Comprehensive and Detailed Explanation with Exact Extracts:

Option B is FALSE:

The  system-cpu-policer  is a  software-based policer  running on the CPM CPU, not hardware-based.

Extract from Nokia SR Linux QoS Guide (Section: Control Plane Policing):

"The  system-cpu-policer  is enforced in  software  on the CPM. In contrast,  distributed-policers  are hardware-based and execute on line cards."

Other Options are TRUE:

A:  Hierarchical policing (e.g., per-protocol child policers under an aggregate) is supported.

Extract: "Hierarchical policers allow aggregate rate-limiting plus per-protocol sub-policers (e.g., for BGP, OSPF)."

C:  The  system-cpu-policer  polices the  aggregate  traffic reaching the CPM.

Extract: " system-cpu-policer  applies to the  sum of all traffic  forwarded from line cards to the CPM."

D:  CPM-filter entries can combine both policers:

distributed-policer  (line card hardware) for early per-card rate-limiting.

system-cpu-policer  (CPM software) for final aggregate policing.

Extract: "CPM-filter entries may reference both a  distributed-policer  (for per-line card enforcement) and a  system-cpu-policer  (for CPM-wide aggregation)."

Comprehensive and Detailed Explanation From Exact Extract:

Option A :  TRUE  – Only one management interface ( mgmt0 ) exists.

"The system supports a single management interface ( mgmt0 ) for out-of-band access."

—  SR Linux Interface Guide, "Management Port"

Option B :  TRUE  – Network interfaces bind to hardware ports.

"Network interfaces (e.g., ethernet-1/1) map directly to physical line card ports."

—  SR Linux Interface Guide, "Port Mapping"

Option C :  FALSE  –  Loopback interfaces are virtual , not physical.

"Loopback interfaces (e.g.,  lo0 ) are logical entities with no physical hardware association."

—  SR Linux Routing Guide, "Loopback Interfaces"

Option D :  TRUE  – L2 parameters (e.g., MTU) are set at the main interface; L3 (e.g., IP) at subinterfaces.

"Layer 2 attributes (MTU, admin-state) are configured under the main interface. Layer 3 settings (IP, VRF) are applied to subinterfaces."

—  SR Linux Interface Guide, "Subinterface Configuration"

Comprehensive and Detailed Explanation with Exact Extracts:

Options A, B, and C ARE configured in  static-routes :

Blackhole:  Configured under  static-routes  for a prefix to drop traffic.

IPv4 destination prefix:  Defined directly in the  static-routes  container.

Preference value:  Set per static route entry within  static-routes .

Extract from Nokia SR Linux Configuration Guide (Section: Static Routes):

"Static routes are configured under  /routing-policy/static-routes . Each entry requires a  prefix  (e.g.,  0.0.0.0/0 ). The  blackhole  parameter and  preference  value are configured directly within this container for a specific prefix."

Option D (Next-hop group) CANNOT be configured in  static-routes :

Next-hop groups are  separate objects  defined under  /routing-policy/next-hop-groups .

The  static-routes  container  references  a next-hop group by name but does not define its properties.

Extract from Nokia SR Linux Configuration Guide (Section: Next-Hop Groups):

"Next-hop groups are configured under  /routing-policy/next-hop-groups . Each group is given a name and defines properties like  next-hop  IPs,  blackhole  behavior, or  indirect  settings. Static routes  reference  a next-hop group via the  next-hop-group  parameter under  /routing-policy/static-routes  but  do not configure the group itself  here."

Comprehensive and Detailed Explanation with Exact Extracts:

Options A, B, and D are supported:

SR Linux users  (A): Locally configured users for CLI/management access.

Regular Linux OS users  (B): Native Linux users (e.g.,  admin ) for host OS operations.

Remote users  (D): Authenticated via AAA (TACACS+/RADIUS).

Extract from Nokia SR Linux System Management Guide:

"User types include  SR Linux users  (CLI access),  Linux OS users  (host system), and  remote users  (external AAA)."

Option C (Container users) is NOT supported:

SR Linux does not define "container users" as a distinct category. Containers (e.g., management container) share the host's user management.

Extract from Nokia SR Linux Security Guide:

"SR Linux does not provision separate user identities for containers. User access is managed at the  host OS level  or via SR Linux CLI, with no container-specific user type."

Comprehensive and Detailed Explanation From Exact Extract:

Option A :  TRUE  –  state  mode shows configuration + operational state.

"The  state  command provides a unified view of configuration and real-time operational data."

—  SR Linux CLI User Guide, "State Mode"

Option B :  TRUE  –  show  mode uses predefined templates.

" show  commands use structured report templates for consistent operational data display."

—  SR Linux CLI User Guide, "Show Commands"

Option C :  TRUE  –  running  mode is for configuration changes.

"Configuration edits occur in  running  mode, which modifies the candidate configuration."

—  SR Linux Configuration Fundamentals, "CLI Modes"

Option D :  FALSE  –  use  (not  enter ) switches modes .

"Mode transitions use the  use  command (e.g.,  use state ).  enter  navigates hierarchical paths within a mode."

—  SR Linux CLI User Guide, "Mode Navigation"

The "baseline diff" command is used to compare the candidate configuration against the baseline datastore to see changes or conflicts, especially when multiple users are involved or to verify differences. It does not indicate that the user is unable to commit changes.

Comprehensive and Detailed Explanation From Exact Extract:

Option A :  TRUE  – Fabric intent is declaratively defined in YAML.

"FSS uses YAML-based declarative intent to define and manage fabric configurations."

—  Nokia Fabric Services System User Guide, "Intent-Based Fabric"

Option B :  FALSE  – The  Digital Sandbox  is for  pre-deployment validation , not performance monitoring.

"The Digital Sandbox simulates configurations for validation before deployment. Performance monitoring is handled by telemetry analytics, not the sandbox."

—  Nokia FSS Deployment Guide, "Digital Sandbox"

Option C :  TRUE  – Telemetry is contextualized with intent.

"Telemetry data is correlated with fabric intent, providing context-aware insights."

—  Nokia FSS Operations Guide, "Telemetry and Analytics"

Option D :  TRUE  – FSS is cloud-native for flexible integration.

"FSS’s cloud-native microservices architecture simplifies integration with customer ecosystems."

—  Nokia FSS Architecture White Paper, "Cloud-Native Design"

Conclusion:  Option B misrepresents the Digital Sandbox’s purpose.