Implementing Cisco Data Center Infrastructure v8.0 (300-165)

Page:    1 / 11   
Total 165 questions

Which statement explains why a Cisco UCS 6200 Fabric Interconnect that is configured in end-host mode is beneficial to the unified fabric network?

  • A. There is support for multiple (power of 2) uplinks.
  • B. Upstream Layer 2 disjoint networks will remain separated.
  • C. The 6200 can connect directly via vPC to a Layer 3 aggregation device.
  • D. STP is not required on the uplink ports from the 6200.

Answer : D

In Cisco Unified Computing System environments, two Ethernet switching modes determine the way that the fabric interconnects behave as switching devices between the servers and the network. In end-host mode, the fabric interconnects appear to the upstream devices as end hosts with multiple links. In end-host mode, the switch does not run Spanning Tree Protocol and avoids loops by following a set of rules for traffic forwarding. In switch mode, the switch runs Spanning Tree Protocol to avoid loops, and broadcast and multicast packets are handled in the traditional way. computing/whitepaper_c11-701962.html

By default it will take 10 seconds for authentication to fail due to an unresponsive RADIUS server before a Cisco Nexus series switch reverts to another RADIUS server or local authentication. What is one efficient way to improve the reaction time to a RADIUS server failure?

  • A. Decrease the global RADIUS retransmission count to 1.
  • B. Decrease the global RADIUS timeout interval to 5 seconds.
  • C. Configure the RADIUS retransmission count and timeout interval per server, versus globally.
  • D. Configure per server a test idle timer, along with a username and password.

Answer : D

You can monitor the availability of RADIUS servers. These parameters include the username and password to use for the server and an idle timer. The idle timer specifies the interval during which a RADIUS server receives no requests before the Nexus 5000 Series switch sends out a test packet. You can configure this option to test servers periodically.
The test idle timer specifies the interval during which a RADIUS server receives no requests before the Nexus 5000 Series switch sends out a test packet. The default idle timer value is 0 minutes. When the idle time interval is 0 minutes, the Nexus 5000 Series switch does not perform periodic RADIUS server monitoring.
Reference: e/cli_rel_4_0_1a/CLIConfigurationGuide/sec_radius.html

Which protocol is the foundation for unified fabric as implemented in Cisco NX-OS?

  • A. Fibre Channel
  • B. Data Center Bridging
  • C. Fibre Channel over Ethernet
  • D. N proxy virtualization
  • E. N Port identifier virtualization

Answer : C

Fibre Channel over Ethernet (FCoE) is one of the major components of a Unified Fabric.
FCoE is a new technology developed by Cisco that is standardized in the Fibre Channel
Backbone 5 (FC-BB-5) working group of Technical Committee T11 of the International
Committee for Information Technology Standards (INCITS). Most large data centers have huge installed bases of Fibre Channel and want a technology that maintains the Fibre
Channel model. FCoE assumes a lossless Ethernet, in which frames are never dropped
(as in Fibre Channel) and that therefore does not use IP and TCP.
Reference: switches/white_paper_c11-495142.html

Which GLBP load-balancing algorithm ensures that a client is always mapped to the same
VMAC address?

  • A. vmac-weighted
  • B. dedicated-vmac-mode
  • C. shortest-path and weighting
  • D. host-dependent

Answer : D

Host dependentGLBP uses the MAC address of the host to determine which virtual MAC address to direct the host to use. This algorithm guarantees that a host gets the same virtual MAC address if the number of virtual forwarders does not change.
Reference: os/unicast/configuration/guide/l3_cli_nxos/l3_glbp.html

Which two statements about Cisco Nexus 7000 line cards are true? (Choose two.)

  • A. M1, M2, and F1 cards are allowed in the same VDC.
  • B. M line cards are service-oriented and likely face the access layer and provide Layer 2 connectivity.
  • C. F line cards are performance-oriented and likely connect northbound to the core layer for Layer 3 connectivity.
  • D. M line cards support Layer 2, Layer 3, and Layer 4 with large forwarding tables and a rich feature set.
  • E. The F2 line card must reside in the admin VDC.

Answer : A,D

Cisco is introducing a new line card called as F3 Module which has rich feature set and offers high performance 40G/100G port density to the Nexus 7000 product family. Cisco also introduced a new feature in NX-OS 6.2(2) where the F2e line card can be in the same
VDC as M1 or M2 Line Card. The objective of this session is to cover detailed steps and methodology of migrating Nexus 7000 with VDC types prior to NX-OS 6.2 to the newer F3 or M/F2e VDC types. The session also covers the effect of VDC migration with commonly used Network features, firewall and load balancer services.
M-Series XL modules support larger forwarding tables. M-Series modules are frequently required at network core, peering, and aggregation points. When used with the F1-Series, the M-Series modules provide inter-VLAN services and form a pool of Layer 3 resources for the system.

Refer to the command below. When configuring an SVS connection on the Cisco Nexus
5000 Series Switch, which device is being referenced as the remote IP address? nexus5500-2(config-svs-conn)# remote ip address port 80 vrf management

  • A. ESX or ESXi host
  • B. vCenter
  • C. vPC peer switch
  • D. Cisco IMC management

Answer : B

This command specifies the hostname or IP address for the vCenter Server. Optionally, specifies the port number and VRF.
Topic 3, Data Center Infrastructure Security

How is a dynamic vNIC allocated?

  • A. Dynamic vNICs are assigned to VMs in vCenter.
  • B. Dynamic vNICs can only be bound to the service profile through an updating template.
  • C. Dynamic vNICs are bound directly to a service profile.
  • D. Dynamic vNICs are assigned by binding a port profile to the service profile.

Answer : C

The dynamic vNIC connection policy determines how the connectivity between VMs and dynamic vNICs is configured. This policy is required for Cisco UCS domains that include servers with VIC adapters on which you have installed VMs and configured dynamic vNICs.
Each dynamic vNIC connection policy includes an Ethernet adapter policy and designates the number of vNICs that can be configured for any server associated with a service profile that includes the policy.
For VM-FEX that has all ports on a blade in standard mode, you need to use the VMware adapter policy.
For VM-FEX that has at least one port on a blade in high-performance mode, use the
VMwarePassThrough adapter policy or create a custom policy. If you need to create a custom policy, the resources provisioned need to equal the resource requirements of the guest OS that needs the most resources and for which you will be using high-performance mode.

Which statement about the implementation of Cisco TrustSec on Cisco Nexus 7000 Series
Switches is true?

  • A. While SGACL enforcement and SGT propagation are supported on the M and F modules, 802.1AE (MACsec) support is available only on the M module.
  • B. SGT Exchange Protocol is required to propagate the SGTs across F modules that lack hardware support for Cisco TrustSec.
  • C. AAA authentication and authorization is supported using TACACS or RADIUS to a Cisco Secure Access Control Server.
  • D. Both Cisco TrustSec and 802.1X can be configured on an F or M module interface.

Answer : A

The M-Series modules on the Nexus 7000 support 802.1AE MACSEC on all ports, including the new M2-series modules. The F2e modules will have this feature enabled in the future.
It is important to note that because 802.1AE MACSEC is a link-level encryption, the two
MACSEC-enabled endpoints, Nexus 7000 devices in our case, must be directly L2 adjacent. This means we direct fiber connection or one facilitated with optical gear is required. MACSEC has integrity checks for the frames and intermediate devices, like another switch, even at L2, will cause the integrity checks to fail. In most cases, this means metro-Ethernet services or carrier-provided label switched services will not work for a
MACSEC connection.

When a local RBAC user account has the same name as a remote user account on an
AAA server, what happens when a user with that name logs into a Cisco Nexus switch?

  • A. The user roles from the remote AAA user account are applied, not the configured local user roles.
  • B. All the roles are merged (logical OR).
  • C. The user roles from the local user account are applied, not the remote AAA user roles.
  • D. Only the roles that are defined on both accounts are merged (logical AND).

Answer : C

If you have a user account configured on the local Cisco NX-OS device that has the same name as a remote user account on an AAA server, the Cisco NX-OS software applies the user roles for the local user account to the remote user, not the user roles configured on the AAA server.
Reference: os/security/configuration/guide/sec_nx-os-cfg/sec_rbac.html

Which two security features are only supported on the Cisco Nexus 7000 Series Switches?
(Choose two.)

  • A. IP source guard
  • B. traffic storm control
  • C. CoPP
  • D. DHCP snooping
  • E. Dynamic ARP Inspection
  • F. NAC

Answer : B,F

A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use the traffic storm control feature to prevent disruptions on Layer 2 ports by a broadcast, multicast, or unicast traffic storm on physical interfaces.
Traffic storm control (also called traffic suppression) allows you to monitor the levels of the incoming broadcast, multicast, and unicast traffic over a 10-millisecond interval. During this interval, the traffic level, which is a percentage of the total available bandwidth of the port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends.
Reference: on/guide/b_Cisco_DCNM_Security_Configuration_Guide__Release_5- x/Cisco_DCNM_Security_Configuration_Guide__Release_5-x_chapter17.html

And - on/guide/b_Cisco_DCNM_Security_Configuration_Guide__Release_5- x/Cisco_DCNM_Security_Configuration_Guide__Release_5-x_chapter1.html

Which statement about RBAC user roles on a Cisco Nexus switch is true?

  • A. If you belong to multiple roles, you can execute only the commands that are permitted by both roles (logical AND).
  • B. Access to a command takes priority over being denied access to a command.
  • C. The predefined roles can only be changed by the network administrator (superuser).
  • D. The default SAN administrator role restricts configuration to Fibre Channel interfaces.
  • E. On a Cisco Nexus 7000 Series Switch, roles are shared between VDCs.

Answer : B

If you belong to multiple roles, you can execute a combination of all the commands permitted by these roles. Access to a command takes priority over being denied access to a command. For example, suppose a user has RoleA, which denied access to the configuration commands. However, the users also have RoleB, which has access to the configuration commands. In this case, the users have access to the configuration commands.
Reference: e/cli/CLIConfigurationGuide/sec_rbac.html

The Connectivity Management Processor monitors the active supervisor module on a
Cisco Nexus 7000 switch and will reboot the device in the event of a lights-out management issue. However, which option includes features that provide similar benefits in the absence of the Connectivity Management Processor?

  • A. high-availability functionality from features such as vPC and NSF
  • B. traditional system connectivity models like SNMP, GUI, or SSH
  • C. Cisco FabricPath
  • D. VDC failover

Answer : A

vPC uses the vPC peer-keepalive link to run hello messages that are used to detect a dual- active scenario. A Gigabit Ethernet port can be used to carry the peer-keepalive messages.
A dedicated VRF is recommended to isolate these control messages from common data packets. When an out-of-band network infrastructure is present, the management interfaces of the Cisco Nexus 7000 supervisor could be also used to carry keep-alive connectivity using the dedicated management VRF. When the vPC peer-link is no longer detected, a dual-active situation occurs, and the system disables all vPC port channel member on the "secondary" vPC peer (lower vPC role priority value). Also SVI interfaces associated to a vPC VLAN are suspended on the secondary switch. As a result, in this condition only the primary vPC peer actively forwards traffic on the vPC VLANs. Multiple peer-keepalive links can be used to increase resiliency of the dual-active detection mechanism.
Both the Cisco Catalyst 6500 and the Cisco Nexus 7000 offer a variety of high-availability features. Some of the primary features to highlight are In Service Software Upgrade
(ISSU), Stateful Switchover (SSO), and Nonstop Forwarding (NSF). The operation and the behavior of these features are unique to the respective platform and can be independently executed without affecting the interoperability between the two platforms.
Reference: switches/white_paper_c11_589890.html

In the dynamic vNIC creation wizard, why are choices for Protection important?

  • A. They allow reserve vNICs to be allocated out of the spares pool.
  • B. They enable hardware-based failover.
  • C. They select the primary fabric association for dynamic vNICs.
  • D. They allow dynamic vNICs to be reserved for fabric failover.

Answer : C

Number of Dynamic vNICs This is the number of vNICs that will be available for dynamic assignment to VMs. Remember that the VIC has a limit to the number of vNICs that it can support and this is based on the number of uplinks between the IOM and the FI.
At least this is the case with the 2104 IOM and the M81KR VIC, which supports ((# IOM
Links * 15) 2)). Also remember that your ESXi server will already have a number of vNICs used for other traffic such as Mgmt, vMotion, storage, etc, and that these count against the limit.
Adapter Policy This determines the vNIC adapter config (HW queue config, TCP offload, etc) and you must select VMWarePassThru to support VM-FEX in High Performance mode.
Protection This determines the initial placement of the vNICs, either all of them are placed on fabric A or Fabric B or they are alternated between the two fabrics if you just select the Protected option. Failover is always enabled on these vNICs and there is no way to disable the protection.
Reference: vsphere-%E2%80%93-part-2-ucsm-config-and-vmware-integration/

Which statement is true if password-strength checking is enabled?

  • A. Short, easy-to-decipher passwords will be rejected.
  • B. The strength of existing passwords will be checked.
  • C. Special characters, such as the dollar sign ($) or the percent sign (%), will not be allowed.
  • D. Passwords become case-sensitive.

Answer : A

If a password is trivial (such as a short, easy-to-decipher password), the cisco NX_OS software will reject your password configuration if password-strength checking is enabled.
Be sure to configure a strong password. Passwords are case sensitive.
Reference: x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-

Which of the following Cisco Nexus features is best managed with DCNM-LAN?

  • A. VSS
  • B. Domain parameters
  • C. Virtual switches
  • D. AAA

Answer : C

DCNM-LAN supports the following platforms:

Cisco Nexus 1000V switches -

Cisco Nexus 2000 Fabric Extenders

Cisco Nexus 3000 Series switches

Cisco Nexus 4000 Series switches

Cisco Nexus 5000 Series switches

Catalyst 6500 -

DCNM-LAN provides limited support for the Catalyst 6500 Series switches that runs classic
IOS version 12.2(33)SXI or higher.

DCNM-LAN supports the viewing of the current configuration attributes of the device.

DCNM-LAN does not support changing the configuration of the device.

DCNM-LAN supports the Firewall Service Module (FWSM) version 4.0 or higher for the
Catalyst 6500 Series switches.

Cisco Nexus 7000 Series switches
Reference: uides/fund/DCNM-SAN-LAN_5_2/DCNM_Fundamentals/fund_overview.html

Page:    1 / 11   
Total 165 questions