Practice Exam Questions for:

Nuage Networks VNS

Fundamentals
(exam number: 4A0-N02)
The following questions will test your knowledge and prepare you for the
Nuage Networks VNS Fundamentals Exam. Compare your responses with the
Answer Key at the end of the document.

1. What is the name of the solution when we apply SDN at the enterprise branch to enable automated, application-driven
network service provisioning?
a. SD-VPN
b. SD-WAN
c. SD-ELAN
d. SD-NFV

2. Which of the following is one of the functions of Nuage Networks VNS?

a. Automation of the enterprise WAN
b. Network virtualization of datacenter
c. Cloud orchestration
d. Enterprise network function virtualization

3. Which of the following statements about the differences between underlay and overlay networks is CORRECT?
a. An overlay network is a Layer 3 network, while an underlay network is a Layer 2 network.
b. An overlay network is a logically separate network built on top of an underlay network.
c. An overlay network can be deployed by SDN, while an underlay network cannot.
d. An overlay network uses private IP addressing, while an underlay network uses public IP addressing.
4. Refer to the exhibit. If VM1 and VM2 are on the same subnet, what is the MAC address Y3?

a. Y3= MAC11
b. Y3= MAC1
c. Y3= MAC4
d. Y3= MAC12

5. Which protocol is used between the SDN controller and NSG?

a. OpenFlow TLS
b. MP-BGP TLS
c. XMPP TLS
d. VXLAN TLS

6. Which type of technology is used to create the overlay VPN for Nuage Networks VNS?
a. MPLS tunnels
b. VXLAN tunnels
c. PBB
d. TRILL

7. Which of the following describes how the VNS solution can be deployed at an existing branch office without any changes
to the physical network infrastructure at the branch?
a. Install a high-performance physical NSG and set the default gateway on the host systems to the new NSG CPE.
b. Install a high-performance physical NSG and keep the default gateway on the host systems unchanged (pointing to
the old CPE).
c. Install a software NSG on an existing server and set the default gateway on the host systems to the new software
NSG CPE.
d. Install a software NSG on an existing server and keep the default gateway on the host systems unchanged (pointing
to the old CPE).

PRACTICE EXAM QUESTIONS FOR: VCS FUNDAMENTALS (EXAM NUMBER: 4A0-N02) 2

8. Which of the following is NOT a capability of the Nuage Networks VNS?
a. Providing IPsec tunnels directly to VMs in the datacenter.
b. Performing Internet offload at the branch with NAT/PAT.
c. Providing seamless interworking with an existing MPLS VPRN.
d. Performing seamless interconnection with a VCS datacenter.

9. Which of the following components is specific to the Nuage Networks VNS solution and not to VCS?
a. VSD (Virtualized Services Directory)
b. VSC (Virtualized Services Controller)
c. VRS (Virtual Routing and Switching)
d. NSG (Network Services Gateway)

10. Which of the following is the control plane component of the Nuage Networks VNS solution?
a. VSD (Virtualized Services Directory)
b. VSC (Virtualized Services Controller)
c. VRS (Virtual Routing and Switching)
d. NSG (Network Services Gateway)

11. Which of the following is a function performed by the VSD in the Nuage Networks VNS solution?
a. The VSD communicates with the cloud management system using XMPP.
b. The VSD provides the DNS and NTP services for the datacenter network.
c. The VSD manages the auto-instantiation of the NSGs.
d. The VSD pushes the forwarding table to the NSGs.

12. Which of the following statements about VSD installation is FALSE?

a. VSD can only be implemented as a virtual machine.
b. The statistics engine component (Elasticsearch) is optional.
c. In the standalone installation mode, all the VSD components, including the Elasticsearch engine, are deployed in one
virtual machine.
d. The high-availability cluster mode is 1 active VSD protected by 2 standby VSDs.

13. Which of the following statements about the relationship between zone, subnet and virtual machines within a domain is
FALSE?
a. Each zone can have multiple subnets.
b. Each subnet can belong to multiple zones.
c. A virtual machine can belong to multiple subnets.
d. Each subnet can have multiple virtual machines.

14. If we compare the Nuage Networks Virtual Service Node to a physical router, which component does the NSG correspond to?
a. Switch fabric
b. Line card
c. CPU module
d. Internal clock

15. Which of the following interfaces on the VSC does not support encryption?
a. OVSDB interface
b. BGP interface
c. OpenFlow interface
d. XMPP interface

PRACTICE EXAM QUESTIONS FOR: VCS FUNDAMENTALS (EXAM NUMBER: 4A0-N02) 3

16. Which of the following is a function of the VRS agent?
a. Communication with the VSC
b. VXLAN tunneling
c. Switching and routing in the overlay
d. Managing virtual machines

17. Which of the following statements about the Nuage Networks VRS-G is FALSE?
a. The VRS-G interconnects a VLAN network with a VXLAN network.
b. The VRS-G connects bare metal assets with the Nuage Networks overlay domain.
c. The VRS-G extends an enterprise branch office to an external network.
d. Nuage Networks VRS-G is the software version of VXLAN gateway.

18. Which of the following products supports seamless datacenter gateway integration?
a. Nuage Networks VRS-G
b. Nuage Networks VSC
c. Nokia 7750 SR
d. Nuage Networks NSG

19. Which of the following statements about Nuage Networks NSG-P (Network Services Gateway) is CORRECT?
a. It is a virtual CPE.
b. It is activated by the VSC.
c. It forwards VXLAN encapsulated traffic on its LAN ports.
d. It is Open vSwitch based.

20. Refer to the exhibit below. Which protocol is used for communication between the Notification App and the VSD?

a. XMPP
b. HTTPS
c. HTTP
d. OF-TLS

PRACTICE EXAM QUESTIONS FOR: VCS FUNDAMENTALS (EXAM NUMBER: 4A0-N02) 4

21. Which of the following users can receive NSG activation email?
a. A user in the CSP root group
b. A user in the CMS group
c. An enterprise user
d. Any user with an email address

22. Which of the following VSD service abstractions maps to a VPLS service instance on the VSC?
a. Domain
b. Zone
c. Subnet
d. vPort

23. During the VNS automated site activation process, which step occurs immediately after the NSG validates and stores the
signed certificate from the VSD?
a. Allocation of an IP address on the NSG uplink.
b. Activation of the NSG control plane interface towards the VSC.
c. Sending of an out-of-band email containing configuration information to the installer user.
d. Sending of the second-factor challenge by SMS.

24. Which of the following steps is NOT required for either the single-factor or two-factor NSG bootstrapping workflow?
a. Define an NSG profile/template to identify the VSD proxy and VSC.
b. At the enterprise level, create the Installer user.
c. Create the bootstrap data and load it onto a USB key.
d. At the branch site, connect the NSG WAN uplink ports.

25. Which of the following is NOT defined in Infrastructure Gateway Profile?

a. Proxy FQDN
b. NTP server
c. SSH authentication
d. Syslog server

26. What happens to the NSG’s certificate when it is deactivated?

a. The certificate is suspended.
b. The certificate is revoked.
c. The certificate is maintained in the database for a configured period of time.
d. The certificate is re-assigned to another active NSG.

27. Which protocol is used to encapsulate traffic between two NSGs in different branch offices?
a. OpenFlow-TLS
b. OpenFlow
c. VXLAN
d. GRE

28. Which one of the following types of vPort does NOT support DHCP in the VNS solution?
a. Host vPort with a DHCP pool.
b. Host vPort without a DHCP pool.
c. Bridge vPort with a DHCP pool.
d. Bridge vPort without a DHCP pool.

PRACTICE EXAM QUESTIONS FOR: VCS FUNDAMENTALS (EXAM NUMBER: 4A0-N02) 5

29. Which protocol can be used to encapsulate traffic between VRSes in the data center (VCS solution) and NSGs in the branch
office (VNS solution)?
a. TLS-encrypted VXLAN tunnels
b. VXLAN tunnels
c. VXLAN over IPsec tunnels
d. All of the above.

30. Which statement is TRUE about Nuage Networks security policies?

a. There are different egress security policies for Nuage Networks VCS and VNS solution, although they use the same
ingress policies.
b. There are different ingress security policies for Nuage Networks VCS and VNS solution, although they use the same
egress policies.
c. There are different ingress and egress security policies for Nuage Networks VCS and VNS solution.
d. Both Nuage Networks VCS and VNS solutions use the same ingress and egress security policies.

31. Which of the following statements about Nuage Networks stateful ACL is TRUE?
a. The stateful ACL tracks only TCP flows, since UDP is stateless.
b. The VSD detects the end of a TCP session to remove the reflexive rule configured in the policy.
c. The automatically created rule for the reverse direction is removed if no packet is seen within the timeout period.
d. The automatically created rule for the reverse direction is not removed until the ACL is manually deactivated.

32. What statement is FALSE regarding the forwarding policy provided by Nuage Networks VNS?
a. A forwarding policy can redirect traffic to intermediate points before it reaches its destination.
b. A forwarding policy is a flow-based policy with L2/L3/L4 granularity.
c. Forwarding policies are defined at the domain level.
d. When a forwarding policy is enabled, a dedicated evpn is automatically created for the redirected traffic.

33. Which of the following QoS capabilities is NOT supported by Nuage Networks VNS?
a. Hierarchical shaping at network egress
b. Hierarchical shaping at access egress
c. Policing at network ingress
d. Policing at access ingress

34. Which of the following statements about the egress QoS policy on NSG is TRUE?
a. It applies to network uplinks only.
b. It supports up to eight queues per port.
c. It supports hierarchical scheduling with up to 3 levels of schedulers.
d. The eight forwarding classes must be mapped to queues.

35. Which of the following statements about the difference between the NAT and PAT functions on the NSG is CORRECT?
a. NAT maps multiple internal IP addresses to a single external address, while PAT provides 1:1 mapping between internal
and external addresses.
b. PAT traffic must be initiated from the internal IP, while NAT allows traffic initiated from the outside.
c. C) NAT can be used to offload Internet traffic while PAT cannot.
d. PAT is supported on NSG by default while NAT is not.

36. Which of the following addresses can be used for PAT by the NSG to offload Internet traffic?
a. The WAN uplink interface address.
b. Any IP address from the defined NAT pool.
c. The last IP address from the defined NAT pool.
d. The next available IP address from the defined NAT pool.

PRACTICE EXAM QUESTIONS FOR: VCS FUNDAMENTALS (EXAM NUMBER: 4A0-N02) 6

37. Which of the following is NOT a valid function for configuring dual uplinks on an NSG?
a. To provide redundancy for data traffic.
b. To provide redundancy for control traffic.
c. To provide load-balancing when both links are configured in a LAG.
d. To provide load-balancing when both links are configured as primary.

38. Which of the following statements regarding the managed key server model in a VNS IPsec VPN is FALSE?
a. The key server function is part of the VSD.
b. Each enterprise has its own key server.
c. The key server function can be provided for multiple tenants.
d. Each enterprise manages the encryption policies on its key server.

39. Which of the following statements about NAT traversal in VNS is TRUE?
a. DTLS is used between the NSGs to discover the private to public address bindings for each NSG.
b. DTLS is used between the NSGs and the VSC to discover the private to public address bindings for each VSC.
c. There will be multiple DTLS sessions when IPSec/IKE is also used by the NSG.
d. NAT traversal is a standard feature across all SD-WAN vendors.

40. What is the role of the secondary NSG in a redundant group?

a. It forwards half the traffic.
b. It forwards traffic based on the result of the load-balancing algorithm.
c. It forwards the traffic when the switch-over command is sent.
d. It forwards the traffic when the authoritative NSG has failed.

PRACTICE EXAM QUESTIONS FOR: VCS FUNDAMENTALS (EXAM NUMBER: 4A0-N02) 7

Answer Key

1. B 11. C 21. C 31. C

2. A 12. D 22. C 32. D
3. B 13. B 23. B 33. C
4. D 14. B 24. C 34. D
5. A 15. B 25. C 35. B
6. B 16. A 26. B 36. A
7. C 17. C 27. C 37. C
8. A 18. C 28. D 38. B
9. D 19. D 29. B 39. C
10. B 20. A 30. D 40. D

www.nuagenetworks.net Nuage Networks and the Nuage Networks logo are trademarks of the Nokia group
of companies. Nokia is a registered trademark of Nokia Corporation. Other product and company names
mentioned herein may be trademarks or trade names of their respective owners. SR1712019502EN
© Nokia 2017