Easter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Implementing Cisco SD-WAN Solutions (ENSDWI) Question and Answers

Implementing Cisco SD-WAN Solutions (ENSDWI)

Last Update May 18, 2024
Total Questions : 359

We are offering FREE 300-415 Cisco exam questions. All you do is to just go and sign up. Give your details, prepare 300-415 free exam questions and then go for complete pool of Implementing Cisco SD-WAN Solutions (ENSDWI) test questions that will help you more.

300-415 pdf

300-415 PDF

$38.5  $109.99
300-415 Engine

300-415 Testing Engine

$45.5  $129.99
300-415 PDF + Engine

300-415 PDF + Testing Engine

$59.5  $169.99
Questions 1

Which two features does the application firewall provide? (Choose two.)

Options:

A.  

classification of 1400+ layer 7 applications

B.  

blocks traffic by application or application-family

C.  

numbered sequences of match-action pairs

D.  

classification of 1000+ layer 4 applications

E.  

application match parameters

Discussion 0
Questions 2

An engineer is configuring a WAN Edge router for DIA based on matching QoS parameters. Which two actions accomplish this task? (Choose two.)

Options:

A.  

Apply a QoS map policy.

B.  

Configure a control policy.

C.  

Configure a centralized data policy.

D.  

Configure NAT on the transport interface.

E.  

Apply a data policy on WAN interface.

Discussion 0
Questions 3

Drag and drop the devices from the left onto the correct functions on the right.

Options:

Discussion 0
Questions 4

Drag and drop the devices from the left onto the correct functions on the right.

Options:

Discussion 0
Questions 5

An engineer must create a QoS policy by creating a class map and assigning it to the LLQ queue on a WAN Edge router Which configuration accomplishes the task?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 6

A policy is created to influence routing path in the network using a group of prefixes. What policy application will achieve this goal when applied to a site List?

Options:

A.  

vpn-membership policy

B.  

cflowd-template

C.  

app-route policy

D.  

control-policy

Discussion 0
Questions 7

An organization requires the use of integrated preventative engines, exploit protection, and the most updated and advanced signature-based antivirus with sandboxing and threat intelligence to stop malicious attachments before they reach users and get executed. Which Cisco SD-WAN solution meets the requirements?

Options:

A.  

Cisco Trust Anchor module

B.  

URL filtering and Umbrella DNS security

C.  

Cisco AMP and Threat Grid

D.  

Snort IPS

Discussion 0
Questions 8

If Smart Account Sync is not used, which Cisco SD-WAN component is used to upload an authorized serial number file?

Options:

A.  

WAN Edge

B.  

vManage

C.  

vSmart

D.  

vBond

Discussion 0
Questions 9

Refer to the exhibit, which configuration configures IPsec tunnels in active and standby?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 10

Which two REST API functions are performed for Cisco devices in an overlay network? (Choose two)

Options:

A.  

distributing a Snort image among devices

B.  

attaching a device configuration template

C.  

managing connections for smart licensing

D.  

monitoring device certificates

E.  

querying a device and aggregating statistics

Discussion 0
Questions 11

Refer to the exhibit.

Customer XYZ cannot provison dual connectivity on both Its routers due to budget constratnts but wants to use tnth RI and R2 interface for users behind them for load toward the hub site Which configurauon achieves this objectives?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 12

Refer to exhibit.

An engineer is troubleshooting tear down of control connections even though a valid Certificate Serial Number is entered Which two actions resolve the Issue? (Choose two)

Options:

A.  

Enter a valid serial number on the controllers for a given device

B.  

Remove the duplicate IP in the network.

C.  

Enter a valid product ID (model) on the PNP portal

D.  

Match the serial number file between the controllers

E.  

Restore network reachability for the controller

Discussion 0
Questions 13

A customer is receiving routes via OMP from vSmart controller for a specific VPN. The customer must provide access to the W2 loopback received via OMP to the OSPF neighbor on the service-side VPN, which configuration fulfils these requirements?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

E.  

Option E

Discussion 0
Questions 14

Refer to the exhibit.

Which two configurations are needed to get the WAN Edges registered with the controllers when certificates are used? (Choose two)

Options:

A.  

Generate a CSR manually within vManage server

B.  

Generate a CSR manually on the WAN Edge

C.  

Request a certificate manually from the Enterprise CA server

D.  

Install the certificate received from the CA server manually on the WAN Edge

E.  

Install the certificate received from the CA server manually on the vManage

Discussion 0
Questions 15

An engineering team must prepare a traffic engineering policy where an MPLS circuit is preferred for traffic coming from the Admin VLAN Internet should be used as a backup only. Which configuration fulfill this requirement?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 16

A network administrator is configuring an application-aware firewall between inside zones to an outside zone on a WAN edge router using vManage GUI. What kind of Inspection is performed when the ‘’inspect’’ action is used?

Options:

A.  

stateful inspection for TCP and UDP

B.  

stateful inspection for TCP and stateless inspection of UDP

C.  

IPS inspection for TCP and-Layer 4 inspection for UDP

D.  

Layer 7 inspection for TCP and Layer 4 inspection for UDP

Discussion 0
Questions 17

An enterprise needs DIA on some of its branches with a common location ID: A041:B70C: D78E::18 Which WAN Edge configuration meets the requirement?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 18

An engineer wants to automate the onboarding process for a WAN Edge router with vManage. Which command will accomplish this?

Options:

A.  

request vedge-cloud activate chassis-number serial

B.  

request vedge-cloud activate chassis-number token

C.  

request vedge-cloud activate serial token

D.  

request vedge-cloud activate chassis-number organization

Discussion 0
Questions 19

Which two hardware platforms support Cisco IOS XE SD-WAN images'' (Choose two)

Options:

A.  

ASR1000 series

B.  

ISR9300 series

C.  

vEdge-1000 series

D.  

ASR9000 series

E.  

ISR4000 series

Discussion 0
Questions 20

Which hardware component is involved in the Cisco SD-WAN authentication process for ISR platforms?

Options:

A.  

TPMD

B.  

ZTP

C.  

TPC

D.  

SUDI

Discussion 0
Questions 21

Refer to the exhibit.

An engineer configured OMP with an overlay-as of 10666. What is the AS-PATH for prefix 104.104.104.104/32 on R100?

Options:

A.  

100 10666

B.  

100 20 104

C.  

100 10666 20 104

D.  

100 10666 104

Discussion 0
Questions 22

Refer to the exhibit An engineer is configuring a QoS policy to shape traffic for VLAN 100 on a subinterface Which policy configuration accomplishes the task?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 23

What is an advantage of using auto mode versus static mode of power allocation when an access point is connected to a PoE switch port?

Options:

A.  

It detects the device is a powered device

B.  

All four pairs of the cable are used

C.  

Power policing is enabled at the same time

D.  

The default level is used for the access point

Discussion 0
Questions 24

An engineer is adding a tenant with location JD 306432373 in vManage. What is the maximum number of alphanumeric characters that are accepted in the tenant name field?

Options:

A.  

64

B.  

128

C.  

256

D.  

8

Discussion 0
Questions 25

What prohibits deleting a VNF image from the software repository?

Options:

A.  

if the image is stored by vManage

B.  

if the image is referenced by a service chain

C.  

if the image is uploaded by a WAN Edge device

D.  

if the image is included in a configured policy

Discussion 0
Questions 26

Which port is used for vBond under controller certificates if no alternate port is configured?

Options:

A.  

12345

B.  

12347

C.  

12346

D.  

12344

Discussion 0
Questions 27

Which secure connection should be used to access the REST APIs through the Cisco vManage web server?

Options:

A.  

HTTP inspector interface

B.  

authenticated HTTPS

C.  

authenticated DTLS

D.  

JSON Inspector interface

Discussion 0
Questions 28

When the VPN membership policy is being controlled at the vSmart controller, which policy disallows VPN 1 at sites 20 and 30?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 29

An engineer is applying QoS policy for the transport-side tunnel interfaces to enable scheduling and shaping for a WAN Edge cloud router Which command accomplishes the task?

Options:

A.  

cloud-qos-service-side

B.  

qos-scheduler QOS_0

C.  

qos-map QOS

D.  

rewrite-rule QOS-REWRITE

Discussion 0
Questions 30

What is the main purpose of using TLOC extensions in WAN Edge router configuration?

Options:

A.  

creates hardware-level transport redundancy at the local site

B.  

creates an IPsec tunnel from WAN Edge to vBond Orchestrator

C.  

transports control traffic to a redundant vSmart Controller

D.  

transports control traffic w remote-site WAN Edge routers

Discussion 0
Questions 31

An engineer is configuring the branch office with a 172.16.0.0/16 subnet to use DIA for Internet traffic. All other traffic must flow to the central site or branches using the MPLS circuit Which configuration meets the requirement?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 32

Which configuration component is used in a firewall security policy?

Options:

A.  

numbered sequences of match-action pairs

B.  

application match parameters

C.  

URL filtering policy

D.  

intrusion prevention policy

Discussion 0
Questions 33

Which pathway under Monitor > Network > Select Device is used to verify service insertion configuration?

Options:

A.  

System Status

B.  

Troubleshooting

C.  

Real Time

D.  

Events

Discussion 0
Questions 34

An engineer is configuring a data policy for IPv4 prefixes for a single WAN Edge device on a site with multiple WAN Edge devices How is this policy added using the policy configuration wizard?

Options:

A.  

ln vManage NMS, select the configure ► policies screen, select the localized policy tab and click add policy

B.  

In vSmart controller, select the configure ► policies screen, select the localized policy tab. and click add policy

C.  

In vManage NMS. select the configure ► policies screen select the centralized policy tab and click add policy

D.  

In vBond orchestrator. select the configure ► policies screen, select the localized policy tab. and click add policy

Discussion 0
Questions 35

Refer to the exhibit.

The control connection is failing. Which action resolves the issue?

Options:

A.  

import vSmart in vManager

B.  

Validate the certificates authenticity on vSmart

C.  

Upload the WAN Edge list on vManage.

D.  

Restore the reachability to the vSmart

Discussion 0
Questions 36

WAN Edge routers are configured manually to use UDP port offset to use nondefault offset values when IPsec tunnels are created. What is the offse range?

Options:

A.  

1-19

B.  

0-18

C.  

0-19

D.  

1-18

Discussion 0
Questions 37

An engineer builds a three-node vManage cluster and then realizes that multiple nodes are unnecessary for the size of the company. How should the engineer revert the setup to a single vManage?

Options:

A.  

Remove two rode from the three-node vManage duster

B.  

Use the cluster conversion utility lo convert to standalone vManage

C.  

Restore vManage from the backup VM snapshot

D.  

Leave the duller as & and point to one vManage

Discussion 0
Questions 38

Which command on a WAN Edge device displays the information about the colors present in the fabric that are learned from vSmart via OMP?

Options:

A.  

show omp tlocs

B.  

show omp sessions

C.  

show omp peers

D.  

show omp route

Discussion 0
Questions 39

A network administrator is configuring a tunnel interface on a branch Cisco IOS XE router to run TLOC extensions. Which configuration will extend a TLOC over a GRE tunnel to another router in the branch?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 40

A large retail organization decided to move some of the branch applications to the AWS cloud. How does the network architect extend the in-house Cisco SD-WAN branch to cloud network into AWS?

Options:

A.  

Create virtual WAN Edge devices Cloud through the AWS online software store

B.  

Create virtual instances of vSmart Cloud through the AWS online software store

C.  

Create GRE tunnels to AWS from each branch over the Internet

D.  

Install the AWS Cloud Router in the main data center and provide the connectivity from each branch

Discussion 0
Questions 41

Refer to the exhibit Cisco SD-WAN is deployed with controllers hosted in a data center All branches have WAN Edge devices with dual connections to the data center one via Internet and the other using MPLS Three branches out of 20 have issues with their control connections on MPLS circuit The local error refers to Control Connection Failure Which action resolves the issue*?

Options:

A.  

Rectify any issues with the underlay routing configuration

B.  

Match the TLOC color on the controllers and all WAN Edge devices

C.  

Match certificates for the DTLS connection and Root CA must be installed first on WAN Edge devices

D.  

Update the system IP on vManage and then resend it to the controllers

Discussion 0
Questions 42

A network administrator is tasked to make sure that an OMP peer session is closed after missing three consecutive keepalive messages in 3 minutes. Additionally, route updates must be sent every minute. If a WAN Edge router becomes unavailable, the peer must use last known information to forward packets for 12 hours. Which set of configuration commands accomplishes this task?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 43

A customer wants to use AWS for Cisco SD-WAN laaS services by deploying virtual SD-WAN routers in a transit AWS VPC The transit VPC then connects via site-to-site IPsec tunnels to an AWS transit gateway Which transit VPC connects via site-to-site IPsec tunnels to an AWS transit gateway?

Options:

A.  

Cisco Cloud onRamp for Multicloud

B.  

Cisco Cloud onRamp for SaaS

C.  

Cisco Cloud onRamp for Colocation

D.  

Cisco Cloud onRamp for laaS

Discussion 0
Questions 44

Which two products that perform lifecycle management for virtual instances are supported by WAN Edge cloud routers? (Choose two.)

Options:

A.  

OpenStack

B.  

AWS

C.  

VMware vCenter

D.  

Azure

E.  

IBM Cloud

Discussion 0
Questions 45

An engineer is configuring a data policy IPv4 prefixes for a site WAN edge device on a site with edge devices. How is this policy added using the policy configuration wizard?

Options:

A.  

In vManage NMS select (he configure ► policies screen, select the centralized policy tab and click add policy

B.  

In vBood orchestrator. select the configure > policies screen select the localized policy tab. and click add policy

C.  

In vManage NMS. select the configure ► policies screen. select the localized policy tab- and click add policy

D.  

In vSmart controller select tie configure ► policies screen, select the localized policy tab, and click add policy

Discussion 0
Questions 46

An enterprise needs DIA on some of its branches with a common location ID: A041:B70C: D78E::18 Which WAN Edge configuration meets the requirement?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 47

Which two WAN Edge devices should be deployed in a cloud? (Choose two.)

Options:

A.  

vEdge 5000v

B.  

ASR 1000v

C.  

CSR 1000v

D.  

vEdge 100wm

E.  

vEdge cloud

Discussion 0
Questions 48

Which routing protocol is used to exchange control plane information between vSmart controllers and WAN Edge routers in the Cisco SD-WAN secure extensible network?

Options:

A.  

BGP

B.  

OSPF

C.  

BFD

D.  

OMP

Discussion 0
Questions 49

How is the scalability of the vManage increased in Cisco SD-WAN Fabric?

Options:

A.  

Increase licensing on the vManage

B.  

Deploy multiple vManage controllers in a cluster

C.  

Deploy more than one vManage controllers on different physical server.

D.  

Increase the bandwidth of the WAN link connected to the vManage

Discussion 0
Questions 50

Refer to the exhibit Cisco SD-WAN is deployed with controllers hosted in a data center All branches have WAN Edge devices with dual connections to the data center one via Internet and the other using MPLS Three branches out of 20 have issues with their control connections on MPLS circuit The local error refers to Control Connection Failure Which action resolves the issue*?

Options:

A.  

Rectify any issues with the underlay routing configuration

B.  

Match the TLOC color on the controllers and all WAN Edge devices

C.  

Match certificates for the DTLS connection and Root CA must be installed first on WAN Edge devices

D.  

Update the system IP on vManage and then resend it to the controllers

Discussion 0
Questions 51

Which two criteria ate supported to filter traffic on a Cisco Umbrella Cloud-delivered firewall? (Choose two )

Options:

A.  

tunnels

B.  

site ID

C.  

URL

D.  

geolocation

E.  

protocol

Discussion 0
Questions 52

Which logs verify when a device was upgraded?

Options:

A.  

Audit

B.  

Email

C.  

ACL

D.  

SNMP

Discussion 0
Questions 53

Refer to the exhibit, Which configuration routes Site 2 through the firewall in Site 1?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 54

Drag and drop the definitions from the left to the configuration on the right.

Options:

Discussion 0
Questions 55

A customer has MPLS and Internet as the TLOC colors An engineer must configure conlroJIers with the Internet and not with MPLS Which configuration achieves this requirement on vManage?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 56

What is the purpose of ‘’vpn 0’’ in the configuration template when onboarding a WAN edge node?

Options:

A.  

It carries control traffic over secure DTLS or TLS connections between vSmart controllers and vEdge routers, and between vSmart and vBond

B.  

It carries control out-of-band network management traffic among the Viptela devices in the overlay network.

C.  

It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vSmart and vManager

D.  

It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vSmart and vBond

Discussion 0
Questions 57

Which device information is required on PNP/ZTP to support the zero-touch onboarding process?

Options:

A.  

interface IP address

B.  

system IP address

C.  

public DNS entry

D.  

serial and chassis numbers

Discussion 0
Questions 58

Which two actions are necessary to set the Controller Certificate Authorization mode to indicate a root certificate? (Choose two)

Options:

A.  

Select the Controller Certificate Authorization mode that is recommended by Cisco

B.  

Change the organization name of the Cisco SO-WAN fabric.

C.  

Upload an SSL certificate to vManape,

D.  

Select a private certificate signing authority instead of a public certificate signing authority

E.  

Select a validity period from the drop-down menu

Discussion 0
Questions 59

Which policy allows communication between TLOCs of data centers and spokes and blocks communication between spokes?

Options:

A.  

centralized data policy

B.  

centralized control policy

C.  

localized control policy

D.  

localized data policy

Discussion 0
Questions 60

Which device information is required on PNP/ZTP to support the zero-touch onboarding process?

Options:

A.  

interface IP address

B.  

system IP address

C.  

public DNS entry

D.  

serial and chassis numbers

Discussion 0
Questions 61

Refer to the exhibit Which NAT types must the engineer configure for the vEdge router to bring up the data plane tunnels?

Options:

A.  

Enable Full Cone NAT on the vEdge interface

B.  

Use public color on the TLOC

C.  

Use private color on the TLOC

D.  

Enable Symmetric MAT on the vEdge interface

Discussion 0
Questions 62

Which two resource data types are used to collect information for monitoring using REST API in Cisco SD-WAN? (Choose two.)

Options:

A.  

POST

B.  

DELETE

C.  

scalar

D.  

array

E.  

PUT

Discussion 0
Questions 63

What is a benefit of the application aware firewall feature in the Cisco SD-WAN solution?

Options:

A.  

application monitoring

B.  

application malware protection

C.  

application visibility

D.  

control policy enforcement

Discussion 0
Questions 64

What are the two protocols redistributed into OMP? (Choose two.)

Options:

A.  

OSPF

B.  

RIP

C.  

LDP

D.  

RSVP

E.  

EIGRP

Discussion 0
Questions 65

How are custom application ports monitored in Cisco SD-WAN controllers?

Options:

A.  

Customers add custom application ports in vAnalytics and vManage.

B.  

Customers add custom application ports in vAnalytics and vSmart.

C.  

Cisco adds custom application ports In vAnalytics and vManage.

D.  

Cisco adds custom application ports In vAnalytics and vSmart.

Discussion 0
Questions 66

Which two REST API functions are performed for Cisco devices in an overlay network? (Choose two)

Options:

A.  

distributing a Snort image among devices

B.  

attaching a device configuration template

C.  

managing connections for smart licensing

D.  

monitoring device certificates

E.  

querying a device and aggregating statistics

Discussion 0
Questions 67

What are two attributes of vRoute? (Choose two)

Options:

A.  

originator

B.  

service

C.  

encapsulation

D.  

carrier

E.  

domain ID

Discussion 0
Questions 68

Which vBond system configuration under VPN 0 allows for a routable public IP address even if the DNS name, hostname, or IP address of the vBond orchestrator are omitted?

Options:

A.  

local

B.  

vbond-only

C.  

dns-name

D.  

WAN

Discussion 0
Questions 69

Which two algorithms authenticate a user when configuring SNMPv3 monitoring on a WAN Edge router? (Choose two.)

Options:

A.  

AES-256

B.  

SHA-1

C.  

AES-128

D.  

MD5

E.  

SHA-2

Discussion 0
Questions 70

At which layer does the application-aware firewall block applications on a WAN Edge?

Options:

A.  

3

B.  

7

C.  

5

D.  

2

Discussion 0
Questions 71

Refer to exhibit. An engineer is troubleshooting tear of control connection even though a valid CertificateSerialNumber is entered. Which two actions resolve Issue? (Choose two)

Options:

A.  

Restore network reachability on the controller.

B.  

Enter a valid serial cumber on the controller for a given device

C.  

Enter a valid product ID (mode) on the PNP portal.

D.  

Match the serial number file between the controller

E.  

Remove the duplicate IP in the network

Discussion 0
Questions 72

Which command disables the logging of syslog messages to the local disk?

Options:

A.  

no system logging disk enable

B.  

no system logging disk local

C.  

system logging disk disable

D.  

system logging server remote

Discussion 0
Questions 73

Which protocol is used to propagate multicast join requests over the Cisco SD-WAN fabric?

Options:

A.  

ARP

B.  

Auto-RP

C.  

OMP

D.  

IGMP

Discussion 0
Questions 74

Refer to the exhibit A small company was acquired by a large organization As a result, the new organization decided to update information on their Enterprise RootCA and generated a new certificate using openssl Which configuration updates the new certificate and issues an alert in vManage Monitor | Events Dashboard?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 75

Which TCP Optimization feature is used by WAN Edge to prevent unnecessary retransmissions and large initial TCP window sizes to maximize throughput and achieve a better quality?

Options:

A.  

SEQ

B.  

SYN

C.  

RTT

D.  

SACK

Discussion 0
Questions 76

Refer to the exhibit. An engineer is troubleshooting a control connection issue on a WAN Edge device that shows socket errors. The packet capture shows some ICMP packets dropped between the two devices. Which action resolves the issue?

Options:

A.  

Recover the vManage controller that is down m a high availability cluster

B.  

Change the system IP or restart the VWN Edge 4 the system IP is changed

C.  

Remove IP duplication in the network and configure a unique IP address

D.  

Recover vBond or wart for the controller to reload which could be caused by a reset

Discussion 0
Questions 77

Drag and drop the steps from the left into the order on the right to upload software on vManage repository that is accessible from maintenance > Software Repository.

Options:

Discussion 0
Questions 78

Refer to the exhibit. An engineer must block FTP traffic coming in from a particular Service VPN on a WAN Edge device Which set of steps achieves this goal?

Options:

A.  

Create a localized policy and add it to (he interface feature template

B.  

Create a localized policy add it to the device template and add an ACL to the interface feature template

C.  

Create a prefix tat, add it to the localized policy and add it to the interface feature template

D.  

Create a localized policy add it to VPN template and add an ACL to the interface feature template

Discussion 0
Questions 79

Which plane assists in the automatic onboarding of the SD-WAN routers into the SD-WAN overlay?

Options:

A.  

Data

B.  

Orchestration

C.  

Management

D.  

Control

Discussion 0
Questions 80

What are the two advantages of deploying cloud-based Cisco SD-WAN controllers? (Choose two.)

Options:

A.  

centralized control and data plane

B.  

distributed authentication policies

C.  

management of SLA

D.  

infrastructure as a service

E.  

centralized raid storage of data

Discussion 0
Questions 81

Which two mechanisms are used to guarantee the integrity of data packets in the Cisco SD-WAN architecture data plane? {Choose two)

Options:

A.  

transport locations

B.  

authentication headers

C.  

certificates

D.  

TPM chip

E.  

encapsulation security payload

Discussion 0
Questions 82

What is the result during a WAN Edge software upgrade process if the version of the WAN Edge software is higher than the one running on a controller device?

Options:

A.  

The upgrade button is greyed out

B.  

The upgrade proceeds with no warning message.

C.  

The upgrade fails with a warning message

D.  

The upgrade proceeds with a warning message

Discussion 0
Questions 83

Which encryption algorithm is used for encrypting SD-WAN data plane traffic?

Options:

A.  

Triple DES

B.  

IPsec

C.  

AES-128

D.  

AES-256 GCM

Discussion 0
Questions 84

What is the maximum number of IPsec that are temporarily created and converged on a new set if IPsec Sas in the pairwise keys process during a simultaneous rekey?

Options:

A.  

2

B.  

4

C.  

6

D.  

8

Discussion 0
Questions 85

Refer to the exhibit. An enterprise network is connected with an ISP network on an 80 Mbps bandwidth link. The network operation team observes 100 Mbps traffic on the 1Gig-ISP link during peak hours Which configuration provides bandwidth control to avoid traffic congestion during peak hours?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 86

Refer to the exhibit.

An MPLS connection on R2 must extend to R1 Users behind R1 must have dual connectivity for data traffic Which configuration provides R1 control connectivity over the MPLS connection?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 87

Drag and drop the REST API calls from the left onto the functions on the right.

Options:

Discussion 0
Questions 88

In a Cisco SD-WAN architecture, what is the role of the WAN Edge?

Options:

A.  

It provides orchestration to assist in automatic provisioning of WAN Edge routers and overlay

B.  

It is the management plane responsible for centralized configuration and monitoring

C.  

It is the control plane that builds and maintains network topology

D.  

It is the data plane that is responsible for forwarding traffic

Discussion 0
Questions 89

Which protocol is used for the vManage to connect to the vSmart Controller hosted in Cloud?

Options:

A.  

PnP Server

B.  

ZTP

C.  

NETCONF

D.  

HTTP

Discussion 0
Questions 90

An engineer is troubleshooting a vEdge router and identifies a “DCONFAIL – DTLS connection failure” message. What is the problem?

Options:

A.  

certificate mismatch

B.  

organization mismatch

C.  

memory issue

D.  

connectivity issue

Discussion 0
Questions 91

Refer to exhibit.

An engineer is troubleshooting tear down of control connections even though a valid Certificate Serial Number is entered Which two actions resolve the Issue? (Choose two)

Options:

A.  

Enter a valid serial number on the controllers for a given device

B.  

Remove the duplicate IP in the network.

C.  

Enter a valid product ID (model) on the PNP portal

D.  

Match the serial number file between the controllers

E.  

Restore network reachability for the controller

Discussion 0
Questions 92

Which routes are similar to the IP route advertisements when the routing information of WAN Edge routers is learned from the local site and local routing protocols?

Options:

A.  

service

B.  

BGP

C.  

TLOC

D.  

OMP

Discussion 0
Questions 93

Drag and drop the steps from the left into the order on the right to upload software on vManage repository that is accessible from maintenance > Software Repository.

Options:

Discussion 0
Questions 94

Refer to the exhibit.

An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 95

Refer to the exhibit.

The engineer must assign community tags to 3 of its 74 critical server networks as soon as that are advertised to BGP peers. These server networks must not be advertised outside AS. Which configuration fulfill this requirement?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 96

Which two actions are necessary to set the Controller Certificate Authorization mode to indicate a root certificate? (Choose two)

Options:

A.  

Select the Controller Certificate Authorization mode that is recommended by Cisco

B.  

Change the organization name of the Cisco SO-WAN fabric.

C.  

Upload an SSL certificate to vManape,

D.  

Select a private certificate signing authority instead of a public certificate signing authority

E.  

Select a validity period from the drop-down menu

Discussion 0
Questions 97

Which policy tracks path characteristics such as loss, latency, and jitter in vManage?

Options:

A.  

VPN

B.  

control

C.  

app-route

D.  

data

Discussion 0
Questions 98

How should the IP addresses be assigned for all members of a Cisco vManage cluster located in the same data center?

Options:

A.  

in the same subnet

B.  

in overlapping IPs

C.  

in each controller with a /32 subnet

D.  

in different subnets

Discussion 0
Questions 99

An engineer modifies a data policy for DIA in VPN 67. The location has two Internet-bound circuits. Only the web browsing traffic must be admitted for DIA. without further discrimination about which transport to use.

Here is the existing data policy configuration:

Which policy configuration sequence meets the requirements?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 100

How is the software managed in Cisco SD-WAN?

Options:

A.  

Software images must be uploaded to vManage through HTTP or FTP

B.  

Software downgrades are unsupported for vManage

C.  

Software images must be transferred through VPN 512 or VPN 0 of vManage

D.  

Software upgrade operation in the group must include vManage. vBond, and vSmart.

Discussion 0
Questions 101

Which protocol is used between redundant vSmart controllers to establish a permanent communication channel?

Options:

A.  

IPsec

B.  

HTTPs

C.  

DTLS

D.  

SSL

Discussion 0
Questions 102

Refer to the exhibit.

An MPLS connection on R2 must extend to R1 Users behind R1 must have dual connectivity for data traffic Which configuration provides R1 control connectivity over the MPLS connection?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 103

Which two mechanisms are used by vManage to ensure that the certificate serial number of the WAN Edge router that is needed to authenticate is listed in the WAN Edge Authorized Señal Number Hst’ (Choose two)

Options:

A.  

Synchronize to the PnP

B.  

Manually upload it to vManage

C.  

The devices register to vManage directly as the devices come online

D.  

The vManage is shipped with the list

E.  

Synchronize to the Smart Account

Discussion 0
Questions 104

Refer to the exhibit. An administrator is configuring a policy in addition to an existing hub-and-spoke policy for two sites that should directly communicate with each other. How is this policy configured?

Options:

A.  

hub-and-spoke

B.  

mesh

C.  

import existing topology

D.  

custom control (route and TLOC)

Discussion 0
Questions 105

Which VPN must be present on at least one interface to install Cisco vManage and integrate it with WAN Edge devices in an overlay network site ID:S4307T7E78F29?

Options:

A.  

VPN 512

B.  

any VPN number selected

C.  

services VPN range 0-511

D.  

VPNO

Discussion 0
Questions 106

Refer to the exhibit The engineering must assign tags to 3 Of its 74 server networks as soon as they are advertised to peers These server network must not be advertised AS which configuration fulfil the requirement?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 107

What is the default value for the Multiplier field of the BFD basic configuration in vManage?

Options:

A.  

3

B.  

4

C.  

5

D.  

6

Discussion 0