Cisco Designing and Implementing Cisco Service Provider Cloud Network Infrastructure v1.0 300-540 SPCNI Exam Questions

Answer : C

Comprehensive and Detailed Explanation From Cisco NSO Orchestration Knowledge

In Cisco NSO deployments:

ncs-setup is only used once, during initial NSO instance creation.

ls -l nso-instance/packages/ simply lists packages --- not used to start NSO.

ncs -status checks status but does not run NSO.

To actually start the NSO service so that device packages (including ASAv service packages) can be loaded and orchestration can begin, the correct command is:

ncs

This launches the NSO runtime and loads all configured packages, enabling the SaaS ASAv service.

Answer :

For a site-to-site IPsec VPN, each peer must configure a pre-shared key tied to the public IP address of the remote VPN peer:

crypto isakmp key <KEY> address <REMOTE_PUBLIC_IP>

From the diagram:

R1 outside IP: 192.168.10.1/24

R2 outside IP: 192.168.20.2/24 remote peer for R1

In the current R1 configuration, the ISAKMP key is incorrectly bound to 192.168.10.2, which is a local next-hop/ISP address on R1's own subnet, not the R2 public IP. Because the pre-shared-key address does not match the source IP of R2's IKE packets, phase 1 negotiation fails and the tunnel never comes up.

The correct configuration on R1 must therefore be:

crypto isakmp key vpnuser address 192.168.20.2

Options A and C incorrectly change the default route (next hop must be the local ISP router, not R2's public IP or a LAN address). Option D uses an internal address (10.1.1.2), which is not the IP used for IKE on the Internet.

Answer : B

Comprehensive and Detailed Explanation

Cisco Container Platform (CCP), built on Kubernetes orchestration, uses YAML files for:

Cluster configuration

Pod definitions

Network settings

Storage mappings

YAML is the industry-standard declarative syntax for Kubernetes and container orchestration platforms.

HTML, XHTML, and XML are not used for CCP configuration.

Answer : C

Comprehensive and Detailed Explanation

SNMP traps in Cisco NFVIS (and in SNMP generally):

Are unsolicited notifications

Sent from the NFVIS device to the SNMP manager

Indicate alarms, changes, or significant operational events

Do not require polling

Examples:

Disk failures

VM crashes

Host status changes

Resource alarms

Why the others are wrong:

A describes SNMP monitoring (done by the manager with GET requests)

B SNMP cannot control host activities

D SNMP GET retrieves a variable, but traps send unsolicited notifications

Thus, the correct answer is C.

Answer :

In Cisco SD-WAN, vSmart controllers must be assigned to controller groups so that edge routers can form redundant control-plane connections. Each data center in the diagram has its own group:

New York DC Controller group-ID 1 (vSmart1, vSmart2, vSmart3)

Los Angeles DC Controller group-ID 2 (vSmart4, vSmart5, vSmart6)

To configure the controllers correctly:

vSmart1

It resides in the New York DC, so it must be assigned to controller-group 1. Required command: system controller-group-id 1 This corresponds to Option D.

vSmart4

It resides in the Los Angeles DC, so it must be assigned to controller-group 2. Required command: system controller-group-id 2 This corresponds to Option C.

Why Other Options Are Incorrect

A and B: The command max-control-connections is configured on edge routers, not vSmart controllers.

E: Controller-group-id 4 does not exist in this design; only group 1 and group 2 are shown.

Answer : A

Comprehensive and Detailed Explanation From Cisco NFVI Knowledge

Cisco IOS Flexible NetFlow is the primary telemetry and flow-collection mechanism used across Cisco NFVI platforms. One of its powerful information-gathering capabilities is the ability to create multiple, separate flow caches, each one with:

Its own key fields

Its own record type

Its own export destination

This allows NFVI deployments to capture different types of traffic visibility (control plane, data plane, management, or tenant-specific flows) with independent caches, which improves scalability and granularity.

Why the other options are incorrect:

Docker and Kubernetes (B, D) are container orchestration tools, unrelated to NetFlow flow-gathering capabilities.

Single cache (C) is traditional NetFlow, not Flexible NetFlow. Flexible NetFlow explicitly supports multiple independent caches.

Answer :

R1 (AS 200) is multihomed to:

SP-1 in AS 300 via neighbor 172.16.1.1

SP-2 in AS 400 via neighbor 172.16.2.1

R1 must:

Advertise only locally originated prefixes (its own network 10.10.0.0/24).

NOT become a transit AS---i.e., R1 must not advertise routes learned from one provider to the other.

The configuration includes AS-path access-lists:

ip as-path access-list 1 permit ^$

ip as-path access-list 200 permit ^200

ip as-path access-list 300 permit ^300

ip as-path access-list 400 permit ^400

^$ in AS-path ACL 1 matches locally originated routes (empty AS-path).

ACLs 200, 300, and 400 match routes whose first AS in the path is 200, 300, or 400 respectively (used if we needed to match those provider or customer routes).

To ensure each upstream provider only receives locally originated routes, we apply AS-path ACL 1 as an outbound filter-list on each external BGP neighbor:

router bgp 200

neighbor 172.16.1.1 remote-as 300

neighbor 172.16.1.1 filter-list 1 out only advertise local prefixes to SP-1

neighbor 172.16.2.1 remote-as 400

neighbor 172.16.2.1 filter-list 1 out only advertise local prefixes to SP-2

This way:

Routes learned from SP-1 (AS 300) will not be advertised to SP-2 (AS 400) because their AS-path will begin with 300, not empty, so they fail ACL 1.

Similarly, routes from SP-2 will not be sent to SP-1.

Only R1's own prefixes are exported, preventing AS 200 from becoming a transit network.