CCNA Network Function Virtualization Questions

58 questions · Network Function Virtualization topic · All types, answers revealed

1
Matchingmedium

Drag and drop each NFV management layer on the left to its matching function on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Lifecycle management of VNF instances (instantiate, scale, terminate)

Orchestration of network services across multiple VNFs and NFVI

Management of compute, storage, and network resources in NFVI

Service assurance, billing, and customer management layers interfacing with NFV

FCAPS management for individual VNFs

Why these pairings

VNFM manages individual VNFs; NFVO orchestrates network services; VIM controls NFVI resources.

2
MCQmedium

An architect is designing an SD-WAN deployment for a multinational enterprise. The design must ensure that control plane traffic remains separate from data plane traffic and that the solution can scale to thousands of sites. Which architectural component is responsible for maintaining the control plane and distributing routing information?

A.vBond orchestrator
B.vManage NMS
C.vSmart controller
D.vEdge router
AnswerC

vSmart is the control plane element that distributes routes and policies.

Why this answer

The vSmart controller is the centralized control plane component in Cisco SD-WAN that distributes routing information (OMP routes) and policies to all vEdge/cEdge routers. It maintains the control plane by separating route advertisement and policy enforcement from the data plane, which is handled by the vEdge routers. This separation allows the solution to scale to thousands of sites because vSmart controllers can be clustered and do not process actual data traffic.

Exam trap

Cisco often tests the misconception that the vBond orchestrator handles control plane functions because of its role in initial authentication and orchestration, but vBond does not distribute routing information—that is exclusively the vSmart controller's role.

How to eliminate wrong answers

Option A is wrong because the vBond orchestrator is responsible for initial authentication, NAT traversal, and orchestrating connections between vSmart, vManage, and vEdge devices, not for maintaining the control plane or distributing routing information. Option B is wrong because vManage NMS is the network management system that provides centralized configuration, monitoring, and analytics, but it does not participate in the control plane or distribute routing updates. Option D is wrong because the vEdge router is a data plane device that forwards traffic based on routes learned from the vSmart controller; it does not originate or distribute routing information to other sites.

3
Multi-Selecthard

Which three statements about the benefits and challenges of NFV are true? (Choose three.)

Select 3 answers
A.NFV reduces capital expenditure by allowing network functions to run on standard, off-the-shelf hardware.
B.NFV enables faster time-to-market for new services by decoupling software from hardware.
C.One challenge of NFV is the potential performance overhead introduced by the virtualization layer.
D.NFV reduces the overall security attack surface by consolidating multiple functions into a single physical device.
E.NFV eliminates the need for physical cabling in the data center.
AnswersA, B, C

Correct because NFV replaces proprietary appliances with software on commodity servers, lowering hardware costs.

Why this answer

NFV offers reduced hardware costs, faster service deployment, and operational agility. However, it introduces challenges such as performance overhead from virtualization and increased complexity in management. Option A is correct because NFV reduces CAPEX by using commodity hardware.

Option B is correct because NFV enables rapid deployment of new services. Option C is correct because virtualization can introduce latency and throughput overhead. Option D is incorrect because NFV typically increases, not decreases, the attack surface.

Option E is incorrect because NFV does not eliminate the need for physical cabling; it only virtualizes network functions.

4
MCQmedium

Consider the following configuration: router eigrp TEST network 10.0.0.0 0.255.255.255 metric weights 0 1 0 1 0 0 What is the effect of the 'metric weights' command?

A.It changes the EIGRP metric calculation to use only bandwidth and delay, which is the default behavior.
B.It changes the EIGRP metric calculation to use bandwidth, delay, and reliability.
C.It changes the EIGRP metric calculation to use only delay.
D.It disables the EIGRP metric calculation, causing all routes to have the same metric.
AnswerA

Correct. K1=1 (bandwidth) and K3=1 (delay) are used; K2, K4, K5 are zero, matching the default EIGRP metric.

Why this answer

The 'metric weights' command in EIGRP allows you to modify the K values used in the composite metric formula. The default K values are K1=1, K2=0, K3=1, K4=0, K5=0, which means only bandwidth (K1) and delay (K3) are used. The command 'metric weights 0 1 0 1 0 0' explicitly sets K1=1, K3=1, and all others to 0, which matches the default behavior and does not change the metric calculation.

Exam trap

Cisco often tests the misconception that changing K values from their defaults always alters the metric calculation, but here the specific values '0 1 0 1 0 0' exactly replicate the default K values (K1=1, K3=1), so the command has no net effect.

How to eliminate wrong answers

Option B is wrong because setting K4=0 (the fourth parameter) means reliability is not used in the metric calculation; to include reliability, K4 must be set to 1. Option C is wrong because while delay (K3) is used, bandwidth (K1) is also set to 1, so the metric uses both bandwidth and delay, not only delay. Option D is wrong because the 'metric weights' command does not disable metric calculation; it simply defines which K values are non-zero, and with K1 and K3 set to 1, the standard EIGRP composite metric is still computed.

5
Drag & Dropmedium

Drag and drop the steps of service function chaining (SFC) path setup into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

SFC path setup begins with classifying traffic to determine which service chain to apply. Next, the classifier encapsulates packets with an NSH header. Then the SFC path is computed by the controller using the service function path identifier.

After path computation, the controller installs forwarding entries in each service function forwarder. Finally, traffic traverses the chain as SFFs forward packets between VNFs.

6
Multi-Selectmedium

Which two statements about Network Function Virtualization (NFV) architecture are true? (Choose two.)

Select 2 answers
A.NFV decouples network functions from proprietary hardware appliances.
B.NFV requires specialized ASICs to achieve line-rate performance.
C.Virtual Network Functions (VNFs) run on top of the NFV Infrastructure (NFVI).
D.The VNF Manager is solely responsible for resource orchestration across multiple VIMs.
E.NFV mandates the use of virtual machines and cannot use container-based deployments.
AnswersA, C

Correct because the core principle of NFV is to run network functions as software on standard servers, eliminating dependence on dedicated hardware.

Why this answer

NFV decouples network functions from dedicated hardware, running them as software on standard servers. The NFV Infrastructure (NFVI) includes compute, storage, and networking resources, while VNFs are the software implementations of network functions. Option A is correct because NFV indeed separates software from hardware.

Option C is correct because VNFs run on NFVI. Option B is incorrect because NFV does not require proprietary hardware; it uses standard servers. Option D is incorrect because the NFV Orchestrator handles lifecycle management, not just the VNF Manager.

Option E is incorrect because NFV can use both virtual machines and containers.

7
MCQeasy

What is the default OSPF hello interval on an Ethernet link?

A.10 seconds
B.30 seconds
C.40 seconds
D.5 seconds
AnswerA

Correct. The default hello interval for OSPF on Ethernet is 10 seconds.

Why this answer

On Ethernet (broadcast multi-access) links, OSPF defaults to a hello interval of 10 seconds, as specified in RFC 2328. This interval allows OSPF routers to quickly detect neighbor failures while keeping control overhead low. The dead interval is automatically set to 40 seconds (four times the hello interval) on such links.

Exam trap

Cisco often tests the confusion between the OSPF hello interval on Ethernet (10 seconds) and the dead interval (40 seconds), or between different network types like NBMA (30 seconds) and point-to-point (5 seconds).

How to eliminate wrong answers

Option B (30 seconds) is wrong because 30 seconds is the default hello interval for OSPF on non-broadcast multi-access (NBMA) networks, such as Frame Relay or X.25, not on Ethernet. Option C (40 seconds) is wrong because 40 seconds is the default OSPF dead interval on Ethernet, not the hello interval. Option D (5 seconds) is wrong because 5 seconds is the default hello interval for OSPF on point-to-point links and point-to-multipoint networks, not on Ethernet broadcast multi-access links.

8
MCQmedium

Examine the following configuration snippet: interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip ospf hello-interval 20 ip ospf dead-interval 80 What is the effect of this configuration?

A.The OSPF hello interval is changed to 20 seconds, and the dead interval is changed to 80 seconds, maintaining the default 4:1 ratio.
B.The OSPF hello interval is changed to 20 seconds, but the dead interval remains at the default of 40 seconds.
C.The OSPF hello interval is changed to 20 seconds, and the dead interval is automatically set to 60 seconds.
D.This configuration will cause OSPF adjacency failure because the dead interval must be exactly 4 times the hello interval.
AnswerA

Correct. The hello interval is set to 20, and dead interval to 80, which is 4 times the hello interval, as required by OSPF.

Why this answer

Option A is correct because the configuration explicitly sets the OSPF hello interval to 20 seconds and the dead interval to 80 seconds, which maintains the default 4:1 ratio (dead = hello × 4). OSPF allows manual configuration of these timers, and as long as both sides of the adjacency match, the ratio can be any value; the 4:1 default is not enforced by the protocol.

Exam trap

Cisco often tests the misconception that the dead interval must always be exactly 4 times the hello interval, but the actual requirement is that the timers must match between neighbors, not that a specific ratio must be maintained.

How to eliminate wrong answers

Option B is wrong because the 'ip ospf dead-interval 80' command explicitly overrides the default dead interval (40 seconds for a 10-second hello), so it does not remain at 40. Option C is wrong because OSPF does not automatically set the dead interval to 60 seconds when the hello interval is changed; the dead interval must be explicitly configured or it stays at the default (which would be 80 seconds if the hello were 20, but here it is explicitly set to 80). Option D is wrong because OSPF does not require the dead interval to be exactly 4 times the hello interval; the only requirement is that the timers match on both OSPF neighbors for adjacency to form, and any ratio is acceptable as long as it is consistent.

9
Drag & Dropmedium

Drag and drop the steps of NFV MANO (VNFM/NFVO/VIM) interaction flow into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The MANO interaction flow starts with the NFVO receiving a service request from OSS/BSS. The NFVO then requests the VNFM to instantiate a VNF. The VNFM requests the VIM to allocate resources.

The VIM allocates resources and returns resource information to the VNFM. Finally, the VNFM instantiates the VNF and reports status to the NFVO.

10
MCQmedium

Given the following configuration: interface GigabitEthernet0/0 ip address 10.1.1.1 255.255.255.0 ip pim sparse-mode ip igmp version 3 What is the purpose of the 'ip igmp version 3' command?

A.It enables IGMP version 3, which allows hosts to join multicast groups from specific sources, supporting SSM.
B.It enables IGMP version 3, which increases the number of multicast groups supported to 1024.
C.It enables IGMP version 3, which is required for PIM dense-mode operation.
D.It enables IGMP version 3, which disables IGMP snooping on the interface.
AnswerA

Correct. IGMPv3 adds source filtering, enabling SSM operation.

Why this answer

The 'ip igmp version 3' command enables IGMPv3 on the interface, which supports Source-Specific Multicast (SSM) by allowing hosts to specify both the multicast group and the source address in their membership reports. This is essential for SSM operation with PIM sparse-mode, as IGMPv3 provides the source filtering capability that IGMPv2 lacks.

Exam trap

Cisco often tests the misconception that IGMPv3 is simply a 'newer version' with generic improvements, when in fact its key differentiator is source-specific filtering for SSM support.

How to eliminate wrong answers

Option B is wrong because IGMP version 3 does not define a limit of 1024 multicast groups; the number of supported groups depends on hardware resources and platform, not the IGMP version. Option C is wrong because IGMPv3 is not required for PIM dense-mode; PIM dense-mode can operate with IGMPv1 or IGMPv2, and IGMPv3 is specifically associated with PIM sparse-mode and SSM. Option D is wrong because 'ip igmp version 3' does not disable IGMP snooping; IGMP snooping is a Layer 2 feature controlled by separate commands (e.g., 'ip igmp snooping') and is independent of the IGMP version configured on the interface.

11
Matchinghard

Drag and drop each service chaining element on the left to its matching position in a typical chain on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

First element in the service chain

Inspects and filters traffic after ingress

Distributes traffic among servers after firewall

Compresses and optimizes traffic before egress

Last element before the destination network

Why these pairings

In a typical service chain, traffic flows from the ingress router through firewall, load balancer, WAN optimizer, and finally to the egress router.

12
MCQeasy

Which BGP attribute is preferred with the lowest value?

A.MED
B.Local Preference
C.Weight
D.Origin
AnswerA

Correct. Lower MED is preferred in BGP path selection.

Why this answer

MED (Multi-Exit Discriminator) is a BGP attribute that is preferred with the lowest value. It is used to influence inbound traffic to an AS when multiple entry points exist, and a lower MED value is more preferred over a higher one.

Exam trap

Cisco often tests the confusion between attributes that use 'lowest is best' (like MED and IGP metric) versus 'highest is best' (like Local Preference and Weight), so candidates mistakenly apply the 'highest is best' rule to MED.

How to eliminate wrong answers

Option B (Local Preference) is wrong because Local Preference is preferred with the highest value, not the lowest, and is used to influence outbound traffic from an AS. Option C (Weight) is wrong because Weight is a Cisco-proprietary attribute that is preferred with the highest value, and it is local to the router. Option D (Origin) is wrong because Origin is preferred in the order IGP < EGP < incomplete, not based on a numeric value.

13
Drag & Dropmedium

Drag and drop the steps of VNF scaling up and scaling out steps into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Scaling up (vertical) or scaling out (horizontal) begins with the VNFM monitoring performance metrics and detecting a threshold breach. The VNFM then notifies the NFVO of the scaling requirement. The NFVO authorizes the scaling action.

The VNFM then coordinates with the VIM to allocate additional resources (scale up) or instantiate new VNF instances (scale out). Finally, the VNFM updates the VNF configuration to use the new resources or instances.

14
Matchingmedium

Drag and drop each VNF category on the left to its matching example on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cisco CSR 1000v

Cisco Firepower NGFWv

F5 BIG-IP Virtual Edition

Cisco vWAAS

Cisco Firepower NGIPSv

Why these pairings

VNFs replace physical appliances; common examples include virtual routers, firewalls, and load balancers.

15
MCQmedium

An architect is designing an SD-WAN policy to ensure that real-time video traffic from headquarters to branch offices is always sent over the most reliable transport, while all other traffic uses the least-cost path. Which type of policy should be used to achieve this?

A.Localized data policy applied on the vEdge router.
B.Centralized data policy configured on vSmart.
C.Centralized control policy for route manipulation.
D.Localized app-route policy on the branch vEdge.
AnswerB

Centralized data policy on vSmart controls overlay path selection based on application and SLA.

Why this answer

A centralized data policy configured on vSmart is correct because it allows the SD-WAN controller to enforce application-aware routing decisions across the fabric. By matching real-time video traffic and steering it over the transport with the highest loss/reachability metrics (most reliable), while using a separate rule to direct all other traffic over the least-cost path, the policy is applied globally from the vSmart controller without requiring per-router configuration.

Exam trap

Cisco often tests the distinction between control policies (which manipulate routing information) and data policies (which manipulate packet forwarding), and the trap here is that candidates confuse centralized control policy with centralized data policy, thinking route manipulation can achieve application-based path selection when it cannot.

How to eliminate wrong answers

Option A is wrong because a localized data policy on the vEdge router can only influence local forwarding decisions and cannot enforce a consistent, fabric-wide policy that distinguishes real-time video from other traffic based on centralized application recognition. Option C is wrong because a centralized control policy manipulates route prefixes and OMP routes (e.g., TLOC preferences) to influence path selection at the control plane, not to apply per-packet application-based forwarding rules like steering video over the most reliable transport. Option D is wrong because a localized app-route policy on the branch vEdge is used for local per-tunnel load balancing or failover based on SLA metrics, but it cannot implement a global policy that differentiates real-time video from other traffic across all sites; it is also not designed to enforce a least-cost path for all other traffic.

16
Multi-Selecthard

Which three statements about NFV MANO (Management and Orchestration) are true? (Choose three.)

Select 3 answers
A.The NFV Orchestrator (NFVO) is responsible for network service orchestration and resource orchestration across multiple VIMs.
B.The VNF Manager (VNFM) handles lifecycle management of VNF instances, including instantiation, scaling, and termination.
C.The Virtualized Infrastructure Manager (VIM) controls and manages the NFVI compute, storage, and network resources.
D.OSS/BSS systems are part of the NFV MANO framework and directly manage VNF instances.
E.The NFVO directly manages the hypervisor layer to allocate virtual resources to VNFs.
AnswersA, B, C

Correct because the NFVO coordinates the lifecycle of network services and manages resource allocation across multiple VIMs and WIMs.

Why this answer

NFV MANO is the architectural framework for managing and orchestrating NFV resources. The NFV Orchestrator (NFVO) coordinates network services across VIMs and WIMs. The VNF Manager (VNFM) handles VNF lifecycle.

The VIM manages NFVI resources. Option A is correct because NFVO handles network service orchestration. Option B is correct because VNFM manages VNF instances.

Option C is correct because VIM controls NFVI compute, storage, and network. Option D is incorrect because OSS/BSS are separate from MANO, though they interact. Option E is incorrect because the NFVO does not directly manage hypervisors; that is the VIM's role.

17
Drag & Dropmedium

Drag and drop the steps of NFV MANO (VNFM/NFVO/VIM) interaction flow into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The interaction flow begins with the NFVO receiving a service request from OSS/BSS. The NFVO then requests resource allocation from the VIM. The VIM allocates resources and reports back.

Next, the NFVO instructs the VNFM to instantiate the VNF. Finally, the VNFM configures and starts the VNF on the allocated resources.

18
MCQmedium

Given the following configuration: interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip access-group 101 in ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq 80 access-list 101 deny ip any any What is the effect of this configuration?

A.Incoming traffic from 192.168.1.0/24 to any destination on port 80 is permitted; all other incoming traffic is denied.
B.Outgoing traffic from the router to 192.168.1.0/24 on port 80 is permitted; all other outgoing traffic is denied.
C.Incoming traffic from any source to 192.168.1.0/24 on port 80 is permitted; all other incoming traffic is denied.
D.The access-list will permit all TCP traffic from 192.168.1.0/24, regardless of destination port.
AnswerA

Correct. The ACL permits only HTTP traffic from the specified subnet and denies everything else.

Why this answer

The configuration applies access-list 101 inbound on GigabitEthernet0/0. The first ACE permits TCP traffic from source network 192.168.1.0/24 to any destination on port 80 (HTTP). The second ACE denies all other IP traffic.

Since the access list is applied in the inbound direction, it filters traffic entering the router through that interface. Therefore, only incoming traffic matching the permit statement is allowed; everything else is denied.

Exam trap

Cisco often tests the distinction between inbound and outbound ACL application, and the trap here is confusing the direction of the access-group or misreading the source/destination in the ACL entries.

How to eliminate wrong answers

Option B is wrong because the access list is applied inbound (ip access-group 101 in), not outbound; it filters traffic entering the interface, not leaving the router. Option C is wrong because it reverses the source and destination: the permit statement specifies source 192.168.1.0/24, not destination; traffic from any source to 192.168.1.0/24 on port 80 would be denied unless it also originated from that subnet. Option D is wrong because the permit statement explicitly restricts to TCP destination port 80 (eq 80); it does not permit all TCP traffic from 192.168.1.0/24 regardless of port.

19
MCQmedium

Examine this configuration: interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ipv6 address 2001:db8::1/64 ipv6 ospf 1 area 0 What is the effect of the 'ipv6 ospf 1 area 0' command?

A.It enables OSPFv3 process 1 on this interface and assigns it to area 0.
B.It enables OSPFv2 process 1 on this interface and assigns it to area 0.
C.It enables OSPFv3 on this interface but the process ID must match the router ospf process ID; if not, it will be ignored.
D.It enables OSPFv3 on this interface but area 0 is invalid for IPv6; OSPFv3 uses area 0.0.0.0.
AnswerA

Correct. This is the correct syntax to enable OSPFv3 on an interface and specify the area.

Why this answer

The 'ipv6 ospf 1 area 0' command enables OSPFv3 (the IPv6 version of OSPF) on the specified interface, assigns it to OSPFv3 process 1, and places the interface in area 0 (the backbone area). This is the correct syntax for activating OSPFv3 on an interface under a specific process and area, independent of any global OSPFv3 process configuration.

Exam trap

Cisco often tests the distinction between OSPFv2 and OSPFv3 interface commands, and the trap here is that candidates confuse 'ip ospf' (OSPFv2) with 'ipv6 ospf' (OSPFv3) or assume the process ID must match a pre-existing global process, when in fact the interface command can auto-create the process.

How to eliminate wrong answers

Option B is wrong because 'ipv6 ospf' is specific to OSPFv3, not OSPFv2; OSPFv2 uses the 'ip ospf' command for IPv4. Option C is wrong because the process ID in the interface command does not need to match a global 'router ospf' process ID; OSPFv3 can be configured directly on the interface, and if no global process exists, one is automatically created. Option D is wrong because area 0 is perfectly valid for OSPFv3; OSPFv3 uses the same area numbering (including decimal 0 for the backbone) as OSPFv2, not area 0.0.0.0 as a required format.

20
Drag & Dropmedium

Drag and drop the steps of service function chaining (SFC) path setup into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

SFC path setup starts with the classifier identifying traffic to be steered, then the classifier adds an NSH encapsulation to the packet. The first SFF receives the packet and forwards it to the first SF. After processing, the SF returns the packet to the SFF, which then forwards it to the next SFF in the chain.

This repeats until the packet reaches the last SFF, which removes the NSH and forwards the packet.

21
MCQhard

A network engineer is deploying a virtual WAN edge device using Cisco SD-WAN on an NFVIS platform. After powering on the VM, the device fails to boot and the NFVIS console shows 'ERROR: No bootable device found'. The engineer verified that the ISO image is correctly uploaded. What is the most likely cause?

A.The VM's virtual disk size is too small for the WAN edge image.
B.The VM's CPU type is set to 'host-passthrough' instead of 'qemu64'.
C.The boot order in the VM configuration does not have the CD-ROM (ISO) as the first device.
D.The ISO image is corrupted and NFVIS cannot read it.
AnswerC

Correct because the VM attempts to boot from the hard disk first, which is empty, leading to the error.

Why this answer

Option C is correct because the error 'No bootable device found' indicates that the VM attempted to boot from a device that does not contain a bootable operating system. In NFVIS, when deploying a virtual WAN edge device from an ISO, the VM's boot order must be configured to prioritize the CD-ROM (ISO) device. If the boot order defaults to the virtual hard disk (which is empty before installation), the VM will fail to find a bootable medium and produce this exact error.

Exam trap

Cisco often tests the distinction between image upload errors (corruption, size) and boot process errors (boot order), leading candidates to incorrectly suspect the ISO or disk configuration when the real issue is a missing boot device priority.

How to eliminate wrong answers

Option A is wrong because the virtual disk size does not prevent the VM from booting from the ISO; the disk is only used after the OS is installed. Option B is wrong because the CPU type 'host-passthrough' is actually recommended for Cisco SD-WAN VMs on NFVIS to expose the full CPU feature set; 'qemu64' would be a less compatible choice. Option D is wrong because if the ISO were corrupted, NFVIS would typically report a checksum or mount error, not a 'No bootable device found' message, which specifically points to boot order misconfiguration.

22
Multi-Selectmedium

Which two statements about NFV MANO (Management and Orchestration) are true? (Choose two.)

Select 2 answers
A.The VNF Manager (VNFM) is responsible for the lifecycle management of VNF instances, including instantiation and scaling.
B.The NFV Orchestrator (NFVO) coordinates the allocation of resources across multiple VNFs and the NFVI.
C.The Virtualized Infrastructure Manager (VIM) manages the lifecycle of VNFs and their connectivity.
D.The VIM is responsible for service chaining and policy enforcement within the NFV environment.
E.The VNFM is responsible for managing the physical hardware resources in the NFVI.
AnswersA, B

Correct because the VNFM performs operations like instantiation, scaling, updating, and termination of VNFs.

Why this answer

NFV MANO consists of three main components: NFV Orchestrator (NFVO), VNF Manager (VNFM), and Virtualized Infrastructure Manager (VIM). The NFVO coordinates network services across multiple VNFs, the VNFM manages individual VNF instances, and the VIM controls the NFVI resources. Option A is correct because the VNFM handles VNF lifecycle (instantiation, scaling, termination).

Option B is correct because the NFVO coordinates resources across VNFs and the infrastructure. Option C is incorrect because the VIM manages the NFVI, not VNFs. Option D is incorrect because the VIM does not handle service chaining; that is the role of the NFVO.

Option E is incorrect because the VNFM does not manage physical hardware.

23
MCQeasy

What is the maximum hop count for EIGRP?

A.100
B.15
C.255
D.16
AnswerA

Correct. The default maximum hop count for EIGRP is 100.

Why this answer

EIGRP uses a maximum hop count of 100 by default to prevent routing loops. This is a hard limit; if a route's hop count exceeds 100, EIGRP considers it unreachable. This value is configurable via the 'metric maximum-hops' command under the EIGRP process.

Exam trap

Cisco often tests the EIGRP hop count limit of 100 to trap candidates who confuse it with RIP's 15-hop limit or OSPF's 255-hop limit, especially when the question omits the protocol name in the stem.

How to eliminate wrong answers

Option B (15) is wrong because 15 is the maximum hop count for RIP, not EIGRP; this is a common confusion between distance-vector protocols. Option C (255) is wrong because 255 is the maximum hop count for OSPF (via the 'max-metric' LSA) or the TTL field in IP packets, but EIGRP defaults to 100. Option D (16) is wrong because 16 is the 'infinity' metric in RIP (indicating an unreachable route), not a hop count limit for EIGRP.

24
MCQhard

An engineer is deploying a virtual network function (VNF) on a Cisco NFVIS host. The VNF requires four virtual NICs, each connected to a different network segment. The engineer creates four bridges on NFVIS and attaches each vNIC to a separate bridge. After deployment, the VNF can only communicate on the first bridge. What is the most likely cause?

A.The bridges are all mapped to the same physical interface without subinterfaces, causing a conflict.
B.The VNF's operating system does not support multiple NICs.
C.The vNICs have duplicate MAC addresses.
D.The bridges were created in the wrong order.
AnswerA

Correct because each bridge must be associated with a unique physical interface or subinterface; otherwise, only one bridge works.

Why this answer

In Cisco NFVIS, bridges are Layer 2 forwarding constructs that must be mapped to a physical interface (or subinterface) to provide external connectivity. When multiple bridges are all mapped to the same physical interface without using subinterfaces (e.g., GigabitEthernet0/0), they share the same VLAN and MAC domain, causing traffic from the second, third, and fourth bridges to be dropped or misdirected. The VNF can only communicate on the first bridge because that bridge's vNIC is the only one that successfully establishes a valid forwarding path through the physical interface.

Exam trap

Cisco often tests the misconception that bridges in NFVIS are isolated by default, when in fact they require explicit mapping to unique physical interfaces or subinterfaces to avoid Layer 2 conflicts.

How to eliminate wrong answers

Option B is wrong because modern VNF operating systems (e.g., Linux, Cisco IOS XE) fully support multiple NICs; the issue is not OS-level but NFVIS bridge configuration. Option C is wrong because NFVIS automatically assigns unique MAC addresses to each vNIC from a pool, and duplicate MACs would cause a different symptom (e.g., ARP flapping) rather than total loss of communication on all but one bridge. Option D is wrong because the order in which bridges are created has no effect on their functionality; NFVIS treats all bridges equally regardless of creation sequence.

25
MCQeasy

An engineer is deploying a virtual router (vRouter) on a Cisco NFVIS host. The vRouter needs to advertise routes to a physical router connected to the host's management port. The engineer configures the vRouter with an IP address on the same subnet as the management port. However, the physical router does not receive any routing updates. What should the engineer do to enable route exchange?

A.Configure a static route on the vRouter pointing to the physical router.
B.Enable OSPF on the vRouter's management interface.
C.Change the management port to a trunk port to carry routing updates.
D.Connect the vRouter to a data plane interface (e.g., a bridge connected to a physical data port) instead of the management port.
AnswerD

Correct because routing protocols should run over data plane interfaces, not the management port.

Why this answer

Option D is correct because in Cisco NFVIS, the management port is isolated from the data plane and is intended only for out-of-band management traffic. Routing protocols like OSPF or BGP cannot exchange routes over the management interface because it lacks the necessary data-plane forwarding capabilities. To advertise routes to a physical router, the vRouter must be connected to a data plane interface, such as a bridge mapped to a physical data port, which supports routing protocol adjacency and packet forwarding.

Exam trap

Cisco often tests the misconception that the management port can be used for data-plane functions like routing protocol exchange, when in fact NFVIS strictly isolates management traffic to a separate bridge that does not support Layer 3 routing adjacencies.

How to eliminate wrong answers

Option A is wrong because configuring a static route on the vRouter pointing to the physical router would only install a route in the vRouter's routing table; it does not cause the vRouter to advertise routes to the physical router, so no route exchange occurs. Option B is wrong because enabling OSPF on the vRouter's management interface is ineffective; the management port in NFVIS is a control-plane-only interface that does not support routing protocol adjacency or data-plane forwarding, so OSPF neighbors will not form. Option C is wrong because changing the management port to a trunk port does not enable routing protocol exchange; the management port is still isolated from the data plane and cannot carry routing updates regardless of trunking configuration.

26
MCQeasy

A network team must design a QoS policy for a WAN link that carries voice, video, and data. The policy must ensure that voice traffic is never dropped, even during congestion. Which queuing mechanism should be used for the voice class?

A.Class-based weighted fair queuing (CBWFQ).
B.Low-latency queuing (LLQ).
C.Weighted random early detection (WRED).
D.First-in, first-out (FIFO) queuing.
AnswerB

LLQ combines strict priority with CBWFQ, ensuring voice is never dropped.

Why this answer

Low-latency queuing (LLQ) is the correct choice because it combines strict priority queuing with CBWFQ, allowing voice traffic to be placed in a strict priority queue that is serviced first before any other queues. This ensures that voice packets are never dropped due to congestion, as long as the configured policer rate is not exceeded, meeting the requirement that voice traffic is never dropped.

Exam trap

Cisco often tests the misconception that CBWFQ alone can provide low latency for voice, but the trap is that CBWFQ lacks a strict priority queue, so only LLQ guarantees zero drops for real-time traffic during congestion.

How to eliminate wrong answers

Option A is wrong because CBWFQ provides guaranteed bandwidth for each class but does not include a strict priority queue, so voice traffic could still experience delay or drop during congestion if the queue is full. Option C is wrong because WRED is a congestion avoidance mechanism that proactively drops packets before a queue is full, which would cause voice drops and is unsuitable for real-time traffic that requires zero drops. Option D is wrong because FIFO queuing treats all traffic equally with no priority, so during congestion voice packets would be dropped along with other traffic, violating the requirement.

27
MCQmedium

A company is deploying a virtualized network function (VNF) on a KVM-based host. The VNF requires dedicated CPU cores and must avoid performance interference from other VMs. Which hypervisor configuration best meets these requirements?

A.Enable CPU overcommitment and use a single NUMA node.
B.Configure CPU pinning and use dedicated NUMA nodes.
C.Use VMware vSphere with DRS set to Aggressive.
D.Deploy the VNF as a container instead of a VM.
AnswerB

CPU pinning and dedicated NUMA nodes minimize interference and improve performance.

Why this answer

Option B is correct because CPU pinning binds the VNF's vCPUs to specific physical cores, ensuring dedicated CPU resources and preventing interference from other VMs. Using dedicated NUMA nodes further optimizes memory locality, reducing latency and avoiding cross-NUMA memory access, which is critical for performance-sensitive VNFs.

Exam trap

Cisco often tests the distinction between hypervisor-agnostic concepts (like CPU pinning) and vendor-specific features (like VMware DRS), and the trap here is that candidates may choose VMware options even when the question explicitly specifies a KVM-based host.

How to eliminate wrong answers

Option A is wrong because CPU overcommitment allows multiple VMs to share physical cores, which can cause performance interference and is the opposite of dedicated resource requirements. Option C is wrong because VMware vSphere with DRS set to Aggressive is a VMware-specific solution, not a KVM-based hypervisor configuration, and DRS focuses on load balancing rather than dedicated CPU pinning. Option D is wrong because deploying the VNF as a container does not provide dedicated CPU cores in the same way as CPU pinning; containers share the host OS kernel and can still experience resource contention without explicit CPU affinity settings.

28
Drag & Dropmedium

Drag and drop the steps of NFVI resource allocation and VNF instantiation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with the NFVI administrator creating a tenant and allocating compute, storage, and network resources. Then the VNF descriptor is uploaded to the NFVO, which triggers the VNFM to request resource reservation. After resources are reserved, the VNFM instantiates the VNF using the allocated resources.

Finally, the VNF is configured and activated to provide the intended service.

29
MCQmedium

An architect is designing an SD-Access fabric for a large enterprise campus. The design must support segmentation based on user identity and device type, and must integrate with Cisco ISE. Which fabric component and protocol should be used to enforce micro-segmentation?

A.Use VXLAN with BGP EVPN for segmentation.
B.Deploy Cisco TrustSec with SGTs and integrate with ISE.
C.Use LISP to map endpoints to virtual networks.
D.Implement VLAN-based segmentation with 802.1X.
AnswerB

TrustSec uses SGTs for identity-based micro-segmentation, and ISE provides policy management.

Why this answer

Cisco TrustSec with Security Group Tags (SGTs) is the correct choice because it provides identity- and device-type-based micro-segmentation in an SD-Access fabric. SGTs are assigned by Cisco ISE based on user/device attributes, and the fabric enforces policies by tagging packets with SGTs, allowing granular traffic filtering regardless of IP address or VLAN.

Exam trap

Cisco often tests the distinction between macro-segmentation (VXLAN/VRF) and micro-segmentation (SGT/TrustSec), and the trap here is assuming VXLAN with BGP EVPN alone provides identity-based segmentation, when it only creates separate overlay networks.

How to eliminate wrong answers

Option A is wrong because VXLAN with BGP EVPN provides network virtualization and macro-segmentation (overlay networks), not identity-based micro-segmentation; it lacks the per-user/per-device policy enforcement that SGTs offer. Option C is wrong because LISP is used for endpoint mapping and location/identity separation in SD-Access, but it does not enforce micro-segmentation policies; that role belongs to SGTs and Cisco TrustSec. Option D is wrong because VLAN-based segmentation with 802.1X only provides network-level isolation and authentication, not granular, identity-aware micro-segmentation across the fabric; it cannot dynamically enforce policies based on user identity and device type beyond initial access.

30
Drag & Dropmedium

Drag and drop the steps of NFVI resource allocation and VNF instantiation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The NFVI resource allocation and VNF instantiation process begins with the NFVO receiving a VNF instantiation request, then the NFVO requests the VIM to allocate compute, storage, and network resources. The VIM allocates the resources and provides the resource IDs. The NFVO then instructs the VNFM to instantiate the VNF.

Finally, the VNFM instantiates the VNF on the allocated resources.

31
MCQmedium

An enterprise is migrating its data center to a leaf-spine architecture. The design must provide high availability and support for east-west traffic patterns. Which design choice best meets these requirements?

A.Deploy a collapsed core with a single pair of core switches.
B.Use a three-tier hierarchical design with access, distribution, and core layers.
C.Implement a leaf-spine topology with multiple spine switches and ECMP.
D.Use a ring topology connecting all switches in a loop.
AnswerC

Leaf-spine with ECMP provides high bandwidth, low latency, and redundancy for east-west traffic.

Why this answer

A leaf-spine topology with multiple spine switches and Equal-Cost Multi-Path (ECMP) routing provides high availability by eliminating single points of failure and supports east-west traffic patterns by ensuring that any leaf switch can reach any other leaf switch with a consistent number of hops (typically one hop via a spine). ECMP allows load balancing across all available spine links, maximizing bandwidth and redundancy for data center east-west flows.

Exam trap

Cisco often tests the misconception that a three-tier design is always more reliable or that a collapsed core is sufficient for modern data centers, but the trap here is that candidates overlook the specific requirement for east-west traffic patterns, which demands a flat, non-blocking fabric like leaf-spine with ECMP rather than traditional hierarchical or ring topologies.

How to eliminate wrong answers

Option A is wrong because a collapsed core with a single pair of core switches still creates a bottleneck for east-west traffic, as all inter-subnet traffic must traverse the core pair, and it does not provide the same level of scalability or deterministic latency as a full leaf-spine design. Option B is wrong because a three-tier hierarchical design (access, distribution, core) introduces additional latency and oversubscription for east-west traffic, as traffic between access switches must traverse both distribution and core layers, which is suboptimal for modern data center east-west patterns. Option D is wrong because a ring topology creates a single loop that can cause broadcast storms and relies on Spanning Tree Protocol (STP) to block redundant paths, leading to inefficient use of links and potential convergence delays, which violates high availability and east-west traffic requirements.

32
MCQmedium

A company uses Cisco NFVIS to host a virtual ASA (vASA) and a virtual router (vRouter). The engineer notices that the vASA cannot communicate with the vRouter even though both are on the same NFVIS host. The vASA is connected to a bridge network, and the vRouter is connected to a different bridge. What should the engineer do to enable communication between the two VNFs?

A.Connect a physical cable between two ports on the NFVIS host.
B.Create a new bridge that connects both VNFs, or use a virtual switch to route between the bridges.
C.Configure VLAN tagging on both VNFs with the same VLAN ID.
D.Add a static route on each VNF pointing to the other VNF's IP address.
AnswerB

Correct because placing both VNFs on the same bridge allows Layer 2 communication; alternatively, a virtual router can route between bridges.

Why this answer

In NFVIS, VNFs attached to different bridge networks are isolated at Layer 2. To enable communication between them, you must either create a new bridge that connects both VNFs or use a virtual switch (e.g., a Linux bridge with routing enabled) to forward traffic between the two bridges. This allows the VNFs to share a common Layer 2 domain or have a routed path through the hypervisor.

Exam trap

Cisco often tests the misconception that VLAN tagging alone can connect VNFs across different bridges, but VLANs only segment traffic within a single bridge and do not create connectivity between separate bridges.

How to eliminate wrong answers

Option A is wrong because physically cabling ports on the NFVIS host would create a loop or require external hardware, and NFVIS does not support direct physical loopback connections for internal VNF-to-VNF traffic. Option C is wrong because VLAN tagging alone does not bridge separate bridge networks; both VNFs would need to be on the same bridge with matching VLANs for Layer 2 connectivity. Option D is wrong because static routes only work if there is already a Layer 3 path between the VNFs; with different bridges, there is no connectivity at Layer 2 or Layer 3 without an intermediate router or bridge.

33
MCQeasy

A network team must design QoS for a campus network that carries voice, video, and data traffic. The design must use the DiffServ model and ensure that voice traffic is prioritized over all other traffic classes. Which DSCP marking and queuing strategy should be used for voice?

A.Mark voice with AF41 and place in a weighted fair queue.
B.Mark voice with EF and place in a strict priority queue.
C.Mark voice with CS3 and place in a low-latency queue.
D.Mark voice with BE and rely on WRED for drop precedence.
AnswerB

EF (DSCP 46) is the standard marking for voice, and strict priority queue ensures minimal delay.

Why this answer

Option B is correct because voice traffic requires strict priority to ensure minimal jitter and latency. DSCP EF (Expedited Forwarding, per RFC 3246) is the standard marking for real-time traffic like voice, and placing it in a strict priority queue (LLQ) guarantees that voice packets are serviced before any other queue, which is essential for meeting QoS requirements in a DiffServ model.

Exam trap

The trap here is that candidates often confuse AF41 (used for video) with voice marking, or assume that any low-latency queue (LLQ) works regardless of DSCP value, but Cisco specifically tests that voice must use EF and strict priority queue, not just any low-latency queue.

How to eliminate wrong answers

Option A is wrong because AF41 (Assured Forwarding class 4, low drop probability) is designed for traffic that can tolerate some delay and jitter, such as video conferencing, not for voice which needs strict priority; weighted fair queue does not provide the absolute priority required for voice. Option C is wrong because CS3 (Class Selector 3) is a legacy marking that does not guarantee low latency or strict priority; while a low-latency queue (LLQ) is correct, the DSCP marking must be EF for voice, not CS3. Option D is wrong because BE (Best Effort, DSCP 0) is the default marking for non-priority traffic, and WRED (Weighted Random Early Detection) is a congestion avoidance mechanism that drops packets before queue overflow, which is unsuitable for voice as it introduces jitter and packet loss.

34
Drag & Dropmedium

Drag and drop the steps of deploying a virtual router as a VNF into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Deploying a virtual router VNF starts with uploading the image, then creating the VM, attaching virtual interfaces, configuring routing protocols, and finally verifying connectivity.

35
Matchingmedium

Drag and drop each NFV management layer on the left to its matching function on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Lifecycle management (instantiation, scaling, termination) of a VNF

Orchestration of network services and resource inventory management

Management of NFVI compute, storage, and network resources

Service ordering, billing, and fault management

Element management for a specific VNF type

Why these pairings

VNFM manages individual VNFs, NFVO handles orchestration and resource inventory, VIM controls NFVI resources.

36
Drag & Dropmedium

Drag and drop the steps of Cisco NSO service provisioning workflow into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The Cisco NSO workflow starts with the operator defining a service in YANG model. Then NSO maps the service to device configurations using a service template. Next, NSO pushes the configuration to network devices via NETCONF.

After that, NSO updates the service database with the operational state. Finally, NSO verifies the service by checking device state and alarms.

37
Matchingmedium

Drag and drop each NFV component on the left to its matching role on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Software instance of a network function running on NFVI

Compute, storage, and networking resources that host VNFs

Framework for lifecycle management and orchestration of NFV resources

Abstraction layer that decouples VNF software from underlying hardware

Manages fault, configuration, accounting, performance, and security for a VNF

Why these pairings

VNFs are software implementations of network functions; NFVI provides the infrastructure; MANO orchestrates and manages the lifecycle.

38
MCQmedium

An engineer is managing a Cisco NFVIS host running multiple virtual network functions (VNFs). The engineer needs to upgrade the NFVIS software to a new version that includes critical security patches. The upgrade process must minimize downtime. Which upgrade method should the engineer use?

A.Use the 'patch install' command to apply the upgrade without rebooting.
B.Use the 'software install add' command to stage the image, then 'activate' and 'commit' with a single reboot.
C.Perform a clean installation of the new NFVIS version and redeploy all VNFs.
D.Migrate all VNFs to another NFVIS host, then upgrade the original host.
AnswerB

Correct because this method stages the upgrade and applies it with one reboot, minimizing downtime.

Why this answer

Option B is correct because the 'software install add' command stages the new NFVIS image, followed by 'activate' and 'commit' with a single reboot, which minimizes downtime by performing the upgrade in a single reboot cycle. This method is the recommended approach for upgrading NFVIS while preserving existing VNF configurations and minimizing service disruption.

Exam trap

Cisco often tests the misconception that NFVIS upgrades can be applied without a reboot, but the correct method always requires a single reboot to activate the new software version.

How to eliminate wrong answers

Option A is wrong because NFVIS does not support a 'patch install' command that applies upgrades without a reboot; security patches typically require a system reboot to load the new kernel and services. Option C is wrong because a clean installation and redeployment of all VNFs would cause maximum downtime and is not the intended upgrade method for minimizing disruption. Option D is wrong because migrating all VNFs to another NFVIS host is a valid disaster recovery or maintenance technique but is not the standard upgrade method for a single host and introduces additional complexity and potential downtime.

39
Drag & Dropmedium

Drag and drop the steps of VNF service chain instantiation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Service chain instantiation begins with defining the chain, then selecting VNFs, allocating resources, connecting VNFs via virtual links, and finally testing the chain to verify functionality.

40
MCQhard

A network engineer is troubleshooting a performance issue with a virtual firewall (vFW) running on a Cisco NFVIS host. The vFW is experiencing high packet loss during peak traffic. The engineer checks the NFVIS monitoring dashboard and sees that the vFW's CPU usage is low, but the host's memory usage is high. What is the most likely cause of the packet loss?

A.The vFW is CPU-bound, but the monitoring is inaccurate.
B.The host's CPU is oversubscribed, causing vCPU starvation.
C.The host is under memory pressure, causing the hypervisor to swap or balloon memory from the vFW.
D.The vFW's packet buffer is exhausted, but the monitoring does not show it.
AnswerC

Correct because high host memory usage can lead to memory reclaiming, which impacts vFW performance and causes packet loss.

Why this answer

When the NFVIS host experiences high memory pressure, the hypervisor may reclaim memory from virtual machines (VMs) using mechanisms such as ballooning or swapping. This reduces the memory available to the vFW, causing it to drop packets because its packet buffers or operating system memory are forcibly reclaimed. The vFW's CPU remains low because the bottleneck is memory, not processing power.

Exam trap

Cisco often tests the distinction between CPU and memory bottlenecks in virtualized environments, where candidates mistakenly assume high packet loss must be CPU-related, ignoring that memory pressure from the hypervisor can cause the vFW to lose packets even when its CPU is idle.

How to eliminate wrong answers

Option A is wrong because the monitoring dashboard shows low CPU usage, and NFVIS monitoring is generally accurate for CPU metrics; the issue is not CPU-bound. Option B is wrong because the problem statement indicates low vFW CPU usage and high host memory usage, not high host CPU usage or vCPU starvation; CPU oversubscription would manifest as high CPU ready times, not memory pressure. Option D is wrong because packet buffer exhaustion would typically be caused by insufficient memory allocation to the vFW or memory pressure from the host, but the monitoring would show buffer drops or memory usage; the question states the host's memory is high, pointing to host-level memory pressure as the root cause.

41
MCQmedium

An enterprise is deploying a virtual router (vRouter) as part of its NFV infrastructure. The engineer needs to ensure that the vRouter can handle a sudden spike in traffic without dropping packets. The vRouter is running on a KVM hypervisor. What should the engineer configure to guarantee CPU resources for the vRouter during peak demand?

A.Enable memory ballooning on the vRouter VM.
B.Configure CPU pinning and CPU reservation for the vRouter VM.
C.Enable DPDK on the vRouter's virtual NICs.
D.Set the vRouter VM to use NUMA node pinning.
AnswerB

Correct because CPU pinning dedicates specific cores to the VM and reservation guarantees minimum CPU, preventing contention.

Why this answer

CPU pinning binds the vRouter's virtual CPUs to specific physical cores, preventing other processes from using them, while CPU reservation guarantees a minimum amount of CPU capacity. Together, they ensure deterministic CPU availability during traffic spikes, preventing packet drops due to resource contention on the KVM hypervisor.

Exam trap

Cisco often tests the distinction between resource optimization (DPDK, NUMA) and resource guarantee (pinning, reservation), leading candidates to pick DPDK because it is associated with high performance, even though it does not guarantee CPU availability under contention.

How to eliminate wrong answers

Option A is wrong because memory ballooning adjusts VM memory dynamically, not CPU resources, and can actually degrade performance by reclaiming memory under pressure. Option C is wrong because DPDK accelerates packet processing by bypassing the kernel network stack, but it does not guarantee CPU resources; it requires CPU isolation (like pinning) to work effectively. Option D is wrong because NUMA node pinning optimizes memory locality and latency but does not guarantee CPU capacity; it is a topology-aware placement, not a resource reservation mechanism.

42
Multi-Selecthard

Which three statements about NFV and its relationship with SDN are true? (Choose three.)

Select 3 answers
A.NFV can leverage SDN to dynamically create and manage network paths between VNFs.
B.SDN can provide the network abstraction that allows NFV to decouple network functions from underlying hardware.
C.NFV and SDN are independent technologies that can be deployed separately or together.
D.SDN is a prerequisite for implementing NFV in any network environment.
E.NFV requires SDN to perform service function chaining.
AnswersA, B, C

Correct because SDN provides programmable network control, enabling automated connectivity between VNFs.

Why this answer

NFV and SDN are complementary but independent technologies. NFV focuses on virtualizing network functions, while SDN separates the control and data planes for centralized network control. They can be used together to enhance flexibility and automation.

Option A is correct because NFV can use SDN to provide dynamic network connectivity between VNFs. Option B is correct because SDN can provide the network abstraction needed for NFV. Option C is correct because they are independent; one can be deployed without the other.

Option D is incorrect because SDN is not a requirement for NFV; NFV can work with traditional networking. Option E is incorrect because NFV does not require SDN for service chaining; it can use other methods like policy-based routing.

43
MCQeasy

A company is deploying a virtual WAN optimizer (vWAAS) on a Cisco NFVIS host. The engineer needs to ensure that the vWAAS can intercept traffic between two VNFs running on the same host. The traffic currently flows directly between the VNFs without passing through the vWAAS. What should the engineer configure to redirect the traffic?

A.Create a service chain in NFVIS that places the vWAAS between the two VNFs.
B.Configure a static route on each VNF pointing to the vWAAS.
C.Enable WCCP on the vWAAS and configure the VNFs to use WCCP.
D.Use policy-based routing on the VNFs to forward traffic to the vWAAS.
AnswerA

Correct because service chaining allows traffic to be steered through VNFs in a specified order.

Why this answer

Option A is correct because NFVIS supports service chaining, which allows an administrator to define a sequence of VNFs that traffic must traverse. By creating a service chain that places the vWAAS between the two VNFs, NFVIS will automatically redirect the traffic through the vWAAS using internal bridging or vSwitch forwarding rules, without requiring any configuration changes on the VNFs themselves.

Exam trap

The trap here is that candidates often assume traffic redirection between VNFs must be done at Layer 3 (routing) using static routes or PBR, but Cisco tests the understanding that NFVIS service chaining operates at Layer 2 within the hypervisor, providing transparent interception without modifying the VNFs.

How to eliminate wrong answers

Option B is wrong because static routes on the VNFs would only affect traffic destined for specific subnets, not intercept all traffic between them; moreover, the VNFs would need to know the vWAAS as a next hop, which does not solve the problem of redirecting traffic that currently flows directly. Option C is wrong because WCCP (Web Cache Communication Protocol) is designed for redirecting traffic to a cache engine or WAN optimizer in a network, but it requires WCCP support on the routers or switches, not on VNFs running on the same NFVIS host, and the VNFs themselves typically do not run WCCP. Option D is wrong because policy-based routing (PBR) on the VNFs would require modifying the routing configuration of each VNF, which is complex, not scalable, and defeats the purpose of using NFVIS service chaining to handle traffic redirection transparently at the hypervisor level.

44
Drag & Dropmedium

Drag and drop the steps of VNF life cycle management into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order follows the ETSI NFV lifecycle: first onboard the VNF package, then instantiate the VNF, configure the VNF, scale the VNF as needed, and finally terminate the VNF when no longer required.

45
MCQmedium

Consider the following BGP configuration: router bgp 65000 bgp router-id 1.1.1.1 neighbor 10.1.1.2 remote-as 65001 neighbor 10.1.1.2 route-map SET_MED out ! route-map SET_MED permit 10 set metric 50 What is the effect of this configuration?

A.Routes advertised to 10.1.1.2 will have the MED set to 50, influencing inbound path selection in AS 65001.
B.Routes advertised to 10.1.1.2 will have the MED set to 50, influencing outbound path selection from AS 65000.
C.Routes received from 10.1.1.2 will have the MED set to 50.
D.The MED value will be set to 50 for all routes in the BGP table.
AnswerA

Correct. The route-map sets MED on outbound updates, affecting how AS 65001 selects the path to reach networks in AS 65000.

Why this answer

The route-map SET_MED is applied to outbound updates to neighbor 10.1.1.2, setting the MED (Multi-Exit Discriminator) attribute to 50. MED is a metric that influences inbound path selection in the neighboring AS (AS 65001), telling its routers which path to prefer when multiple entry points exist into AS 65000. Therefore, option A correctly describes the effect.

Exam trap

Cisco often tests the distinction between inbound and outbound route-map application, and the trap here is confusing that MED influences inbound path selection in the receiving AS, not outbound path selection from the advertising AS.

How to eliminate wrong answers

Option B is wrong because MED influences inbound path selection into the AS that advertises the routes, not outbound path selection from the advertising AS. Option C is wrong because the route-map is applied 'out' (outbound), not 'in' (inbound), so it affects routes sent to the neighbor, not received from it. Option D is wrong because the route-map only applies to routes advertised to neighbor 10.1.1.2, not to all routes in the BGP table.

46
MCQhard

A service provider wants to deploy a virtualized firewall as a VNF in a service chain. The VNF must be inserted transparently into the traffic path without requiring changes to the existing IP addressing. Which service chaining method should the architect choose?

A.Use static routing to point traffic to the VNF.
B.Implement policy-based routing (PBR) to redirect traffic to the VNF.
C.Deploy the VNF in inline mode with proxy ARP.
D.Use VRF-lite to separate traffic and route through the VNF.
AnswerB

PBR allows traffic to be redirected based on policies without changing IP addressing.

Why this answer

Policy-based routing (PBR) allows the architect to redirect traffic to the VNF based on match criteria such as source/destination IP or protocol, without altering the existing IP addressing scheme. This enables transparent insertion of the VNF into the service chain, as PBR overrides the routing table for selected traffic and forwards it to the virtualized firewall, while the original IP headers remain unchanged.

Exam trap

Cisco often tests the misconception that inline mode with proxy ARP is the simplest transparent insertion method, but candidates overlook that proxy ARP modifies Layer 2 behavior and can break transparency, whereas PBR operates at Layer 3 without altering IP addressing.

How to eliminate wrong answers

Option A is wrong because static routing requires modifying the routing table to point traffic to the VNF, which changes the next-hop behavior and may disrupt existing IP addressing or routing policies. Option C is wrong because deploying the VNF in inline mode with proxy ARP would require the VNF to respond to ARP requests on behalf of other devices, altering the Layer 2 topology and potentially causing IP address conflicts or transparency issues. Option D is wrong because VRF-lite separates traffic into different routing tables, but it does not inherently redirect traffic through the VNF without additional routing changes, and it adds complexity without achieving transparent insertion.

47
Drag & Dropmedium

Drag and drop the steps of VNF scaling up and scaling out into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Scaling begins with the VNFM monitoring performance metrics against thresholds. When a threshold is exceeded, the VNFM triggers a scaling action. For scale-up, additional resources are allocated to the existing VNF instance.

For scale-out, a new VNF instance is instantiated. Finally, load balancing is updated to distribute traffic across all instances.

48
Multi-Selectmedium

Which two statements about NFV performance considerations are true? (Choose two.)

Select 2 answers
A.SR-IOV allows a virtual function (VF) to be directly assigned to a VM, providing near-native network performance.
B.NUMA awareness is the primary technique to improve NFV packet processing performance.
C.DPDK provides a set of libraries and drivers for fast packet processing in user space, bypassing the kernel network stack.
D.Using a virtual switch with multiple bonded uplinks eliminates the need for any performance optimization.
E.NFV performance is inherently lower than physical appliances and cannot be improved.
AnswersA, C

Correct because SR-IOV enables direct assignment of PCIe functions to VMs, bypassing the hypervisor virtual switch and reducing latency.

Why this answer

NFV performance can be improved using various acceleration techniques. Single Root I/O Virtualization (SR-IOV) allows a physical NIC to be directly assigned to a VM, bypassing the hypervisor's virtual switch for better performance. Data Plane Development Kit (DPDK) provides a set of libraries for fast packet processing in user space.

Option A is correct because SR-IOV provides near-native performance. Option C is correct because DPDK accelerates packet processing. Option B is incorrect because NUMA awareness helps but is not the primary technique.

Option D is incorrect because vSwitch bonding does not eliminate the vSwitch overhead. Option E is incorrect because NFV performance can be optimized with software techniques.

49
MCQmedium

A company is deploying a virtualized router (CSR1000v) on VMware vSphere. The VNF must support high throughput and low latency. Which vSphere configuration option should the architect select to optimize network performance?

A.Use the default e1000 NIC driver.
B.Enable SR-IOV on the physical NIC and assign virtual functions to the VM.
C.Use VMXNET3 paravirtualized NIC.
D.Configure the VM with multiple vCPUs and large memory.
AnswerB

SR-IOV provides near-native performance by direct hardware access.

Why this answer

SR-IOV (Single Root I/O Virtualization) allows a physical NIC to present multiple virtual functions (VFs) directly to a VM, bypassing the hypervisor's virtual switch. This reduces latency and CPU overhead, making it ideal for high-throughput, low-latency VNFs like the CSR1000v. Option B is correct because SR-IOV provides near-native performance by allowing the VM to directly access the NIC hardware.

Exam trap

Cisco often tests the misconception that VMXNET3 is the best performance option for all VNFs, but the trap here is that SR-IOV is required when the question explicitly demands 'high throughput and low latency' because it eliminates hypervisor overhead.

How to eliminate wrong answers

Option A is wrong because the default e1000 NIC driver is a fully emulated, legacy driver that introduces significant CPU overhead and poor performance, unsuitable for high-throughput VNFs. Option C is wrong because while VMXNET3 is a paravirtualized NIC that offers better performance than e1000, it still passes through the hypervisor's virtual switch, adding latency compared to SR-IOV's direct hardware access. Option D is wrong because simply adding more vCPUs and memory does not optimize network performance; it can even cause contention or scheduling overhead without addressing the I/O path bottleneck.

50
Matchingmedium

Drag and drop each hypervisor type on the left to its matching characteristic on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Runs directly on physical hardware without a host OS

Runs on top of an existing operating system

Example of a Type 1 hypervisor

Example of a Type 2 hypervisor

Linux-based Type 1 hypervisor that is part of the kernel

Why these pairings

Type 1 hypervisors run directly on hardware and are common in data centers; Type 2 run on a host OS and are used for desktop virtualization.

51
Matchingeasy

Drag and drop each VNF category on the left to its matching example on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cisco CSR 1000v

Cisco ASAv

Citrix ADC VPX

Cisco vWAAS

Cisco Nexus 1000V

Why these pairings

Virtual routers, firewalls, and load balancers are common VNF categories.

52
Multi-Selecteasy

Which three statements about NFV use cases and deployment models are true? (Choose three.)

Select 3 answers
A.Virtual CPE (vCPE) is a common NFV use case that replaces physical routers and firewalls at customer sites with software-based functions.
B.Virtual Evolved Packet Core (vEPC) virtualizes mobile core network functions such as MME, SGW, and PGW.
C.NFV can be deployed on-premises, in a private cloud, or in a public cloud infrastructure.
D.NFV requires dedicated hardware appliances for each virtualized network function.
E.NFV deployments are limited to static, non-scalable configurations.
AnswersA, B, C

Correct because vCPE is a well-known NFV application where network functions like routing and firewall run as VNFs on standard hardware at the customer premises or in the cloud.

Why this answer

NFV is used to virtualize various network functions. Virtual CPE (vCPE) replaces physical customer premises equipment with software running on standard hardware. Virtual Evolved Packet Core (vEPC) is a key use case in mobile networks.

NFV can be deployed on-premises or in the cloud. Option A is correct because vCPE is a common NFV use case. Option B is correct because vEPC virtualizes mobile core functions.

Option C is correct because NFV supports both on-prem and cloud deployment. Option D is incorrect because NFV does not require dedicated hardware; it uses standard servers. Option E is incorrect because NFV can scale dynamically, not just statically.

53
MCQmedium

A company is migrating its legacy firewall services to a virtualized environment using Cisco NFV. The network engineer deploys a virtual firewall (vFW) on an NFVIS-enabled UCS platform. After the deployment, traffic through the vFW is intermittent and performance monitoring shows high CPU usage on the host. Which action should the engineer take to improve performance?

A.Enable SR-IOV on the physical NICs and assign VFs to the vFW.
B.Increase the number of vCPUs allocated to the vFW VM.
C.Configure QoS policies on the vFW to prioritize traffic.
D.Disable hyperthreading on the host CPU.
AnswerA

Correct because SR-IOV allows the vFW to directly access the physical NIC, reducing CPU overhead and improving throughput.

Why this answer

SR-IOV (Single Root I/O Virtualization) allows a physical NIC to present multiple virtual functions (VFs) directly to a VM, bypassing the hypervisor's virtual switch and reducing CPU overhead for packet processing. In an NFVIS environment, high host CPU usage with intermittent traffic indicates that the vFW is consuming excessive CPU cycles due to software-based I/O. Assigning VFs to the vFW offloads packet handling to the NIC hardware, lowering host CPU utilization and stabilizing traffic.

Exam trap

The trap here is that candidates often assume adding more vCPUs (Option B) will solve performance issues, but Cisco tests the understanding that I/O bottlenecks in NFV are typically resolved by hardware offload techniques like SR-IOV, not by increasing compute resources.

How to eliminate wrong answers

Option B is wrong because increasing vCPUs can actually worsen CPU contention and overhead in a virtualized environment, especially if the bottleneck is I/O processing rather than compute capacity. Option C is wrong because QoS policies manage traffic prioritization but do not reduce the underlying CPU overhead caused by inefficient I/O virtualization; they may even add additional processing load. Option D is wrong because disabling hyperthreading reduces logical CPU cores, which can decrease overall throughput and increase latency, contrary to the goal of improving performance.

54
Matchingmedium

Drag and drop each hypervisor type on the left to its matching characteristic on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Runs directly on physical hardware without a host OS

Runs on top of an existing operating system

Example of a Type 1 hypervisor

Example of a Type 2 hypervisor

Type 1 hypervisor (Linux kernel-based)

Why these pairings

Type 1 hypervisors run directly on hardware (bare-metal), while Type 2 run on a host OS.

55
Matchingmedium

Drag and drop each service chaining element on the left to its matching position in the chain on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Entry point that identifies and steers traffic into a service chain

Node that forwards traffic to the next service function in the chain

Individual VNF that processes traffic (e.g., firewall, load balancer)

Ordered list of service functions that traffic must traverse

Encapsulation header that carries chain context between SFFs

Why these pairings

Service chaining steers traffic through a sequence of VNFs; classifiers identify traffic; SFC encapsulation maintains chain context.

56
Drag & Dropmedium

Drag and drop the steps of Cisco NSO service provisioning workflow into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Cisco NSO service provisioning begins with the operator or OSS sending a service request to NSO via NETCONF/RESTCONF. NSO then processes the service model and creates a service instance. NSO uses device templates and YANG models to generate device configurations.

NSO pushes the configuration to the network devices using NETCONF. Finally, NSO verifies the service is operational and updates the service state.

57
Multi-Selectmedium

Which two statements about NFV architecture and components are true? (Choose two.)

Select 2 answers
A.The NFV Infrastructure (NFVI) includes compute, storage, and networking resources that host VNFs.
B.Virtual Network Functions (VNFs) are software implementations of network functions that run on virtualized infrastructure.
C.Each VNF must be deployed on its own dedicated physical server to ensure performance isolation.
D.The Virtualized Infrastructure Manager (VIM) is responsible for managing the lifecycle of VNFs.
E.The NFV Orchestrator is primarily responsible for allocating virtual resources to VNFs.
AnswersA, B

Correct because the NFVI provides the virtualized resources (compute, storage, network) upon which VNFs are deployed.

Why this answer

NFV decouples network functions from dedicated hardware. The NFV Infrastructure includes compute, storage, and networking resources. VNFs run on top of the NFVI.

The NFV MANO framework orchestrates and manages these components. Option A is correct because NFVI provides the virtualized resources. Option B is correct because VNFs are software implementations of network functions.

Option C is incorrect because NFV does not require dedicated hardware per VNF; it relies on shared infrastructure. Option D is incorrect because VNFs are managed by the VNFM, not the VIM. Option E is incorrect because the NFV Orchestrator handles lifecycle management, not just resource allocation.

58
Matchingmedium

Drag and drop each NFV component on the left to its matching role on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Virtualized network function software (e.g., virtual router)

Physical and virtual resources (compute, storage, networking)

Orchestration and lifecycle management framework

Manages NFVI resources (e.g., OpenStack)

Manages lifecycle of individual VNFs

Why these pairings

VNF is the virtualized network function software; NFVI is the infrastructure of compute, storage, and networking; MANO handles orchestration and lifecycle management.

Ready to test yourself?

Try a timed practice session using only Network Function Virtualization questions.