Free Practice Questions for Cisco 500-470 Exam

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-2/user_guide/b_dnac_ug_1_2/b_dnac_ug_1_2_chapter_010010.pdf

The workflow that is necessary for setting up a network hierarchy is Design. The Design area is where you create the structure and framework of your network, including the physical topology, network settings, and device type profiles that you can apply to devices throughout your network. You can create a network hierarchy that represents your network’s geographical locations, such as sites, buildings, and floors. You can also define global network settings, such as device credentials, IP address pools, service provider profiles, and network servers. You can also create network profiles, which are collections of design settings that you can assign to devices based on their roles and functions1.

References:

 1: [Cisco DNA Center User Guide, Release 2.2.3 - Design Network Hierarchy and Settings [Cisco DNA Center] - Cisco]

The maximum number of concurrent endpoints with a distributed deployment depends on the type of deployment and the hardware used. According to the Cisco documentation1, there are two types of distributed deployments: hybrid and dedicated.

A hybrid deployment is where the Policy Administration Node (PAN) and the Monitoring Node (MnT) personas are co-located on the same node, and the Policy Service Node (PSN) persona is distributed across multiple nodes. A hybrid deployment can support up to 20,000 concurrent endpoints with a maximum of 5 PSNs on SNS-36xx or SNS-35xx hardware.

A dedicated deployment is where the PAN, MnT, and PSN personas are separated on different nodes. A dedicated deployment can support up to 500,000 concurrent endpoints with a maximum of 50 PSNs on SNS-36xx or SNS-35xx hardware.

The main difference between the hybrid and dedicated deployments is the scalability and redundancy of the MnT persona, which collects and stores the logs and sessions from the PSNs. By breaking the PAN and MnT roles out on to their own servers, the dedicated deployment can handle more concurrent endpoints and PSNs, as well as provide failover and load balancing for the MnT persona2

References :=

Performance and Scalability Guide for Cisco Identity Services Engine

Solved: ISE concurrent connections query - Cisco Community

According to the Cisco DNA Center Compatibility Matrix1, the current DNA-C 1.1 release supports the following wireless product families:

WLC 8540: This is a high-performance wireless controller that can support up to 6000 access points and 64,000 clients. It is designed for large-scale wireless deployments and offers advanced features such as application visibility and control, flexible radio assignment, and software-defined access2.

AP 3800: This is a high-performance access point that can support up to 5.2 Gbps data rates and 4x4 MIMO with four spatial streams. It is designed for high-density environments and offers features such as flexible radio assignment, CleanAir, ClientLink, and Smart Antenna Connector3.

WLC 3504: This is a compact wireless controller that can support up to 150 access points and 3000 clients. It is designed for small to medium-sized wireless deployments and offers features such as application visibility and control, software-defined access, and TrustSec4.

The other wireless product families, such as AP 1260 and WLC 5508, are not supported in the current DNA-C 1.1 release.

References:

: Cisco DNA Center Compatibility Matrix

: Cisco 8540 Wireless Controller Data Sheet - Cisco

: Cisco Aironet 3800 Series Access Points Data Sheet - Cisco

: Cisco 3504 Wireless Controller Data Sheet - Cisco

 Fabric overlay concepts are related to the creation of a virtual network topology on top of a physical network infrastructure. The overlay network is usually designed to provide services or features that are not directly supported by the underlay network, such as network segmentation, mobility, or security. Some of the fabric overlay concepts are:

An overlay is a logical topology: An overlay network is a network that is built on top of another network using software or hardware devices that encapsulate and decapsulate packets. The overlay network creates a logical topology that is independent of the physical topology of the underlay network. The overlay network can span multiple Layer 2 or Layer 3 domains and provide end-to-end connectivity for the overlay endpoints. An example of an overlay network is a VPN that connects remote sites over the Internet.

GRE is a type of overlay: Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets of one protocol type within another protocol type. GRE is used to create tunnels between devices that can carry different types of traffic, such as IP, IPv6, MPLS, or Ethernet. GRE is a type of overlay network that can be used to extend Layer 2 or Layer 3 connectivity across different networks or to provide a secure and private communication channel. An example of a GRE overlay network is a DMVPN that uses GRE tunnels to connect branch offices to a central hub over the Internet.

An overlay uses alternate forwarding attributes: An overlay network uses different attributes or identifiers to forward packets than the underlay network. The overlay network adds specific headers or tags to the packets that contain information about the overlay endpoints, such as their logical addresses, group memberships, or policies. The overlay devices use these attributes to forward packets based on the overlay topology and services, rather than the underlay topology and protocols. The underlay devices are unaware of the overlay attributes and forward packets based on the underlay headers. An example of an overlay network that uses alternate forwarding attributes is a VXLAN network that uses VNIs to segment traffic and provide Layer 2 connectivity over a Layer 3 network.

The other options, Intermediate System to Intermediate System (IS-IS), a virtual Local Area Network (VLAN), and a link state routing protocol like OSPF, are not fabric overlay concepts. IS-IS and OSPF are routing protocols that are used to exchange routing information and build the routing table of the underlay network. A VLAN is a Layer 2 segmentation technique that divides a physical network into logical subnets based on the switch port membership. A VLAN is not an overlay network, but it can be part of the underlay network or the overlay network, depending on the design. References := : Fabric Technologies and Overlays - Cisco Learning Network1, What Is a Network Fabric? - Cisco2

 DNA Center is the central point of management for SD-Access. It provides a graphical user interface (GUI) to design, provision, and monitor the SD-Access fabric. DNA Center also offers various service applications that leverage the network data and analytics to provide insights, automation, and assurance for the network and the applications running on it. DNA Center does not perform the functions of identifying and authenticating endpoints, which are handled by ISE; nor does it act as the point of exchange of reachability and policy for two domains, which are the roles of the border nodes and the control plane nodes; nor does it maintain a database of endpoint IDs to fabric edge nodes, which is the function of the LISP mapping system. References:

: Cisco DNA Center User Guide, Release 2.2.2.0, Chapter 1: Introduction to Cisco DNA Center, https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-2-2-0/user_guide/b_cisco_dna_center_ug_2_2_2_0/b_cisco_dna_center_ug_2_2_2_0_chapter_01.html

: Cisco SD-Access Design Guide, Release 2.2.2.0, Chapter 2: SD-Access Fabric Design, https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/sda-design-guide-2-2-2-0.html#_Toc67188638

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/sd-wan/nb-07-clo ud-router-data-sheet-cte-en.pdf

A vEdge Cloud Router is a virtualized version of the vEdge router that can be deployed in various cloud environments. According to the Cisco vEdge Cloud Data Sheet1, the vEdge Cloud Router can be instantiated as a virtual machine (VM) on a KVM hypervisor or as a VM on a VMware ESXi hypervisor, as well as in public cloud environments, such as Amazon AWS or Google Cloud Platform. Therefore, the two platforms that can host a vEdge Cloud Router are AWS and Microsoft Azure.

References:

 1: [Solutions - Cisco vEdge Cloud Data Sheet - Cisco]

The 4D Training is a methodology that helps Systems Engineers and Field Engineers to understand and sell Cisco Enterprise Networks solutions, such as SD-Access, SD-WAN, and ISE. The 4D stands for Discovery, Design, Demonstrate, and Defend12. These are the four phases of the sales cycle that the training covers, with each phase having specific objectives, activities, and outcomes.

Discovery: This phase involves identifying the customer’s needs, challenges, goals, and opportunities, as well as the current state of their network. The objective is to establish a trusted relationship with the customer and uncover their pain points and requirements. The activities include conducting interviews, surveys, assessments, and audits. The outcome is a clear understanding of the customer’s business and technical drivers, as well as their readiness and willingness to adopt Cisco solutions.

Design: This phase involves creating a high-level solution architecture that meets the customer’s needs and aligns with their vision. The objective is to demonstrate the value proposition and benefits of Cisco solutions, as well as the differentiation from the competition. The activities include developing use cases, scenarios, diagrams, and presentations. The outcome is a compelling and customized solution design that addresses the customer’s challenges and opportunities.

Demonstrate: This phase involves showing the capabilities and features of Cisco solutions in action, using live or simulated environments. The objective is to validate the solution design and showcase the advantages and benefits of Cisco solutions, as well as the ease of deployment and operation. The activities include conducting demos, proofs of concept, pilots, and trials. The outcome is a positive customer experience and feedback, as well as a confirmation of the solution fit and feasibility.

Defend: This phase involves addressing the customer’s objections, concerns, and questions, as well as overcoming any barriers or risks that may prevent the deal closure. The objective is to reinforce the value proposition and benefits of Cisco solutions, as well as the trust and credibility of Cisco as a partner. The activities include providing references, testimonials, case studies, and best practices. The outcome is a successful deal closure and customer satisfaction.

Therefore, the definition that is not part of the 4D Training is Deploy, which is not one of the four phases of the sales cycle that the training covers.

References:

 1: [500-470 ENSDENG - Cisco] : 2: [500-490 ENDESIGN - Cisco]

 A WAN design is a plan for how to connect multiple sites or locations over a wide area network (WAN). A WAN design can have various benefits, depending on the goals and requirements of the organization. Two of the possible benefits from a WAN design are:

Ensure remote site uptime: A WAN design can help to ensure that remote sites or branches have reliable and consistent connectivity to the central site or the cloud. This can improve the availability and performance of critical applications and services, such as voice, video, collaboration, and data backup. A WAN design can also provide redundancy and resiliency in case of network failures or disasters, by using multiple WAN links, backup routes, or failover mechanisms. For example, SD-WAN is a WAN design that uses software to dynamically route traffic over the best available WAN link, based on the network conditions and the application requirements1.

Prioritize and secure with granular control: A WAN design can also help to prioritize and secure the traffic and applications that flow over the WAN. This can enhance the quality of service (QoS) and the security of the network. A WAN design can use various techniques, such as traffic shaping, policy-based routing, encryption, firewall, or VPN, to classify, prioritize, and secure the WAN traffic according to the business needs and the security policies. For example, TrustSec is a WAN design that uses software-defined segmentation to enforce granular access policies based on the identity and context of users, devices, and applications2.

The other options, provide lower quality service to guest users, reduce cost and increase operational complexity, and lower circuit bandwidth requirements, are not benefits from a WAN design. Providing lower quality service to guest users is not a desirable outcome, as it can affect the user experience and the reputation of the organization. Reducing cost and increasing operational complexity is a trade-off that may not be worth it, as it can create more challenges and risks for the network management and maintenance. Lowering circuit bandwidth requirements is not a benefit in itself, but a means to achieve other benefits, such as reducing cost or improving performance. A WAN design should aim to optimize the bandwidth utilization and allocation, rather than simply lowering it. References := : 1: Cisco SD-WAN Solution Design Guide (CVD) - Cisco1, 2: Cisco TrustSec Solution Overview - Cisco

Self-healing functionality on vEdges refers to the ability of the vEdge routers to recover from failures or errors that affect their connectivity or performance. Two examples of self-healing functionality on vEdges are:

In software upgrade process, rolling back to the previously running software image when connectivity to vManage fails: When a vEdge router is upgraded to a new software version, it maintains a backup copy of the previous software image and configuration. If the vEdge router loses connectivity to the vManage controller during or after the upgrade process, it automatically reboots and restores the previous software image and configuration. This ensures that the vEdge router can resume its normal operation and reconnect to the vManage controller1.

With configuration change, rolling back the configuration change when loss of connectivity to vManage: When a vEdge router receives a configuration change from the vManage controller, it applies the change and verifies the connectivity to the vManage controller. If the vEdge router detects that the configuration change has caused a loss of connectivity to the vManage controller, it automatically reverts the configuration change and restores the previous configuration. This prevents the vEdge router from being isolated from the vManage controller and the rest of the SD-WAN fabric2.

References:

: Software Upgrade for vEdge Routers - Viptela Documentation

: Configuration Rollback - Viptela Documentation