Jump to content

Recommended Posts

3 hours ago, Salinda said:

Not yet any dumps or materials ?

Checked first page? A member passed using the dump shared on 1st page.

  • Like 1

Share this post


Link to post
Share on other sites

Guys, who found what errors? Please share. And how did you fix them. Maybe I didn't notice everything.

 

Share this post


Link to post
Share on other sites

on that CoPP strict policy question, I found a Cisco Breakout Session that talks alot about DDOS.  so maybe D is the answer?

Hidden Content

    Give reaction to this post to see the hidden content.

  • Like 30
  • Thanks 12
  • Confused 1

Share this post


Link to post
Share on other sites
12 hours ago, gdc028 said:

on that CoPP strict policy question, I found a Cisco Breakout Session that talks alot about DDOS.  so maybe D is the answer?

Hidden Content

    Give reaction to this post to see the hidden content.

I'm not sure if you are 100% right.

CoPP handles traffic TO the device, not through it. B is the only one that meets that criteria.

 

Control plane packets – Network device generated or received packets that are used for the creation and operation of the network itself. From the perspective of the network device, control plane packets always have a receive destination IP address and are handled by the CPU in the network device route processor. Examples include protocols such as ARP, BGP, OSPF, and other protocols that glue the network together.

they say that it is the attack on the supervisor (

Hidden Content

    Give reaction to this post to see the hidden content.
:

The supervisor module has both the management plane and control plane and is critical to the operation of the network. Any disruption or attacks to the supervisor module will result in serious network outages. For example, excessive traffic to the supervisor module could overload and slow down the performance of the entire Cisco NX-OS device. For example, a DoS attack on the supervisor module could generate IP traffic streams to the control plane at a very high rate, forcing the control plane to spend a large amount of time in handling these packets and preventing the control plane from processing genuine traffic.

Examples of DoS attacks include:

  • Internet Control Message Protocol (ICMP) echo requests

  • IP fragments

  • TCP SYN flooding

These attacks can impact the device performance and have the following negative effects:

  • Reduced service quality (such as poor voice, video, or critical applications traffic)

  • High route processor or switch processor CPU utilization

  • Route flaps due to loss of routing protocol updates or keepalives

  • Unstable Layer 2 topology

  • Slow or unresponsive interactive sessions with the CLI

  • Processor resource exhaustion, such as the memory and buffers

  • Indiscriminate drops of incoming packets

 

Control Plane Packet Types

Different types of packets can reach the control plane:

Receive packets
    Packets that have the destination address of a router. The destination address can be a Layer 2 address (such as a router MAC address) or a Layer 3 address (such as the IP address of a router interface). These packets include router updates and keepalive messages. Multicast packets can also be in this category where packets are sent to multicast addresses that are used by a router.
Exception packets
    Packets that need special handling by the supervisor module. For example, if a destination address is not present in the Forwarding Information Base (FIB) and results in a miss, the supervisor module sends an ICMP unreachable packet back to the sender. Another example is a packet with IP options set.

in the materials that you provided - it is said about the attack on the device itself, and not on the devices behind it. If an attack occurs on a device, then this is really a CoPP policy (for example: arp flood, attack on ospf process and etc ..).

 

But:

A Cisco NX-OS device supports only hardware-based CoPP that does not support the management interface (mgmt0). The out-of-band mgmt0 interface connects directly to the CPU and does not pass through the in-band traffic hardware where CoPP is implemented. On the mgmt0 interface, ACLs can be configured to give or deny access to a particular type of traffic.

 

 

 

  • Like 12
  • Thanks 7
  • Confused 1

Share this post


Link to post
Share on other sites
Posted (edited)

Hi All!

I was taking a look at the original dump answers  (350-601.VCEplus.premium.exam.102q) and found around 15 questions that may be wrong:

Question #12 - Dump answer:A, Possible Correct Answer: B?

Question #18 - Dump answer:A&C, Possible Correct Answer: A&B?

Question #26 - Dump answer:A&B, Possible Correct Answer: C&E?

Question #29 - Dump answer:A, Possible Correct Answer: B?

Question #32 - Dump answer:A, Possible Correct Answer: D?

Question #33 - Dump answer:B&C, Possible Correct Answer: only b seems right ?

Question #34 - Dump answer:A&C, Possible Correct Answer: A&B?

Question #38 - Dump answer:B, Possible Correct Answer: A?

Question #49 - Dump answer:A, Possible Correct Answer: D?

Question #52 - Dump answer:C, Possible Correct Answer: A?

Question #53 - Dump answer:B, Possible Correct Answer: D?

Question #79 - Dump answer:C, Possible Correct Answer: D?

Question #92 -

Dump answer:

Fabric Binding:

- Uses the Exchange Fabric Membership Data Protocol

- Allows a preconfigured set of Fibre Channel devices to logically connect to a SAN ports., 

Port Security:

- Can be distributed via fabric services

- Prevent unauthorized switches from joining the fabric or disrupting current fabric operations

 

Possible Correct Answer: 

Fabric Binding:

- Uses the Exchange Fabric Membership Data Protocol

- Prevent unauthorized switches from joining the fabric or disrupting current fabric operations

Port Security:

- Can be distributed via fabric services

- Allows a preconfigured set of Fibre Channel devices to logically connect to a SAN ports?

 

Question #96 - Dump answer:D, Possible Correct Answer: A or B?

Question #101 - Dump answer:D, Possible Correct Answer: A?

 

Do you agree with me as well?

Edited by DCCOR350601_
  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, DCCOR350601_ said:

Hi All!

I was taking a look at the original dump answers  (350-601.VCEplus.premium.exam.102q) and found around 15 questions that may be wrong:

Question #12 - Dump answer:A, Possible Correct Answer: B?

Question #18 - Dump answer:A&C, Possible Correct Answer: A&B?

Question #26 - Dump answer:A&B, Possible Correct Answer: C&E?

Question #29 - Dump answer:A, Possible Correct Answer: B?

Question #32 - Dump answer:A, Possible Correct Answer: D?

Question #33 - Dump answer:B&C, Possible Correct Answer: only b seems right ?

Question #34 - Dump answer:A&C, Possible Correct Answer: A&B?

Question #38 - Dump answer:B, Possible Correct Answer: A?

Question #49 - Dump answer:A, Possible Correct Answer: D?

Question #52 - Dump answer:C, Possible Correct Answer: A?

Question #53 - Dump answer:B, Possible Correct Answer: D?

Question #79 - Dump answer:C, Possible Correct Answer: D?

Question #92 -

Dump answer:

Fabric Binding:

- Uses the Exchange Fabric Membership Data Protocol

- Allows a preconfigured set of Fibre Channel devices to logically connect to a SAN ports., 

Port Security:

- Can be distributed via fabric services

- Prevent unauthorized switches from joining the fabric or disrupting current fabric operations

 

Possible Correct Answer: 

Fabric Binding:

- Uses the Exchange Fabric Membership Data Protocol

- Prevent unauthorized switches from joining the fabric or disrupting current fabric operations

Port Security:

- Can be distributed via fabric services

- Allows a preconfigured set of Fibre Channel devices to logically connect to a SAN ports?

 

Question #96 - Dump answer:D, Possible Correct Answer: A or B?

Question #101 - Dump answer:D, Possible Correct Answer: A?

 

Do you agree with me as well?

I think the same
But in I think possible in Q33 - A and B, in 96 - B
 
I am still confused by question 4. I think - A and D
Edited by Best
  • Thanks 1

Share this post


Link to post
Share on other sites

Q33.  I have found references to A: Organizations and locales.

RBAC and AAA were classified as system configuration, not logical.  

Share this post


Link to post
Share on other sites

Q49. I agree D. Found in EPLD software upgrade or downgrade. Nexus 7000 NX-OS CLI Management Best Practices Guide

Share this post


Link to post
Share on other sites
On 7/21/2020 at 3:44 AM, Best said:

I'm not sure if you are 100% right.

CoPP handles traffic TO the device, not through it. B is the only one that meets that criteria.

 

Control plane packets – Network device generated or received packets that are used for the creation and operation of the network itself. From the perspective of the network device, control plane packets always have a receive destination IP address and are handled by the CPU in the network device route processor. Examples include protocols such as ARP, BGP, OSPF, and other protocols that glue the network together.

they say that it is the attack on the supervisor (

Hidden Content

  • Give reaction to this post to see the hidden content.

:

 

The supervisor module has both the management plane and control plane and is critical to the operation of the network. Any disruption or attacks to the supervisor module will result in serious network outages. For example, excessive traffic to the supervisor module could overload and slow down the performance of the entire Cisco NX-OS device. For example, a DoS attack on the supervisor module could generate IP traffic streams to the control plane at a very high rate, forcing the control plane to spend a large amount of time in handling these packets and preventing the control plane from processing genuine traffic.

Examples of DoS attacks include:

  • Internet Control Message Protocol (ICMP) echo requests

  • IP fragments

  • TCP SYN flooding

These attacks can impact the device performance and have the following negative effects:

  • Reduced service quality (such as poor voice, video, or critical applications traffic)

  • High route processor or switch processor CPU utilization

  • Route flaps due to loss of routing protocol updates or keepalives

  • Unstable Layer 2 topology

  • Slow or unresponsive interactive sessions with the CLI

  • Processor resource exhaustion, such as the memory and buffers

  • Indiscriminate drops of incoming packets

 

Control Plane Packet Types

Different types of packets can reach the control plane:

Receive packets
    Packets that have the destination address of a router. The destination address can be a Layer 2 address (such as a router MAC address) or a Layer 3 address (such as the IP address of a router interface). These packets include router updates and keepalive messages. Multicast packets can also be in this category where packets are sent to multicast addresses that are used by a router.
Exception packets
    Packets that need special handling by the supervisor module. For example, if a destination address is not present in the Forwarding Information Base (FIB) and results in a miss, the supervisor module sends an ICMP unreachable packet back to the sender. Another example is a packet with IP options set.

in the materials that you provided - it is said about the attack on the device itself, and not on the devices behind it. If an attack occurs on a device, then this is really a CoPP policy (for example: arp flood, attack on ospf process and etc ..).

 

But:

A Cisco NX-OS device supports only hardware-based CoPP that does not support the management interface (mgmt0). The out-of-band mgmt0 interface connects directly to the CPU and does not pass through the in-band traffic hardware where CoPP is implemented. On the mgmt0 interface, ACLs can be configured to give or deny access to a particular type of traffic.

 

 

 

As Best said, CoPP deal with traffic direct to CPU of the device, for this reason, I responded in the exam the answer about transfer of a big image. I checked the internal policies about SSH and I didnt see any restriction about how many current sessions.

Share this post


Link to post
Share on other sites
6 hours ago, Best said:

Here are some new questions.
I have indicated which answers are correct in my opinion.

What are your comments?

 

Hidden Content

 

During the APIC cluster discovery process, LLDP is used for which of the following tasks?

A. assignment of VTEP addresses

B. discovering MAC addresses

C. discovering private IP addresses

D. serving the APIC GUI


I think Correct Answe - C.

====================================================================

 

A user retrieves data in XML format from a Cisco APIC device by submitting a GET request on TCP port 443.

Which of the following technologies are most likely in use? (Choose two.)

 

A. JSON

B. REST API

C. HTTP

D. SOAP API

E. HTTPS

 

I think Correct Answe -  A and E

=======================================================

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

S2 has just been discovered by APIC1. Only one leaf switch has been discovered and registered with APIC1 so far. No other spine switches have been discovered. Which of the following switches will most likely be discovered next?

A. L5

B. S1

C. L1, L2, and L3

D. L4 and L6

E. L1, L2, L3, L4, and L6

 

I think Correct Answe - E

 

 

 During the APIC cluster discovery process, LLDP is used for which of the following tasks?


C. discovering private IP addresses

 

 

 


A user retrieves data in XML format from a Cisco APIC device by submitting a GET request on TCP port 443.

Which of the following technologies are most likely in use? (Choose two.)

 

B. REST API


E. HTTPS

   

S2 has just been discovered by APIC1. Only one leaf switch has been discovered and registered with APIC1 so far. No other spine switches have been discovered. Which of the following switches will most likely be discovered next?


B. S1
(discover first and second is register, but if only is discover, the S2 cant discover other devices until register, for this reason, the leaf registered will discover S1

Share this post


Link to post
Share on other sites
22 hours ago, DCCOR350601_ said:

@kalel05, could you please share your  thoughts  about the previous?

Thanks.

Hi all, in this Qs I picked next:

 
Question #12 - Dump answer:A, Possible Correct Answer: B? MY ANSWER:B

Question #18 - Dump answer:A&C, Possible Correct Answer: A&B? MY ANSWER:VPC AND HSRP

Question #26 - Dump answer:A&B, Possible Correct Answer: C&E? MY ANSWER:PROCESSOR AND MEMORY

Question #29 - Dump answer:A, Possible Correct Answer: B?MY ANSWER: VERY TRICKY BUT I PICKED It is replaced by a new default policy without any firmware entries.

Question #32 - Dump answer:A, Possible Correct Answer: D? MY ANSWER: C6 RETENTION

Question #33 - Dump answer:B&C, Possible Correct Answer: only b seems right ? MY ANSWER IS B AND C, C im not pretty sure but if you checked all answers is better than others

Question #34 - Dump answer:A&C, Possible Correct Answer: A&B? MY ANSWER: IOMs AND UCS MANAGER PRETTY SURE

Question #38 - Dump answer:B, Possible Correct Answer: A?MY ANSWER: INTERSIGHT IS CORRECT

Question #49 - Dump answer:A, Possible Correct Answer: D? MY ANSWER: displays the impact of the upgrade on the operation of the switch

Question #52 - Dump answer:C, Possible Correct Answer: A?MY ANSWER : LOGICAL CONFIGURATION

Question #53 - Dump answer:B, Possible Correct Answer: D? MY ANSWER: NOT SURE

Question #79 - Dump answer:C, Possible Correct Answer: D? MY ANSWER: NOT SURE, I PICKED C

 

 

 

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...