Implementing Cisco Data Center Infrastructure
Question No: 51 – (Topic 4)
What is the Overlay Transport Virtualization site VLAN used for?
to allow the join interfaces at different sites to communicate
to detect devices at the site that are not capable of OTV
to allow multiple site AEDs to communicate with each other
to detect other OTV edge devices in the site
Answer: D Explanation:
The edge device performs OTV functions: it receives the Layer 2 traffic for all VLANs that need to be extended to remote locations and dynamically encapsulates the Ethernet frames into IP packets that are then sent across the transport infrastructure. It is expected that at least two OTV edge devices are deployed at each data center site to improve the resiliency.
Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DC I3_OTV_Intro/DCI_1.html
Question No: 52 – (Topic 4)
Which statement about scalability in Cisco OTV is true?
The control plane avoids flooding by exchanging MAC reachability.
IP-based functionality provides Layer 3 extension over any transport.
Any encapsulation overhead is avoided by using IS-IS.
Unknown unicasts are handled by the authoritative edge device.
Answer: A Explanation:
Cisco calls the underlying concept of OTV traffic forwarding quot;MAC routingquot;, since it behaves as if you are routing Ethernet frames over the DCI transport. OTV uses a control plane protocol to proactively propagate MAC address reachability before traffic is allowed to pass, which eliminates dependency on flooding mechanism to either learn MAC addresses or forward unknown unicasts.
Reference: http://www.computerworld.com/article/2515468/data-center/layer-2-data-center- interconnect-options.html
Question No: 53 – (Topic 4)
Refer to the exhibit.
This multilayer Cisco Nexus switch had been the active virtual gateway for Group 1 before it became temporarily unavailable. What will happen to GLBP Group 1 when this device becomes available again?
The currently active router remains active.
It depends on the priority value that is configured active on the router.
The Cisco Nexus switch becomes the active virtual gateway after 600 seconds.
It depends on the weighting values that are configured active on the router.
GLBP prioritizes gateways to elect an active virtual gateway (AVG). If multiple gateways have the same priority, the gateway with the highest real IP address becomes the AVG. The AVG assigns a virtual MAC address to each member of the GLBP group. Each member is the active virtual forwarder (AVF) for its assigned virtual MAC address, forwarding packets sent to its assigned virtual MAC address.
The AVG also answers Address Resolution Protocol (ARP) requests for the virtual IP address. Load sharing is achieved when the AVG replies to the ARP requests with different virtual MAC addresses.
Note: Packets received on a routed port destined for the GLBP virtual IP address terminate on the local router, regardless of whether that router is the active GLBP router or a redundant GLBP router. This termination includes ping and Telnet traffic. Packets received on a Layer 2 (VLAN) interface destined for the GLBP virtual IP address terminate on the active router.
Question No: 54 – (Topic 4)
What mode is required on a Cisco Nexus 7000 32-port 10-GB module port group to allow equal access to the 10-GB port controller?
Answer: C Explanation:
You can share 10 Gb of bandwidth among a group of ports (four ports) on a 32-port 10- Gigabit Ethernet module. To share the bandwidth, you must bring the dedicated port administratively down, specify the ports that are to share the bandwidth, change the rate mode to shared, and then bring the ports administratively up.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx- os/interfaces/configuration/guide/if_cli/if_basic.html#70242
Question No: 55 – (Topic 4)
Which command sequence correctly enables Adapter FEX on Nexus 5000 Series Switches?
switch(config)# install feature-set virtualization switch(config)# feature-set virtualization
switch(config)# install feature-set adapter-fex switch(config)# feature-set adapter-fex
switch(config)# install feature-set adapter-fex switch(config)# feature-set virtualization
switch(config)# install feature-set virtualization switch(config)# feature-set adapter-fex
Answer: A Explanation:
install feature-set virtualization : installs the cisco virtual machine feature set on the switch. feature-set virtualization : enables the cisco virtual machine feature on the switch.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/adapter- fex/513_n1_1/b_Configuring_Cisco_Nexus_5000_Series_Adapter- FEX_rel_5_1_3_N1/b_Configuring_Cisco_Nexus_5000_Series_Adapter- FEX_rel_5_1_3_N1_chapter_010.pdf
Question No: 56 DRAG DROP – (Topic 4)
Drag the security description on the left to the appropriate security feature on the right.
IP Source guard: IP Source Guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host#39;s IP address. The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted Layer 2 access ports.
Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives an IP address from the DHCP server, or after static IP source binding is configured by the administrator, all traffic with that IP source address is permitted from that client. Traffic from other hosts is denied. This filtering limits a host#39;s ability to attack the network by claiming a neighbor host#39;s IP address. IP Source Guard is a port-based feature that automatically creates an implicit port access control list (PACL).
CoPP: Control Plane Policing (CoPP) introduced the concept of early rate-limiting protocol specific traffic destined to the processor by applying QoS policies to the aggregate control- plane interface. Control Plane Protection extends this control plane functionality by providing three additional control-plane subinterfaces under the top-level (aggregate) control-plane interface. Each subinterface receives and processes a specific type of control-plane traffic.
Dynamic Arp Inspection: Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to- MAC address bindings. This capability protects the network from certain man-in-the-middle attacks.
Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed. The switch performs these activities:
Intercepts all ARP requests and responses on untrusted ports
Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination
Drops invalid ARP packets
Unicast RPF: The Unicast RPF feature reduces problems that are caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address. For example, a number of common types of Denial-of-Service (DoS) attacks, including Smurf and Tribal Flood Network (TFN) attacks, can take advantage of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks. Unicast RPF
and consistent with the IP routing table.
When you enable Unicast RPF on an interface, the device examines all ingress packets received on that interface to ensure that the source address and source interface appear in the routing table and match the interface on which the packet was received. This examination of source addresses relies on the Forwarding Information Base (FIB).
Traffic Storm Control: A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use the traffic storm control feature to prevent disruptions on Layer 2 ports by a broadcast, multicast, or unicast traffic storm on physical interfaces.
Traffic storm control (also called traffic suppression) allows you to monitor the levels of the incoming broadcast, multicast, and unicast traffic over a 1-second interval. During this interval, the traffic level, which is a percentage of the total available bandwidth of the port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends.
Question No: 57 – (Topic 4)
Which two statements about implementing Cisco NPV and NPIV on a Cisco Nexus 5000 Series switch are true? (Choose two.)
STP must run inside the FP network.
All VLANs must be in the same mode, CE, or FP.
FP port can join the private and nonprivate VLANs.
Only F and M series modules can run FabricPath.
These require an enhanced Layer 2 license to run.
Answer: B,E Explanation:
With the Nexus 5×00 switch, FCoE functionality is a licensed feature. After the license is installed, FCoE configuration can be completed.
Question No: 58 – (Topic 4)
Which two items are features that are available in VN-Link in software? (Choose two.)
Answer: B,C Explanation:
NetFlow is a feature that was introduced on Cisco routers that provides the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine things such as the source and destination of traffic, class of service, and the causes of congestion. A typical flow monitoring setup (using NetFlow) consists of three main components:
->Flow exporter: aggregates packets into flows and exports flow records towards
one or more flow collectors.
->Flow collector: responsible for reception, storage and pre-processing of flow data received from a flow exporter.
->Analysis application: analyzes received flow data in the context of intrusion detection or traffic profiling,
This module describes how to configure Encapsulated Remote Switched Port Analyzer (ERSPAN). The Cisco ERSPAN feature allows you to monitor traffic on one or more ports or VLANs and send the monitored traffic to one or more destination ports.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/lanswitch/configuration/xe- 3s/lanswitch-xe-3s-book/lnsw-conf-erspan.html
Question No: 59 – (Topic 4)
Which three selections represent implementations of Cisco VN-Link technology? (Choose three.)
Cisco Nexus 1000V
Cisco Nexus 2000 FEX
Answer: A,C,D Explanation:
The VM is powered on and resides on the ESX Host 1 with all the information stored on the shared storage.
The VM was connected to the PODy (where y is the number of your POD) PTS VDS by associating it to port group VLAN61 that was created on the Cisco Nexus 5548 device. The VM has been connected to the vPC system automatically using a VN-Link in the hardware in PTS mode or in VM-FEX mode.
The VEM bits are used in PTS mode to connect the VM VNIC to the VMNIC interface.
In this case, the VMNIC interface is not a real VMNIC but a dynamic VNIC that is presented as an interface to the ESX OS. The dynamic VNIC is enabled when the Cisco UCS VIC creates and configures the VNIC parameters inherited from port group VLAN61.
Question No: 60 – (Topic 4)
When connecting Cisco Nexus 5000 Series Switches to the VMware vCenter Server, which item must be configured before installing the extension keys?
configure DirectPath I/O support in vCenter
configure PTS on the VSM
configure dynamic vNICs
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|