Explanation: SSH encrypts the entire management session, including your username and password. Telnet and HTTP send data in "clear text," meaning anyone with a packet sniffer can see your login credentials. SNMPv2c also lacks the robust encryption and authentication found in SNMPv3 or SSH.

Explanation: 802.1Q is the industry-standard method for identifying VLANs on a trunk link by inserting a 4-byte "tag" into the Ethernet frame header. This allows a single cable to carry traffic for multiple VLANs.

Explanation: These four networks share the first 22 bits.

Explanation: The entire 127.0.0.0/8 range is reserved for loopback testing.

Explanation: Ansible is considered "agentless" because it does not require special software installed on the target device; it typically uses standard SSH to push configurations. Puppet and Chef generally require an "agent" (client software) to be running on the managed device.

Explanation: In JSON:

Explanation: TCP is connection-oriented and ensures reliability via a three-way handshake (SYN, SYN-ACK, ACK). It tracks sequence numbers and acknowledges received data. UDP is connectionless (no handshake), has lower overhead, and is "best-effort," making it better for streaming but less reliable than TCP.

Explanation: Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis. Option A describes Static NAT, and Option C describes PAT (Port Address Translation), also known as "NAT Overload."

Unlike RIP, which uses hop count, OSPF uses cost as its metric. Cost is calculated based on the reference bandwidth divided by the interface speed; lower cost indicates a faster, preferred path.

Explanation: Cisco ACI (Application Centric Infrastructure) in the data center relies heavily on a Spine-Leaf topology because it provides predictable latency and high bandwidth for East-West traffic (server-to-server communication).

It allows multiple physical links to be treated as a single logical bundle

Explanation: In JSON (JavaScript Object Notation), curly braces { } define an object (a collection of key-value pairs), while square brackets [ ] define an array (a list of multiple values or objects). For example, "interfaces": ["Gig0/0", "Gig0/1"] is an array of strings.

Explanation: The standard limit for Ethernet over twisted-pair copper (Cat5e, Cat6, etc.) is 100 meters (328 feet). Distances beyond this require repeaters or fiber optics.

Explanation: Rules for compression:

1. Remove leading zeros (0db8 -> db8).
2. Replace a single contiguous block of all-zero hextets with :: (only once).
   Result: 2001:db8::1.

Explanation: NAT terms are often confusing: Inside Local is the private IP (e.g., 192.168.1.5). Inside Global is the public IP that the rest of the internet sees when that host communicates.

Explanation: The show ip ospf neighbor command is the primary troubleshooting tool to check if a router has reached the FULL state with its neighbors. If a neighbor is not listed here, it indicates a mismatch in parameters like Area ID, Authentication, or Timers.

In Puppet, you define how a device should look (e.g., "Interface Gi0/1 should be up and in VLAN 10") in a file called a Manifest. The Puppet agent then ensures the device matches that state. This is part of "Infrastructure as Code."

• POST = Create (New resource)
• GET = Read (Retrieve data)
• PUT/PATCH = Update (Modify existing)
• DELETE = Delete (Remove)

Explanation: In the 2.4 GHz spectrum, channels are 22MHz wide but spaced only 5MHz apart. Channels 1, 6, and 11 are the only combination that does not overlap, preventing signal interference.

C. ip address dhcp

Explanation: AD is the "trustworthiness" of a route. Lower is better. OSPF is 110. For comparison: Connected is 0, Static is 1, EIGRP is 90, and RIP is 120.

Explanation: The Underlay is the physical foundation. Its only job is to ensure that all network devices can reach each other (usually via an IGP like OSPF or IS-IS) so that the Overlay tunnels (VXLAN) can be established on top.

Explanation: NETCONF (Network Configuration Protocol) typically runs over SSH (port 830) to ensure that all configuration data is encrypted and the connection is authenticated.

Explanation: In SDN architecture:

• • Northbound APIs allow applications and programmers to communicate with the controller to tell it what the network should do.
  • Southbound APIs (like OpenFlow or NETCONF) are used by the controller to push those instructions down to the actual hardware switches.

Explanation: The "Longest Prefix Match" rule states the router always chooses the most specific mask (/25 is more specific than /24).

Explanation: A Hub is a "dumb" Layer 1 device that broadcasts all incoming traffic out of every port, meaning all devices share one collision domain. A Bridge (the predecessor to the modern switch) operates at Layer 2 and uses a MAC address table to segment the network into multiple collision domains, reducing congestion.

Explanation:

• Type 1 (Bare Metal): Installs directly on hardware (e.g., ESXi, Hyper-V). Efficient for servers.
• Type 2 (Hosted): Runs as an app on Windows/Mac (e.g., VMware Workstation, VirtualBox).

Explanation: The Network Layer (Layer 3) handles logical addressing (IP addresses) and routing. Routers operate at this layer to determine the best path for packets. Layer 2 handles physical addressing (MAC), Layer 4 handles end-to-end communication (TCP/UDP), and Layer 7 is where user applications interact with the network.

Explanation: Single-mode fiber has a much smaller core than multimode, which allows light to travel long distances (up to 40km or more) with very little signal loss (attenuation). Multimode (OM3/OM4) is designed for short distances, typically within a building or data center (up to 400–500 meters).

Explanation: In a Split-MAC architecture (used with Lightweight APs), the Access Point handles "real-time" tasks (like frame encryption/acknowledgment), while the WLC handles "management" tasks (like authentication and coordination across multiple APs). The AP and WLC communicate via the CAPWAP protocol.

Explanation: DAI is a security feature that prevents ARP spoofing/poisoning attacks. It intercepts ARP requests and responses on "untrusted" ports and checks if the MAC-to-IP binding is legitimate based on a trusted database (created by DHCP Snooping). If the binding doesn't match, the ARP packet is dropped.

Explanation: Cisco DNA Assurance collects telemetry data from devices to provide visibility, troubleshooting, and "Network Time Travel" to see exactly what happened during a specific incident in the past.

Explanation: FHRPs provide high availability for the "first hop" (the default gateway). By using a Virtual IP, if the primary router fails, the standby router takes over the virtual IP immediately. The end-user devices (PCs) never lose their gateway connection because their configuration points to the virtual IP, not the physical one.

Explanation: A virtual switch (vSwitch) is software that mimics a physical switch. It allows VMs on the same host to communicate and bridges them to the physical NIC (pNIC) to reach the outside world.

Explanation: IBN focuses on the desired outcome (intent). The administrator defines what the network should do (e.g., "Give Voice traffic highest priority"), and the automated system figures out how to configure the devices to achieve that state and continuously verifies it.

Explanation: Policing manages bandwidth by dropping or re-marking traffic that exceeds a defined rate. This is different from Shaping, which buffers (delays) the excess traffic in a queue rather than dropping it immediately. Policing is typically used by ISPs at the entry point of their network.

Explanation: A Router (or Layer 3 switch) operates at the Network Layer (OSI Layer 3) and uses logical IP addresses to determine the best path to a destination network. Layer 2 switches use MAC addresses.

Explanation: NGFWs go beyond simple port/protocol filtering. They include Intrusion Prevention Systems (IPS), Deep Packet Inspection (DPI), and Application Visibility and Control (AVC) to see what the traffic actually is (e.g., blocking "Facebook Games" but allowing "Facebook Chat").

Explanation: Phase 1 creates a secure "tunnel for the tunnel." It authenticates the peers and negotiates encryption for the control traffic. Once Phase 1 is secure, Phase 2 (IPsec) is negotiated to actually move the user data.

Explanation: The MIB is a hierarchical database used by the SNMP agent on a device (like a router) to organize information about the device's status (CPU, interface traffic, etc.). The SNMP Manager uses the MIB to know what data points it is allowed to read or change.