DevNet Associate (Version 1.0) – Module 8 Exam Answers

Explanation: Cisco Umbrella uses Domain Name Servers (DNS) to enforce security on the network. Umbrella blocks access to malicious domains, URLs, IPs, and files. The system looks at the nature of any DNS requests and takes an action based on its threat intelligence, which is a large-scale repository of historical data about threats. These requests can be deemed safe and allowed, malicious and blocked, or risky and sent to a proxy server for deeper inspection.

Explanation: The NETCONF protocol uses an Extensible Markup Language (XML) based data encoding for both the configuration data and the protocol messages.

Explanation: There are three main categories of capabilities that AMP offers:
Prevention – protects against identified threats in malware files by preventing breaches
Detection – continuously monitors and records all file activity to detect malware
Responses and automation – accelerates investigations and automatically remediates malware across PCs, Macs, Linux, servers, and mobile devices (Android and iOS).

Explanation: The Finesse REST APIs can be used to build a fully functioning agent desktop, integrate into existing applications to add contact center functionality, and build a script to automate tasks.

Explanation: The SDK, available at GitHub as webexteamssdk, automatically handles pagination, simplifies authentication, provides built-in error reporting, and manages file attachments.

Explanation: YANG models use a tree structure. Within that structure, the models are similar in format to XML and are constructed in modules. These modules are hierarchical in nature and contain all the different data and types that make up a YANG device model.

Explanation: The Finesse JavaScript APIs can be used to embed existing web pages into a custom gadget and build a custom gadget for the agent state workflow. The Finesse JavaScript APIs can only be used for gadgets in the out-of-the-box Finesse agent and supervisor desktop.

Explanation: Fo the Meraki Dashboard API, every request must specify an API key via a request header. The API will return a 404 (rather than a 403) code in response to a request with a missing or incorrect API key. This behavior prevents leaking even the existence of resources to unauthorized users.

Explanation: Cisco ISE identifies every single device and user accessing the network whether the device connects to a wired or wireless network or is on a remote network. Once identified, the connecting device and user are then automatically and securely placed into the right part of the network. This segmentation offers efficiency gains as one network can be used for two separate organizations. It enables secure wired access while also giving asset visibility.

Explanation: Cisco UCS Manager uses service profiles to assign an identity to a server. Each profile can have a unique address and identifier. Each UCS server can only have one service profile association at a time.

Explanation: The Administrative XML Web Service (AXL) is an XML/SOAP based interface that provides a mechanism for inserting, retrieving, updating, and removing data from the Unified Communication configuration database.

Explanation: In Cisco NSO, there are three primary YANG sources:
NSO data model – defining the built-in functions of NSO.
Data models from devices – such as native YANG modules from NETCONF devices, generated YANG modules from SNMP MIBs, or reverse engineered YANG modules from a CLI device.
YANG service models – When developing service applications, a developer specifies the service model, such as a BGP peer, firewall setting, or MPLS VPN, in YANG.

Explanation: Cisco UCS Director extends the unification of computing and networking layers through Cisco UCS to provide visibility and management of data center infrastructure components. A network administrator can use Cisco UCS Director to configure, administer, and monitor supported Cisco and non-Cisco components. The administrator can use UCS Director to perform the following tasks:
Create, clone, and deploy service profiles and templates for all Cisco UCS servers and compute applications.
Monitor organizational usage, trends, and capacity across a converged infrastructure on a continuous basis.
Deploy and add capacity to converged infrastructures in a consistent, repeatable manner.
Manage, monitor, and report on data center components, such as Cisco UCS domains or Cisco Nexus network devices.
Extend virtual service catalogs to include services for your physical infrastructure.
Manage secure multitenant environments to accommodate virtualized workloads that run with nonvirtualized workloads.

Explanation: Firepower takes multiple actions for traffic control including these:
Inspecting, logging, and acting on network traffic.
Using security intelligence data to filter traffic. A network administrator can create lists of blocked and allowed IP addresses or address blocks, domain names, or URLs.
Controlling which websites are available to users on the network.
Blocking or filtering certain files based on lists containing data about the files.
Rate limiting network traffic based on access control.
Creating protective measures to redirect traffic to a “sinkhole server”, where the firewall can fake a DNS query response for a known malicious domain.

Explanation: There are two types of YANG models:
Open models – Developed by vendors and standards bodies, such as IETF, ITU, OpenConfig. They are designed to be independent of the underlying platform and normalize the per-vendor configuration of network devices.
Native models – Developed by vendors, such as Cisco. They relate and are designed to integrate to features or configuration only relevant to that platform.