Home > Automation Questions

Automation Questions

March 16th, 2020 in ENCOR 350-401 Go to comments

Question 1

Explanation

Ansible can communicate with modern Cisco devices via SSH or HTTPS so it does not require an SSH server -> Answer B is not correct.

An Ansible ad-hoc command uses the /usr/bin/ansible command-line tool to automate a single task on one or more managed nodes. Ad-hoc commands are quick and easy, but they are not reusable -> It is not a requirement either -> Answer C is not correct.

Ansible Tower is a web-based solution that makes Ansible even more easy to use for IT teams of all kinds. But it is not a requirement to run Ansible -> Answer D is not correct.

Therefore only answer A is the best choice left. An Ansible controller (the main component that manages the nodes), is supported on multiple flavors of Linux, but it cannot be installed on Windows.

Question 2

Explanation

When a device boots up with the startup configuration, the nginx process will be running. NGINX is an internal webserver that acts as a proxy webserver. It provides Transport Layer Security (TLS)-based HTTPS. RESTCONF request sent via HTTPS is first received by the NGINX proxy web server, and the request is transferred to the confd web server for further syntax/semantics check.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/168/b_168_programmability_cg/RESTCONF.html

The https-based protocol-RESTCONF (RFC 8040), which is a stateless protocol, uses secure HTTP methods to provide CREATE, READ, UPDATE and DELETE (CRUD) operations on a conceptual datastore containing YANG-defined data -> RESTCONF only uses HTTPs.

Note: In fact answer C is also correct:

RESTCONF servers MUST present an X.509v3-based certificate when establishing a TLS connection with a RESTCONF client. The use of X.509v3-based certificates is consistent with NETCONF over TLS.

Reference: https://tools.ietf.org/html/rfc8040

But answer A is still a better choice.

Question 3

Explanation

RESTCONF operations include OPTIONS, HEAD, GET, POST, PATCH, DELETE.

Question 4

Question 5

Explanation

An EEM policy is an entity that defines an event and the actions to be taken when that event occurs. There are two types of EEM policies: an applet or a script. An applet is a simple form of policy that is defined within the CLI configuration. A script is a form of policy that is written in Tool Command Language (Tcl).

There are two ways to manually run an EEM policy. EEM usually schedules and runs policies on the basis of an event specification that is contained within the policy itself. The event none command allows EEM to identify an EEM policy that can be manually triggered. To run the policy, use either the action policy command in applet configuration mode or the event manager run command in privileged EXEC mode.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/eem/configuration/xe-3s/eem-xe-3s-book/eem-policy-cli.html

Question 6

Explanation

EEM offers the ability to monitor events and take informational or corrective action when the monitored events occur or reach a threshold. An EEM policy is an entity that defines an event and the actions to be taken when that event occurs. There are two types of EEM policies: an applet or a script. An applet is a simple form of policy that is defined within the CLI configuration.

To specify the event criteria for an Embedded Event Manager (EEM) applet that is run by sampling Simple Network Management Protocol (SNMP) object identifier values, use the event snmp command in applet configuration mode.
event snmp oid oid-value get-type {exact | next} entry-op operator entry-val entry-value [exit-comb {or | and}] [exit-op operator] [exit-val exit-value] [exit-time exit-time-value] poll-interval poll-int-value

+ oid: Specifies the SNMP object identifier (object ID)
+ get-type: Specifies the type of SNMP get operation to be applied to the object ID specified by the oid-value argument.
— next – Retrieves the object ID that is the alphanumeric successor to the object ID specified by the oid-value argument.
+ entry-op: Compares the contents of the current object ID with the entry value using the specified operator. If there is a match, an event is triggered and event monitoring is disabled until the exit criteria are met.
+ entry-val: Specifies the value with which the contents of the current object ID are compared to decide if an SNMP event should be raised.
+ exit-op: Compares the contents of the current object ID with the exit value using the specified operator. If there is a match, an event is triggered and event monitoring is reenabled.
+ poll-interval: Specifies the time interval between consecutive polls (in seconds)

Reference: https://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtioseem.html

In particular, this EEM will read the next value of above OID every 5 second and will trigger an action if the value is greater or equal (ge) 75%.

Question 7

Explanation

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

JSON Web Tokens are composed of three parts, separated by a dot (.): Header, Payload, Signature. Therefore, a JWT typically looks like the following:

xxxxx.yyyyy.zzzzz

The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.
The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional data.
To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

Reference: https://jwt.io/introduction/

Question 8

Explanation

When you use the sync yes option in the event cli command, the EEM applet runs before the CLI command is executed. The EEM applet should set the _exit_status variable to indicate whether the CLI command should be executed (_exit_status set to one) or not (_exit_status set to zero).

With the sync no option, the EEM applet is executed in background in parallel with the CLI command.

Reference: https://blog.ipspace.net/2011/01/eem-event-cli-command-options-and.html

Question 9

Question 10

Explanation

YANG (Yet Another Next Generation) is a data modeling language for the definition of data sent over network management protocols such as the NETCONF and RESTCONF.

Question 11

Explanation

The REST API accepts and returns HTTP (not enabled by default) or HTTPS messages that contain JavaScript Object Notation (JSON) or Extensible Markup Language (XML) documents. You can use any programming language to generate the messages and the JSON or XML documents that contain the API methods or Managed Object (MO) descriptions.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/b_Cisco_APIC_REST_API_Configuration_Guide_chapter_01.html

Question 12

Explanation

This JSON can be written as follows:

{
   "switch": {
      "name": "dist1",
      "interfaces": ["gig1", "gig2", "gig3"]
   }
}
Comments
  1. Ciscolad
    March 18th, 2020

    Question 3

    Which two operations are valid for RESTCONF? (Choose two)
    A. HEAD
    B. REMOVE
    C. PULL
    D. PATCH
    E. ADD
    F. PUSH

    should A and D with the given explanation: RESTCONF operations include OPTIONS, HEAD, GET, POST, PATCH, DELETE.

  2. Ciscolad
    March 18th, 2020

    Question 5

    Which method creates an EEM applet policy that is registered with EEM and runs on demand or manually?
    A. event manager applet ondemand
    event register
    action 1.0 syslog priority critical msg ‘This is a message from ondemand’

    B. event manager applet ondemand
    event manual
    action 1.0 syslog priority critical msg ‘This is a message from ondemand’

    C. event manager applet ondemand
    event none
    action 1.0 syslog priority critical msg ‘This is a message from ondemand’

    D. event manager applet ondemand
    action 1.0 syslog priority critical msg ‘This is a message from ondemand’

    Answer: A

    Should be C – The event none command allows EEM to identify an EEM policy that can be manually triggered. To run the policy, use either the action policy command in applet configuration mode or the event manager run command in privileged EXEC mode.

  3. digitaltut
    March 19th, 2020

    @Ciscolad: Yes, thanks for your detection, we have just fixed them!

  4. brad
    March 19th, 2020

    @ Ciscolad

    I agree with you for Q3, correct answer A and D

  5. Ciscolad
    March 19th, 2020

    No worries guys, glad to help and contribute :)

  6. geek
    April 21st, 2020

    Q2.
    NGINX is an internal webserver that acts as a proxy webserver. It provides Transport Layer Security (TLS)-based HTTPS. RESTCONF request sent via HTTPS is first received by the NGINX proxy web serve,r and the request is transferred to the confd web server for further syntax/semantics check.

    Source:
    https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/171/b_171_programmability_cg/restconf_protocol.html

  7. Anonymous
    July 22nd, 2020

    Question 6 :
    What does this EEM applet event accomplish?
    “event snmp oid 1.3.6.1.3.7.1.5.1.2.4.2.9 get-type next entry-op go entry-val 75 poll-interval 5”
    A. It issues email when the value is greater than 75% for five polling cydes
    B. It reads an SNMP variable, and when the value exceeds 75%, it triggers an action GO
    C. It presents a SNMP variable that can be interrogated
    D. Upon the value reaching 75%, a SNMP event is generated and sent to the trap server

    how come to have go as a word here, i think should be here operator not a go maybe ge.
    could you please review the question

  8. digitaltut
    August 4th, 2020

    @Anonymous: Thanks for your detection, it should be “ge” not “go”. We updated Q.6.

  9. favian
    August 20th, 2020

    son todas las preguntas?

  10. Chuck Norris
    August 20th, 2020

    Which requirement for an Ansible-managed node is true?

    A. It must be a Linux server or a Cisco device
    B. It must have an SSH server running
    C. It must support ad hoc commands.
    D. It must have an Ansible Tower installed

    Answer I believe is B. While it is true Ansible cannot be installed on Windows machine, it cannot also be installed on Cisco cisco device so A is wrong. However for All Ansible managed host i.e cisco device, windows device, etc, SSH must be running to manage them. This is one of those sneaky ones by Cisco I believe

  11. no-name
    September 14th, 2020

    Chuck Norris,
    I think so.

    Cert guide says:
    Ansible is an agentless tool. …
    Ansible communicates using SSH for a majority of devices, and it can support Windows Remote Management (WinRM) and other transport methods to the clients it manages. In addition, Ansible doesn’t need an administrative account on the client.

    B looks correct to me as well.

  1. No trackbacks yet.