Category Archives: Cisco

600-660 Implementing Cisco Application Centric Infrastructure – Advanced (300-630 DCACIA)

Exam overview
This exam tests a candidate’s advanced knowledge and skills of Cisco switches in ACI mode including configuration, implementation, management, and troubleshooting.

Our authorized Learning Partners teach instructor-led classes around the world. For this exam, we recommend:

Implementing Cisco Application Centric Infrastructure – Advanced (DCACIA) – coming soon

Exam Description
Implementing Cisco Application Centric Infrastructure – Advanced v1.0 (DCACIA 300-630) is a 90-minute exam associated with the Cisco Certified Specialist – ACI Advanced Implementation certification. This exam tests a candidate’s advanced knowledge and skills of Cisco switches in ACI mode including configuration, implementation, management, and troubleshooting. The course, Implementing Cisco Application Centric Infrastructure – Advanced (DCACIA), helps candidates prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.


1.0 ACI Packet Forwarding 20%
1.1 Describe packet forwarding between leafs (VxLAN)
1.2 Implement server NIC teaming with ACI
1.3 Implement endpoint learning optimizations (local/remote endpoint, limit IP subnet, enforce subnet check, IP dataplane leaning option in VRF, loop detection, and rogue EP)

2.0 Advanced ACI Policies and Integrations 25%
2.1 Implement Layer 3 out transit routing
2.2 Utilize common tenant
2.3 Implement VRF route leaking
2.4 Implement Layer 3 out VRF route leaking
2.5 Implement contracts (pcTag, global pcTab, contract priorities, taboo, and deny filter)
2.6 Implement Layer 4 through Layer 7 PBR (including use cases)

3.0 Multipod 20%
3.1 Implement IPN
3.2 Describe packet flow between pods
3.3 Describe firewall and load balancer design with multipod
3.4 Implement service graph with multipod

4.0 Multisite 20%
4.1 Implement Multi-Site Orchestrator
4.2 Implement ISN
4.3 Describe stretched component options
4.4 Describe communication across sites

5.0 Traditional network with ACI 15%
5.1 Describe network-centric and application-centric designs
5.2 Describe STP BPDU handling in ACI (FD-VNID and VLAN pool consideration)
5.3 Describe migration considerations

QUESTION 1
Which approach does Cisco ACI use to achieve multidestination packet forwarding between leaf switches in the same fabric?

A. Map VXLAN VTEP to the multicast group
B. Map VXLAN to PIM-SM protocol
C. Map VXLAN VNI to the multicast group
D. Map VXLAN to PIM-DM protocol

Answer: C

QUESTION 2
What does the VXLAN source port add to the overlay packet forwarding when it uses the hash of Layer 2, Layer 3, and Layer 4 headers of the inner packet?

A. ECMP
B. TCP optimization
C. disabled fragmentation
D. jumbo frames

Answer: A

QUESTION 3
Which two actions are the Cisco best practices to configure NIC teaming load balancing for Cisco UCS B-Series blades
that are connected to the Cisco ACI leaf switches? (Choose two.)

A. Create vPC+
B. Enable LACP active mode
C. Create PAgP
D. Create vPC
E. Enable MAC pinning

Answer: B,E

QUESTION 4
An engineer must limit local and remote endpoint learning to the bridge domain subnet. Which action should be taken inside the Cisco APIC?

A. Disable Remote EP Learn
B. Enable Enforce Subnet Check
C. Disable Endpoint Dataplane Learning
D. Enable Limit IP Learning to Subnet

Answer: B

QUESTION 5
What is the purpose of the Forwarding Tag (FTAG) in Cisco ACI?

A. FTAG is used in Cisco ACI to add a label to the iVXLAN traffic in the fabric to apply the correct policy.
B. FTAG is used in Cisco ACI to add a label to the VXLAN traffic in the fabric to apply the correct policy.
C. FTAG trees in Cisco ACI are used to load balance unicast traffic.
D. FTAG trees in Cisco ACI are used to load balance mutli-destination traffic.

Answer: D

Actualkey Cisco 600-660 exam pdf, Certkingdom Cisco 600-660 PDF

MCTS Training, MCITP Trainnig

Best Cisco 600-660 Certification, Cisco 600-660 Training at certkingdom.com

300-901 Developing Applications using Cisco Core Platforms and APIs (DEVCOR 300-901)

Developing Applications Using Cisco Core Platforms and APIs (DEVCOR 300-901)

Exam Description
Developing Applications using Cisco Core Platforms and APIs v1.0 (DEVCOR 300-901) is a 120-minute exam associated with the DevNet Professional Certification. This exam tests a candidate’s knowledge of software development and design including using APIs, Cisco platforms, application deployment and security, and infrastructure and automation. The course, Developing Applications using Cisco Core Platforms and APIs helps candidates to prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Software Development and Design 20%
1.1 Describe distributed applications related to the concepts of front-end, back-end, and load balancing
1.2 Evaluate an application design considering scalability and modularity
1.3 Evaluate an application design considering high-availability and resiliency (including on-premises, hybrid, and cloud)
1.4 Evaluate an application design considering latency and rate limiting
1.5 Evaluate an application design and implementation considering maintainability
1.6 Evaluate an application design and implementation considering observability
1.7 Diagnose problems with an application given logs related to an event
1.8 Evaluate choice of database types with respect to application requirements (such as relational, document, graph, columnar, and Time Series)
1.9 Explain architectural patterns (monolithic, services oriented, microservices, and event driven)
1.10 Utilize advanced version control operations with Git
1.10.a Merge a branch
1.10.b Resolve conflicts
1.10.c git reset
1.10.d git checkout
1.10.e git revert
1.11 Explain the concepts of release packaging and dependency management
1.12 Construct a sequence diagram that includes API calls

2.0 Using APIs 20%
2.1 Implement robust REST API error handling for time outs and rate limits
2.2 Implement control flow of consumer code for unrecoverable REST API errors
2.3 Identify ways to optimize API usage through https: cache controls
2.4 Construct an application that consumes a REST API that supports pagination
2.5 Describe the steps in the OAuth2 three-legged authorization code grant flow

3.0 Cisco Platforms 20%
3.1 Construct API requests to implement chatops with Webex Teams API
3.2 Construct API requests to create and delete objects using Firepower device management (FDM)
3.3 Construct API requests using the Meraki platform to accomplish these tasks
3.3.a Use Meraki Dashboard APIs to enable an SSID
3.3.b Use Meraki location APIs to retrieve location data
3.4 Construct API calls to retrieve data from Intersight
3.5 Construct a Python script using the UCS APIs to provision a new UCS server given a template
3.6 Construct a Python script using the Cisco DNA center APIs to retrieve and display wireless health information
3.7 Describe the capabilities of AppDynamics when instrumenting an application
3.8 Describe steps to build a custom dashboard to present data collected from Cisco APIs

4.0 Application Deployment and Security 20%
4.1 Diagnose a CI/CD pipeline failure (such as missing dependency, incompatible versions of components, and failed tests)
4.2 Integrate an application into a prebuilt CD environment leveraging Docker and Kubernetes
4.3 Describe the benefits of continuous testing and static code analysis in a CI pipeline
4.4 Utilize Docker to containerize an application
4.5 Describe the tenets of the “12-factor app”
4.6 Describe an effective logging strategy for an application
4.7 Explain data privacy concerns related to storage and transmission of data
4.8 Identify the secret storage approach relevant to a given scenario
4.9 Configure application specific SSL certificates
4.10 Implement mitigation strategies for OWASP threats (such as XSS, CSRF, and SQL injection)
4.11 Describe how end-to-end encryption principles apply to APIs

5.0 Infrastructure and Automation 20%
5.1 Explain considerations of model-driven telemetry (including data consumption and data storage)
5.2 Utilize RESTCONF to configure a network device including interfaces, static routes, and VLANs (IOS XE only)
5.3 Construct a workflow to configure network parameters with:
5.3.a Ansible playbook
5.3.b Puppet manifest
5.4 Identify a configuration management solution to achieve technical and business requirements
5.5 Describe how to host an application on a network device (including Catalyst 9000 and Cisco IOx-enabled devices)

Click here to view complete Q&A of 300-901 exam
Certkingdom Review
, Certkingdom PDF Torrents

MCTS Training, MCITP Trainnig

Best Cisco 300-901 Certification, Cisco 300-901 Training at certkingdom.com

300-835 Automating and Programming Cisco Collaboration Solutions (CLAUTO 300-835)

300-835 Automating and Programming Cisco Collaboration Solutions (CLAUTO 300-835)

Exam Description
Automating and Programming Cisco Collaboration Solutions v1.0 (CLAUTO 300-835) is a 90-minute exam associated with the CCNP Collaboration Certification and DevNet Professional Certification. This exam tests a candidate’s knowledge of implementing applications that automate and extend Cisco Collaboration platforms, including programming concepts, APIs and automation protocols, and Python programming. The course, Implementing Cisco Collaboration Automation Solutions, helps candidates to prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Network Programmability Foundation  10%
1.1 Utilize common version control operations with git (add, clone, push, commit, diff, branching, and merging conflict
1.2 Describe characteristics of API styles (REST, RPC, and SOAP)
1.3 Describe the challenges encountered and patterns used when consuming APIs synchronously and asynchronously
1.4 Interpret Python scripts containing data types, functions, classes, conditions, and looping
1.5 Describe the benefits of Python virtual environments
1.6 Identify the roles of load balancer, firewall, DNS, and reverse proxy in collaboration application deployment

2.0 Unified Communication 25%
2.1 Construct API calls to automate CUCM user/phone moves, adds, changes, and using the AXL SOAP API
2.2 Construct API calls to automate dialplan and cluster config using the AXL API
2.3 Describe the capabilities and use of the CUCM CTI APIs TAPI/JTAPI
2.4 Describe the capabilities and use of the CUCM Serviceability Perfmon API and CDR interface
2.5 Describe the capabilities and use of the IP Phone Services API
2.6 Describe the capabilities of Finesse REST APIs and Gadgets

3.0 Cloud Collaboration 25%
3.1 Describe Webex Teams REST API capabilities, use, application architectures, authentication mechanisms, and token types
3.2 Implement administrative operations on Webex Teams organizations, users, licenses, and compliance events using the Webex Teams REST API
3.3 Construct a Python script to automate creation of Webex Teams spaces and memberships
3.4 Construct a Python script to implement notification
3.5 Construct API calls to implement interactive bots
3.6 Describe the application components involved in conversational bots (Botkit components and ecosystem)
3.7 Create a HTML web application embedding Webex Teams and messaging, audio / video using Webex Teams Widgets
3.8 Describe the capabilities and use for the various Webex Teams SDKs

4.0 Collaboration Endpoints 20%
4.1 Construct API calls to automate Cisco collaboration room devices using the xAPI SSH interface and xAPI https: API (configuration, customization and branding, and making a call)
4.2 Construct a script to monitor Cisco collaboration room device events using the xAPI Python SDK
4.3 Describe the capabilities, use, creation, and deployment of custom controls for Cisco collaboration room devices using the In-Room Controls Editor
4.4 Describe the capabilities, use, creation, and deployment of Cisco collaboration room device JavaScript Macros using the Macro Editor

5.0 Meetings 20%
5.1 Describe Webex Meetings API capabilities and use to manage users, meetings, events, and trainings
5.2 Describe Webex Meeting API authentication mechanisms
5.3 Construct API calls to implement users and meetings management for Webex Meetings
5.4 Construct API calls to configure Cisco Meeting Server using the REST API

Click here to view complete Q&A of 300-835 exam
Certkingdom Review
, Certkingdom PDF Torrents

MCTS Training, MCITP Trainnig

Best Cisco 300-835 Certification, Cisco 300-835 Training at certkingdom.com

300-535 Automating Cisco Service Provider Solutions (300-535 SPAUTO)

Exam Description
Automating and Programming Cisco Service Provider Solutions v1.0 (SPAUTO 300-535) is a 90-minute exam associated with the CCNP Service Provider Certification and DevNet Professional Certification. This exam tests a candidate’s knowledge of implementing service provider automated solutions, including programming concepts, orchestration, programming OS, and automation tools. The course, Implementing Cisco Service Provider Automation Solutions, helps candidates to prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Network Programmability Foundation 10%
1.1 Utilize common version control operations with git (add, clone, push, commit, diff, branching, and merging conflict)
1.2 Describe characteristics of API styles (REST and RPC)
1.3 Describe the challenges encountered and patterns used when consuming APIs synchronously and asynchronously
1.4 Interpret Python scripts containing data types, functions, classes, conditions, and looping
1.5 Describe the benefits of Python virtual environments
1.6 Explain the benefits of using network configuration tools such as Ansible and Puppet for automating IOS XE or IOS XR platforms

2.0 Automation APIs and Protocols 30%
2.1 Describe the characteristics and use of YANG Data Models (OpenConfig, IETF, and Vendor)
2.2 Describe common https: authentication mechanisms (basic, token, and oauth)
2.3 Compare common data types (JSON, XML, YAML, plain text, gRPC, and protobuf)
2.4 Identify the JSON instance based on a YANG model
2.5 Identify the XML instance based on a YANG model
2.6 Interpret a YANG module tree generated by pyang
2.7 Implement configuration and operation management using RESTCONF protocol
2.8 Implement configuration and operation management using NETCONF protocol
2.9 Compare the NETCONF datastores

3.0 Network Device Programmability 30%
3.1 Deploy device configuration and validate operational state using ncclient
3.2 Construct a Python script using NETCONF with YDK
3.3 Deploy device configuration and validate operational state using NetMiko
3.4 Deploy device configuration and validate operational state using Ansible playbooks
3.5 Compare gNMI with NETCONF
3.6 Construct a Python script using RESTCONF with JSON
3.7 Construct Xpath notation for a given node or instance of a node
3.8 Diagnose model-driven dial-in/-out telemetry streams with gRPC for a Cisco IOS XR

4.0 Automation and Orchestration Platforms 30%
4.1 Describe ETSI NFV
4.2 Describe NSO architecture
4.3 Identify the benefits of NSO
4.4 Construct a Python script to configure a device using NSO RESTCONF API
4.5 Describe the management and automation of Cisco ESC components
4.6 Implement XR traffic controller (including topology information transfer to XTC)
4.7 Identify the uses of Cisco WAE
4.8 Construct a service template using NSO
4.9 Deploy a service package using NSO

Click here to view complete Q&A of 300-535 exam
Certkingdom Review
, Certkingdom PDF Torrents

MCTS Training, MCITP Trainnig

Best Cisco 300-535 Certification, Cisco 300-535 Training at certkingdom.com

300-910 Implementing DevOps Solutions and Practices using Cisco Platforms (DEVOPS 300-910)

300-910 Implementing DevOps Solutions and Practices using Cisco Platforms (DEVOPS 300-910)

Exam Description
Implementing DevOps Solutions and Practices using Cisco Platforms v1.0 (DEVOPS 300-910) is a 90-minute exam associated with the DevNet Professional Certification. This exam tests a candidate’s knowledge of DevOps practices as it pertains to deployment automation that enables automated configuration, management, and scalability of cloud microservices and infrastructure processes on Cisco platforms. The course, Implementing DevOps Solutions and Practices using Cisco Platforms, helps candidates to prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 CI/CD Pipeline 20%
1.1 Describe characteristics and concepts of build /deploy tools such as Jenkins, Drone, or Travis CI
1.2 Identify the sequence, components, and integrations to implement a CI/CD pipeline for a given scenario
1.3 Troubleshoot issues with a CI/CD pipeline such as code-based failures, pipeline issues, and tool incompatibility
1.4 Identify tests to integrate into a CI/CD pipeline for a given scenario
1.5 Identify release deployment strategy (canary, rollbacks, and blue/green) for a given scenario
1.6 Diagnose code dependency management issues including API, tool chain, and libraries

2.0 Packaging and Delivery of Applications 15%
2.1 Identify the steps to containerize an application
2.2 Identify steps to deploy multiple microservice applications
2.3 Evaluate microservices and container architecture diagrams based on technical and business requirements (security, performance, stability, and cost)
2.4 Identify safe handling practices for configuration items, application parameters, and secrets
2.5 Construct a Docker file to address application specifications
2.6 Describe the usage of golden images to deploy applications

3.0 Automating Infrastructure 20%
3.1 Describe how to integrate DevOps practices into an existing organization structure
3.2 Describe the use of configuration management tools to automate infrastructure services such as Ansible, Puppet, Terraform, and Chef
3.3 Construct an Ansible playbook to automate an application deployment of infrastructure services
3.4 Construct a Terraform configuration to automate an application deployment of infrastructure services
3.5 Describe the practice and benefits of Infrastructure as Code
3.6 Design a pre-check validation of the network state in a CI/CD pipeline for a given scenario
3.7 Design a pre-check validation of the application infrastructure in a CI/CD pipeline for a given scenario
3.8 Describe the concepts of extending DevOps practices to the network for NetDevOps
3.9 Identify the requirements such as memory, disk I/O, network, and CPU needed to scale the application or service

4.0 Cloud and Multicloud 15%
4.1 Describe the concepts and objects of Kubernetes
4.2 Deploy applications to a Kubernetes cluster
4.3 Utilize objects of Kubernetes to build a deployment to meet requirements
4.4 Interpret the pipeline for continuous delivery of a Drone configuration file
4.5 Validate the success of an application deployment on Kubernetes
4.6 Describe method and considerations to deploy an application to multiple environments such as multiple cloud providers, high availability configurations, disaster recovery configurations, and testing cloud portability
4.7 Describe the process of tracking and projecting costs when consuming public cloud
4.8 Describe benefits of infrastructure as code for repeatable public cloud consumption
4.9 Compare cloud services strategies (build versus buy)

5.0 Logging, Monitoring, and Metrics 20%
5.1 Identify the elements of log and metric systems to facilitate application troubleshooting such as performance issues and streaming telemetry logs
5.2 Implement a log collection and reporting system for applications
5.2.a aggregate logs from multiple related applications
5.2.b search capabilities
5.2.c reporting capabilities
5.3 Troubleshoot a distributed application using AppDyanmics with Application Performance Monitoring
5.4 Describe the principles of chaos engineering
5.5 Construct Python scripts that use APIs to accomplish these tasks
5.5.a build a monitoring dashboard
5.5.b notify Webex Teams space
5.5.c responding to alerts and outages
5.5.d creating notifications
5.5.e health check monitoring
5.5.f opening and closing incidents
5.6 Identify additional application requirements to provide visibility into application health and performance
5.7 Describe Kubernetes capabilities related to logging, monitoring, and metrics
5.8 Describe the integration of logging, monitoring and alerting in a CI/CD pipeline design

6.0 Security 10%
6.1 Identify methods to secure an application and infrastructure during production and testing in a CI/CD pipeline
6.2 Identify methods to implement a secure software development life cycle

Click here to view complete Q&A of 300-910 exam
Certkingdom Review
, Certkingdom PDF Torrents

MCTS Training, MCITP Trainnig

Best Cisco 300-910 Certification, Cisco 300-910 Training at certkingdom.com

300-920 DEVWBX Developing Applications for Cisco Webex and Webex Devices

Exam overview
This exam tests a candidate’s Webex development knowledge as it pertains to Webex API foundations, Webex Meetings, WebEx Devices, messaging, embedding Webex, and administration and compliance.

Exam Description
Developing Applications for Cisco Webex and Webex Devices v1.0 (DEVWBX 300-920) is a 90-minute exam associated with the DevNet Professional Certification. This exam tests a candidate’s Webex development knowledge as it pertains to Webex API foundations, Webex Meetings, WebEx Devices, messaging, embedding Webex, and administration and compliance. The course, Developing Applications for Cisco Webex and Webex Devices, helps candidates to prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Webex API Foundation 15%
1.1 Describe the process to get access to Webex APIs for a given scenario (including getting the necessary users roles from a Webex administrator)
1.2 Identify the authentication methods for Webex Teams, devices, and meetings
1.3 Troubleshoot error codes for REST API responses (including rate limiting, access, and authentication)
1.4 Interpret a REST API response that includes pagination and filtering
1.5 Construct a JavaScript request using promises with a Webex JavaScript SDK
1.6 Describe the OAuth token management lifecycle

2.0 Meetings 20%
2.1 Describe the capabilities of the Webex Meeting APIs
2.2 Construct the JavaScript to schedule a meeting
2.3 Construct https: requests with the XML API to manage users
2.4 Construct the JavaScript to list and download a recording of a meeting

3.0 Devices 20%
3.1 Compare the capabilities and use of xAPI over SSH, REST APIs, and WebSockets
3.2 Describe the mechanisms to send and receive data
3.3 Construct a script using ‘jsxapi’ to address a scenario
3.4 Troubleshoot macros
3.5 Construct a custom user interaction (including in-room controls)

4.0 Messaging 20%
4.1 Construct REST API requests using JSON and https: for a given scenario (managing spaces, teams, and memberships)
4.2 Construct a JavaScript application to send a message and to retrieve the content of an incoming message
4.3 Construct a JavaScript application that uses cards
4.4 Diagnose the process of managing Webhooks including resource and event filters
4.5 Describe the limitations and capabilities of bots
4.6 Identify whether to use a bot or an Integration in a given scenario

5.0 Embedding Webex 15%
5.1 Construct a HTML page embedding a Widget using an Integration or guest issuer
5.2 Construct the JavaScript to call and screen share with the browser SDK
5.3 Construct the JavaScript to call and send messages with the browser SDK and guest issuer
5.4 Describe the mechanisms to receive incoming call notifications for IOS and Android SDKs

6.0 Administration and Compliance 10%
6.1 Construct the JavaScript to administer a Webex organization
6.1.a User and licenses
6.1.b Devices
6.2 Construct JavaScript to collect compliance data
6.3 Identify the requirements, steps, and permissions needed to take a compliance action on a message or space
6.4 Construct the JavaScript to send requests to multiple devices for a given scenario

 

Click here to view complete Q&A of 300-920 exam
Certkingdom Review
, Certkingdom PDF Torrents

MCTS Training, MCITP Trainnig

Best Cisco 300-920 Certification, Cisco 300-920 Training at certkingdom.com

300-170 DCVAI Implementing Cisco Data Center Virtualization and Automation

Exam Number 300-170 DCVAI
Associated Certifications CCNP Data Center
Duration 90 minutes (60-70 questions)
Available Languages English

This exam tests a candidate’s knowledge of implementing data center infrastructure including virtualization, automation, Cisco Application Centric Infrastructure (ACI), ACI network resources, and, ACI management and monitoring.

Exam Description
The Implementing Cisco Data Center Virtualization and Automation (DCVAI) exam (300-170) is a 90-minute, 60–70 question assessment. This exam is one of the exams associated with the CCNP Data Center Certification. This exam tests a candidate’s knowledge of implementing Cisco data center infrastructure including virtualization, automation, Application Centric Infrastructure, Application Centric Infrastructure network resources, and Application Centric Infrastructure management and monitoring. The course, Implementing Cisco Data Center Virtualization and Automation v6 (DCVAI), helps candidates to prepare for this exam because the content is aligned with the exam topics.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Implement Infrastructure Virtualization 19%

1.1 Implement logical device separation

1.1.a VDC
1.1.b VRF

1.2 Implement virtual switching technologies

2.0 Implement Infrastructure Automation 16%

2.1 Implement configuration profiles

2.1.a Auto-config
2.1.b Port profiles
2.1.c Configuration synchronization

2.2 Implement POAP

2.3 Compare and contrast different scripting tools

2.3.a EEM
2.3.b Scheduler
2.3.c SDK

3.0 Implementing Application Centric Infrastructure 27%

3.1 Configure fabric discovery parameters

3.2 Implement access policies

3.2.a Policy groups
3.2.b Protocol policies
3.2.b [i[ LLDP, CDP, LCAP, and link-level
3.2.c AEP
3.2.d Domains
3.2.e Pools
3.2.f Profiles
3.2.f [i] Switch
3.2.f [ii] Interface

3.3 Implement VMM domain integrations

3.4 Implement tenant-based policies

3.4.a EPGs
3.4.a [i] Pathing
3.4.a [ii] Domains
3.4.b Contracts
3.4.b [i] Consumer
3.4.b [ii] Providers
3.4.b [iii] vzAny (TCAM conservation)
3.4.b [iv] Inter-tenant
3.4.c Private networks
3.4.c [i] Enforced/unenforced
3.4.d Bridge domains
3.4.d [i] Unknown unicast settings
3.4.d [ii] ARP settings
3.4.d [iii] Unicast routing

4.0 Implementing Application Centric Infrastructure Network Resources 25%

4.1 Implement external network integration

4.1.a External bridge network
4.1.b External routed network

4.2 Implement packet flow

4.2.a Unicast
4.2.b Multicast
4.2.c Broadcast
4.2.d Endpoint database

4.3 Describe service insertion and redirection

4.3.a Device packages
4.3.b Service graphs
4.3.c Function profiles

5.0 Implementing Application Centric Infrastructure Management and Monitoring 13%

5.1 Implement management

5.1.a In-band management
5.1.b Out-of-band management

5.2 Implement monitoring

5.2.a SNMP
5.2.b Atomic counters
5.2.c Health score evaluations

5.3 Implement security domains and role mapping

5.3.a AAA
5.3.b RBAC

5.4 Compare and contrast different scripting tools

5.4.a SDK
5.4.b API Inspector / XML

QUESTION 1
You have a Cisco Nexus 1000V Series Switch. When must you use the system VLAN?

A. to use VMware vMotion
B. to perform an ESXi iSCSI boot
C. to perform a VM iSCSI boot
D. to perform an ESXi NFS boot

Answer: A


QUESTION 2
Which option must be defined to apply a configuration across a potentially large number of switches in the most scalable way?

A. a configuration policy
B. a group policy
C. an interface policy
D. a switch profile

Answer: C


QUESTION 3
Which two options are benefits of using the configuration synchronization feature? (Choose two )

A. Supports the feature command
B. Supports existing session and port profile functionality
C. can be used by any Cisco Nexus switch
D. merges configurations when connectivity is established between peers O supports FCoE in vPC topologies

Answer: A,C

Click here to view complete Q&A of 300-170 exam
Certkingdom Review
, Certkingdom pdf torrent

MCTS Training, MCITP Trainnig

Best Cisco 300-170 Certification, Cisco 300-170 Training at certkingdom.com

300-175 DCUCI Implementing Cisco Data Center Unified Computing

Exam Number 300-175 DCUCI
Associated Certifications CCNP Data Center
Duration 90 minutes (60-70 questions)
Available Languages English
Register Pearson VUE

This exam tests a candidate’s knowledge of implementing data center technologies including unified computing, unified computing maintenance and operations, automation, unified computing security, and unified computing storage.

Exam Description
The Implementing Cisco Data Center Unified Computing (DCUCI) exam (300-175) is a 90-minute, 60–70 question assessment. This exam is one of the exams associated with the CCNP Datacenter Certification. This exam tests a candidate’s knowledge of implementing Cisco data center technologies including unified computing, unified computing maintenance and operations, automation, unified computing security, and unified computing storage. The course, Implementing Cisco Data Center Unified Computing v6 (DCUCI), helps candidates to prepare for this exam because the content is aligned with the exam topics.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Implement Cisco Unified Computing 28%

1.1 Install Cisco Unified Computing platforms
1.1.a Stand-alone computing
1.1.b Chassis / blade
1.1.c Modular / server cartridges
1.1.d Server integration

1.2 Implement server abstraction technologies
1.2.a Service profiles
1.2.a [i] Pools
1.2.a [ii] Policies
1.2.a [ii].1 Connectivity
1.2.a [ii].2 Placement policy
1.2.a [ii].3 Remote boot policies
1.2.a [iii] Templates
1.2.a [iii].1 Policy hierarchy
1.2.a [iii].2 Initial vs updating

2.0 Unified Computing Maintenance and Operations 20%

2.1 Implement firmware upgrades, packages, and interoperability

2.2 Implement backup operations

2.3 Implement monitoring

2.3.a Logging
2.3.b SNMP
2.3.c Call Home
2.3.d NetFlow
2.3.e Monitoring session

3.0 Automation 12%

3.1 Implement integration of centralized management

3.2 Compare and contrast different scripting tools

3.2.a SDK
3.2.b XML

4.0 Unified Computing Security 13%

4.1 Implement AAA and RBAC

4.2 Implement key management

5.0 Unified Computing Storage 27%

5.1 Implement iSCSI

5.1.a Multipath
5.1.b Addressing schemes

5.2 Implement Fibre Channel port channels

5.3 Implement Fibre Channel protocol services

5.3.a Zoning
5.3.b Device alias
5.3.c VSAN

5.4 Implement FCoE

5.4.a FIP
5.4.b FCoE topologies
5.4.c DCB

5.5 Implement boot from SAN

5.5.a FCoE / Fiber Channel
5.5.b iSCSI

QUESTION 3 – (Topic 1)
Which two statements are true concerning authorization when using RBAC in a Cisco Unified Computing System? (Choose two.)

A. A locale without any organizations, allows unrestricted access to system resources in all organizations.
B. When a user has both local and remote accounts, the roles defined in the remote user account override those in the local user account.
C. A role contains a set of privileges which define the operations that a user is allowed to take.
D. Customized roles can be configured on and downloaded from remote AAA servers.
E. The logical resources, pools and policies, are grouped into roles.

Answer: C,E

QUESTION 4 – (Topic 1)
Which actions must be taken in order to connect a NetApp FCoE storage system to a Cisco UCS system?

A. Ensure that the Fibre Channel switching mode is set to Switching, and use the Fibre Channel ports on the Fabric Interconnects.
B. Ensure that the Fibre Channel switching mode is set to Switching, and reconfigure the port to a FCoE Storage port.
C. Ensure that the Fibre Channel switching mode is set to End-Host, and use the Ethernet ports on the Fabric interconnects.
D. Ensure that the Fibre Channel switching mode is set to Switching, and use the Ethernet ports on the Fabric Interconnects.

Answer: A

QUESTION 5 – (Topic 1)
Which two protocols are accepted by the Cisco UCS Manager XML API? (Choose two.)

A. SMASH
B. HTTPS
C. https:
D. XMTP
E. SNMP

Answer: A,E

QUESTION 6 – (Topic 1)
An Cisco UCS Administrator is planning to complete a firmware upgrade using Auto install. Which two options are prerequisites to run Auto Install? (Choose two.)

A. minor fault fixing
B. configuration backup
C. service profiles unmounted from the blade servers
D. time synchronization
E. fault suppression started on the blade servers

Answer: A,B

QUESTION 7 – (Topic 1)
Which two prerequisites are required to configure a SAN boot from the FCoE storage of a Cisco UCS system? (Choose two.)

A. The Cisco UCS domain must be able to communicate with the SAN storage device that hosts the operating system image.
B. A boot policy must be created that contains a local disk, and the LVM must be configured correctly.
C. There must be iVR-enabled FCoE proxying between the Cisco UCS domain and the SAN storage device that hosts the operating system image.
D. There must be a boot target LUN on the device where the operating system image is
located.
E. There must be a boot target RAID on the device where the operating system image is located.

Answer: C,D

Click here to view complete Q&A of 300-175 exam
Certkingdom Review
, Certkingdom pdf torrent

MCTS Training, MCITP Trainnig

Best Cisco 300-175 Certification, Cisco 300-175 Training at certkingdom.com

 

200-125 CCNA Cisco Certified Network Associate Exam

Exam Number 200-125 CCNA
Associated Certifications CCNA Routing and Switching
Duration 90 Minutes (50-60 questions)
Available Languages English, Japanese

This exam tests a candidate’s knowledge and skills related to network fundamentals, LAN switching technologies, IPv4 and IPv6 routing technologies, WAN technologies, infrastructure services, infrastructure security, and infrastructure management.

The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50–60 question assessment that is associated with the CCNA Routing and Switching certification. This exam tests a candidate’s knowledge and skills related to network fundamentals, LAN switching technologies, IPv4 and IPv6 routing technologies, WAN technologies, infrastructure services, infrastructure security, and infrastructure management.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Subscribe to Cisco Learning Network Premium and access the most comprehensive e-learning training, resources and tools you’ll need to prepare for your CCENT, CCNA and CCNP Routing and Switching certifications.

1.0 Network Fundamentals 15%

1.1 Compare and contrast OSI and TCP/IP models

1.2 Compare and contrast TCP and UDP protocols

1.3 Describe the impact of infrastructure components in an enterprise network

1.3.a Firewalls
1.3.b Access points
1.3.c Wireless controllers

1.4 Describe the effects of cloud resources on enterprise network architecture

1.4.a Traffic path to internal and external cloud services
1.4.b Virtual services
1.4.c Basic virtual network infrastructure

1.5 Compare and contrast collapsed core and three-tier architectures

1.6 Compare and contrast network topologies

1.6.a Star
1.6.b Mesh
1.6.c Hybrid

1.7 Select the appropriate cabling type based on implementation requirements

1.8 Apply troubleshooting methodologies to resolve problems

1.8.a Perform and document fault isolation
1.8.b Resolve or escalate
1.8.c Verify and monitor resolution

1.9 Configure, verify, and troubleshoot IPv4 addressing and subnetting

1.10 Compare and contrast IPv4 address types

1.10.a Unicast
1.10.b Broadcast
1.10.c Multicast

1.11 Describe the need for private IPv4 addressing

1.12 Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environment

1.13 Configure, verify, and troubleshoot IPv6 addressing

1.14 Configure and verify IPv6 Stateless Address Auto Configuration

1.15 Compare and contrast IPv6 address types

1.15.a Global unicast
1.15.b Unique local
1.15.c Link local
1.15.d Multicast
1.15.e Modified EUI 64
1.15.f Autoconfiguration
1.15.g Anycast

2.0 LAN Switching Technologies 21%

2.1 Describe and verify switching concepts

2.1.a MAC learning and aging
2.1.b Frame switching
2.1.c Frame flooding
2.1.d MAC address table

2.2 Interpret Ethernet frame format

2.3 Troubleshoot interface and cable issues (collisions, errors, duplex, speed)

2.4 Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

2.4.a Access ports (data and voice)
2.4.b Default VLAN

2.5 Configure, verify, and troubleshoot interswitch connectivity

2.5.a Trunk ports
2.5.b Add and remove VLANs on a trunk
2.5.c DTP, VTP (v1&v2), and 802.1Q
2.5.d Native VLAN

2.6 Configure, verify, and troubleshoot STP protocols

2.6.a STP mode (PVST+ and RPVST+)
2.6.b STP root bridge selection

2.7 Configure, verify and troubleshoot STP related optional features

2.7.a PortFast
2.7.b BPDU guard

2.8 Configure and verify Layer 2 protocols

2.8.a Cisco Discovery Protocol
2.8.b LLDP

2.9 Configure, verify, and troubleshoot (Layer 2/Layer 3) EtherChannel

2.9.a Static
2.9.b PAGP
2.9.c LACP

2.10 Describe the benefits of switch stacking and chassis aggregation

3.0 Routing Technologies 23%

3.1 Describe the routing concepts

3.1.a Packet handling along the path through a network
3.1.b Forwarding decision based on route lookup
3.1.c Frame rewrite

3.2 Interpret the components of a routing table

3.2.a Prefix
3.2.b Network mask
3.2.c Next hop
3.2.d Routing protocol code
3.2.e Administrative distance
3.2.f Metric
3.2.g Gateway of last resort

3.3 Describe how a routing table is populated by different routing information sources

3.3.a Admin distance

3.4 Configure, verify, and troubleshoot inter-VLAN routing

3.4.a Router on a stick
3.4.b SVI

3.5 Compare and contrast static routing and dynamic routing

3.6 Compare and contrast distance vector and link state routing protocols

3.7 Compare and contrast interior and exterior routing protocols

3.8 Configure, verify, and troubleshoot IPv4 and IPv6 static routing

3.8.a Default route
3.8.b Network route
3.8.c Host route
3.8.d Floating static

3.9 Configure, verify, and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

3.10 Configure, verify, and troubleshoot single area and multi-area OSPFv3 for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

3.11 Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)

3.12 Configure, verify, and troubleshoot EIGRP for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub)

3.13 Configure, verify, and troubleshoot RIPv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution)

3.14 Troubleshoot basic Layer 3 end-to-end connectivity issues

4.0 WAN Technologies 10%

4.1 Configure and verify PPP and MLPPP on WAN interfaces using local authentication

4.2 Configure, verify, and troubleshoot PPPoE client-side interfaces using local authentication

4.3 Configure, verify, and troubleshoot GRE tunnel connectivity

4.4 Describe WAN topology options

4.4.a Point-to-point
4.4.b Hub and spoke
4.4.c Full mesh
4.4.d Single vs dual-homed

4.5 Describe WAN access connectivity options

4.5.a MPLS
4.5.b Metro Ethernet
4.5.c Broadband PPPoE
4.5.d Internet VPN (DMVPN, site-to-site VPN, client VPN)

4.6 Configure and verify single-homed branch connectivity using eBGP IPv4 (limited to peering and route advertisement using Network command only)

4.7 Describe basic QoS concepts

4.7.a Marking
4.7.b Device trust
4.7.c Prioritization
4.7.c. [i] Voice
4.7.c. [ii] Video
4.7.c. [iii] Data
4.7.d Shaping
4.7.e Policing
4.7.f Congestion management

5.0 Infrastructure Services 10%

5.1 Describe DNS lookup operation

5.2 Troubleshoot client connectivity issues involving DNS

5.3 Configure and verify DHCP on a router (excluding static reservations)

5.3.a Server
5.3.b Relay
5.3.c Client
5.3.d TFTP, DNS, and gateway options

5.4 Troubleshoot client- and router-based DHCP connectivity issues

5.5 Configure, verify, and troubleshoot basic HSRP

5.5.a Priority
5.5.b Preemption
5.5.c Version

5.6 Configure, verify, and troubleshoot inside source NAT

5.6.a Static
5.6.b Pool
5.6.c PAT

5.7 Configure and verify NTP operating in a client/server mode

6.0 Infrastructure Security 11%

6.1 Configure, verify, and troubleshoot port security

6.1.a Static
6.1.b Dynamic
6.1.c Sticky
6.1.d Max MAC addresses
6.1.e Violation actions
6.1.f Err-disable recovery

6.2 Describe common access layer threat mitigation techniques

6.2.a 802.1x
6.2.b DHCP snooping
6.2.c Nondefault native VLAN

6.3 Configure, verify, and troubleshoot IPv4 and IPv6 access list for traffic filtering

6.3.a Standard
6.3.b Extended
6.3.c Named

6.4 Verify ACLs using the APIC-EM Path Trace ACL analysis tool

6.5 Configure, verify, and troubleshoot basic device hardening

6.5.a Local authentication
6.5.b Secure password
6.5.c Access to device
6.5.c. [i] Source address
6.5.c. [ii] Telnet/SSH
6.5.d Login banner

6.6 Describe device security using AAA with TACACS+ and RADIUS

7.0 Infrastructure Management 10%

7.1 Configure and verify device-monitoring protocols

7.1.a SNMPv2
7.1.b SNMPv3
7.1.c Syslog

7.2 Troubleshoot network connectivity issues using ICMP echo-based IP SLA

7.3 Configure and verify device management

7.3.a Backup and restore device configuration
7.3.b Using Cisco Discovery Protocol or LLDP for device discovery
7.3.c Licensing
7.3.d Logging
7.3.e Timezone
7.3.f Loopback

7.4 Configure and verify initial device configuration

7.5 Perform device maintenance

7.5.a Cisco IOS upgrades and recovery (SCP, FTP, TFTP, and MD5 verify)
7.5.b Password recovery and configuration register
7.5.c File system management

7.6 Use Cisco IOS tools to troubleshoot and resolve problems

7.6.a Ping and traceroute with extended option
7.6.b Terminal monitor
7.6.c Log events
7.6.d Local SPAN

7.7 Describe network programmability in enterprise network architecture

7.7.a Function of a controller
7.7.b Separation of control plane and data plane
7.7.c Northbound and southbound APIs
QUESTION: No: 1
Which layer in the OSI reference model is responsible for determining the availability of the receMng
program and checking to see if enough resources exist for that communication?

A. transport
B. network
C. presentation
D. session
E. application

Answer: E


QUESTION: No: 2
Which of the following describes the roles of devices in a WAN? (Choose three.)

A. A CSU/DSU terminates a digital local loop.
B. A modem terminates a digital local loop.
C. A CSU/DSU terminates an analog local loop.
D. A modem terminates an analog local loop.
E. A router is commonly considered a DTE device.
F. A router is commonly considered a DCE device.

Answer: A, D, E


QUESTION: No: 3
A network interface port has collision detection and carrier sensing enabled on a shared twisted pair
network. From this statement, what is known about the network interface port?

A. This is a 10 Mb/s switch port.
B. This is a 100 Mb/s switch port.
C. This is an Ethernet port operating at half duplex.
D. This is an Ethernet port operating at full duplex.
E. This is a port on a network interface card in a PC.

Answer: C


QUESTION: No: 4
A receMng host computes the checksum on a frame and determines that the frame is damaged. The
frame is then discarded. At which OSI layer did this happen?

A. session
B. transport
C. network
D. data link
E. physical

Answer: D


QUESTION: No: 5
Which of the following correctly describe steps in the OSI data encapsulation process? (Choose two.)

A. The transport layer dMdes a data stream into segments and may add reliability and flow control
information.
B. The data link layer adds physical source and destination addresses and an FCS to the segment.
C. Packets are created when the network layer encapsulates a frame with source and destination host
addresses and protocol-related control information.
D. Packets are created when the network layer adds Layer 3 addresses and control information to a
segment.
E. The presentation layer translates bits into voltages for transmission across the physical link.

Answer: A, D

Click here to view complete Q&A of 200-125 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 200-125 Certification, Cisco 200-125 Training at certkingdom.com

400-251 CCIE Security

Exam Number 400-251 CCIE Security
Associated Certifications CCIE Security
Duration 120 minutes (90 – 110 questions)
Available Languages English

The written exam validates experts who have the knowledge and skills to architect, engineer, implement, troubleshoot, and support the full suite of Cisco security technologies and solutions using the latest industry best practices to secure systems and environments against modern security risks, threats, vulnerabilities, and requirements.

Topics include network functionality and security-related concepts and best practices, as well as Cisco network security products, solutions, and technologies in areas such as next generation intrusion prevention, next generation firewalls, identity services, policy management, device hardening, and malware protection.

The written exam utilizes the unified exam topics which includes emerging technologies, such as Cloud, Network Programmability (SDN), and Internet of Things (IoT).

The CCIE Security Version 5.0 exam unifies written and lab exam topics documents into a unique curriculum, while explicitly disclosing which domains pertain to which exam, and the relative weight of each domain.

The Cisco CCIE Security Written Exam (400-251) version 5.0 is a two-hour test with 90–110 questions that validate professionals who have the expertise to describe, design, implement, operate, and troubleshoot complex security technologies and solutions. Candidates must understand the requirements of network security, how different components interoperate, and translate it into the device configurations. The exam is closed book and no outside reference materials are allowed.

The Cisco CCIE Security Lab Exam version 5.0 is an eight-hour, hands-on exam that requires a candidate to plan, design, implement, operate, and troubleshoot complex security scenarios for a given specification. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE lab exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Perimeter Security and Intrusion Prevention 21%

1.1 Describe, implement, and troubleshoot HA features on Cisco ASA and Cisco FirePOWER Threat Defense (FTD)

1.2 Describe, implement, and troubleshoot clustering on Cisco ASA and Cisco FTD

1.3 Describe, implement, troubleshoot, and secure routing protocols on Cisco ASA and Cisco FTD

1.4 Describe, implement, and troubleshoot different deployment modes such as routed, transparent, single, and multicontext on Cisco ASA and Cisco FTD

1.5 Describe, implement, and troubleshoot firewall features such as NAT (v4,v6), PAT, application inspection, traffic zones, policy-based routing, traffic redirection to service modules, and identity firewall on Cisco ASA and Cisco FTD

1.6 Describe, implement, and troubleshoot IOS security features such as Zone-Based Firewall (ZBF), application layer inspection, NAT (v4,v6), PAT and TCP intercept on Cisco IOS/IOS-XE

1.7 Describe, implement, optimize, and troubleshoot policies and rules for traffic control on Cisco ASA, Cisco FirePOWER and Cisco FTD

1.8 Describe, implement, and troubleshoot Cisco Firepower Management Center (FMC) features such as alerting, logging, and reporting

1.9 Describe, implement, and troubleshoot correlation and remediation rules on Cisco FMC

1.10 Describe, implement, and troubleshoot Cisco FirePOWER and Cisco FTD deployment such as in-line, passive, and TAP modes

1.11 Describe, implement, and troubleshoot Next Generation Firewall (NGFW) features such as SSL inspection, user identity, geolocation, and AVC (Firepower appliance)

1.12 Describe, detect, and mitigate common types of attacks such as DoS/DDoS, evasion techniques, spoofing, man-in-the-middle, and botnet

2.0 Advanced Threat Protection and Content Security 17%

2.1 Compare and contrast different AMP solutions including public and private cloud deployment models

2.2 Describe, implement, and troubleshoot AMP for networks, AMP for endpoints, and AMP for content security (CWS, ESA, and WSA)

2.3 Detect, analyze, and mitigate malware incidents

2.4 Describe the benefit of threat intelligence provided by AMP Threat GRID

2.5 Perform packet capture and analysis using Wireshark, tcpdump, SPAN, and RSPAN

2.6 Describe, implement, and troubleshoot web filtering, user identification, and Application Visibility and Control (AVC)

2.7 Describe, implement, and troubleshoot mail policies, DLP, email quarantines, and SenderBase on ESA

2.8 Describe, implement, and troubleshoot SMTP authentication such as SPF and DKIM on ESA

2.9 Describe, implement, and troubleshoot SMTP encryption on ESA

2.10 Compare and contrast different LDAP query types on ESA

2.11 Describe, implement, and troubleshoot WCCP redirection

2.12 Compare and contrast different proxy methods such as SOCKS, Auto proxy/WPAD, and transparent

2.13 Describe, implement, and troubleshoot HTTPS decryption and DLP

2.14 Describe, implement, and troubleshoot CWS connectors on Cisco IOS routers, Cisco ASA, Cisco AnyConnect, and WSA

2.15 Describe the security benefits of leveraging the OpenDNS solution.

2.16 Describe, implement, and troubleshoot SMA for centralized content security management

2.17 Describe the security benefits of leveraging Lancope

3.0 Secure Connectivity and Segmentation 17%

3.1 Compare and contrast cryptographic and hash algorithms such as AES, DES, 3DES, ECC, SHA, and MD5

3.2 Compare and contrast security protocols such as ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, and MKA

3.3 Describe, implementc and troubleshoot remote access VPN using technologies such as FLEXVPN, SSL-VPN between Cisco firewalls, routers, and end hosts

3.4 Describe, implement, and troubleshoot the Cisco IOS CA for VPN authentication

3.5 Describe, implement, and troubleshoot clientless SSL VPN technologies with DAP and smart tunnels on Cisco ASA and Cisco FTD

3.6 Describe, implement, and troubleshoot site-to-site VPNs such as GETVPN, DMVPN and IPsec

3.7 Describe, implement, and troubleshoot uplink and downlink MACsec (802.1AE)

3.8 Describe, implement, and troubleshoot VPN high availability using Cisco ASA VPN clustering and dual-hub DMVPN deployments

3.9 Describe the functions and security implications of cryptographic protocols such as AES, DES, 3DES, ECC, SHA, MD5, ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, MKA, RSA, SCEP/EST, GDOI, X.509, WPA, WPA2, WEP, and TKIP

3.10 Describe the security benefits of network segmentation and isolation

3.11 Describe, implement, and troubleshoot VRF-Lite and VRF-Aware VPN

3.12 Describe, implement, and troubleshoot microsegmentation with TrustSec using SGT and SXP

3.13 Describe, implement, and troubleshoot infrastructure segmentation methods such as VLAN, PVLAN, and GRE

3.14 Describe the functionality of Cisco VSG used to secure virtual environments

3.15 Describe the security benefits of data center segmentation using ACI, EVPN, VXLAN, and NVGRE

4.0 Identity Management, Information Exchange, and Access Control 22%

4.1 Describe, implement, and troubleshoot various personas of ISE in a multinode deployment

4.2 Describe, implement, and troubleshoot network access device (NAD), ISE, and ACS configuration for AAA

4.3 Describe, implement, and troubleshoot AAA for administrative access to Cisco network devices using ISE and ACS

4.4 Describe, implement, verify, and troubleshoot AAA for network access with 802.1X and MAB using ISE.

4.5 Describe, implement, verify, and troubleshoot cut-through proxy/auth-proxy using ISE as the AAA server

4.6 Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network infrastructure

4.7 Describe, implement, verify, and troubleshoot BYOD on-boarding and network access flows with an internal or external CA

4.8 Describe, implement, verify, and troubleshoot ISE and ACS integration with external identity sources such as LDAP, AD, and external RADIUS

4.9 Describe ISE and ACS integration with external identity sources such as RADIUS Token, RSA SecurID, and SAML

4.10 Describe, implement, verify, and troubleshoot provisioning of AnyConnect with ISE and ASA

4.11 Describe, implement, verify, and troubleshoot posture assessment with ISE

4.12 Describe, implement, verify, and troubleshoot endpoint profiling using ISE and Cisco network infrastructure including device sensor

4.13 Describe, implement, verify, and troubleshoot integration of MDM with ISE

4.14 Describe, implement, verify, and troubleshoot certificate based authentication using ISE

4.15 Describe, implement, verify, and troubleshoot authentication methods such as EAP Chaining and Machine Access Restriction (MAR)

4.16 Describe the functions and security implications of AAA protocols such as RADIUS, TACACS+, LDAP/LDAPS, EAP (EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST, EAP-TEAP, EAP- MD5, EAP-GTC), PAP, CHAP, and MS-CHAPv2

4.17 Describe, implement, and troubleshoot identity mapping on ASA, ISE, WSA and FirePOWER

4.18 Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC

5.0 Infrastructure Security, Virtualization, and Automation 13%

5.1 Identify common attacks such as Smurf, VLAN hopping, and SYNful knock, and their mitigation techniques

5.2 Describe, implement, and troubleshoot device hardening techniques and control plane protection methods, such as CoPP and IP Source routing.

5.3 Describe, implement, and troubleshoot management plane protection techniques such as CPU and memory thresholding and securing device access

5.4 Describe, implement, and troubleshoot data plane protection techniques such as iACLs, uRPF, QoS, and RTBH

5.5 Describe, implement, and troubleshoot IPv4/v6 routing protocols security

5.6 Describe, implement, and troubleshoot Layer 2 security techniques such as DAI, IPDT, STP security, port security, DHCP snooping, and VACL

5.7 Describe, implement, and troubleshoot wireless security technologies such as WPA, WPA2, TKIP, and AES

5.8 Describe wireless security concepts such as FLEX Connect, wIPS, ANCHOR, Rogue AP, and Management Frame Protection (MFP)

5.9 Describe, implement, and troubleshoot monitoring protocols such as NETFLOW/IPFIX, SNMP, SYSLOG, RMON, NSEL, and eSTREAMER

5.10 Describe the functions and security implications of application protocols such as SSH, TELNET, TFTP, https:/HTTPS, SCP, SFTP/FTP, PGP, DNS/DNSSEC, NTP, and DHCP

5.11 Describe the functions and security implications of network protocols such as VTP, 802.1Q, TCP/UDP, CDP, LACP/PAgP, BGP, EIGRP, OSPF/OSPFv3, RIP/RIPng, IGMP/CGMP, PIM, IPv6, and WCCP

5.12 Describe the benefits of virtualizing security functions in the data center using ASAv, WSAv, ESAv, and NGIPSv

5.13 Describe the security principles of ACI such as object models, endpoint groups, policy enforcement, application network profiles, and contracts

5.14 Describe the northbound and southbound APIs of SDN controllers such as APIC-EM

5.15 Identify and implement security features to comply with organizational security policies, procedures, and standards such as BCP 38, ISO 27001, RFC 2827, and PCI-DSS

5.16 Describe and identify key threats to different places in the network (campus, data center, core, edge) as described in Cisco SAFE

5.17 Validate network security design for adherence to Cisco SAFE recommended practices

5.18 Interpret basic scripts that can retrieve and send data using RESTful API calls in scripting languages such as Python

5.19 Describe Cisco Digital Network Architecture (DNA) principles and components.

6.0 Evolving Technologies 10%

6.1 Cloud

6.1.a Compare and contrast Cloud deployment models
6.1.a [i] Infrastructure, platform, and software services (XaaS)
6.1.a [ii] Performance and reliability
6.1.a [iii] Security and privacy
6.1.a [iv] Scalability and interoperability
6.1.b Describe Cloud implementations and operations
6.1.b [i] Automation and orchestration
6.1.b [ii] Workload mobility
6.1.b [iii] Troubleshooting and management
6.1.b [iv] OpenStack components

6.2 Network Programmability (SDN)

6.2.a Describe functional elements of network programmability (SDN) and how they interact
6.2.a [i] Controllers
6.2.a [ii] APIs
6.2.a [iii] Scripting
6.2.a [iv] Agents
6.2.a [v] Northbound vs. Southbound protocols
6.2.b Describe aspects of virtualization and automation in network environments
6.2.b [i] DevOps methodologies, tools and workflows
6.2.b [ii] Network/application function virtualization (NFV, AFV)
6.2.b [iii] Service function chaining
6.2.b [iv] Performance, availability, and scaling considerations

6.3 Internet of Things (IoT)

6.3.a Describe architectural framework and deployment considerations for Internet of Things
6.3.a [i] Performance, reliability and scalability
6.3.a [ii] Mobility
6.3.a [iii] Security and privacy
6.3.a [iv] Standards and compliance
6.3.a [v] Migration
6.3.a [vi] Environmental impacts on the network

QUESTION: No: 2
According IS027001 ISIVIS, which of the following are mandatory documents? (Choose 4)

A. ISNIS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets

Answer: A, B, C, D


QUESTION: No: 3
Which two statements describe the Cisco TrustSec system correctly? (Choose two.)

A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as
extensions to the secure infrastructure.
B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages
enforcement intelligence in the network infrastructure.
D. The Cisco TrustSec system tests and certifies all products and product versions that make up the
system as working together in a validated manner.

Answer: C, D


QUESTION: No: 4
Which three attributes may be configured as part of the Common Tasks panel of an authorization profile in
the Cisco ISE solution? (Choose three.)

A. VLAN
B. voice VLAN
C. dACL name
D. voice domain permission
E. SGT

Answer: A, C, D


QUESTION: No: 5
Which three statements about Cisco Flexible NetFIow are true? (Choose three.)

A. The packet information used to create flows is not configurable by the user.
B. It supports IPv4 and IPv6 packet fields.
C. It tracks all fields of an IPv4 header as well as sections of the data payload.
D. It uses two types of flow cache, normal and permanent.
E. It can be a useful tool in monitoring the network for attacks.

Answer: B, C, E


QUESTION: No: 6
Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)

A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAO.
B. It defines a wide variety of authorization actions, including “reauthenticate.”
C. It defines the format for a Change of Authorization packet.
D. It defines a DIVI.
E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.

Answer: A, C, D

Click here to view complete Q&A of 400-251 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 400-251 Certification, Cisco 400-251 Training at certkingdom.com