Category Archives: Cisco

350-601 Implementing and Operating Cisco Data Center Core Technologies Exam

Duration: 120 minutes
Languages: English

Exam overview
This exam tests your knowledge of implementing core data center technologies, including:
Network
Compute
Storage network
Automation
Security

Exam preparation
Prepare for your certification exam with official Cisco training or study on your own with self-study resources found on the Cisco Learning Network.
Official Cisco training

Examkingdom Cisco 350-601 Exam pdf,

MCTS Training, MCITP Trainnig

Best Cisco 350-601 Downloads, Cisco 350-601 Dumps at Certkingdom.com

Implementing and Operating Cisco Data Center Core Technologies (DCCOR)

Self-study resources
DCCOR training videos
DCCOR study materials

Exam Description:
Implementing Cisco Data Center Core Technologies v1.1 (DCCOR 350-601) is a 120-minute exam associated with the CCNP and CCIE Data Center Certifications. This exam certifies a candidate’s knowledge of implementing core data center technologies including network, compute, storage network, automation, and security. The course, Implementing Cisco Data Center Core Technologies, helps candidates to prepare for this exam.
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

25% 1.0 Network
1.1 Apply routing protocols
1.1.a OSPFv2 and OSPFv3
1.1.b MP-BGP
1.1.c PIM
1.1.d FHRP
1.2 Apply switching protocols such as RSTP+, LACP and vPC
1.3 Apply overlay protocols such as VXLAN EVPN
1.4 Apply ACI concepts
1.4.a Fabric setup
1.4.b Access policies
1.4.c VMM
1.5 Analyze packet flow (unicast, multicast, and broadcast)
1.6 Describe Cloud service and deployment models (NIST 800-145)
1.7 Describe software updates and their impacts
1.7.a Disruptive / nondisruptive
1.7.b EPLD
1.7.c Patches
1.8 Implement network configuration management
1.9 Implement infrastructure monitoring such as NetFlow and SPAN
1.10 Explain network assurance concepts such as streaming telemetry
1.11 Describe the capabilities and features of Nexus Dashboard

25% 2.0 Compute

2.1 Implement Cisco Unified Compute System Rack Servers
2.2 Implement Cisco Unified Compute System Blade Chassis
2.2.a Initial setup
2.2.b Infrastructure management
2.2.c Network management (VLANs, pools and policies, templates, QoS)
2.2.d Storage management (SAN connectivity, Fibre Channel zoning, VSANs, WWN pools, SAN policies, templates)
2.2.e Server management (Server pools and boot policies)
2.3 Explain HyperFlex Infrastructure Concepts and benefits (Edge and Hybrid Architecture vs all-flash)
2.4 Describe firmware and software updates and their impacts on B-Series and C-Series servers
2.5 Implement compute configuration management (Backup and restore)
2.6 Implement infrastructure monitoring such as SPAN and Cisco Intersight

20% 3.0 Storage Network

3.1 Implement Fibre Channel
3.1.a Switch fabric initialization
3.1.b Port channels
3.1.c FCID
3.1.d CFS
3.1.e Zoning
3.1.f FCNS
3.1.g Device alias
3.1.h NPV and NPIV
3.1.i VSAN
3.2 Implement FCoE Unified Fabric
3.3 Describe NFS and NAS concepts
3.4 Describe software updates and their impacts (Disruptive/nondisruptive and EPLD)
3.5 Implement infrastructure monitoring

15% 4.0 Automation

4.1 Implement automation and scripting tools
4.1.a EEM
4.1.b Scheduler
4.1.c Bash Shell and Guest Shell for NX-OS
4.1.d REST API (NX-API, JSON and XML encodings)
4.1.e On-box Python
4.2 Evaluate automation and orchestration technologies
4.2.a Ansible
4.2.b Python
4.2.c POAP
4.2.d Cisco Nexus Dashboard Fabric Controller
4.2.e PowerShell
4.2.f Terraform

15% 5.0 Security

5.1 Apply network security
5.1.a AAA and RBAC
5.1.b ACI contracts and microsegmentation
5.1.c First-hop security features
5.1.d Keychain authentication
5.2 Apply compute security
5.2.a AAA and RBAC
5.3 Apply storage security
5.3.a AAA and RBAC
5.3.b Port security
5.3.c Fabric binding


QUESTION 1
An engineer is implementing OTV on a transport that supports multicast. The solution needs to meet the following requirements:
Establish adjacency to the remote peer by using multicast.
Enable OTV advertisements for VLAN 100 to the other site.
Which two commands should be configured to meet these requirements? (Choose two.)

A. otv site-vlan 100
B. otv data-group 232.2.2.0
C. otv use-adjacency-server 172.27.255.94
D. otv extend-vlan 100
E. otv control-group 232.1.1.1

Answer: DE

QUESTION 2
An engineer updated firmware on Fabric Interconnects and activates it. However, the endpoint fails to boot from the new firmware image. What is expected to occur in this case?

A. The system defaults to the backup image version
B. The system defaults to and boots into GOLD firmware image
C. The system defaults to the GOLD firmware image
D. The system defaults to and boots into kickstart image

Answer: A

QUESTION 3
Which configuration statically assigns VSAN membership to a virtual Fibre Channel interface?

A. switch(config-vsan-cb># vsan 100 bind interface fc 3
B. switch<config-vsan-db)# vsan 100 bind interface vfc 31
C. switch(config-vsan-db># vsan 100 fc 3
D. switch(config-vsan-db)# vsan 100 interface vfc 31

Answer: D

QUESTION 4
An engineer must configure OSPF routing on Cisco Nexus 9000 Series Switches. The IP subnet of the
Eth 1 interface for both switches must be advertised via OSPF. However, these interfaces must not
establish OSPF adjacency or send routing updates. The current OSPF adjacency over the interface
Eth1 on SW1 and Eth1 on SW2 must remain unaffected. Which configuration must be applied to
both Nexus switches to meet these requirements?

A. interface ethernet 1
passive-interface default

B. Interface ethernet 1
Ip ospf network point-to-point

C. interface ethernet 1
ip ospf passive-interface

D. interface ethernet 1
no ip ospf passive-Interface

Answer: C

QUESTION 6
An engineer needs to perform a backup of user roles and locales from Cisco UCS Manager to
replicate the setting to a different fabric interconnect. The engineer wants to review the file before
importing it to a target fabric interconnect. Which backup type must be selected to meet these requirements?

A. all configuration
B. system configuration
C. logical configuration
D. full state

Answer: B

QUESTION 7
An engineer must configure HTTPS secure management for Cisco UCS Manager using a key ring
named kr2016 and a key size of 1024 bits. The environment consists of a primary fabric interconnect
named UCS-A and a secondary fabric interconnect named UCS-B. Which command sequence must
be used to accomplish this goal?

A. Option A
B. Option B
C. Option C
D. Option D

Answer: B


QUESTION 8
Which server policy is used to install new Cisco IMC software on a server?

A. host firmware policy
B. hypervisor firmware policy
C. BIOS software policy
D. Cisco IMC software policy

Answer: A

QUESTION 9
A network engineer must perform a backup and restore of the Cisco Nexus 5000 Series Switch
configuration. The backup must be made to an external backup server. The only protocol permitted
between the Cisco Nexus switch and the backup server is UDP. The backup must be used when the
current working configuration of the switch gets corrupted. Which set of steps must be taken to meet
these requirements?

A. 1 Perform a startup-config backup to an FTP server.
2 Copy startup-config in the boot flash to the running-config file

B. 1 Perform a running-config backup to an SFTP server
2 Copy backup-config from the SFTP server to the running-config file

C. 1 Perform a running-config backup to an SCP server
2 Copy running-config in the boot flash to the running-config file

D. 1 Perform a startup-config backup to a TFTP server
2 Copy backup-config from the backup server to the running-config file

Answer: D

Explanation:
TFTP is the only protocol that uses UDP. FTP, SFTP, and SCP use TCP.

QUESTION 11
A customer wants to offload some of its order processing to a public cloud environment.
The customer environment is based on Cisco ACI and uses Puppet with containenzed applications.
The operations team requires a solution to orchestrate and optimize the cost of the new solution.
Which product must be used to meet these requirements?

A. Cisco Intersight
B. Cisco Workload Optimization Manager
C. Cisco CloudCenter
D. Cisco Data Center Network Manager

Answer: C

350-501 Implementing and Operating Cisco Service Provider Network Core Technologies (350-501 SPCOR) Exam

Implementing and Operating Cisco Service Provider Network Core Technologies
Duration: 120 minutes
Languages: English
Price: $400 USD, plus tax or use Cisco Learning Credits

Associated certifications
CCNP Service Provider
CCIE Service Provider
Cisco Certified Specialist – Service Provider Core

Exam overview
This exam tests your knowledge of implementing core service provider network technologies, including:

Core architecture
Services
Networking
Automation
Quality of services
Security
Network assurance

Implementing and Operating Cisco Service ProviderNetwork Core Technologies v1.0 (350-501)

Examkingdom Cisco 350-501 Exam pdf,

MCTS Training, MCITP Trainnig

Best Cisco 350-501 Downloads, Cisco 350-501 Dumps at Certkingdom.com

Exam Description:
Implementing and Operating Cisco Service Provider Network Core Technologies v1.0 (SPCOR 350-501) is a 120-minute exam associated with the CCNP and CCIE Service Provider
Certifications. This exam tests a candidate’s knowledge of implementing core service provider network technologies including core architecture, services, networking, automation, quality of services, security,
and network assurance. The course, Implementing and Operating Cisco Service Provider Network Core Technologies, helps candidates to prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents
of the exam and for clarity purposes, the guidelines below may change at any time without notice.

15% 1.0 Architecture
1.1 Describe service provider architectures
1.1.a Core architectures (Metro Ethernet, MPLS, unified MPLS, SR)
1.1.b Transport technologies (Optical, xDSL, DOCSIS, TDM, and xPON)
1.1.c Mobility (packet core, RAN xhaul transport for 4G and 5G)
1.2 Describe Cisco network software architecture
1.2.a IOS
1.2.b IOS XE
1.2.c IOS XR
1.3 Describe service provider virtualization
1.3.a NFV infrastructure
1.3.b VNF workloads
1.3.c OpenStack
1.4 Describe QoS architecture
1.4.a MPLS QOS models (Pipe, Short Pipe, and Uniform)
1.4.b MPLS TE QoS (MAM, RDM, CBTS, PBTS, and DS-TE)
1.4.c DiffServ and IntServ QoS models
1.4.d Trust boundaries between enterprise and SP environments
1.4.e IPv6 flow label
1.5 Configure and verify control plan security
1.5.a Control plane protection techniques (LPTS and CoPP)
1.5.b BGP-TTL security and protocol authentication
1.5.c BGP prefix suppression
1.5.d LDP security (authentication and label allocation filtering)
1.5.e BGP sec
1.5.f BGP flowspec
1.6 Describe management plane security
1.6.a Traceback
1.6.b AAA and TACACS
1.6.c RestAPI security
1.6.d DdoS
1.7 Implement data plane security
1.7.a uRPF
1.7.b ACLs
1.7.c RTBH

30% 2.0 Networking

2.1 Implement IS-IS (IPv4 and IPv6)
2.1.a Route advertisement
2.1.b Area addressing
2.1.c Multitopology
2.1.d Metrics
2.2 Implement OSPF (v2 and v3)
2.2.a Neighbor adjacency
2.2.b Route advertisement
2.2.c Multiarea (addressing and types)
2.2.d Metrics
2.3 Describe BGP path selection algorithm
2.4 Implement BGP (v4 and v6 for IBGP and EBGP)
2.4.a Neighbors
2.4.b Prefix advertisement
2.4.c Address family
2.4.d Path selection
2.4.e Attributes
2.4.f Redistribution
2.5 Implement routing policy language and route maps (BGP, OSPF, IS-IS)
2.6 Troubleshoot routing protocols
2.6.a Neighbor adjacency (IS-IS, OSPF, BGP)
2.6.b Route advertisement (IS-IS, OSPF, BGP)
2.7 Describe IPv6 transition (NAT44, NAT64, 6RD, MAP, and DS Lite)
2.8 Implement high availability
2.8.a NSF / graceful restart
2.8.b NSR
2.8.c BFD
2.8.d Link aggregation

20% 3.0 MPLS and Segment Routing

3.1 Implement MPLS
3.1.a LDP sync
3.1.b LDP session protection
3.1.c LDP neighbors
3.1.d Unified MPLS
3.1.e MPLS OAM
3.2 Describe traffic engineering
3.2.a ISIS and OSPF extensions
3.2.b RSVP functionality
3.2.c FRR
3.3 Describe segment routing
3.3.a Segment types
3.3.b IGP control plane
3.3.c Segment routing traffic engineering
3.3.d TI-LFa
3.3.e PCE-PCC architectures

20% 4.0 Services

4.1 Describe VPN services
4.1.a EVPN
4.1.b Inter-AS VPN
4.1.c CSC
4.1.d mVPN
4.2 Configure L2VPN and Carrier Ethernet
4.2.a Ethernet services (E-Line, E-Tree, E-Access, E-LAN)
4.2.b IEEE 802.1ad, IEEE 802.1ah, and ITU G.8032
4.2.c Ethernet OAM
4.2.d VLAN tag manipulation
4.3 Configure L3VPN
4.3.a Intra-AS VPN
4.3.b Shared services (extranet and Internet)
4.4 Implement multicast services
4.4.a PIM (PIM-SM, PIM-SSM, and PIM-BIDIR)
4.4.b IGMP v1/v2/v3 and MLD
4.5 Implement QoS services
4.5.a Classification and marking
4.5.b Congestion avoidance, traffic policing, and shaping

15% 5.0 Automation and Assurance

5.1 Describe the programmable APIs used to include Cisco devices in network automation
5.2 Interpret an external script to configure a Cisco device using a REST API
5.3 Describe the role of Network Services Orchestration (NSO)
5.4 Describe the high-level principles and benefits of a data modeling language, such as YANG
5.5 Compare agent vs. agentless configuration management tools, such as Chef, Puppet, Ansible, and SaltStack
5.6 Describe data analytics and model-driven telemetry in service provider
5.7 Configure dial-in/out telemetry streams using gRPC
5.8 Configure and verify NetFlow/IPFIX
5.9 Configure and verify NETCONF and RESTCONF
5.10 Configure and verify SNMP (v2c/v3)


Sample Questions and Answers

QUESTION 1
Egress PE NAT is being used via a single centralized router to provide Internet access to L3VPN customers.
Which description of the NAT operation is true?

A. Users m different VRFs cannot share the same outside global IP address
B. The NAT table contains a field to identify the inside VRF of a translation
C. Multiple address pools are needed for the same L3VPN because each site has a separate NAT
D. The different L3VPNs using the Internet access must not have IP overlaps internally

Answer: B

QUESTION 2
How much must the MTU be increased when configuring the 802.1q VLAN tag?

A. 2 bytes
B. 4 bytes
C. 8 bytes
D. 12 bytes

Answer: B

QUESTION 3
Refer to the exhibit:
Export statistics received do not include the BGP next hop.
Which statement about the NetFlow export statistics is true?

A. Only the origin AS of the source router will be included in the export statistics.
B. Loopback 0 must be participating in BGP for it to be included in the export statistics.
C. The origin AS and the peer-as will be included in the export statistics.
D. To include the BGP next hop in the export statistics, those keywords must be included with the version 9 entry.

Answer: D

QUESTION 4
Refer to the exhibit:
Which three outcomes occur if the prefix list is added to the neighbor? (Choose three)

A. 192.168 0.0 is denied.
B. 192.168 0.0 is denied.
C. 192.168 0.0 is permitted
D. 192.168.0.0 is denied
E. 192.168 0.0 is permitted
F. 192.168 0.0 is permitted

Answer: CDF

QUESTION 5
Which statement about segment routing prefix segments is true?

A. It is linked to a prefix SID that is globally unique within segment routing domain.
B. It is the longest path to a node.
C. It is linked to an adjacency SID that is globally unique within the router.
D. It requires using EIGRP to operate.

Answer: A

QUESTION 6

DRAG DROP
Drag and drop the functions from the left onto the correct Path Computation Element Protocol roles
on the right
Answer:
Explanation:
Path Computation Element (Calculates paths through the network, keeps TE topology database
information, sends path status updates)
Path computation Client (sends path calculation request, sends path creation request)
Path Computation Element (PCE)
Represents a software module (which can be a component or application) that enables the router to
compute paths applying a set of constraints between any pair of nodes within the routers TE
topology database. PCEs are discovered through IGP.
Path Computation Client (PCC)
Represents a software module running on a router that is capable of sending and receiving path
computation requests and responses to and from PCEs. The PCC is typically an LSR (Label Switching
Router).
https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r5-3/mpls/configuration/guide/bmplscg53x-
crs/b-mpls-cg53x-crs_chapter_0110.html#con_1279822

QUESTION 7
You are creating new Cisco MPLS TE tunnels. Which type of RSVP message does the headend router send to reserve bandwidth on the path to the tunnels router?

A. error
B. reservation
C. path
D. tear

Answer: C

QUESTION 8
An engineer is setting up overlapping VPNs to allow VRF ABC and XYZ to communicate with VRF
CENTRAL but wants to make sure that VRF ABC and XYZ cannot communicate. Which configuration accomplishes these objectives?

A. Option A
B. Option B
C. Option C
D. Option D

Answer: C

QUESTION 9
In an MPLS network, which protocol can be used to distribute a Segment Prefix?

A. OSPF
B. LDP
C. RSVP-TE
D. EIGRP

Answer: A

QUESTION 10

DRAG DROP
Drag and drop the NAT64 descriptions from the left onto the correct NAT64 types on the right.
Answer:
Explanation:
Stateful (It has 1: N translation, It uses address overloading, It conservers IPv4 addresses)
Stateless (It is limited on the number of endpoints, It mandates IPv4-translatable IPv6 address allocation)

QUESTION 11

Which statement about Network Services Orchestrator (NSO) is true?

A. It is used only in service provider environments
B. It can be used only with XML coding
C. It uses YANG modeling language to automate devices
D. It must use SDN as an overlay for addressing

Answer: C

QUESTION 12
Which task must be performed first to Implement BFD in an IS-IS environment?

A. Disable Cisco Express Forward.ng on all interfaces running routing protocols other than IS-IS
B. Configure BFD under the IS-IS process
C. Configure all ISIS routers as Level 2 devices
D. Configure BFD in an interface configuration mode

Answer: D

QUESTION 13
An engineer working for telecommunication company with an employee id: 3715 15 021 needs to
secure the LAN network using a prefix list Which best practice should the engineer follow when he implements a prefix list?

A. An engineer must use non sequential sequence numbers in the prefix list so that he can insert additional entries later.
B. The final entry in a prefix list must be
C. An engineer must identity the prefix list with a number only
D. An engineer must include only the prefixes for which he needs to log activity.

Answer: A

500-443 Cisco Advanced Administration and Reporting of Contact Center Enterprise Exam

Associated Certification: Advanced Unified Contact Center Enterprise Specialization requirements for Deployment Engineers
Duration: 90 minutes
Languages: English

Exam overview
This exam tests a candidate’s knowledge of PCCE architecture and components, advance scripting and data exchange, CUCM initiated call flows, advanced configuration, tools, and reporting.

Exam Description:
Advanced Administration and Reporting of Contact Center Enterprise (CCEAAR 500-443) is a 90-minute exam associated with the Advanced Unified Contact Center Enterprise Specialization requirements for Deployment Engineers. This exam tests a candidate’s knowledge of PCCE architecture and components, advance scripting and data exchange, CUCM initiated call flows, advanced configuration, tools, and reporting. The courses Administering Advanced Cisco Contact Center Enterprise, and Reporting Cisco Contact Center Enterprise help candidates to prepare for this exam.

Examkingdom Cisco 500-443 Exam pdf,

MCTS Training, MCITP Trainnig

Best Cisco 500-443 Free downloads , Cisco 500-443 Dumps at Certkingdom.com

Exam topics
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

20% 1.0 Overview
1.1 Understand architecture and components
1.2 Understand PCCE protocols
1.3 Explain PCCE call flow
1.4 Describe PCCE access

15% 2.0 Advanced Scripting and Data Exchange

2.1 Understand CCE Data Exchange
2.2 Describe Call Studio Scripting
2.3 Build CCE Scripting

15% 3.0 CUCM Initiated Call Flows
3.1 Understand transfer types
3.2 Utilize CVP Call Flow models

20% 4.0 Advanced Configuration
4.1 Deploy Finesse gadgets
4.2 Implement mobile agents
4.3 Implement PCS

10% 5.0 Tools

5.1 Implement Bulk import tool

10% 6.0 Reporting
6.1 Understand CUIC foundations
6.2 Utilize CUIC administration and operations console
6.3 Describe CUIC attributes
6.4 Utilize CUIC customization report

QUESTION 1
What should a Call Type be mapped to for successful call routing?

A. Routing Client
B. Scheduled Script
C. Dialed numbed
D. Default Label

Answer: A

Explanation:
A Call Type is mapped to a Routing Client, which is a logical representation of a device that can
receive and process routing requests from the CCE system. Reference = Advanced Administration and
Reporting of Contact Center Enterprise (CCEAAR), page 2

QUESTION 2
Which device access is needed to manage agent phones for UCCE/PCCE?

A. CUCM Admin
B. CCE Web Admin tool
C. Config Manager tool
D. Finesse Admin

Answer: A

Explanation:
A CUCM Admin access is needed to manage agent phones for UCCE/PCCE, as it allows the
administrator to configure device pools, partitions, calling search spaces, and other settings for the
agent phones. Reference = Administering Advanced Cisco Contact Center Enterprise (CCEAA), page 4

QUESTION 3
Which two components exchange data between Expanded Call Context Variables? (Choose two.)

A. CCE and Finesse
B. CVP and Finesse
C. Finesse and VXML Server
D. CUCM and PCCE
E. CCE and CVP

Answer: B, E

Explanation:
B CVP and Finesse exchange data between Expanded Call Context Variables, as CVP can pass ECC
variables to Finesse through the User to User Information (UUI) field in the SIP header. E CCE and
CVP exchange data between Expanded Call Context Variables, as CCE can pass ECC variables to CVP
through the Peripheral Interface Manager (PIM) or the VRU Peripheral Gateway (VPG) depending on
the deployment model. Reference = Advanced Administration and Reporting of Contact Center
Enterprise (CCEAAR), page 6; [Cisco Unified Contact Center Enterprise Features Guide, Release 12.5(1)], page 23

QUESTION 4
Which two call transfers are supported in PCCE Deployments? (Choose two.)

A. SRTP Refer
B. Release VXML Trunk Transfer
C. CCE Managed Transfer
D. CUCM Destination Transfer
E. SIP Refer

Answer: C, E

Explanation:
C CCE Managed Transfer is supported in PCCE Deployments, as it allows the agent to transfer a call to
another agent or skill group within the same PCCE system using the Finesse desktop. E SIP Refer is
supported in PCCE Deployments, as it allows the agent to transfer a call to an external destination
using the SIP Refer method. Reference = [Cisco Unified Contact Center Enterprise Features Guide,
Release 12.5(1)], page 43; [Cisco Unified Contact Center Enterprise Solution Reference Network
Design (SRND), Release 12.5(1)], page 101

QUESTION 5
What is the role of CVP in UCCE/PCCE?

A. interface between CUBE and UCCE/PCCE
B. queuing and self-service IVR
C. call routing brain of PCCE/UCCE
D. plays IVR Prompts to Callers

Answer: B

Explanation:
The role of CVP in UCCE/PCCE is queuing and self-service IVR, as it provides voice response
applications that can interact with callers, collect information, and queue calls for treatment by
agents or other destinations. Reference = [Cisco Unified Contact Center Enterprise Solution
Reference Network Design (SRND), Release 12.5(1)], page 9

200-301 Cisco Certified Network Associate Exam

Duration: 120 minutes
Languages: English and Japanese
Price: $ USD, plus tax or use Cisco Learning Credits
Associated certification : CCNA

Exam overview
This exam tests your knowledge and skills related to:

Network fundamentals
Network access
IP connectivity
IP services
Security fundamentals
Automation and programmability

Exam Description: CCNA Exam v1.0 (CCNA 200-301) is a 120-minute exam associated with the CCNA certification. This exam tests a candidate’s knowledge and skills related to network fundamentals, network access, IP connectivity, IP services, security fundamentals, and automation and programmability. The course, Implementing and Administering Cisco Solutions (CCNA), helps candidates prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Examkingdom Cisco 200-301 Exam pdf,

MCTS Training, MCITP Trainnig

Best Cisco 200-301 Free downloads , Cisco 200-301 Dumps at Certkingdom.com

20% 1.0 Network Fundamentals
1.1 Explain the role and function of network components
1.1.a Routers
1.1.b Layer 2 and Layer 3 switches
1.1.c Next-generation firewalls and IPS
1.1.d Access points
1.1.e Controllers (Cisco DNA Center and WLC)
1.1.f Endpoints
1.1.g Servers
1.1.h PoE
1.2 Describe characteristics of network topology architectures
1.2.a Two-tier
1.2.b Three-tier
1.2.c Spine-leaf
1.2.d WAN
1.2.e Small office/home office (SOHO)
1.2.f On-premise and cloud
1.3 Compare physical interface and cabling types
1.3.a Single-mode fiber, multimode fiber, copper
1.3.b Connections (Ethernet shared media and point-to-point)
1.4 Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed)
1.5 Compare TCP to UDP
1.6 Configure and verify IPv4 addressing and subnetting
1.7 Describe the need for private IPv4 addressing
1.8 Configure and verify IPv6 addressing and prefix
1.9 Describe IPv6 address types
1.9.a Unicast (global, unique local, and link local)
1.9.b Anycast
1.9.c Multicast
1.9.d Modified EUI 64
1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux)
1.11 Describe wireless principles
1.11.a Nonoverlapping Wi-Fi channels
1.11.b SSID
1.11.c RF
1.11.d Encryption
1.12 Explain virtualization fundamentals (server virtualization, containers, and VRFs)
1.13 Describe switching concepts
1.13.a MAC learning and aging
1.13.b Frame switching
1.13.c Frame flooding
1.13.d MAC address table

20% 2.0 Network Access

2.1 Configure and verify VLANs (normal range) spanning multiple switches
2.1.a Access ports (data and voice)
2.1.b Default VLAN
2.1.c InterVLAN connectivity
2.2 Configure and verify interswitch connectivity
2.2.a Trunk ports
2.2.b 802.1Q
2.2.c Native VLAN
2.3 Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP)
2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)
2.5 Interpret basic operations of Rapid PVST+ Spanning Tree Protocol
2.5.a Root port, root bridge (primary/secondary), and other port names
2.5.b Port states (forwarding/blocking)
2.5.c PortFast
2.6 Describe Cisco Wireless Architectures and AP modes
2.7 Describe physical infrastructure connections of WLAN components (AP, WLC, access/trunk ports, and LAG)
2.8 Describe AP and WLC management access connections (Telnet, SSH, HTTP, HTTPS, console, and TACACS+/RADIUS)
2.9 Interpret the wireless LAN GUI configuration for client connectivity, such as WLAN creation, security settings, QoS profiles, and advanced settings

25% 3.0 IP Connectivity
3.1 Interpret the components of routing table
3.1.a Routing protocol code
3.1.b Prefix
3.1.c Network mask
3.1.d Next hop
3.1.e Administrative distance
3.1.f Metric
3.1.g Gateway of last resort
3.2 Determine how a router makes a forwarding decision by default
3.2.a Longest prefix match
3.2.b Administrative distance
3.2.c Routing protocol metric
3.3 Configure and verify IPv4 and IPv6 static routing
3.3.a Default route
3.3.b Network route
3.3.c Host route
3.3.d Floating static
3.4 Configure and verify single area OSPFv2
3.4.a Neighbor adjacencies
3.4.b Point-to-point
3.4.c Broadcast (DR/BDR selection)
3.4.d Router ID
3.5 Describe the purpose, functions, and concepts of first hop redundancy protocols

10% 4.0 IP Services

4.1 Configure and verify inside source NAT using static and pools
4.2 Configure and verify NTP operating in a client and server mode
4.3 Explain the role of DHCP and DNS within the network
4.4 Explain the function of SNMP in network operations
4.5 Describe the use of syslog features including facilities and levels
4.6 Configure and verify DHCP client and relay
4.7 Explain the forwarding per-hop behavior (PHB) for QoS, such as classification, marking, queuing, congestion, policing, and shaping
4.8 Configure network devices for remote access using SSH
4.9 Describe the capabilities and functions of TFTP/FTP in the network

15% 5.0 Security Fundamentals
5.1 Define key security concepts (threats, vulnerabilities, exploits, and mitigation techniques)
5.2 Describe security program elements (user awareness, training, and physical access control)
5.3 Configure and verify device access control using local passwords
5.4 Describe security password policies elements, such as management, complexity, and password alternatives (multifactor authentication, certificates, and biometrics)
5.5 Describe IPsec remote access and site-to-site VPNs
5.6 Configure and verify access control lists
5.7 Configure and verify Layer 2 security features (DHCP snooping, dynamic ARP inspection, and port security)
5.8 Compare authentication, authorization, and accounting concepts
5.9 Describe wireless security protocols (WPA, WPA2, and WPA3)
5.10 Configure and verify WLAN within the GUI using WPA2 PSK

10% 6.0 Automation and Programmability
6.1 Explain how automation impacts network management
6.2 Compare traditional networks with controller-based networking
6.3 Describe controller-based, software defined architecture (overlay, underlay, and fabric)
6.3.a Separation of control plane and data plane
6.3.b Northbound and Southbound APIs
6.4 Compare traditional campus device management with Cisco DNA Center enabled device management
6.5 Describe characteristics of REST-based APIs (CRUD, HTTP verbs, and data encoding)
6.6 Recognize the capabilities of configuration management mechanisms Puppet, Chef, and Ansible
6.7 Recognize components of JSON-encoded data

QUESTION 1
Which authentication method allows a user to log in to an SSO-enabled Cisco Unified Communications application by utilizing a Microsoft Windows login, thereby not requiring any credentials to be entered?

A. Smart Card
B. OAuth
C. form-based
D. Kerberos

Answer: B

Explanation:
The main advantage of Kerberos authentication compared to the other authentication methods is that you do not need to provide your credentials when you log in to Cisco Jabber. If you use Kerberos, the client does not prompt users for credentials, because authentication was already provided to gain access to the Windows desktop. This authentication method allows you to log in to Cisco Jabber with your Microsoft Windows login.

QUESTION 2
When Cisco IM and Presence is configured to use automatic fallback, how long does the Server Recovery Manager service wait for a failed service/server to remain active before an automatic fallback is initiated?

A. 10 minutes
B. 20 minutes
C. 30 minutes
D. 1 hour

Answer: C

Explanation:
Automatic Fallback
Automatic fallback takes place when the server monitors the services and the Server Recovery Manager(SRM) service will automatically fallback users to their homed nodes. The key in this configuration is that the Server Recovery Manager(SRM) service will wait 30 minutes for a failed service/server to remain active before an automatic fallback is initiated. Once this 30 minute up time is established, user sessions are moved back to their homed nodes. The Jabber client will apply the re-log in upper and lower limits for the fallback. Automatic fallback is not the default configuration, but it can be enabled. To enable automatic fallback, change the Enable Automatic Fallback
parameter in the Server Recovery Manager Service Parameters to value True.

QUESTION 3

Which entity is a standard component used for authentication by SAML 2.0?

A. identity provider
B. session broker
C. Internet service provider
D. client access server

Answer: A

QUESTION 4
An engineer must configure a test user mailbox in a newly deployed Cisco Unity Express module. Which console command set reflects the correct configuration in this scenario?

A. Option A
B. Option B
C. Option C
D. Option D

Answer: A

QUESTION 5
Which two command line arguments can you specify when installing Cisco Jabber for windows? (Choose two.)

A. CISCO_UDS_DOMAIN
B. TFTP_ADDRESS
C. VOICEMAIL_SERVER_ADDRESS
D. SERVICES_DOMAIN
E. TFTP

Answer: D, E

QUESTION 6
Which description of an IdP server is true?

A. authenticates user credentials
B. provides user authorization
C. is an authentication request that is generated by a Cisco Unified Communications application
D. consists of pieces of security information that are transferred to the service provider for user authentication

Answer: A

Explanation:
SSO uses Security Assertion Markup Language (SAML) to exchange authentication details between an Identity Provider (IdP) and a service provider. The identity provider authenticates user credentials and issues SAML assertions, which are pieces of security information transferred from the identity provider to the service provider for user authentication. Each assertion is an XML document that

300-810 Implementing Cisco Collaboration Applications (300-810 CLICA) Exam

Associated certifications
CCNP Collaboration
Cisco Certified Specialist – Collaboration Applications Implementation

Exam overview
This exam tests your knowledge of collaboration applications, including:

Single sign-on
Cisco Unified IM and Presence
Cisco Unity Connection and Cisco Unity Express
Application clients

Exam Description
Implementing Cisco Collaboration Applications v1.1 (300-810) Exam Description: Implementing Cisco Collaboration Applications v1.1 (CLICA 300-810) is a 90-minute exam associated with the CCNP Collaboration Certification. This exam certifies a candidate’s knowledge of collaboration applications, including single sign-on, Cisco Unified IM and Presence, Cisco Unity Connection, Cisco Unity Express, and application clients.

The course, Implementing Cisco Collaboration Applications, helps candidates to prepare for this exam. The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Examkingdom Cisco 300-810 Exam pdf,

MCTS Training, MCITP Trainnig

Best Cisco 300-810 Free downloads , Cisco 300-810 Dumps at Certkingdom.com

15% 1.0 Single Sign-On (SSO) for Collaboration Applications
1.1 Describe these types of SSO as they relate to Collaboration
1.1.a Integrated Windows AD
1.1.b Kerberos
1.1.c Two-factor authentication (2FA)
1.1.d Third-party IdP
1.2 Describe the SAML SSO login process flow in the context of Cisco Collaboration solutions
1.3 Describe these components of SAML 2.0 and later
1.3.a Assertion
1.3.b Protocol
1.3.c Binding
1.3.d Profiles
1.4 Describe SAML SSO configuration
1.5 Describe OAuth 2.0

30% 2.0 Cisco Unified IM and Presence and Cloud Messaging

2.1 Configure Cisco Unified IM and Presence on premises
2.1.a High availability
2.1.b Calendar integration
2.1.c Apple Push Notification Service
2.1.d Persistent chat
2.1.e Federation configuration (XMPP and SIP)
2.1.f Centralized Cisco Unified IM and Presence
2.1.g Hybrid Message Service
2.2 Troubleshoot Cisco Unified IM and Presence on-premises
2.2.a XMPP
2023 Cisco Systems, Inc. This document is Cisco Public. Page 2
2.2.b High availability
2.2.c Calendar integration
2.2.d Apple Push Notification Service
2.2.e Persistent chat
2.2.f Federation configuration (XMPP and SIP)
2.2.g Message Archiver Service

30% 3.0 Cisco Unity Connection

3.1 Configure these in Cisco Unity Connection
3.1.a Call handlers
3.1.b Voicemail transfers and greetings
3.1.c Routing rules
3.1.d Distribution lists
3.1.e LDAP integration
3.2 Troubleshoot these in Cisco Unity Connection
3.2.a Call handlers
3.2.b Voicemail transfers and greetings
3.2.c AutoAttendant
3.2.d Routing rules
3.2.e MWI
3.3 Implement toll fraud prevention
3.4 Troubleshoot Cisco Unity Connection integration options with Cisco UCM
3.5 Describe digital networking in multicluster deployments in Cisco Unity Connection

25% 4.0 Application Clients

4.1 Configure DNS for service discovery
4.2 Troubleshoot service discovery
4.3 Troubleshoot Cisco Jabber and Webex App phone control
4.4 Troubleshoot Cisco Jabber and Webex App voicemail integration
4.5 Troubleshoot certificate validation
4.6 Describe the Cisco Unified Attendant Console Advanced integration
4.7 Troubleshoot Webex App functions
4.7.a Login process
4.7.b Call signaling
4.7.c Voice/video quality

QUESTION 1
Which authentication method allows a user to log in to an SSO-enabled Cisco Unified Communications application by utilizing a Microsoft Windows login, thereby not requiring any credentials to be entered?

A. Smart Card
B. OAuth
C. form-based
D. Kerberos

Answer: D

Explanation:
The main advantage of Kerberos authentication compared to the other authentication methods is
that you do not need to provide your credentials when you log in to Cisco Jabber. If you use Kerberos,
the client does not prompt users for credentials, because authentication was already provided to
gain access to the Windows desktop. This authentication method allows you to log in to Cisco Jabber
with your Microsoft Windows login.

QUESTION 2
When Cisco IM and Presence is configured to use automatic fallback, how long does the Server
Recovery Manager service wait for a failed service/server to remain active before an automatic fallback is initiated?

A. 10 minutes
B. 20 minutes
C. 30 minutes
D. 1 hour

Answer: C

Explanation:
Automatic Fallback
Automatic fallback takes place when the server monitors the services and the Server Recovery
Manager(SRM) service will automatically fallback users to their homed nodes. The key in this
configuration is that the Server Recovery Manager(SRM) service will wait 30 minutes for a failed
service/server to remain active before an automatic fallback is initiated. Once this 30 minute up time
is established, user sessions are moved back to their homed nodes. The Jabber client will apply the
re-log in upper and lower limits for the fallback. Automatic fallback is not the default configuration,
but it can be enabled. To enable automatic fallback, change the Enable Automatic Fallback
parameter in the Server Recovery Manager Service Parameters to value True.

QUESTION 3

Which entity is a standard component used for authentication by SAML 2.0?

A. identity provider
B. session broker
C. Internet service provider
D. client access server

Answer: A

QUESTION 4
An engineer must configure a test user mailbox in a newly deployed Cisco Unity Express module.
Which console command set reflects the correct configuration in this scenario?

A. Option A
B. Option B
C. Option C
D. Option D

Answer: A

QUESTION 5
Which two command line arguments can you specify when installing Cisco Jabber for windows? (Choose two.)

A. CISCO_UDS_DOMAIN
B. TFTP_ADDRESS
C. VOICEMAIL_SERVER_ADDRESS
D. SERVICES_DOMAIN
E. TFTP

Answer: DE

QUESTION 6
Which description of an IdP server is true?

A. authenticates user credentials
B. provides user authorization
C. is an authentication request that is generated by a Cisco Unified Communications application
D. consists of pieces of security information that are transferred to the service provider for user authentication

Answer: A

300-735 Automating and Programming Cisco Security Solutions (SAUTO) Exam

This exam tests your knowledge of implementing security automated solutions, including:
Programming concepts
RESTful APIs
Data models
Protocols
Firewalls
Web
DNS
Cloud and email security
ISE

Exam Description
The Automating and Programming Cisco Security Solutions v1.0 (SAUTO 300-735) exam is a 90-minute exam associated with the CCNP Security, Cisco Certified DevNet Professional, and Cisco Certified DevNet Specialist – Security Automation and Programmability certifications. This exam tests a candidate’s knowledge of implementing Security automated solutions, including programming concepts, RESTful APIs, data models, protocols, firewalls, web, DNS, cloud and email security, and ISE. The course, Implementing Cisco Security Automation Solutions, helps candidates to prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.1 Utilize common version control operations with git (add, clone, push, commit, diff, branching, and merging conflict)
1.2 Describe characteristics of API styles (REST and RPC)
1.3 Describe the challenges encountered and patterns used when consuming APIs synchronously and asynchronously
1.4 Interpret Python scripts containing data types, functions, classes, conditions, and looping
1.5 Describe the benefits of Python virtual environments
1.6 Explain the benefits of using network configuration tools such as Ansible and Puppet for automating security platforms

2.1 Describe the event streaming capabilities of Firepower Management Center eStreamer API
2.2 Describe the capabilities and components of these APIs
2.2.a Firepower (Firepower Management Center and Firepower Device Management)
2.2.b ISE
2.2.c pxGRID
2.2.d Stealthwatch Enterprise
2.3 Implement firewall objects, rules, intrusion policies, and access policies using Firepower Management Center API
2.4 Implement firewall objects, rules, intrusion policies, and access policies using Firepower Threat Defense API (also known as Firepower Device Manager API)
2.5 Construct a Python script for pxGrid to retrieve information such as endpoint device type, network policy and security telemetry
2.6 Construct API requests using Stealthwatch API
2.6.a perform configuration modifications
2.6.b generate rich reports

3.1 Describe the capabilities and components of these APIs
3.1.a Umbrella Investigate APIs
3.1.b AMP for endpoints APIs
3.1.c ThreatGRID API
3.2 Construct an Umbrella Investigate API request
3.3 Construct AMP for endpoints API requests for event, computer, and policies
3.4 Construct ThreatGRID APIs request for search, sample feeds, IoC feeds, and threat disposition

4.1 Describe the capabilities and components of these APIs
4.1.a Umbrella reporting and enforcement APIs
4.1.b Stealthwatch cloud APIs
4.1.c Cisco Security Management Appliance APIs

4.2 Construct Stealthwatch cloud API request for reporting
4.3 Construct an Umbrella Reporting and Enforcement API request
4.4 Construct a report using Cisco Security Management Appliance API request (email and web)

Examkingdom Cisco 300-735 Exam pdf,

MCTS Training, MCITP Trainnig

Best Cisco 300-735 Free downloads , Cisco 300-735 Dumps at Certkingdom.com

QUESTION 1
Which of the following is typically used to manage a Cisco router in-band? (Select the best answer.)

A. a VTY port
B. a serial port
C. a console port
D. an auxiliary port

Correct Answer: A

QUESTION 2
Which of the following enables the validation of both user and device credentials in a single EAP transaction? (Select the best answer.)

A. PEAP
B. EAP-FAST
C. EAP-FAST with EAP chaining
D. EAP-MD5

Correct Answer: C

QUESTION 3
Which of the following features protects the control plane by classifying traffic into three separate control plane subinterfaces? (Select the best answer.)

A. CoPP
B. CPPr
C. RBAC
D. uRPF

Correct Answer: B

QUESTION 4
Which of the following is an outputspreading technique that spammers use to manipulate reputation scores and defeat filters? (Select the best answer.)

A. phishing
B. snowshoe spam
C. waterfalling
D. listwashing

Correct Answer: B

300-725 Securing the Web with Cisco Web Security Appliance (300-725 SWSA) Exam

Duration: 90 minutes
Languages: English and Japanese

Associated certifications
CCNP Security
Cisco Certified Specialist – Web Content Security

Exam overview
This exam tests your knowledge of Cisco Web Security Appliance, including:

Proxy services
Authentication
Decryption policies
Differentiated traffic access policies and identification policies
Acceptable use control settings
Malware defense
Data security and data loss prevention

Exam Description:
Securing the Web with Cisco Web Security Appliance v1.0 (SWSA 300-725) is a 90-minute exam associated with the CCNP Security Certification. This exam tests a candidate’s knowledge of Cisco Web Security Appliance, including proxy services, authentication, decryption policies differentiated traffic access policies and identification policies, acceptable use control settings, malware defense, and data security and data loss prevention. The course, Securing Web with Cisco Email Security Appliance, helps candidates to prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Examkingdom Cisco 300-725 Exam pdf,

MCTS Training, MCITP Trainnig

Best Cisco 300-725 Free downloads , Cisco 300-725 Dumps at Certkingdom.com

10% 1.0 Cisco WSA Features
1.1 Describe Cisco WSA features and functionality
1.1.a Proxy service
1.1.b Cognitive Threat Analytics
1.1.c Data loss prevention service
1.1.d Integrated L4TM service
1.1.e Management tools
1.2 Describe WSA solutions
1.2.a Cisco Advanced Web Security Reporting
1.2.b Cisco Content Security Management Appliance
1.3 Integrate Cisco WSA with Splunk
1.4 Integrate Cisco WSA with Cisco ISE
1.5 Troubleshoot data security and external data loss using log files

20% 2.0 Configuration

2.1 Perform initial configuration tasks on Cisco WSA
2.2 Configure an Acceptable Use Policy
2.3 Configure and verify web proxy features
2.3.a Explicit proxy functionality
2.3.b Proxy access logs using CLI
2.3.c Active directory proxy authentication
2.4 Configure a referrer header to filter web categories

10% 3.0 Proxy Services
3.1 Compare proxy terms
3.1.a Explicit proxy vs. transparent proxy
3.1.b Upstream proxy vs. downstream proxy
3.2 Describe tune caching behavior for safety or performance
3.3 Describe the functions of a Proxy Auto-Configuration (PAC) file
3.4 Describe the SOCKS protocol and the SOCKS proxy services

10% 4.0 Authentication

4.1 Describe authentication features
4.1.a Supported authentication protocols
4.1.b Authentication realms
4.1.c Supported authentication surrogates supported
4.1.d Bypassing authentication of problematic agents
4.1.e Authentication logs for accounting records
4.1.f Re-authentication
4.2 Configure traffic redirection to Cisco WSA using explicit forward proxy mode
4.3 Describe the FTP proxy authentication
4.4 Troubleshoot authentication issues

10% 5.0 Decryption Policies to Control HTTPS Traffic

5.1 Describe SSL and TLS inspection
5.2 Configure HTTPS capabilities
5.2.a HTTPS decryption policies
5.2.b HTTPS proxy function
5.2.c ACL tags for HTTPS inspection
5.2.d HTTPS proxy and verify TLS/SSL decryption
5.2.e Certificate types used for HTTPS decryption
5.3 Configure self-signed and intermediate certificates within SSL/TLS transactions

10% 6.0 Differentiated Traffic Access Policies and Identification Profiles

6.1 Describe access policies
6.2 Describe identification profiles and authentication
6.3 Troubleshoot using access logs

10% 7.0 Acceptable Use Control

7.1 Configure URL filtering
7.2 Configure the dynamic content analysis engine
7.3 Configure time-based & traffic volume acceptable use policies and end user notifications
7.4 Configure web application visibility and control (Office 365, third-party feeds)
7.5 Create a corporate global acceptable use policy
7.6 Implement policy trace tool to verify corporate global acceptable use policy
7.7 Configure WSA to inspect archive file types

10% 8.0 Malware Defense

8.1 Describe anti-malware scanning
8.2 Configure file reputation filtering and file analysis
8.3 Describe Advanced Malware Protection (AMP)
8.4 Describe integration with Cognitive Threat Analytics

10% 9.0 Reporting and Tracking Web Transactions

9.1 Configure and analyze web tracking reports
9.2 Configure Cisco Advanced Web Security Reporting (AWSR)
9.2.a Basic web usage
9.2.b Custom filters
9.3 Troubleshoot connectivity issues

QUESTION 1
What causes authentication failures on a Cisco WSA when LDAP is used for authentication?

A. when the passphrase contains only 5 characters
B. when the passphrase contains characters that are not 7-bit ASCI
C. when the passphrase contains one of following characters ‘@ # $ % ^’
D. when the passphrase contains 50 characters

Answer: B

QUESTION 2
Refer to the exhibit. Which statement about the transaction log is true?

A. The log does not have a date and time
B. The proxy had the content and did not contact other servers
C. The transaction used TCP destination port 8187
D. The AnalizeSuspectTraffic policy group was applied to the transaction

Answer: D

QUESTION 3
Which two features can be used with an upstream and downstream Cisco WSA web proxy to have the upstream WSA identify users by their client IP address? (Choose two.)

A. X-Forwarded-For
B. high availability
C. web cache
D. via
E. IP spoofing

Answer: A,D

300-730 Implementing Secure Solutions with Virtual Private Networks (SVPN 300-730) Exam

300-730 SVPN : Implementing Secure Solutions with Virtual Private Networks
Duration: 90 minutes
Languages: English and Japanese

Associated certifications
CCNP Security
Cisco Certified Specialist – Network Security VPN Implementation

Exam overview
This exam tests your knowledge of implementing secure remote communications with Virtual Private Network (VPN) solutions, including:

Secure communications
Architectures
Troubleshooting

Exam Description:
Implementing Secure Solutions with Virtual Private Networks v1.1 (SVPN 300-730) is a 90-minute exam associated with the CCNP Security Certification. This exam tests a candidate’s knowledge of implementing secure remote communications with Virtual Private Network (VPN) solutions including secure communications, architectures, and troubleshooting. The course, Implementing Secure Solutions with Virtual Private Networks, helps candidates to prepare for this exam.
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Examkingdom Cisco 300-730 Exam pdf,

MCTS Training, MCITP Trainnig

Best Cisco 300-730 Free downloads , Cisco 300-730 Dumps at Certkingdom.com

15% 1.0 Site-to-site Virtual Private Networks on Routers and Firewalls
1.1 Describe GETVPN
1.2 Describe uses of DMVPN
1.3 Describe uses of FlexVPN

20% 2.0 Remote access VPNs
2.1 Implement AnyConnect IKEv2 VPNs on ASA and routers
2.2 Implement AnyConnect SSLVPN on ASA
2.3 Implement Clientless SSLVPN on ASA
2.4 Implement Flex VPN on routers

35% 3.0 Troubleshooting using ASDM and CLI

3.1 Troubleshoot IPsec
3.2 Troubleshoot DMVPN
3.3 Troubleshoot FlexVPN
3.4 Troubleshoot AnyConnect IKEv2 on ASA and routers
3.5 Troubleshoot SSL VPN and Clientless SSLVPN on ASA

30% 4.0 Secure Communications Architectures
4.1 Describe functional components of GETVPN, FlexVPN, DMVPN, and IPsec for site-to-site VPN solutions
4.2 Describe functional components of FlexVPN, IPsec, and Clientless SSL for remote access VPN solutions
4.3 Recognize VPN technology based on configuration output for site-to-site VPN solutions
4.4 Recognize VPN technology based on configuration output for remote access VPN solutions
4.5 Describe split tunneling requirements for remote access VPN solutions
4.6 Design site-to-site VPN solutions
4.6.a VPN technology considerations based on functional requirements
4.6.b High availability considerations
4.7 Design remote access VPN solutions
4.7.a VPN technology considerations based on functional requirements
4.7.b High availability considerations
4.7.c Clientless SSL browser and client considerations and requirements
4.8 Describe Elliptic Curve Cryptography (ECC) algorithms

QUESTION 1
DRAG DROP
Drag and drop the correct commands from the right onto the blanks within the code on the left to implement a
design that allow for dynamic spoke-to-spoke communication. Not all commands are used.
Select and Place:

Correct Answer:
Section: Site-to-site Virtual Private Networks on Routers and Firewalls

QUESTION 2
A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?

A. IKEv2 IKE_SA_INIT
B. IKEv2 INFORMATIONAL
C. IKEv2 CREATE_CHILD_SA
D. IKEv2 IKE_AUTH

Correct Answer: B

QUESTION 3
Refer to the exhibit. The DMVPN tunnel is dropping randomly and no tunnel protection is configured. Which
spoke configuration mitigates tunnel drops?

400-007 CCDE Cisco Certified Design Expert Exam Dumps Download

Duration: 120 minutes
Languages: English
Associated certification CCDE v3.0

Exam overview
The CCDE v3.0 Written exam (400-007) will validate that candidates have the expertise to gather and clarify network functional requirements, develop network designs to meet functional specifications, develop implementation plans, convey design decisions and their rationale, and possess expert-level knowledge including:

Business Strategy Design
Control, data, and management plane design
Network Design
Service Design
Security Design

Examkingdom Cisco 400-007 Exam pdf,

MCTS Training, MCITP Trainnig

Best Cisco 400-007 Free downloads , Cisco 400-007 Dumps at Certkingdom.com

CCDE v3.0 Unified Exam Topics
Exam Description:
The exam topics below are general guidelines for the content likely to be included on both the CCDE Written (400-007) and the CCDE Practical exam.
The CCDE v3.0 Written exam (400-007) is a two-hour, multiple choice test with 90-110 questions, that focuses on core Enterprise network architectures and technologies.
The CCDE v3.0 Practical Exam is an 8-hour scenario-based exam, that focuses on core Enterprise network architectures and technologies, as well as on your selected area of expertise.
Both exams validate your knowledge, skills, and abilities throughout the entire network design lifecycle.
Both exams are closed book and no outside reference materials are allowed.
Your knowledge, skills, and abilities of recommending, building, validating, optimizing, and adapting technologies/solutions in the context of complex high-level network designs will be tested throughout the exam:
• Recommend technologies or solutions that align with the stated requirements.
• Justify why a given decision was made.
• Make design choices and fully design solutions that complies with the stated requirements.
• Validate existing designs to ensure they are compliant with all requirements, as well as suggesting design changes to accommodate for changed specifications or requirements in the network.
• Perform optimizations of existing network designs to fix issues or mitigate risks.
• Build high-level implementation plans/steps.
• Recommend, build, or justify strategies.

Both the Written and Practical exams are designed with dual stack in mind, so both IPv4 and IPv6 should be expected across every exam topic and technology.
For more information about the exam format and the technologies covered within your exam, please refer to:
• CCDE v3.0 Written and Practical Exam Format
• Core – technology list
• Workforce Mobility – technology list
• On-Prem and Cloud Services – technology list
• Large Scale Networks – technology list

15% 1.0 Business Strategy Design
1.1 Impact on network design, implementation, and optimization using various customer project management methodologies (for instance waterfall and agile)
1.2 Solutions based on business continuity and operational sustainability (for instance RPO, ROI, CAPEX/OPEX cost analysis, and risk/reward)

25% 2.0 Control, data, management plane and operational design
2.1 End-to-end IP traffic flow in a feature-rich network
2.2 Data, control, and management plane technologies
2.3 Centralized, decentralized, or hybrid control plane
2.4 Automation/orchestration design, integration, and on-going support for networks (for instance interfacing with APIs, model-driven management, controller-based technologies, evolution to CI/CD framework)
2.5 Software-defined architecture and controller-based solution design (SD-WAN, overlay, underlay, and fabric)

30% 3.0 Network Design
3.1 Resilient, scalable, and secure modular networks, covering both traditional and software defined architectures, considering:
3.1.a Technical constraints and requirements
3.1.b Operational constraints and requirements
3.1.c Application behavior and needs
3.1.d Business requirements
3.1.e Implementation plans
3.1.f Migration and transformation

15% 4.0 Service Design
4.1 Resilient, scalable, and secure modular network design based on constraints (for instance technical, operational, application, and business constraints) to support applications on the IP network (for instance voice, video, backups, data center replication, IoT, and storage)
4.2 Cloud/hybrid solutions based on business-critical operations
4.2.a Regulatory compliance
4.2.b Data governance (for instance sovereignty, ownership, and locale)
4.2.c Service placement
4.2.d SaaS, PaaS, and IaaS
4.2.e Cloud connectivity (for instance direct connect, cloud on ramp, MPLS direct connect, and WAN integration)
4.2.f Security

15% 5.0 Security Design
5.1 Network security design and integration
5.1.a Segmentation
5.1.b Network access control
5.1.c Visibility
5.1.d Policy enforcement
5.1.e CIA triad
5.1.f Regulatory compliance (if provided the regulation)

 

QUESTION 1
Refer to the exhibit.
The enterprise customer wants to stream one-way video from their head office to eight branch offices using multicast. Their current service provider provides a Layer3 VPN solution and manages the CE routers, but they do not currently support multicast. Which solution quickly allows this multicast traffic to go through while allowing for future scalability?

A. Enable a GRE tunnel between nodes CE1 and CE2
B. Enable a GRE tunnel between nodes C2 and C4
C. Enable a GRE tunnel between nodes C1 and C4
D. Implement hub and spoke MPLS VPN over DMVPN (also known as 2547o DMVPN) between CE1 and CE2
E. The service provider must provide a Draft Rosen solution to enable a GRE tunnel between nodes PE1 and PE2

Answer: B

QUESTION 2
An enterprise network has two core routers that connect to 200 distribution routers and uses fullmesh IBGP peering between these routers as its routing method. The distribution routers are experiencing high CPU utilization due to the BGP process. Which design solution is the most cost effective?

A. Implement route reflectors on the two core routers
B. Increase the memory on the core routers
C. Implement e BGP between the core and distribution routers
D. Increase the memory on the distribution routers
E. Increase bandwidth between the core routers

Answer: A

QUESTION 3
You want to mitigate failures that are caused by STP loops that occur before UDLD detects the failure or that are caused by a device that is no longer sending BPDUs. Which mechanism do you use along with UDLD?

A. Root guard
B. BPDU guard
C. Loop guard
D. BPDU filtering

Answer: C

QUESTION 4
A multicast network is sing Bidirectional PIM. Which two combined actions achieve high availability so that two RPs within the same network can act in a redundant manner? (Choose two)

A. Use two phantom RP addresses
B. Manipulate the administration distance of the unicast routes to the two RPs
C. Manipulate the multicast routing table by creating static mroutes to the two RPs
D. Advertise the two RP addresses in the routing protocol
E. Use anycast RP based on MSDP peering between the two RPs
F. Control routing to the two RPs through a longest match prefix

Answer: A, F

QUESTION 5
Which purpose of a dynamically created tunnel interface on the design of IPv6 multicast services Is true?

A. first-hop router registration to the RP
B. multicast client registration to the RP
C. multicast source registration to the RP
D. transport of all IPv6 multicast traffic

Answer: D

300-635 Automating Cisco Data Center Solutions (DCAUTO) Exam Dumps pdf

300-635 Automating and Programming Cisco Data Center Solutions
Duration: 90 minutes
Languages: English

Associated certifications
CCNP Data Center
Cisco Certified DevNet Professional
Cisco Certified DevNet Specialist – Data Center Automation and Programmability

Exam overview
This exam tests your knowledge of implementing data center automated solutions, including:

Programming concepts
Orchestration
Automation tools

Automating Cisco Data Center Solutions v1.1 (300-635)
Exam Description: Automating Cisco Data Center Solutions v1.1 (DCAUTO 300-635) is a 90-minute exam associated with the CCNP Data Center Certification and DevNet Professional Certification. This exam certifies a candidate’s knowledge of implementing Data Center automated solutions, including programming concepts, orchestration and automation tools.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

10% 1.0 Network Programmability Foundation
1.1 Utilize common version control operations with git: add, clone, push, commit, diff, branching, merging conflict
1.2 Describe characteristics of API styles (REST and RPC)
1.3 Describe the challenges encountered and patterns used when consuming APIs synchronously and asynchronously
1.4 Interpret Python scripts containing data types, functions, classes, conditions, and looping
1.5 Describe the benefits of Python virtual environments
1.6 Explain the benefits of using network configuration tools such as Ansible and Terraform for automating data center platforms

30% 2.0 Controller Based Data Center Networking
2.1 Describe the following:
2.1.a ACI target policy
2.1.b ACI application hosting capabilities
2.1.c Implementation of an ACI application from the Cisco ACI Apps Center
2.2 Leverage the API inspector to explore the REST API calls made by the ACI GUI
2.3 Construct a Python script to create an application policy using the ACI REST API
2.4 Construct a Python script to create an application policy using the ACI Cobra SDK
2.5 Construct an Ansible playbook to create an application policy
2.6 Describe the benefits of integrating Kubernetes infrastructure using the ACI CNI plugin
2.7 Construct a Terraform plan to use an ACI or Nexus Dashboard Fabric Controller

Examkingdom Cisco 300-635 Exam pdf,

MCTS Training, MCITP Trainnig

Best Cisco 300-635 Free downloads , Cisco 300-635 Dumps at Certkingdom.com

30% 3.0 Data Center Device-centric Networking
3.1 Describe Day 0 provisioning with NX-OS
3.1.a Cisco POAP
3.1.b NX-OS iPXE

3.2 Implement On-Box Programmability and Automation with NX-OS
3.2.a Bash
3.2.b Linux containers (LXC and Docker using provided container
3.2.c NX-OS guest shell
3.2.d Embedded Event Manager (EEM)
3.2.e On-box Python Scripting

3.3 Compare model-driven telemetry such as YANG Push and gRPC to traditional network monitoring strategies such as SMNP, Netflow, and SYSLOG

3.4 Construct Python script that consumes model-driven telemetry data with NX-OS

3.5 Implement Off-Box Programmability and Automation with NX-OS
3.5.a Nexus NX-API (NX-API REST and NX-API CLI)
3.5.b Nexus NETCONF using native and OpenConfig
3.5.c Network configuration tools with NX-OS (Ansible)

30% 4.0 Data Center Compute
4.1 Configure Cisco UCS with developer tools
4.1.a UCS PowerTool
4.1.b UCS Python SDK
4.1.c Ansible

4.2 Describe the capabilities of the Nexus Dashboard Fabric Controller API
4.3 Identify the steps in the Cisco Intersight API authentication method
4.4 Construct a Cisco Intersight API call given documentation to accomplish tasks such as manage server policies, service profiles, and firmware updates
4.5 Interpret a Terraform plan to use the Cisco Intersight provider

QUESTION 1
Which two benefits of using network configuration tools such as Ansible and Puppet to automate data center platforms are valid? (Choose two )

A. consistency of systems configuration
B. automation of repetitive tasks
C. ability to create device and interface groups
D. ability to add VLANs and routes per device
E. removal of network protocols such as Spanning Tree

Answer: AB

QUESTION 2
Refer to the exhibit, Where and how often does the subscription stream data for Ethernet port 1?

A. to four different destinations every 10000 microseconds
B. to four different destinations every 100 milliseconds
C. to four different destinations every 10 seconds
D. to four different destinations every 10000 seconds

Answer: C

QUESTION 3
Refer to the exhibit
Which action does the execution of this ACI Cobra Python code perform?

A. It prints all LLDP neighbor MAC and IP addresses
B. It prints all Cisco Discovery Protocol neighbor MAC and IP addresses
C. It prints all endpoint MAC and IP addresses
D. It prints all APIC MAC and IP addresses

Answer: C