Explanation: In a Split-MAC architecture (used with Lightweight APs), the Access Point handles "real-time" tasks (like frame encryption/acknowledgment), while the WLC handles "management" tasks (like authentication and coordination across multiple APs). The AP and WLC communicate via the CAPWAP protocol.

Explanation: Phase 1 creates a secure "tunnel for the tunnel." It authenticates the peers and negotiates encryption for the control traffic. Once Phase 1 is secure, Phase 2 (IPsec) is negotiated to actually move the user data.

Explanation: In JSON (JavaScript Object Notation), curly braces { } define an object (a collection of key-value pairs), while square brackets [ ] define an array (a list of multiple values or objects). For example, "interfaces": ["Gig0/0", "Gig0/1"] is an array of strings.

Explanation: For /26, increments are 64. Subnets are .0, .64, .128. The broadcast for the .0 subnet is .63. Wait—rechecking: 10.1.5.0 to 10.1.5.63. Correction: It is the Broadcast address for the 10.1.5.0/26 subnet.

Explanation: Spine-Leaf (also known as Clos) topology connects every Leaf switch to every Spine switch. This minimizes latency and hops for server-to-server (East-West) communication, which is critical in modern virtualized data centers.

Explanation: The Principle of Least Privilege is a fundamental security rule aimed at reducing the "attack surface." By limiting a user's permissions to only what is required, you minimize the damage that could occur if that account is compromised.

Explanation: The "Longest Prefix Match" rule states the router always chooses the most specific mask (/25 is more specific than /24).

B. The switch with the lowest Priority value (lower BID wins; priority is the first component of BID)

Per RFC 1918, this range is for private use and is not routable on the public internet.

Explanation: Ansible Playbooks are written in YAML. They describe the "Play" (the set of actions) to be performed on the network devices. Since Ansible is agentless, the Playbook is executed on the control station and instructions are sent to the switches via SSH.

Explanation: Configuration Drift occurs when administrators make manual, ad-hoc changes (e.g., "just for testing") and forget to revert them, causing the device to fall out of sync with the automated/standardized policy.

Explanation: The entire 127.0.0.0/8 range is reserved for loopback testing.

Explanation: DNS (Domain Name System) resolves domain names into IP addresses so users don't have to remember numeric addresses. DHCP assigns IP addresses to devices, and NAT translates private IPs to public IPs.

Explanation: Ansible Playbooks are written in YAML (Yet Another Markup Language / YAML Ain't Markup Language), which relies on indentation (whitespace) to define structure, making it very human-readable.

Explanation: JSON is favored in modern automation for being lightweight and readable. XML is heavier due to the repetitive start and end tags (<name>value</name>).

Explanation: Class B addresses range from 128.0.0.0 to 191.255.255.255. The first two octets are reserved for the network portion.

Explanation: IBN is a revolutionary shift where the administrator defines the outcome (e.g., "Guest WiFi should not access the Finance Server"), and the SDN controller (like Cisco DNA Center) automatically translates that intent into specific configurations across all network devices.

Explanation: Ansible is considered "agentless" because it does not require special software installed on the target device; it typically uses standard SSH to push configurations. Puppet and Chef generally require an "agent" (client software) to be running on the managed device.

Explanation: Switches operate in Full-Duplex mode, meaning they can send and receive data at the same time. Unlike a hub (which is one large collision domain), a switch creates a dedicated segment for each port, effectively eliminating collisions between devices on different ports.

Explanation: TCP is connection-oriented and ensures reliability via a three-way handshake (SYN, SYN-ACK, ACK). It tracks sequence numbers and acknowledges received data. UDP is connectionless (no handshake), has lower overhead, and is "best-effort," making it better for streaming but less reliable than TCP.

Explanation: Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis. Option A describes Static NAT, and Option C describes PAT (Port Address Translation), also known as "NAT Overload."

Explanation: The LC connector is a small form-factor connector (half the size of SC) that uses a locking tab similar to an RJ-45. Its small size makes it ideal for high-density switches.

Explanation: Ansible does not require any special software (agent) to be installed on the target device. It connects via standard SSH (or NETCONF/HTTPS) and pushes the configuration. Puppet and Chef typically require agents.

Explanation: Southbound APIs (like OpenFlow, NETCONF, or OpFlex) are used by the controller to push configurations and policies down to the physical network devices. Northbound APIs face up toward applications.

An access port can only carry traffic for a single VLAN. To support an AP handling multiple SSIDs (and thus multiple VLANs), a trunk port is required because it uses 802.1Q tagging to carry traffic for multiple VLANs over a single physical link.

Explanation: The Network Layer (Layer 3) handles logical addressing (IP addresses) and routing. Routers operate at this layer to determine the best path for packets. Layer 2 handles physical addressing (MAC), Layer 4 handles end-to-end communication (TCP/UDP), and Layer 7 is where user applications interact with the network.

Explanation: A Router (or Layer 3 switch) operates at the Network Layer (OSI Layer 3) and uses logical IP addresses to determine the best path to a destination network. Layer 2 switches use MAC addresses.

Explanation: PortFast is used on ports connected to end devices (like PCs or printers). Normally, STP takes 30-50 seconds to move a port to "Forwarding." PortFast allows these ports to work instantly. It should never be used on trunk links between switches, as it could cause a loop.

Explanation: The MIB is a hierarchical database used by the SNMP agent on a device (like a router) to organize information about the device's status (CPU, interface traffic, etc.). The SNMP Manager uses the MIB to know what data points it is allowed to read or change.

Explanation: UTP lacks the metal shielding found in STP, making it more vulnerable to external electrical noise (EMI) from machinery or fluorescent lights. Fiber (C and D) uses light, so it is immune to EMI.

Explanation: HTTP Status Codes:

• 200: OK
• 201: Created
• 400: Bad Request
• 401: Unauthorized (Authentication missing)
• 403: Forbidden (Authenticated, but permissions denied)
• 404: Not Found

Explanation: SSH encrypts the entire management session, including your username and password. Telnet and HTTP send data in "clear text," meaning anyone with a packet sniffer can see your login credentials. SNMPv2c also lacks the robust encryption and authentication found in SNMPv3 or SSH.

Explanation: NGFWs go beyond simple port/protocol filtering. They include Intrusion Prevention Systems (IPS), Deep Packet Inspection (DPI), and Application Visibility and Control (AVC) to see what the traffic actually is (e.g., blocking "Facebook Games" but allowing "Facebook Chat").

Explanation: Link-Local addresses (starting with FE80::/10) are mandatory on IPv6 interfaces. They are used for neighbor discovery and routing protocol communication strictly within the local segment.

Explanation: IBN focuses on the desired outcome (intent). The administrator defines what the network should do (e.g., "Give Voice traffic highest priority"), and the automated system figures out how to configure the devices to achieve that state and continuously verifies it.

Explanation: LACP (802.3ad) is the industry-standard (IEEE) protocol for bundling physical links. PAgP is a Cisco-proprietary protocol that does the same thing but only works between Cisco devices. In a modern environment where you might mix vendors (Cisco, HP, Juniper), LACP is the preferred choice.

Explanation: NAT terms are often confusing: Inside Local is the private IP (e.g., 192.168.1.5). Inside Global is the public IP that the rest of the internet sees when that host communicates.

Explanation: The Underlay is the physical foundation. Its only job is to ensure that all network devices can reach each other (usually via an IGP like OSPF or IS-IS) so that the Overlay tunnels (VXLAN) can be established on top.

Explanation: In SDN architecture:

• • Northbound APIs allow applications and programmers to communicate with the controller to tell it what the network should do.
  • Southbound APIs (like OpenFlow or NETCONF) are used by the controller to push those instructions down to the actual hardware switches.

Explanation: On an 802.1Q trunk, any frame that arrives without a VLAN tag is automatically assigned to the Native VLAN. For security, it is a best practice to change the native VLAN from the default (VLAN 1) to an unused VLAN ID.