What is an advantage of network telemetry over SNMP pulls?
Correct Answer: D
Network telemetry is a technology that allows network devices to push data to a collector in real time, rather than waiting for the collector to pull data from them. This improves the efficiency and accuracy of data collection, and enables the monitoring of a large number of network devices. SNMP, on the other hand, is a protocol that uses a pull model, where the collector requests data from the devices periodically. This can cause delays, gaps, and overhead in data collection, and limit the scalability of network monitoring. Therefore, network telemetry has an advantage over SNMP pulls in terms of scalability. References: * What Is Telemetry? Telemetry vs. SNMP - Huawei * Streaming telemetry challenges SNMP in large, complex networks * Network streaming telemetry: Monitoring in "real-time" - Paessler * An Overview of Network Telemetry - Geek Speak - Resources - THWACK
350-701 Exam Question 367
Drag and drop the VPN functions from the left onto the description on the right.
Correct Answer:
350-701 Exam Question 368
Refer to the exhibit. The DHCP snooping database resides on router R1, and dynamic ARP inspection is configured only on switch SW2. Which ports must be configured as untrusted so that dynamic ARP inspection operates normally?
Correct Answer: D
P2, P3, and P6 only. Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network and prevents ARP spoofing attacks. DAI relies on the DHCP snooping database to verify the IP-to-MAC bindings of hosts on the network. DAI operates on untrusted ports, which are ports that connect to hosts or devices that generate ARP traffic. Trusted ports are ports that connect to other switches or routers that do not generate ARP traffic. In this scenario, the DHCP snooping database resides on router R1, which means that switch SW2 needs to trust the port P3 that connects to R1. This way, SW2 can receive the DHCP snooping information from R1 and populate its own database. The port P4 that connects to switch SW3 also needs to be trusted, because SW3 does not generate ARP traffic. The ports P2 and P6 that connect to hosts P6 and P7 need to be untrusted, because they generate ARP traffic and need to be validated by DAI. The port P1 that connects to host P5 does not need to be configured as untrusted, because DAI is not enabled on switch SW1. To understand the concept of DAI and how to configure it, you can refer to the following sections of the source book: * Section 1.1.2: Describe the concepts of network security * Section 1.1.2.8: Describe the concepts of DAI * Section 1.1.2.9: Describe the concepts of DHCP snooping * Section 1.1.2.10: Describe the concepts of trusted and untrusted ports * Section 1.1.2.11: Describe the concepts of DAI configuration References: * Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0 * Understanding and Configuring Dynamic ARP Inspection * DHCP Snooping and Dynamic ARP Inspection
350-701 Exam Question 369
What is the intent of a basic SYN flood attack?
Correct Answer: B
A basic SYN flood attack is a type of denial-of-service (DoS) attack that aims to exhaust the resources of a server by sending a large number of SYN packets and not completing the TCP three-way handshake. The intent of this attack is to exceed the threshold limit of the connection queue, which is the data structure that stores the information about the pending connections. By doing so, the attacker prevents legitimate clients from establishing connections with the server, as the server cannot accept any more SYN requests. A SYN flood attack can be performed with spoofed IP addresses or without IP spoofing, depending on the attacker's strategy and the server's configuration. References: [Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0], Module 3: Securing Networks with Firewalls, Lesson 3.2: Firewall Technologies,
350-701 Exam Question 370
What are two functionalities of SDN Northbound APIs? (Choose two.)
Correct Answer: A,B
Northbound APIs are the link between the applications and the SDN controller. The applications can tell the network what they need (data, storage, bandwidth, and so on) and the network can deliver those resources, or communicate what it has. These APIs support a wide variety of applications, such as load balancers, firewalls, orchestration platforms, and automation stacks. Northbound APIs also enable the applications to use the controller's capabilities to program flows into the network devices using the southbound interface. Northbound APIs are usually RESTful APIs that use HTTP methods to exchange data in JSON or XML formats12. OpenFlow is not a northbound API protocol, but a southbound API protocol that defines the communication between the SDN controller and the network switches or routers. OpenFlow allows the controller to manipulate the forwarding behavior of the switches or routers by sending commands and receiving events3 . NETCONF is not a northbound API protocol, but a network management protocol that can be used as a southbound API protocol to configure and monitor network devices. NETCONF uses XML to encode data and remote procedure calls (RPCs) to exchange messages between the controller and the network devices . References := 1: What are SDN Northbound APIs (and SDN Rest APIs)? - SDxCentral 2: SDN North-bound and South-bound APIs and Interfaces 3: OpenFlow - Wikipedia : OpenFlow - SDxCentral : NETCONF - Wikipedia : NETCONF Protocol - Cisco Learn more1blob:https://www.bing.com/206f376e-b654-4eee-9b71-8a6ecbac6140 sdxcentral.com2blob:https://www.bing.com/8c9991f1-b085-4145-89e0-e335c045fc33 computernetworkingnotes.com3blob:https://www.bing.com/e02213be-2671-4b75-8e3b-d25e76d1e50e examguides.com
