Mastering the CCIE Evolving Technologies Section Sample Questions

May 29, 2017 at 3:34 pm

Evolving

Here is a sample quiz using sample questions from my latest book – Mastering the CCIE Evolving Technologies Section. Have fun and good luck!

Mastering the CCIE Evolving Technologies Section

Start
Congratulations - you have completed Mastering the CCIE Evolving Technologies Section. You scored %%SCORE%% out of %%TOTAL%%. Your performance has been rated as %%RATING%%
Your answers are highlighted below.
Return
Shaded items are complete.
12345
6End
Return

My Next Book! Mastering the CCIE Evolving Technologies Section

April 28, 2017 at 8:20 pm

CCIE Evolving Technologies

You asked for it! You got it! Terry Vinson and I are putting together an e-book (and print) for you to master this section in most of the CCIE Written Exams. I have received more questions about this section of the written exams than any other topic (pretty much ever!)

Since Cisco Systems announced these new additions to the already brutally difficult written exams, students have been in a bit of a panic about finding the scarce training materials to address these topics.

Our text follows the current blueprint letter for letter. There are plenty of practice questions to build your confidence, and no topic is left unexplored.

Thanks to Amazon.com, we are able to bring this product to you for a price that makes sense – the e-book version will be just $9.99!

Note this text arrives quickly – our current publication date is May 31, 2017!

Check Out My Other Books! 

CCIE Evolving Technologies – Cloud Security and Privacy

March 7, 2017 at 5:07 pm

cloud

Cloud Security and Privacy Overview

Here is another post to help you with the new Evolving Technologies section of the written exams for CCIE. This is from the Cloud section, and specifically addresses the Security and Privacy sub-bullet.

The Top Concerns

What should be your top most concerns in this area? Here they are:

  • Secure data transfers – ensuring data travels over IPsec, or similarly protected channels is critical as information moves from your users to private, or public, or hybrid clouds; obviously public and hybrid clouds can present more risk as the Internet is often the medium of transfer.
  • Secure software interfaces – the APIs you and your provider use in your cloud services must also offer security and privacy mechanisms.
  • Secure stored data – for storage in the cloud ecosystem, is your data receiving the security and privacy it requires; what about proper disposal of data by cloud providers?
  • User access control – who has access to your data in the cloud? This is especially critical if your data is maintained by a public provider with users that fall outside of your corporate scope.
  • Data separation – if you are using cloud services in a multi-tenant environment, what techniques are in use to protect data breaches from one organization to another.

Cloud Security Controls

These tend to fall into these categories:

  • Deterrent controls – intended to reduce attacks on a cloud system. Much like a warning sign on a fence or a property, deterrent controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed.
  • Preventive controls – strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified.
  • Detective controls – intended to detect and react appropriately to any incidents that occur. In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue. System and network security monitoring, including intrusion detection and prevention arrangements, are typically employed to detect attacks on cloud systems and the supporting communications infrastructure.
  • Corrective controls – reduce the consequences of an incident, normally by limiting the damage. They come into effect during or after an incident. Restoring system backups in order to rebuild a compromised system is an example of a corrective control.

Pearson Education (InformIT)

CCIE Evolving Technologies – Cloud Performance and Reliability

February 8, 2017 at 2:39 pm

Evolving

Here is my latest installment in the complimentary CCIE Evolving Technologies training that all candidates must master for any CCIE written exam.

CCIE Evolving Technologies – Cloud Performance

Cloud technologies can cause great enhancements in the performance of your enterprise IT needs, or, they can cause nightmares. Understand that due to virtualization, contention for cloud resources, if not properly managed (especially in multitenant environments) can make performance unacceptable.

There are numerous public cloud providers who sell cloud server instances, typically by the hour and priced based on the memory (DRAM) size of the instance. In such an environment, an 8 Gbyte instance might cost roughly eight times as much as a 1 Gbyte instance. Other resources, such as CPUs, are scaled and priced according to the memory size.

The result can be a consistent price/performance ratio, with some discounts to encourage the use of larger systems. Some providers allow you to pay a premium for a larger allotment of CPU resources (a “high-CPU instance”). Other resource usage may also be monetized, such as network throughput and storage.

Cloud technologies provide the unique ability for dynamic capacity allocation. Companies can increase server instances as needed, in reaction to real load. This can also be done automatically via the cloud API, based on metrics from performance monitoring software. A small business or start-up can grow from a single small instance to thousands, without a detailed capacity planning study as would be expected in enterprise environments.

Storage in the cloud can be an area of concern since when compared to local disk, performance can vary considerably. As a result, some storage services allow an IOPS rate to be purchased when reliable performance is desired.

Fortunately, OS virtualization features great enhancements in performance. Have you ever virtualized Windows, providing the bare minimum of required RAM and witnessed it outperform tradition systems installs with dramatically more RAM. This is an excellent aspect of cloud computing.

CCIE Evolving Technologies – Cloud Reliability

While cloud performance is quite tricky and can be a risk or great reward, reliability thanks to the cloud, tends to be a much more reward based proposition.

Contingency planning efforts for continuity of operations and disaster recovery are concerned with designing and implementing cloud architectures that provide run-time reliability, operational resiliency, and automated recovery when interruptions are encountered, regardless of origin.

The technologies features in IT clouds today help ensure this and include:

  • Resource Pooling
  • Resource Reservation
  • Hypervisor Clustering
  • Redundant Storage

While these technologies address basic failover and availability demands, more specialized and complex approaches include:

  • Dynamic Failure Detection and Recovery
  • Zero Downtime

These help establish resilient cloud architectures that act as pillars for enterprise cloud solutions.

CCENT ICND1 100-105 Exam Cram Premium Edition and Practice Test

Evolving Technologies – Scripting

January 2, 2017 at 5:00 pm

scripting

Network management tools often create more frustration for network engineers than problem they can solve. This is true for a number of reasons, including:

  • Many of them are difficult to install and maintain
  • They are often proprietary and support only a single vendor
  • They often lack scalability and reliability

As a result, many engineers give up and instead rely on the command-line interface (CLI) to manage individual switches. An increasing number of network engineers stretch the limitations of those tools by writing scripts in TCL, Perl, Python or other languages.

Of course these engineers are not writing sophisticated software, just scripts that allow them to scale certain tasks, such as reconfiguring multiple switches using a screen scraping of CLI commands.

Scripting is a critical component of many Software Defined Networking (SND) implementations – including that of Cisco Systems with the Application Centric Infrastructure (ACI).

We know that in this technology, Cisco likes to use REST as the Northbound API. Yet Cisco engineers prefer to use Python instead of sending plain vanilla REST calls. This is because Python allows the parsing of command line options and configurations. Of course it is possible to use Python with sample scripts to turn XML into REST calls, but this approach requires formatting the XML configuration files according to the ACI object model. This results in scripts that are shared requiring administrators to have knowledge of this ACI object model.

The Python SDK for ACI permits the creation of scripts with configuration files and command line options that anyone skilled in networking can use. The ACI SDK provides models that enable you to perform all the operations that the Cisco ACI fabric offers with several advantages:

  • Python can parse configuration files in whichever format you prefer
  • The SDK APIs can be identical over time, while the specific format of the XML object model can change
  • You can perform more sophisticated conditional operations, string manipulations, etc

Evolving Technologies – Northbound vs. Southbound Protocols

December 26, 2016 at 8:02 pm

This is another post from my ongoing series here at AJSNetworking regarding Evolving Technologies. This addresses the Evolving Technologies section of the CCIE Written Exams. The complete list of topics and my previous posts can be found here:

Free Evolving Technologies Training!

I think the best way to get a handle on the location of the Northbound and Southbound protocols  is to actually see them in relation to the other components. Remember, when we say network programmability, you should think Software Defined Networking (SDN). Figure 1 below makes this clear:

 Figure 1Evolving

Notice the “Northbound” APIs (protocols) communicate between your network management station running its network apps and the SDN controller. The “Southbound” APIs occur between the controller and the actual network devices themselves.

Northbound APIs

For the Northbound APIs, Cisco likes to use REST-based APIs. What is a REST-based API? A REST API, or an API that is RESTful (adheres to the constraints of REST) follows six constraints:

  • Client-Server – exists to maximize the portability of server-side functions to other platforms. This means that completely different applications, even in different languages, can use the same functions in a REST API.
  • Stateless – all state is kept client-side. The server does not retain any record of client state; results in a much more efficient SDN controller
  • Caching – just like cookies in your web browser. It is a good idea for the client to maintain a local copy of information that is commonly used; this improves performance and scalability.
  • Layered System – a REST API must be built in a way that a client interacts with it’s neighbor and does not need to see “beyond” that neighbor.
  • Uniform Interface – no matter the information retrieved, the method by which it is presented is always consistent.
  • Code-on-Demand – to transmit working code inside an API call.

A REST API is often just a Web server that accepts HTTP POSTs, GETs. These requests typically contain standard elements like XML, JSON, SOAP, or others.

Southbound APIs

What is common for the Southbound APIs? Cisco loves to keep it simple with the Command Line Interface (CLI) and Simple Network Management Protocol (SNMP).

Certainly the most well-known Southbound API is OpenFlow, but obviously there are other options available and in development. The Network Configuration Protocol (NetConf) uses Extensible Markup Language (XML) to communicate with the switches and routers to install and make configuration changes. Lisp, also promoted by ONF, is available to support flow mapping. In addition, there are more established networking protocols finding ways to run in an SDN environment, such as OSPF, MPLS, BGP, and IS-IS.

Happy Holidays and IT Training!

December 25, 2016 at 5:28 pm

Happy Holidays to all my faithful blog followers here at AJSNetworking.com. Thank you so much for another incredible year of fun and interesting comments and discussions regarding mainly IT Training. 🙂

IT Training

My Holiday gift to many of you this year is to finally get after my Free Evolving Technologies Training as I promised. This is that new section of every CCIE Written Exam that is causing great stress for many candidates. Stress not. I will do the hard work of finding the correct documentation and detailing it for you on every topic on this list!

Something else I will be doing more than ever per reader request is many more quizzes here at the site. These will run the gamut from Cisco to Juniper to Microsoft and more and will cover all levels of professional certification.

If you are interested in my non-free IT Training stuff 🙂 here is a run down of what I am currently working on this Holiday Season:

  • The Exam 70-698 Installing and Configuring Windows 10 Course for CBT Nuggets; this course features Nugget-based Hands On Labs so you can follow along with me in a Windows 10 Pro environment as you enjoy your IT Training! There are about 46 Nuggets complete and up there at the moment. The total course will be close to 80 Nuggets and completes around 1/13/2017. All of the Nuggets are uploaded by that date, it just takes some time for the video reviewers to watch and approve them.
  • Mastering Agile Project Management is most likely my next course for CBT Nuggets; then I will be looking to hit some key Router and Switch Technologies for you like QoS and Multicast and the like. These topics appear in more professional certifications than ever before (as they should) and there seems to be a drought of great training in these areas.
  • My CCENT ICND1 100-105 Exam Cram, 3rd Edition arrives in print on December 30, 2016 just in time for the new year! You will love this text. Keith Barker was the Tech Editor and we created a work of art here when it comes to your exam success. use the link at the bottom of this blog post for a nice discount on your order!
  • My CCNA Routing and Switching 200-125 Exam Cram, 5th Edition arrives in print on March 1, 2017 (or sooner). Again, Keith Barker helped me create an incredibly laser focused and concise guide to exam success.
  • My MCSA 70-740 Cert Guide: Installation, Storage, and Compute with Windows Server 2016 (Certification Guide) arrives in print around March 2017 and features critical and hard to find documentation on this exciting new Server Operating System from Microsoft. The goal in this text is to get you up and running in production data centers with the new OS, but also to ensure the exam is a manageable and pleasant experience! This can be a challenge when it comes to Microsoft Certs to say the least!

Thanks again for visiting my site – and of course – HAPPY HOLIDAYS!

The CCENT/ICND1 Exam Cram for 100-105icon

Port Security Basics

December 15, 2015 at 11:40 pm

Security

Overview:

Catalyst switch port security is so often recommended. This is because of a couple of important points:

  • There are many attacks that are simple to carry out at Layer 2.
  • There tends to be a gross lack of security at Layer 2.
  • Port Security can guard against so many different types of attacks. Just a few to mention are MAC flooding, MAC spoofing, and rouge DHCP and APs.

There are often two main points that are confusing for engineers about this feature, however.

1.What is Sticky Learning and how does it work?

2.What is the difference between the different violation modes and how can I remember them?

Port Security Sticky Learning:

Sticky learning is a convenient way to set static MAC address mappings for MAC addresses that you allow on your network. What you do is confirm that the correct devices are connected to the appropriate switch ports. You then turn on sticky learning and the port security feature itself, for example:

switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security

Now what happens is the 2 MAC addresses for the two devices you trust (perhaps an IP Phone and a PC) are dynamically learned by the switch. The switch automatically writes static port security entries in the running configuration for those two devices. All you have to do is save the running configuration, and poof, you are now configured with the powerful static MAC port security feature.

Please note that it is easy to forget to actually turn on port security after setting the parameters. This is what the third line is doing in the configuration above. Always use your show port-security commands to confirm you remembered this important step of the process!

This post continues – be sure to click Read More below!

E-Book Deal of the Day!icon