Weekend Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Cisco > CCNP Enterprise > 300-415

300-415 Implementing Cisco SD-WAN Solutions (300-415 ENSDWI) Question and Answers

Question # 4

What is a requirement for deployment of on-premises vBond controllers through the Cisco Plug and Play Connect process?

A.

a DNS name that identifies vBond

B.

a defined controller profile

C.

Internet connectivity from vManage

D.

a CSV The that contains ail controllers

Full Access
Question # 5

Refer to the exhibit vManage and vBond have an issue establishing a connection to vSmart Which two actions does the administrator take to fix the issue? (Choose two)

Install the certificate received from the certificate server.

A.

Manually resync vManage and vBond

B.

Reconfigure the vSmart from CLI with the proper Hostname & System IP

C.

Delete and re-add vSmart Click Generate and validate CSR

D.

Request a certificate from the certificate server based on the CSR for the vSmart

Full Access
Question # 6

An engineer must use data prefixes to configure centralized data policies using the vManage policy configuration wizard. What is the first step to accomplish this task?

A.

Create groups of interest

B.

Configure network topology.

C.

Configure traffic rules.

D.

Apply policies to sites and VPNs.

Full Access
Question # 7

Company E wants to deploy Cisco SD-WAN with controllers in AWS The company's existing WAN is on private MPLS without Internet access to controllers m AWS An Internet circuit is added to a site in addition to the existing MPLS circuit. Which interface template establishes BFD neighbors over both transports?

A)

B)

C)

Miss

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 8

Which two services are critical for zero touch provisioning on-boarding? (Choose two)

A.

SNMP

B.

DNS

C.

DHCP

D.

AAA

E.

EMAIL

Full Access
Question # 9

Which two metrics must a cloud Edge router use to pick the optimal path for a SaaS application reachable via a gateway site? (Choose two.)

A.

HTTP loss and latency metrics to the SaaS application

B.

ICMP loss and latency metrics to the SaaS application

C.

BFD loss and latency metrics to the gateway site

D.

BFD loss and latency metrics to the SaaS application

E.

HTTP loss and latency metrics to the gateway site

Full Access
Question # 10

How is an event monitored and reported for an individual device in the overlay network at site ID:S4300T6E43F36?

A.

The device sends event notifications to vManage.

B.

The device sends notifications to vSmart that sends them to vManage.

C.

The device sends a critical alarm of events to vManage.

D.

The device sends a critical alarm to vSmart that sends it to vManage.

Full Access
Question # 11

Refer to the exhibit. A network administrator is setting the queueing value for voice traffic for one of the WAN Edge routers using vManager GUI. Which queue value must be set to accomplish this task?

A.

0

B.

1

C.

2

D.

3

Full Access
Question # 12

Which Cisco SD-WAN component the initial communication between WAN Edge devices to join the fabric?

A.

WAN Edge Router

B.

vSmart Controller

C.

vManage

D.

vBond Orchestrator

Full Access
Question # 13

Refer to the exhibit. An engineer is troubleshooting a control connection issue on a WAN Edge device that shows socket errors. The packet capture shows some ICMP packets dropped between the two devices. Which action resolves the issue?

A.

Recover the vManage controller that is down m a high availability cluster

B.

Change the system IP or restart the VWN Edge 4 the system IP is changed

C.

Remove IP duplication in the network and configure a unique IP address

D.

Recover vBond or wart for the controller to reload which could be caused by a reset

Full Access
Question # 14

Refer to the exhibit.

Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 15

Refer to the exhibit Which configuration sets up direct Internet access for VPN 1?

A.

Option A

B.

Option B

C.

Option C

Full Access
Question # 16

Which issue triggers the Cisco Umbrella resolver to toward DNS requests to the intelligent proxy?

Which issue triggers the Cisco Umbrella resolver to toward DNS requests to the intelligent proxy?

A.

A domain is nonexistent.

B.

A domain is block-listed.

C.

A domain is locally reachable.

D.

A domain is grey-listed.

Full Access
Question # 17

Which IP address must be reachable by a WAN Edge device for the ZIP process to work?

A.

10.1.1.1

B.

4.4 4.4

C.

172.16.1.1

D.

8.8.8.8

Full Access
Question # 18

In which VPN is the NAT operation on an outgoing interface configured for direct Interne! access?

A.

1

B.

10

C.

512

D.

0

Full Access
Question # 19

Refer to the exhibit. vManage logs are available for the past few months. A device name change deployed mistakenly at a critical site. How is the device name change tracked by operation and design teams?

A)

B)

C)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 20

Refer to the exhibit. An ongineer configured OMP with an ovorlay-as of 10666. What is tho AS-PATH for prefix 104.104.104.104/32 on R1007?

A.

100 10666 104

B.

100 10666

C.

100 10666 20 104

D.

100 20 104

Full Access
Question # 21

Drag and drop the Cisco SD-WAN components from the left onto their functions on the right.

Full Access
Question # 22

How does the replicator role function in cisco SD-WAN?

A.

WAN Edge devices advertise the rendezvous point to all the receivers through the underlay network.

B.

vSmart Controllers advertise the rendezvous point to all the receivers through the overlay network.

C.

WAN Edge devices advertise the rendezvous point to all receivers through the overlay network.

D.

vSmart Controllers advertise the rendezvous point to all the receivers through the underlay network.

Full Access
Question # 23

An engineer is configuring a data policy for packets that must be captured through the policy. Which command accomplishes this task?

A.

policy > data-policy > vpn-list > sequence > default-action > drop

B.

policy > data-policy > vpn-list > sequence > action

C.

policy > data-policy > vpn-list > sequence > default-action > accept

D.

policy > data-policy > vpn-list > sequence > match

Full Access
Question # 24

An engineer is troubleshooting a vEdge router and identifies a “DCONFAIL – DTLS connection failure” message. What is the problem?

A.

certificate mismatch

B.

organization mismatch

C.

memory issue

D.

connectivity issue

Full Access
Question # 25

Which two vRoute attributes should be matched or set in vSmart policies and modified by data policies? (Choose two.)

A.

site ID

B.

preference

C.

VPN

D.

TLOC

E.

origin

Full Access
Question # 26

Which component is responsible for routing protocols such as BGP and OSPF in a Cisco SD-WAN solution?

A.

vSmart Controller

B.

vBond Orchestrator

C.

vManage

D.

WAN Edge Router

Full Access
Question # 27

An engineer is configuring a centralized policy to influence network route advertisement. Which controller delivers this policy to the fabric?

A.

vSmart

B.

vManage

C.

WAN Edge

D.

vBond

Full Access
Question # 28

Refer to the exhibit.

An engineer is troubleshooting a control connection Issue. What does "connect" mean in this how control connections output?

A.

Control connection is down

B.

Control connection is connected

C.

Control connection attempt is in progress

D.

Control connection is up

Full Access
Question # 29

An application team is getting ready to deploy a new business-critical application to the network. To protect the traffic, the network team must add another queue to the QoS map and then deploy the map to fabric Which configuration slop must be completed prior to adding the queue to the QoS map and applying If

A.

The relationship between die new QoS class and the hardware queue must be configured from the 'lists' page of the Local Policy section of vManage. The QoS map is then applied to the WAN interface

B.

The relationship between The new QoS class and the hardware queue must be configured from the 'lists' page of the Local Policy section of vManage. The QoS map is then applied to the service-side interface.

C.

The relationship between the new QoS class and the hardware queue must be configured from the "lisla" page of the Centralized Policy section of vManage. The QoS map is then applied to the WAN interface.

D.

The relationship between the new QoS class and the hardware queue must be configured from the "lists" page of the Centralized Policy section of vManage. The QoS map is then applied to the service-side interface.

Full Access
Question # 30

An enterprise deployed a Cisco SD-WAN solution with hub-and-spoke topology using MPLS as the preferred network over the Internet. A network engineer must implement an application-aware routing policy to allow ICMP traffic to be load-balanced over both the available links. Which configuration meets the requirement?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 31

What are the two protocols redistributed into OMP? (Choose two.)

A.

OSPF

B.

RIP

C.

LDP

D.

RSVP

E.

EIGRP

Full Access
Question # 32

Which value is verified in the certificates to confirm the identity of the physical WAN Edge device?

A.

Serial Number

B.

OTP

C.

System-IP

D.

Chassis-ID

Full Access
Question # 33

A company deploys a Cisco SD-WAN solution but has an unstable Internet connection. When the link to vSmart comes back up, the WAN Edge router routing table is not refreshed, and some traffic to the destination network is dropped. The headquarters is the hub site, and it continuously adds new sites to the SD-WAN network. An engineer must configure route refresh between WAN Edge and vSmart within 2 minutes. Which configuration meets this requirement?

A.

Option A

B.

B

C.

Option B

D.

E.

Option C

F.

Option D

Full Access
Question # 34

An enterprise needs DIA on some of its branches with a common location ID: A041:B70C: D78E::18 Which WAN Edge configuration meets the requirement?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 35

Refer to the exhibit An engineer is getting a CTORGNMMIS error on a controller connection Which action resolves this issue?

A.

Configure a valid serial number on the WAN Edge

B.

Configure a valid organization name

C.

Configure a valid certificate on vSMART

D.

Configure a valid product ID

Full Access
Question # 36

A customer wants to use AWS for Cisco SD-WAN laaS services by deploying virtual SD-WAN routers in a transit AWS VPC The transit VPC then connects via site-to-site IPsec tunnels to an AWS transit gateway Which transit VPC connects via site-to-site IPsec tunnels to an AWS transit gateway?

A.

Cisco Cloud onRamp for Multicloud

B.

Cisco Cloud onRamp for SaaS

C.

Cisco Cloud onRamp for Colocation

D.

Cisco Cloud onRamp for laaS

Full Access
Question # 37

Which website allows access to visualize the geography screen from vManager using the internet?

A.

*.opcnstreetmaps.org

B.

*.fullstreetmaps.org

C.

*.callstreelmaps.org

D.

*.globaistreetmaps.org

Full Access
Question # 38

Which secure connection should be used to access the REST APIs through the Cisco vManage web server?

A.

HTTP inspector interface

B.

authenticated HTTPS

C.

authenticated DTLS

D.

JSON Inspector interface

Full Access
Question # 39

An engineer must create a QoS policy by creating a class map and assigning it to the LLQ queue on a WAN Edge router Which configuration accomplishes the task?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 40

An engineer creates this data policy for DIA for VPN 10:

Which policy sequence enables DIA for external networks?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 41

A customer is receiving routes via OMP from vSmart controller for a specific VPN. The customer must provide access to the W2 loopback received via OMP to the OSPF neighbor on the service-side VPN, which configuration fulfils these requirements?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E.

Option E

Full Access
Question # 42

What is the purpose of ‘’vpn 0’’ in the configuration template when onboarding a WAN edge node?

A.

It carries control traffic over secure DTLS or TLS connections between vSmart controllers and vEdge routers, and between vSmart and vBond

B.

It carries control out-of-band network management traffic among the Viptela devices in the overlay network.

C.

It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vSmart and vManager

D.

It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vSmart and vBond

Full Access
Question # 43

An organization requires the use of integrated preventative engines, exploit protection, and the most updated and advanced signature-based antivirus with sandboxing and threat intelligence to stop malicious attachments before they reach users and get executed. Which Cisco SD-WAN solution meets the requirements?

A.

Cisco Trust Anchor module

B.

URL filtering and Umbrella DNS security

C.

Cisco AMP and Threat Grid

D.

Snort IPS

Full Access
Question # 44

A network administrator configures SNMFV3 on a Cisco WAN Edge router from CL I for monitoring purposes How many characters are supported by the snmp user username command?

A.

from 1 to 8

B.

from 1 to 16

C.

from 1 to 32

D.

from 1 to 48

Full Access
Question # 45

Which two algorithms authenticate a user when configuring SNMPv3 monitoring on a WAN Edge router? (Choose two.)

A.

AES-256

B.

SHA-1

C.

AES-128

D.

MD5

E.

SHA-2

Full Access
Question # 46

Which policy configures an application-aware routing policy under Configuration > Policies?

A.

Localized policy

B.

Centralized policy

C.

Data policy

D.

Control policy

Full Access
Question # 47

Which multicast component is irrelevant when defining a multicast replicator outside the local network without any multicast sources or receivers?

A.

PIM interfaces

B.

TLOC

C.

overlay BFD

D.

OMP

Full Access
Question # 48

An engineer wants to change the configuration of the certificate authorization mode from manual to automated. Which GUI selection will accomplish this?

A.

Maintenance > Security

B.

Configuration > Certificates

C.

Administration > Settings

D.

Tools > Operational Commands

Full Access
Question # 49

What does forward error correction addresses in Cisco SO-WAN?

A.

inefficient traffic forwarding caused oy inbound shapers

B.

reduced application performance degradation rotated to service degradation

C.

applications with occasional invalid data input and poor performance

D.

traffic flows with increased delay over a particular transport

Full Access
Question # 50

Refer to the exhibit The network team must configure El GRP peering at HQ with devices in the service VPN connected to WAN Edge CSRv. CSRv is currently configured with

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 51

Customer has two branch silos with overlapping IPs How must the data policy be configured to establish communication between the sites and server to avoid overlapping?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 52

For data plane resiliency, what does the Cisco SD-WAN software implement?

A.

BFD

B.

establishing affinity between vSmart controllers and WAN Edge routers

C.

multiple vBond orchestrators

D.

OMP

Full Access
Question # 53

Drag and drop the route verification output from show omp tlocs from the left onto the correct explanations on the right.

Full Access
Question # 54

Which two performance data details are provided by Cisco SO-WAN vAnalytics? (Choose two)

A.

jitter loss and latency for data tunnels

B.

application quality of experience score from zero to ten

C.

detail on total cost of ownership for the fabric

D.

certificate authority status (health and expiration dates) for all controllers

E.

view devices connected to a vManage NMS

Full Access
Question # 55

Which configuration changes the packet loss priority from low to highly?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 56

Which VManage dashboard is used to monitor the next-hop reachability between two devices traversing through OMP for a service VPN’

A.

Troubleshooting > App Route Visualization

B.

Troubleshooting > Tunnel Health

C.

Troubleshooting > Simulate Flows

D.

Troubleshooting > Packet Capture

Full Access
Question # 57

Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 58

Refer to the exhibit.

Customer XYZ cannot provison dual connectivity on both Its routers due to budget constratnts but wants to use tnth RI and R2 interface for users behind them for load toward the hub site Which configurauon achieves this objectives?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 59

An engineer configured a data policy called ROME-POLICY. Which configuration allows traffic flow from the Rome internal network toward other sites?

A.

apply-policy site-list Rome data-policy ROME-POLICY from-tunnel

B.

apply-policy site-list Rome data-policy ROME-POLICY from-service

C.

site-list Rome control-policy ROME-POLICY in

D.

site-list Rome control-policy ROME-POLICY out

Full Access
Question # 60

The Cisco SD-WAN engineer is configuring service chaining for a next-generation firewall located at the headquarters. Which configuration creates the service?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 61

Refer to the exhibit.

Customer XYZ cannot provision dual connectivity on both of its routers due to budget constraints but wants to use both R1 and R2 interlaces for users behind them for load balancing toward the hub site. Which configuration achieves this objective?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 62

Refer to the exhibit. Which configuration value is used to change the administrative distance of iBGP routes to 20?

A.

Configure internal Routes Distance to 20

B.

Configure Propagate AS Path to off

C.

Configure Local Distance to 20

D.

Configure External routes distance 20

Full Access
Question # 63

An engineer is configuring a data policy IPv4 prefixes for a site WAN edge device on a site with edge devices. How is this policy added using the policy configuration wizard?

A.

In vManage NMS select (he configure â–º policies screen, select the centralized policy tab and click add policy

B.

In vBood orchestrator. select the configure > policies screen select the localized policy tab. and click add policy

C.

In vManage NMS. select the configure â–º policies screen. select the localized policy tab- and click add policy

D.

In vSmart controller select tie configure â–º policies screen, select the localized policy tab, and click add policy

Full Access
Question # 64

How are custom application ports monitored in Cisco SD-WAN controllers?

A.

Customers add custom application ports in vAnalytics and vManage.

B.

Customers add custom application ports in vAnalytics and vSmart.

C.

Cisco adds custom application ports In vAnalytics and vManage.

D.

Cisco adds custom application ports In vAnalytics and vSmart.

Full Access
Question # 65

Which two actions are necessary to set the Controller Certificate Authorization mode to indicate a root certificate? (Choose two)

A.

Select the Controller Certificate Authorization mode that is recommended by Cisco

B.

Change the organization name of the Cisco SO-WAN fabric.

C.

Upload an SSL certificate to vManape,

D.

Select a private certificate signing authority instead of a public certificate signing authority

E.

Select a validity period from the drop-down menu

Full Access
Question # 66

I

In which file format is a critical severity report downloaded from the MONITOR I ALARM tab in the vManage GUI?

A.

.txt

B.

.pdf

C.

csv

D.

xIsx

Full Access
Question # 67

How many vCPUs and how much RAM are recommended to run the vSmart controller on the KVM server for 251 to 1000 devices in software version 20.4.x?

A.

4vCPUs. 16 GB

B.

4 vCPUs. 8 GB

C.

8vCPUs. 16 GB

D.

2vCPUs.4GB

Full Access
Question # 68

Refer to the exhibit Which command allows traffic through the IPsec tunnel configured in VPN 0?

A.

service local

B.

service FW address 1.1.1.1

C.

service netsvc1 vpn 1

D.

service netsvc1 address 1.1.1.1

Full Access
Question # 69

Which service VPN must be reachable from all WAN Edge devices and the controllers?

A.

VPN0

B.

VPN10

C.

VPN215

D.

VPN512

Full Access
Question # 70

An engineer must apply the configuration for certificate installation to vBond Orchestrator and vSmart Controller. Which configuration accomplishes this task?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 71

An engineer must deploy a QoS policy with these requirements:

• policy name: App-police

• police rate: 1000000

• burst: 1000000

• exceed: drop

Which configuration meets the requirements?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 72

Drag and drop the steps from the left into the order on the right to upload software on vManage repository that is accessible from maintenance > Software Repository.

Full Access
Question # 73

An engineer configures Rome WAN Edge 10 use MPLS cloud as the preferred link to reach Paris WAN Edge and use biz-internet as a backup. Which policy configuration must be led in the outbound direction toward Rome to accomplish the task?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 74

Which two WAN Edge devices should be deployed in a cloud? (Choose two.)

A.

vEdge 5000v

B.

ASR 1000v

C.

CSR 1000v

D.

vEdge 100wm

E.

vEdge cloud

Full Access
Question # 75

Refer to the exhibit. A network administrator is configuring OSPF advanced configuration pararmeters from a template using the vManager GUI for a branch WAN Edge router to calculate the cost of summary routes to an ASBR. Which action achieves this configuration?

A.

Disable RFC 1583 Compatiblt

B.

Enable Originate

C.

Enable RFC 1M3 Compatible

D.

Disable Original

Full Access
Question # 76

Which command on a WAN Edge device displays the information about the colors present in the fabric that are learned from vSmart via OMP?

A.

show omp tlocs

B.

show omp sessions

C.

show omp peers

D.

show omp route

Full Access
Question # 77

Refer to the exhibit.

A network administrator is configuring OMP in vManage to advertise all the paths for the same prefix from a site that has two WAN Edge devices Each WAN Edge device is connected to three ISPs and two private MPLS transports. What is the minimum value for 'Number of Paths advertised per Prefix" that should be configured?

A.

2

B.

3

C.

5

D.

10

Full Access
Question # 78

Refer to the exhibit.

The tunnel interface configuration on both WAN Edge routers is:

Which configuration for WAN Edge routers will connect to the Internet?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 79

A vEdge platform is sending VRRP advertisement messages every 10 seconds. Which value configures the router back to the default timer?

A.

2 seconds

B.

3 seconds

C.

1 second

D.

5 seconds

Full Access
Question # 80

How are policies deployed on cloud-tiosted Cisco SD-WAN controllers?

A.

Policies are created on vSmart and enforced by vSmart

B.

Policies are created on vSmart and enforced by vManage

C.

Policies are created on vManage and enforced by vManage.

D.

Policies are created on vManage and enforced by vSman

Full Access
Question # 81

Which policy blocks TLOCs from remotes and allows TLOCs from the data center to form hub-and-spoke peering?

A.

localized control policy

B.

localized data policy

C.

centralized data policy

D.

centralized control policy

Full Access
Question # 82

Which configuration defines the groups of interest before creation of the access list or route map?

A)

B)

C)

D.

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 83

What is vBond reachability resolved by vManage?

A.

OMP

B.

DNS

C.

BGP

D.

IPsec

Full Access
Question # 84

An engineering team must prepare a traffic engineering policy where an MPLS circuit is preferred for traffic coming from the Admin VLAN Internet should be used as a backup only. Which configuration fulfill this requirement?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 85

Which application list is preconfigured?

A.

Google_Apps

B.

Cisco Apps

C.

Microsoft_Office365

D.

P2P_Apps

Full Access
Question # 86

Refer to the exhibit The network team must configure ElGRP peering at HQ with devices in the service VPN connected to WAN Edge CSRv. CSRv is currently configured with

Which configuration on the WAN Edge meets the requiremnet

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 87

Company ABC has decided to deploy the controllers using the On-Prem method. How does the administrator upload the WAN Edge list to the vManage?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 88

In an AWS cloud, which feature provision WAN Edge routers automatically in Cisco SD-WAN?

A.

Cloud app

B.

Cloud OnRamp

C.

vAnalytics

D.

Network Designer

Full Access
Question # 89

Refer to the exhibit Cisco SD-WAN is deployed with controllers hosted in a data center All branches have WAN Edge devices with dual connections to the data center one via Internet and the other using MPLS Three branches out of 20 have issues with their control connections on MPLS circuit The local error refers to Control Connection Failure Which action resolves the issue*?

A.

Rectify any issues with the underlay routing configuration

B.

Match the TLOC color on the controllers and all WAN Edge devices

C.

Match certificates for the DTLS connection and Root CA must be installed first on WAN Edge devices

D.

Update the system IP on vManage and then resend it to the controllers

Full Access
Question # 90

Which feature allows reachability to an organization’s internally hosted application for an active DNS security policy on a device?

A.

local domain bypass

B.

DHCP option 6

C.

DNSCrypt configurator

D.

data pokey with redirect

Full Access
Question # 91

A customer has 1 to 100 service VPNs and wants to restrict outbound updates for VPN1 Which control policy configuration restricts these updates?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 92

Which protocol runs between the vSmart controllers and WAN Edge routers when the vSmart controller acts like a route reflector?

A.

OMP outside the DTLS/TLS control connection

B.

BGP inside the DTLS/TLS

C.

IPsec inside the DTLS/TLS control connection

D.

OMP inside the DTLS/TLS control connection

Full Access
Question # 93

Which table is used by the vSmart controller to maintain service routes of the WAN Edge routers in the hub and local branches?

A.

RIB

B.

FIB

C.

OMP

D.

TLOC

Full Access
Question # 94

A network administrator is configuring a centralized control policy based on match action pairs for multiple conditions, which order must be configured to prefer Prefix List over TLOC and TLOC over Origin?

A.

highest to lowest sequence number

B.

nonsequential order

C.

deterministic order

D.

lowest to highest sequence number

Full Access
Question # 95

Refer to the exhibit, which configuration configures IPsec tunnels in active and standby?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 96

Refer to the exhibit. The network administrator has configured a centralized topology policy that results in the displayed routing table at a branch office. Which two configurations are verified by the output? [Choose two.)

A.

The routing table is for the transport VPN.

B.

The default route is learned via OMP.

C.

This routing table is from a cEdge router.

D.

The default route is configured locally.

E.

The configured policy is adding a route tag of 300 to learned routes.

Full Access
Question # 97

Refer to the exhibit.

The Cisco SD-WAN network is configured with a default full-mesh topology. An engineer wants Paris WAN Edge to use the Internet HOC as the preferred TLOC for MSN Messenger and AOL Messenger traffic. Which policy achieves this goal?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 98

Which TCP Optimization feature is used by WAN Edge to prevent unnecessary retransmissions and large initial TCP window sizes to maximize throughput and achieve a better quality?

A.

SEQ

B.

SYN

C.

RTT

D.

SACK

Full Access
Question # 99

How is the scalability of the vManage increased in Cisco SD-WAN Fabric?

A.

Increase licensing on the vManage

B.

Deploy multiple vManage controllers in a cluster

C.

Deploy more than one vManage controllers on different physical server.

D.

Increase the bandwidth of the WAN link connected to the vManage

Full Access
Question # 100

A large retail organization decided to move some of the branch applications to the AWS cloud. How does the network architect extend the in-house Cisco SD-WAN branch to cloud network into AWS?

A.

Create virtual WAN Edge devices Cloud through the AWS online software store

B.

Create virtual instances of vSmart Cloud through the AWS online software store

C.

Create GRE tunnels to AWS from each branch over the Internet

D.

Install the AWS Cloud Router in the main data center and provide the connectivity from each branch

Full Access
Question # 101

What is the default value for the Multiplier field of the BFD basic configuration in vManage?

A.

3

B.

4

C.

5

D.

6

Full Access
Question # 102

Which command verifies a policy that has been pushed to the vEdge router?

A.

vEdge# show running-config data policy

B.

vEdge# show policy from-vsmart

C.

vSmart# show running-config policy

D.

vSmart# show running-config apply-policy

Full Access
Question # 103

Refer to the exhibit. An enterprise decides to use the Cisco SD-WAN Cloud onRamp for SaaS feature and utilize H.Q site Biz iNET to reach SaaS Cloud for branch C. currently reaching SaaS Cloud directly. Which role must be assigned to devices at both sites in vManage Cloud Express for this solution to work?

A.

H.Q to be added as Gateway and Branch as DIA.

B.

Branch to be added as Client Sites and H.Q as DIA.

C.

Branch to be added as DIA and H.Q as Client Site.

D.

H.Q to be added as Gateway and Branch as Client Site.

Full Access
Question # 104

What are the two impacts of losing vManage connectivity to fabric in the Cisco SD-WAN network? (Choose two)

A.

Policy changes propagation stops

B.

Statistics collection stops

C.

BFD peering between WAN Edge devices are unestablished

D.

Creation of templates is impossible

E.

IPsec tunnels tear down for WAN Edge devices.

Full Access
Question # 105

Refer to the exhibit.

Which two configurations are needed to get the WAN Edges registered with the controllers when certificates are used? (Choose two)

A.

Generate a CSR manually within vManage server

B.

Generate a CSR manually on the WAN Edge

C.

Request a certificate manually from the Enterprise CA server

D.

Install the certificate received from the CA server manually on the WAN Edge

E.

Install the certificate received from the CA server manually on the vManage

Full Access
Question # 106

Drag and drop the steps from the left Into the order on the right to delete a software image for a WAN Edge router starting with Maintenance > Software Upgrade > Device list on vManage.

Full Access
Question # 107

A network engineer must configure all branches to communicate with each other through the Service Chain Firewall located at the headquarters site. Which configuration allows the engineer to accomplish this task?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 108

When redistribution is configured between OMP and BGP at two Data Center sites that have Direct Connection interlink, which step avoids learning the same routes on WAN Edge routers of the DCs from LAN?

A.

Define different VRFs on both DCs

B.

Set same overlay AS on both DC WAN Edge routers

C.

Set down-bit on Edge routers on DC1

D.

Set OMP admin distance lower than BGP admin distance

Full Access
Question # 109

When the VPN membership policy is being controlled at the vSmart controller, which policy disallows VPN 1 at sites 20 and 30?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 110

How must the application-aware enterprise firewall policies be applied within the same WAN Edge router?

A.

within and between zones

B.

between two VPN tunnels

C.

within zone pair

D.

between two VRFs

Full Access
Question # 111

Which protocol is used to measure loss latency, Jitter, and liveliness of the tunnel between WAN Edge router peers?

A.

OMP

B.

IP SLA

C.

NetFlow

D.

BFD

Full Access
Question # 112

What is an attribute of TLOC’?

A.

encryption

B.

local preference

C.

tag

D.

service

Full Access
Question # 113

Which protocol is configured on tunnels by default to detect loss, latency, jitter, and path failures in Cisco SD-WAN?

A.

TLS

B.

BFD

C.

OMP

D.

BGP

Full Access
Question # 114

An engineer is configuring the branch office with a 172.16.0.0/16 subnet to use DIA for Internet traffic. All other traffic must flow to the central site or branches using the MPLS circuit Which configuration meets the requirement?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access