Drag and drop each protocol on the left to its matching characteristic on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Uses UDP transport
Encrypts entire packet payload
2015 questions total · 27pages · All types, answers revealed
Drag and drop each protocol on the left to its matching characteristic on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Uses UDP transport
Encrypts entire packet payload
Which BGP attribute is preferred when it has the lowest value?
MED is the attribute where a lower value is preferred.
Why this answer
BGP uses multiple attributes to determine the best path. The WEIGHT attribute is Cisco-specific and is preferred when it has the highest value, not lowest. The LOCAL_PREF attribute is preferred with the highest value.
The MED (Multi-Exit Discriminator) attribute is preferred with the lowest value. The ORIGIN attribute prefers IGP over EGP and incomplete.
A network engineer is troubleshooting a problem where Cisco DNA Center is not receiving syslog messages from a critical core switch. The switch is configured to send syslog to the DNA Center's IP address. The engineer checks the DNA Center syslog collector and finds that it is enabled. What should the engineer check next?
Correct because syslog uses UDP 514, and if the port is blocked, messages will not reach DNA Center.
Why this answer
Cisco DNA Center's syslog collector listens on specific ports (default UDP 514). If the switch is configured to send syslog but DNA Center is not receiving it, a common issue is that the syslog port is blocked by a firewall or ACL between the switch and DNA Center. The engineer should verify network connectivity and port accessibility.
Over-the-DS uses the wired network for key distribution.
Why this answer
The 'ft over-the-ds' command enables Fast Transition (802.11r) using the over-the-DS (Distribution System) method, which is used for seamless roaming.
A network engineer is configuring NetFlow on a Cisco Nexus 7000 switch to monitor traffic between two data centers. The engineer wants to ensure that flow records are exported even if the export destination is temporarily unreachable. Which feature should the engineer enable?
Correct because increasing the buffer allows storing more records during outages, and retry intervals ensure re-transmission attempts.
Why this answer
NetFlow export uses UDP, which is unreliable. Option A is correct because NetFlow export buffer and retry mechanisms (like 'ip flow-export buffer-size' and 'ip flow-export retry') can store and retransmit records. Option B is incorrect because TCP is not supported for NetFlow export.
Option C is incorrect because SNMP traps are not for flow data. Option D is incorrect because IP SLA does not buffer NetFlow records.
Drag and drop each protocol number on the left to its matching protocol on the right.
Drag a concept onto its matching description — or click a concept then click the description.
ICMP
TCP
UDP
OSPF
IGMP
Drag and drop each OMP attribute on the left to its matching behavior on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Identifies the site from which the route was originated
Indicates the vSmart that injected the route into OMP
Numeric value used to influence route selection (higher is preferred)
32-bit value used for route filtering and policy matching
Transport location (system-ip, color, encapsulation) for reachability
Why these pairings
OMP attributes control route preference, TLOC mapping, and path selection. Site ID identifies the origin site; Originator identifies the vSmart that originated the route; Preference influences route selection; Tag is used for policy matching; TLOC carries the transport location endpoint.
Drag and drop the steps of NBAR2 application recognition and classification steps into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
NBAR2 configuration begins by enabling the protocol discovery, then creating a class map to match the application, a policy map to mark traffic, applying it to the interface, and verifying the classification. NBAR2 uses deep packet inspection to identify applications.
A network engineer is configuring a new Cisco Catalyst switch to connect to an existing network. The uplink to the distribution switch is configured as a trunk. The engineer wants to ensure that the trunk uses 802.1Q encapsulation and that the native VLAN is set to VLAN 100. The distribution switch is a Cisco Catalyst 3850. Which configuration should the engineer apply on the uplink interface?
Correct because it sets the trunk and changes the native VLAN to 100.
Why this answer
Option A is correct because on modern Cisco Catalyst switches that run LAN Base or IP Base software, the default trunk encapsulation is 802.1Q, so the 'switchport trunk encapsulation dot1q' command is not required. The 'switchport mode trunk' forces the interface into trunking mode, and 'switchport trunk native vlan 100' sets the native VLAN to 100, which matches the requirement.
Exam trap
Cisco often tests the fact that on modern switches (like the 3850), the 'switchport trunk encapsulation dot1q' command is not available because 802.1Q is the only supported encapsulation, leading candidates to incorrectly include it.
How to eliminate wrong answers
Option B is wrong because on a Catalyst 3850 (which runs IOS XE), the 'switchport trunk encapsulation dot1q' command is not supported; the switch only supports 802.1Q encapsulation and does not accept this command, making it invalid. Option C is wrong because 'switchport mode dynamic desirable' uses DTP to negotiate trunking, which does not guarantee the interface will become a trunk and does not set the native VLAN to 100. Option D is wrong because 'switchport trunk allowed vlan 100' restricts the trunk to only VLAN 100, rather than setting the native VLAN to 100, which is a different function.
Drag and drop the steps of IPFIX template negotiation and export into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
The exporter first sends a template set to the collector, the collector acknowledges, then the exporter sends data records using that template, and templates may be withdrawn or resent periodically.
Drag and drop the steps of Hierarchical QoS (H-QoS) parent/child policy steps into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
H-QoS uses a child policy for per-class actions and a parent policy to shape aggregate traffic. The order ensures child policy is defined first, then parent references it, and finally applied to the interface.
Which two statements about classification and marking in QoS are true? (Choose two.)
Correct because classification matches existing markings like IP precedence, DSCP, or CoS.
An engineer is using Ansible to automate the configuration of NTP on a group of Cisco IOS-XE switches. The playbook uses the ios_ntp module. The engineer wants to ensure that the NTP configuration is applied only to switches that are in the 'core' group, not the 'access' group. The inventory file defines these groups. Which Ansible feature should the engineer use to restrict the playbook to the 'core' group?
By setting 'hosts: core', the play will only run on switches that are members of the 'core' group.
Why this answer
Ansible playbooks can target specific groups by specifying the group name in the 'hosts' field of the play. This is the simplest and most direct way to restrict execution to a particular inventory group.
A data center architect is designing a virtualized environment for a latency-sensitive application. The application requires dedicated CPU cores and memory to avoid performance degradation. Which hypervisor feature should be configured to meet this requirement?
This guarantees dedicated resources and avoids contention with other VMs.
Why this answer
Option A is correct because CPU pinning binds a VM's virtual CPUs to specific physical cores, ensuring dedicated processing resources and preventing CPU contention from other VMs. Memory reservation guarantees that the specified amount of physical memory is always available to the VM, eliminating the risk of memory swapping or ballooning that would introduce latency. Together, these features provide the deterministic performance required for latency-sensitive applications in a virtualized environment.
Exam trap
Cisco often tests the distinction between resource allocation features that guarantee performance (CPU pinning and memory reservation) versus features that optimize utilization or storage I/O, leading candidates to mistakenly select shared storage or memory overcommitment when the question explicitly demands dedicated resources.
How to eliminate wrong answers
Option B is wrong because shared storage solutions (e.g., NFS, iSCSI, Fibre Channel) address I/O latency for storage access, not CPU or memory contention; the question specifically requires dedicated CPU cores and memory, not storage performance. Option C is wrong because configuring a VM with a large vNUMA node spreads memory access across multiple NUMA nodes, which can increase remote memory access latency and degrade performance for latency-sensitive applications; the goal is to keep memory access local, not spread it. Option D is wrong because memory overcommitment allows the hypervisor to allocate more virtual memory to VMs than physical memory exists, relying on swapping or ballooning to reclaim memory, which introduces unpredictable latency and violates the requirement for dedicated memory.
Given the configuration: flow monitor FM-1 exporter EXPORTER-1 record netflow ipv4 original-input cache timeout active 60 cache timeout inactive 15 ! What is the effect of the 'cache timeout active 60' command?
When the active timeout expires, the flow is exported and a new cache entry is created for the continuation.
Why this answer
The 'cache timeout active' command sets the maximum lifetime (in seconds) for an active flow in the cache. After 60 seconds, the flow is exported even if it is still ongoing. This prevents long-lived flows from being delayed indefinitely.
An organization uses Cisco DNA Center to automate network provisioning. A network engineer deploys a new access switch but finds that the switch does not receive the intended configuration template. The switch appears in DNA Center inventory with status 'Managed'. What is the most likely cause?
Site assignment is required for template application.
Why this answer
In Cisco DNA Center, configuration templates are applied based on site assignment. A switch that appears as 'Managed' in inventory has been discovered and is under DNA Center's control, but if it is not assigned to a specific site, DNA Center cannot determine which template to push. Site assignment is a prerequisite for template-based provisioning; without it, the intended configuration will not be deployed.
Exam trap
Cisco often tests the distinction between 'Managed' and 'Provisioned' states, trapping candidates who assume that a device being managed automatically means it has received its configuration.
How to eliminate wrong answers
Option A is wrong because the switch appears in inventory with status 'Managed', which means it has already been discovered by DNA Center. Option B is wrong because Plug and Play (PnP) is a separate provisioning method; DNA Center can apply templates to switches that are not in PnP mode as long as they are managed and site-assigned. Option C is wrong because a valid DNA license is required for advanced features but not for basic template application; the switch being 'Managed' indicates it has the necessary licensing to be under DNA Center control.
Drag and drop the steps for the DHCP DORA process in the correct order.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
DHCP uses Discover, Offer, Request, Acknowledge (DORA) for dynamic address assignment.
Drag and drop the steps of TACACS+ command authorization flow into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
TACACS+ separates authentication, authorization, and accounting. For command authorization, the user authenticates first, then the device sends the command to the TACACS+ server, which checks its authorization policy and responds with permit or deny. The device then executes or blocks the command accordingly.
Consider this AAA configuration: aaa new-model aaa authentication login default local aaa authorization exec default local aaa accounting exec default start-stop group tacacs+ tacacs-server host 10.0.0.1 key SecretKey line con 0 login authentication default line vty 0 4 login authentication default What is the effect of this configuration?
Correct. Authentication is local, authorization is local, accounting is sent to TACACS+.
Why this answer
The configuration uses local authentication for all lines, local authorization for exec commands, and sends exec accounting start-stop records to TACACS+. The TACACS+ server is defined but only used for accounting.
Drag and drop each RESTCONF method on the left to its matching NETCONF equivalent on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Retrieve data (equivalent to get or get-config)
Create a new data resource (equivalent to edit-config with create)
Replace an existing resource (equivalent to edit-config with replace)
Partially update a resource (equivalent to edit-config with merge)
Remove a resource (equivalent to edit-config with delete)
Why these pairings
RESTCONF GET retrieves data (like NETCONF get/get-config), POST creates a resource (like edit-config with operation create), PUT replaces a resource (like edit-config with operation replace), PATCH partially updates (like edit-config with operation merge), and DELETE removes a resource (like edit-config with operation delete).
An engineer is using a Python script to retrieve interface statistics from a Cisco IOS-XE device via the REST API. The script sends a GET request to 'https://device/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet1/statistics' and receives a 404 Not Found response. The interface exists and is operational. What is the most likely issue?
Correct because operational state data like statistics is in the 'interfaces-state' container, while 'interfaces' contains configuration data.
Why this answer
The 404 error indicates the resource was not found. In RESTCONF, the URI must use the correct encoding for interface names, especially if they contain special characters like a slash. The interface name 'GigabitEthernet1' should be URL-encoded as 'GigabitEthernet1' (no encoding needed here), but the issue is that the URI path must match the YANG module structure exactly.
The statistics data is often under a separate container like 'interfaces-state' in the ietf-interfaces model, not directly under 'interface'. The correct URI for operational statistics is typically 'ietf-interfaces:interfaces-state/interface=GigabitEthernet1/statistics'.
A network engineer is configuring CoPP on a Cisco router to protect the control plane from excessive traffic. The router experiences high CPU utilization due to SSH and SNMP traffic. The engineer creates a class-map to match SSH (TCP/22) and SNMP (UDP/161) and applies a policy-map that polices this traffic to 1 Mbps. After applying the policy, legitimate SSH sessions from the management station start dropping intermittently. What is the most likely cause?
Correct because the police rate is insufficient, causing drops of legitimate control plane traffic.
Why this answer
CoPP polices traffic destined to the control plane. If the police rate is too low, even legitimate traffic can be dropped. The engineer set a 1 Mbps limit for both SSH and SNMP combined.
If the management station generates bursts above this rate, packets are dropped. Option A is correct because the aggregate police rate may be insufficient. Option B is incorrect because CoPP does not affect transit traffic.
Option C is incorrect because the policy is applied to the control plane, not an interface. Option D is incorrect because the class-map matches both protocols, but the issue is the police rate.
Which statement about RSPAN is true?
The RSPAN VLAN is used to carry mirrored traffic across the network.
Why this answer
RSPAN uses a dedicated VLAN to transport mirrored traffic across multiple switches, allowing remote monitoring.
Drag and drop each CoS value on the left to its matching traffic type on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Voice payload
Video conferencing
Call signaling
Critical data
Best-effort data
Why these pairings
CoS values are used in 802.1Q frames: CoS 5 for voice, CoS 4 for video, CoS 3 for call signaling, CoS 2 for critical data, CoS 0 for best-effort data.
A network engineer runs the following command on switch SW6: SW6# show cts role-based counters Role-based counters: Source Group Dest Group Packets Sent Bytes Sent Packets Denied Bytes Denied 10 20 1500 120000 0 0 10 30 0 0 500 40000 Based on this output, what can be concluded?
The counters confirm permit for 10->20 and deny for 10->30.
Why this answer
The output shows packet and byte counters for role-based policies. For source 10 to dest 20, 1500 packets were sent and none denied, indicating a permit policy. For source 10 to dest 30, 0 packets sent and 500 denied, indicating a deny policy.
This matches the permissions seen in a previous question.
An engineer configures VXLAN EVPN on a Nexus 9000 switch. The configuration is shown. The switch does not advertise any EVPN routes for VNI 10100. Which configuration change is required to fix this issue?
The VNI must be activated under evpn for route advertisement.
Why this answer
Option A is correct because for VXLAN EVPN on a Nexus 9000, the BGP address-family l2vpn evpn must explicitly contain the 'evpn' keyword and the 'vni 10100 l2' command to advertise Layer 2 VNI routes. Without this configuration, BGP does not know to inject the VNI's MAC/VTEP information into the EVPN route table, so no EVPN routes are advertised for VNI 10100.
Exam trap
Cisco often tests the distinction between the NVE interface configuration (which enables VXLAN encapsulation) and the BGP EVPN address-family configuration (which enables route advertisement), leading candidates to mistakenly focus on NVE or interface settings instead of the missing BGP VNI injection.
How to eliminate wrong answers
Option B is wrong because removing the mcast-group from the NVE member would break BUM traffic replication in multicast mode, but the issue is about EVPN route advertisement, not data-plane flooding; EVPN uses BGP for control plane, but the mcast-group is still needed for multicast-based BUM traffic. Option C is wrong because changing the source-interface to a physical interface is not required; a loopback interface is the recommended source for NVE to ensure stability and is not the cause of missing EVPN routes. Option D is wrong because adding an IP address to VLAN 100 interface in the default VRF is unrelated to EVPN route advertisement; VLAN 100 is the Layer 2 VLAN associated with VNI 10100, but its SVI IP is only needed for Layer 3 VNI or gateway functionality, not for advertising EVPN routes.
Which two statements about the interaction between ACLs and CoPP are true? (Choose two.)
Correct because CoPP uses class-maps that reference ACLs to identify traffic such as SSH, SNMP, or routing protocol packets.
Why this answer
ACLs are used within CoPP to classify control-plane traffic. CoPP can protect against DoS attacks, and ACLs provide the classification. The incorrect options misstate the order of processing or the scope of CoPP.
Drag and drop each DSCP value on the left to its matching Per-Hop Behavior (PHB) on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Expedited Forwarding
Assured Forwarding class 4, low drop probability
Class Selector 3
Assured Forwarding class 2, medium drop probability
Best-effort
Why these pairings
DSCP values map to specific PHBs: EF is for expedited forwarding, AF41 is Assured Forwarding class 4 low drop, CS3 is class selector 3, AF21 is Assured Forwarding class 2 medium drop, and BE (0) is best-effort.
A network engineer is configuring NetFlow on a Cisco ISR 4451 router to analyze traffic patterns. The engineer wants to export flow data to a collector every 60 seconds. After applying the configuration, the engineer notices that the export packets are not reaching the collector. The collector is reachable via ICMP. What is the most likely cause?
Correct because the export destination must include the correct IP and UDP port; if missing or wrong, export packets won't reach the collector.
Why this answer
NetFlow export uses UDP as the transport protocol, and the collector must be listening on the correct UDP port. Option A is correct because the export destination must specify the correct UDP port. Option B is incorrect because NetFlow does not require TCP.
Option C is incorrect because the flow monitor is needed for Flexible NetFlow, but traditional NetFlow uses 'ip flow-export'. Option D is incorrect because the timeout setting affects when flows are exported, not the reachability of export packets.
A network engineer is designing a QoS policy for a Cisco router that connects to an MPLS VPN. The service provider expects all traffic to be marked with IP Precedence values. The engineer wants to ensure that voice traffic (DSCP EF) is mapped to IP Precedence 5. What configuration is required on the router to perform this mapping?
Correct because setting IP precedence directly achieves the required marking without needing to map from DSCP.
Why this answer
Option A is correct because the 'set ip precedence 5' command in a policy-map explicitly marks the IP Precedence field to 5, which corresponds to the same value as DSCP EF (46) in the IP header. This ensures that voice traffic is marked with IP Precedence 5 as required by the service provider, regardless of any existing DSCP markings.
Exam trap
Cisco often tests the misconception that DSCP and IP Precedence are automatically synchronized or that a single command like 'set dscp ef' will implicitly set the IP Precedence field, when in fact they are independent markings that require separate configuration.
How to eliminate wrong answers
Option B is wrong because setting DSCP to EF does not automatically set IP Precedence to 5; the router treats DSCP and IP Precedence as separate fields, and explicit configuration is needed to map between them. Option C is wrong because the 'qos map dscp-ip-precedence' command does not exist; the correct command for creating a mapping table is 'qos map dscp-ip-precedence' is not a valid Cisco IOS command, and such mappings are typically done via policy-map actions. Option D is wrong because the router does not automatically map DSCP EF to IP Precedence 5; without explicit configuration, the IP Precedence field remains unchanged or is set based on default behavior, which may not meet the service provider's requirement.
Drag and drop each sFlow component on the left to its matching function on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Samples packets and exports flow data
Receives and processes sFlow datagrams
Encapsulation of sampled packet headers and counters
Why these pairings
The sFlow agent samples packets and sends datagrams. The collector receives and analyzes datagrams. The datagram is the packet sent from agent to collector.
Drag and drop each NetFlow version on the left to its matching feature description on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Fixed 7-tuple flow keys, IPv4 only
Template-based, supports IPv6 and MPLS
IETF standard, extensible fields, NetFlow v10
Why these pairings
NetFlow v5 uses fixed 7-tuple keys and is IPv4-only. NetFlow v9 is template-based and supports IPv6 and MPLS. IPFIX (NetFlow v10) is the IETF standard based on v9 with extensible fields.
Which BGP attribute is preferred when it has the lowest value?
Lower MED is preferred when paths are from the same AS.
Why this answer
In BGP path selection, a lower weight is preferred over a higher weight.
Drag and drop each sFlow component on the left to its matching function on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Samples packets and exports datagrams
Receives and processes sFlow datagrams
Contains sampled packet headers and counters
Why these pairings
sFlow agent: embedded in the network device, samples packets and sends datagrams. sFlow collector: receives and analyzes datagrams. sFlow datagram: the packet sent from agent to collector containing sampled data.
Drag and drop the steps of VRF selection using policy-based routing into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
The correct order begins with creating an extended access-list to match traffic, defining a route-map with a match clause and set vrf command, applying the route-map to the incoming interface, the router evaluating the policy on received packets, and finally forwarding the matched traffic into the specified VRF.
Which of the following is a valid transport protocol for model-driven telemetry receivers on Cisco IOS-XE?
gRPC is a commonly used transport for model-driven telemetry.
Why this answer
gRPC is a supported transport protocol for telemetry receivers, along with gNMI and others.
A network engineer is troubleshooting a Layer 2 loop that occurred in a network using Rapid PVST+. The network has three switches: SW1 (root), SW2, and SW3. The engineer examines the topology and finds that SW2 and SW3 are connected via a link that is not supposed to be there. The engineer suspects that an unauthorized switch was connected to the network, causing the loop. The engineer wants to prevent such loops in the future by configuring a feature that will disable any port that receives a BPDU from an unauthorized switch. Which feature should the engineer configure on the access ports?
Correct because BPDU Guard disables a port if a BPDU is received, preventing unauthorized switches from causing loops.
Why this answer
BPDU Guard is the correct feature because it immediately error-disables a port when a BPDU is received, preventing loops from unauthorized switches. Since the engineer wants to protect access ports from receiving BPDUs (which should never occur on a properly configured access port), BPDU Guard directly addresses the scenario of an unauthorized switch being connected and sending BPDUs.
Exam trap
Cisco often tests the distinction between BPDU Guard and Root Guard, where candidates mistakenly choose Root Guard because they think it protects against unauthorized switches, but Root Guard only prevents a port from becoming root, not from receiving BPDUs and causing loops.
How to eliminate wrong answers
Option B is wrong because Loop Guard prevents alternate or root ports from becoming designated in the absence of BPDUs, but it does not disable a port upon receiving an unexpected BPDU; it only prevents loops caused by unidirectional link failures. Option C is wrong because Root Guard prevents a port from becoming a root port by placing it into a root-inconsistent state if a superior BPDU is received, but it does not disable the port; it still allows BPDU reception and does not block all BPDUs from unauthorized switches. Option D is wrong because UDLD detects and disables ports experiencing unidirectional links, but it does not react to BPDU reception; it uses its own keepalive mechanism and is unrelated to preventing loops from unauthorized switches sending BPDUs.
An engineer is troubleshooting a problem where a host in VLAN 20 cannot communicate with a host in VLAN 30, even though both are connected to the same access switch. The access switch is configured with VLANs 20 and 30, and the uplink to the distribution switch is a trunk that allows both VLANs. The distribution switch has SVIs for both VLANs and IP routing is enabled. The engineer verifies that the trunk is up and both VLANs are allowed. What is the most likely cause of the communication failure?
Correct because hosts need a default gateway to route traffic to other VLANs; if misconfigured, inter-VLAN communication fails.
Why this answer
Hosts in different VLANs must communicate through a Layer 3 device. The correct default gateway for each host should be the IP address of the SVI on the distribution switch for its respective VLAN. If the hosts are configured with an incorrect or no default gateway, traffic cannot be routed between VLAN 20 and VLAN 30, even though the trunk and SVIs are properly configured.
Exam trap
Cisco often tests the misconception that a properly configured trunk and SVIs alone guarantee inter-VLAN communication, when in fact the hosts must have the correct default gateway configured to reach the SVI.
How to eliminate wrong answers
Option B is wrong because the engineer already verified that the trunk is up and both VLANs are allowed, so a trunk misconfiguration is not the cause. Option C is wrong because Spanning Tree Protocol (STP) operates on Layer 2 interfaces and does not block SVI interfaces; SVIs are virtual Layer 3 interfaces and are not subject to STP blocking. Option D is wrong because a native VLAN mismatch on a trunk would cause issues for untagged traffic (typically management or CDP), but it would not prevent routed communication between hosts in different VLANs if the trunk is up and both VLANs are allowed.
Which two statements about NFV MANO (Management and Orchestration) are true? (Choose two.)
Correct because the VNFM performs operations like instantiation, scaling, updating, and termination of VNFs.
Why this answer
NFV MANO consists of three main components: NFV Orchestrator (NFVO), VNF Manager (VNFM), and Virtualized Infrastructure Manager (VIM). The NFVO coordinates network services across multiple VNFs, the VNFM manages individual VNF instances, and the VIM controls the NFVI resources. Option A is correct because the VNFM handles VNF lifecycle (instantiation, scaling, termination).
Option B is correct because the NFVO coordinates resources across VNFs and the infrastructure. Option C is incorrect because the VIM manages the NFVI, not VNFs. Option D is incorrect because the VIM does not handle service chaining; that is the role of the NFVO.
Option E is incorrect because the VNFM does not manage physical hardware.
A network engineer runs the following command on Router R8: R8# show ip pim neighbor vrf CUSTOMER-F Neighbor Interface Uptime/Expires Ver DR 10.0.3.2 GigabitEthernet0/0.700 02:00:00/00:01:30 v2 1/ DR 10.0.4.2 GigabitEthernet0/0.800 01:30:00/00:01:45 v2 0/ NDR (BDR) Based on this output, what can be concluded?
Both neighbors are present with DR and BDR roles.
Why this answer
The output shows two PIM neighbors (10.0.3.2 and 10.0.4.2) with their respective interfaces, uptimes, and DR/BDR roles. The presence of a DR (Designated Router) and BDR (Backup Designated Router) indicates that PIM is enabled and operating in VRF CUSTOMER-F, with the DR being 10.0.3.2 (as shown by '1/ DR') and the BDR being 10.0.4.2 (as shown by '0/ NDR (BDR)'). Therefore, option C is correct.
Exam trap
Cisco often tests the misinterpretation of the DR/BDR column, where candidates mistakenly assume the neighbor with 'BDR' is the DR, or that PIM is not running when neighbors are present.
How to eliminate wrong answers
Option A is wrong because the output clearly shows PIM neighbors with DR/BDR roles, confirming that PIM is configured and active in VRF CUSTOMER-F. Option B is wrong because the DR is 10.0.3.2 (indicated by '1/ DR'), not 10.0.4.2, which is the BDR (Backup Designated Router). Option D is wrong because both neighbors are using PIM version 2 (as shown by 'v2' in the Ver column), not version 1.
Drag and drop the steps of Unicast Reverse Path Forwarding (uRPF) check process into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
uRPF first receives a packet on an interface, then looks up the source IP in the routing table, verifies that the incoming interface matches the best reverse path, and if it matches, forwards the packet; otherwise, it drops the packet.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
First, identify the EIGRP routes to redistribute into OSPF. Then, configure the OSPF redistribution command under the OSPF process, specifying the EIGRP AS number. Since OSPF requires a metric for redistributed routes, set the OSPF metric type (E1 or E2) and seed metric.
Optionally, use a route map to filter or modify specific routes. Finally, verify that the redistributed routes appear in the OSPF database and routing table.
Which TWO statements are true about IP SLA? (Choose two.)
Option D is correct because IP SLA can be tracked and used for conditional routing.
Why this answer
Option B is correct because IP SLA can be combined with tracking objects and the 'track' command to influence routing decisions. When an IP SLA probe fails or falls below a threshold, the tracked object changes state, which can trigger a route change (e.g., via a static route with a higher administrative distance or a PBR policy). This allows the network to react to network performance or reachability issues automatically.
Exam trap
Cisco often tests the misconception that IP SLA uses real user traffic (Option D) or that it is limited to RTT (Option E), when in fact it generates synthetic probes and can measure one-way delay with proper time synchronization.
Drag and drop each RADIUS attribute name on the left to its matching attribute number on the right.
Drag a concept onto its matching description — or click a concept then click the description.
1
4
6
8
22
Why these pairings
RADIUS attribute numbers are standardized: User-Name=1, NAS-IP-Address=4, Service-Type=6, Framed-IP-Address=8, and Framed-Route=22.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
AnyConnect session establishment begins with the client establishing a TLS tunnel to the ASA headend. The ASA presents its digital certificate for authentication. The client then authenticates the user, and the ASA assigns an IP address from a pool.
Finally, the client installs the virtual adapter and the session is established.
Drag and drop the steps of deploying a CoPP policy on a Cisco IOS-XE router into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
Deploying CoPP requires first defining ACLs to classify traffic, then creating class maps, then a policy map, then applying it to the control plane, and finally verifying the policy.
A network engineer runs the following command on Switch SW2: SW2# show monitor session 2 Session 2 --------- Type : Remote Source Session Source Ports : TX Only : Gi1/0/5 RX Only : Gi1/0/6 Destination Ports : Gi1/0/20 Encapsulation : Replicate Based on this output, what can be concluded?
The type 'Remote Source Session' and Replicate encapsulation indicate RSPAN.
Why this answer
The session type is Remote Source Session, indicating this is an RSPAN source switch. Source port Gi1/0/5 captures only transmitted traffic, and Gi1/0/6 captures only received traffic. The destination port uses Replicate encapsulation, which is typical for RSPAN to send traffic to a remote VLAN.
This is part of an RSPAN configuration.
A network engineer is using Cisco DNA Center to monitor network health. The Assurance dashboard shows that a particular access switch has a high CPU utilization issue. The engineer wants to investigate the root cause using DNA Center's built-in tools. Which feature should the engineer use to analyze the switch's CPU utilization over time?
Correct because Trends provides historical data for performance metrics, including CPU utilization.
Why this answer
Cisco DNA Center's Assurance module provides historical and real-time data for network devices. The 'Trends' feature allows engineers to view metrics like CPU utilization over a selected time period, helping to identify patterns and root causes.
Which two statements about PIM sparse mode are true? (Choose two.)
Correct because in PIM sparse mode, receivers must explicitly join via PIM Join messages toward the RP.
Why this answer
PIM sparse mode uses an explicit join model where routers send PIM Join messages toward the RP to join a multicast group. It builds a shared tree (RP-tree) initially, and optionally switches to a source tree (SPT) when traffic exceeds a threshold. PIM dense mode uses flood-and-prune, not sparse mode.
PIM-BSR is one method for RP distribution, but not a requirement for sparse mode operation.
Drag and drop each AAA function on the left to its correct description on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Verifies the identity of a user or device
Determines what resources or commands a user can access
Records user activity for auditing or billing purposes
Why these pairings
Authentication verifies identity, authorization determines allowed actions, and accounting tracks usage for auditing or billing.
Given the following SNMPv3 configuration on a Cisco IOS-XE router: snmp-server group ADMIN v3 priv write ADMINVIEW snmp-server user admin ADMIN v3 auth sha cisco123 priv aes 128 cisco456 snmp-server view ADMINVIEW iso included What is missing or incorrect in this configuration?
Using 'iso included' includes all OIDs under the ISO subtree, which is essentially the entire MIB. This could be a security concern if a restricted view was intended.
Why this answer
The SNMPv3 user 'admin' is configured with authentication (SHA) and privacy (AES 128), and the group 'ADMIN' is set with write access to view 'ADMINVIEW'. However, the view 'ADMINVIEW' only includes the 'iso' subtree, which is too broad and may not be appropriate for a restricted view. Additionally, the configuration lacks an 'snmp-server host' command to send traps or informs, but that is not strictly required for SNMP access.
A network engineer runs the following command on Switch SW1: SW1# show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 24586 Address aabb.cc00.0100 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24586 (priority 24576 sys-id-ext 10) Address aabb.cc00.0100 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- ------------------------------ Gi0/1 Desg FWD 4 128.1 P2p Gi0/2 Desg FWD 4 128.2 P2p Gi0/3 Desg FWD 4 128.3 P2p Based on this output, what can be concluded?
Correct. The output explicitly states 'This bridge is the root' and all interfaces are Desg FWD.
Why this answer
The output explicitly states 'This bridge is the root' and shows all three interfaces (Gi0/1, Gi0/2, Gi0/3) in the Designated (Desg) role with a Forwarding (FWD) state. In a stable STP topology, only the root bridge has all its active ports as Designated; non-root bridges will have at least one Root port. Therefore, SW1 is the root bridge for VLAN 10, and all its interfaces are in the Designated role.
Exam trap
Cisco often tests the distinction between the configured bridge priority (without the system ID extension) and the effective priority displayed in the 'show spanning-tree' output, leading candidates to mistakenly think the root priority is 24576 when it is actually 24586.
How to eliminate wrong answers
Option B is wrong because the output clearly states 'This bridge is the root' and the Bridge ID address matches the Root ID address (aabb.cc00.0100), confirming SW1 itself is the root bridge, not a different switch. Option C is wrong because all three interfaces show a state of FWD (Forwarding), and no Blocking state is listed; the output shows no blocked ports, so a loop is prevented by the root bridge having all Designated ports. Option D is wrong because the Bridge ID Priority is shown as 24586, which is the sum of the configured priority 24576 and the system ID extension 10 (VLAN 10); the effective root bridge priority is 24586, not 24576 without the extension.
A network engineer is configuring a new switch that will be used as an access layer switch. The switch connects to two distribution switches via trunk links. The engineer wants to ensure that the access switch does not become the root bridge for any VLAN. The engineer also wants to provide redundancy so that if one uplink fails, the other uplink takes over quickly. The engineer is using Rapid PVST+. What configuration should the engineer apply on the access switch?
Correct because setting the priority to 61440 ensures the access switch will not become root, and Rapid PVST+ provides fast convergence automatically.
Why this answer
Option A is correct because setting the spanning-tree priority to 61440 (which is 0xF000 in hex) makes the switch a very unlikely root bridge candidate. In Rapid PVST+, the bridge priority is a 4-bit value (0-15) multiplied by 4096, so 61440 corresponds to priority 15 — the highest possible value. This ensures the access switch will never become the root bridge for any VLAN, while Rapid PVST+ provides fast failover (sub-second convergence) via its alternate/backup port mechanism without needing UplinkFast.
Exam trap
Cisco often tests the misconception that UplinkFast is needed with Rapid PVST+ for fast failover, but Rapid PVST+ already includes its own fast convergence (based on the 802.1w standard), making UplinkFast obsolete.
How to eliminate wrong answers
Option B is wrong because setting priority 0 makes the switch the most likely root bridge candidate, which directly contradicts the requirement to never become root. Option C is wrong because UplinkFast is a legacy Cisco proprietary feature for 802.1D STP; Rapid PVST+ already provides fast failover (typically 1-2 seconds) via its own convergence mechanism, making UplinkFast unnecessary and redundant. Option D is wrong because PortFast is designed for access ports connected to end hosts to bypass listening/learning states; applying it to trunk ports would disable STP on those links, risking loops and violating the requirement for redundancy with STP protection.
Drag and drop the steps of TrustSec SGT assignment and propagation via SXP into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
SXP propagates SGTs from a classification device to enforcement devices; first the SGT is assigned (e.g., via IP-to-SGT mapping), then SXP sends the binding to an SXP speaker, which forwards it to a listener, who adds it to the local SGT mapping table, enabling enforcement.
Drag and drop each gRPC method on the left to its matching subscription type on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Subscribe to telemetry data streams
Query server capabilities
Retrieve a single snapshot of data
Modify configuration data
Subscribe for a single update then close
Why these pairings
Subscribe is for streaming telemetry, Capabilities for discovery, Get for one-time retrieval, Set for configuration changes, and SubscribeOnce for one-shot subscription.
A network engineer is configuring QoS on a Cisco Catalyst 9300 switch to prioritize voice traffic. The switch has multiple access ports connected to IP phones and PCs. The engineer applies a policy-map that matches DSCP EF and sets the CoS to 5. However, after testing, the voice packets are not being marked correctly. What is the most likely cause?
Correct because by default, Cisco switches do not trust incoming QoS markings; the trust command must be configured to accept the marking from the IP phone.
Why this answer
On Cisco Catalyst switches like the 9300, QoS marking policies applied via a policy-map only re-mark packets if the interface port is configured to trust a specific marking. Without the 'mls qos trust dscp' command, the switch defaults to an untrusted state and may ignore or overwrite the DSCP-to-CoS mapping set by the policy-map. Option C is correct because the missing trust command prevents the policy-map from correctly applying the CoS 5 marking to voice packets.
Exam trap
Cisco often tests the trust boundary concept, where candidates assume a policy-map alone is sufficient to re-mark packets, but the missing 'mls qos trust' command is the hidden prerequisite that causes the marking to fail.
How to eliminate wrong answers
Option A is wrong because the policy-map direction (input vs. output) is not the core issue here; the problem is that the switch does not trust the incoming DSCP marking, so even if applied in the correct direction, the marking will not be honored. Option B is wrong because the Catalyst 9300 fully supports DSCP-to-CoS mapping via the 'mls qos map dscp-cos' command and the policy-map can perform this mapping when trust is enabled. Option D is wrong because the question states the engineer is matching DSCP EF, implying the IP phone is sending DSCP EF; the failure is in the switch's handling of that marking, not in the phone's transmission.
On a point-to-point network type, the default OSPF hello interval is 10 seconds (same as broadcast). This is correct.
Why this answer
Option A is correct because on a Cisco IOS-XE router, when the OSPF network type is set to point-to-point, the default hello interval is 10 seconds (not 30 seconds as on broadcast networks). The dead interval defaults to 40 seconds (four times the hello interval), not 120 seconds. This configuration is valid and does not require a manually configured router-id, as OSPF can dynamically select one.
The redistribution of BGP into OSPF only injects routes that are in the BGP table; it does not automatically include all SD-WAN overlay routes unless they are present in BGP.
Exam trap
Cisco often tests the default OSPF timer values for different network types, specifically tricking candidates into thinking point-to-point uses 30-second hello or 120-second dead intervals, which are actually defaults for NBMA networks.
How to eliminate wrong answers
Option B is wrong because the OSPF dead interval for a point-to-point network defaults to 40 seconds (4 × hello interval of 10 seconds), not 120 seconds. Option C is wrong because the 'redistribute bgp 65000 subnets' command only redistributes BGP routes that are in the BGP routing table; it does not automatically advertise all SD-WAN overlay routes unless they are learned via BGP and meet redistribution criteria (e.g., subnets keyword includes classless prefixes). Option D is wrong because OSPF does not require a manually configured router-id; if none is configured, OSPF automatically selects the highest IP address on a loopback interface or the highest IP address on any active physical interface.
Drag and drop each SD-Access fabric role on the left to its matching function on the right.
Drag a concept onto its matching description — or click a concept then click the description.
Connects the SD-Access fabric to external Layer 2 or Layer 3 networks
Attaches wired endpoints to the fabric and enforces access policies
Hosts the LISP map-server and map-resolver functions
Manages wireless endpoints and integrates with the fabric edge
Provides wireless connectivity and tunnels client traffic to the fabric edge
Why these pairings
The fabric border node connects the fabric to external networks, the fabric edge node connects endpoints to the fabric, and the fabric control node manages LISP mapping and VXLAN tunnels.
interface GigabitEthernet0/3 spanning-tree guard root end What is the effect of this configuration?
Root Guard protects the root bridge position by disabling ports that receive superior BPDUs.
Why this answer
Root Guard is enabled on the port, which will error-disable the port if a superior BPDU (indicating a potential root bridge) is received.
A network engineer runs the following command on Switch SW5: SW5# show monitor session 5 Session 5 --------- Type : Remote Source Session Source Ports : Both : Gi1/0/1-3 Destination Ports : Gi1/0/24 Encapsulation : Replicate Based on this output, what can be concluded?
The type 'Remote Source Session' and Replicate encapsulation indicate RSPAN source.
Why this answer
This is an RSPAN source session on SW5. Source ports Gi1/0/1-3 capture both directions. The destination port Gi1/0/24 uses Replicate encapsulation, which is typical for RSPAN to send mirrored traffic to a remote VLAN.
This switch is the source of the RSPAN session.
Consider the following telemetry configuration on a Cisco IOS-XE device: telemetry ietf subscription 600 encoding encode-kvgpb filter xpath /interfaces/interface/state stream yang-push update-policy on-change receiver ip address 10.1.1.1 50000 protocol grpc What is a potential issue with this configuration?
A broad filter like /interfaces/interface/state can cause high CPU if many interfaces change state often.
Why this answer
On-change subscriptions can generate high CPU load if the monitored data changes frequently, which may impact device performance.
Which three statements about virtual networking and hypervisor switches are true? (Choose three.)
Correct because a vSwitch is a Layer 2 switch that connects VMs within a host.
Why this answer
Virtual switches (vSwitch) forward frames between VMs and physical NICs. They support VLANs and port groups. A distributed switch spans multiple hosts.
Virtual switches do not require STP because loops are prevented by design.
Which two statements about the MQC (Modular QoS CLI) classification process are true? (Choose two.)
Correct. The match-any keyword causes the class map to match a packet if it satisfies any one of the match statements.
Why this answer
The MQC uses class maps to define match criteria; a packet is matched against class maps in the order they appear in the policy map. The first match wins, and if no match occurs, the default class (class-default) is used. Only one match statement per class map is allowed unless the match-any keyword is used.
Drag and drop the steps of MPLS Traffic Engineering (TE) tunnel setup (RSVP) into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
MPLS TE tunnel setup using RSVP begins with IGP extension (OSPF/IS-IS) to flood TE link attributes, then CSPF computes the path, RSVP Path message is sent, RSVP Resv message reserves resources, and finally the tunnel is signaled and installed in the forwarding table.
router bgp 65000 bgp router-id 10.0.0.1 neighbor 10.0.0.2 remote-as 65001 neighbor 10.0.0.2 route-map SET_COMMUNITY in ! route-map SET_COMMUNITY permit 10 set community 100:200 ! What is the effect of this configuration?
Correct. The route-map sets the community on inbound updates, but without send-community, the community is not propagated.
Why this answer
The route-map SET_COMMUNITY is applied to inbound updates from neighbor 10.0.0.2, so routes received from that neighbor are tagged with community 100:200. However, BGP does not propagate communities to other peers unless the neighbor is explicitly configured with the send-community command. Without send-community, the community attribute is stripped from outbound updates, so the community is not sent to other BGP peers.
Exam trap
Cisco often tests the distinction between inbound and outbound route-map application, and the fact that communities are not automatically sent to peers without explicit send-community configuration, leading candidates to assume the community is propagated by default.
How to eliminate wrong answers
Option B is wrong because BGP does not automatically send communities to all neighbors; the send-community command is required under the neighbor configuration for the community attribute to be included in outbound updates. Option C is wrong because the route-map is applied with the 'in' keyword, meaning it affects inbound routes from 10.0.0.2, not outbound updates to that neighbor. Option D is wrong because the community value 100:200 is a valid numeric format (AS:value) and is perfectly acceptable in BGP configuration.
Drag and drop the steps of Embedded Packet Capture (EPC) on IOS-XE steps into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
EPC requires defining a capture buffer, defining a capture point, associating them, starting the capture, and then stopping/exporting.
A network administrator is troubleshooting high CPU utilization on a Catalyst 9300 switch. The output of 'show processes cpu sorted' shows the 'IP Input' process consuming 45% CPU. Which tool should be used to identify the specific packets causing the issue?
Option C is correct because NetFlow can identify the flows that are being processed by the CPU.
Why this answer
The 'IP Input' process handles incoming IP packets that require CPU processing, such as routing protocol updates, management traffic, or packets destined to the switch itself. Enabling IP traffic export (NetFlow) on the switch allows the administrator to analyze traffic flows and identify the specific source/destination IP addresses, ports, and protocols consuming CPU cycles, without overwhelming the CPU further. NetFlow provides granular visibility into the types of packets being processed, making it the correct tool for this scenario.
Exam trap
The trap here is that candidates often confuse SPAN (traffic mirroring) with a diagnostic tool, but SPAN does not provide built-in traffic analysis and can worsen CPU load, whereas NetFlow is designed for flow-level analysis without adding significant overhead.
How to eliminate wrong answers
Option A is wrong because extended ping generates ICMP echo requests from the switch, which would add to the CPU load rather than help diagnose the existing high utilization, and it does not capture or analyze the packets already causing the issue. Option B is wrong because configuring a SPAN session to capture all traffic to the CPU would mirror the traffic to a monitoring port, but it does not provide a built-in analysis mechanism on the switch; it requires an external analyzer and could further increase CPU load due to the mirroring process. Option C is wrong because CDP neighbors only provide information about directly connected Cisco devices and their capabilities; checking CDP cannot identify the specific packets causing high CPU utilization, as CDP is a Layer 2 discovery protocol unrelated to IP packet processing.
Which two statements about MPLS label operations are true? (Choose two.)
Correct because the ingress LSR pushes the initial label onto the packet.
Why this answer
In MPLS, the ingress LSR imposes (pushes) a label onto the packet. At each intermediate LSR, the label is swapped (the incoming label is replaced with an outgoing label). The egress LSR removes (pops) the label before forwarding the IP packet.
Penultimate Hop Popping (PHP) is a feature where the penultimate router pops the label, so the egress router receives only an IP packet. Option C is incorrect because the egress LSR always pops the label, not pushes. Option D is incorrect because label imposition occurs only at the ingress, not at every LSR.
Option E is incorrect because label swapping is the action at transit LSRs, not label imposition.
Drag and drop the steps of MSTP region and instance configuration steps into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
MSTP configuration begins with entering MST configuration mode, assigning a region name and revision number, mapping VLANs to instances, and then activating the configuration. Finally, the MST instance priority is set to influence root bridge selection.
Drag and drop the steps of DNA Center SWIM (Software Image Management) upgrade flow into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
SWIM upgrade begins with importing the image, then distributing it to the device, performing a pre-check, activating the image, and finally committing the upgrade.
Drag and drop the steps of Jinja2 template rendering for device config generation into the correct order, from first to last.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
The process begins by loading the Jinja2 environment and template file, then defining a dictionary with configuration variables. Next, the template is rendered with those variables, the resulting configuration string is printed or saved, and finally it can be pushed to the device.
Examine the following configuration: flow record REC-1 match ipv4 source address match ipv4 destination address match ipv4 protocol collect interface input collect interface output collect counter bytes collect counter packets ! flow monitor MON-1 record REC-1 exporter EXPORTER-1 ! interface GigabitEthernet0/1 ip flow monitor MON-1 input ! What is the purpose of this configuration?
The match and collect statements define the fields to be recorded; the monitor applies to input traffic.
Why this answer
This configuration defines a custom flow record that captures key fields (source/destination IP, protocol) and collects interface and counter information. The flow monitor applies this record to incoming traffic on GigabitEthernet0/1.
An engineer is troubleshooting a site-to-site VPN between a Cisco ASA and a Cisco IOS router. The VPN is configured using IKEv1 with pre-shared keys. The tunnel establishes and traffic flows, but after a few hours, the tunnel drops and re-establishes. The engineer checks the logs and sees that the Phase 1 SA is being rekeyed. What is the most likely reason for the tunnel dropping?
Correct because a short lifetime causes frequent rekeys, which can lead to drops if not synchronized.
Why this answer
IKE Phase 1 SAs have a lifetime; when the lifetime expires, the SA is rekeyed. If the rekey fails or is delayed, the tunnel may drop temporarily. Option B is correct because the lifetime expiration is the most common cause.
Option A is incorrect because DPD is used to detect dead peers, not cause drops. Option C is incorrect because rekeying is normal. Option D is incorrect because the Phase 2 lifetime is separate.
An Ansible playbook uses the cisco.ios.ios_telemetry module to configure a telemetry subscription: ```yaml --- - name: Configure telemetry subscription hosts: ios_xe gather_facts: no tasks: - name: Create telemetry subscription cisco.ios.ios_telemetry: state: present subscription_id: 300 receiver: ip: 10.1.1.100 port: 50051 protocol: grpc-tcp source_ip: 10.1.1.1 encoding: kvgpb filter: xpath: /interfaces/interface/state/counters update_policy: period: 10000 ``` What is the purpose of the 'state: present' parameter?
state: present creates or updates the subscription to match the desired state.
Why this answer
The 'state: present' parameter ensures that the telemetry subscription is created if it does not exist, or updated if it does. It is a common Ansible module parameter that idempotently manages configuration.
Examine the following BGP configuration on a Cisco IOS-XE router: ``` router bgp 65000 bgp default local-preference 150 neighbor 10.1.1.1 remote-as 65001 neighbor 10.1.1.1 password cisco123 neighbor 10.1.1.1 route-map SET-MED out ! route-map SET-MED permit 10 set metric 50 ``` What is the effect of the route-map on outbound updates to 10.1.1.1?
Correct. The route-map sets the MED attribute to 50.
Why this answer
The route-map SET-MED is applied outbound to neighbor 10.1.1.1. It sets the MED (multi-exit discriminator) to 50 for all routes advertised to that neighbor.
Practice 350-401 by domain
Target a specific domain to shore up weak areas.
Study 350-401 by topic
Focused topic pages — one weak area at a time.