Which statement explains why a Cisco UCS 6200 Fabric Interconnect that is configured in end-host mode is beneficial to the unified fabric network?
Answer : D
In Cisco Unified Computing System environments, two Ethernet switching modes determine the way that the fabric interconnects behave as switching devices between the servers and the network. In end-host mode, the fabric interconnects appear to the upstream devices as end hosts with multiple links. In end-host mode, the switch does not run Spanning Tree Protocol and avoids loops by following a set of rules for traffic forwarding. In switch mode, the switch runs Spanning Tree Protocol to avoid loops, and broadcast and multicast packets are handled in the traditional way. http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/unified- computing/whitepaper_c11-701962.html
By default it will take 10 seconds for authentication to fail due to an unresponsive RADIUS server before a Cisco Nexus series switch reverts to another RADIUS server or local authentication. What is one efficient way to improve the reaction time to a RADIUS server failure?
Answer : D
You can monitor the availability of RADIUS servers. These parameters include the username and password to use for the server and an idle timer. The idle timer specifies the interval during which a RADIUS server receives no requests before the Nexus 5000 Series switch sends out a test packet. You can configure this option to test servers periodically.
The test idle timer specifies the interval during which a RADIUS server receives no requests before the Nexus 5000 Series switch sends out a test packet. The default idle timer value is 0 minutes. When the idle time interval is 0 minutes, the Nexus 5000 Series switch does not perform periodic RADIUS server monitoring.
Which protocol is the foundation for unified fabric as implemented in Cisco NX-OS?
Answer : C
Fibre Channel over Ethernet (FCoE) is one of the major components of a Unified Fabric.
FCoE is a new technology developed by Cisco that is standardized in the Fibre Channel
Backbone 5 (FC-BB-5) working group of Technical Committee T11 of the International
Committee for Information Technology Standards (INCITS). Most large data centers have huge installed bases of Fibre Channel and want a technology that maintains the Fibre
Channel model. FCoE assumes a lossless Ethernet, in which frames are never dropped
(as in Fibre Channel) and that therefore does not use IP and TCP.
Reference: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series- switches/white_paper_c11-495142.html
Which GLBP load-balancing algorithm ensures that a client is always mapped to the same
Answer : D
Host dependentGLBP uses the MAC address of the host to determine which virtual MAC address to direct the host to use. This algorithm guarantees that a host gets the same virtual MAC address if the number of virtual forwarders does not change.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx- os/unicast/configuration/guide/l3_cli_nxos/l3_glbp.html
Which two statements about Cisco Nexus 7000 line cards are true? (Choose two.)
Answer : A,D
Cisco is introducing a new line card called as F3 Module which has rich feature set and offers high performance 40G/100G port density to the Nexus 7000 product family. Cisco also introduced a new feature in NX-OS 6.2(2) where the F2e line card can be in the same
VDC as M1 or M2 Line Card. The objective of this session is to cover detailed steps and methodology of migrating Nexus 7000 with VDC types prior to NX-OS 6.2 to the newer F3 or M/F2e VDC types. The session also covers the effect of VDC migration with commonly used Network features, firewall and load balancer services.
M-Series XL modules support larger forwarding tables. M-Series modules are frequently required at network core, peering, and aggregation points. When used with the F1-Series, the M-Series modules provide inter-VLAN services and form a pool of Layer 3 resources for the system.
Refer to the command below. When configuring an SVS connection on the Cisco Nexus
5000 Series Switch, which device is being referenced as the remote IP address? nexus5500-2(config-svs-conn)# remote ip address 10.10.1.15 port 80 vrf management
Answer : B
This command specifies the hostname or IP address for the vCenter Server. Optionally, specifies the port number and VRF.
Topic 3, Data Center Infrastructure Security
How is a dynamic vNIC allocated?
Answer : C
The dynamic vNIC connection policy determines how the connectivity between VMs and dynamic vNICs is configured. This policy is required for Cisco UCS domains that include servers with VIC adapters on which you have installed VMs and configured dynamic vNICs.
Each dynamic vNIC connection policy includes an Ethernet adapter policy and designates the number of vNICs that can be configured for any server associated with a service profile that includes the policy.
For VM-FEX that has all ports on a blade in standard mode, you need to use the VMware adapter policy.
For VM-FEX that has at least one port on a blade in high-performance mode, use the
VMwarePassThrough adapter policy or create a custom policy. If you need to create a custom policy, the resources provisioned need to equal the resource requirements of the guest OS that needs the most resources and for which you will be using high-performance mode.
Which statement about the implementation of Cisco TrustSec on Cisco Nexus 7000 Series
Switches is true?
Answer : A
The M-Series modules on the Nexus 7000 support 802.1AE MACSEC on all ports, including the new M2-series modules. The F2e modules will have this feature enabled in the future.
It is important to note that because 802.1AE MACSEC is a link-level encryption, the two
MACSEC-enabled endpoints, Nexus 7000 devices in our case, must be directly L2 adjacent. This means we direct fiber connection or one facilitated with optical gear is required. MACSEC has integrity checks for the frames and intermediate devices, like another switch, even at L2, will cause the integrity checks to fail. In most cases, this means metro-Ethernet services or carrier-provided label switched services will not work for a
When a local RBAC user account has the same name as a remote user account on an
AAA server, what happens when a user with that name logs into a Cisco Nexus switch?
Answer : C
If you have a user account configured on the local Cisco NX-OS device that has the same name as a remote user account on an AAA server, the Cisco NX-OS software applies the user roles for the local user account to the remote user, not the user roles configured on the AAA server.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx- os/security/configuration/guide/sec_nx-os-cfg/sec_rbac.html
Which two security features are only supported on the Cisco Nexus 7000 Series Switches?
Answer : B,F
A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use the traffic storm control feature to prevent disruptions on Layer 2 ports by a broadcast, multicast, or unicast traffic storm on physical interfaces.
Traffic storm control (also called traffic suppression) allows you to monitor the levels of the incoming broadcast, multicast, and unicast traffic over a 10-millisecond interval. During this interval, the traffic level, which is a percentage of the total available bandwidth of the port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/dcnm/security/configurati on/guide/b_Cisco_DCNM_Security_Configuration_Guide__Release_5- x/Cisco_DCNM_Security_Configuration_Guide__Release_5-x_chapter17.html
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/dcnm/security/configurati on/guide/b_Cisco_DCNM_Security_Configuration_Guide__Release_5- x/Cisco_DCNM_Security_Configuration_Guide__Release_5-x_chapter1.html
Which statement about RBAC user roles on a Cisco Nexus switch is true?
Answer : B
If you belong to multiple roles, you can execute a combination of all the commands permitted by these roles. Access to a command takes priority over being denied access to a command. For example, suppose a user has RoleA, which denied access to the configuration commands. However, the users also have RoleB, which has access to the configuration commands. In this case, the users have access to the configuration commands.
The Connectivity Management Processor monitors the active supervisor module on a
Cisco Nexus 7000 switch and will reboot the device in the event of a lights-out management issue. However, which option includes features that provide similar benefits in the absence of the Connectivity Management Processor?
Answer : A
vPC uses the vPC peer-keepalive link to run hello messages that are used to detect a dual- active scenario. A Gigabit Ethernet port can be used to carry the peer-keepalive messages.
A dedicated VRF is recommended to isolate these control messages from common data packets. When an out-of-band network infrastructure is present, the management interfaces of the Cisco Nexus 7000 supervisor could be also used to carry keep-alive connectivity using the dedicated management VRF. When the vPC peer-link is no longer detected, a dual-active situation occurs, and the system disables all vPC port channel member on the "secondary" vPC peer (lower vPC role priority value). Also SVI interfaces associated to a vPC VLAN are suspended on the secondary switch. As a result, in this condition only the primary vPC peer actively forwards traffic on the vPC VLANs. Multiple peer-keepalive links can be used to increase resiliency of the dual-active detection mechanism.
Both the Cisco Catalyst 6500 and the Cisco Nexus 7000 offer a variety of high-availability features. Some of the primary features to highlight are In Service Software Upgrade
(ISSU), Stateful Switchover (SSO), and Nonstop Forwarding (NSF). The operation and the behavior of these features are unique to the respective platform and can be independently executed without affecting the interoperability between the two platforms.
Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series- switches/white_paper_c11_589890.html
In the dynamic vNIC creation wizard, why are choices for Protection important?
Answer : C
Number of Dynamic vNICs This is the number of vNICs that will be available for dynamic assignment to VMs. Remember that the VIC has a limit to the number of vNICs that it can support and this is based on the number of uplinks between the IOM and the FI.
At least this is the case with the 2104 IOM and the M81KR VIC, which supports ((# IOM
Links * 15) 2)). Also remember that your ESXi server will already have a number of vNICs used for other traffic such as Mgmt, vMotion, storage, etc, and that these count against the limit.
Adapter Policy This determines the vNIC adapter config (HW queue config, TCP offload, etc) and you must select VMWarePassThru to support VM-FEX in High Performance mode.
Protection This determines the initial placement of the vNICs, either all of them are placed on fabric A or Fabric B or they are alternated between the two fabrics if you just select the Protected option. Failover is always enabled on these vNICs and there is no way to disable the protection.
Reference: http://infrastructureadventures.com/2011/10/09/deploying-cisco-ucs-vm-fex-for- vsphere-%E2%80%93-part-2-ucsm-config-and-vmware-integration/
Which statement is true if password-strength checking is enabled?
Answer : A
If a password is trivial (such as a short, easy-to-decipher password), the cisco NX_OS software will reject your password configuration if password-strength checking is enabled.
Be sure to configure a strong password. Passwords are case sensitive.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7- x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-
Which of the following Cisco Nexus features is best managed with DCNM-LAN?
Answer : C
DCNM-LAN supports the following platforms: