliability, delay, bandwidth
What does NFV stand for
Network function virtualization
What is a recursive route
Next hop is an IP Address
What is a directly connected route
Next hop is an interface
Does a SPAN typically include L2 info like STP or VLAN tagging
No
IS AF1 treated differently from AF4?
No
Downfall of static etherchannel
No down link detection on transit switches
Advantages of Routed Access-to-distribution block design
No first-hop redundancy protocol required No STP required Increased uplink util Easier Troubleshooting Faster Convergence
OSPF V3 Dijkstra differences
No longer has to calculate entire tree on a change
CBWFQ is only suited for what
Non real time data traffic
Open Authentication requires the use of which one of the following?
None of the above
In a Layer 2 roam, what mechanism is used to tunnel client data between the two controllers?
None of these answers
Does IKEV1 support SHA-512?
Nope
Does OSPF DR Election support preemption?
Nope
Is Ansible Agent Based?
Nope
Is Multicast supported on Site to Site?
Nope
Command to make NTP Peers
Ntp peer 192.168.1.1
How to configure NTP
Ntp server 192.168.1.1
What does the BGP route table look like when summary only is enabled
Null
What is an AS Path number
Number of hops
Types of ACL
Numbered / Numbered Extended / Named Standard / Named Extended / Port / VLAN
Traceroute Options
Numeric / Port / Probe / Source / Timeout / TTL / Timestamp / Verbose
Is DSSS or OFDM used for 5Ghz
OFDM
What are the common HTTP Status codes
OK / Created / Bad Request / Unauthorized / Forbidden / Not Found
What does SPT stand for
OSPF Term - Shortest Path Tree
Where to configure Root Guard
On designated ports that should not become root
When WPA2 enterprise mode is used on a WLAN, where is the supplicant role located?
On the wireless client
Downside of pooled nat
Once pool is exhausted pool is exhausted
How many areas can an interface be a member of
One
What is a discontguous network
One where Area 0 is split into multiple Area 0's
According to the Connectivity chart on the WLC's Client View screen, which one of the following states indicates that a wireless client has met all of the requirements to begin using a wireless network?
Online
Types of BGP Messages
Open / Update / Notification / Keepalive
How to establish a BGP Adjacency?
Open Message sent
Is Ansible Proprietary or Open Source
Open Source
Major diff between OSPF and EIGRP
Open Source vs. Proprietary
What is OVS
Operating System and Kernel Space Virtualiztion
What's an OSS
Operations Support System
vAnalytics
Optional / Analytics / Forecasting / Recommendations
What does OFDM stand for
Orthoginal Frequncy division multiplexing
How to enable OSPFV3 for IPV4
Ospfv3 process-id ipv4 area area-id
OSPF V3 Step 5
Ospfv3 process-id ipv6 area "area-id"
How do you prevent Transit Routing
Outbound BGP Route policies
What is an OIF
Outgoing interface
Which of the following is not a valid way that an AP can learn of WLCs that it might join?
Over-the-air neighbor message from another AP
What is OMP
Overlay Management Protocol
Static Route Benefit
Override Dynamic, availability on system
EtherChannel Member Interface Status'
P(articipating), H(Maximum Interfaces), I(ndividual), w(aiting for a packet), s(suspended), r(emoved)
What's a PACL vs VACL
PACL is applied to a port, VACL applied to a VLAN
What's in the TCI
PCP/DEI/Vlan ID
What is the Oakley key exchange
PFS / DH
What are the 5 PIM Operating Modes
PIM Dense (PIM-DM) Pim Sparser (PIM-SM) PIM Sparse Dense PIM Source Specific (PIM-SSM) PIM Bidirectional (Bidir-PIM)
What does (S,G) stand for in Multicast?
PIM Join
What multicast is better for small networks
PIM-DM
What Multicast is better for large networks
PIM-Sparse (SM)
What is the name of the two-rate three color drop rates
PIR and CIR
To authenticate with Cisco's DNA Center, which type of HTTP request method must be used?
POST
PCP
Priority Code Point
What is a Sniffer
Packet capture
Why is Salt Stack so fast
Parallel run
When a path has been identified using EIGRP and in a stable fashion, the route is considered ______.
Passive
How to set passive OSPF interface
Passive interface-id
How to set all passive OSPF Interface
Passive interface-id default
What is a type 8 password
Password Based Sha-256
What does PA stand for in BGP
Path Attributes
What is AIGP for
Path attributes between AS, optional, can affect routing
OID is to SNMP as What is to Yang
Paths
What does PIR stand for
Peak Information Rate (Larger than CIR)
What does PHB stand for
Per Hop Behaviors
What should the Underlay network have as characteristics
Performance / Scalability / High availability
Which ipsec phase is bi-directional
Phase 1
What's PCP
Priority Code Point
What is an Ansible set of instructions called
Playbook
Which of the following are features of Ansible? (Choose two.)
Playbooks Tasks
How does a Task relate to a Playbook
Playbooks are made up of Plays, Plays are made up of Tasks
Which traffic conditioning tool can be used to drop or mark down traffic that goes beyond a desired traffic rate?
Policers
How is Network Policy applied through the SD-Access Fabric Policy Plane
Policy (QoS / ACL etc) are applied through SGT tags
What does a Policy map for COPP look like
Policy Mapp COPP Policy Class COPP IPSEC Police 8000 conform-action transmit exceed action transmit Violate-action drop
How to create a ZBFW inspection policy map
Policy-map type inspect POLICY-NAME Inspect
How to set etherchannel load-balance
Port-channel load-balance
How to require minimum Port-Channel links
Port-channel min-links ""
What are some downsides to unplanned internal transit connectivity
Possibility of asynchronous routing Unplanned added capacity
What HTTP function is used to send the ApI
Post
What is the automation methodology
Ppdioo
Which of the following authentication methods does WPA2 personal mode use?
Pre-Shared Key
How does an AP discover a WLC
Pre-config DHCP/DNS Broadcast
Router Path Selection
Prefix Length, Administrative Distance, Metrics
What does ppdioo stand for
Prepare Plan Deisgn Impliment Observe Optimize
Inside Local vs outside global
Private internal IP vs Public assigned IP
Which of the following is not a well-known BGP community?
Private_Route
How to make a custom priv level that can shut a terminal
Privilege exec level 5 configure terminal Privilege configure level 5 interface Privilege interface level 5 shutdown
Network latency can be broken down into which of the following types?
Propagation delay (fixed) Serialization delay (fixed) Processing delay (fixed) Delay variation (variable)
Types of delay
Propogation - Distance-based Serialization - Time to convert to medium Processing - CPU / Software Delay variation - Queing / packet delay creates Jitter
NBAR2 Modes
Protocol Discovery Modular QoS CLI
Which protocols are essential to multicast operation? (Choose two.)
Protocol Independent Multicast (PIM)
Things you can do with an extended ping
Protocol i.e. IP / Appletalk Datagram Size Source Address DF Bit Data Pattern Verbose Loose / Strict routing
What is an Anycast Gateway
Provides a pervasive L3 network, spanning buildings, campus' anywhere
When using GitHub, what is the purpose of a repository? (Choose three.)
Provides a place to store a developer's code Gives the option to share a developer's code with other users Provides documentation on code examples
What is Skeme
Provides anonymity, key refresh etc.
Which of the following options describe ZBFW? (Choose two.)
Provides stateful fi rewall functionality Is an integrated IOS solution
What is BGP Multihoming used for
Providing redundant ISP typically
What is PETR
Proxy ETR
What are the two stealthwatch cloud offerings
Public / private cloud
Inside Global vs Outside Local
Public IP mapped to a Local IP, Public IP as it appears from inside
Which of these tools are agent-based in operation? (Choose two.)
Puppet Bolt SaltStack
Where are Puppet tasks stored
PuppetDB
What are the two Chef modules
Push/Pull
What is Salt Stack written in
Python
How many messagesin Aggressive Mode
QM1-QM3
How is Internal QoS marked
QoS Groups
RFC for OSPF V2
RFC 2328
RFC for two-rate three-coor
RFC 2698
What RFC amended BGP to MBGP
RFC 2858
RFC for OSPF V3
RFC 5340
What is the flow of routes in BGP
RIB-IN - Loc-RIB, Global RIB, RIB-Out
Neighbor Adjacenty Requirements
RID Unique/Interface Subnet/Mask/MTU Match/Area ID Match/DR Enablement Match/OSPF Hello and Dead Timers Match/Auth Type and Credentials match / Area Type Flags Match
Distance Vector protocols
RIP
Which of the following routing protocols are classified as IGPs? (Choose all that apply.)
RIP/EIGRP/OSPF/IS-IS
LISP separates IP addresses into which of the following? (Choose two.)
RLOCs EIDs
How does Auto-RP keep all the RP's straight?
RP Mapping Agent or a PIM Bootstrap Router (BSR)
How does PIM Shared and Source create the tree?
RP talks to LHR then FHR then established communication between the 2, like a matchmaker
Which Radius or TACACS supports EAP
Radius
EIGRP Benefits
Rapid Convergence/Network Change delta/hellos,neighbors,bandwidth,delay,load,reliability,MTU/Load Balancing
How does SaltStack listen to the environment
Reactors and Beacons
NGIPS Capabilities
Real-time contextual awareness / ATP / Automation / Performance and Scalability / AVC / URL Filtering
BGP Route steps
Receive Adj-RIB-In / Update Loc-RIB, Validate / Identify best-path / Install best-path on global / Store / Advertise
DB loss calculation
Received power / Original power
What is RSSI
Received signal strength indicator
Manifest is to Puppet as what is to Chef
Recipe
Steps to configure flexible netflow
Record Name / Description / Match Criteria / Non-Key words
Cisco SAFE includes which of the following secure domains? (Choose all that apply.)
Threat defense Segmentation Compliance
802.1D Port Types
Root Port/Designated Port/Blocking Port/
802.1W Port Roles
Root/Designated/Alternate/Backup
Default LB method for GLBP
Round Robin
How many tables does BGP use for storing prefixes?
Three
How to divide up MSP STP?
Regions
What is the Wan Edge Block
Remote Datacenters/branches/Cloud
What does RP stand for
Rendezcvous Point
What does RSVP stand for
Resource Reservation Protocol
What does PortFast do
Restricts TCN on access ports, speed up enabling
What does RFP stand for
Reverse Path Forwarding
Which of the following are container engines? (Choose all that apply.)
Rkt Docker LXD
Some types of Container Engines
Rkt / Open Container Initiative / LXD / Linux-Vserver / Windows Containers
A network consists of four controllers: A, B, C, and D. Mobility group 1 consists of controllers A and B, while mobility group 2 consists of controllers C and D; the mobility list on each controller contains both mobility group definitions. Which one of the following answers describes what happens when a client tries to roam between controllers B and C?
Roaming is possible, but CCKM and key caching do not work.Which
What do AS restrict
Route distribution, metric calculations
EIGRP Feasible Successor
Route that satisfies the feasibility condition, backup route
EIGRP Successor Route
Route wit hlowest path metric
OSPF V3 LSA Type 1
Router
What type of network device helps reduce the size of a broadcast domain?
Router
Which LSA type exists in all OSPF areas?
Router
Type 1 LSA
Router - LSA's from within an area
Configure OSPF on all interfaces
Router 1
What's a RACL
Router ACL
What is in an OSPF Hello
Router ID, Auth options, Area ID, dead interval, hello interval etc...
How to define / initialize OSPF
Router OSPF
First step in setting up
Router bgp as-number
OSPF on Log Subnet
Router ccc
How to set an OSPFV3 interface as passive
Router ospfv3 Passive-interface gigabitethernet01
Statically set Router ID
Router-id "router-id" Clear ip ospf process
What are OSPF External Routes
Routes learned from outside the OSPF Domain via Redistribution
RIB
Routing Information Base
How to prevent unplanned internal transit connectivity
Routing design Bandwidth sizing Routing pattern
What is the model of LISP
Routing with a central database instead of multiple synchronized routing tables
What is Puppet Bolt written on
Ruby
LACP code for slow LACPDU Active Mode
SA
Why is WPA3 not succeptible to easvedropping
SAE
Two MacSec keying mechanisms
SAP / MKA
LACP code for Slow Hello Consistent State
SC
What is a type 9
SCRYPT hash
How to show Etherchannel running L2 Down
SD - Switching / Down
What is a switch that is not part of the DNA platform but still participates via Automation
SD-Access extension node
Two ways to do egress enforcement
SGACL / SGFW
What the heck is SXP
SGT Exchange Protocol
What was added to VXLAN for it to work with SD-Access
SGT Tag (4 bytes)
Show Port to VLAN Mapping
SH VLAN Brief
Count of VLAN's, VTP VLAN's, Excluded VLAN's
SH VLAN Sum
How to enable traps
SNMP-Server enable traps
Downsides of a large OSPF Area
SPF Calculations run throughout when a link flaps LSDB becomes too big Large LSDB consumes memory No route summarization occurs
Which of the following best describe SPT and RPT? (Choose two.)
SPT is a source tree where the source is the root of the tree. RPT is a shared tree where the rendezvous point is the root of the tree.
Which of the following is the I/O technology that uses VFs and PFs?
SR-IOV
What does NetConf run over
SSH / TLS / SOAP
What ways can it communicate with nodes
SSH / WinRM, and others
Requirements for SaltStack SSH
SSH and Python
Info found on the Client screen
SSID, Mac Address, SNR, Signal Strength, connection time etc.
How can you make WLC's redundnat
SSO
What is SD-Wan On-Ramp
SaaS Optimization across circuits / Public Cloud connection
How to list all network interfaces
Salt '*' network.interfaces
How to do outside static nat
Same interface steps, then ip nat outside source static 192.168.1.1 192.168.1.222
What is Cisco Threat Grid
Sandbox
What does the Web Security Appliance do After an attack
Sandboxing / File Retrospection / Cognitive Threat Analytics
What does SGT stand for in SD-Access
Scalabale Group Tagbs
What is a SGT
Scalable Group Tag
What is lower in precedence? Best Effort or Scavenger?
Scavenger
Suppose that you have a large wireless network with several controllers, many APs, a RADIUS server, and a syslog server. A user has reported connectivity problems in a specific building location but has provided no details about the AP or controller he tried to join. Which one of the following is the most efficient troubleshooting method you can use to find information about the client?
Search for the client's MAC address on each controller
What does SAFE stand for
Security Architectural Framework
What does MacSec SAP stand for
Security Association Protocol (proprietary)
SGFW is obviously a Security Group firewall, what the deuce is a SGACL
Security Group ACL
What is the diff between ACL and SGACL?
Security Groups
One benefit of OSPF areas
Segmentation creates simpler routing maps, reduces OSPF traffic, size of DB
What are the two system-built zones for ZBFW? (Choose two.)
Self zone Default zone
What does a host need to do to start receiving multicast traffic?
Send an unsolicited membership report
What's the diff between a flow sensor and a flow collector
Sensor is like a span port, collector like a siem
Route Map order of eval
Sequence, conditional match, process action, optional action
What is in the Data Center / Server Room block
Servers for Websites, email, apps, storage, backups
What's OHAI
Service installed that checks in with the server
BGP router config components
Session Param / Address Fam Init / Activate Address
How to enable SSH
Set Hostname / Create User / Set Domain Name / Crypto key generate RSA
How to set STP priority
Set spanning-tree vlan "" priority, up to 4096, lower is better
How to verify a BGP Session
Sh Bgp "afi / safi" sum Sh bgp ipv4 unicast sum
Show vlan's assigned to a trunk
Sh Run VLAN Int
Last TCN
Sh Spanning-Tree "vlan" detail
How to verify netflow
Sh ip flow interface
How to show Type 1 LSA's
Sh ip ospf database
How to show Type 2 LSA information
Sh ip ospf database network
Display the OSPF neighbors and their current states
Sh ip ospf neighbor
Display the OSPF routes that are installed in the RIB
Sh ip route ospf
Show all VRF routes
Sh ip route vrf mgmt
Show IPV6 Routing Table
Sh ipv6 route
What is a condensed version of show ntp status
Sh ntp associations
Show all interfaces that participate in a vlan
Sh span-tree vlan
How to see what switch is root
Sh spanning-tree vlan 1
Types of PIM Distribution Trees
Shared - Rendezvous Point Source - aka Shortest Path Tree
What does ENFV do
Simplicity / Centralized / Snapshots / Third-party VNF / SD-WAN and Edge / Reduced Power/Space/Engineering
What is SAE as it relates to WPA3
Simultaneous auth of equals
How to view SDM Template
Show SDM Prefer
How to show BGP Routes
Show bgp "afi / safi"
Show all routes advertised to a peer
Show bgp "afi / safi" neighbor "ip address" advertised routes
How to show all routes to a network
Show bgp ipv4 unicast 10.12.1.0
How to view BGP info for a particular neighbor
Show bgp ipv4 unicast neighbors 10.12.1.1
How to verify an IPV6 BGP Session
Show bgp ipv6 unicast sum
How to verify in BGP that NLRI's between nodes
Show bgp pv4 unicast sum
How to see ipsec info
Show crypto ipsec sa
How to show crypto info
Show crypto isakmp sa
How to see etherchannel load balance
Show etherchannel load-balance
Show etherChannel neighbors
Show etherchannel port
How to check Port-Channel status
Show etherchannel sum
Commands to show GLBP status
Show glbp (brief)
Etherchannel interface show details
Show interface port-channel ""
How to show aggregated bandwidth or members on an Etherchannel
Show interface port-channel ""
How to verify tunnel config
Show interface tunnel 100
Port Status, VLAN, Enabled, Mode
Show interfaces switchport
How to check DTP status
Show interfaces trunk
How to see tunnel info
Show intrface tunnel100
How to show EIGRP environment
Show ip eigrp topology
How to see translations
Show ip nat translations
How to see type 3 LSA info
Show ip ospf database summary
Verify OSPF timer
Show ip ospf interface
Show what interfaces are running OSPF
Show ip ospf interface Show ip ospf interface brief
How to see Interface Role OSPF
Show ip ospf interface brief
How to verify an OSPF Loopback Interface
Show ip ospf interface loopback 0 | include type
How to show unequal cost load balancing metrics
Show ip route eigrp
How to verify routes
Show ip route ospf
How to check ip sla config
Show ip sla configuration
Show ospf routes for IPV6
Show ipv6 route ospfv3
How to see LACP counters
Show lacp counters
Show LACP neighbors, priority, siystem ID
Show lacp neighbor detail
How to show LACP System Priority
Show lacp sys-id
How to verify sessions
Show line
How to see logging settings
Show logging
How to check the monitor
Show monitor session local
How to check settings rspan
Show monitor session remote
What is SD-WAN NMS
Single Pane of Glass, provisioning and changes
What is Network Virtualization
Single infrastructure with multiple VRF and VN
Types of Policers
Single-rate two-color Single-rate three-color (second bucket for burst) Two-rate three-color
How many OSPF link-state announcement (LSA) types are used for routing traditional IPv4 packets?
Six
Chef Deployments
Solo / Client and Server / Hosted / Private
What's bad about WPA and WPA2 personal
Someone could easdrop
Once you are in the erspan dialog how to set the source
Source interface ethernet 1/1
But what does that look like dude, the rspan vlan command
Source session 57 destionation remote vlan 99
How to see inconsistent ports
Spamming-tree inconsistent-ports
Set STP Forwarding Delay
Spanning-Tree vlan "" forward-time ""
How to setup MST
Spanning-tree mode mst
Which of the following is the most deterministic strategy you can use to push a specific AP to join a specific controller?
Specify the primary controller
What shows on the "Connection Score" tab
Speed stats, spatial streams, Channel Width, Client max for each
Which one of the following is the primary cause of free space path loss?
Spreading
Etherchannel Source hashes
Src-dst-ip/src-dest-ip-only/src-dst-mac/src-dst-mixed-ip-port
Commands to configure HSRP
Standby 10 ip 192.168.1.1 priority 10 (priority Optional) Standby 10 mac-address (optional) Standby 10 timers 10 (optional) Standby 10 Auth password10
Root bridge election
Start out as root then listen to neighbors
What does "Inspect" do
State-based control, stateful
What is SSO
Stateful Switchover
Three types of NAT
Static / Pooled / PAT
In a resilient network topology, first-hop redundancy protocols (FHRP) overcome the limitations of which of the following? (Choose two.)
Static default routes
What's a SMC
Stealthwatch Management Console
Layer 3 persistent marker
TOS
What is the Layer 2 2-byte field for qoS
TPID
How to add a TACACS server
Tacacs server host 192.168.1.10 key asdfasdf
What does SAFI stand for
Subsequent Address Family Identifier
Study the comparison chart
Sucka
Types of OSPF Route Filtering
Summarization / Area Filtering / Local OSPF Filtering
OSPF supports filtering of routes using which of the following techniques? (Choose two.)
Summarization, using the no-advertise option Area filtering, which prevents type 1 LSAs from being generated into a type 3 LSA
Type 3 LSA
Summary - Advertises a network prefix from a different area
VTP Advertisement Types
Summary / Subset / Client
802.1x Roles
Supplicant (endpoint) / Authenticator / Authentication Server
MD5 Weakness
Supplicant does not require cert from Auth Server
Major diff between OSPF V2 and V3
Support for IPV6
IKEV2 over IKEV1 features
Supports EAP (Certificate-based), anti DoS, less messages, asymetric encryption
OSPFV3 is different because
Supports IPV4/6 New LSA types No more IP Prefix Able to determine flooding scope Packet Format Router ID required Auth Multiple Instances
What type of network device helps reduce the size of a collision domain?
Switch
Suppose that an 802.11a device moves away from a transmitter. As the signal strength decreases, which one of the following might the device or the transmitter do to improve the signal quality along the way?
Switch to a less complex modulation schem
What is an SDM Template
Switching Database Manager
How to disable DTP
Switchport nonegotiate
In a ZBFW what is the Self Zone
System level zone with all router IP Address
What is the protocol of choice for network device access control?
TACACS+
What does the SaltStack command structure include
Targets / Commands / Arguments
What happens in the Chef Kitchen
Testing before production
Suppose that you have just received news that no users can connect with a newly installed AP. Which one of the following bits of information would be important when you search for the AP's name from the WLC? (Choose all that apply.)
The AP has a valid IP address. The AP is not found. The AP has no channel numbers listed for the 2.4 and 5 GHz bands.
Suppose you access a WLC and search for the name of a specific AP for which users have complained about problems. When you look at the 5 GHz information about the AP, you notice that it is using channel 60 and has 5 dBm transmit power, 65 clients, −90 noise level, 1% channel utilization, and the Air Quality value 10. Which of the following conclusions would be most accurate?
The Air Quality value indicates a severe problem with interference on the channel.
Why is using the command-line interface (CLI) to configure a large number of devices considered difficult to scale?
The CLI is prone to human error and misconfi guration. The command line is used on a device-by-device basis.
Which router always advertises the Type 2 LSA?
The DR
Which of the following should not be dynamically advertised via an IGP into a GRE tunnel?
The GRE tunnel source interface or source IP address
MST regions can interact with PVST+/RSTP in which of the following ways? (Choose two.)
The MST region is the root bridge for all VLANs. The PVST+/RSTP topology is the root bridge for all VLANs
How to define if EtherChannel operates at L2 or L3
The Member interfaces
EIGRP Successor
The first next hop router for the successor route
Where do you configure the interface settings of a Port-Channel
The Port-Channel interface
What is TrustSec
The ability to apply ACL to a SGT tag that is assigned
Which one of the following makes the decision for a device to roam from one AP to another?
The client device
Suppose you have accessed a WLC to search for a client's MAC address. Information about the client is displayed, along with a sequence of dots indicating connectivity. The last green dot in the sequence is labeled Online. Which one of the following statements is the most correct?
The client device has successfully joined the wireless network.
Suppose an end user tried to join a wireless network several minutes ago. The WLC Client View screen shows the client to be in the Association state but not the Authentication state. Which one of the following best describes the client's current condition?
The client has an incorrect pre-shared key.
Suppose you search a WLC for a client device's MAC address. The results show a Connection Score value of 10%. Which one of the following correctly describes the scenario?
The client is currently using a data rate that is 10% of its maximum capability.
VTP Client Mode
The client switch receives VTP advertisements and modifies the VLANs on that switch. VLANs cannot be configured locally on a VTP client.
Suppose that a lightweight AP in default local mode is used to support wireless clients. Which one of the following paths would traffic usually take when passing from one wireless client to another?
Through the AP and its controller
What command is configured to prevent a router from becoming the designated router for a network segment?
The interface command ip ospf priority 0
What is the difference between the line configuration command login and the line configuration command login local?
The login command is used to enable line password authentication. The login local command is used to enable username-based authentication.
What is an EIGRP successor?
The next-hop router for the path with the lowest path metric for a destination prefi x
Suppose you search for an AP on a WLC and notice that Noise is −20 on the 2.4 GHz band. Which of the following statements is correct?
The noise is at a very high level, which is bad for wireless performance.
What is a Stratum in NTP
The number of hops
Which router manages the connection
The one with the Higher IP
What will show ntp status show you
Time/offset/server/polling interval/stratum etc
What happens to a route that does not match the PrefixRFC1918 prefix list when using the following route map? route-map QUESTION deny 10 match ip address prefix-list PrefixRFC1918 route-map QUESTION permit 20 set metric 200
The route is allowed, and the metric is set to 200.
VTP Server Mode
The server switch is responsible for the creation, modification, and deletion of VLANs within the VTP domain
What does the Connectivity section in a WLC show?
The steps to connect from Associate to Online
To troubleshoot a single wireless client, which one of the following bits of information would be most helpful in finding the client device in a wireless LAN controller?
The wireless MAC address of the client device
What are EAP Inner methods
They are tunneled inside the other methods
What happens if a Multicast message is received on an Outgoing Interface in PIM-DM / SM
They re-send their AD back upstream to re-calculate the SPT
What do CST and 802.1D have in common?
They support only one topology.
What is Postman
Tool to interact with API's
TCN
Topology Change Notification
What makes EIGRP a true distance vector routing protocol?
Topology Table
How to do traceroute
Trace ip source intterface number
Command to perform Object Traking
Track 57 ip route 192.168.1.1/32 reachability
What is the difference between optional non-transitive and transitive
Transitive option means the device needs to pass on the path attribute to the next neighbor
Inside Static NAT is best for what
Translating internally, not publicly
How to set the protocol and port of a netflow
Transport UDP 99999
What is a Shared Tree
Trees between the RP and LHR
What are some reasons that debugging is used in OSPF? (Choose three.)
Troubleshooting MTU issues Troubleshooting mismatched hello timers Troubleshooting mismatched network masks
Routers closer to the OSPF backbone can see routes from routers farther from backbone true/false
True
True or false: A BGP AS_Path ACL and a prefix list can be applied to a neighbor at the same time.
True
True or false: An extended ACL used to match routes changes behavior if the routing protocol is an IGP rather than BGP.
True
True or false: Breaking a large OSPF topology into smaller OSPF areas can be considered a form of summarization.
True
True or false: CoPP supports input and output policies to control inbound and outbound traffic.
True
True or false: GRE was originally created to provide transport for non-routable legacy protocols.
True
True or false: NFVIS is based on a standard version of Linux packaged with additional functions for virtualization, VNF lifecycle management, monitoring, device programmability, and hardware acceleration.
True
True or false: The IPv6 address family must be initialized to establish a BGP session with a peer using IPv6 addressing.
True
True or false: The MST topology can be tuned for root bridge placement, just like PVST+ and RSTP
True
True or false: The switch port with the lower STP port priority is more preferred.
True
True or false: Without Cisco ISE, it would not be possible to implement pxGrid.
True
DTP Modes
Trunk Dynamic Desireable Dynamic auto
What is SGT for
TrustSec data
What does Diameter setting do in script
Tunes stp convergence / timers
Two transport modes of IPSec
Tunnel Mode (encrypts entire packet not just payload) Transport Mode (no overlay)
What happens between controllers on an intercontroller roam
Tunnel built
Which of the following are modes of packet transport supported by IPsec?
Tunnel mode Transport mode
How many different BPDU types are there?
Two
What is the maximum number of distribution switches that can be deployed within a hierarchical LAN design building block?
Two
What is NGIPS
Two software, one firewall
Floating Static Route
Two static routes with prioritization, only the favored one appears in route table
Enterprise Architecture Options
Two-Tier (Collapsed Core) Three-Tier Layer 2 access layer (STP Based) Layer 3 access layer (routed access) Simplified Campus Software Defined (SD-Access)
Which of the following enterprise network architectures is also known as the collapsed core?
Two-tier design
Diff between type 1 and type 2 hypervisor
Type 1 runs direct on physical machine, type 2 runs on an Operating System
Which of the following password types is the weakest?
Type 7
What type of encryption does the command service password encryption provide?
Type 7 encryption
How to set an erspan destionation
Type destination and go into the context Set the destination IP and the origin IP
Is NTP UDP or TCP based
UDP
Port for VXLAN
UDP 4798
What is the port/protocol for a CAPWAP discovery packet
UDP 5246
How to remove debug from just the interface
Undebug interface loopback1
What's on the Network SD-Access layer
Underlay network / Overlay Network
RIP vs EIGRP
Unequal-Cost LB, networks 255 hops away, rapid convergence, DUAL
Is "Pass" uni-directional or bi-directional
Uni
What does UDLD stand for
Uni-Directional Link Detection
How many AP's can Mobility express support
Up to 100
How much can a de-jitter buffer often fix
Up to 30ms
What is the difference between a BGP update and a BGP notification
Update has route changes, notification has errors
Enabling root guard on a switch port does what?
Upon receipt of a superior BPDU, the port is shut down
What does an Edge Node do?
Use LISP to Enrol / authenticate / Assign a device / EID
DevNet is for what
Use it for studying genius
Three ways to configure a username
Username password / username secret / username algorighm-type secret
Eap fast vs. peap
Uses PAC for faster auth, good for wifi
What is FlexConnn
Uses WLC or mobility controller
How does Cisco DNA Center Assurance simplify troubleshooting and diagnostics?
Using streaming telemetry to gain insight from devices Using open APIs to integrate with other platforms to provide contextual information
What is Globbing
Using wildcards combined with words to search for strings
VTP 1 and 2 vs. 3
V1/2 only go to 1005, 3 to 4094
Major difference between HRSP V1 and V2?
V2 supports millisecond timer values
Two kinds of Cisco SD-Wan
VIPTella Meraki
Default VLAN, un-assignable
VLAN 1
Reserved VLans
VLAN 1002 to 1005
Extended VLAN range
VLAN 1006 - 4094
Normal VLAN's
VLAN 2-1001
Which of the following is the virtual or software version of a network function and typically runs on a hypervisor as a VM?
VNF
What do VN use
VRF Instances
Different approach to tiered method
VSS
How to set VTP Domain
VTP Domain "name"
Transparent
VTP transparent switches receive and forward VTP advertisements but do not modify the local VLAN database. VLANs are configured only locally.
LISP vs VXLAN benefit
VXLAN supports L2 or L3
What is the main reason SD-Access uses VXLAN data encapsulation instead of LISP data encapsulation?
VXLAN supports Layer 2 networks.
What is the modified VXLAN called for SD-Access
VXLAN-GPO
What does VNI stand for
VXLan Network Identifier (like a vlan)
Which of the following WPA versions is considered to have the most secure personal mode?
WPA3
What is the latest version of NetFlow?
Version 9
How are Cisco Antenna's polarized
Vertically
Is -90Db a low noise amount or high
Very low
What is Type 7
Vigenere
What is a VN
Virtual Network
What is a VRF
Virtual Routing and Forwarding
What does VSS stand for
Virtual Switching System
What does VTEP stand for
Virtual tunnel Endpoint
ISE Features
Visibility / NAC / DNA Integration / TACACS / TrusteSec / Guest / onboarding / CA / profiling / posturing / pxgrid
What is Path Trace
Visual Traceroute
How to make a VRF
Vrf definition "" Address family ipv4/6 Vrf forwarding ""
VTP Switch mode how to
Vtp mode server/client/transparent
Set VTP Password
Vtp password
How to set a VTP V3 Primary
Vtp primary
How to set a timeout on a port for 2:30
Vty\exec-timeout 2 30
Which network blocks can provide access to cloud providers for end users?
WAN edge
What is Lightweight
WLC
Difference between Fabric WLC vs WLC
WLC always follows data flow to central server, Fabric can have central server but data can flow out less hops
Which of the following components are part of the SD-Access fabric architecture?
WLCs Cisco routers Cisco switches Access points Cisco ISE Cisco DNA Center
Pre-Shared Key is used in which of the following wireless security configurations? (Choose all that apply.)
WPA personal mode WPA2 personal mode WPA3 personal mode
Between Tail, RED and WRED what is the best congestion avoidance tool
WRED, Randomly drops, but weighted
What is RF Fingerprinting
Walking a mapped area and allowing the AP's to record actual signal strength in an area
What does the Web Security Appliance do Before an attack
Web Reputation / Web Filtering / App Visibility and Control
Open Authentication can be used in combination with which one of the following?
WebAuth
Suppose an enterprise offers a wireless network that guests can use but only after they read and accept an acceptable use policy document. Which one of the following methods can inherently handle this process?
WebAuth
Alternative LB methods for GLBP
Weighted / Host Dependent
Which of the following is a recommended congestion-avoidance mechanism for modern rich-media networks?
Weighted RED (WRED)
Which of the following is a Python dictionary?
dnac = { "host": "sandboxdnac.cisco.com", "port": 443, "username": "devnetuser", "password": "Cisco123!"
What does DBD stand for
What does DBD stand for Database Description
What does NFVIS do
What doesn't it do is the better question
Which type of BGP is used in the internet
eBGP
What is Transit Routing
When Internet traffic flows through your AS
What is the preferance for BGP Route Types
eBGP Confederation Member iBGP
What are some items supported by ENFV that were not supported in EM
vWaaS / cEdge / vWLC / Viptella
How does it connect to devices
WinRM or SSH
What is in the Network Services Edge block
Wireless Lan, ISE, Telepresence, UCM
Three steps to a successful connection to Wifi
Within range and asked to associate / authenticates / Gets IP
What are Ansible Playbooks written in
YAML
Top 3 Data Models
Yang / NETCONF / RESTCONF
What is RESTCONF
Yang for API's
WTF PIM-SM has a DR?
Yeah a desginated router
Can a router be part of two AS?
Yes
Can you staticly set the RP?
Yes
Does EIGRP support route summarization
Yes
Does Stealthwatch do Forensics?
Yes
Does Stealthwatch do IR
Yes
Is MBGP backwards compatible
Yes
What does YANG stand for
Yet another Next Generation Modeling Language
For a COPP how can you determine how much your rate should be
You could use an EPC
What Distributed Messaging Platform does SaltStack use
ZeroMQ
How to create a zone
Zone security outside
Common BGP Regular Expressions
^$ - Local Originating routes - Good to restrict all internet traffic out Permit ^200_ only routes from neighbor AS200 Permit _200$ only routes originating from AS 200 Permit _200_ only routes that passs through AS200 Permit ^[0-9]+[0-9]+[0-9]+? Routes with three or fewer AS-Path Entries
What is the correct regular expression syntax for matching a route that originated in AS 300
_300$
UDLD solves the problem of ______.
a cable sending traffi c in only one direction
Give an example of an ACL applied to a debug
access-list 100 permit ip any 192.168.14.0 0.0.0.255 debug ip packet 100
A router uses _________ as the second criterion for forwarding packets
administrative distance
Which BGP command advertises a summary route to prevent link-flap processing by downstream BGP routers?
aggregate-address network subnet-mask summary-only
What is the proper command to execute a playbook using Ansible?
ansible-playbook Confi gureInterface.yaml
Which of the following attributes does the EIGRP topology table contain? (Choose all that apply.)
destination network prefix hop count total path delay list of EIGRP neighbors
Local bridge Identifier
combination of Local Switch bridge system MAC, system iD and system priority
Which of the following are Python functions? (Choose two.)
def dnac_login(host, username, password): url = "https://{}/api/system/v1/auth/token". format(host) response = requests.request("POST", url, auth=HTTPBasicAuth(username, password), headers=headers, verify=False) return response.json()["Token"] print(dnac_devices)
The ability to install multiple paths from the same routing protocol with the same path metric into the RIB is known as ______.
equal-cost multipathing
OSPFv3 uses ___________ packet types for inter-router communication.
five
What is a FIB and what Technology is it used
forwarding Information Base, CEF
A distance vector routing protocol finds the best loop-free path by using ______.
hop count
Two types of BGP
iBGP and eBGP
A router connects multiple private networks in the 10.0.0.0/8 network range to the Internet. A user's IP address of 10.1.1.1 is considered the __________ IP address.
inside local
A link-state routing protocol finds the best loop free path by using ______.
interface cost
Which value can be modified on a router to manipulate the path taken by EIGRP but avoid having impacts on other routing protocols, such as OSPF?
interface delay
How to set cost for MST
interface\spanning-tree mst "0" cost "1"
Which command is used to apply an ACL to an interface?
ip access-group {access-list-number | name} {in|out}
What does an LHR do after it receives an IGMP join from a receiver?
it sends a PIM join toward the RP.
Which of the following options can be used to only allow inbound SSH access to the vty lines of a router?
line vty 0 4 transport input ssh ip access-list extended SSH permit tcp any any eq 22 line vty 0 4 access-class SSH in
A router uses _________ as the first criterion for forwarding packets
longest match
The access layer is also commonly referred to as the _____.
network edge
How to apply an ACL to a SNMP string
snmp-server community READONLY ro 99
A path vector routing protocol finds the best loop-free path by using ______.
path attributes
What is an example of a Distribute List
permit ip 100.64.0.0 0.0.255.0 host 255.255.255.128 - Networks with 10.64.x.0 /25 are distributed
Connecting VNFs together to provide an NFV service or solution is known as ______.
service chaining
Which command is used to view the BGP neighbors and their hello intervals?
show bgp afi safi neighbors
Which command displays the translation table on a router?
show ip nat translations
Etherchannel Port Hashes
src-dst-port/src-ip/src-mac/src-mixed-ip-port/src-port
Which of the following commands defines the HSRP instance 1 VIP gateway instance 10.1.1.1?
standby 1 ip 10.1.1.1
NTP uses the concept of ________ to calculate the accuracy of the time source.
stratum
Which of the following commands are optional for GRE configuration? (Choose two.)
tunnel mode gre {ip | ipv6} keepalive
What's the difference between vEdge and cEdge
vEdge is the OG, cEdge is the integrated Cisco variant, cEdge also supports advanced security options
Two types of Viptella
vEdge, cEdge
Which of the following is the single pane of glass for the SD-WAN solution?
vManage
What are the main components of the Cisco SD-WAN solution? (Choose four.)
vManage network management system (NMS) vSmart controller SD-WAN routers vBond orchestrator
When using the Cisco vManage Authentication API, what is the Headers ContentType that is used?
x-www-form-urlencoded
Which of the following is in JSON data format?
{ "user": "root", "father": "Jason", "mother": "Jamie", "friend": "Luke" }
What does every JSON start and end with
{}
A transmitter normally uses an absolute power level of 100 mW. Through the course of needed changes, its power level is reduced to 40 mW. What is the power-level change in dB?
−4 dB
