Cisco

300-170 DCVAI Implementing Cisco Data Center Virtualization and Automation

Exam Number 300-170 DCVAI
Associated Certifications CCNP Data Center
Duration 90 minutes (60-70 questions)
Available Languages English

This exam tests a candidate’s knowledge of implementing data center infrastructure including virtualization, automation, Cisco Application Centric Infrastructure (ACI), ACI network resources, and, ACI management and monitoring.

Exam Description
The Implementing Cisco Data Center Virtualization and Automation (DCVAI) exam (300-170) is a 90-minute, 60–70 question assessment. This exam is one of the exams associated with the CCNP Data Center Certification. This exam tests a candidate’s knowledge of implementing Cisco data center infrastructure including virtualization, automation, Application Centric Infrastructure, Application Centric Infrastructure network resources, and Application Centric Infrastructure management and monitoring. The course, Implementing Cisco Data Center Virtualization and Automation v6 (DCVAI), helps candidates to prepare for this exam because the content is aligned with the exam topics.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Implement Infrastructure Virtualization 19%

1.1 Implement logical device separation

1.1.a VDC
1.1.b VRF

1.2 Implement virtual switching technologies

2.0 Implement Infrastructure Automation 16%

2.1 Implement configuration profiles

2.1.a Auto-config
2.1.b Port profiles
2.1.c Configuration synchronization

2.2 Implement POAP

2.3 Compare and contrast different scripting tools

2.3.a EEM
2.3.b Scheduler
2.3.c SDK

3.0 Implementing Application Centric Infrastructure 27%

3.1 Configure fabric discovery parameters

3.2 Implement access policies

3.2.a Policy groups
3.2.b Protocol policies
3.2.b [i[ LLDP, CDP, LCAP, and link-level
3.2.c AEP
3.2.d Domains
3.2.e Pools
3.2.f Profiles
3.2.f [i] Switch
3.2.f [ii] Interface

3.3 Implement VMM domain integrations

3.4 Implement tenant-based policies

3.4.a EPGs
3.4.a [i] Pathing
3.4.a [ii] Domains
3.4.b Contracts
3.4.b [i] Consumer
3.4.b [ii] Providers
3.4.b [iii] vzAny (TCAM conservation)
3.4.b [iv] Inter-tenant
3.4.c Private networks
3.4.c [i] Enforced/unenforced
3.4.d Bridge domains
3.4.d [i] Unknown unicast settings
3.4.d [ii] ARP settings
3.4.d [iii] Unicast routing

4.0 Implementing Application Centric Infrastructure Network Resources 25%

4.1 Implement external network integration

4.1.a External bridge network
4.1.b External routed network

4.2 Implement packet flow

4.2.a Unicast
4.2.b Multicast
4.2.c Broadcast
4.2.d Endpoint database

4.3 Describe service insertion and redirection

4.3.a Device packages
4.3.b Service graphs
4.3.c Function profiles

5.0 Implementing Application Centric Infrastructure Management and Monitoring 13%

5.1 Implement management

5.1.a In-band management
5.1.b Out-of-band management

5.2 Implement monitoring

5.2.a SNMP
5.2.b Atomic counters
5.2.c Health score evaluations

5.3 Implement security domains and role mapping

5.3.a AAA
5.3.b RBAC

5.4 Compare and contrast different scripting tools

5.4.a SDK
5.4.b API Inspector / XML

QUESTION 1
You have a Cisco Nexus 1000V Series Switch. When must you use the system VLAN?

A. to use VMware vMotion
B. to perform an ESXi iSCSI boot
C. to perform a VM iSCSI boot
D. to perform an ESXi NFS boot

Answer: A


QUESTION 2
Which option must be defined to apply a configuration across a potentially large number of switches in the most scalable way?

A. a configuration policy
B. a group policy
C. an interface policy
D. a switch profile

Answer: C


QUESTION 3
Which two options are benefits of using the configuration synchronization feature? (Choose two )

A. Supports the feature command
B. Supports existing session and port profile functionality
C. can be used by any Cisco Nexus switch
D. merges configurations when connectivity is established between peers O supports FCoE in vPC topologies

Answer: A,C

Click here to view complete Q&A of 300-170 exam
Certkingdom Review
, Certkingdom pdf torrent

MCTS Training, MCITP Trainnig

Best Cisco 300-170 Certification, Cisco 300-170 Training at certkingdom.com

300-175 DCUCI Implementing Cisco Data Center Unified Computing

Exam Number 300-175 DCUCI
Associated Certifications CCNP Data Center
Duration 90 minutes (60-70 questions)
Available Languages English
Register Pearson VUE

This exam tests a candidate’s knowledge of implementing data center technologies including unified computing, unified computing maintenance and operations, automation, unified computing security, and unified computing storage.

Exam Description
The Implementing Cisco Data Center Unified Computing (DCUCI) exam (300-175) is a 90-minute, 60–70 question assessment. This exam is one of the exams associated with the CCNP Datacenter Certification. This exam tests a candidate’s knowledge of implementing Cisco data center technologies including unified computing, unified computing maintenance and operations, automation, unified computing security, and unified computing storage. The course, Implementing Cisco Data Center Unified Computing v6 (DCUCI), helps candidates to prepare for this exam because the content is aligned with the exam topics.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Implement Cisco Unified Computing 28%

1.1 Install Cisco Unified Computing platforms
1.1.a Stand-alone computing
1.1.b Chassis / blade
1.1.c Modular / server cartridges
1.1.d Server integration

1.2 Implement server abstraction technologies
1.2.a Service profiles
1.2.a [i] Pools
1.2.a [ii] Policies
1.2.a [ii].1 Connectivity
1.2.a [ii].2 Placement policy
1.2.a [ii].3 Remote boot policies
1.2.a [iii] Templates
1.2.a [iii].1 Policy hierarchy
1.2.a [iii].2 Initial vs updating

2.0 Unified Computing Maintenance and Operations 20%

2.1 Implement firmware upgrades, packages, and interoperability

2.2 Implement backup operations

2.3 Implement monitoring

2.3.a Logging
2.3.b SNMP
2.3.c Call Home
2.3.d NetFlow
2.3.e Monitoring session

3.0 Automation 12%

3.1 Implement integration of centralized management

3.2 Compare and contrast different scripting tools

3.2.a SDK
3.2.b XML

4.0 Unified Computing Security 13%

4.1 Implement AAA and RBAC

4.2 Implement key management

5.0 Unified Computing Storage 27%

5.1 Implement iSCSI

5.1.a Multipath
5.1.b Addressing schemes

5.2 Implement Fibre Channel port channels

5.3 Implement Fibre Channel protocol services

5.3.a Zoning
5.3.b Device alias
5.3.c VSAN

5.4 Implement FCoE

5.4.a FIP
5.4.b FCoE topologies
5.4.c DCB

5.5 Implement boot from SAN

5.5.a FCoE / Fiber Channel
5.5.b iSCSI

QUESTION 3 – (Topic 1)
Which two statements are true concerning authorization when using RBAC in a Cisco Unified Computing System? (Choose two.)

A. A locale without any organizations, allows unrestricted access to system resources in all organizations.
B. When a user has both local and remote accounts, the roles defined in the remote user account override those in the local user account.
C. A role contains a set of privileges which define the operations that a user is allowed to take.
D. Customized roles can be configured on and downloaded from remote AAA servers.
E. The logical resources, pools and policies, are grouped into roles.

Answer: C,E

QUESTION 4 – (Topic 1)
Which actions must be taken in order to connect a NetApp FCoE storage system to a Cisco UCS system?

A. Ensure that the Fibre Channel switching mode is set to Switching, and use the Fibre Channel ports on the Fabric Interconnects.
B. Ensure that the Fibre Channel switching mode is set to Switching, and reconfigure the port to a FCoE Storage port.
C. Ensure that the Fibre Channel switching mode is set to End-Host, and use the Ethernet ports on the Fabric interconnects.
D. Ensure that the Fibre Channel switching mode is set to Switching, and use the Ethernet ports on the Fabric Interconnects.

Answer: A

QUESTION 5 – (Topic 1)
Which two protocols are accepted by the Cisco UCS Manager XML API? (Choose two.)

A. SMASH
B. HTTPS
C. HTTP
D. XMTP
E. SNMP

Answer: A,E

QUESTION 6 – (Topic 1)
An Cisco UCS Administrator is planning to complete a firmware upgrade using Auto install. Which two options are prerequisites to run Auto Install? (Choose two.)

A. minor fault fixing
B. configuration backup
C. service profiles unmounted from the blade servers
D. time synchronization
E. fault suppression started on the blade servers

Answer: A,B

QUESTION 7 – (Topic 1)
Which two prerequisites are required to configure a SAN boot from the FCoE storage of a Cisco UCS system? (Choose two.)

A. The Cisco UCS domain must be able to communicate with the SAN storage device that hosts the operating system image.
B. A boot policy must be created that contains a local disk, and the LVM must be configured correctly.
C. There must be iVR-enabled FCoE proxying between the Cisco UCS domain and the SAN storage device that hosts the operating system image.
D. There must be a boot target LUN on the device where the operating system image is
located.
E. There must be a boot target RAID on the device where the operating system image is located.

Answer: C,D

Click here to view complete Q&A of 300-175 exam
Certkingdom Review
, Certkingdom pdf torrent

MCTS Training, MCITP Trainnig

Best Cisco 300-175 Certification, Cisco 300-175 Training at certkingdom.com

 

200-150 DCICN Introducing Cisco Data Center Networking

Exam Number 200-150 DCICN
Associated Certifications CCNA Data Center
Duration 90 minutes (55 – 65 questions)
Available Languages English

This exam tests a candidate’s knowledge of data center physical infrastructure, data center networking concepts, and data center storage networking. The course, Introducing Cisco Data Center Networking v6 (DCICN), will help candidates prepare for this exam, as the content is aligned with the exam topics.

Exam Description
The Introducing Cisco Data Center Networking (DCICN) exam (200-150) is a 90-minute, 55–65 question assessment. This exam is one of the exams associated with the CCNA Data Center Certification. This exam tests a candidate’s knowledge of data center physical infrastructure, data center networking concepts, and data center storage networking. The course, Introducing Cisco Data Center Networking v6 (DCICN), will help candidates prepare for this exam, as the content is aligned with the exam topics.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Data Center Physical Infrastructure 15%
1.1 Describe different types of cabling, uses, and limitations
1.2 Describe different types of transceivers, uses, and limitations
1.3 Identify physical components of a server and perform basic troubleshooting
1.4 Identify physical port roles
1.5 Describe power redundancy modes

2.0 Basic Data Center Networking Concepts 23%
2.1 Compare and contrast the OSI and the TCP/IP models

2.2 Describe classic Ethernet fundamentals
2.2.a Forward
2.2.b Filter
2.2.c Flood
2.2.d MAC address table

2.3 Describe switching concepts and perform basic configuration

2.3.a STP
2.3.b 802.1q
2.3.c Port channels
2.3.d Neighbor discovery
2.3.d [i] CDP
2.3.d [ii] LLDP
2.3.e Storm control

3.0 Advanced Data Center Networking Concepts 23%

3.1 Basic routing operations

3.1.a Explain and demonstrate IPv4/IPv6 addressing
3.1.b Compare and contrast static and dynamic routing
3.1.c Perform basic configuration of SVI/routed interfaces

3.2 Compare and contrast the First Hop Redundancy Protocols
3.2.a VRRP
3.2.b GLBP
3.2.c HSRP

3.3 Compare and contrast common data center network architectures
3.3.a 2 Tier
3.3.b 3 Tier
3.3.c Spine-leaf

3.4 Describe the use of access control lists to perform basic traffic filtering

3.5 Describe the basic concepts and components of authentication, authorization, and accounting

4.0 Basic Data Center Storage 19%

4.1 Differentiate between file and block based storage protocols

4.2 Describe the roles of FC/FCoE port types

4.3 Describe the purpose of a VSAN

4.4 Describe the addressing model of block based storage protocols
4.4.a FC
4.4.b iSCSI

5.0 Advanced Data Center Storage 20%

5.1 Describe FCoE concepts and operations

5.1.a Encapsulation
5.1.b DCB
5.1.c vFC
5.1.d Topologies
5.1.d [i] Single hop
5.1.d [ii] Multihop
5.1.d [iii] Dynamic

5.2 Describe Node Port Virtualization

5.3 Describe zone types and their uses

5.4 Verify the communication between the initiator and target
5.4.a FLOGI
5.4.b FCNS
5.4.c active zone set

QUESTION: No: 1
Which two options describe Junctions of the data center aggregation layer? (Choose two)

A. services layer
B. high-speed packet switching O repeater
C. access control
D. QoS marking

Answer: AC


QUESTION: No: 2
Which two options are valid VTP commands? {Choose two)

A. feature vtp
B. vtp client mode
C. vtp VLAN
D. vtp version
E. vtp static

Answer: A,D


QUESTION: No: 3
Which two features must be licensed on a Cisco Nexus 7000 Switch? (Choose two)

A. Virtual Port Channel
B. Layer 3
C. Virtual Device Contexts
D. iSCSI
E. Fibre Channel

Answer: BC


QUESTION: No: 4
Which two options are multicast addresses? (Choose two.)

A. FD00::2
B. 192.168.2.2
C. FF05::2
D. 226.10.10.10
E. 240.1.0.1

Answer: CE


QUESTION: No: 5
What is the minimum number of fabric modules that should be installed in the Cisco Ne*js 7000 chassis for N 1 redundancy using Ml-Series line card?

A. 3
B. 4
C. 5
D. 6

Answer: A

Click here to view complete Q&A of 200-150 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 200-150 Certification, Cisco 200-150 Training at certkingdom.com

200-125 CCNA Cisco Certified Network Associate Exam

Exam Number 200-125 CCNA
Associated Certifications CCNA Routing and Switching
Duration 90 Minutes (50-60 questions)
Available Languages English, Japanese

This exam tests a candidate’s knowledge and skills related to network fundamentals, LAN switching technologies, IPv4 and IPv6 routing technologies, WAN technologies, infrastructure services, infrastructure security, and infrastructure management.

The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50–60 question assessment that is associated with the CCNA Routing and Switching certification. This exam tests a candidate’s knowledge and skills related to network fundamentals, LAN switching technologies, IPv4 and IPv6 routing technologies, WAN technologies, infrastructure services, infrastructure security, and infrastructure management.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Subscribe to Cisco Learning Network Premium and access the most comprehensive e-learning training, resources and tools you’ll need to prepare for your CCENT, CCNA and CCNP Routing and Switching certifications.

1.0 Network Fundamentals 15%

1.1 Compare and contrast OSI and TCP/IP models

1.2 Compare and contrast TCP and UDP protocols

1.3 Describe the impact of infrastructure components in an enterprise network

1.3.a Firewalls
1.3.b Access points
1.3.c Wireless controllers

1.4 Describe the effects of cloud resources on enterprise network architecture

1.4.a Traffic path to internal and external cloud services
1.4.b Virtual services
1.4.c Basic virtual network infrastructure

1.5 Compare and contrast collapsed core and three-tier architectures

1.6 Compare and contrast network topologies

1.6.a Star
1.6.b Mesh
1.6.c Hybrid

1.7 Select the appropriate cabling type based on implementation requirements

1.8 Apply troubleshooting methodologies to resolve problems

1.8.a Perform and document fault isolation
1.8.b Resolve or escalate
1.8.c Verify and monitor resolution

1.9 Configure, verify, and troubleshoot IPv4 addressing and subnetting

1.10 Compare and contrast IPv4 address types

1.10.a Unicast
1.10.b Broadcast
1.10.c Multicast

1.11 Describe the need for private IPv4 addressing

1.12 Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environment

1.13 Configure, verify, and troubleshoot IPv6 addressing

1.14 Configure and verify IPv6 Stateless Address Auto Configuration

1.15 Compare and contrast IPv6 address types

1.15.a Global unicast
1.15.b Unique local
1.15.c Link local
1.15.d Multicast
1.15.e Modified EUI 64
1.15.f Autoconfiguration
1.15.g Anycast

2.0 LAN Switching Technologies 21%

2.1 Describe and verify switching concepts

2.1.a MAC learning and aging
2.1.b Frame switching
2.1.c Frame flooding
2.1.d MAC address table

2.2 Interpret Ethernet frame format

2.3 Troubleshoot interface and cable issues (collisions, errors, duplex, speed)

2.4 Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

2.4.a Access ports (data and voice)
2.4.b Default VLAN

2.5 Configure, verify, and troubleshoot interswitch connectivity

2.5.a Trunk ports
2.5.b Add and remove VLANs on a trunk
2.5.c DTP, VTP (v1&v2), and 802.1Q
2.5.d Native VLAN

2.6 Configure, verify, and troubleshoot STP protocols

2.6.a STP mode (PVST+ and RPVST+)
2.6.b STP root bridge selection

2.7 Configure, verify and troubleshoot STP related optional features

2.7.a PortFast
2.7.b BPDU guard

2.8 Configure and verify Layer 2 protocols

2.8.a Cisco Discovery Protocol
2.8.b LLDP

2.9 Configure, verify, and troubleshoot (Layer 2/Layer 3) EtherChannel

2.9.a Static
2.9.b PAGP
2.9.c LACP

2.10 Describe the benefits of switch stacking and chassis aggregation

3.0 Routing Technologies 23%

3.1 Describe the routing concepts

3.1.a Packet handling along the path through a network
3.1.b Forwarding decision based on route lookup
3.1.c Frame rewrite

3.2 Interpret the components of a routing table

3.2.a Prefix
3.2.b Network mask
3.2.c Next hop
3.2.d Routing protocol code
3.2.e Administrative distance
3.2.f Metric
3.2.g Gateway of last resort

3.3 Describe how a routing table is populated by different routing information sources

3.3.a Admin distance

3.4 Configure, verify, and troubleshoot inter-VLAN routing

3.4.a Router on a stick
3.4.b SVI

3.5 Compare and contrast static routing and dynamic routing

3.6 Compare and contrast distance vector and link state routing protocols

3.7 Compare and contrast interior and exterior routing protocols

3.8 Configure, verify, and troubleshoot IPv4 and IPv6 static routing

3.8.a Default route
3.8.b Network route
3.8.c Host route
3.8.d Floating static

3.9 Configure, verify, and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

3.10 Configure, verify, and troubleshoot single area and multi-area OSPFv3 for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

3.11 Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)

3.12 Configure, verify, and troubleshoot EIGRP for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub)

3.13 Configure, verify, and troubleshoot RIPv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution)

3.14 Troubleshoot basic Layer 3 end-to-end connectivity issues

4.0 WAN Technologies 10%

4.1 Configure and verify PPP and MLPPP on WAN interfaces using local authentication

4.2 Configure, verify, and troubleshoot PPPoE client-side interfaces using local authentication

4.3 Configure, verify, and troubleshoot GRE tunnel connectivity

4.4 Describe WAN topology options

4.4.a Point-to-point
4.4.b Hub and spoke
4.4.c Full mesh
4.4.d Single vs dual-homed

4.5 Describe WAN access connectivity options

4.5.a MPLS
4.5.b Metro Ethernet
4.5.c Broadband PPPoE
4.5.d Internet VPN (DMVPN, site-to-site VPN, client VPN)

4.6 Configure and verify single-homed branch connectivity using eBGP IPv4 (limited to peering and route advertisement using Network command only)

4.7 Describe basic QoS concepts

4.7.a Marking
4.7.b Device trust
4.7.c Prioritization
4.7.c. [i] Voice
4.7.c. [ii] Video
4.7.c. [iii] Data
4.7.d Shaping
4.7.e Policing
4.7.f Congestion management

5.0 Infrastructure Services 10%

5.1 Describe DNS lookup operation

5.2 Troubleshoot client connectivity issues involving DNS

5.3 Configure and verify DHCP on a router (excluding static reservations)

5.3.a Server
5.3.b Relay
5.3.c Client
5.3.d TFTP, DNS, and gateway options

5.4 Troubleshoot client- and router-based DHCP connectivity issues

5.5 Configure, verify, and troubleshoot basic HSRP

5.5.a Priority
5.5.b Preemption
5.5.c Version

5.6 Configure, verify, and troubleshoot inside source NAT

5.6.a Static
5.6.b Pool
5.6.c PAT

5.7 Configure and verify NTP operating in a client/server mode

6.0 Infrastructure Security 11%

6.1 Configure, verify, and troubleshoot port security

6.1.a Static
6.1.b Dynamic
6.1.c Sticky
6.1.d Max MAC addresses
6.1.e Violation actions
6.1.f Err-disable recovery

6.2 Describe common access layer threat mitigation techniques

6.2.a 802.1x
6.2.b DHCP snooping
6.2.c Nondefault native VLAN

6.3 Configure, verify, and troubleshoot IPv4 and IPv6 access list for traffic filtering

6.3.a Standard
6.3.b Extended
6.3.c Named

6.4 Verify ACLs using the APIC-EM Path Trace ACL analysis tool

6.5 Configure, verify, and troubleshoot basic device hardening

6.5.a Local authentication
6.5.b Secure password
6.5.c Access to device
6.5.c. [i] Source address
6.5.c. [ii] Telnet/SSH
6.5.d Login banner

6.6 Describe device security using AAA with TACACS+ and RADIUS

7.0 Infrastructure Management 10%

7.1 Configure and verify device-monitoring protocols

7.1.a SNMPv2
7.1.b SNMPv3
7.1.c Syslog

7.2 Troubleshoot network connectivity issues using ICMP echo-based IP SLA

7.3 Configure and verify device management

7.3.a Backup and restore device configuration
7.3.b Using Cisco Discovery Protocol or LLDP for device discovery
7.3.c Licensing
7.3.d Logging
7.3.e Timezone
7.3.f Loopback

7.4 Configure and verify initial device configuration

7.5 Perform device maintenance

7.5.a Cisco IOS upgrades and recovery (SCP, FTP, TFTP, and MD5 verify)
7.5.b Password recovery and configuration register
7.5.c File system management

7.6 Use Cisco IOS tools to troubleshoot and resolve problems

7.6.a Ping and traceroute with extended option
7.6.b Terminal monitor
7.6.c Log events
7.6.d Local SPAN

7.7 Describe network programmability in enterprise network architecture

7.7.a Function of a controller
7.7.b Separation of control plane and data plane
7.7.c Northbound and southbound APIs
QUESTION: No: 1
Which layer in the OSI reference model is responsible for determining the availability of the receMng
program and checking to see if enough resources exist for that communication?

A. transport
B. network
C. presentation
D. session
E. application

Answer: E


QUESTION: No: 2
Which of the following describes the roles of devices in a WAN? (Choose three.)

A. A CSU/DSU terminates a digital local loop.
B. A modem terminates a digital local loop.
C. A CSU/DSU terminates an analog local loop.
D. A modem terminates an analog local loop.
E. A router is commonly considered a DTE device.
F. A router is commonly considered a DCE device.

Answer: A, D, E


QUESTION: No: 3
A network interface port has collision detection and carrier sensing enabled on a shared twisted pair
network. From this statement, what is known about the network interface port?

A. This is a 10 Mb/s switch port.
B. This is a 100 Mb/s switch port.
C. This is an Ethernet port operating at half duplex.
D. This is an Ethernet port operating at full duplex.
E. This is a port on a network interface card in a PC.

Answer: C


QUESTION: No: 4
A receMng host computes the checksum on a frame and determines that the frame is damaged. The
frame is then discarded. At which OSI layer did this happen?

A. session
B. transport
C. network
D. data link
E. physical

Answer: D


QUESTION: No: 5
Which of the following correctly describe steps in the OSI data encapsulation process? (Choose two.)

A. The transport layer dMdes a data stream into segments and may add reliability and flow control
information.
B. The data link layer adds physical source and destination addresses and an FCS to the segment.
C. Packets are created when the network layer encapsulates a frame with source and destination host
addresses and protocol-related control information.
D. Packets are created when the network layer adds Layer 3 addresses and control information to a
segment.
E. The presentation layer translates bits into voltages for transmission across the physical link.

Answer: A, D

Click here to view complete Q&A of 200-125 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 200-125 Certification, Cisco 200-125 Training at certkingdom.com

400-251 CCIE Security

Exam Number 400-251 CCIE Security
Associated Certifications CCIE Security
Duration 120 minutes (90 – 110 questions)
Available Languages English

The written exam validates experts who have the knowledge and skills to architect, engineer, implement, troubleshoot, and support the full suite of Cisco security technologies and solutions using the latest industry best practices to secure systems and environments against modern security risks, threats, vulnerabilities, and requirements.

Topics include network functionality and security-related concepts and best practices, as well as Cisco network security products, solutions, and technologies in areas such as next generation intrusion prevention, next generation firewalls, identity services, policy management, device hardening, and malware protection.

The written exam utilizes the unified exam topics which includes emerging technologies, such as Cloud, Network Programmability (SDN), and Internet of Things (IoT).

The CCIE Security Version 5.0 exam unifies written and lab exam topics documents into a unique curriculum, while explicitly disclosing which domains pertain to which exam, and the relative weight of each domain.

The Cisco CCIE Security Written Exam (400-251) version 5.0 is a two-hour test with 90–110 questions that validate professionals who have the expertise to describe, design, implement, operate, and troubleshoot complex security technologies and solutions. Candidates must understand the requirements of network security, how different components interoperate, and translate it into the device configurations. The exam is closed book and no outside reference materials are allowed.

The Cisco CCIE Security Lab Exam version 5.0 is an eight-hour, hands-on exam that requires a candidate to plan, design, implement, operate, and troubleshoot complex security scenarios for a given specification. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE lab exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Perimeter Security and Intrusion Prevention 21%

1.1 Describe, implement, and troubleshoot HA features on Cisco ASA and Cisco FirePOWER Threat Defense (FTD)

1.2 Describe, implement, and troubleshoot clustering on Cisco ASA and Cisco FTD

1.3 Describe, implement, troubleshoot, and secure routing protocols on Cisco ASA and Cisco FTD

1.4 Describe, implement, and troubleshoot different deployment modes such as routed, transparent, single, and multicontext on Cisco ASA and Cisco FTD

1.5 Describe, implement, and troubleshoot firewall features such as NAT (v4,v6), PAT, application inspection, traffic zones, policy-based routing, traffic redirection to service modules, and identity firewall on Cisco ASA and Cisco FTD

1.6 Describe, implement, and troubleshoot IOS security features such as Zone-Based Firewall (ZBF), application layer inspection, NAT (v4,v6), PAT and TCP intercept on Cisco IOS/IOS-XE

1.7 Describe, implement, optimize, and troubleshoot policies and rules for traffic control on Cisco ASA, Cisco FirePOWER and Cisco FTD

1.8 Describe, implement, and troubleshoot Cisco Firepower Management Center (FMC) features such as alerting, logging, and reporting

1.9 Describe, implement, and troubleshoot correlation and remediation rules on Cisco FMC

1.10 Describe, implement, and troubleshoot Cisco FirePOWER and Cisco FTD deployment such as in-line, passive, and TAP modes

1.11 Describe, implement, and troubleshoot Next Generation Firewall (NGFW) features such as SSL inspection, user identity, geolocation, and AVC (Firepower appliance)

1.12 Describe, detect, and mitigate common types of attacks such as DoS/DDoS, evasion techniques, spoofing, man-in-the-middle, and botnet

2.0 Advanced Threat Protection and Content Security 17%

2.1 Compare and contrast different AMP solutions including public and private cloud deployment models

2.2 Describe, implement, and troubleshoot AMP for networks, AMP for endpoints, and AMP for content security (CWS, ESA, and WSA)

2.3 Detect, analyze, and mitigate malware incidents

2.4 Describe the benefit of threat intelligence provided by AMP Threat GRID

2.5 Perform packet capture and analysis using Wireshark, tcpdump, SPAN, and RSPAN

2.6 Describe, implement, and troubleshoot web filtering, user identification, and Application Visibility and Control (AVC)

2.7 Describe, implement, and troubleshoot mail policies, DLP, email quarantines, and SenderBase on ESA

2.8 Describe, implement, and troubleshoot SMTP authentication such as SPF and DKIM on ESA

2.9 Describe, implement, and troubleshoot SMTP encryption on ESA

2.10 Compare and contrast different LDAP query types on ESA

2.11 Describe, implement, and troubleshoot WCCP redirection

2.12 Compare and contrast different proxy methods such as SOCKS, Auto proxy/WPAD, and transparent

2.13 Describe, implement, and troubleshoot HTTPS decryption and DLP

2.14 Describe, implement, and troubleshoot CWS connectors on Cisco IOS routers, Cisco ASA, Cisco AnyConnect, and WSA

2.15 Describe the security benefits of leveraging the OpenDNS solution.

2.16 Describe, implement, and troubleshoot SMA for centralized content security management

2.17 Describe the security benefits of leveraging Lancope

3.0 Secure Connectivity and Segmentation 17%

3.1 Compare and contrast cryptographic and hash algorithms such as AES, DES, 3DES, ECC, SHA, and MD5

3.2 Compare and contrast security protocols such as ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, and MKA

3.3 Describe, implementc and troubleshoot remote access VPN using technologies such as FLEXVPN, SSL-VPN between Cisco firewalls, routers, and end hosts

3.4 Describe, implement, and troubleshoot the Cisco IOS CA for VPN authentication

3.5 Describe, implement, and troubleshoot clientless SSL VPN technologies with DAP and smart tunnels on Cisco ASA and Cisco FTD

3.6 Describe, implement, and troubleshoot site-to-site VPNs such as GETVPN, DMVPN and IPsec

3.7 Describe, implement, and troubleshoot uplink and downlink MACsec (802.1AE)

3.8 Describe, implement, and troubleshoot VPN high availability using Cisco ASA VPN clustering and dual-hub DMVPN deployments

3.9 Describe the functions and security implications of cryptographic protocols such as AES, DES, 3DES, ECC, SHA, MD5, ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, MKA, RSA, SCEP/EST, GDOI, X.509, WPA, WPA2, WEP, and TKIP

3.10 Describe the security benefits of network segmentation and isolation

3.11 Describe, implement, and troubleshoot VRF-Lite and VRF-Aware VPN

3.12 Describe, implement, and troubleshoot microsegmentation with TrustSec using SGT and SXP

3.13 Describe, implement, and troubleshoot infrastructure segmentation methods such as VLAN, PVLAN, and GRE

3.14 Describe the functionality of Cisco VSG used to secure virtual environments

3.15 Describe the security benefits of data center segmentation using ACI, EVPN, VXLAN, and NVGRE

4.0 Identity Management, Information Exchange, and Access Control 22%

4.1 Describe, implement, and troubleshoot various personas of ISE in a multinode deployment

4.2 Describe, implement, and troubleshoot network access device (NAD), ISE, and ACS configuration for AAA

4.3 Describe, implement, and troubleshoot AAA for administrative access to Cisco network devices using ISE and ACS

4.4 Describe, implement, verify, and troubleshoot AAA for network access with 802.1X and MAB using ISE.

4.5 Describe, implement, verify, and troubleshoot cut-through proxy/auth-proxy using ISE as the AAA server

4.6 Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network infrastructure

4.7 Describe, implement, verify, and troubleshoot BYOD on-boarding and network access flows with an internal or external CA

4.8 Describe, implement, verify, and troubleshoot ISE and ACS integration with external identity sources such as LDAP, AD, and external RADIUS

4.9 Describe ISE and ACS integration with external identity sources such as RADIUS Token, RSA SecurID, and SAML

4.10 Describe, implement, verify, and troubleshoot provisioning of AnyConnect with ISE and ASA

4.11 Describe, implement, verify, and troubleshoot posture assessment with ISE

4.12 Describe, implement, verify, and troubleshoot endpoint profiling using ISE and Cisco network infrastructure including device sensor

4.13 Describe, implement, verify, and troubleshoot integration of MDM with ISE

4.14 Describe, implement, verify, and troubleshoot certificate based authentication using ISE

4.15 Describe, implement, verify, and troubleshoot authentication methods such as EAP Chaining and Machine Access Restriction (MAR)

4.16 Describe the functions and security implications of AAA protocols such as RADIUS, TACACS+, LDAP/LDAPS, EAP (EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST, EAP-TEAP, EAP- MD5, EAP-GTC), PAP, CHAP, and MS-CHAPv2

4.17 Describe, implement, and troubleshoot identity mapping on ASA, ISE, WSA and FirePOWER

4.18 Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC

5.0 Infrastructure Security, Virtualization, and Automation 13%

5.1 Identify common attacks such as Smurf, VLAN hopping, and SYNful knock, and their mitigation techniques

5.2 Describe, implement, and troubleshoot device hardening techniques and control plane protection methods, such as CoPP and IP Source routing.

5.3 Describe, implement, and troubleshoot management plane protection techniques such as CPU and memory thresholding and securing device access

5.4 Describe, implement, and troubleshoot data plane protection techniques such as iACLs, uRPF, QoS, and RTBH

5.5 Describe, implement, and troubleshoot IPv4/v6 routing protocols security

5.6 Describe, implement, and troubleshoot Layer 2 security techniques such as DAI, IPDT, STP security, port security, DHCP snooping, and VACL

5.7 Describe, implement, and troubleshoot wireless security technologies such as WPA, WPA2, TKIP, and AES

5.8 Describe wireless security concepts such as FLEX Connect, wIPS, ANCHOR, Rogue AP, and Management Frame Protection (MFP)

5.9 Describe, implement, and troubleshoot monitoring protocols such as NETFLOW/IPFIX, SNMP, SYSLOG, RMON, NSEL, and eSTREAMER

5.10 Describe the functions and security implications of application protocols such as SSH, TELNET, TFTP, HTTP/HTTPS, SCP, SFTP/FTP, PGP, DNS/DNSSEC, NTP, and DHCP

5.11 Describe the functions and security implications of network protocols such as VTP, 802.1Q, TCP/UDP, CDP, LACP/PAgP, BGP, EIGRP, OSPF/OSPFv3, RIP/RIPng, IGMP/CGMP, PIM, IPv6, and WCCP

5.12 Describe the benefits of virtualizing security functions in the data center using ASAv, WSAv, ESAv, and NGIPSv

5.13 Describe the security principles of ACI such as object models, endpoint groups, policy enforcement, application network profiles, and contracts

5.14 Describe the northbound and southbound APIs of SDN controllers such as APIC-EM

5.15 Identify and implement security features to comply with organizational security policies, procedures, and standards such as BCP 38, ISO 27001, RFC 2827, and PCI-DSS

5.16 Describe and identify key threats to different places in the network (campus, data center, core, edge) as described in Cisco SAFE

5.17 Validate network security design for adherence to Cisco SAFE recommended practices

5.18 Interpret basic scripts that can retrieve and send data using RESTful API calls in scripting languages such as Python

5.19 Describe Cisco Digital Network Architecture (DNA) principles and components.

6.0 Evolving Technologies 10%

6.1 Cloud

6.1.a Compare and contrast Cloud deployment models
6.1.a [i] Infrastructure, platform, and software services (XaaS)
6.1.a [ii] Performance and reliability
6.1.a [iii] Security and privacy
6.1.a [iv] Scalability and interoperability
6.1.b Describe Cloud implementations and operations
6.1.b [i] Automation and orchestration
6.1.b [ii] Workload mobility
6.1.b [iii] Troubleshooting and management
6.1.b [iv] OpenStack components

6.2 Network Programmability (SDN)

6.2.a Describe functional elements of network programmability (SDN) and how they interact
6.2.a [i] Controllers
6.2.a [ii] APIs
6.2.a [iii] Scripting
6.2.a [iv] Agents
6.2.a [v] Northbound vs. Southbound protocols
6.2.b Describe aspects of virtualization and automation in network environments
6.2.b [i] DevOps methodologies, tools and workflows
6.2.b [ii] Network/application function virtualization (NFV, AFV)
6.2.b [iii] Service function chaining
6.2.b [iv] Performance, availability, and scaling considerations

6.3 Internet of Things (IoT)

6.3.a Describe architectural framework and deployment considerations for Internet of Things
6.3.a [i] Performance, reliability and scalability
6.3.a [ii] Mobility
6.3.a [iii] Security and privacy
6.3.a [iv] Standards and compliance
6.3.a [v] Migration
6.3.a [vi] Environmental impacts on the network

QUESTION: No: 2
According IS027001 ISIVIS, which of the following are mandatory documents? (Choose 4)

A. ISNIS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets

Answer: A, B, C, D


QUESTION: No: 3
Which two statements describe the Cisco TrustSec system correctly? (Choose two.)

A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as
extensions to the secure infrastructure.
B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages
enforcement intelligence in the network infrastructure.
D. The Cisco TrustSec system tests and certifies all products and product versions that make up the
system as working together in a validated manner.

Answer: C, D


QUESTION: No: 4
Which three attributes may be configured as part of the Common Tasks panel of an authorization profile in
the Cisco ISE solution? (Choose three.)

A. VLAN
B. voice VLAN
C. dACL name
D. voice domain permission
E. SGT

Answer: A, C, D


QUESTION: No: 5
Which three statements about Cisco Flexible NetFIow are true? (Choose three.)

A. The packet information used to create flows is not configurable by the user.
B. It supports IPv4 and IPv6 packet fields.
C. It tracks all fields of an IPv4 header as well as sections of the data payload.
D. It uses two types of flow cache, normal and permanent.
E. It can be a useful tool in monitoring the network for attacks.

Answer: B, C, E


QUESTION: No: 6
Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)

A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAO.
B. It defines a wide variety of authorization actions, including “reauthenticate.”
C. It defines the format for a Change of Authorization packet.
D. It defines a DIVI.
E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.

Answer: A, C, D

Click here to view complete Q&A of 400-251 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 400-251 Certification, Cisco 400-251 Training at certkingdom.com

700-260 Advanced Security Architecture for Account Manager


QUESTION: No: 1
Increased employee productivity, confidence in data confidentiality, and increased visibility are features
that demonstrate which Cisco business value?

A. Cost effectiveness
B. Protection
C. Control
D. Flexibility
E. Completeness

Answer: C


QUESTION: No: 2
Which licensing feature enables customers to better manage their software assets and optimize their IT
spending?

A. Cisco ONE
B. Smart Accounts
C. Enterprise License Agreements
D. License Bundling

Answer: B


QUESTION: No: 3
Which Cisco network security solution helps protect against threats by monitoring and responding to any
network anomalies, continually analyzing for potential threats and reacting to them in real time?

A. Cisco Security Manager
B. Cisco ASA Firewall Senrices
C. Cisco ASA Next-Generation Firewall Services
D. Cisco Next-Generation Intrusion Prevention System
E. Cisco Web Security Appliance
F. Cisco Email Security Appliance
G. Cisco Identity Services Engine
H. Cisco Site-to-Site VPN

Answer: D


QUESTION: No: 4
Which Cisco security technology delivers the best real-time threat intelligence?

A. Cisco Security Intelligence Operations
B. Cisco ASA Next-Generation Firewall Services
C. Cisco Identity Senrices Engine
D. Cisco Security Manager
E. Cisco TrustSec

Answer: A

Click here to view complete Q&A of 700-260 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 700-260 Certification, Cisco 700-260 Training at certkingdom.com

350-018 CCIE Security

350-018 CCIE Security

CCIE Security
Exam Number 350-018 CCIE Security
Associated Certifications CCIE Security
Duration 120 minutes (90 – 110 questions)

Exam Description
The Cisco CCIE® Security Written Exam (350-018) version 4.0 is a 2-hour test with 90–110 questions. This exam tests the skills and competencies of security professionals in terms of describing, implementing, deploying, configuring, maintaining, and troubleshooting Cisco network security solutions and products, as well as current industry best practices and internetworking fundamentals.

Topics include networking fundamentals and security-related concepts and best practices, as well as Cisco network security products and solutions in areas such as VPNs, intrusion prevention, firewalls, identity services, policy management, and device hardening. Content includes both IPv4 and IPv6 concepts and solutions.

The exam is closed book, and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Infrastructure, Connectivity, Communications, and Network Security 20%
1.1 Network addressing basics
1.2 OSI layers
1.3 TCP/UDP/IP protocols
1.4 LAN switching (for example, VTP, VLANs, spanning tree, and trunking)
1.5 Routing protocols (for example, RIP, EIGRP, OSPF, and BGP)
1.5.a Basic functions and characteristics
1.5.b Security features
1.6 Tunneling protocols
1.6.a GRE
1.6.b NHRP
1.6.c IPv6 tunnel types
1.7 IP multicast
1.7.a PIM
1.7.b MSDP
1.7.c IGMP and CGMP
1.7.d Multicast Listener Discovery
1.8 Wireless
1.8.a SSID
1.8.b Authentication and authorization
1.8.c Rogue APs
1.8.d Session establishment
1.9 Authentication and authorization technologies
1.9.a Single sign-on
1.9.b OTPs
1.9.c LDAP and AD
1.9.d RBAC
1.10 VPNs
1.10.a L2 vs L3
1.10.b MPLS, VRFs, and tag switching
1.11 Mobile IP networks

2.0 Security Protocols 15%
2.1 RSA
2.2 RC4
2.3 MD5
2.4 SHA
2.5 DES
2.6 3DES
2.7 AES
2.8 IPsec
2.9 ISAKMP
2.10 IKE and IKEv2
2.11 GDOI
2.12 AH
2.13 ESP
2.14 CEP
2.15 TLS and DTLS
2.16 SSL
2.17 SSH
2.18 RADIUS
2.19 TACACS+
2.20 LDAP
2.21 EAP methods (for example, EAP-MD5, EAP-TLS, EAP-TTLS, EAP-FAST, PEAP, and LEAP)
2.22 PKI, PKIX, and PKCS
2.23 IEEE 802.1X
2.24 WEP, WPA, and WPA2
2.25 WCCP
2.26 SXP
2.27 MACsec
2.28 DNSSEC

3.0 Application and Infrastructure Security 10%
3.1 HTTP
3.2 HTTPS
3.3 SMTP
3.4 DHCP
3.5 DNS
3.6 FTP and SFTP
3.7 TFTP
3.8 NTP
3.9 SNMP
3.10 syslog
3.11 Netlogon, NetBIOS, and SMB
3.12 RPCs
3.13 RDP and VNC
3.14 PCoIP
3.15 OWASP
3.16 Manage unnecessary services

4.0 Threats, Vulnerability Analysis, and Mitigation 10%
4.1 Recognize and mitigate common attacks
4.1.a ICMP attacks and PING floods
4.1.b MITM
4.1.c Replay
4.1.d Spoofing
4.1.e Backdoor
4.1.f Botnets
4.1.g Wireless attacks
4.1.h DoS and DDoS attacks
4.1.i Virus and worm outbreaks
4.1.j Header attacks
4.1.k Tunneling attacks
4.2 Software and OS exploits
4.3 Security and attack tools
4.4 Generic network intrusion prevention concepts
4.5 Packet filtering
4.6 Content filtering and packet inspection
4.7 Endpoint and posture assessment
4.8 QoS marking attacks

5.0 Cisco Security Products, Features, and Management 20%
5.1 Cisco Adaptive Security Appliance (ASA)
5.1.a Firewall functionality
5.1.b Routing and multicast capabilities
5.1.c Firewall modes
5.1.d NAT (before and after version 8.4)
5.1.e Object definition and ACLs
5.1.f MPF functionality (IPS, QoS, and application awareness)
5.1.g Context-aware firewall
5.1.h Identity-based services
5.1.i Failover options
5.2 Cisco IOS firewalls and NAT
5.2.a CBAC
5.2.b Zone-based firewall
5.2.c Port-to-application mapping
5.2.d Identity-based firewalling
5.3 Cisco Intrusion Prevention Systems (IPS)
5.4 Cisco IOS IPS
5.5 Cisco AAA protocols and application
5.5.a RADIUS
5.5.b TACACS+
5.5.c Device administration
5.5.d Network access
5.5.e IEEE 802.1X
5.5.f VSAs
5.6 Cisco Identity Services Engine (ISE)
5.7 Cisco Secure ACS Solution Engine
5.8 Cisco Network Admission Control (NAC) Appliance Server
5.9 Endpoint and client
5.9.a Cisco AnyConnect VPN Client
5.9.b Cisco VPN Client
5.9.c Cisco Secure Desktop
5.9.d Cisco NAC Agent
5.10 Secure access gateways (Cisco IOS router or ASA)
5.10.a IPsec
5.10.b SSL VPN
5.10.c PKI
5.11 Virtual security gateway
5.12 Cisco Catalyst 6500 Series ASA Services Modules
5.13 ScanSafe functionality and components
5.14 Cisco Web Security Appliance and Cisco Email Security Appliance
5.15 Security management
5.15.a Cisco Security Manager
5.15.b Cisco Adaptive Security Device Manager (ASDM)
5.15.c Cisco IPS Device Manager (IDM)
5.15.d Cisco IPS Manager Express (IME)
5.15.e Cisco Configuration Professional
5.15.f Cisco Prime

6.0 Cisco Security Technologies and Solutions 17%
6.1 Router hardening features (for example, CoPP, MPP, uRPF, and PBR)
6.2 Switch security features (for example, anti-spoofing, port, STP, MACSEC, NDAC, and NEAT)
6.3 NetFlow
6.4 Wireless security
6.5 Network segregation
6.5.a VRF-aware technologies
6.5.b VXLAN
6.6 VPN solutions
6.6.a FlexVPN
6.6.b DMVPN
6.6.c GET VPN
6.6.d Cisco EasyVPN
6.7 Content and packet filtering
6.8 QoS application for security
6.9 Load balancing and failover

7.0 Security Policies and Procedures, Best Practices, and Standards 8%
7.1 Security policy elements
7.2 Information security standards (for example, ISO/IEC 27001 and ISO/IEC 27002)
7.3 Standards bodies (for example, ISO, IEC, ITU, ISOC, IETF, IAB, IANA, and ICANN)
7.4 Industry best practices (for example, SOX and PCI DSS)
7.5 Common RFC and BCP (for example, RFC2827/BCP38, RFC3704/BCP84, and RFC5735)
7.6 Security audit and validation
7.7 Risk assessment
7.8 Change management process
7.9 Incident response framework
7.10 Computer security forensics
7.11 Desktop security risk assessment and desktop security risk management


 

Cisco CCNA Training, Cisco CCNA Certification

Best CCNA Training and CCIE Certification
and more Cisco 350-018 Exams log in to Certkingdom.com

 


QUESTION 1
In order to reassemble IP fragments into a complete IP datagram, which three IP header fields are
referenced by the receiver? (Choose three.)

A. don’t fragment flag
B. packet is fragmented flag
C. IP identification field
D. more fragment flag
E. number of fragments field
F. fragment offset field

Answer: C,D,F

Explanation:


QUESTION 2
Which VTP mode allows the Cisco Catalyst switch administrator to make changes to the VLAN
configuration that only affect the local switch and are not propagated to other switches in the VTP
domain?

A. transparent
B. server
C. client
D. local
E. pass-through

Answer: A

Explanation:


QUESTION 3
Which type of VPN is based on the concept of trusted group members using the GDOI key
management protocol?

A. DMVPN
B. SSLVPN
C. GETVPN
D. EzVPN
E. MPLS VPN
F. FlexVPN

Answer: C

Explanation:


QUESTION 4
Based on RFC 4890, what is the ICMP type and code that should never be dropped by the firewall
to allow PMTUD?

A. ICMPv6 Type 1 – Code 0 – no route to host
B. ICMPv6 Type 1 – Code 1 – communication with destination administratively prohibited
C. ICMPv6 Type 2 – Code 0 – packet too big
D. ICMPv6 Type 3 – Code 1 – fragment reassembly time exceeded
E. ICMPv6 Type 128 – Code 0 – echo request
F. ICMPv6 Type 129 – Code 0 – echo reply

Answer: C

Explanation:


QUESTION 5
A firewall rule that filters on the protocol field of an IP packet is acting on which layer of the OSI
reference model?

A. network layer
B. application layer
C. transport layer
D. session layer

Answer: A

Explanation:

Juniper targets key new switch directly at Cisco Nexus 6000

Based on Broadcom Trident II, QFX5100 will support dense 10/40G and Virtual Chassis for smaller fabric alternative to QFabric

Juniper Networks is expected to soon announce a new switch for top-of-rack applications that supports Broadcom’s Trident II silicon for dense 10/40G Ethernet capabilities and competes directly with Cisco’s Nexus 6000.

Juniper is expected to tout throughput, latency, power consumption and table entry benefits of the QFX5100 over the Nexus 6001, sources say.

Specifically, the QFX5100 switch is said by sources to include 48×1/10G + 6x40G, 96x10G + 8x40G, and 24x40G with two expansion slots for 4x40G module variations. QFX5100 is also said to have latency improvements over previous generation QFX switches, the QFX 3500 and 3600, which average sub-microsecond latencies.

[DATA CENTER DIRECTIONS: Juniper switching boss talks technology challenges, Cisco Nexus 6000]

Support for Broadcom’s new Trident II silicon, which many in the industry – including Cisco’s Insieme spin-in, Dell and Arista Networks – are building new switches on, means QFX5100 will be optimized for 10/40G and have inherent support for the VXLAN specification for VLAN scaling. Co-authored by Broadcom, VXLAN is intended to scale VLANs from 4,094 to 16 million to accommodate the exploding number of virtual machines in the virtualized data center.

Broadcom’s Trident II chip is designed to support up to 32 40G Ethernet ports and 100+ 10G ports. Ports on the QFX5100 can be configured and channelized to support up to 32x40G or 104x10G, source say.

And as expected, QFX5100 will support Virtual Chassis capabilities via Junos release 13.2X50. Up to 10 member switches can be configured into a Virtual Chassis and managed as a single switch, with increased fault tolerance and high-availability, and a flatter Layer 2 topology designed to minimize or eliminate the need for Spanning Tree and other protocols.

The capability may also allow users to configure smaller fabric “pods” without the need for a QFabric Interconnect device. Indeed, Virtual Chassis will also work on existing QFX 3500 and 3600 switches with the new Junos release but only if the switches are in standalone mode – not as nodes in a QFabric.

Sources say the Virtual Chassis capability will usher in a new Virtual Chassis Fabric (VCF) architecture from Juniper that allows a 20-node mix of QFX5100, 3500 and 3600s, and Juniper EX4300 switches to form a data center fabric without a QFabric Interconnect. As such, VCF is a fabric alternative to QFabric, they say.

The Virtual Chassis capability was expected. The pods VCF produces could be interconnected for scale with Juniper’s new EX9200 switch, Juniper Senior Vice President Jonathan Davidson said last spring.

The 48×1/10G QFX5100 will be available this quarter. The other variations will be available in the first quarter of 2014. Virtual Chassis will also be available in the first quarter of 2014.

VXLAN gateway and Cloudstack integration will be available later in 2014, sources say.

Juniper declined comment.


Cisco CCNA Training, Cisco CCNA Certification

Best CCNA Training and CCNA Certification and more Cisco exams log in to Certkingdom.com

Microsoft unified communications Lync system moves closer to proverbial PBX replacement option

New Microsoft Lync features, services mean the unified communications platform will draw more customers; parity with Cisco, Avaya targeted

Microsoft is talking about its upgraded Lync unified communications platform, revealing client support for more devices, server features for better meetings and collaboration as well as integration with the peer-to-peer voice and video service Skype.

While it is clearly a good UC choice for customers with needs that align with Lync’s strengths, it’s not yet a platform that can jump in readily to replace traditional PBXs in environments heavily reliant on traditional desktop phones, experts say.

MCTS Training, MCITP Trainnig
Best Microsoft MCTS Certification,
Microsoft MCITP Training at certkingdom.com

USE CASE: Microsoft delivers missing Lync for telemed project

Still, Lync is getting closer and its new features are bringing it into closer parity with UC leaders such as Cisco and Avaya, they say.

In touting upgrades to Lync 2013 – no release date has been set – Microsoft highlights its adoption of H.264 scalable video coding (SVC), a video codec standard that makes it relatively simple to display video on a range of devices, meaning Lync can support participants on screens ranging from smartphones to room displays, says BJ Haberkorn, director of product marketing, Microsoft Lync.

In addition, video displays by Lync clients has been upgraded to show up to five participants on screen at the same time, an improvement from having just the active talker on displayed. The view of those five is optimized depending on the number of participants and what other conference tools are being used.

Lync 2013 adds voice and video over IP for all devices, meaning that a device connected to a Wi-Fi network can participate in audio and video calls despite being disconnected from a traditional phone link. So users equipped with smartphones and tablets can conference over IP networks.

This is especially important to iPad users, he says, because the devices don’t support cellular phone networks. So they can join conferences, register presence and instant message other Lync participants.

The latest Lync client supports Windows 8 with a reworked interface that embraces touchscreens, which he refers to as the Windows 8 paradigm.

Peer-to-peer voice and video service Skype is federated with the upcoming Lync server. That means a corporate user working off a Lync enterprise network could provide and receive presence information with users of Skype. They could also establish audio calls with Skype users, but not video calls. Microsoft has that ranked as the next feature it will work on after the initial release of Lync 2013, Haberkorn says.

Last summer, Microsoft added Lync to Phone, a service that lets Lync users complete calls to and receive calls from the public phone network using the Lync Online Client. Such services are available only in the U.S. and U.K. through third-party public phone network providers.

Microsoft is pushing Lync to the application developers to include UC tie-ins to the applications they write. An app could include links to information about parties listed in the user’s address book and enable connecting with them directly from the application.

Microsoft has already done this with many of its productivity applications in Office where communications can be tapped via what is known as a rich content card that lists contacts’ name, email, phone, instant messaging and presence information. That can include information about others sharing documents via SharePoint in the SkyDrive cloud.

For example, OneNote is better integrated within Lync meetings for taking notes, and within Outlook it is simpler to send invitations to meetings.

When Lync is upgraded, it will have clients for PC desktops including Windows 8, Macs, iOS, Windows Phone and Android. That will support tablets – used mainly within organizations – as well as smartphones.

Lync’s look will be streamlined, cutting out the chrome that is now regarded as visual clutter, and making the overall look in step with what has been done to Office applications.

All this adds up to an improved Lync, but one that still isn’t for everybody, says Phil Edholm, president and principal at PKE Consulting.

The reason is that not all businesses have uniform communications needs. He divides workers into three groups: knowledge, information and services, Edholm says.

The knowledge workers, such as engineers or financial analysts, are the ones that need the wide array of features UC can provide such as conferencing, collaboration, instant messaging and presence to get their jobs done. They don’t rely on strict business processes as much as the other two categories of workers, but they need to communicate a lot with each other.
 

MCTS Training, MCITP Trainnig
Best Microsoft MCTS Certification,
Microsoft MCITP Training at certkingdom.com

 
They also need to communicate with information workers who do rely on business processes and who need sometimes to communicate with knowledge workers. An example: a contact center worker who uses set business processes to finalize sales but who occasionally needs to talk to a subject matter expert – a knowledge worker – to supply information to a customer before a sale can be closed, Edholm says.

Service workers, such as delivery truck drivers, use information to direct their tasks, but don’t need a UC infrastructure to do so.

“Lync is a toolset, and you need to decide who needs the tools,” Edholm says, and sometimes that means deploying it to a select group

For instance, a Scandinavian police organization client of Edholm’s had 30,000 workers only 3,000 of whom were knowledge workers. Those 3,000 needed unified communications, but most of the rest didn’t, leading the organization to install Lync for some but not all.

In a company with 90% knowledge workers and 10% information workers the situation would be different. It would make sense to install UC for everybody just to avoid multiple systems and their maintenance needs despite the fact that some of the workers would use just the phone capabilities.

In a typical mixed deployment such as the police organization, the legacy telephony system could tie into Lync. Those with just desktop phones could reach those with Lync and vice versa, but the desk phone users wouldn’t require new gear nor would they have to learn new ways of doing things, he says.

Lync becomes a challenge when it is deployed to people who only use its telephony features. “Lync is not structured to be a telephony-only system,” he says. “You can do it but it doesn’t lend itself to being easy to use and easy to install if it’s just telephony.”

That’s because while it may perform all the necessary functions, there may be different ways of carrying them out, which requires training.

For example, multiple line appearances where a phone can ring on an individual’s desk but also at the receptionist’s desk would be replaced functionally by presence, a different way of doing the same thing.

“The biggest resistance comes with going from traditional telephony to Lync,” Edholm says. “This is changing somewhat and will change even more with [the bring-your-own-device trend],” he says.

Edholm says he did a comparison of Lync vs. Cisco’s UC for collaboration, and he found that an important factor is what the UC system has to interface with.

If the organization considering UC has a Microsoft directory system, Microsoft business applications and Microsoft databases, as well as Microsoft personal productivity tools such as Office, it makes sense to use Lync. It was built with Office, SharePoint and Active Directory interoperability in mind, he says.

If an organization doesn’t use Microsoft email, calendaring and productivity apps, then adopting UC from Avaya, Cisco, Nortel or Siemens might make more sense, especially if the existing PBX is made by one of these vendors, he says. “It’s not the UC system alone, it’s the kind of workers you have and the other systems you use,” he says.

Lync itself seems to be moving away from controlling the traditional desktop phone in favor of a UC system that includes telephony run from a desktop PC and a server in the data center or the cloud, which has service providers showing interest in the platform.

BT, for example, is offering a new Lync-based cloud service called BT One Cloud Lync that provides Lync as a service with the infrastructure based in the BT network.

Similarly, West IP Communications offers a Lync service that supports Lync edge, mediation and federation servers in West IP data centers. The upside for customers, says Jeff Wellemeyer, executive vice president of West IP, is quality of service. If these components are located on customer premises for a widely distributed Lync deployment, it makes it more difficult to ensure quality of service to all branches.

Hosted Lync isn’t for all customers, though, particularly those whose media traffic is intended to stay within the LAN, minimizing WAN QoS as an issue, he says.

Wellemeyer says that customers tend to progress in their use of Lync features, perhaps starting with just instant messaging, adding presence, conferencing, collaboration and connecting to the public phone network with some softphone use.

Moving to Lync as a PBX replacement is considered a move for “someday,” he says. “We’re not seeing a lot of customers tearing out their PBXs and putting in a Microsoft infrastructure.”

They might use Lync supplemented by PBX technology. “They think Lync’s not there yet,” he says.

BEST ONLINE TRAINING OF MCITP, MCTS AND MORE CERTIFICATION AT CERTKINGDOM IN GREAT PACKAGES

Technology is advancing day by day in fact the new technology is no killing the old technology in reality it is advancing the previous versions, peoples are more and more easy and secure way to in technology usage, Microsoft is always been a very fast detector how to reshape the new technology is all software’s like Microsoft Office, Operating systems like windows XP to Windows 7, Internet Explorer 8 IE8, and more,

 

 

 

 

Cisco CCNA Training, Cisco CCNA Certification

Best Microsoft Free MCTS Certification Training,  Microsoft Free MCITP Certification Training at MCTS-MCITP.com

 

 

 

Most of the bricks organizations are now becoming bricks and clicks organization, the requirement to advance these organizations required certified peoples to work with them and. A professional person holding Microsoft certifications in his hand is often valued over other workforce all around the planet. Among all on hand Microsoft certifications, one of the most accepted one is MCTS Training, Microsoft Certified Technology Specialist focus on emerging technological prospective and employing these concerns for progressing in Information Technology industry. If you have certain required abilities for this exam you can pass it quite effortlessly. These abilities take in the following:

 

Intro on MCTS Certification 
The MCTS certification is the one, which helps the candidate to step into the IT industry. MCTS also helps the professional who are already in the IT industry to get into a good position in the field. The candidates who are applying for the MCTS Certification should have experience about the network connectivity, desktop operating system, security, and applications. Those who are very good in these areas can have the MCTS certification without any problem and they may be experienced in a particular filed. The future of the certification will be very good and more demand will be there for MCTS certified professional. There are lots and lots of products that are developed with Microsoft Technology. Microsoft develops products which is very helpful for the users.

 

What expertise and skills MCTS certification demands? 
Though you can acquire a reputable status by obtaining this certification, but it obviously demands a few expertises’s that you must have. For this reason, you must be able in:
Computer network literacy 
Solving logon related problems 
Creating as well as maintaining the desktop applications 
Executing password resets and others alike

 

MCTS certification will enhance your
Windows technologies
MCTS: .NET Framework 2.0 Web Applications
Microsoft SQL Server technologies
Microsoft Exchange Server technology
Other technologies

 

To get this certification, you will require an experience of at least two years in implementing, troubleshooting, and debugging a given technology. One can say that this certification is the foundation for all the different Microsoft Certifications that are meant to validate your expertise in the functionality and features of Microsoft key technologies. As an IT professional, either you can demonstrate your in-depth knowledge in a given technical application or choose to earn as many MCTS training as you want to endorse your capabilities across a number of Microsoft products. However, it is all the more essential to constantly update your certification to enhance your competency under today’s robust IT scenario.

 

If your preparing for career change and looking for MCTS Online Training Certkingdom.com is the best online training provider that provide the all the and complete MCTS certification exams training in just one package, certkingdom self study training kits, save your money on bootcamps, training institutes, It’s also save your traveling and time. All training materials are “Guaranteed” to pass your exams and get you certified on the fist attempt, due to best training CertKingdom become no1 site.

Go to Top