Which statement about RADIUS configuration distribution using Cisco Fabric Services on a Cisco Nexus 7000 Series Switch is true?
A. Cisco Fabric Services does not distribute the RADIUS server group configuration or server and global keys.
B. Enabling Cisco Fabric Services causes the existing RADIUS configuration on your Cisco NX- OS device to be immediately distributed.
C. When the RADIUS configuration is being simultaneously changed on more than one device in a Cisco Fabric Services region, the most recent changes will take precedence.
D. Only the Cisco NX-OS device with the lowest IP address in the Cisco Fabric Services region can lock the RADIUS configuration.
Correct Answer: A

By default it will take 10 seconds for authentication to fail due to an unresponsive RADIUS server before a Cisco Nexus series switch reverts to another RADIUS server or local authentication. What is one efficient way to improve the reaction time to a RADIUS server failure?
A. Decrease the global RADIUS retransmission count to 1.
B. Decrease the global RADIUS timeout interval to 5 seconds.
C. Configure the RADIUS retransmission count and timeout interval per server, versus globally.
D. Configure per server a test idle timer, along with a username and password.
Correct Answer: D

Which statement explains why a Cisco UCS 6200 Fabric Interconnect that is configured in end- host mode is beneficial to the unified fabric network?
A. There is support for multiple (power of 2) uplinks.
B. Upstream Layer 2 disjoint networks will remain separated.
C. The 6200 can connect directly via vPC to a Layer 3 aggregation device.
D. STP is not required on the uplink ports from the 6200.
Correct Answer: D

Which two statements about Cisco Nexus 7000 line cards are true? (Choose two.)
A. M1, M2, and F1 cards are allowed in the same VDC.
B. M line cards are service-oriented and likely face the access layer and provide Layer 2 connectivity.
C. F line cards are performance-oriented and likely connect northbound to the core layer for Layer 3 connectivity.
D. M line cards support Layer 2, Layer 3, and Layer 4 with large forwarding tables and a rich feature set.
E. The F2 line card must reside in the admin VDC.
Correct Answer: AD

Which statement about the Layer 3 card on the Cisco Nexus 5500 Series Switch is true?
A. BGP support is not provided, but RIP, EIGRP, and OSPF support is provided.
B. Up to two 4-port cards are supported with up to 160 Gb/s of Layer 3 forwarding capability.
C. Up to 16 FEX connections are supported.

D. Port channels cannot be configured as Layer 3 interfaces.
Correct Answer: C

Which statement about SNMP support on Cisco Nexus switches is true?
A. Cisco NX-OS only supports SNMP over IPv4.
B. Cisco NX-OS supports one instance of the SNMP per VDC.
C. SNMP is not VRF-aware.
E. Only users belonging to the network operator RBAC role can assign SNMP groups.
Correct Answer: B

Which GLBP load-balancing algorithm ensures that a client is always mapped to the same VMAC address?
A. vmac-weighted
B. dedicated-vmac-mode
C. shortest-path and weighting
D. host-dependent
Correct Answer: D

Which three items must be configured in the port profile client in Cisco UCS Manager? (Choose three.)
A. port profile
C. data center
D. folder
E. vCenter IP address
F. VM port group
Correct Answer: BCD

Refer to the command below. When configuring an SVS connection on the Cisco Nexus 5000 Series Switch, which device is being referenced as the remote IP address? nexus5500-2(config-svs-conn)# remote ip address port 80 vrf management
A. ESX or ESXi host
B. vCenter
C. vPC peer switch
D. Cisco IMC management
Correct Answer: B

On a Cisco Nexus 7000 Series router, which statement about HSRP and VRRP is true?
A. When VDCs are in use, only VRRP is supported.
B. HSRP and VRRP both use the same multicast IP address with different port numbers.
C. HSRP has shorter default hold and hello times.
D. The VRRP group IP address can be the same as the router-specific IP address.

Correct Answer: D

Which protocol is the foundation for unified fabric as implemented in Cisco NX-OS?
A. Fibre Channel
B. Data Center Bridging
C. Fibre Channel over Ethernet
D. N proxy virtualization
E. N Port identifier virtualization
Correct Answer: C

Which statement about RBAC user roles on a Cisco Nexus switch is true?
A. If you belong to multiple roles, you can execute only the commands that are permitted by both roles (logical AND).
B. Access to a command takes priority over being denied access to a command.
C. The predefined roles can only be changed by the network administrator (superuser).
D. The default SAN administrator role restricts configuration to Fibre Channel interfaces.
E. On a Cisco Nexus 7000 Series Switch, roles are shared between VDCs.
Correct Answer: B

Which statement is true if password-strength checking is enabled?
A. Short, easy-to-decipher passwords will be rejected.
B. The strength of existing passwords will be checked.
C. Special characters, such as the dollar sign ($) or the percent sign (%), will not be allowed.
D. Passwords become case-sensitive.
Correct Answer: A

When a local RBAC user account has the same name as a remote user account on an AAA server, what happens when a user with that name logs into a Cisco Nexus switch?
A. The user roles from the remote AAA user account are applied, not the configured local user roles.
B. All the roles are merged (logical OR).
C. The user roles from the local user account are applied, not the remote AAA user roles.
D. Only the roles that are defined on both accounts are merged (logical AND).
Correct Answer: C

After enabling strong, reversible 128-bit Advanced Encryption Standard password type-6 encryption on a Cisco Nexus 7000, which command would convert existing plain or weakly encrypted passwords to type-6 encrypted passwords?
A. switch# key config-key ascii
B. switch(config)# feature password encryption aes
C. switch# encryption re-encrypt obfuscated
D. switch# encryption decrypt type6

Correct Answer: C

Which two security features are only supported on the Cisco Nexus 7000 Series Switches? (Choose two.)
A. IP source guard
B. traffic storm control
D. DHCP snooping
E. Dynamic ARP Inspection
Correct Answer: BF

Which statement about the implementation of Cisco TrustSec on Cisco Nexus 7000 Series Switches is true?
A. While SGACL enforcement and SGT propagation are supported on the M and F modules, 802.1AE (MACsec) support is available only on the M module.
B. SGT Exchange Protocol is required to propagate the SGTs across F modules that lack hardware support for Cisco TrustSec.
C. AAA authentication and authorization is supported using TACACS or RADIUS to a Cisco Secure Access Control Server.
D. Both Cisco TrustSec and 802.1X can be configured on an F or M module interface.
Correct Answer: A

Which statement about implementation of Cisco TrustSec on Cisco Nexus 5546 or 5548 switches are true?
A. Cisco TrustSec support varies depending on Cisco Nexus 5500 Series Switch model.
B. The hardware is not able to support MACsec switch-port-level encryption based on IEEE 802.1AE.
C. The maximum number of RBACL TCAM user configurable entries is 128k.
D. The SGT Exchange Protocol must use the management (mgmt 0) interface.
Correct Answer: B

In the dynamic vNIC creation wizard, why are choices for Protection important?
A. They allow reserve vNICs to be allocated out of the spares pool.
B. They enable hardware-based failover.
C. They select the primary fabric association for dynamic vNICs.
D. They allow dynamic vNICs to be reserved for fabric failover.
Correct Answer: C

How is a dynamic vNIC allocated?
A. Dynamic vNICs are assigned to VMs in vCenter.
B. Dynamic vNICs can only be bound to the service profile through an updating template.
C. Dynamic vNICs are bound directly to a service profile.
D. Dynamic vNICs are assigned by binding a port profile to the service profile.
Correct Answer: C

Which of the following Cisco Nexus features is best managed with DCNM-LAN?
B. Domain parameters
C. Virtual switches
Correct Answer: C

Which Cisco Nexus feature is best managed with DCNM-SAN?
B. domain parameters
C. virtual switches
Correct Answer: B

Which option is a restriction of the unified ports on the Cisco UCS 6200 Series Fabric Interconnect when connecting to the unified fabric network?
A. Direct FC connections are not supported to Cisco MDS switches
B. The FCoE or Fibre Channel port allocations must be contiguous on the 6200.
C. 10-G Fibre Channel ports only use SFP+ interfaces.
D. vPC is not supported on the Ethernet ports.
Correct Answer: B

The Connectivity Management Processor monitors the active supervisor module on a Cisco Nexus 7000 switch and will reboot the device in the event of a lights-out management issue. However, which option includes features that provide similar benefits in the absence of the Connectivity Management Processor?
A. high-availability functionality from features such as vPC and NSF
B. traditional system connectivity models like SNMP, GUI, or SSH
C. Cisco FabricPath
D. VDC failover
Correct Answer: A

Which statement about Cisco FabricPath is true?
A. It is the best solution for interconnecting multiple data centers.
B. It optimizes STP throughout the Layer 2 network.
C. It is a simplified extension of Layer 3 networks across a single data center.
D. The Cisco FabricPath domain appears as a single STP bridge, where each edge port uses the same MAC address.
Correct Answer: D

Which statement about electronic programmable logic device image upgrades is true?
A. EPLD and ISSU image upgrades are nondisruptive.
B. An EPLD upgrade must be performed during an ISSU system or kickstart upgrade.
C. Whether the module being upgraded is online or offline, only the EPLD images that have different
current and new versions are upgraded.
D. You can execute an upgrade or downgrade only from the active supervisor module.
Correct Answer: D

What is the grace period in a graceful restart situation?
A. how long the supervisor waits for NSF replies
B. how often graceful restart messages are sent after a switchover
C. how long NSF-aware neighbors should wait after a graceful restart has started before tearing down adjacencies
D. how long the NSF-capable switches should wait after detecting that a graceful restart has started,
before verifying that adjacencies are still valid
Correct Answer: C
