思科網(wǎng)絡(luò)工程師題庫3

思科網(wǎng)絡(luò)工程師題庫1-200Ql.lnwhichformofattackisalternateencoding,suchashexadecimalrepresentation,mostoftenobserved?Smurfdistributeddenialofservicecross-sitescriptingrootkitexploitAnswer:CExplanation:Crosssitescripting(alsoknownasXSS)occurswhenawebapplicationgathersmaliciousdatafromauser.Thedataisusuallygatheredintheformofahyperlinkwhichcontainsmaliciouscontentwithinit.Theuserwillmostlikelyclickonthislinkfromanotherwebsite,instantmessage,orsimplyjustreadingawebboardoremailmessage.Usuallytheattackerw川encodethemaliciousportionofthelinktothesiteinHEX(orotherencodingmethods)sotherequestislesssuspiciouslookingtotheuserwhenclickedon.Forexamplethecodebelowiswritteninhex:<ahref=javascript:alert('XSS')>ClickHere</a>isequivalentto:<ahref=javascript:alert('XSS')>ClickHere</a>Note:Intheformat"&#xhhhh",hhhhisthecodepointinhexadecimalform.Q2.WhichflawdoesanattackerleveragewhenexploitingSQLinjectionvulnerabilities?userinputvalidationinawebpageorwebapplicationLinuxandWindowsoperatingsystemsdatabasewebpageimagesAnswer:AExplanation:SQLinjectionusuallyoccurswhenyouaskauserforinput,liketheirusername/userid,buttheusergives("injects")youanSQLstatementthatyouwillunknowinglyrunonyourdatabase.Forexample:Lookatthefollowingexample,whichcreatesaSELECTstatementbyaddingavariable(txtUserld)toaselectstring.Thevariableisfetchedfromuserinput(getRequestString):txtUserld=getRequestString("Userld")；txtSQL="SELECT*FROMUsersWHEREUserid="+txtUserld;Ifuserentersomethinglikethis:"100OR1=1"thentheSQLstatementwilllooklikethis:SELECT*FROMUsersWHEREUserid=100OR1=1;TheSQLaboveisvalidandwillreturnALLrowsfromthe"Users"table,sinceOR1=1isalwaysTRUE.Ahackermightgetaccesstoalltheusernamesandpasswordsinthisdatabase.Q3.WhichtwopreventiontechniquesareusedtomitigateSQLinjectionattacks?(Choosetwo)Checkinteger,float,orBooleanstringparameterstoensureaccuratevalues.Usepreparedstatementsandparameterizedqueries.Securetheconnectionbetweenthewebandtheapptier.WriteSQLcodeinsteadofusingobject-relationalmappinglibraries.BlockSQLcodeexecutioninthewebapplicationdatabaselogin.Answer:ABQ4.Whichtwoendpointmeasuresareusedtominimizethechancesoffallingvictimtophishingandsocialengineeringattacks?(Choosetwo)Patchforcross-sitescripting.Performbackupstotheprivatecloud.Protectagainstinputvalidationandcharacterescapesintheendpoint.Installaspamandvirusemailfilter.Protectsystemswithanup-to-dateantimalwareprogram.Answer:DEExplanation:Phishingattacksarethepracticeofsendingfraudulentcommunicationsthatappeartocomefromareputablesource.Itisusuallydonethroughemail.Thegoalistostealsensitivedatalikecreditcardandlogininformation,ortoinstallmalwareonthevictim'smachine.Q5.Whichtwomechanismsareusedtocontrolphishingattacks?(Choosetwo)Enablebrowseralertsforfraudulentwebsites.Definesecuritygroupmemberships.RevokeexpiredCRLofthewebsites.Useantispywaresoftware.Implementemailfilteringtechniques.Answer:AEQ6.Whichtwobehavioralpatternscharacterizeapingofdeathattack?(Choosetwo)Theattackisfragmentedintogroupsof16octetsbeforetransmission.Theattackisfragmentedintogroupsof8octetsbeforetransmission.ShortsynchronizedburstsoftrafficareusedtodisruptTCPconnections.Malformedpacketsareusedtocrashsystems.PubliclyaccessibleDNSserversaretypicallyusedtoexecutetheattack.Answer:BDExplanation:PingofDeath(PoD)isatypeofDenialofService(DoS)attackinwhichanattackerattemptstocrash,destabilize,orfreezethetargetedcomputerorservicebysendingmalformedoroversizedpacketsusingasimplepingcommand.Acorrectly-formedpingpacketistypically56bytesinsize,or64byteswhentheICMPheaderisconsidered,and84includingInternetProtocolversion4header.However,anyIPv4packet(includingpings)maybeaslargeas65,535bytes.SomecomputersystemswereneverdesignedtoproperlyhandleapingpacketlargerthanthemaximumpacketsizebecauseitviolatestheInternetProtocoldocumentedLikeotherlargebutwell-formedpackets,apingofdeathisfragmentedintogroupsof8octetsbeforetransmission.However,whenthetargetcomputerreassemblesthemalformedpacket,abufferoverflowcanoccur,causingasystemcrashandpotentiallyallowingtheinjectionofmaliciouscode.Q7.Whichtwopreventivemeasuresareusedtocontrolcross-sitescripting?(Choosetwo)Enableclient-sidescriptsonaper-domainbasis.Incorporatecontextualoutputencoding/escaping.DisablecookieinspectionintheHTMLinspectionengine.RununtrustedHTMLinputthroughanHTMLsanitizationengine.SameSitecookieattributeshouldnotbeused.Answer:ABQ8.Whatisthedifferencebetweendeceptivephishingandspearphishing?DeceptivephishingisanattackedaimedataspecificuserintheorganizationwhoholdsaC-levelrole.Aspearphishingcampaignisaimedataspecificpersonversusagroupofpeople.SpearphishingiswhentheattackisaimedattheC-levelexecutivesofanorganization.DeceptivephishinghijacksandmanipulatestheDNSserverofthevictimandredirectstheusertoafalsewebpage.Answer:BExplanation:Indeceptivephishing,fraudstersimpersonatealegitimatecompanyinanattempttostealpeople'spersonaldataorlogincredentials.Thoseemailsfrequentlyusethreatsandasenseofurgencytoscareusersintodoingwhattheattackerswant.Spearphishingiscarefullydesignedtogetasinglerecipienttorespond.Criminalsselectanindividualtargetwithinanorganization,usingsocialmediaandotherpublicinformation?andcraftafakeemailtailoredforthatperson.Q9.WhichattackiscommonlyassociatedwithCandC++programminglanguages?cross-sitescriptingwaterholingDDoSbufferoverflowAnswer:DExplanation:Abufferoverflow(orbufferoverrun)occurswhenthevolumeofdataexceedsthestoragecapacityofthememorybuffer.Asaresult,theprogramattemptingtowritethedatatothebufferoverwritesadjacentmemorylocations.BufferoverflowisavulnerabilityinlowlevelcodesofCandC++.Anattackercancausetheprogramtocrash,makedatacorrupt,stealsomeprivateinformationorrunhis/herowncode.Itbasicallymeanstoaccessanybufferoutsideofit'sallotedmemoryspace.Thishappensquitefrequentlyinthecaseofarrays.QlO.WhatisalanguageformatdesignedtoexchangethreatintelligencethatcanbetransportedovertheTAXIIprotocol?STIXXMPPpxGridSMTPAnswer:AExplanation:TAXII(TrustedAutomatedExchangeofIndicatorInformation)isastandardthatprovidesatransportmechanism(dataexchange)ofcyberthreatintelligenceinformationinSTIX(StructuredThreatInformationeXpression)format.Inotherwords,TAXIIserverscanbeusedtoauthorandexchangeSTIXdocumentsamongparticipants.STIX(StructuredThreatInformationeXpression)isastandardizedlanguagewhichhasbeendevelopedinacollaborativewayinordertorepresentstructuredinformationaboutcyberthreats.Ithasbeendevelopedsoitcanbeshared,stored,andotherwiseusedinaconsistentmannerthatfacilitatesautomationandhumanassistedanalysis.Qll.WhichtwocapabilitiesdoesTAXIIsupport?(Choosetwo)ExchangePullmessagingBindingCorrelationMitigatingAnswer:BCExplanation:TheTrustedAutomatedeXchangeofIndicatorInformation(TAXII)specifiesmechanismsforexchangingstructuredcyberthreatinformationbetweenpartiesoverthenetwork.TAXIIexiststoprovidespecificcapabilitiestothoseinterestedinsharingstructuredcyberthreatinformation.TAXIICapabilitiesarethehighestlevelatwhichTAXIIactionscanbedescribed.TherearethreecapabilitiesthatthisversionofTAXIIsupports:pushmessaging,pullmessaging,anddiscovery.Althoughthereisno''binding"capabilityinthelistbutitisthebestanswerhere.Q12.Whichtworisksisacompanyvulnerabletoifitdoesnothaveawell-establishedpatchingsolutionforendpoints?(Choosetwo)exploitsARPspoofingdenial-of-serviceattacksmalwareeavesdroppingAnswer:ADExplanation:Malwaremeans"malicioussoftware",isanysoftwareintentionallydesignedtocausedamagetoacomputer,server,client,orcomputernetwork.Themostpopulartypesofmalwareincludesviruses,ransomwareandspyware.VirusPossiblythemostcommontypeofmalware,virusesattachtheirmaliciouscodetocleancodeandwaittoberun.Ransomwareismalicioussoftwarethatinfectsyourcomputeranddisplaysmessagesdemandingafeetobepaidinorderforyoursystemtoworkagain.Spywareisspyingsoftwarethatcansecretlyrecordeverythingyouenter,upload,download,andstoreonyourcomputersormobiledevices.Spywarealwaystriestokeepitselfhidden.Anexploitisacodethattakesadvantageofasoftwarevulnerabilityorsecurityflaw.Exploitsandmalwarearetworisksforendpointsthatarenotuptodate.ARPspoofingandeavesdroppingareattacksagainstthenetworkwhiledenial-of-serviceattackisbasedonthefloodingofIPpackets.Q13.WhichPKIenrollmentmethodallowstheusertoseparateauthenticationandenrollmentactionsandalsoprovidesanoptiontospecifyHTTP/TFTPcommandstoperformfileretrievalfromtheserver?urlterminalprofileselfsignedAnswer:CExplanation:Atrustpointenrollmentmode,whichalsodefinesthetrustpointauthenticationmode,canbeperformedvia3mainmethods:TerminalEnrollment?manualmethodofperformingtrustpointauthenticationandcertificateenrolmentusingcopy-pasteintheCLIterminal.SCEPEnrollment?TrustpointauthenticationandenrollmentusingSCEPoverHTTP.EnrollmentProfile?Here,authenticationandenrollmentmethodsaredefinedseparately.AlongwithterminalandSCEPenrollmentmethods,enrollmentprofilesprovideanoptiontospecifyHTTP/TFTPcommandstoperformfileretrievalfromtheServer,whichisdefinedusinganauthenticationorenrollmenturlundertheprofile.Reference:/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/211333-IOS-PKI-Deployment-Guide-lnitial-Design.htmlQ14.Whataretworootkittypes?(Choosetwo)A.registryB.virtualC.bootloaderusermodebuffermodeAnswe匚CDExplanation:Theterm'rootkit'originallycomesfromtheUnixworld,wheretheword'root'isusedtodescribeauserwiththehighestpossiblelevelofaccessprivileges,similartoan'Administrator'inWindows.Theword'kit'referstothesoftwarethatgrantsroot-levelaccesstothemachine.Putthetwotogetherandyouget'rootkit',aprogramthatgivessomeone?withlegitimateormaliciousintentions?privilegedaccesstoacomputer.Therearefourmaintypesofrootkits:Kernelrootkits,Usermoderootkits,Bootloaderrootkits,MemoryrootkitsQ15.Whichformofattackislaunchedusingbotnets?A.日DDOSvirusDDOSTCPfloodAnswer:CExplanation:Abotnetisacollectionofinternet-connecteddevicesinfectedbymalwarethatallowhackerstocontrolthem.Cybercriminalsusebotnetstoinstigatebotnetattacks,whichincludemaliciousactivitiessuchascredentialsleaks,unauthorizedaccess,datatheftandDDoSattacks.Q16.Whichthreatinvolvessoftwarebeingusedtogainunauthorizedaccesstoacomputersystem?virusNTPamplificationpingofdeathHTTPfloodAnswer:AQ17.Whichtypeofattackissocialengineering?trojanphishingmalwareMITMAnswer:BExplanation:Phishingisaformofsocialengineering.Phishingattacksuseemailormaliciouswebsitestosolicitpersonal,oftenfinancial,information.Attackersmaysendemailseeminglyfromareputablecreditcardcompanyorfinancialinstitutionthatrequestsaccountinformation,oftensuggestingthatthereisaproblem.Q18.WhichtwokeyandblocksizesarevalidforAES?(Choosetwo)64-bitblocksize,112-bitkeylength64-bitblocksize,168-bitkeylength128-bitblocksize,192-bitkeylength128-bitblocksize,256-bitkeylength192-bitblocksize,256-bitkeylengthAnswer:CDExplanation:TheAESencryptionalgorithmencryptsanddecryptsdatainblocksof128bits(blocksize).Itcandothisusing128-bit,192-bit,or256-bitkeysQ19.WhichtwodescriptionsofAESencryptionaretrue?(Choosetwo)AESislesssecurethan3DES.AESismoresecurethan3DES.AEScanusea168-bitkeyforencryption.AEScanusea256-bitkeyforencryption.AESencryptsanddecryptsakeythreetimesinsequence.Answer:BDQ20.Whichalgorithmprovidesencryptionandauthenticationfordataplanecommunication?AES-GCMSHA-96AES-256SHA-384Answer:AExplanation:Thedataplaneofanynetworkisresponsibleforhandlingdatapacketsthataretransportedacrossthenetwork.(Thedataplaneisalsosometimescalledtheforwardingplane.)MaybethisQwantstoaskabouttheencryptionandauthenticationinthedataplaneofaSD-WANnetwork(butSD-WANisnotatopicoftheSCOR350-701exam?).IntheCiscoSD-WANnetworkforunicasttraffic,dataplaneencryptionisdonebyAES-256-GCM,asymmetric-keyalgorithmthatusesthesamekeytoencryptoutgoingpacketsandtodecryptincomingpackets.EachrouterperiodicallygeneratesanAESkeyforitsdatapath(specifically,onekeyperTLOC)andtransmitsthiskeytothevSmartcontrollerinOMProutepackets,whicharesimilartoIProuteupdates.Reference:https://www.cisco.eom/c/en/us/td/docs/routers/sdwan/configuration/security/vedge/security-book/security-overview.htmlQ21.Ellipticcurvecryptographyisastrongermoreefficientcryptographymethodmeanttoreplacewhichcurrentencryptiontechnology?3DESRSADESAESAnswer:BExplanation:ComparedtoRSA,theprevalentpublic-keycryptographyoftheInternettoday,EllipticCurveCryptography(ECC)offerssmallerkeysizes,fastercomputation,aswellasmemory,energyandbandwidthsavingsandisthusbettersuitedforsmalldevices.Q22,WhatistheresultofrunningthecryptoisakmpkeyciscXXXXXXXXaddresscommand?A.authenticatestheIKEv2peersinthe/16rangebyusingthekeyciscXXXXXXXXB.authenticatestheIPaddressofthe/32peerbyusingthekeyciscXXXXXXXXC.authenticatestheIKEvlpeersinthe/16rangebyusingthekeyciscXXXXXXXXD.securesallthecertificatesintheIKEexchangebyusingthekeyciscXXXXXXXXAnswer:BExplanation:Thesyntaxofabovecommandis:cryptoisakmpkeyenc-type-digitkeystring{addresspeer-address[mask]|ipv6ipv6-address/ipv6-prefix|hostnamehostname}[no-xauth]Thepeer-addressargumentspecifiestheIPorIPv6addressoftheremotepeer.Reference:/c/en/us/td/docs/ios-xml/ios/security/al/sec-al-cr-book/sec-cr-c4.html#wp6039879Q23.WhichtechnologymustbeusedtoimplementsecureVPNconnectivityamongcompanybranchesoveraprivateIPcloudwithany-to-anyscalableconnectivity?DMVPNFlexVPNIPsecDVTIGETVPNAnswer:DExplanation:Cisco'sGroupEncryptedTransportVPN(GETVPN)introducestheconceptofatrustedgrouptoeliminatepoint-to-pointtunnelsandtheirassociatedoverlayrouting.Allgroupmembers(GMs)shareacommonsecurityassociation(SA),alsoknownasagroupSA.ThisenablesGMstodecrypttrafficthatwasencryptedbyanyotherGM.GETVPNprovidesinstantaneouslarge-scaleany-to-anyIPconnectivityusingagroupIPsecsecurityparadigm.Reference:https://www.cisco.eom/c/dam/en/us/products/collateral/security/group-encrypted-transport-vpn/GETVPN_DIG_version_2_0_External.pdfQ24,WhichtwoconditionsareprerequisitesforstatefulfailoverforIPsec?(Choosetwo)OnlytheIKEconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydevice;theIPsecconfigurationiscopiedautomaticallyTheactiveandstandbydevicescanrundifferentversionsoftheCiscoIOSsoftwarebutmustbethesametypeofdevice.TheIPsecconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydeviceOnlytheIPsecconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydevice;theIKEconfigurationiscopiedautomatically.TheactiveandstandbydevicesmustrunthesameversionoftheCiscoIOSsoftwareandmustbethesametypeofdevice.Answer:CEExplanation:StatefulfailoverforIPSecurity(IPsec)enablesaroutertocontinueprocessingandforwardingIPsecpacketsafteraplannedorunplannedoutageoccurs.Customersemployabackup(secondary)routerthatautomaticallytakesoverthetasksoftheactive(primary)routeriftheactiverouterlosesconnectivityforanyreason.Thisfailoverprocessistransparenttousersanddoesnotrequireadjustmentorreconfigurationofanyremotepeer.StatefulfailoverforIPsecrequiresthatyournetworkcontainstwoidenticalroutersthatareavailabletobeeithertheprimaryorsecondarydevice.Bothroutersshouldbethesametypeofdevice,havethesameCPUandmemory,andhaveeithernoencryptionacceleratororidenticalencryptionaccelerators.PrerequisitesforStatefulFailoverforIPsecComplete,DuplicateIPsecandIKEConfigurationontheActiveandStandbyDevicesThisdocumentassumesthatyouhaveacompleteIKEandIPsecconfiguration.TheIKEandIPsecconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydevice.Thatis,thecryptoconfigurationmustbeidenticalwithrespecttoInternetSecurityAssociationandKeyManagementProtocol(ISAKMP)policy,ISAKMPkeys(preshared),IPsecprofiles,IPsectransformsets,allcryptomapsetsthatareusedforstatefulfailover,allaccesscontrollists(ACLs)thatareusedinmatchaddressstatementsoncryptomapsets,allAAAconfigurationsusedforcrypto,clientconfigurationgroups,IPlocalpoolsusedforcrypto,andISAKMPprofiles.Reference:/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15-mt/sec-vpn-availability-15-mt-book/sec-state-fail-ipsec.htmlAlthoughtheprerequisitesonlystatedthat"Bothroutersshouldbethesametypeofdevice"butinthe"RestrictionsforStatefulFailoverforIPsec"sectionofthelinkabove,itrequires"BoththeactiveandstandbydevicesmustruntheidenticalversionoftheCiscoIOSsoftware"soanswerEisbetterthananswerB.Q25.WhichVPNtechnologycansupportamultivendorenvironmentandsecuretrafficbetweensites?SSLVPNGETVPNFlexVPNDMVPNAnswer:CExplanation:FlexVPNisanIKEv2-basedVPNtechnologythatprovidesseveralbenefitsbeyondtraditionalsite-to-siteVPNimplementations.FlexVPNisastandards-basedsolutionthatcaninteroperatewithnon-CiscoIKEv2implementations.ThereforeFlexVPNcansupportamultivendorenvironment.AllofthethreeVPNtechnologiessupporttrafficbetweensites(site-to-siteorspoke-to-spoke).Q26AnetworkengineerisconfiguringDMVPNandenteredthecryptoisakmpkeycisc0380739941addresscommandonhostA.ThetunnelisnotbeingestablishedtohostB.WhatactionisneededtoauthenticatetheVPN?Changeisakmptoikev2inthecommandonhostA.EnterthecommandwithadifferentpasswordonhostB.EnterthesamecommandonhostB.ChangethepasswordonhostAtothedefaultpassword.Answer:CQ27.Refertotheexhibit.*Jun3014:52:33.795:ISAKMP:(1002):retransmissionskippedforphase1(timesincelasttransmission504)R1#*Jun3016:52:40,183:ISAKMP:(1001):purgingSA.,sa=68CEE050,delme=68CEE056R1#*Jun3016:52:43.291:ISAKMP:(1002):retransmittingphase1MM_KEY_EXCH…*Jun3014:52:43.291:ISAKMP(1002):incrementingerrorcounteronsa,attempt5of5:retransmitphase1*Jun3014:52:43,295:ISAKMP:(1002):retransmittingphase1MH_KEY_EXCH*Jun3014:52:43.295:ISAKMP:(1002):sendingpackettomy_port500peer_port500(I)MM_KEY_EXCH*Jun3014:52:43,295:ISAkMP:(1002):SendinganIKEIPv4Packet.R1#*Jun3014:52:53.299:ISAKMP:(1002):retransmittingphase1MM_KEY_EXCH...?Jun3014:52:53,299:ISAKMP:(1002):peerdoesnotdoparanoidkeepalives.*Jun3014:52:53.299:ISAKMP:(1002):deletingSAreason"DeathbyretransmissionP1"state(I)MM_KEY_EXCH(peer)*Jun3014:52:53^303:ISAKMP:(1002):deletlngSAreason"DeathbyretransmissionP1"state(I)MM_KEY_EXCH(peer)*Jun3014:52:53^307:ISAKMP;Unlockingpeerstruct0x48207318forisadb_mark__sa_deleted(),count0*Jun3014:52:53.307:ISAKMP:Deletingpeernodebypeer_reapfor:68207318*Jun3014:52:53.311:ISAKMP:(1002):deletingnode79075537errorFALSEreason"IKEdeleted"R1#*Jun3014:52:53.311:ISAKMP:(1002):deletingnode-484575753errorFALSEreason"IKEdeleted"?Jun3014:52:53.315:ISAKMP:(1002):lnput=IKE_MESG」NTERNAL,IKE_PHASE1_DEL*Jun3014:52:53.319:ISAKMP:(1002):OldState=IKEJ_MM5NewState=IKE.DEST.SAAnetworkadministratorconfiguredasite-to-siteVPNtunnelbetweentwoCiscoIOSrouters,andhostsareunabletocommunicatebetweentwositesofVPN.ThenetworkadministratorrunsthedebugcryptoisakmpsacommandtotrackVPNstatus.Whatistheproblemaccordingtothiscommandoutput?hashingalgorithmmismatchencryptionalgorithmmismatchauthenticationkeymismatchinterestingtrafficwasnotappliedAnswer:CQ28.WhatisadifferencebetweenFlexVPNandDMVPN?DMVPNusesIKEvlorIKEv2,FlexVPNonlyusesIKEvlDMVPNusesonlyIKEvlFlexVPNusesonlyIKEv2

FlexVPNusesIKEv2,DMVPNusesIKEvlorIKEv2FlexVPNusesIKEvlorIKEv2,DMVPNusesonlyIKEv2Answer:CQ29.WhichprotocolprovidesthestrongestthroughputperformancewhenusingCiscoAnyConnectVPN?TLSvl.2TLSvl.lBJTLSvlDTLSvlAnswer:DExplanation:DTLSisusedfordelaysensitiveapplications(voiceandvideo)asitsUDPbasedwhileTLSisTCPbased.ThereforeDTLSoffersstrongestthroughputperformance.ThethroughputofDTLSatthetimeofAnyConnectconnectioncanbeexpectedtohaveprocessingperformanceclosetoVPNthroughput.Q30.WhatisacommonalitybetweenDMVPNandFlexVPNtechnologies?FlexVPNandDMVPNuseIS-ISroutingprotocoltocommunicatewithspokesFlexVPNandDMVPNusethenewkeymanagementprotocolFlexVPNandDMVPNusethesamehashingalgorithmsIOSroutersrunthesameNHRPcodeforDMVPNandFlexVPNAnswer:DExplanation:Initsessence,FlexVPNisthesameasDMVPN.Connectionsbetweendevicesarestillpoint-to-pointGREtunnels,spoke-to-spokeconnectivityisstillachievedwithNHRPredirectmessage,IOSroutersevenrunthesameNHRPcodeforbothDMVPNandFlexVPN,whichalsomeansthatbothareCisco'sproprietarytechnologies.Reference:/cisco-flexvpn-dmvpn-high-level-design/Q31.ThemainfunctionofnorthboundAPIsintheSDNarchitectureistoenablecommunicationbetweenwhichtwoareasofanetwork?SDNcontrollerandthecloudmanagementconsoleandtheSDNcontrollermanagementconsoleandthecloudSDNcontrollerandthemanagementsolutionAnswer:DQ32,WhichtwofeaturesofCiscoDNACenterareusedinaSoftwareDefinedNetworksolution?(Choosetwo)A.accountingB.assuranceC.automationD.authenticationencryptionAnswer:BCExplanation:WhatCiscoDNACenterenablesyoutodoAutomate:Savetimebyusingasingledashboardtomanageandautomateyournetwork.Quicklyscaleyourbusinesswithintuitiveworkflowsandreusabletemplates.Configureandprovisionthousandsofnetworkdevicesacrossyourenterpriseinminutes,nothours.Securepolicy:Deploygroup-basedsecureaccessandnetworksegmentationbasedonbusinessneeds.WithCiscoDNACenter,youapplypolicytousersandapplicationsinsteadoftoyournetworkdevices.Automationreducesmanualoperationsandthecostsassociatedwithhumanerrors,resultinginmoreuptimeandimprovedsecurity.Assurancethenassessesthenetworkandusescontexttoturndataintointelligence,makingsurethatchangesinthenetworkdevicepoliciesachieveyourintent.Assurance:Monitor,identify,andreactinrealtimetochangingnetworkandwirelessconditions.CiscoDNACenterusesyournetwork'swiredandwirelessdevicestocreatesensorseverywhere,providingreal-timefeedbackbasedonactualnetworkconditions.TheCiscoDNAAssuranceenginecorrelatesnetworksensorinsightswithstreamingtelemetryandcomparesthiswiththecurrentcontextofthesedatasources.WithaquickcheckofthehealthscoresontheCiscoDNACenterdashboard,youcanseewherethereisaperformanceissueandidentifythemostlikelycauseinminutes.Extendecosystem:WiththenewCiscoDNACenterplatform,ITcannowintegrateCisco?solutionsandthird-partytechnologiesintoasinglenetworkoperationforstreamliningITworkflowsandincreasingbusinessvalueandinnovation.CiscoDNACenterallowsyoutorunthenetworkwithopeninterfaceswithITandbusinessapplications,integratesacrossIToperationsandtechnologydomains,andcanmanageheterogeneousnetworkdevices.Reference:https://www.cisco.eom/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-cisco-dna-center-aag-cte-en.htmlQ33.WhichfunctionsofanSDNarchitecturerequiresouthboundAPIstoenablecommunication?SDNcontrollerandthenetworkelementsmanagementconsoleandtheSDNcontrollermanagementconsoleandthecloudSDNcontrollerandthecloudAnswer:AExplanation:TheSouthboundAPIisusedtocommunicatebetweenControllersandnetworkdevices.Q34,WhichAPIisusedforContentSecurity?NX-OSAPIIOSXRAPIOpenVulnAPIAsyncOSAPIAnswer:DQ35.WhichtworequestofRESTAPIarevalidontheCiscoASAPlatform?(Choosetwo)putoptionsgetpushconnectAnswer:ACExplanation:TheASARESTAPIgivesyouprogrammaticaccesstomanagingindividualASAsthroughaRepresentationalStateTransfer(REST)API.TheAPIallowsexternalclientstoperformCRUD(Create,Read,Update,Delete)operationsonASAresources;itisbasedontheHTTPSprotocolandRESTmethodology.AllAPIrequestsaresentoverHTTPStotheASA,andaresponseisreturned.RequestStructureAvailablerequestmethodsare:GET?Retrievesdatafromthespecifiedobject.PUT?Addsthesuppliedinformationtothespecifiedobject;returnsa404ResourceNotFounderroriftheobjectdoesnotexist.POST?Createstheobjectwiththesuppliedinformation.DELETE?Deletesthespecifiedobject.PATCH?Appliespartialmodificationstothespecifiedo