Cisco 300-540 Exam Dumps

Overlay Transport Virtualization (OTV) allows Layer 2 extension across Layer 3 infrastructures. To operate, OTV requires three fundamental components on the overlay interface:

Join interface -- used to reach the OTV control plane over L3 (already configured: otv join-interface g1/0).

Control-group multicast address -- for control-plane advertisement (already configured: otv control-group 224.1.1.1).

Extended VLAN list -- specifies which VLANs will be transported through the OTV overlay.

The configuration shown in the exhibit includes the join-interface, control-group, and data-group, but it does NOT specify which VLANs should be extended. Without the otv extend-vlan command, OTV will form the overlay interface but will not forward any Layer 2 information, preventing adjacency and MAC distribution between sites.

In OTV, the command required to activate VLANs for transport is:

otv extend-vlan <vlan-range>

This enables the VLANs (such as 101--111) to be carried across the OTV overlay, completing the configuration and establishing connectivity.

Why the Other Options Are Incorrect

B . otv isis authentication-type md5

This is optional and only required if ISIS authentication is enabled on both edges. It does not resolve the absence of VLAN extension.

C . otv isis authentication-check

This command enforces authentication verification but does not fix connectivity when VLANs are not extended.

D . otv join-interface vlan 101-111

This is not a valid OTV command. The join-interface must be a routed interface, not a VLAN list.

Cisco Umbrella DNS-layer security:

Blocks malicious domains used in phishing, malware, C2 communications, and ransomware

Stops threats before connections are made

Uses DNS-based filtering and threat intelligence

It does not mitigate:

DDoS (needs scrubbing centers)

Brute force login attempts

Zero-day exploits directly

Thus, A is correct.

In a cloud-scale or data center--scale environment, Virtual Extensible LAN (VXLAN) is used as an overlay technology to transport Layer 2 segments over a Layer 3 underlay network. VXLAN encapsulates Layer 2 Ethernet frames inside UDP/IP packets, allowing broadcast, unknown unicast, and multicast (BUM) traffic and tenant Layer 2 domains to be extended across a routed IP fabric.

Key points aligned with Cisco Service Provider Cloud Infrastructure design principles:

VXLAN creates a Layer 2 overlay on top of a Layer 3 underlay.

The VXLAN Network Identifier (VNI) provides a much larger segmentation space than traditional VLANs, enabling multi-tenancy at cloud scale.

Because the underlay is pure Layer 3 (IP routed fabric), VXLAN allows you to interconnect Layer 2 segments between leaf switches or data centers over an IP/MPLS backbone without relying on large Layer 2 domains in the physical network.

Why the options evaluate as follows:

Option A: extends Layer 2 segments across the underlying Layer 3 infrastructure

This is the core benefit of VXLAN in cloud-scale designs. VXLAN encapsulates Layer 2 frames into IP/UDP headers, allowing isolated Layer 2 segments (per VNI) to be stretched across a routed IP network. This enables:

Multi-tenant Layer 2 connectivity across a distributed cloud fabric

Mobility of virtual machines or containers while keeping same IP/MAC addressing

Use of an IP-based leaf--spine or service provider underlay for scalability and resiliency

Option B: extends Layer 3 segments across the underlying Layer 2 infrastructure

This is the opposite of what VXLAN does. VXLAN is explicitly L2-over-L3, not L3-over-L2. Extending pure Layer 3 segments over Layer 2 is not the VXLAN use case.

Option C: reduces spanning-tree complexity across the Layer 2 infrastructure (Partially related but not the primary or direct benefit)

In modern designs, the underlay is Layer 3 routed, and VXLAN overlays provide logical Layer 2 segments. This design avoids dependence on spanning tree in the fabric, which indirectly reduces STP complexity. However, the fundamental, exam-relevant benefit is L2 extension over L3, so C is not the best or most accurate answer compared to A.

Option D: eliminates the need for a Layer 3 underlay in the service provider infrastructure

VXLAN absolutely requires an IP (Layer 3) underlay for transport. VXLAN tunnels are built over a routed infrastructure (leaf--spine, MPLS/IP core, etc.). It does not remove the need for Layer 3; it depends on it.

Comprehensive and Detailed Explanation

AWS Security Groups act as the primary stateful firewalls for EC2 instances.

To restrict SSH (TCP/22) to a single host (20.20.20.20/32), a Security Group must be configured with:

Inbound rule: TCP 22

Source: 20.20.20.20/32

ACLs operate at the subnet level but are not used for instance-specific SSH restrictions.

WAF controls HTTP/HTTPS traffic, not SSH.

Resource groups only organize cloud assets.

Thus, B is the correct solution.

Comprehensive and Detailed Explanation

In Cisco NFV Infrastructure (NFVI) Assurance and Monitoring, enabling gRPC activates the device's ability to support model-driven telemetry streaming.

Key points from Cisco SP Cloud/NFVI design principles:

gRPC is used as the transport protocol for model-driven telemetry.

Telemetry replaces traditional polling methods (SNMP, CLI scraping) with continuous, push-based updates.

It allows NFVI components to stream real-time operational data (CPU, memory, interfaces, VM metrics, fabric state) to collectors such as Cisco Crosswork, InfluxDB, Prometheus, or other analytic systems.

gRPC does not provide NetFlow/IPFIX export or syslog itself; those are separate subsystems.

Evaluation of options:

A . telemetry streaming --- Correct. gRPC enables model-driven streaming telemetry.

B . IPFIX monitoring --- Incorrect; IPFIX uses UDP exports, not gRPC.

C . Cisco IOS NetFlow monitoring --- Incorrect; uses NetFlow export protocols.

D . system logging --- Incorrect; syslog uses UDP/TCP, not gRPC.