Chapter 1

1. D. The switch uses the destination MAC address to identify the port out of which the packet should be forwarded.

2. B. A switch uses the MAC address table to limit the Layer 2 communication between only the two devices communicating with each other.

3. B. The destination IP address is used to locate the longest matching route and the outbound interface out which it should be forwarded.

4. D. Broadcast domains do not cross Layer 3 boundaries. Splitting a Layer 2 topology into multiple subnets and joining them with a router reduces the size of a broadcast domain.

5. B. The CAM is high-speed memory that contains the MAC address table.

6. D. A distributed architecture uses dedicated components for building the routing table, adjacency table, and forwarding engines. This allows for the forwarding decisions to be made closer to the packet’s egress and is more scalable.

7. B and D. CEF is composed of the adjacency table and the Forwarding Information Base.

Chapter 2

1. B. There are two BPDU types: the configuration BPDU and topology change notification BPDU.

2. B. The switch with the lowest bridge priority is elected as the root bridge. In the event of a tie, the bridge MAC address is used to elect a root bridge.

3. C. The original 802.1D specification set the value of 4 for a 1 Gbps interface.

4. B. All of the ports on a root bridge are assigned the designate port role (forwarding).

5. D. The default 802.1D specification places a switch port in the listening state for 15 seconds.

6. D. Upon receipt of a TCN BPDU, a switch sets the age for all MAC addresses to 15 seconds. Non-active/older entries are flushed from the MAC address table.

7. A and B. The blocking and listening states have been combined into the discarding state of RSTP.

8. B. False. STP allows for traffic to flow between switches once a root bridge has been elected and the ports have gone through the appropriate listening and learning stages.

9. B. False. RSTP allows for traffic to flow between switches that have synchronized with each other, while other parts of the Layer 2 topology converge.

Chapter 3

1. D. A switch’s STP priority increments in values of 4096. The priority is actually added to the VLAN number as part of the advertisement. The VLAN identifier is 12 bits, which is a decimal value of 4096.

2. B. False. The advertising path cost includes the calculate path cost but does not include the path cost of the interface from which the BPDU is being advertised.

3. A. True. As part of the STP algorithm, when two links exist between two switches, on the upstream switch, the port with the lower port priority is preferred.

4. D. BPDU guard generates a syslog message and shuts down an access port upon receipt of a BPDU.

5. B. Root guard ensures that the designated port does not transition into a root port by shutting down the port upon receipt of a superior BPDU.

6. B. Unidirectional Link Detection (UDLD) solves the problem when a cable malfunctions and transmits data in only one direction.

Chapter 4

1. A and B. MST enables traffic load balancing for specific VLANs through assignment of VLANs to specific instances that might have different topologies. MST also reduces the amount of CPU and memory processing as multiple VLANs are associated with an MST instance.

2. C. VLANs are associated with MST instances, and an instance defines the Layer 2 forwarding topology for the VLANs that are associated to it.

3. A. The original 802.1D specification accounted for one topology for all the VLANs, and Common Spanning Tree (CST) uses one topology for building a loop-free topology.

4. B. False. MST uses an internal spanning tree (IST) to advertise itself and other MST instances for building the topology. The local switch configuration associates VLANs to the MST instances.

5. B. False. The MST configuration is relevant to the entire MST region and should be the same for all switches in the region.

6. A. True. The MST topology can be tuned by setting priority, port cost, and port priority for each MST instance.

7. A and C. MST can interact with PVST+/RSTP environments by acting as a root bridge for all VLANs or ensuring that the PVST+/RSTP environment is the root bridge for all VLANs. MST cannot be a root bridge for some VLANs and then let the PVST+/RSTP environment be the root bridge for other VLANs.

Chapter 5

1. C. A switch can operate with the VTP roles client, server, transparent, and off.

2. B. False. The VTP summary includes the VTP version, domain, configuration revision, and time stamp.

3. B. False. There can be multiple VTP servers in a VTP domain. They process updates from other VTP servers just as with a client.

4. B. If the switch has a higher revision number than the current VTP domain, when a VLAN is deleted, it can send an update to the VTP server and remove that VLAN from all switches in the VTP domain.

5. B. False. Dynamic auto requires the other side to initiate a request in order for a trunk link to form.

6. C. The command switchport nonegotiate disables DTP on a port.

7. B. False. PAgP is a Cisco proprietary link bundling protocol.

8. A, B, and C. An EtherChannel bundle allows for a virtual port channel that acts as a Layer 2 (access or trunk) or Layer 3 routed interface.

9. A and B. An EtherChannel bundle provides increased bandwidth between devices and does not generate a topology change with the addition/removal of member links.

10. C. Desirable. If one device is configured with PAgP auto, the other device must be configured with desirable to form an EtherChannel bundle.

11. B. False. Only LACP allows you to set the maximum number of member links in an EtherChannel bundle.

Chapter 6

1. E. BGP is the only Exterior Gateway Protocol listed here.

2. A, B, C, and D. RIP, EIGRP, OSPF, and IS-IS are all classified as Interior Gateway Protocols.

3. E. BGP is a path vector routing protocol that selects the best path based on path attributes such as MED, local preference, and AS_PATH length.

4. A. Distance vector protocols, such as RIP, only use hop count to select the best path.

5. E. Link-state routing protocols use the interface cost as the metric for Shortest Path First (SPF) calculations.

6. C. The Cisco CEF sorts all network prefixes from shortest match to longest match for programming of the FIB. The path with the longest match is more explicit than a generic path.

7. B. When two different routing protocols attempt to install the same route into the RIB, the route with the lowest AD is installed into the RIB.

8. C. Equal-cost multipath is the installation of multiple paths (that are deemed the best path) into the RIB when they come from the same routing protocol.

9. C. Ethernet links should not use a directly attached static route, and a link failure could result in the resolution of the next-hop IP address resolving to an unintentional link. The fully specified static route ensures that the next hop is resolvable using only the specified interface.

10. D. VRFs support multiprotocol (IPv4 and IPv6) addressing.

Chapter 7

1. B. EIGRP uses protocol number 88.

2. C. EIGRP uses the hello, request, reply, update, and query packet types.

3. A. An EIGRP successor is the next-hop router for the successor route (which is the loop-free route with the lowest path metric).

4. A, B, C, and E. The EIGRP topology table contains the destination network prefix, path attributes (hop count, minimum path bandwidth, and total path delay), and a list of nearby EIGRP neighbors.

5. B and D. EIGRP uses the multicast IP address 224.0.0.10 or MAC address 01:005E:00:00:0A when feasible.

6. C. The interface delay can be modified to change the EIGRP path calculations without modifying the path calculation of OSPF.

7. C. EIGRP uses a reference bandwidth of 10 Gbps with the default metrics.

8. B. EIGRP uses a default hello timer of 5 seconds for high-speed interfaces.

9. A. EIGRP considers stable paths to be passive.

10. C. EIGRP sends out a query packet with the delay set to infinity to indicate that a route has gone active.

11. B. False. Summarization of prefixes occurs as traffic is advertised out an interface with summarization configured.

Chapter 8

1. C. OSPF uses protocol number 89.

2. C. OSPFv2 use five packet types for communication: hello, database description, link state request, link state update, and link state acknowledgment.

3. A and D. OSPF uses the multicast IP address 224.0.0.5 or the MAC address 01:00:5e:00:00:05 for the AllSPFRouters group.

4. B. False. OSPF can also be enabled with the interface parameter command ip ospf process-id area area-id.

5. B. False. The OSPF process ID is locally significant and is not required to match for neighbor adjacency.

6. B. False. An OSPF advertised default route always appears as an external route.

7. B. False. Serial point-to-point links are automatically set as an OSPF point-to-point network type, which does not have a designated router.

8. A. IOS XE uses a reference bandwidth of 100 Mbps for dynamic metric assignment to an interface.

9. A. Setting the interface priority to 0 removes the interface from the DR election process.

10. C. The loopback address is classified as an OSPF loopback interface type, which is always advertised as a /32 address, regardless of the subnet mask.

Chapter 9

1. B. False. A router needs to have an interface in Area 0 so that it can be an ABR.

2. B. False. An OSPF router only contains copies of the LSDBs for the areas it participates in.

3. D. OSPF uses six OSPF LSA types for routing IPv4 packets (Types 1, 2, 3, 4, 5, and 7). Additional LSAs exist for IPv6 and MPLS.

4. D. LSAs are deemed invalid when they reach 3600 seconds and are purged from the LSDB.

5. C. A router LSA (type 1) is associated with each OSPF-enabled interface.

6. B. False. Network LSAs (type 2) are not advertised outside the originating area. They are used with router LSAs (type 1) to build the summary LSA (type 3).

7. B. Type 3 LSAs received from a nonbackbone area only insert into the LSDB for the source area. ABRs do not create type 3 LSAs for the other areas.

8. B. False. OSPF prefers intra-area routes over interarea routes as the first logic check. In the event that both paths use the same type, the total path metric is used.

9. A. True. While the number of network prefixes might remain the same, the numbers of type 1 and type 2 LSAs are reduced.

10. C. OSPF summarization occurs at the area level and is configured under the OSPF process.

11. A and C. LSA filtering occurs on the ABR and can occur with summarization (using the no-advertise keyword) or with area filtering (preventing the Type 3 LSAs from entering into the new area).

Chapter 10

1. C. OSPFv3 uses five packet types for communication: hello, database description, link-state request, link-state update, and link-state acknowledgment. These packet types have exactly same names and functions as the same packet types in OSPFv2.

2. F. OSPFv3 uses link-local addresses for a majority of communication, but it uses the destination IPv6 address (FF02::5) for hello packets and link-state updates.

3. C. Enabling OSPFv3 requires the interface configuration command ospfv3 process-id ipv6 area area-id.

4. B. False. Without an IPv4 address, the router ID is set to 0.0.0.0, and it needs to be statically set to form a neighborship with another OSPFv3 router.

5. B. False. OSPFv3 requires an IPv6 link-local address to establish neighborship to exchange IPv6 or IPv4 routes.

Chapter 11

1. A and C. ASNs 64,512–65,535 are private ASNs within the 16-bit ASN range, and 4,200,000,000–4,294,967,294 are private ASNs within the extended 32-bit range.

2. A. Well-known mandatory attributes must be recognized by all BGP implementations and included with every prefix advertisement.

3. B. False. BGP neighbors are statically defined. There is a feature that supports dynamic discovery by one peer (though it is beyond the scope of this book), but the other router must still statically configure the remote BGP peer.

4. B. False. BGP supports multi-hop neighbor adjacency.

5. B. False. The IPv4 address family is automatically initialized by default on IOS-based devices.

6. B. The command show bgp afi safi neighbors displays all the neighbors, their capabilities, session timers, and other useful troubleshooting information.

7. C. BGP uses three tables (Adj-RIB-In, Loc-RIB, and Adj-RIB-Out) for storing BGP prefixes.

8. B. False. BGP advertises only the path that the local router deems is the best path.

9. B. The command aggregate-address network subnet-mask summary-only creates a BGP aggregate and suppresses the component routes.

10. A. True. The IPv6 address family does not exist by default on IOS-based devices.

Chapter 12

1. A, B, and D. Transit routing for enterprises is generally acceptable only for data centers connecting to MPLS networks.

2. A. True. IGPs use the destination field to select the smallest prefix length, whereas BGP uses it to match the subnet mask for a route.

3. B and C. Please see Figure 12-6 for an explanation.

4. D. Please see Table 12-6 for an explanation.

5. C. All routes are accepted and processed.

6. A. Because the route does not match the prefix list, sequence 10 does not apply, and the route moves on to sequence 20 which sets the metric to 200. It is implied that the route proceeds because it was modified.

7. A. True. A distribute list and a prefix list cannot be used at the same time for a neighbor. All other filtering techniques can be combined.

8. D. The other communities are common global communities.

9. B. Local preference is the second selection criterion for the BGP best path.

10. B. False. For MED to be used, the routes must come from the same AS.

Chapter 13

1. E. Multicast uses the one-to-many transmission method, where one server sends multicast traffic to a group of receivers.

2. B and C. Multicast relies on Internet Group Management Protocol (IGMP) for its operation in Layer 2 networks and Protocol Independent Multicast (PIM) for its operation in Layer 3 networks. It is routing protocol independent and can work with static RPs.

3. A and D. 239.0.0.0/8 (239.0.0.0 to 239.255.255.255) is the IANA IP multicast address range assigned to the administratively scoped block.

4. C. The first 24 bits of a multicast MAC address always start with 01:00:5E. The low-order bit of the first byte is the individual/group bit (I/G) bit, also known as the unicast/multicast bit, and when it is set to 1, it indicates that the frame is a multicast frame and the 25th bit is always 0.

5. B. An IGMP membership report is a message type that receivers use to join a multicast group or to respond to a local router’s membership query message.

6. C. IGMPv3 supports all IGMPv2’s IGMP message types and is backward compatible with it. The differences between the two are that IGMPv3 added new fields to the IGMP membership query and introduced a new IGMP message type called a Version 3 membership report to support source filtering.

7. B. IGMPv3 is backward compatible with IGMPv2. To receive traffic from all sources, which is the behavior of IGMPv2, a receiver uses exclude mode membership with an empty exclude list.

8. C. IGMP snooping, defined in RFC 4541, examines IGMP joins sent by receivers and maintains a table of interfaces to IGMP joins. When a switch receives a multicast frame destined for a multicast group, it forwards the packet only out the ports where IGMP joins were received for that specific multicast group. This prevents multicast traffic from flooding in a Layer 2 network.

9. B and C. A source tree is a multicast distribution tree where the source is the root of the tree, and branches form a distribution tree through the network all the way down to the receivers. When this tree is built, it uses the shortest path through the network from the source to the leaves of the tree; for this reason, it is also referred to as a shortest path tree. A shared tree is a multicast distribution tree where the root of the shared tree is not the source but a router designated as the rendezvous point (RP). For this reason, shared trees are also referred to as RP trees (RPTs).

10. B. The last-hop router (LHR) is a router that is directly attached to the receivers. It is responsible for sending PIM joins upstream toward the RP or to the source after an SPT switchover.

11. B. When there is an active source attached to the FHR, the FHR encapsulates the multicast data from the source in a special PIM-SM message called the register message and unicasts that data to the RP by using a unidirectional PIM tunnel. When the RP receives the register message, it decapsulates the multicast data packet inside the register message, and if there is no active shared tree because there are no interested receivers, the RP sends a register stop message to the FHR, instructing it to stop sending the register messages.

12. C. Auto-RP is a Cisco proprietary mechanism that automates the distribution of group-to-RP mappings in a PIM network.

13. B. PIM-DM does not use RPs. When PIM is configured in sparse mode, it is mandatory to choose one or more routers to operate as rendezvous points (RPs).

Chapter 14

1. B, C, and E. The leading causes of quality of service issues are lack of bandwidth, latency and jitter, and packet loss.

2. A, C, D, and F. Network latency can be broken down into propagation delay, serialization delay, processing delay, and delay variation.

3. B. Best effort, IntServ, and DiffServ are the three QoS implementation models.

4. A. IntServ uses Resource Reservation Protocol (RSVP) to reserve resources throughout a network for a specific application and to provide call admission control (CAC) to guarantee that no other IP traffic can use the reserved bandwidth.

5. C. DiffServ is the most popular and most widely deployed QoS model. It was designed to address the limitations of the best effort and IntServ.

6. B. Packet classification should take place at the network edge, as close to the source of the traffic as possible, in an effort to provide an end-to-end QoS experience.

7. A, D, and E. The TCI field is a 16-bit field composed of the 3-bit Priority Code Point (PCP) field (formerly PRI), the 1-bit Drop Eligible Indicator (DEI) field (formerly CFI), and the 12-bit VLAN Identifier (VLAN ID) field.

8. B. The IPv4 ToS field and the IPV6 traffic class field were redefined as an 8-bit Differentiated Services (DiffServ) field. The DiffServ field is composed of a 6-bit Differentiated Services Code Point (DSCP) field that allows for classification of up to 64 values (0 to 63) and a 2-bit Explicit Congestion Notification (ECN) field.

9. A. Four PHBs have been defined and characterized for general use:

• Class Selector (CS) PHB: The first 3 bits of the DSCP field are used as CS bits; the class selector bits make DSCP backward compatible with IP Precedence because IP Precedence uses the same 3 bits to determine class.

• Default Forwarding (DF) PHB: Used for best-effort service.

• Assured Forwarding (AF) PHB: Used for guaranteed bandwidth service.

• Expedited Forwarding (EF) PHB: Used for low-delay service.

10. A. Policers drop or re-mark incoming or outgoing traffic that goes beyond a desired traffic rate.

11. A and C. The Committed Time Interval (Tc) is the time interval in milliseconds (ms) over which the Committed Burst (Bc) is sent. Tc can be calculated with the formula Tc = (Bc [bits] / CIR [bps]) × 1000. For single-rate three-color markers/policers (srTCMs) and two-rate three-color markers/policers (trTCMs), Tc can also refer to the Bc Bucket Token Count (Tc), which is the number of tokens in the Bc bucket.

12. A and D. CBWFQ and LLQ provide real-time, delay-sensitive traffic bandwidth and delay guarantees while not starving other types of traffic.

13. A. WRED provides congestion avoidance by selectively dropping packets before the queue buffers are full. Packet drops can be manipulated by traffic weights denoted by either IP Precedence (IPP) or DSCP. Packets with lower IPP values are dropped more aggressively than are those with higher IPP values; for example, IPP 3 would be dropped more aggressively than IPP 5 or DSCP, and AFx3 would be dropped more aggressively than AFx2, and AFx2 would be dropped more aggressively than AFx1.

Chapter 15

1. B. NTP uses the stratum to measure the number of hops a device is from a time source to provide a sense of time accuracy.

2. B. False. An NTP client can be configured with multiple NTP servers but can synchronize its time with only one active NTP server. Only during failure does the NTP client use a different NTP server.

3. A and D. A first-hop redundancy protocol creates a virtual IP address for a default gateway, and this address can be used by computers or devices that only have a static default route.

4. B and C. HSPR and GLBP are Cisco proprietary FHRPs.

5. A. The HSRP VIP gateway instance is defined with the command standby instance-id ip vip-address.

6. D. Gateway Load Balancing Protocol provides load-balancing support to multiple AVFs.

7. D. The command show ip nat translations displays the active translation table on a NAT device.

8. A. The router would be using a form of inside NAT, and the 10.1.1.1 IP address is the inside local IP address; the IP address that a server on the Internet would use for return traffic is the inside global address.

9. D. The default NAT timeout is 24 hours.

Chapter 16

1. C and D. When configuring a tunnel interface, the default mode is GRE, so there is no need to specify the tunnel mode with the command tunnel mode gre {ip | ipv6}. The command is useful when the tunnel mode is changed to another type (such as IPsec) and there is a need to change the tunnel mode back to GRE.
The keepalive command is also optional. It is used to make sure the other end of the tunnel is operational. This command does not need to be configured on both ends of the tunnel in order to work.

2. A. GRE was originally created to provide transport for non-routable legacy protocols such as Internetwork Packet Exchange (IPX) across an IP network, and it is now more commonly used as an overlay for IPv4 and IPv6.

3. B. The tunnel source interface or source IP address should not be advertised into a GRE tunnel because it would cause recursive routing issues.

4. A and C. Traditional IPsec provides two modes of packet transport: tunnel mode and transport mode.

5. A and B. DES and 3DES are weak encryption protocols that are no longer recommended for use.

6. C. The message exchange method used to establish an IPsec SA for IKEv1 is known as quick mode. Main mode and aggressive mode are IKEv1 methods used to establish IKE SAs. For IKEv2, IKE_Auth creates an IPsec SA. If additional IPsec SAs are needed, a CREATE_CHILD_SA exchange is used to establish them.

7. A and D. LISP separates IP addresses into endpoint identifiers (EIDs) and routing locators (RLOCs).

8. A. The destination UDP port used by the LISP data plane is 4341. UDP port 4342 is used for LISP’s control plane messages.

9. B. An ETR may also request that the MS answer map requests on its behalf by setting the proxy map reply flag (P-bit) in the map register message.

10. B. The IANA’s assigned VXLAN UDP destination port is 4789, while for Linux it is port 8472. The reason for this discrepancy is that when VXLAN was first implemented in Linux, the VXLAN UDP destination port had not yet been officially assigned, and Linux decided to use port 8472 because many vendors at the time were using that value.

11. B. The VXLAN specification defines VXLAN as a data plane protocol, but it does not define a VXLAN control plane, which was left open to be used with any control plane.

Chapter 17

1. A. When the two power levels are the same, the result is 0 dB. As long as you remember the first handy 0 dB fact, you will find exam questions like this easy. If not, you will need to remember that dB = 10log 10 (100 mW / 100 mW) = 10log 10 (1) = 0 dB.

2. C. At first glance, 17 mW and 34 mW might seem like odd numbers to work with. Notice that if you double 17, you get 34. The second handy dB fact says that doubling a power level will increase the dB value by 3.

3. D. Start with transmitter A’s level of 1 mW and try to figure out some simple operations that can be used to get to transmitter B’s level of 100 mW. Remember the handy dB facts, which use multiplication by 2 and 10. In this case, 1 mW × 10 = 10mW × 10 = 100 mW. Each multiplication by 10 adds 10 dB, so the end result is 10 + 10 = 20 dB. Notice that transmitter B is being compared to A (the reference level), which is 1 mW. You could also state the end result in dB-milliwatt (dBm).

4. C. This question involves a reduction in the power level, so the dB value must be negative. Try to find a simple way to start with 100 and get to 40 by multiplying or dividing by 2 or 10. In this case, 100 / 10 = 10; 10 × 2 = 20; 20 × 2 = 40. Dividing by 10 reduced the dB value by 10 dB; then multiplying by 2 increased the total by +3dB; multiplying again by 2 increased the total by +3 more dB. In other words, dB = −10 + 3 + 3 = −4 dB.

5. B. Remember that the EIRP involves radiated power, and that is calculated usingonly the transmitter components. The EIRP is the sum of the transmitter power level (+20 dBm), the cable loss (−2 dB), and the antenna gain (+5 dBi). Therefore, the EIRP is +23 dBm.

6. D. A high SNR is best, where the received signal strength is more elevated above the noise floor. A 30 dBm SNR separates the signal from the noise more than a 10 dBm SNR does. Likewise, a higher RSSI value means that the signal strength alone is higher. When RSSI values are presented in dBm, remember that 0 dBm is high, while −100 dBm is very low.

7. A. Energy traveling in an electromagnetic wave spreads in three dimensions, weakening the signal strength over a distance.

8. B. The 802.11b and g devices operate at 2.4 GHz, which is less affected by free space loss than the 802.11a device, at 5 GHz.

9. B and C. Both 16-QAM and 64-QAM alter the amplitude and phase of a signal.

10. D. By switching to a less-complex modulation scheme, more of the data stream can be repeated to overcome worsening RF conditions. This can be done automatically through DRS.

Chapter 18

1. B. An AP transports client traffic through a tunnel back to a wireless LAN controller. Therefore, client-to-client traffic typically passes through both the AP, the controller, and back through the AP.

2. D. Because the network is built with a WLC and APs, CAPWAP tunnels are required. One CAPWAP tunnel connects each AP to the WLC, for a total of 32 tunnels. CAPWAP encapsulates wireless traffic inside an additional IP header, so the tunnel packets are routable across a Layer 3 network. That means the APs and WLC can reside on any IP subnet as long as the subnets are reachable. There are no restrictions for the APs and WLC to live on the same Layer 2 VLAN or Layer 3 IP subnet.

3. D. In an embedded design, an access layer switch also functions as a WLC so that all user access (wired and wireless) converges in a single layer.

4. B. An AP discovers all possible WLCs before attempting to build a CAPWAP tunnel or join a controller.

5. C. After an AP boots, it compares its own software image to that of the controller it has joined. If the images differ, the AP downloads a new image from the controller.

6. F. An AP can learn controller addresses by using any of the listed methods except for an over-the-air neighbor message. APs do send neighbor messages over the air, but they are used to discover neighboring APs—not potential WLCs to join.

7. C. If an AP cannot find a viable controller, it reboots and tries the discovery process over again.

8. D. If the primary controller responds to an AP’s discovery methods, the AP will always try to join it first, ahead of any other controller. Configuring an AP with a primary controller is the most specific method because it points the AP to a predetermined controller. Other methods are possible, but they can yield ambiguous results that could send an AP to one of several possible controllers.

9. B. A parabolic dish antenna has the greatest gain because it focuses the RF energy into a tight beam.

10. A and E. An omnidirectional antenna is usually used to cover a large area. Therefore, it has a large beamwidth. Because it covers a large area, its gain is usually small.

Chapter 19

1. B. The client must associate with a BSS offered by an AP.

2. A. The client device is in complete control of the roaming decision, based on its own roaming algorithm. It uses active scanning and probing to discover other candidate APs that it might roam to.

3. C. Because a single controller is involved, the roam occurs in an intracontroller fashion. Even though the client thinks it is associating with APs, the associations actually occur at the controller, thanks to the split-MAC architecture.

4. C. Intracontroller roaming is the most efficient because the reassociation and client authentication occur within a single controller.

5. C. Cisco Centralized Key Management (CCKM) is used to cache key information between a client and an AP. The cached information is then used as a quick check when a client roams to a different AP.

6. D. In a Layer 2 roam, the client’s IP subnet does not change as it moves between controllers. Therefore, there is no need to tunnel the client data between the controllers; instead, the client simply gets handed off to the new controller.

7. D. The anchor controller, where the client starts, maintains the client’s state and builds a tunnel to the foreign controller, to which the client has now roamed.

8. C. Controllers A and B are listed in each other’s mobility list, so they are known to each other. However, they are configured with different mobility group names. Clients may roam between the two controllers, but CCKM and PKC information will not be exchanged.

9. C. The client’s received signal strength (RSS) can be used to calculate an approximate distance from the AP based on the free space path loss attenuation.

Chapter 20

1. E. Open Authentication requires no other mechanism. The wireless client must simply send an 802.11 authentication request to the AP.

2. B. Open Authentication cannot be used with authentication methods based on PSK, EAP, or 802.1x, because they are mutually exclusive. It can be used with WebAuth to allow wireless clients to easily connect and view or authenticate through a web page.

3. B and C. The same key must be configured on all client devices that will need to connect to the WLAN. In addition, the key must be configured on all APs and WLCs where the WLAN will exist. These keys are not normally unique to each wireless client unless the identity PSK feature is used in conjunction with ISE. PSK-based authentication does not require a RADIUS server.

4. B. The WPA, WPA2, and WPA3 personal modes all use Pre-Shared Key authentication.

5. D. Each successive WPA version is considered to be more secure than its predecessor. Therefore, WPA3 is the most secure due to its new and more complex features.

6. A, C, and E. The personal modes of all WPA versions use Pre-Shared Key authentication.

7. C. EAP works in conjunction with 802.1x in WPA enterprise mode.

8. C. A controller becomes an authenticator in the 802.1x process.

9. A. The supplicant is located on the wireless client. The WLC becomes the authenticator, and the RADIUS server is the authentication server (AS).

10. D. WebAuth authentication can display policies and require interaction from the end user, provided that the user opens a web browser after attempting to connect to the WLAN. WebAuth can integrate with the other authentication methods, but it is the only one that can display the policy and receive the users’ acceptance.

Chapter 21

1. B. The first course of action should always be to gather as much information as possible so that you can reduce the scope of the problem. Then you can investigate the few potential causes that remain.

2. C. The wireless MAC address is always an important parameter because you can enter it into the search bar of a WLC to find the client device.

3. B. The status Online means that the client has passed through each phase and policy that the WLC required and has successfully joined the wireless network.

4. E. The status Online means that the client has successfully joined the network. The other states occur earlier in the connection sequence.

5. B. The client has not yet passed the Authentication stage, so it must have failed to authenticate itself correctly. If the WLAN uses WPA2-Personal, then the client’s pre-shared key could be incorrect.

6. C. Out of the possible answers, the most efficient method would be to access each controller and search for the user’s MAC address. That would give you important information specific to that user. You could also leverage Prime Infrastructure or DNA Center to search for the client across all managed controllers at once. If you choose to use your own computer, you may never be able to duplicate the conditions the user had when he experienced the problem. Checking each AP is not an efficient approach because you have not narrowed the scope of the problem. Checking the RADIUS server might reveal some authentication problems, but only if the user’s problem involved failed authentication.

7. D. The Connection Score indicates the client’s actual data rate as a percentage of its maximum supported data rate, assuming that the AP’s maximum data rate is higher.

8. A, B, and C. The first three choices are important facts in troubleshooting the connectivity issues. For example, if you see a valid IP address listed for the AP, then it must be properly connected to the wired network, have appropriate power, and have discovered and joined the WLC. As a result, you can probably rule out wired connectivity problems at the AP. If the AP is not found in the WLC search, then the AP might not be powered on, might not have an IP address, or might not have discovered the WLC. Therefore, users would not be able to use the AP at all. If the AP has no channel numbers shown, then perhaps the wireless bands have not been enabled on the WLC, so the users have no BSS to discover and join. Knowing that the AP has a valid MAC address probably has no relevance at all because all APs are preconfigured with valid MAC addresses at the factory.

9. D. The noise level is measured in dBm, from 0 dBm to −100 dBm or more. For the best wireless performance, you want the noise level to be as minimal as possible, so −100 would be best. Because the actual level is −20, performance is probably very bad around the AP.

10. D. The Air Quality level of 10 is very low, considering that 100 is the highest and best value. Therefore, something must be interfering with the AP and client operation on that channel. It might be tempting to see the large number of clients on the AP and assume that there are too many to share the same channel. However, the channel utilization is very low, indicating that the 65 clients are mostly idle or quiet, leaving plenty of air time available for use. Likewise, a noise level of −90 dBm is very low and does not indicate a problem.

Chapter 22

1. A, B, C, D, and F. The benefits of a hierarchical LAN design include the following:

• It allows for easier troubleshooting and management.

• It is highly scalable.

• It provides a simplified design.

• It offers improved performance.

• It allows for faster problem isolation.

• It provides cost-effective redundancy.

The best design for modern data centers with east-west traffic patterns is a leaf-spine architecture.

2. D. The access layer, also commonly referred as the network edge, is where end-user devices and endpoints connect to the network.

3. B. In a hierarchical LAN design, distribution layer switches are deployed in pairs within a building blocks or places in the network (PINs).

4. C. Small campus networks that don’t require an independent core can collapse the core function into the distribution layer. This is known as a two-tier, or collapsed core, design.

5. A and B. The WAN edge can provide dedicated interconnections to cloud providers, and the Internet edge can provide cloud provider connectivity not requiring dedicated interconnections.

6. A, B, C, and D. A simplified campus design relies on switch clustering such as virtual switching systems (VSSs) and stacking technologies such as StackWise, in which multiple physical switches act as a single logical switch.

Chapter 23

1. B. Although LISP is the control plane for the SD-Access fabric, it does not use LISP data encapsulation for the data plane; instead, it uses VXLAN encapsulation because it is capable of encapsulating the original Ethernet header, and this allows SD-Access to support Layer 2 and Layer 3 overlays.

2. B. The original VXLAN specification was enhanced for SD-Access to support Cisco TrustSec Scalable Group Tags (SGTs). This was accomplished by adding new fields to the first 4 bytes of the VXLAN header in order to transport up to 64,000 SGTs. The new VXLAN format is called VXLAN Group Policy Option (GPO), and it is defined in the IETF draft draft-smith-vxlan-group-policy-05.

3. A. The SD-Access fabric control plane is based on Locator/ID Separation Protocol (LISP).

4. A. The VXLAN-GPO specification includes a 16-bit identifier that is used to carry the SGT tag called the Group Policy ID.

5. C. Cisco SD-Access was designed for enterprise campus and branch network environments and not for other types of network environments, such as data center, service provider, and WAN environments.

6. A, B, D, E, F, and G. The SD-Access architecture includes the following components:

• Cisco switches: Provide wired (LAN) access to the fabric. Multiple types of Cisco Catalyst switches are supported, including NX-OS.

• Cisco routers: Provide WAN and branch access to the fabric. Multiple types of Cisco ASR 1000, ISR, and CSR routers, including the CSRv and ISRv cloud routers, are supported.

• Cisco wireless: Cisco WLCs and APs provide wireless (WLAN) access to the fabric.

• Cisco controller appliances: There are only two types of appliances to consider: Cisco DNA Center and Cisco ISE. Cisco ISE supports both VM and physical appliance deployment models.

7. A, B, C, and D. The Cisco SD-WAN solution is composed of four main components and an optional analytics service:

• vManage network management system (NMS)

• vSmart controller

• SD-WAN routers

• vBond orchestrator

• vAnalytics (optional)

8. B. The vSmart controller establishes permanent and secure Datagram Transport Layer Security (DTLS) connections to all SD-WAN routers in the SD-WAN fabric and runs a proprietary routing protocol called Overlay Management Protocol (OMP) over each of the DTLS tunnels.

9. B. SD-WAN is transport agnostic and can use any type of IP-based underlay transport networks, such as the Internet, satellite, dedicated circuits, 3G/4G LTE, and MPLS.

10. C. vManage is the single pane of glass for the SD-WAN solution.

11. B. The main function of the vBond orchestrator is to authenticate the vSmart controllers and the SD-WAN routers and orchestrate connectivity between them.

Chapter 24

1. B. 30 hops is the default number of attempted hops for traceroute.

2. A, B, and E. MTU, hello timers, and network masks have to match for OSPF neighbor adjacencies to form.

3. E. The latest version of NetFlow is Version 9.

4. B. Flexible NetFlow allows for matching on key fields and collecting non-key fields.

5. B, C, and E. Flexible NetFlow requires a flow record, a flow monitor, and a flow exporter. A flow sampler is optional.

6. C. ERSPAN is used to send captures to an analyzer across a Layer 3 routed link.

7. A, B, C, and F. IP SLA can be used to monitor many different things related to monitoring traffic. SNMP and syslog are used to send IP SLA traps and messages.

8. A, B, and E. Cisco DNA Center currently has Design, Policy, Provision, Assurance, and Platform components.

9. B. Cisco DNA Center also manages wireless components.

10. A and D. Cisco DNA Center Assurance gathers streaming telemetry from devices and uses open API to integrate with Cisco Identity Services Engine (ISE) to provide user/group context. Plug and Play and simplified provisioning are not related to troubleshooting or diagnostics.

Chapter 25

1. C. Cisco SAFE is the Cisco security architectural framework.

2. B through G. Cisco SAFE places in the network (PINs) are data center, branch office, edge, campus, cloud, and WAN.

3. A, B, and D. Cisco SAFE secure domains include management, security intelligence, compliance, segmentation, threat defense, and secure services.

4. C. Talos is the Cisco threat intelligence organization.

5. B. Cisco Threat Grid is a solution that performs static and dynamic file analysis by testing files in a sandbox environment.

6. B. Cisco Stealthwatch relies on telemetry data from NetFlow, IPFIX, and other sources for security analysis.

7. A. pxGrid requires a pxGrid controller, and Cisco ISE is the only platform that can perform this role.

8. B. Cisco EAP-FAST is the only EAP method that can perform simultaneous machine and user authentication, also known as EAP chaining.

9. B. This is false because endpoints are completely unaware of SGT tags. Only the networking infrastructure can be aware of SGT tags.

10. A, B, and E. TrustSec configuration is divided into three different phases to make it simple to understand and implement: classification, enforcement, and propagation.

Chapter 26

1. A. ACLs are applied to interfaces with the command ip access-group {access-list-number | name} {in|out}.

2. B. Type 7 passwords use a Cisco proprietary Vigenere cypher encryption algorithm that is very weak and can be easily decrypted using multiple online password decryption utilities.

3. C. The command service password encryption encrypts plaintext passwords in the configuration and Telnet sessions with type 7 password encryption.

4. A and D. The login command is used to enable line password authentication, and the login local command is used to enable username-based authentication.

5. A, B, E, and F. Privilege level 0 makes available the disable, enable, exit, help, and logout commands.

6. C and D. Using the command transport input ssh and applying an ACL to the line that only allows port 22 are valid options to allow only SSH traffic into the line. The other two options are not valid because the command transport output ssh does not affect inbound connections, and the command transport input all allows all inbound SSH and Telnet sessions.

7. B. This is false because AAA authorization for the console is disabled by default to prevent unexperienced users from locking themselves out. Authorization for the console is enabled with the command aaa authorization console.

8. C. Accounting provides the ability to track and log user access, including user identities, start and stop times, executed commands (that is, CLI commands), and so on. In other words, it maintains a security log of events.

9. D. TACACS+ is preferred for device access control because it can individually authorize every command that a user tries to execute after logging in to a device. In contrast, RADIUS requires those commands to be sent in the initial authentication response, and because there could be thousands of CLI command combinations, a large authorization result list could trigger memory exhaustion on the network device.

10. B and D. ZBFW is an integrated IOS solution that provides router stateful firewall functionality.

11. E and F. Within the ZBFW architecture, there are two system-built zones: self and default.

12. C. Control plane policing (CoPP) was created with the sole purpose of protecting the CPU or control plane of a router.

13. A. CoPP supports inbound and outbound policies; however, outbound policies are not commonly used.

14. B and D. Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP) can provide unnecessary information to routers outside of the organization and should be disabled where applicable.

Chapter 27

1. B. A virtual machine is a software emulation of a virtual server with an operating system.

2. D. A container is an isolated environment where containerized applications run. It contains the application, along with the dependencies that the application needs to run. It is created by a container engine running a container image.

3. A, B, and D. Rkt, Docker, and LXD are container engines. The vSphere hypervisor is a hypervisor that enables the creation of VMs.

4. B. A virtual switch (vSwitch) is a software-based Layer 2 switch that operates like a physical Ethernet switch and enables VMs to communicate with each other within a virtualized server and with external physical networks through the physical network interface cards (pNICs).

5. B. Multiple vSwitches can be created under a virtualized server, but network traffic cannot flow directly from one vSwitch to another vSwitch within the same host, and they cannot share the same pNIC.

6. B. Containers, just like VMs, rely on vSwitches (also known as virtual bridges) for communication within a node (server) or the outside world.

7. A. A virtual network function (VNF) is the virtual or software version of a physical network function (NF) such as a firewall, and it typically runs on a hypervisor as a VM.

8. B. Network functions virtualization (NFV) is an architectural framework created by the European Telecommunications Standards Institute (ETSI) that defines standards to decouple network functions from proprietary hardware-based appliances and have them run in software on standard x86 servers. It also defines how to manage and orchestrate the network functions.

9. D. Service chaining refers to chaining VNFs together to provide an NFV service or solution.

10. C. In SR-IOV, the emulated PCIe devices are called virtual functions (VFs), and the physical PCIe devices are called physical functions (PFs).

11. B. Cisco DNA Center provides the VNF management and NFV orchestration capabilities. It allows for easy automation of the deployment of virtualized network services, consisting of multiple VNFs. APIC-EM and ESA are no longer part of the Enterprise NFV solution.

12. A. NFVIS is based on standard Linux packaged with additional functions for virtualization, VNF lifecycle management, monitoring, device programmability, and hardware acceleration.

Chapter 28

1. B. Python is one of the easier programming languages to learn and adopt.

2. D. To authenticate to the Cisco DNA Center controller, a POST operation must be used. This is because the login credentials need to be sent to the controller to be verified.

3. B. CRUD stands for CREATE, READ, UPDATE, and DELETE. These are the common actions associated with the manipulation of data. For example, a database uses these actions.

4. D. Cisco vManage uses the Headers Content-Type x-www-form-urlencoded. X-Auth-Token is for Cisco DNA Center.

5. A. A JSON data format is built from key/value pairs. For example, “father”: “Jason” is a key/value pair, where father is the key, and Jason is the value.

6. C. The HTTP status code 401 means Unauthorized—referring to incorrect login credentials or not having valid authentication to a destination. The following table lists more HTTP status codes.

7. A and D. Python uses quotation marks in a row to begin and end a multiple-line string, such as for a long comment.

8. A. Python uses curly braces ({}) as one way to signify a dictionary.

9. C and D. Functions can be defined or can already exist within Python. print is a default function, whereas dnac_login is a custom created function.

10. D. Cisco DNA Center uses basic authentication for the initial authentication method. The Headers Content-Type X-Auth-Token is used to send the token back to Cisco DNA Center for future API calls. JSON is the data format of the requests and responses.

11. A and D. The DevNet Community page is a safe place to interact with other developers and ask questions. DevNet ambassadors and evangelists monitor the page and respond to inquiries and questions.

12. A, C, and D. GitHub is a place to store and share code with other developers as well as provide documentation for that code.

13. A and D. The CLI is difficult to scale when configuring multiple devices at the same time. This is because the CLI is designed for configuration of a single device on a device-by-device basis. Although scripting can help with some of the burden, it is not the best method for scaling. Consistency in configuration from device to device also becomes more difficult to manage as a network grows.

14. B and C. Leaf and Container are parts of a YANG model. A container can hold multiple leafs.

Chapter 29

1. B. Configuring a large number of devices by using the CLI is not only time-consuming but also leads to an increase in human error, ultimately putting the business at risk.

2. A, B, and E. Ansible, Puppet Bolt, and Salt SSH all are agentless tools.

3. C and D. Ansible uses playbooks, plays, and tasks.

4. A and D. Ansible and SaltStack are built on Python and can leverage Python to programmatically interact with the tool.

5. B. This is a YAML structure. A YAML file can also begin with three dashes (---).

6. C. Chef uses Ruby DSL for its cookbooks.

7. A, B, C, and D. Puppet Forge and GitHub can help with many different aspects of software delivery, including code revisions, associated developers, sharing of code, and becoming more agile in the development process.

8. B. PPDIOO consists of six components: Prepare, Plan, Design, Implement, Operate, and Optimize. Figure 29-9 provides more information.

9. B. Ansible uses Yet Another Markup Language (YAML) for the creation of playbook files. TAML doesn’t exist.

10. A. ansible-playbook FileName.yaml is the correct command to execute a playbook. Playbooks are built from Yet Another Markup Language (YAML) files. TAML files do not exist.

11. B and C. Chef and SaltStack are agent-based tools.