Data Center Foundation Exam -1

 Q1 - Which two devices would you choose to be a part of the core layer in the three-tier network design? (Choose two.)

Top of Form

• Cisco Nexus 9500 Series Switch
• Cisco Catalyst 9800 Series Switch
• Cisco UCS 6200 Series Fabric Interconnect
• hypervisor
• Cisco Nexus 9300 Series Switch

Ans – Cisco Nexus 9500 Series Switch and Cisco Catalyst 9800 Series Switch

 

Q2 - Which option lists the three tiers of a three-tier architecture?

Top of Form

• core, aggregation, and access
• core, spine, and leaf
• base, spine, and leaf
• physical, data link, and networkBottom of Form

Ans - core, aggregation, and access

 

Q3 - Cisco Unified Data Center is based on which three pillars of Cisco innovation? (Choose three.)

Top of Form

• Cisco Unified Computing System
• Cisco Unified Fabric
• Cisco Unified Access
• Cisco Unified Communications
• Cisco Unified Management
• Cisco Overlay Transport Virtualization
• Cisco FabricPath

Ans  - Cisco Unified Management, Cisco Unified Computing System and Cisco Unified Fabric

 

Q3- Which device would you choose to be a part of the core layer in a three-tier network design?

·       Cisco UCS 6400 Series Fabric Interconnect

·       Cisco Nexus 9500, Cisco Catalyst 6800, or Cisco Catalyst 6500 Series Switch

·       hypervisor

·       Cisco ASA security appliance

Ans - Cisco Nexus 9500, Cisco Catalyst 6800, or Cisco Catalyst 6500 Series Switch

 

Note - It is estimated that a spine-and-leaf model allows for 25 percent greater scalability over a three-tier model when used for data center designs.

·       Scalability - If oversubscription of a link occurs, the process for expanding capacity is straightforward. You can add an extra spine switch and extend uplinks to every leaf switch, resulting in the addition of interlayer bandwidth and reduction of the oversubscription. If device port capacity becomes a concern, you can add a new leaf switch by connecting it to every spine switch and adding the network configuration to the switch.

·       Low Latency - With a spine-and-leaf architecture, the traffic crosses the same number of devices to get to another server, regardless of the server to which the leaf switch is connected. This approach keeps latency at a predictable level because a payload only must hop to a spine switch and another leaf switch to reach its destination.

 

Q4 - Which option describes the topology design in a spine-and-leaf network?

Top of Form

• The design uses a partial mesh of links at the leaf layer.
• The design uses a full mesh of links between the leaf and aggregation layers.
• The design uses a full mesh of links between the spine and leaf layers.
• The design uses a full mesh of links at the leaf layer.Bottom of Form

Ans - The design uses a full mesh of links between the spine and leaf layers.

 

Note - Converged solutions on the market:

• FlexPod (Cisco and NetApp)
• FlashStack (Cisco and Pure Storage)
• Hitachi Adaptive Solutions for CI (Cisco and Hitachi)

 

Q5 - What are three benefits of the two-tier storage network design? (Choose three.)

Top of Form

• It is recommended for larger storage environments.
• It is elastic in case of failures.
• It is recommended for small-to-medium–sized environments.
• It is redundant through dual-fabric design.
• It is very expensive.
• It is a single point of failure.
• It is optimum for IP storage.

Ans – A. It is recommended for larger storage environments. B. It is elastic in case of failures. C. It is redundant through dual-fabric design.

 

Note - In most hyperconverged solutions, the minimum size group is three servers (commonly referred to as nodes).

Nutanix - Each server appliance contains three software layers:

• Server firmware: Cisco UCS
• Hypervisor: Nutanix Acropolis Hypervisor (AHV) or vSphere ESXi
• Hyperconverged storage software: Nutanix Acropolis Operating System (AOS)

Q6 - Which statement about Cisco Compute Hyperconverged with Nutanix is correct?

Top of Form

• It provides network connectivity with the Cisco Nexus 9500 series switches.
• Hardware compute platforms used in Cisco Compute Hyperconverged with Nutanix are Cisco UCS blade servers.
• The Cisco Compute Hyperconverged with Nutanix solution is a combination of hardware and software.
• It uses SAN protocols like Fibre Channel and iSCSI for server addition and retiringBottom of Form.

 

Ans - The Cisco Compute Hyperconverged with Nutanix solution is a combination of hardware and software.

Q7 - Cisco Unified Data Center infrastructure eliminates tiered silos and allows consolidation of which option?

Top of Form

• LAN and WAN
• LAN and SAN
• LAN and WLAN
• performance and security management

Bottom of Form

Ans – LAN and SAN

 

Q8 - In a spine-and-leaf topology, what is the minimum number of spines if redundancy is taken into consideration?

Top of Form

• one
• two
• four
• six

Bottom of Form

Ans -Two

 

Q9 - Top of Form

What are two benefits of the SAN storage network design? (Choose two.)

Top of Form

• Allows for easier maintenance of servers.
• It is redundant through dual-fabric design.
• It is very affordable.
• It is a single point of failure.
• It is optimum for IP storage.

Ans – A. Allows for easier maintenance of servers. B. It is redundant through dual-fabric design.

Q10 - Which are the three characteristics of a hyperconverged storage system? (Choose three.)

Top of Form

• easy expansion
• no SAN network
• usage of multiple storage arrays
• usage of redundant SAN switches
• easy deployment and maintenance
• fast convergence

Ans – A. easy expansion B. no SAN network C. easy deployment and maintenance

 

Q11 - Which option lists the two tiers of a Clos-collapsed core architecture?

Top of Form

• aggregation and access
• spine and leaf
• spine and access
• collapsed core and leaf

Bottom of Form

Ans – Spine and LeafQqBottom of Form

 

 

Q12 - You are working in the IT department of a small banking company that needs a new storage solution. The IT infrastructure consists of a single Cisco UCS server that hosts five VMs. Soon, the company will expand, a new server will be added, and a centralized storage array will be needed. Which network design approach is required in this case?

Top of Form

• cloud storage solution
• three-tier network with Cisco MDS multilayer switches
• directly attached network
• storage area network

Bottom of Form

Ans –

 

Q13 - If you are running out of physical ports, which action should you take to increase physical connectivity for end devices?

Top of Form

• Add an additional core switch and directly connect it to each leaf switch.
• Add an additional core switch and directly connect it to each core switch.
• Add an additional leaf switch and directly connect it to each core switch.
• Add an additional leaf switch and directly connect it to each leaf switch.

Ans- Add an additional leaf switch and directly connect it to each core switch.

 

 

Cisco Security questions

 

The role with the highest privilege in the system and is designed for users who need complete control over system configurations, indexes, and data.

Admin

Designed for advanced users who need more capabilities than regular users but do not require full administrative access.

Power

Allows for both administrative work and data management.

Select Match

The default role for most end users and provides access to basic search and reporting functionalities.

User

Which three common mandatory configuration fields apply to all Cisco security products when using the Application Setup page within the Cisco Security Cloud app? (Choose three.)

Top of Form

• Host
• Index
• Input Name
• Interval
• Logging level
• Name

Bottom of Form

What is the benefit of using Cisco Security Cloud app dashboards?

Top of Form

• Dashboards can help the administrators monitor its performance and cloud connections.
• Dashboards can help the administrators monitor resource performance, health, errors, product activities, and data integrity.
• Dashboards can help the SOC teams monitor unauthorized administrative access.
• Dashboards can help the SOC teams monitor users’ internal and external activities.

To install the Cisco Security Cloud app from a file, which of the following is a valid source location from which to get the file?

• Top of Form
• from Cisco Download Center
• from Splunk Add-ons documentation page
• from Splunk Download Center
• from Splunkbase documentation page
• Bottom of Form

Bottom of Form

 

 

Which of the following apps can be used to integrate different Cisco Security Solutions?

Top of Form

• Cisco Cloud Security app
• Cisco Security Cloud app
• Cisco Splunk app
• Cisco Splunk Security apps

Bottom of Form

 

Which of the following is a Cisco Security Cloud app dashboard?

Top of Form

• Cisco AppDynamics
• App Insights
• Cisco Security Cloud App
• Resource Utilization

Bottom of Form

 

Which of the following is an indicator for scaling Splunk?

Top of Form

• CPU and Memory Utilization: Consistently high CPU (above 50 percent) and memory usage (above 50 percent) during peak times.
• CPU and Memory Utilization: Consistently high CPU (above 55 percent) and memory usage (above 85 percent) during peak times.
• CPU and Memory Utilization: Consistently high CPU (above 65 percent) and memory usage (above 60 percent) during peak times.
• CPU and Memory Utilization: Consistently high CPU (above 75 percent) and memory usage (above 80 percent) during peak times.

When configuring the Cisco Secure Firewall eStreamer integration using the Cisco Security Cloud app, what is required with a corresponding password?

• Top of Form
• Cisco Secure Firewall Management Center eStreamer certificate
• Cisco Secure Firewall Management Center self-signed certificate for accessing the Cisco Secure Firewall Management Center GUI
• Cisco Secure Firewall Management Center eStreamer API Client ID
• Cisco Secure Firewall Management Center eStreamer username

 

 

What is shown at the bottom of the Cisco Security Cloud App > Secure Firewall Dashboard page?

Top of Form

• Event Details table
• Connection Events table
• Intrusion Events widgets
• Timeline charts

Bottom of Form

 

Which UDP port number is used by Syslog by default?

Top of Form

• 514
• 22
• 443
• 8080

Bottom of Form

 

Which three types of data can be streamed using eStreamer in Cisco Secure Firewall Management Center? (Choose three.)

Top of Form

• discovery events
• correlation and allow list events
• intrusion events, malware events, file events, connection events
• CPU and Memory, high availability, Platform Logs firewall configuration settings
• VPN session logs

 

In Splunk, what information can be viewed on the Data Integrity dashboard for the Cisco Security Cloud Application?

Top of Form

• Analysis reports of historical malware.
• Detailed logs of user activity.
• Metrics of system performance.
• Status of events for each integrated solution.

Bottom of Form

 

Over which method and TCP port do eStreamer server and client communicate?

Top of Form

• HTTPS Secure TLS channel over TCP port 8302
• HTTPS Secure TLS channel over TCP port 443
• HTTP over TCP port 80
• Syslog over UDP port 514
• Syslog over TCP port 514

Bottom of Form

 

Which dashboard of Cisco Security Cloud Application in Splunk provides performance information such as CPU utilization, memory utilization, and input connection health monitoring?

Top of Form

• Data Integrity
• Diagnostics
• Resource Utilization
• Secure Firewall Dashboard

Bottom of Form

 

 

Which of the following dashboards provides a unified view of the Cisco Security Cloud performance, error handling, and health monitoring?

Top of Form

• Data Integrity Dashboard
• Health Monitoring Dashboard
• Resource Utilization Dashboard
• XDR Dashboard

Bottom of Form

 

Which two of the following options are valid authentication methods for integrating Cisco XDR with Splunk Enterprise by using the Cisco Security Cloud app? (Choose two.)

Top of Form

• Client ID
• Direct Database Connection
• Message Broker
• OAuth
• SOAP APIs

 

Which of the following tiles can be found within the Cisco XDR dashboard on the Cisco Security Cloud app?

Top of Form

• Mean Time To Engage, Mean Time To Resolution
• XDR Cases
• Unresolved Incidents
• TTP Time Line Charts

Bottom of Form

 

Which of the following methods helps verify that the integration between Cisco XDR and Cisco Security Cloud App is successful?

Top of Form

• Checking the app status on the Cisco Security Cloud app.
• Checking the Splunk Health Connection tool.
• Using the command line for validation.
• Using the dedicated validation dashboard on the Cisco XDR app.

Bottom of Form

 

Which of the following options can generate user-specific credentials to access APIs programmatically?

Top of Form

• API client credentials
• OAuth code client credentials
• Username client credentials
• Token client credentials

Bottom of Form

 

Which of the following configuration fields is optional when configuring the Cisco XDR on the Cisco Security Cloud app?

Top of Form

• Authentication Method
• Region
• Promote XDR Incidents to Enterprise Security Notables
• Import Time Range

Bottom of Form

 

Which of the following authentication methods is used when integrating Cisco XDR with Splunk Cloud?

Top of Form

• client certificate authentication
• OAuth authentication
• passwordless authentication
• token-based authentication

Bottom of Form

 

Which dashboard helps an administrator ensure compliance with security policies such as MFA and locked-out users?

Top of Form

• Cisco Multicloud Defense dashboard on Cisco Security Cloud app.
• Duo Dashboard on Cisco Security Cloud app.
• Secure Malware Analytics dashboard on Cisco Security Cloud app.
• Secure Network Analytics dashboard on Cisco Security Cloud app.

Bottom of Form

 

How would you integrate the Cisco Secure Network Analytics with the Cisco Security Cloud app?

Top of Form

• Create a Cisco Security Cloud app user with the needed permissions, and configure the Cisco Secure Network Analytics in the Cisco Security Cloud app.
• Create a Cisco Secure Network Analytics SMC user with the needed permissions, determine the Cisco Secure Network Analytics Domain ID, and configure the Cisco Secure Network Analytics in the Cisco Security Cloud app.
• Create the Cisco Secure Network Analytics Certificate and HTTPS connection settings and configure the Cisco Secure Network Analytics in the Cisco Security Cloud app.
• Use the Cisco Secure Network Analytics API Key and configure Cisco Secure Network Analytics in the Cisco Security Cloud app.

Bottom of Form

 

What format does Multicloud Defense use when sending Security Events and Traffic Log information to Splunk?

Top of Form

• structured data logs
• semi-structured JSON data logs
• syslogs
• unstructured data logs

Bottom of Form

 

 

Which four attributes are mandatory, when configuring the Cisco Secure Email Threat Defense Connection configuration settings? (Choose four.)

Top of Form

• API Key
• Client ID
• Email Threat Defense client certificate
• Email Threat Defense IP address or hostname
• Region name
• Security Key

 

Which two of the following attributes are mandatory, when configuring the SNA Connection configuration settings? (Choose two.)

Top of Form

• API Key
• API Secret
• Cisco Security Cloud app IP Address
• Domain ID
• SMC username

Which method is valid for verifying Cisco Duo's integration with Cisco Security Cloud app?

Top of Form

• Checking the Duo Dashboard on the Cisco Security Cloud app.
• Generating integration validation report from the Cisco Security Cloud app.
• Using the Cisco Duo integration validation tool.
• Using the Cisco Security Cloud app integration validation tool.

Bottom of Form

 

Which method does the Multicloud Defense use to communicate with Splunk?

Top of Form

• APIs
• DB connect
• Universal forwarder
• HEC

Bottom of Form

 

• Bottom of Form

Bottom of Form

 

Which of the following is a Cisco Security Cloud app dashboard?

Top of Form

• Cisco AppDynamics
• App Insights
• Cisco Security Cloud App
• Resource Utilization

Bottom of Form

Bottom of Form

 

 

CESA, NVM Questions

 

Question 1 -  As your company's employees work both on and off-premises, you plan to collect flow context from the endpoints to gain visibility into user behaviors. Since you have already deployed Cisco Secure Client, you plan to add NVM and ingest the related events into Splunk for advanced security analytics. Which Splunk app/add-on should you use for this purpose?

Top of Form

• The Cisco Security Cloud app
• The Cisco SNA app
• The Cisco Endpoint Threat Defense app and Cisco Endpoint Threat Defense add-on
• The CESA app and CESA Add-OnBottom of Form

 

Question 2 - You are planning to transition the Cisco security legacy apps that you use in Splunk with the Cisco Secure Cloud app. Which three are benefits provided by the Cisco Security Cloud app? (Choose three.)

Top of Form

• Consistent index creation and data parsing that ensures efficient processing of ingested data of each product.
• One index that is used for the ingested data from the supported Cisco products.
• A specific dashboard for each product that facilitates on-time and detailed analysis of ingested data.
• One built-in dashboard that shows all the possible integrations in one place for events analysis.
• Integration with Splunk SOAR for automated responses to threats.
• Software updates and compatibility with the latest Splunk platform versions.

 

 

Question 3 - For which legacy app setup do you need to copy the certificate and specify the required certificate name in Splunk so it can authenticate with the server for data ingestion?

Top of Form

• Duo Splunk Connector
• Cisco Secure Network Analytics (Stealthwatch) App for Splunk Enterprise
• Cisco Secure eStreamer Client Add-On for Splunk
• Cisco Secure Malware Analytics

Bottom of Form

 

Question 4 - You are using Cisco Secure Network Analytics for contextual visibility and monitoring of your private network and public cloud. You plan to ingest data from the Secure Network Analytics Management Console into Splunk and want to try the legacy app first and explore built-in dashboards so you can compare it with the Cisco Security Cloud later on. Which legacy app can you use?

Top of Form

• Cisco Cloud Security App
• Cisco Secure Network Analytics (Stealthwatch) App
• Cisco Stealthwatch App
• Cisco Netflow Analytics App for Splunk

 

 

Question 5 - What is the primary function of a Splunk Technology Add-on (TA)?

Top of Form

• To provide comprehensive dashboards and reports for end-users.
• To manage user authentication and authorization within Splunk.
• To execute ad-hoc searches and generate alerts based on raw data.
• To facilitate the onboarding, parsing, and normalization of data from specific sources.

Question 6 - You are searching Splunkbase for the Cisco Secure Firewall app for Splunk to see whether this app has reached end-of-life. Which two provide information for the end-of-life notice on the app page in Splunkbase? (Choose two.)

Top of Form

• In the description under the app name
• In the Compatibility field
• In the Support field
• In the Version History tab
• In the Summary tab
• In the Installation tab

 

 

Question 7 - Which app requires a technology add-on for data ingestion of the supported Cisco security product?

Top of Form

• Duo Splunk Connector
• Splunk for Cisco ISE
• Cisco Security Cloud  
• Cisco Secure Malware Analytics
• Cisco Email Threat Defense connector for Splunk

Bottom of Form

Question 8 - you have enabled ingestion of your Cisco ISE events into Splunk and installed the Splunk for Cisco ISE app for analyses. Which type of users can you inspect using this app?

Top of Form

• Wired and wireless users
• Wired and VPN users
• Wireless and VPN users
• Wired, wireless, and VPN users

 

Question 9 - Which three top level menu items are available in the Cisco ISE app in Splunk? (Choose three.)

Top of Form

• Authentications
• BYOD
• ISE Profiler
• TACACS+
• TrustSec
• Device Summary

Question 10 - You are setting up Cisco ISE to send Syslog events to Splunk. You have configured the Splunk server as a remote logging target, what else do you need to do?

Top of Form

• Configure the shared secret password.
• Install the Cisco ISE system certificate to be used for the Syslog service.
• Choose the logging categories for the Splunk logging target.
• Create the logging policy rules under the Admin Policy Set.

Bottom of Form

Question 11 - you are working as a SOC analyst, and you are integrating Cisco NVM on the endpoints with Splunk. You have set up the NVM Collector, and you need to configure Splunk to ingest the three feeds streamed from the collector. Which action should you take?

• Configure three UDP data inputs, each with the port for the respective feed. 
• Configure one UDP data input that includes all three ports for the feeds.
•  Configure three TCP data inputs, each with the port for the respective feed. 
• Configure one Syslog data input that includes all three ports for the feeds. 
• Configure three Syslog data inputs, each with the port for the respective feed.

 

 

 

Question 12 - The employees in your organization connect to your corporate network through VPN from various locations, and you want to obtain insights into the traffic that is sent through the tunnel using the CESA app in Splunk. Which two options in the Zero Trust – VPN Split Tunneling/Network Monitor dashboard can you use to filter the display of information that is related to the traffic in the VPN tunnels? (Choose two.)

Top of Form

• Wired
• Untrusted
• Virtual
• VPN
• Trusted

 

Question 13 - During the verification of the NVM integration with Splunk, you need to confirm that the NVM collector status is active (running). This will help you ensure that the NVM collector is continuously receiving IPFIX data from the NVM endpoints. Which command should you use on the NVM Collector?

Top of Form

• sudo systemctl status acnvm.collector
• sudo systemctl status nvm.collector
• sudo systemctl status acnvm.service
• sudo systemctl status nvm.service

Bottom of Form

Question 14 - You need to modify the Splunk IP address in the NVM Collector configuration file. Which two options specify the name of the configuration file and the path where it is located? (Choose two.)

Top of Form

• /opt/cisco/nvm
• /opt/acnvm/conf/
• /opt/nvm/conf/
• nvm.conf
• nvm.xml
• acnvm.conf

 

Question 16 - Which CESA App homepage category provides access to dashboards that visualize application behavior, such as top applications by volume and flow, top source and destination ports, as well as utilization data and integrated view of application processes?

Top of Form

• Devices
• Applications
• Users
• Locations

Bottom of Form

 

Bottom of Form

 

Question 17 - You have installed Cisco Enterprise Networking for Splunk Platform on Splunk to use the app's built-in dashboards to analyze events ingested from your enterprise environment. Which three Cisco products do the app dashboards support? (Choose three.)

Cisco ISE

Cisco Duo

Cisco Secure Endpoint

 Cisco Catalyst SD-WAN

Cisco Secure Firewall

Cisco Catalyst Center Bottom of Form

 

 

Question 18 - You have Cisco ISE and Splunk in your environment, and you want to try the Cisco ISE Data Connect to query Cisco ISE from Splunk for analysis and report creation. Which two components do you need for the integration? (Choose two.)

 Splunk DB Connect Splunk for Cisco ISE

Splunk Add-on for Cisco Identity Services

Splunk DBX Add-on for MySQL JDBC

Splunk DBX Add-on for Oracle JDBC

 

 

 

Question 19 - You have integrated Cisco NVM on the endpoints with Splunk to obtain deep endpoint visibility using the CESA app. Which two types of analyses can you perform with the built-in dashboards in the CESA app? (Choose two.)

Top of Form

• CPU usage on endpoints
• Data and traffic across VPN and split tunnels
• Suspicious emails containing phishing links
• Endpoints using unapproved or block listed applications
• System performance metrics for virtual servers

 

Which file contains the three following ports used between the Cisco NVM Collector and Splunk? "syslog_flowdata_server_port" : 20519 "syslog_sysdata_server_port" : 20520 "syslog_intdata_server_port" : 20521

Top of Form

• acnvm.conf file on the Cisco NVM Collector
• NVM_ServiceProfile.xml file on the Cisco NVM Collector
• acnvm.conf file on the Client running Cisco NVM
• NVM_ServiceProfile.xml file on the Client running Cisco NVM

Bottom of Form