Which two features does the application firewall provide? (Choose two.)

An engineer is configuring a WAN Edge router for DIA based on matching QoS parameters. Which two actions accomplish this task? (Choose two.)

Drag and drop the devices from the left onto the correct functions on the right.

Drag and drop the devices from the left onto the correct functions on the right.

An engineer must create a QoS policy by creating a class map and assigning it to the LLQ queue on a WAN Edge router Which configuration accomplishes the task?

A)

B)

C)

D)

A policy is created to influence routing path in the network using a group of prefixes. What policy application will achieve this goal when applied to a site List?

An organization requires the use of integrated preventative engines, exploit protection, and the most updated and advanced signature-based antivirus with sandboxing and threat intelligence to stop malicious attachments before they reach users and get executed. Which Cisco SD-WAN solution meets the requirements?

If Smart Account Sync is not used, which Cisco SD-WAN component is used to upload an authorized serial number file?

Refer to the exhibit, which configuration configures IPsec tunnels in active and standby?

Which two REST API functions are performed for Cisco devices in an overlay network? (Choose two)

Refer to the exhibit.

Customer XYZ cannot provison dual connectivity on both Its routers due to budget constratnts but wants to use tnth RI and R2 interface for users behind them for load toward the hub site Which configurauon achieves this objectives?

A)

B)

C)

D)

Refer to exhibit.

An engineer is troubleshooting tear down of control connections even though a valid Certificate Serial Number is entered Which two actions resolve the Issue? (Choose two)

A customer is receiving routes via OMP from vSmart controller for a specific VPN. The customer must provide access to the W2 loopback received via OMP to the OSPF neighbor on the service-side VPN, which configuration fulfils these requirements?

Refer to the exhibit.

Which two configurations are needed to get the WAN Edges registered with the controllers when certificates are used? (Choose two)

An engineering team must prepare a traffic engineering policy where an MPLS circuit is preferred for traffic coming from the Admin VLAN Internet should be used as a backup only. Which configuration fulfill this requirement?

A)

B)

C)

D)

A network administrator is configuring an application-aware firewall between inside zones to an outside zone on a WAN edge router using vManage GUI. What kind of Inspection is performed when the ‘’inspect’’ action is used?

An enterprise needs DIA on some of its branches with a common location ID: A041:B70C: D78E::18 Which WAN Edge configuration meets the requirement?

A)

B)

C)

D)

An engineer wants to automate the onboarding process for a WAN Edge router with vManage. Which command will accomplish this?

Which two hardware platforms support Cisco IOS XE SD-WAN images'' (Choose two)

Which hardware component is involved in the Cisco SD-WAN authentication process for ISR platforms?

Refer to the exhibit.

An engineer configured OMP with an overlay-as of 10666. What is the AS-PATH for prefix 104.104.104.104/32 on R100?

Refer to the exhibit An engineer is configuring a QoS policy to shape traffic for VLAN 100 on a subinterface Which policy configuration accomplishes the task?

A)

B)

C)

D)

What is an advantage of using auto mode versus static mode of power allocation when an access point is connected to a PoE switch port?

An engineer is adding a tenant with location JD 306432373 in vManage. What is the maximum number of alphanumeric characters that are accepted in the tenant name field?

What prohibits deleting a VNF image from the software repository?

Which port is used for vBond under controller certificates if no alternate port is configured?

Which secure connection should be used to access the REST APIs through the Cisco vManage web server?

When the VPN membership policy is being controlled at the vSmart controller, which policy disallows VPN 1 at sites 20 and 30?

A)

B)

C)

D)

An engineer is applying QoS policy for the transport-side tunnel interfaces to enable scheduling and shaping for a WAN Edge cloud router Which command accomplishes the task?

What is the main purpose of using TLOC extensions in WAN Edge router configuration?

An engineer is configuring the branch office with a 172.16.0.0/16 subnet to use DIA for Internet traffic. All other traffic must flow to the central site or branches using the MPLS circuit Which configuration meets the requirement?

A)

B)

C)

D)

Which configuration component is used in a firewall security policy?

Which pathway under Monitor > Network > Select Device is used to verify service insertion configuration?

An engineer is configuring a data policy for IPv4 prefixes for a single WAN Edge device on a site with multiple WAN Edge devices How is this policy added using the policy configuration wizard?

Refer to the exhibit.

The control connection is failing. Which action resolves the issue?

WAN Edge routers are configured manually to use UDP port offset to use nondefault offset values when IPsec tunnels are created. What is the offse range?

An engineer builds a three-node vManage cluster and then realizes that multiple nodes are unnecessary for the size of the company. How should the engineer revert the setup to a single vManage?

Which command on a WAN Edge device displays the information about the colors present in the fabric that are learned from vSmart via OMP?

A network administrator is configuring a tunnel interface on a branch Cisco IOS XE router to run TLOC extensions. Which configuration will extend a TLOC over a GRE tunnel to another router in the branch?

A large retail organization decided to move some of the branch applications to the AWS cloud. How does the network architect extend the in-house Cisco SD-WAN branch to cloud network into AWS?

Refer to the exhibit Cisco SD-WAN is deployed with controllers hosted in a data center All branches have WAN Edge devices with dual connections to the data center one via Internet and the other using MPLS Three branches out of 20 have issues with their control connections on MPLS circuit The local error refers to Control Connection Failure Which action resolves the issue*?

A network administrator is tasked to make sure that an OMP peer session is closed after missing three consecutive keepalive messages in 3 minutes. Additionally, route updates must be sent every minute. If a WAN Edge router becomes unavailable, the peer must use last known information to forward packets for 12 hours. Which set of configuration commands accomplishes this task?

A customer wants to use AWS for Cisco SD-WAN laaS services by deploying virtual SD-WAN routers in a transit AWS VPC The transit VPC then connects via site-to-site IPsec tunnels to an AWS transit gateway Which transit VPC connects via site-to-site IPsec tunnels to an AWS transit gateway?

Which two products that perform lifecycle management for virtual instances are supported by WAN Edge cloud routers? (Choose two.)

An engineer is configuring a data policy IPv4 prefixes for a site WAN edge device on a site with edge devices. How is this policy added using the policy configuration wizard?

An enterprise needs DIA on some of its branches with a common location ID: A041:B70C: D78E::18 Which WAN Edge configuration meets the requirement?

A)

B)

C)

D)

Which two WAN Edge devices should be deployed in a cloud? (Choose two.)

Which routing protocol is used to exchange control plane information between vSmart controllers and WAN Edge routers in the Cisco SD-WAN secure extensible network?

How is the scalability of the vManage increased in Cisco SD-WAN Fabric?

Refer to the exhibit Cisco SD-WAN is deployed with controllers hosted in a data center All branches have WAN Edge devices with dual connections to the data center one via Internet and the other using MPLS Three branches out of 20 have issues with their control connections on MPLS circuit The local error refers to Control Connection Failure Which action resolves the issue*?

Which two criteria ate supported to filter traffic on a Cisco Umbrella Cloud-delivered firewall? (Choose two )

Which logs verify when a device was upgraded?

Refer to the exhibit, Which configuration routes Site 2 through the firewall in Site 1?

Drag and drop the definitions from the left to the configuration on the right.

A customer has MPLS and Internet as the TLOC colors An engineer must configure conlroJIers with the Internet and not with MPLS Which configuration achieves this requirement on vManage?

A)

B)

C)

D)

What is the purpose of ‘’vpn 0’’ in the configuration template when onboarding a WAN edge node?

Which device information is required on PNP/ZTP to support the zero-touch onboarding process?

Which two actions are necessary to set the Controller Certificate Authorization mode to indicate a root certificate? (Choose two)

Which policy allows communication between TLOCs of data centers and spokes and blocks communication between spokes?

Which device information is required on PNP/ZTP to support the zero-touch onboarding process?

Refer to the exhibit Which NAT types must the engineer configure for the vEdge router to bring up the data plane tunnels?

Which two resource data types are used to collect information for monitoring using REST API in Cisco SD-WAN? (Choose two.)

What is a benefit of the application aware firewall feature in the Cisco SD-WAN solution?

What are the two protocols redistributed into OMP? (Choose two.)

How are custom application ports monitored in Cisco SD-WAN controllers?

Which two REST API functions are performed for Cisco devices in an overlay network? (Choose two)

What are two attributes of vRoute? (Choose two)

Which vBond system configuration under VPN 0 allows for a routable public IP address even if the DNS name, hostname, or IP address of the vBond orchestrator are omitted?

Which two algorithms authenticate a user when configuring SNMPv3 monitoring on a WAN Edge router? (Choose two.)

At which layer does the application-aware firewall block applications on a WAN Edge?

Refer to exhibit. An engineer is troubleshooting tear of control connection even though a valid CertificateSerialNumber is entered. Which two actions resolve Issue? (Choose two)

Which command disables the logging of syslog messages to the local disk?

Which protocol is used to propagate multicast join requests over the Cisco SD-WAN fabric?

Refer to the exhibit A small company was acquired by a large organization As a result, the new organization decided to update information on their Enterprise RootCA and generated a new certificate using openssl Which configuration updates the new certificate and issues an alert in vManage Monitor | Events Dashboard?

Which TCP Optimization feature is used by WAN Edge to prevent unnecessary retransmissions and large initial TCP window sizes to maximize throughput and achieve a better quality?

Refer to the exhibit. An engineer is troubleshooting a control connection issue on a WAN Edge device that shows socket errors. The packet capture shows some ICMP packets dropped between the two devices. Which action resolves the issue?

Drag and drop the steps from the left into the order on the right to upload software on vManage repository that is accessible from maintenance > Software Repository.

Refer to the exhibit. An engineer must block FTP traffic coming in from a particular Service VPN on a WAN Edge device Which set of steps achieves this goal?

Which plane assists in the automatic onboarding of the SD-WAN routers into the SD-WAN overlay?

What are the two advantages of deploying cloud-based Cisco SD-WAN controllers? (Choose two.)

Which two mechanisms are used to guarantee the integrity of data packets in the Cisco SD-WAN architecture data plane? {Choose two)

What is the result during a WAN Edge software upgrade process if the version of the WAN Edge software is higher than the one running on a controller device?

Which encryption algorithm is used for encrypting SD-WAN data plane traffic?

What is the maximum number of IPsec that are temporarily created and converged on a new set if IPsec Sas in the pairwise keys process during a simultaneous rekey?

Refer to the exhibit. An enterprise network is connected with an ISP network on an 80 Mbps bandwidth link. The network operation team observes 100 Mbps traffic on the 1Gig-ISP link during peak hours Which configuration provides bandwidth control to avoid traffic congestion during peak hours?

A)

B)

C)

D)

Refer to the exhibit.

An MPLS connection on R2 must extend to R1 Users behind R1 must have dual connectivity for data traffic Which configuration provides R1 control connectivity over the MPLS connection?

A)

B)

C)

D)

Drag and drop the REST API calls from the left onto the functions on the right.

In a Cisco SD-WAN architecture, what is the role of the WAN Edge?

Which protocol is used for the vManage to connect to the vSmart Controller hosted in Cloud?

An engineer is troubleshooting a vEdge router and identifies a “DCONFAIL – DTLS connection failure” message. What is the problem?

Refer to exhibit.

An engineer is troubleshooting tear down of control connections even though a valid Certificate Serial Number is entered Which two actions resolve the Issue? (Choose two)

Which routes are similar to the IP route advertisements when the routing information of WAN Edge routers is learned from the local site and local routing protocols?

Drag and drop the steps from the left into the order on the right to upload software on vManage repository that is accessible from maintenance > Software Repository.

Refer to the exhibit.

An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site?

A)

B)

C)

D)

Refer to the exhibit.

The engineer must assign community tags to 3 of its 74 critical server networks as soon as that are advertised to BGP peers. These server networks must not be advertised outside AS. Which configuration fulfill this requirement?

A)

B)

C)

D)

Which two actions are necessary to set the Controller Certificate Authorization mode to indicate a root certificate? (Choose two)

Which policy tracks path characteristics such as loss, latency, and jitter in vManage?

How should the IP addresses be assigned for all members of a Cisco vManage cluster located in the same data center?

An engineer modifies a data policy for DIA in VPN 67. The location has two Internet-bound circuits. Only the web browsing traffic must be admitted for DIA. without further discrimination about which transport to use.

Here is the existing data policy configuration:

Which policy configuration sequence meets the requirements?

How is the software managed in Cisco SD-WAN?

Which protocol is used between redundant vSmart controllers to establish a permanent communication channel?

Refer to the exhibit.

An MPLS connection on R2 must extend to R1 Users behind R1 must have dual connectivity for data traffic Which configuration provides R1 control connectivity over the MPLS connection?

A)

B)

C)

D)

Which two mechanisms are used by vManage to ensure that the certificate serial number of the WAN Edge router that is needed to authenticate is listed in the WAN Edge Authorized Señal Number Hst’ (Choose two)

Refer to the exhibit. An administrator is configuring a policy in addition to an existing hub-and-spoke policy for two sites that should directly communicate with each other. How is this policy configured?

Which VPN must be present on at least one interface to install Cisco vManage and integrate it with WAN Edge devices in an overlay network site ID:S4307T7E78F29?

Refer to the exhibit The engineering must assign tags to 3 Of its 74 server networks as soon as they are advertised to peers These server network must not be advertised AS which configuration fulfil the requirement?

A)

B)

C)

D)

What is the default value for the Multiplier field of the BFD basic configuration in vManage?