CCNP ENCOR v8 Final Test Online

Hint

Non-DR/BDR routers send an update or link-state acknowledgment message to the DR and BDR by using the AllDRouters address FF02::6.

Hint

WPA2 uses the encryption algorithm AES (Advanced Encryption Standard) which is a stronger algorithm than WPA is, which uses TKIP (Temporal Key Integrity Protocol.) WPA was created to replace WEP (Wired Equivalent Privacy) which was easily compromised. However, the WPA TKIP had to take into account the older devices still using WEP on the network and as a result still had some of the WEP vulnerabilities. This was overcome with the creation of WPA2.

Hint

In a 802.1x WLAN environment, WPA2 with EAP (Extensible Authentication Protocol) allows for a back-end authentication server like Radius. In this environment, even though the supplicant is authenticated by the AP, the actual authentication process is carried out by the back-end Radius server through the WLAN controller.

Hint

• vManage Network Management System – configured with a public IP address so that all SD-WAN devices in the network can connect to it
• vSmart controller – enables centralized provisioning and simplifies network changes
• vBond orchestrator – authenticates each SD-WAN router that comes online
• non – supports standard router features, such as OSPF, BGP, ACLS, QoS, and routing policies

Hint

The DiffServ model uses 6-bits known as the DiffServ Code Point (DSCP) bits to mark traffic and offers a maximum of 64 possible classes of service. Diffserv-aware routers can then implement per-hop behaviors (PHBs) that can control packet forwarding based on the specified class of service.

Hint

The class of service (CoS) marking allows a Layer 2 Ethernet frame to be marked with eight levels of priority (values 0–7). This marking can be used by QoS-enabled network devices to provide preferential traffic treatment.

Hint

Interarea summarization is manually configured on Area Border Routers (ABRs). Because ABRs connect multiple areas, it is these routers that would summarize routes before injecting them into another area. ASBRs are configured with external route summarization. Backbone and intra-area routers have all interfaces in a single area and are not able to summarize routes into other areas.

Hint

Because S1 is the root bridge, B is a designated port, and C and D root ports. RSTP supports a new port type, alternate port in discarding state, that can be port A in this scenario.

Hint

The route provided points to another address that must be looked up in the routing table. This makes the route a recursive static route.

Hint

The second entry in the table indicates that there is one feasible successor (“1 successors”) for network 192.168.1.8/30. The last entry in the table shows that network 192.168.10.8/30 is directly connected, so it is not reachable through network 192.168.11.1. The third entry indicates that the reported distances for network 192.168.1.0 are 28116 and 2170112, not 41024256. This same entry shows that neighbor 172.16.6.1 is a feasible successor for network 192.168.1.0. The first entry indicates that R1 has only one successor, not two to network 172.16.3.0/24.

Hint

Bandwidth and delay are static values that are not actually tracked by a device. Load and reliability are tracked dynamically by a device over a default period of time. MTU is not used for EIGRP metrics.

Hint

To locate a device more accurately, an AP can use the received signal strength (RSS) of a client device as a measure of the distance between the two.

Hint

Cisco Centralized Key Management (CCKM): One controller maintains a database of clients and keys on behalf of its APs and provides them to other controllers and their APs as needed during client roams. CCKM requires Cisco Compatible Extensions (CCX) support from clients.

Hint

There are several types of deployment models for the Chef server. Chef Solo: The Chef server is hosted locally on the workstation. Chef Client and Server: This is a typical Chef deployment with distributed components. Hosted Chef: The Chef server is hosted in the cloud. Private Chef: All Chef components are within the same enterprise network.

Hint

BGP uses TCP port 179 to communicate with other routers. TCP allows for handling of fragmentation, sequencing, and reliability (acknowledgment and retransmission) of communication packets.

Hint

As indicated in the BGP table, the route is an aggregate route 172.16.0.0/20 learned from the neighbor 192.168.2.2. The atomic-aggregate attribute indicates loss of path attributes, such as AS_Path in this scenario.

Hint

VMware vSphere, Microsoft HyperV, Citrix XenServer, and Red Hat Kernel-based Virtual Machine (KVM) are the most popular hypervisors in the server virtualization market

Hint

An SR-IOV-enabled pNIC supports two different modes for switching traffic between VNFs:

• Virtual Ethernet Bridge (VEB): Traffic between VNFs attached to the same pNIC is hardware switched directly by the pNIC.
• Virtual Ethernet Port Aggregator (VEPA): Traffic between VNFs attached to the same pNIC is switched by an external switch.

Hint

Administrative access over SSH to the router is through the vty lines. Therefore, the ACL must be applied to those lines in the inbound direction. This is accomplished by entering line configuration mode and issuing the access-class command.

Hint

Most common HTTP status codes include:

• 200 – OK (using GET or POST to exchange data with an API successfully)
• 201 – Created (creating resources by using a REST API call successfully)
• 400 – Bad Request (The request from the client is failed due to client-side issue.)
• 401 – Unauthorized (The client is not authenticated to access site or API call.)
• 403 – Forbidden (The access request is not granted based on the supplied credentials.)
• 404 – Not Found (The page requested at HTTP URL location does not exist or is hidden.)

Hint

If a switch on the same VTP domain is added to the network and the switch has a higher configuration revision number, valid VLANs can be deleted and VLANs from the new switch can be sent to other switches in the VTP domain. This can result in loss of connectivity for some network devices. Always put a false domain name on a new switch and then change the VTP domain name to the correct one so the configuration revision number will be at 0 on the switch to be added.

Hint

The combinations of modes that will form an EtherChannel are as follows: on/on, active/passive, active/active, desirable/auto, and desirable/desirable.

Hint

Hosts will send an ARP request to the default gateway which is the virtual IP address. ARP replies from the HSRP routers contain the virtual MAC address. The host ARP tables will contain a mapping of the virtual IP to the virtual MAC. – the IP address and the MAC address of R1

Hint

It is appropriate to use BGP when an autonomous system is multihomed, or has more than one connection to another autonomous system or to the Internet. BGP is not appropriate for single-homed autonomous systems. Autonomous system 65003 is a single-homed AS because it is only connected to one other autonomous system, 65002.

Hint

The problem with the current floating static route is that the administrative distance is set too low. The administrative distance will need to be higher than that of OSPF, which is 110, so that the router will only use the OSPF link when it is up.

Hint

The primary function of the distribution layer is to aggregate access layer switches in a given building or campus. The distribution layer provides a boundary between the Layer 2 domain of the access layer and the Layer 3 domain of the core. On the Layer 2 side, it creates a boundary for Spanning Tree Protocol (STP), limiting propagation of Layer 2 faults. On the Layer 3 side, it provides a logical point to summarize IP routing information when it enters the core Layer. The summarization reduces IP route tables for easier troubleshooting and reduces protocol overhead for faster recovery from failures.

Hint

S4 has the lowest bridge ID, thus S4 is the root bridge. Because the path cost S1-S2-S4 is lower than the path cost S1-S3-S4, path S1-S2-S4 is the preferred path for S1 to reach S4. Thus, STP will set the S1 port Fa0/1 to a blocking state, and the trunk link Trunk2 will not forward any traffic.

Hint

With WPA-Personal and WPA2-Personal modes, a malicious user can eavesdrop and capture the four-way handshake between a client and an AP. WPA3-Personal avoids such attacks by strengthening the key exchange between clients and APs through a method knows as SAE (Simultaneous Authentication of Equals).

Hint

By default, Fast Ethernet, Gigabit, and 10 Gigabit Ethernet interfaces all have a cost of 1. Altering the default reference bandwidth alters the cost calculation, allowing each speed to be more accurately reflected in the cost.

Hint

The Cisco Embedded Event Manager (EEM) is a Cisco IOS tool that uses software applets to automate tasks on a Cisco device. EEM is completely contained within the local device and needs no external scripting or monitoring device.

Hint

JavaScript Object Notation (JSON) is a data format used by applications to store and transport data.

Hint

In a routing table, a route with the label O indicates a network that is advertised by another router in the same area. In this case, the exit interface is GigabitEthernet0/1. The designation O IA means the entry was learned from an interarea LSA that was generated from an ABR. Label O*E2 indicates an external network. In this case, the network designation of 0.0.0.0/0 indicates that this external network is the default route for all traffic that goes to external networks.

Hint

The priority value 24576 is a predefined value that is implemented by the command spanning-tree vlan 10 root primary . This command configures Switch_2 to become the root switch. A root switch will have all forwarding interfaces and no root ports.

Hint

Network traffic is classified and marked as close to the source device as possible. The trust boundary is the location where the QoS markings on a packet are trusted as they enter an enterprise network.

Hint

The TACACS+ protocol provides flexibility in AAA services. For example, using TACACS+, administrators can select authorization policies to be applied on a per-user or per-group basis.

Hint

If the two VLAN IDs differ, the controllers arrange a Layer 3 roam (also known as a local-to-foreign roam) that will allow the client to keep using its IP address.

Hint

Reference: Here (from cisco)

Hint

Enterprise NFV reduces operational complexity of branch environments by hosting networking functions as software on standard x86-based platforms. Enterprise Network Functions Virtualization (NFV) – Cisco

Hint

Be aware that you cannot control which software image release a lightweight AP runs. Rather, the WLC that the AP joins determines the release, based on its own software version.

Hint

Encapsulated Remote Switched Port Analyzer (ERSPAN): You can capture network traffic on a remote device and send the traffic to the local system through Layer 3 (routing) toward a local port attached to some sort of traffic analyzer.

Hint

The MST version number must match for all switches in the same MST region.

Hint

Because of the implicit deny at the end of all ACLs, the access-list 1 permit any command must be included to ensure that only traffic from the 172.16.4.0/24 subnet is blocked and that all other traffic is allowed.​

Hint

Each VTEP has two interfaces:

• Local LAN interfaces: These interfaces on the local LAN segment provide bridging between local hosts.
• IP interface: This is a core-facing network interface for VXLAN. The IP interface’s IP address helps identify the VTEP in the network. It is also used for VXLAN traffic encapsulation and de-encapsulation.

Hint

Antennas are passive devices; they do not amplify a transmitter’s signal with any circuitry or external power. Instead, they amplify or add gain to the signal by shaping the RF energy as it is propagated into free space.

Hint

R1 has to have NAT-POOL2 bound to ACL 1. This is accomplished with the command R1(config)#ip nat inside source list 1 pool NAT-POOL2. This would enable the router to check for all interesting traffic and if it matches ACL 1 it would be translated by use of the addresses in NAT-POOL2.

Hint

OSPF uses six LSA types for IPv4 routing:

• Type 1, router LSA: Advertises the LSAs that originate within an area
• Type 2, network LSA: Advertises a multi-access network segment attached to a DR
• Type 3, summary LSA: Advertises network prefixes that originated from a different area
• Type 4, ASBR summary LSA: Advertises a summary LSA for a specific ASBR
• Type 5, AS external LSA: Advertises LSAs for routes that have been redistributed
• Type 7, NSSA external LSA: Advertises redistributed routes in NSSAs.

Hint

The neighbor command is used to specify an EBGP neighbor router and peer with it. The command requires that the AS number of the neighbor be included as part of the command.

Hint

Weighted random early detection (WRED) is a congestion avoidance mechanism. Different IP precedence and DSCP values each have RED profiles, which determine the probability of packet discard based on the average queue depth of an interface.

Hint

Feasible successors are installed in the EIGRP routing table when the successor becomes unavailable. Feasible successors are backup routes that are have a metric higher than that of successors.

Hint

The output indicates that the K values are in default (K1=1, K2=0, K3=1, K4=0, K5=0). The no auto-summary command is used since automatic summarization is not in effect. R1 is advertising the 192.168.1.0 and 10.0.0.0 networks, not receiving advertisements about them. Up to 4 equal metric paths to the same destination network will be included in the routing table since the metric variance parameter is set to 1.

Hint

OSPFv6 messages can be sent to either the OSPF router multicast FF02::5, the OSPF DR/BDR multicast FF02::6, or the link-local address.

Hint

OSPF designated routers are elected on multiaccess networks to disseminate LSAs to other OSPF routers. By having a single router disseminate LSAs, the exchanging of LSAs is more efficient.

Hint

Cisco developed the Cisco SAFE security architecture to help design secure solutions for various places in the network (PINs) such as: the branch, campus, data center, edge, cloud, and WAN.

Hint

In route map configuration, if there are multiple variables (ACLs, prefix lists, tags, and so on) configured for a specific route map sequence, only one variable must match for the prefix to qualify. The Boolean logic uses an OR operator for this configuration. The processing action is performed only after a match occurs.

Hint

The command output shows the port channel as SU, which means Layer 2 and in use; and the FastEthernet 0/10 and 0/11 interfaces are bundled in port-channel as indicated by the P flag. Configuring the EtherChannel using the channel-group 1 mode on command will cause the Protocol field in the command output to be empty.

Hint

Speed and duplex settings must match for all interfaces in an EtherChannel. All interfaces in the EtherChannel must be in the same VLAN if the ports are not configured as trunks. Any ports may be used to establish an EtherChannel. Domain names and port security settings are not relevant to EtherChannel.

Hint

From the output, the IP SLA is configured to perform icmp-echo, the target device is 192.168.2.1, and the icmp-echo requests are sent every 10 seconds. “Start Time already passed” indicates that the operation has started. The “Life” parameter indicates that the setting is “Forever”.

Hint

The interfaces GigabitEthernet 0/1 and GigabitEthernet 0/2 are configured “on” for the EtherChannel link. This mode forces the interface to channel without PAgP or LACP. The EtherChannel will be established only if the other side is also set to “on”. However, the mode on SW2 side is set to PAgP desirable. Thus the EtherChannel link will not be established.

Hint

The origin is a well-known mandatory BGP path attribute used in the BGP best-path algorithm. A value of i represents an IGP, e indicates EGP, and ? indicates a route that was redistributed into BGP.

Hint

The SD-Access fabric is the overlay network, and it provides policy-based network segmentation, host mobility for wired and wireless hosts, and enhanced security beyond the normal switching and routing capabilities of a traditional network.

Hint

802.11n operates at both 2.4 GHz and 5 GHz and is backward compatible with 802.11b and 802.11g. 802.11b and 802.11g operate at 2.4 GHz only. 802.11a and 802.11ac operate at 5 GHz only.

Hint

Element managers (EMs), also known as element management systems (EMSs), are responsible for the functional management of VNFs; in other words, they perform fault, configuration, accounting, performance, and security (FCAPS) functions for VNFs. A single EM can manage one or multiple VNFs, and an EM can also be a VNF.

Hint

Because no outside local or outside global address is referenced, the traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by using static NAT. In the output from the command show ip nat translations, the inside local IP address of 192.168.2.20 is being translated into an outside IP address of 192.0.2.254 so that the traffic can cross the public network. A public IPv4 device can connect to the private IPv4 device 192.168.254.253 by targeting the destination IPv4 address of 192.0.2.88.

Hint

The weighted random early detection (WRED) algorithm provides congestion avoidance on network interfaces by allowing TCP traffic to be throttled before buffers are exhausted. This maximizes network use and TCP-based application performance while minimizing tail drop.

Hint

Type 5 LSA is External LSA which is generated by Autonomous System Boundary Router ( ASBR ). This LSA contains external route information which is redistributed in OSPF domain. Type 5 LSAs aren’t allowed in stub areas.

Hint

Next-Generation Intrusion Prevention System (NGIPS): A system that passively monitors and analyzes network traffic for potential network intrusion attacks and logs the intrusion attack data for security analysis is known as an intrusion detection system (IDS). A system that provides IDSfunctions and also automatically blocks intrusion attacks is known as an intrusion prevention system (IPS).

Hint

Proxy ARP is a technique used on a device on a network to answer ARP queries for a device on another network. This service should be disabled on a router and the correct default gateway address should be configured (manually or by DHCP) for the normal process of remote network access. CDP and LLDP are device discovery protocols. Reverse ARP is used to resolve IP addresses.

Hint

The dynamic auto mode makes the interface become a trunk interface if the neighboring interface is set to trunk or desirable mode. The dynamic desirable mode makes the interface actively attempt to convert the link to a trunk link. The trunk mode puts the interface into permanent trunking mode and negotiates to convert the neighboring link into a trunk link. The nonegotiate mode prevents the interface from generating DTP frames.

Hint

If a router is not running OSPF, it is not configurable with an OSPF area. OSPF areas have no direct relationship with the Internet. Routers that run OSPF can connect to the Internet, but multiple OSPF areas are not required for this purpose. OSPF areas help to decrease the demand for router memory and processing power by limiting OSPF protocol traffic, keeping link-state databases small, and requiring fewer SPF recalculations. Multiarea OSPF requires additional steps to configure and therefore does not simplify the configuration process.