Celeste 5

Which service is missing when RADIUS is selected to provide management access to the WLC? A. authorization. authorization. authentication. accounting. confidentiality.

Which action implements physical access control as part of the security program of an organization?. setting up IP cameras to monitor key infrastructure. configuring a password for the console port. backing up syslogs at a remote location. configuring enable passwords on network devices.

Which field within the access-request packet is encrypted by RADIUS?. authorized services. password. authenticator. username.

A Cisco engineer is configuring a factory-default router with these three passwords: ✑ The user EXEC password for console access is p4ssw0rd1. ✑ The user EXEC password for Telnet access is s3cr3t2. ✑ The password for privileged EXEC mode is priv4t3p4ss. Which command sequence must the engineer configure?. enable secret priv4t3p4ss ! line con 0 password p4ssw0rd1 ! line vty 0 15 password s3cr3t2. enable secret priv4t3p4ss ! line con 0 password p4ssw0rd1 login ! line vty 0 15 password s3cr3t2 login. enable secret priv4t3p4ss ! line con 0 password login p4ssw0rd1 ! line vty 0 15 password login s3cr3t2 login. enable secret privilege 15 priv4t3p4ss ! line con 0 password p4ssw0rd1 login ! line vty 0 15 password s3cr3t2 login.

What is a function of Opportunistic Wireless Encryption in an environment?. provide authentication. protect traffic on open networks. offer compression. increase security by using a WEP connection.

Which encryption method is used by WPA3?. TKIP. AES. SAE. PSK.

Which type of traffic is sent with pure IPsec?. multicast traffic from a server at one site to hosts at another location. broadcast packets from a switch that is attempting to locate a MAC address at one of several remote sites. unicast messages from a host at a remote site to a server at headquarters. spanning-tree updates between switches that are at two different sites.

How does authentication differ from authorization?. Authentication is used to record what resource a user accesses, and authorization is used to determine what resources a user can access. Authentication verifies the identity of a person accessing a network, and authorization determines what resource a user can access. Authentication is used to determine what resources a user is allowed to access, and authorization is used to track what equipment is allowed access to the network. Authentication is used to verify a person's identity, and authorization is used to create syslog messages for logins.

An engineer has configured the domain name, user name, and password on the local router. What is the next step to complete the configuration for a Secure Shell access RSA key?. crypto key import rsa pem. crypto key generate rsa. crypto key zeroize rsa. crypto key pubkey-chain rsa.

Which type if network attack overwhelms the target server by sending multiple packets to a port until the half-open TCP resources of the target are exhausted?. SYN flood. reflection. teardrop. amplification.

Which two components comprise part of a PKI? (Choose two.). preshared key that authenticates connections. one or more CRLs. RSA token. CA that grants certificates. clear-text password that authenticates connections.

After a recent security breach and a RADIUS failure, an engineer must secure the console port of each enterprise router with a local username and password. Which configuration must the engineer apply to accomplish this task?. aaa new-model line con 0 password plaintextpassword privilege level 15. aaa new-model aaa authorization exec default local aaa authentication login default radius username localuser privilege 15 secret plaintextpassword. username localuser secret plaintextpassword line con 0 no login local privilege level 15. username localuser secret plaintextpassword line con 0 login authentication default privilege level 15.

Which wireless security protocol relies on Perfect Forward Secrecy?. WEP. WPA2. WPA. WPA3.

What is a zero-day exploit?. It is when the network is saturated with malicious traffic that overloads resources and bandwidth. It is when an attacker inserts malicious code into a SQL server. It is when a new network vulnerability is discovered before a fix is available. It is when the perpetrator inserts itself in a conversation between two parties and captures or alters data.

A network engineer is replacing the switches that belong to a managed-services client with new Cisco Catalyst switches. The new switches will be configured for updated security standards including replacing. Telnet services with encrypted connections and doubling the modulus size from 1024. Which two commands must the engineer configure on the new switches? (Choose two.). transport input ssh. transport input all. crypto key generate rsa modulus 2048. crypto key generate rsa general-keys modulus 1024. crypto key generate rsa usage-keys.

What are two examples of multifactor authentication? (Choose two.). single sign-on. soft tokens. passwords that expire. shared password repository. unique user knowledge.

Which characteristic differentiates the concept of authentication from authorization and accounting?. consumption-based billing. identity verification. user-activity logging. service limitations.

What is a function of Cisco Advanced Malware Protection for a Next-Generation IPS?. inspecting specific files and file types for malware. authorizing potentially compromised wireless traffic. authenticating end users. URL filtering.

What is a feature of WPA?. TKIP/MIC encryption. small Wi-Fi application. preshared key. 802.1x authentication.

Which two practices are recommended for an acceptable security posture in a network? (Choose two.). Use a cryptographic keychain to authenticate to network devices. Place internal email and file servers in a designated DMZ. Back up device configurations to encrypted USB drives for secure retrieval. Disable unused or unnecessary ports, interfaces, and services. Maintain network equipment in a secure location.

How does WPA3 improve security?. It uses SAE for authentication. It uses RC4 for encryption. It uses TKIP for encryption. It uses a 4-way handshake for authentication.

What is a function of a Next-Generation IPS?. correlates user activity with network events. serves as a controller within a controller-based network. integrates with a RADIUS server to enforce Layer 2 device authentication rules. makes forwarding decisions based on learned MAC addresses.

Which IPsec transport mode encrypts the IP header and the payload?. pipe. transport. control. tunnel.

What is the default port-security behavior on a trunk link?. It places the port in the err-disabled state if it learns more than one MAC address. It causes a network loop when a violation occurs. It disables the native VLAN configuration as soon as port security is enabled. It places the port in the err-disabled state after 10 MAC addresses are statically configured.

Which device separates networks by security domains?. intrusion protection system. firewall. wireless controller. ccess point.

How are VLAN hopping attacks mitigated?. manually implement trunk ports and disable DTP. configure extended VLANs. activate all ports and place in the default VLAN. enable dynamic ARP inspection.

Which enhancements were implemented as part of WPA3?. Forward secrecy and SAE in personal mode for secure initial key exchange. 802.1x authentication and AES-128 encryption. AES-64 in personal mode and AES-128 in enterprise mode. TKIP encryption improving WEP and per-packet keying.

When a site-to-site VPN is configured which IPsec mode provides encapsulation and encryption of the entire original IP packet?. IPsec transport mode with AH. IPsec tunnel mode with AH. IPsec transport mode with ESP. IPsec tunnel mode with ESP.

An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination router?. line vty 0 15 access-class 120 in ! ip access-list extended 120 permit tcp 10.139.58.0 0.0.0.15 any eq 22. interface FastEthernet0/0 ip address 10.122.49.1 255.255.255.252 ip access-group 10 in ! ip access-list standard 10 permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22. interface FastEthernet0/0 ip address 10.122.49.1 255.255.255.252 ip access-group 110 in ! ip access-list standard 110 permit tcp 10.139.58.0 0.0.0.15 eq 22 host 10.122.49.1. line vty 0 15 access-group 120 in ! ip access-list extended 120 permit tcp 10.139.58.0 0.0.0.15 any eq 22.

In an SDN architecture, which function of a network node is centralized on a controller?. Creates the IP routing table. Discards a message due filtering. Makes a routing decision. Provides protocol access for remote access devices.

Which management security process is invoked when a user logs in to a network device using their username and password?. authentication. auditing. accounting. authorization.

Which enhancement is implemented in WPA3?. employs PKI to identify access points. applies 802.1x authentication. uses TKIP. protects against brute force attacks.

Which port security violation mode allows from valid MAC addresses to pass but blocks traffic from invalid MAC addresses?. restrict. shutdown. protect. shutdown VLAN.

A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal is also used by employees. A solution is implemented, but contractors receive a certificate error when they attempt to access the portal. Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal?. Install a trusted third-party certificate on the Cisco ISE. Install an internal CA signed certificate on the Cisco ISE. Install a trusted third-party certificate on the contractor devices. Install an internal CA signed certificate on the contractor devices.

Which two wireless security standards use counter mode cipher block chaining Message Authentication Code Protocol for encryption and data integrity? (Choose two.). Wi-Fi 6. WPA3. WEP. WPA2. WPA.

A network engineer is implementing a corporate SSID for WPA3-Personal security with a PSK. Which encryption cipher must be configured?. CCMP128. GCMP256. CCMP256. GCMP128.

What is a practice that protects a network from VLAN hopping attacks?. Implement port security on internet-facing VLANs. Enable dynamic ARP inspection. Assign all access ports to VLANs other than the native VLAN. Configure an ACL to prevent traffic from changing VLANs.

An administrator must use the password complexity not manufacturer-name command to prevent users from adding `Cisco` as a password. Which command must be issued before this command?. login authentication my-auth-list. service password-encryption. password complexity enable. confreg 0x2142.

An organization has decided to start using cloud-provided services. Which cloud service allows the organization to install its own operating system on a virtual machine?. platform-as-a-service. network-as-a-service. software-as-a-service. infrastructure-as-a-service.

How do traditional campus device management and Cisco DNA Center device management differ in regards to deployment?. Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management. Cisco DNA Center device management can deploy a network more quickly than traditional campus device management. Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management options. Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management.

Which purpose does a northbound API serve in a controller-based networking architecture?. facilitates communication between the controller and the applications. reports device errors to a controller. generates statistics for network hardware and traffic. communicates between the controller and the physical network hardware.

What benefit does controller based networking provide versus traditional networking? Choose one. allow configuration and monitoring of the network from one centralized point. provides an added layer of security to protect from DDoS attacks. combines control and data plane funcionality on a single device to minimize latency. moves from a two-tier to a three-tier network architecture to provide maximum redundancy.

What is an advantage of Cisco DNA Center versus traditional campus device management?. It is designed primarily to provide network assurance. It supports numerous extensibility options, including cross-domain adapters and third-party SDKs. It supports high availability for management functions when operating in cluster mode. It enables easy autodiscovery of network elements in a brownfield deployment.

What are two fundamentals of virtualization? (Choose two.). It allows logical network devices to move traffic between virtual machines and the rest of the physical network. It allows multiple operating systems and applications to run independently on one physical server. It allows a physical router to directly connect NICs from each virtual machine into the network. It requires that some servers, virtual machines, and network gear reside on the Internet. The environment must be configured with one hypervisor that serves solely as a network manager to monitor SNMP traffic.

How does Cisco DNA Center gather data from the network?. Devices use the call-home protocol to periodically send data to the controller. Devices establish an IPsec tunnel to exchange data with the controller. The Cisco CLI Analyzer tool gathers data from each licensed network device and streams it to the controller. Network devices use different services like SNMP, syslog, and streaming telemetry to send data to the controller.

Which statement compares traditional networks and controller-based networks?. Only controller-based networks decouple the control plane and the data plane. Traditional and controller-based networks abstract policies from device configurations. Only traditional networks natively support centralized management. Only traditional networks offer a centralized control plane.

What are two benefits of network automation? (Choose two.). reduced hardware footprint. reduced operational costs. faster changes with more reliable results. fewer network failures. increased network security.

Which two encoding methods are supported by REST APIs? (Choose two.). SGML. YAML. XML. JSON. EBCDIC.

What are two characteristics of a controller-based network? (Choose two.). It uses Telnet to report system issues. The administrator can make configuration updates from the CLI. It uses northbound and southbound APIs to communicate between architectural layers. It decentralizes the control plane, which allows each device to make its own forwarding decisions. It moves the control plane to a central point.

Which two capabilities of Cisco DNA Center make it more extensible as compared to traditional campus device management? (Choose two.). REST APIs that allow for external applications to interact natively. adapters that support all families of Cisco IOS software. SDKs that support interaction with third-party network equipment. modular design that is upgradable as needed. customized versions for small, medium, and large enterprises.

What software-defined architecture plane assists network devices with making packet-forwarding decisions by providing Layer 2 reachability and Layer 3 routing information?. management plane. control plane. data plane. policy plane.

What are two benefits of controller-based networking compared to traditional networking? (Choose two.). controller-based increases network bandwidth usage, while traditional lightens the load on the network. controller-based reduces network configuration complexity, while traditional increases the potential for errors. controller-based allows for fewer network failures, while traditional increases failure rates. controller-based provides centralization of key IT functions, while traditional requires distributed management functions. controller-based inflates software costs, while traditional decreases individual licensing costs.

Which type of API allows SDN controllers to dynamically make changes to the network?. northbound API. REST API. SOAP API. southbound API.

Which option about JSON is true -. uses predefined tags or angle brackets () to delimit markup text. used to describe structured data that includes arrays. used for storing information. similar to HTML, it is more verbose than XML.

Which option best describes an API?. a contract that describes how various components communicate and exchange data with each other. an architectural style (versus a protocol) for designing applications. a stateless client-server model. request a certain type of data by specifying the URL path that models the data.

Which of the following is the JSON encoding of a dictionary or hash?. {ג€keyג€: ג€valueג€}. [ג€keyג€, ג€valueג€]. {ג€keyג€, ג€valueג€}. (ג€keyג€: ג€valueג€).

Which role does a hypervisor provide for each virtual machine in server virtualization?. infrastructure-as-a-service. Software-as-a-service. control and distribution of physical resources. services as a hardware controller.

What is the function of a server?. It transmits packets between hosts in the same broadcast domain. It provides shared applications to end users. It routes traffic between Layer 3 devices. Creates security zones between trusted and untrusted networks.

Which CRUD operation modifies an existing table or view?. read. update. replace. create.

In software-defined architectures, which plane is distributed and responsible for traffic forwarding?. management plane. policy plane. data plane. control plane.

Which configuration management mechanism uses TCP port 22 by default when communicating with managed nodes?. Ansible. Python. Puppet. Chef.

What does an SDN controller use as a communication protocol to relay forwarding changes to a southbound API?. Java. REST. OpenFlow. XML.

What uses HTTP messages to transfer data to applications residing on different hosts?. OpenStack. OpFlex. REST. OpenFlow.

Which JSON data type is an unordered set of attribute-value pairs?. string. array. Boolean. object.

Which protocol is used in Software Defined Access (SDA) to provide a tunnel between two edge nodes in different fabrics?. Generic Router Encapsulation (GRE). Virtual Local Area Network (VLAN). Virtual Extensible LAN (VXLAN). Point-to-Point Protocol (PPP).

Which plane is centralized by an SDN controller?. management-plane. data-plane. services-plane. control-plane.

Where is the interface between the control plane and data plane within the software-defined architecture?. application layer and the management layer. application layer and the infrastructure layer. control layer and the application layer. control layer and the infrastructure layer.

Why would a network administrator choose to implement automation in a network environment?. To simplify the process of maintaining a consistent configuration state across all devices. To centralize device information storage. To implement centralized user account management. To deploy the management plane separately from the rest of the network.

Which two events occur automatically when a device is added to Cisco DNA Center? (Choose two.). The device is placed into the Managed state. The device is placed into the Unmanaged state. The device is assigned to the Local site. The device is assigned to the Global site. The device is placed into the Provisioned state.

Which two components are needed to create an Ansible script that configures a VLAN on a switch? (Choose two.). playbook. recipe. model. cookbook. task.

In software-defined architecture, which plane handles switching for traffic through a Cisco router?. control. data. management. application.

What are two southbound APIs? (Choose two.). Thrift. DSC. CORBA. NETCONF. OpenFlow.

What makes Cisco DNA Center different from traditional network management applications and their management of networks?. Its modular design allows the implementation of different versions to meet the specific needs of an organization. It only supports auto-discovery of network elements in a greenfield deployment. It omits support high availability of management functions when operating in cluster mode. It abstracts policy from the actual device configuration.

Which CRUD operation corresponds to the HTTP GET method?. create. read. delete. update.

What differentiates device management enabled by Cisco DNA Center from traditional campus device management?. CLI-oriented device. centralized. device-by-device hands-on. per-device.

Which two REST API status-code classes represent errors? (Choose two.). 1XX. 2XX. 3XX. 4XX. 5XX.

How do servers connect to the network in a virtual environment?. a cable connected to a physical switch on the network. wireless to an access point that is physically connected to the network. a virtual switch that links to an access point that is physically connected to the network. a software switch on a hypervisor that is physically connected to the network.

What is the function of the controller in a software-defined network?. forwarding packets. multicast replication at the hardware level. setting packet-handling policies. fragmenting and reassembling packets.

What is a function of a southbound API?. Use orchestration to provision a virtual server configuration from a web server. Automate configuration changes between a server and a switching fabric. Manage flow control between an SDN controller and a switching fabric. Facilitate the information exchange between an SDN controller and application.

Which script paradigm does Puppet use?. recipes and cookbooks. playbooks and roles. strings and marionettes. manifests and modules.

Which set of methods is supported with the REST API?. GET, PUT, ERASE, CHANGE. GET, POST, MOD, ERASE. GET, PUT, POST, DELETE. GET, POST, ERASE, CHANGE.

Which technology is appropriate for communication between an SDN controller end applications running over the network?. Southbound API. REST API. NETCONF. OpenFlow.

What is the function of `off-the-shelf` switches in a controller-based network?. setting packet-handling policies. forwarding packets. providing a central view of the deployed network. making routing decisions.

Which REST method updates an object in the Cisco DNA Center Intent API?. CHANGE. UPDATE. POST. PUT.

Which definition describes JWT in regard to REST API security?. an encrypted JSON token that is used for authentication. an encrypted JSON token that is used for authorization. an encoded JSON token that is used to securely exchange information. an encoded JSON token that is used for authentication.

Which communication interaction takes place when a southbound API is used?. between the SDN controller and PCs on the network. between the SDN controller and switches and routers on the network. between the SDN controller and services and applications on the network. between network applications and switches and routers on the network.

What are two characteristics of a public cloud implementation? (Choose two.). It is owned and maintained by one party, but it is shared among multiple organizations. It enables an organization to fully customize how it deploys network resources. It provides services that are accessed over the Internet. It is a data center on the public Internet that maintains cloud services for only one company. It supports network resources from a centralized third-party provider and privately-owned virtual resources.

Which two primary drivers support the need for network automation? (Choose two.). Increasing reliance on self-diagnostic and self-healing. Eliminating training needs. Policy-driven provisioning of resources. Reducing hardware footprint. Providing a single entry point for resource provisioning.

What is an expected outcome when network management automation is deployed?. A distributed management plane must be used. Complexity increases when new device configurations are added. Custom applications are needed to configure network devices. Software upgrades are performed from a central controller.

Which HTTP status code is returned after a successful REST API request?. 200. 301. 404. 500.

With REST API, which standard HTTP header tells a server which media type is expected by the client?. Accept-Encoding: gzip. deflate. Accept-Patch: text/example; charset=utf-8. Content-Type: application/json; charset=utf-8. Accept: application/json.

What is the purpose of the Cisco DNA Center Controller ?. to securely manage and deploy network devices. to scan a network and generate a layer 2 network diagram. to secure physical access to a data center. to provide Layer 3 services to autonomous access points.

What is the function of the controller in a software-defined network?. forwarding packets. multicast replication at the hardware level. setting packet-handling policies. fragmenting and reassembling packets.

Which statement identifies the functionality of virtual machines?. Virtualized servers run most efficiently when they are physically connected to a switch that is separate from the hypervisor. The hypervisor can virtualize physical components including CPU, memory, and storage. Each hypervisor can support a single virtual machine and a single software switch. The hypervisor communicates on Layer 3 without the need for additional resources.

Refer to the exhibit. A network engineer must configure NETCONF. After creating the configuration, the engineer gets output from the command show line but not from show running-config. Which command completes the configuration?. Device(config)# netconf lock-time 500. Device(config)# netconf max-message 1000. Device(config)# no netconf ssh acl 1. Device(config)# netconf max-sessions 100.

Refer to the exhibit. How many objects are present in the given JSON-encoded data?. One. Four. Seven. Nine.

DRAG DROP Drag and drop the statements about networking from the left onto the corresponding networking types on the right. Select and Place: Maintenance cost are higher than with other networking options. The type provides a centralized view of the network. This type implement changes individually at each device. This type leverages controllers to handle network management.

Refer to the exhibit. What is represented by `R1` and `SW1` within the JSON output?. object. value. key. array.

Refer to the exhibit. How many objects keys, and JSON list values are present?. Three objects, two keys, and three JSON list values. Three objects, three keys, and two JSON list values. One object, three keys, and three JSON list values. One object, three keys, and two JSON list values.

DRAG DROP - Drag and drop the Ansible terms from the left onto the right. Select and Place: control node. inventory. managed node. module. playbook. task.