Monthly Archives: October 2020

Cisco, Tech

600-660 Implementing Cisco Application Centric Infrastructure – Advanced (300-630 DCACIA)

Exam overview
This exam tests a candidate’s advanced knowledge and skills of Cisco switches in ACI mode including configuration, implementation, management, and troubleshooting.

Our authorized Learning Partners teach instructor-led classes around the world. For this exam, we recommend:

Implementing Cisco Application Centric Infrastructure – Advanced (DCACIA) – coming soon

Exam Description
Implementing Cisco Application Centric Infrastructure – Advanced v1.0 (DCACIA 300-630) is a 90-minute exam associated with the Cisco Certified Specialist – ACI Advanced Implementation certification. This exam tests a candidate’s advanced knowledge and skills of Cisco switches in ACI mode including configuration, implementation, management, and troubleshooting. The course, Implementing Cisco Application Centric Infrastructure – Advanced (DCACIA), helps candidates prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.


1.0 ACI Packet Forwarding 20%
1.1 Describe packet forwarding between leafs (VxLAN)
1.2 Implement server NIC teaming with ACI
1.3 Implement endpoint learning optimizations (local/remote endpoint, limit IP subnet, enforce subnet check, IP dataplane leaning option in VRF, loop detection, and rogue EP)

2.0 Advanced ACI Policies and Integrations 25%
2.1 Implement Layer 3 out transit routing
2.2 Utilize common tenant
2.3 Implement VRF route leaking
2.4 Implement Layer 3 out VRF route leaking
2.5 Implement contracts (pcTag, global pcTab, contract priorities, taboo, and deny filter)
2.6 Implement Layer 4 through Layer 7 PBR (including use cases)

3.0 Multipod 20%
3.1 Implement IPN
3.2 Describe packet flow between pods
3.3 Describe firewall and load balancer design with multipod
3.4 Implement service graph with multipod

4.0 Multisite 20%
4.1 Implement Multi-Site Orchestrator
4.2 Implement ISN
4.3 Describe stretched component options
4.4 Describe communication across sites

5.0 Traditional network with ACI 15%
5.1 Describe network-centric and application-centric designs
5.2 Describe STP BPDU handling in ACI (FD-VNID and VLAN pool consideration)
5.3 Describe migration considerations

QUESTION 1
Which approach does Cisco ACI use to achieve multidestination packet forwarding between leaf switches in the same fabric?

A. Map VXLAN VTEP to the multicast group
B. Map VXLAN to PIM-SM protocol
C. Map VXLAN VNI to the multicast group
D. Map VXLAN to PIM-DM protocol

Answer: C

QUESTION 2
What does the VXLAN source port add to the overlay packet forwarding when it uses the hash of Layer 2, Layer 3, and Layer 4 headers of the inner packet?

A. ECMP
B. TCP optimization
C. disabled fragmentation
D. jumbo frames

Answer: A

QUESTION 3
Which two actions are the Cisco best practices to configure NIC teaming load balancing for Cisco UCS B-Series blades
that are connected to the Cisco ACI leaf switches? (Choose two.)

A. Create vPC+
B. Enable LACP active mode
C. Create PAgP
D. Create vPC
E. Enable MAC pinning

Answer: B,E

QUESTION 4
An engineer must limit local and remote endpoint learning to the bridge domain subnet. Which action should be taken inside the Cisco APIC?

A. Disable Remote EP Learn
B. Enable Enforce Subnet Check
C. Disable Endpoint Dataplane Learning
D. Enable Limit IP Learning to Subnet

Answer: B

QUESTION 5
What is the purpose of the Forwarding Tag (FTAG) in Cisco ACI?

A. FTAG is used in Cisco ACI to add a label to the iVXLAN traffic in the fabric to apply the correct policy.
B. FTAG is used in Cisco ACI to add a label to the VXLAN traffic in the fabric to apply the correct policy.
C. FTAG trees in Cisco ACI are used to load balance unicast traffic.
D. FTAG trees in Cisco ACI are used to load balance mutli-destination traffic.

Answer: D

Actualkey Cisco 600-660 exam pdf, Certkingdom Cisco 600-660 PDF

MCTS Training, MCITP Trainnig

Best Cisco 600-660 Certification, Cisco 600-660 Training at certkingdom.com

Tech

NSE5_FMG-6.2 FortiManager 6.2

Exam series: NSE5_FMG-6.2
Number of questions: 35
Time allowed to complete: 70 minutes
Language: English and Japanese
Product version: FortiManager 6.2
Status: Available

NSE 5 – FortiGate Network Security Management and Analysis

NSE 5 Description

The FortiGate Security Management and Analysis NSE 5 designation identifies your ability to use the FortiManager and FortiAnalyzer to provide Network Analysis and Reporting.

NSE 5 Program Requirements

Completion of the NSE 5 exam at a Pearson Vue test center*

* The FortiManger and FortiAnalzyer courses are no longer required but highly recommended.

Who Should Attempt the NSE 5

Post-sales and support personnel who want acknowledgement that they are a Network Security Analyst Professional.

Certification
The NSE 5 certification is valid for 2 years.
You can re-certify by fulfilling the current NSE 5 requirements.
About the NSE 5 Exam

Name: NSE 5 – Fortinet Network Security Analyst
Language: English only
Available at: Pearson Vue Test Centers worldwide
Cost: $400
Number of items: 50
Time allowed to complete: 100 minutes total test time
Passing Score: 70%
Scoring Method: Item must be 100% correct for credit, no partial credit. No deduction for incorrect answers.
Type of questions: Multiple Choice, Multiple Select
Time required between attempts: 15 days
Time for acknowledgement/score to be reflected in FLC transcripts: 21 days

How to Enroll in NSE 5 Certification Training
To enroll in the NSE 5 you must have an account on the Fortinet Learning Center (FLC). If you are a partner, you must enter through the partner portal. You can enroll in the SecureLayers FortiTraining.nl classes here.

Partners must access the FLC via the portals above to receive credit towards your standing with Fortinet.

Once you’ve logged in, go to the catalog entry for NSE 5. You’ll find options for classroom, virtual classroom or self-paced training.

To earn your NSE 5 certificate, you must take and pass the NSE 5 exam at a Pearson Vue test center.

QUESTION 1
Which two statements regarding device management on FortiManager are true? (Choose two.)

A. FortiGate devices in HA cluster devices are counted as a single device.
B. FortiGate in transparent mode configurations are not counted toward the device count on FortiManager.
C. FortiGate devices in an HA cluster that has five VDOMs are counted as five separate devices.
D. The maximum number of managed devices for each ADOM is 500.

Correct Answer: AC

QUESTION 2
An administrator wants to delete an address object that is currently referenced in a firewall policy.
What can the administrator expect to happen?

A. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.
B. FortiManager will not allow the administrator to delete a referenced address object.
C. FortiManager will replace the deleted address object with the all address object in the referenced firewall policy.
D. FortiManager will disable the status of the referenced firewall policy.

Correct Answer: A

QUESTION 3
Which of the purpose of the Policy Check feature on FortiManager?

A. It compares the policy packages with the revision history, and updates policy packages in the ADOM database.
B. It merges and creates dynamic mappings for duplicate objects used in a policy package.
C. It provides recommendation to combine similar policy packages within an ADOM into one single policy package.
D. It provides recommendation for optimizing policies in a policy package.

Correct Answer: D

Actualkey Fortinet NSE5 NSE5_FMG-6.2 exam pdf, Certkingdom Fortinet NSE5 NSE5_FMG-6.2 CIPM PDF

MCTS Training, MCITP Trainnig

Best Fortinet NSE5 NSE5_FMG-6.2 Certification, Fortinet NSE 5 NSE5_FMG-6.2 Training at certkingdom.com