Cisco 300-540 SPCNI Exam Questions Instant Access

Question 1

How does SR-IOV move data directly to and from the network adapter?

AUsing the STP PortFast

BBypassing the guest operating system

CBypassing the hypervisor

DUsing the STP VLAN root

Answer : C

Comprehensive and Detailed Explanation (Cisco NFVI / Virtualization Knowledge)

SR-IOV (Single Root I/O Virtualization) allows a VM to access the network interface hardware directly, without going through the hypervisor's virtual switch.

This is achieved by:

Assigning Virtual Functions (VFs) directly to VMs

Allowing high-performance, low-latency packet I/O

Bypassing the hypervisor datapath

Therefore, SR-IOV does not bypass the guest OS; it bypasses the hypervisor I/O virtualization layer, delivering near-native performance.

Thus the correct answer is C.

Question 2

Refer to the exhibit.

Refer to the exhibit. An engineer must configure an IPsec VPN connection between site 1 and site 2. The indicated configuration was applied to router R1; however, the tunnel fails to come up. Which command must be run on R1 to resolve the issue?

Aset peer 10.1.0.1

Bset peer 192.168.20.2

Cset peer 192.168.10.1

Dset peer 10.2.0.1

Answer : B

For a site-to-site IPsec VPN, each peer must point to the reachable IP address of the remote VPN endpoint---that is, the IP address on the WAN/Internet-facing interface of the remote router.

From the diagram:

R1 outside (toward Internet): 192.168.10.1

R2 outside (toward Internet): 192.168.20.2

Inside LANs:

Site 1: 10.1.0.0/24

Site 2: 10.2.0.0/24

The crypto map on R1 uses:

crypto map mymap 10 ipsec-isakmp

set transform-set myset

match address 101

set peer <REMOTE_PEER_IP>

The <REMOTE_PEER_IP> must be the IP address where R1 can actually reach the IPsec peer, which is R2's Internet-facing interface 192.168.20.2.

If the peer were configured with a LAN IP such as 10.2.0.1 (site 2's internal gateway), IKE packets would never reach the remote router because that address is not routable over the Internet.

Therefore, the correct command to bring up the VPN is:

set peer 192.168.20.2

Option A (10.1.0.1) -- local LAN IP (R1's side), not the remote endpoint.

Option C (192.168.10.1) -- R1's own WAN IP, not the remote peer.

Option D (10.2.0.1) -- remote LAN IP, not reachable directly over the Internet.

Question 3

Which format is used by Cisco Container Platform for configuration files?

AHTML

BYAML

CXHTML

DXML

Answer : B

Comprehensive and Detailed Explanation

Cisco Container Platform (CCP), built on Kubernetes orchestration, uses YAML files for:

Cluster configuration

Pod definitions

Network settings

Storage mappings

YAML is the industry-standard declarative syntax for Kubernetes and container orchestration platforms.

HTML, XHTML, and XML are not used for CCP configuration.

Question 4

Refer to the exhibit.

Refer to the exhibit. An engineer must configure Cisco IOS SLB for DNS on router R1 to meet these requirements:

The first DNS request to www.ccnp.test

must be redirected to the DNS server at 10.1.1.1;

The second DNS request to www.ccnp.test

must be redirected to the DNS server at 10.2.1.1;

The third DNS request to www.ccnp.test

must be redirected to the DNS server at 10.3.1.1.

In each case, the other two addresses must also be attempted if the first one fails. The indicated configuration was applied to R1; however, the load balancing failed. Which command must be run on R1 to resolve the issue?

Aip domain retry 3

Bip domain round-robin

Cip dns server

Dmaximum-paths 3

Answer : B

On R1 the configuration (simplified) is:

ip domain lookup

ip domain name ccnp.test

ip host www.ccnp.test 10.1.1.1 10.2.1.1 10.3.1.1

The ip host command statically maps the hostname www.ccnp.test

to three IP addresses. By default, Cisco IOS will always return these IP addresses to DNS queries in the same order they are configured (10.1.1.1, then 10.2.1.1, then 10.3.1.1). This means that clients will always attempt 10.1.1.1 first and will not achieve per-query load balancing across all three servers.

To enable DNS-based load balancing so that each successive query rotates the order of the addresses, Cisco IOS provides the command:

ip domain round-robin

This command enables round-robin rotation of multiple A records associated with a single hostname defined by ip host. With this feature enabled:

1st query: response order 10.1.1.1, 10.2.1.1, 10.3.1.1

2nd query: response order 10.2.1.1, 10.3.1.1, 10.1.1.1

3rd query: response order 10.3.1.1, 10.1.1.1, 10.2.1.1

Clients will typically try the first IP address in the list and use the others if the first one fails, exactly matching the requirement.

Why other options are incorrect:

A . ip domain retry 3 controls how many times the router retries DNS queries to a server; it does not control the order of multiple A records.

C . ip dns server turns the router into a DNS server but does not itself provide round-robin behavior for statically defined hosts.

D . maximum-paths 3 is a routing (IP forwarding) parameter for equal-cost multipath, unrelated to DNS resolution.

Question 5

Which type of cyberattack does Cisco Umbrella DNS-layer security effectively help mitigate?

APhishing and malware-based attacks

BDDoS attacks targeting specific servers

CBrute force attacks on user accounts

DAdvanced persistent threats and zero-day exploits

Answer : A

Cisco Umbrella DNS-layer security:

Blocks malicious domains used in phishing, malware, C2 communications, and ransomware

Stops threats before connections are made

Uses DNS-based filtering and threat intelligence

It does not mitigate:

DDoS (needs scrubbing centers)

Brute force login attempts

Zero-day exploits directly

Thus, A is correct.

Question 6

An engineer must design a cloud platform for event-driven applications. The solution must allow micro-sized atomic components to be built, deployed, and run code on demand. Which solution must be used?

ACisco+ Hybrid Cloud for Virtual Desktop Infrastructure

BCisco FaaS

CCisco+ Hybrid Cloud Virtualization

DCisco Intersight

Answer : B

Comprehensive and Detailed Explanation From Cisco Cloud Architecture Knowledge

Event-driven applications require:

Stateless, micro-sized execution units

Automatic scaling

Code that runs only when triggered

No server or VM lifecycle management

This model is known as Function-as-a-Service (FaaS).

Cisco FaaS provides:

Serverless execution

Event-driven triggers

Deployment of atomic micro-functions

Automatic scaling and resource abstraction

Ideal environment for microservices and cloud-native workloads

Why the others are incorrect:

A . Cisco+ Hybrid Cloud for VDI delivers desktops, not serverless compute

C . Cisco+ Hybrid Cloud Virtualization VM-based infrastructure, not event-driven micro-functions

D . Cisco Intersight operational management tool, not a serverless execution platform

Question 7

What is a capability of a Cisco NFVIS SNMP trap?

AMonitors the activities of a network host

BControls the activities of a network host

CSends an unsolicited notification to the SNMP manager

DRetrieves an SNMP object variable from the MIB

Answer : C

Comprehensive and Detailed Explanation

SNMP traps in Cisco NFVIS (and in SNMP generally):

Are unsolicited notifications

Sent from the NFVIS device to the SNMP manager

Indicate alarms, changes, or significant operational events

Do not require polling

Examples:

Disk failures

VM crashes

Host status changes

Resource alarms

Why the others are wrong:

A describes SNMP monitoring (done by the manager with GET requests)

B SNMP cannot control host activities

D SNMP GET retrieves a variable, but traps send unsolicited notifications

Thus, the correct answer is C.

Cisco Designing and Implementing Cisco Service Provider Cloud Network Infrastructure v1.0 300-540 SPCNI Exam Questions