Deck 22: Securing Networks with Cisco Firepower (300-710 SNCF)

A) The default reference bandwidth is 10 Gbps.
B) OSPF does not require additional licenses.
C) The OSPF area can be configured by using decimal notation only.
D) Redistributing routes into OSPF requires a route map.
E) The secondary IP address is advertised by default.

A) atomic
B) stop-at-first-failure
C) best-effort
D) verbose

A) the maximum number of hops between any two bridges on a network
B) the number of VLANs that were removed from the MSTI
C) the VLAN that becomes the root of the MSTI
D) the maximum number of hops between any two MST instances on a network

A) ntp distribute
B) ntp server 1.2.3.4
C) ntp commit
D) ntp authenticate

A) SwitchA(config-if)# ip pim ssm default
B) SwitchA(config-if)# ip pim sparse-mode
C) SwitchA(config-if)# ip pim dense-mode
D) SwitchA(config-if)# ip pim sparse-dense-mode

A) Hosts in the ACL are denied after 10 failed login attempts occur within 180 seconds.
B) Hosts outside the ACL are allowed if more than 10 failed login attempts occur.
C) Hosts in the ACL are allowed after 10 failed login attempts occur within 180 seconds.
D) All hosts are denied if 10 failed login attempts from hosts in the ACL occur in 180 seconds.

A) SNMP requires the LAN_ENTERPRISE_SERVICES_PKG license.
B) SNMP is not VRF-aware.
C) Only users belonging to the network operator RBAC role can assign SNMP groups.
D) Cisco NX-OS supports one instance of the SNMP per VDC.
E) Cisco NX-OS only supports SNMP over IPv4.

A) AED
B) ELAN
C) ITR
D) EOBC
E) ETR

A) router ospf
B) global
C) vPC
D) interface

A) N7k (config)# feature ntp
B) N7k (config)# ntp distribute
C) N7k (config)# distribute
D) N7k (config)# ntp master

A) switch# encryption re-encrypt obfuscated switch# encryption re-encrypt obfuscated
B) switch# encryption decrypt type6 encryption decrypt type6
C) switch# key config-key ascii key config-key ascii
D) switch(config)# feature password encryption aes switch(config)# feature password encryption aes

A) a map resolver
B) a proxy ETR
C) a proxy ITR
D) an ALT

A) SwitchA(config-if)# hsrp version 2 SwitchA(config-if)# hsrp version 2
B) SwitchA(config-if)# hsrp ipv6 hsrp ipv6
C) SwitchA(config-if)# key 6 SwitchA(config-if)# key 6
D) SwitchA(config-if)# standby 6 preempt standby 6 preempt
E) SwitchA(config-if)# priority priority

A) snmp-server globalEnforceAuth
B) snmp-server user Admin enforcePriv
C) snmp-server globalEnforcePriv
D) snmp-server user Admin enforceAuth

A) BGP support is not provided, but RIP, EIGRP, and OSPF support is provided.
B) Up to two 4-port cards are supported with up to 160 Gb/s of Layer 3 forwarding capability.
C) Up to 16 FEX connections are supported.
D) Port channels cannot be configured as Layer 3 interfaces.

A) whether the specified kickstart image is compatible with the start-up config
B) whether the specified system image supports the kickstart image
C) whether bootflash is supported for the specified Cisco NX-OS images
D) whether ISSU is supported for the specified Cisco NX-OS images

A) host-dependent
B) vmac-weighted
C) dedicated-vmac-mode
D) shortest-path and weighting

A) Cisco Fabric Services does not distribute the RADIUS server group configuration or server and global keys.
B) Enabling Cisco Fabric Services causes the existing RADIUS configuration on your Cisco NX- OS device to be immediately distributed.
C) When the RADIUS configuration is being simultaneously changed on more than one device in a Cisco Fabric Services region, the most recent changes will take precedence.
D) Only the Cisco NX-OS device with the lowest IP address in the Cisco Fabric Services region can lock the RADIUS configuration.

A) M1, M2, and F1 cards are allowed in the same VDC.
B) M line cards are service-oriented and likely face the access layer and provide Layer 2 connectivity.
C) F line cards are performance-oriented and likely connect northbound to the core layer for Layer 3 connectivity.
D) M line cards support Layer 2, Layer 3, and Layer 4 with large forwarding tables and a rich feature set.
E) The F2 line card must reside in the admin VDC.

A) It prints all LLDP neighbor MAC and IP addresses.
B) It prints all Cisco Discovery Protocol neighbor MAC and IP addresses.
C) It prints all endpoint MAC and IP addresses.
D) It prints all APIC MAC and IP addresses.

A) Ensure that you have installed the Enhanced Layer 2 license and that you have installed an F Series module
B) Ensure that you have installed the Enhanced Layer 2 license and that you have installed an M Series module
C) Ensure that you have installed the Enhanced Layer 3 license and that you have installed an M Series module
D) Ensure that you have installed the Scalable Feature License license and that you have installed an F Series module

A) The API call creates a new 10G interface in the APIC.
B) The API call reads information from a managed object.
C) The API response is encoded in JSON.
D) The API call reads information from an object class.
E) The API response is encoded in XML.

A) dedicated
B) assigned
C) shared
D) community

A) Perform a rapid route convergence.
B) Initialize a standby supervisor transparently when one is present.
C) Remain in the data forwarding path through a process restart.
D) Maintain a management connection throughout a router restart.

A) Synchronous API calls wait to return until a response has been received.
B) Synchronous communication is harder to follow and troubleshoot.
C) Synchronous API calls must always use a proxy server.
D) Asynchronous communication uses more overhead for client authentication.

A) switch(config)# npiv enable
B) switch(config)# npivon
C) switch(config)# feature npiv
D) switch(config)# npiv proxy
E) switch(config)# np proxy-enable

A) Fibre Channel
B) Data Center Bridging
C) Fibre Channel over Ethernet
D) N proxy virtualization
E) N Port identifier virtualization

A) It is an IETF draft.
B) It is an IETF standard.
C) It runs over SSH.
D) It is an open source initiative.
E) It runs over HTTPS.

A) cacheable
B) trackable
C) stateless
D) single-layer system
E) stateful

A) vmac-weighted
B) dedicated-vmac-mode
C) shortest-path and weighting
D) host-dependent

A) Short, easy-to-decipher passwords will be rejected.
B) The strength of existing passwords will be checked.
C) Special characters, such as the dollar sign ($) or the percent sign (%), will not be allowed.
D) Passwords become case-sensitive.

A)
B)
C)
D)

A) VM Isolation
B) Cluster Isolation
C) Server Isolation
D) Process Isolation
E) Namespace Isolation

A)
B)
C)
D)

A) disable LAN traffic on the interface
B) configure PortFast on the access port
C) permit all VLANs on the interface
D) permit all VSANs on the interface

A) Ten objects are created and subsequently deleted.
B) Nine objects are created.
C) An exception is thrown.
D) Ten objects are created.

A) CLs
B) NAT entries
C) IPv4 routes
D) IPv6 routes
E) SPAN sessions
F) RBAC users

A) consistency of systems configuration
B) automation of repetitive tasks
C) ability to create device and interface groups
D) ability to add VLANs and routes per device
E) removal of network protocols such as Spanning Tree

A) :Method
B) ClassName:Method
C) Package:ClassName
D) MitName:Method

A) Logical and concrete domains are separated.
B) All configuration is carried out against concrete entities.
C) It allows communications with newly connected devices.
D) Network administrators configure logical and physical system resources directly.

A) python /home/admin/bootflash:deltacounters.py ethemet1/1
B) show python bootflash:deltacounters.py ethernet1/1
C) guestshell run python /home/admin/deltacounter.py ethernet1/1
D) guestshell execute python /home/admin/deltacounter.py ethernet1/1

A) uses the dcnm-token header for requests authentication after initial basic authentication
B) uses basic authentication without encoding for username and password
C) supports HTTP until release 11.0(1)
D) uses bearer key authorization
E) is separated into Classic LAN, LAN Fabric, Media Controller, and SAN Management categories

A) 5 sec
B) 5 msec
C) 5000 sec
D) 5 min

A)
B)
C)
D)
E)

A) Bearer ((Bearer Token)) Bearer ((Bearer Token))
B) HTTP Basic Auth
C) RestAuth: ((User's Auth Token)) RestAuth: ((User's Auth Token))
D) X-Cloupia-Request-Key: ((User's Auth Token)) X-Cloupia-Request-Key:

A) Lines 8 and 9 should have a line continuation \ at the end.
B) Line 13 should include "handle.commit()" . Line 13 should include "handle.commit()" .
C) Line 4 should include transport 443 option.
D) Line 3 should add an import for query_dn . Line 3 should add an import for query_dn

A) DCNM provides an XML-based SOAP API.
B) DCNM requires a license to use the API.
C) Some features of DCNM must be configured through the GUI.
D) All API operations can be performed using the DCNM GUI.
E) DCNM provides a REST-based API.

A)
B)
C)
D)

A) Get-UcsServer | Select-Object Dn
B) Get-UcsRack Systems | Select-Object Dn
C) Get-UcsBlade | Select-Object Dn
D) Get-UcsRackUnit | Select-Object Dn
E) Get-UcsSystems | Select-Object Dn

A) randomizes the data out of the network
B) continuously streams data out of the network
C) randomizes the data coming to the network
D) continuously pulls data out of the network

A) NETBOOT
B) NX-OS iPXE
C) iPXE-POAP
D) Mini-OS

A) to send an API request to the APIC
B) to learn or identify the sequence of API calls for a specific operation in the APIC GUI
C) to verify the XML structure of an object based on a specific operation in the APIC GUI
D) to launch an Ansible playbook

A) --print
B) --all
C) --brief
D) --print-all

A) fvTenant = NewTenant(name='Cisco')
B) tenant = Tenant(topMo. name='Cisco')
C) fvTenant = Tenant(topMo, name='Cisco')
D) fvTenant = Tenant('Cisco')

A) ACI CNI plug-in
B) Contiv CNI plug-in
C) Ingress CNI plug-in
D) Calico CNI plug-in

A) iPXE
B) PNP
C) POAP
D) BOOTP
E) DHCP

A) to four different destinations every 10000 microseconds
B) to four different destinations every 100 milliseconds
C) to four different destinations every 10 seconds
D) to four different destinations every 10000 seconds

A) SNMP uses a continuous stream model.
B) SNMP uses a push model.
C) SNMP uses a pull model.
D) Model-driven telemetry uses a pull model.
E) Model-driven telemetry uses a push model.

A) enable bash-shell
B) bash-shell enable
C) service bash-shell
D) feature bash-shell

A) The REST API request contains a base64-encoded signature of the message content and headers.
B) The REST API request message body is encoded as a SHA384 hash and then signed with the API Key ID.
C) The Cisco Intersight Web service verifies the signature of incoming request with the RSA public key for the API Key ID.
D) The incoming REST API request is challenged by the Cisco Intersight Web service with a request for the RSA private key.
E) The message body is encoded as a SHA256 hash if the message body is not empty and then signed with the API Key ID.

A)
B)
C)
D)

A) vlan
B) ucs_vlans
C) vlans
D) nxos_vlans

A) Each API Key can be assigned specific roles but not privileges.
B) Secret Key is only available at API Key creation time.
C) An API Key is composed of a Key ID and Secret Key.
D) The user credentials for the cisco.com accounts are shared with the Cisco Intersight Web Service.
E) An API Key is composed of a keyId and sessionCookie.

A) SHA256 hash of the message body and message headers.
B) SHA256 hash of the message body, including empty message bodies.
C) RSA private key with a key size of 2048.
D) RSA private key with a key size of 1024.
E) SHA384 hash of the message body, excluding empty message bodies.