Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 9: Implementing Cisco SD-WAN Solutions (ENSDWI)

Full screen (f)
exit full mode
Question
What is the purpose of "vpn 0" in the configuration template when onboarding a WAN edge node?

A) It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vEdge and vManager.
B) It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vSmart and vBond.
C) It carries control traffic over secure DTLS or TLS connections between vSmart controllers and vEdge routers, and between vSmart and vBond.
D) It carries out-of-band network management traffic among the Viptela devices in the overlay network.
Use Space or
up arrow
down arrow
to flip the card.
Question
Which two hardware platforms support Cisco IOS XE SD-WAN images? (Choose two.)

A) ISR4000 series
B) ISR9300 series
C) vEdge-1000 series
D) ASR9000 series
E) ASR1000 series
Question
A vEdge platform is sending VRRP advertisement messages every 10 seconds. Which value configures the router back to the default timer?

A) 2 seconds
B) 5 seconds
C) 1 second
D) 3 seconds
Question
When a WAN Edge device joins the Cisco SD-WAN overlay, which Cisco SD-WAN component orchestrates the connection between the WAN Edge device and a vSmart controller?

A) vManage
B) vBond
C) OMP
D) APIC-EM
Question
A policy is created to influence routing path in the network using a group of prefixes. Which policy application will achieve this goal when applied to a site list?

A) control-policy
B) vpn-membership policy
C) app-route policy
D) cflowd-template
Question
Which two image formats are supported for controller codes? (Choose two.)

A) .nxos
B) .qcow2
C) .iso
D) .ova
E) .bin
Question
Which component of the Cisco SD-WAN control plane architecture facilitates the storage of certificates and configurations for network components?

A) vSmart
B) WAN Edge
C) vManage
D) vBond
Question
Which port is used for vBond under controller certificates if no alternate port is configured?

A) 12344
B) 12345
C) 12347
D) 12346
Question
Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?

A) <strong>Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?</strong> A) B) C) D) <div style=padding-top: 35px>
B) <strong>Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?</strong> A) B) C) D) <div style=padding-top: 35px>
C) <strong>Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?</strong> A) B) C) D) <div style=padding-top: 35px>
D) <strong>Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?</strong> A) B) C) D) <div style=padding-top: 35px>
Question
Which component of the Cisco SD-WAN architecture oversees the control plane of overlay network to establish, adjust, and maintain the connections between the WAN Edge devices that form the Cisco SD-WAN fabric?

A) APIC-EM
B) vSmart
C) vManage
D) vBond
Question
An engineer is troubleshooting a vEdge router and identifies a " DCONFAIL - DTLS connection failure " message. What is the problem?

A) memory issue
B) certificate mismatch
C) organization mismatch
D) connectivity issue
Question
How is the scalability of the Manage increased in Cisco SD-WAN Fabric?

A) Increase the bandwidth of the WAN link connected to the vManage
B) Increase licensing on the vManage
C) Deploy more than one vManage controllers on different physical server
D) Deploy multiple vManage controllers in a cluster
Question
A network administrator is bringing up one WAN Edge router for branch connectivity. Which types of tunnels form when the WAN edge router connects to the Cisco SD-WAN fabric?

A) DTLS or TLS tunnel with vSmart controller and IPsec tunnel with vBond controller
B) DTLS or TLS tunnel with vBond controller and IPsec tunnel with vManage controller
C) DTLS or TLS tunnel with vBond controller and IPsec tunnel with other WAN Edge routers
D) DTLS or TLS tunnel with vSmart controller and IPsec tunnel with other WAN Edge routers
Question
Which Cisco SD-WAN WAN Edge platform supports LTE and Wi-Fi?

A) ISR 1101
B) ASR 1001
C) CSR 1000v
D) vEdge 2000
Question
In the Cisco SD-WAN solution, vSmart controller is responsible for which two actions? (Choose two.)

A) Authenticate and authorize vEdge routers.
B) Configure and monitor vEdge routers.
C) Distribute route and policy information via OMP.
D) Distribute the IP address from DHCP server to vEdge routers.
E) Distribute crypto key information among vEdge routers.
Question
An engineer is troubleshooting a certificate issue on vEdge. Which command is used to verify the validity of the certificates?

A) show control local-properties
B) show control summary
C) show certificate installed
D) show certificate status
Question
Which component of the Cisco SD-WAN control plane architecture should be located in a public Internet address space and facilitates NAT-traversal?

A) WAN Edge
B) vSmart
C) vBond
D) vManage
Question
What are the two advantages of deploying cloud-based Cisco SD-WAN controllers? (Choose two.)

A) centralized control and data plane
B) infrastructure as a service
C) management of SLA
D) centralized raid storage of data
E) distributed authentication policies
Question
Which two services are critical for zero touch provisioning on-boarding? (Choose two.)

A) EMAIL
B) SNMP
C) AAA
D) DHCP
E) DNS
Question
What is a default protocol for control plane connection?

A) HTTPS
B) TLS
C) IPsec
D) DTLS
Question
Which command verifies a policy that has been pushed to the vEdge router?

A) vSmart# show running-config policy vSmart# show running-config policy
B) vEdge# show running-config data policy vEdge# show running-config data policy
C) vSmart# show running-config apply policy show running-config apply policy
D) vEdge# show policy from-vsmart show policy from-vsmart
Question
Which type of route advertisement of OMP can be verified?

A) Origin, TLOC, and VPN
B) Origin, TLOC, and service
C) OMP, VPN, and origin
D) OMP, TLOC, and service
Question
<strong> Refer to the exhibit. Which binding is created using the tloc-extension command?</strong> A) between ge 0/2.101 of port-type transport and ge 0/0 of port-type service B) between ge 0/2.101 of port-type service and ge 0/0 of port-type service C) between ge 0/2.101 of port-type service and ge 0/0 of port-type transport D) between ge 0/2.101 of port-type transport and ge 0/0 of port-type transport <div style=padding-top: 35px> Refer to the exhibit. Which binding is created using the tloc-extension command?

A) between ge 0/2.101 of port-type transport and ge 0/0 of port-type service
B) between ge 0/2.101 of port-type service and ge 0/0 of port-type service
C) between ge 0/2.101 of port-type service and ge 0/0 of port-type transport
D) between ge 0/2.101 of port-type transport and ge 0/0 of port-type transport
Question
Which command displays BFD session summary information per TLOC on vEdge routers?

A) show bfd tloc-summary-list
B) show bfd history
C) show bfd summary
D) show bfd sessions
Question
Which on-the-box security feature is supported by the Cisco ISR 4451 SD-WAN device and not on vEdge?

A) IPsec/GRE cloud proxy
B) reverse proxy
C) Enterprise Firewall with Application Awareness
D) Cloud Express service
Question
On which device is a service FW address configured to insert firewall service at the hub?

A) vSmart at the branch
B) vEdge at the branch
C) vEdge at the hub
D) vSmart at the hub
Question
An engineer is configuring a centralized policy to influence network route advertisement. Which controller delivers this policy to the fabric?

A) vSmart
B) vBond
C) vManage
D) WAN Edge
Question
What is a benefit of the application-aware firewall?

A) It blocks traffic by MTU of the packet
B) It blocks encrypted traffic
C) It blocks traffic by application
D) It blocks traffic by MAC address
Question
Which configuration changes the packet loss priority from low to high?

A) <strong>Which configuration changes the packet loss priority from low to high?</strong> A) B) C) D) <div style=padding-top: 35px>
B) <strong>Which configuration changes the packet loss priority from low to high?</strong> A) B) C) D) <div style=padding-top: 35px>
C) <strong>Which configuration changes the packet loss priority from low to high?</strong> A) B) C) D) <div style=padding-top: 35px>
D) <strong>Which configuration changes the packet loss priority from low to high?</strong> A) B) C) D) <div style=padding-top: 35px>
Question
A voice packet requires a latency of 50 msec. Which policy is configured to ensure that a voice packet is always sent on the link with less than a 50 msec delay?

A) localized data
B) centralized control
C) localized control
D) centralized data
Question
<strong> Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?</strong> A) B) C) D) <div style=padding-top: 35px> Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?

A) <strong> Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?</strong> A) B) C) D) <div style=padding-top: 35px>
B) <strong> Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?</strong> A) B) C) D) <div style=padding-top: 35px>
C) <strong> Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?</strong> A) B) C) D) <div style=padding-top: 35px>
D) <strong> Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?</strong> A) B) C) D) <div style=padding-top: 35px>
Question
Which two WAN Edge devices should be deployed in a cloud? (Choose two.)

A) ASR1000v
B) vEdge 100wm
C) CSR1000v
D) vEdge cloud
E) vEdge 5000v
Question
Which device information is required on PNP/ZTP to support the zero touch onboarding process?

A) serial and chassis numbers
B) interface IP address
C) public DNS entry
D) system IP address
Question
Which configuration step is taken on vManage after WAN Edge list is uploaded to support the on-boarding process before the device comes online?

A) Verify the device certificate
B) Enable the ZTP process
C) Set the device as valid
D) Send the list to controllers
Question
Which feature builds transport redundancy by using the cross link between two redundant WAN Edge routers?

A) TLOC extension
B) quality of service
C) zero-touch provisioning
D) OMP
Question
Two sites have one WAN Edge each. Each WAN Edge has two public TLOCs with no restrict configured. There is full reachability between the TLOCs. How many data tunnels are formed on each Edge router?

A) 6
B) 2
C) 4
D) 8
Question
<strong> Refer to the exhibit. Which QoS treatment results from this configuration after the access list acl-guest is applied inbound on the vpn1 interface?</strong> A) A TCP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped B) A UDP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted C) A UDP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped D) A TCP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted <div style=padding-top: 35px> Refer to the exhibit. Which QoS treatment results from this configuration after the access list acl-guest is applied inbound on the vpn1 interface?

A) A TCP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped
B) A UDP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted
C) A UDP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped
D) A TCP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted
Question
An engineer wants to track tunnel characteristics within a SLA-based policy for convergence. Which policy configuration will achieve this goal?

A) app-route policy
B) VPN membership policy
C) control policy
D) data policy
Question
Which command on a WAN Edge device displays the information about the colors present in the fabric that are learned from vSmart via OMP?

A) show omp peers
B) show omp route
C) show omp sessions
D) show omp tlocs
Question
Which value is verified in the certificates to confirm the identity of the physical WAN Edge device?

A) Serial Number
B) OTP
C) System-IP
D) Chassis-ID
Question
Which secure connection should be used to access the REST APIs through the Cisco vManage web server?

A) authenticated DTLS
B) authenticated HTTPS
C) JSON Inspector interface
D) HTTP inspector interface
Question
Which device in the Cisco SD-WAN solution receives and categorizes event reports, and generates alarms?

A) WAN Edge routers
B) vSmart controllers
C) vBond controllers
D) vManage NMS
Question
Which alarm setting is configured to monitor serious events that affect, but do not shut down, the operation of a network function?

A) Critical
B) Medium
C) Major
D) Minor
Question
A network administrator is creating an OMP feature template from the vManage GUI to be applied to WAN edge routers. Which configuration attribute will avoid the redistribution of the routes back into the OMP from the LAN side?

A) configure "ECMP limit"
B) configure "Send Backup Paths"
C) configure "Number of Paths Advertised per Prefix"
D) configure "Overlay AS Number"
Question
Which logs verify when a device was upgraded?

A) ACL
B) Email
C) SNMP
D) Audit
Question
A network administrator is configuring an application-aware firewall between inside zones to an outside zone on a WAN edge router using vManage GUI. Which kind of inspection is performed when the "inspect" action is used?

A) Layer 7 inspection for TCP and Layer 4 inspection for UDP
B) stateful inspection for TCP and stateless inspection of UDP
C) IPS inspection for TCP and Layer 4 inspection for UDP
D) stateful inspection for TCP and UDP
Question
Which API call retrieves a list of all devices in the network?

A) https://vmanage_IP_address/dataservice/system/device/{{model}}
B) http://vmanage_IP_address/dataservice/system/device/{{model}}
C) http://vmanage_IP_address/api-call/system/device/{{model}}
D) https://vmanage_IP_address/api-call/system/device/{{model}}
Question
Which hardware component is involved in the Cisco SD-WAN authentication process for ISR platforms?

A) ZTP
B) OTPC
C) SUDI
D) TPMD
Question
Which two products that perform lifecycle management for virtual instances are supported by WAN Edge cloud routers? (Choose two.)

A) AWS
B) Azure
C) VMware vCenter
D) OpenStack
E) IBM Cloud
Question
Which combination of platforms is managed by vManage?

A) ISR4351, ASR1002HX, vEdge2000, vEdge Cloud
B) ISR4321, ASR1001, Nexus, ENCS
C) ISR4321, ASR1001, ENCS, ISRv
D) ISR4351, ASR1009, vEdge2000, CSR1000v
Question
Which two algorithms authenticate a user when configuring SNMPv3 monitoring on a WAN Edge router? (Choose two.)

A) AES-256
B) MD5
C) SHA-2
D) AES-128
E) SHA-1
Question
In an AWS cloud, which feature provisions WAN Edge routers automatically in Cisco SD-WAN?

A) Cloud OnRamp
B) Cloud app
C) vAnalytics
D) Network Designer
Question
Which command disables the logging of syslog messages to the local disk?

A) no system logging disk local
B) system logging server remote
C) no system logging disk enable
D) system logging disk disable
Question
A large retail organization decided to move some of the branch applications to the AWS cloud. How does the network architect extend the in-house Cisco SD-WAN branch to cloud network into AWS?

A) Create virtual instances of vSmart Cloud through the AWS online software store
B) Create GRE tunnels to AWS from each branch over the Internet
C) Install the AWS Cloud Router in the main data center and provide the connectivity from each branch
D) Create virtual WAN Edge devices Cloud through the AWS online software store
Question
Which two products are used to deploy Cisco WAN Edge Router virtual platforms? (Choose two.)

A) Sun Enterprise M4000 Server running Sun Solaris
B) Sun SPARC Node running AIX
C) Cisco UCS
D) HP ProLiant DL380 Generation 10 running HP-UX
E) Cisco ENCS 5000 Series
Question
Which pathway under Monitor > Network > Select Device is used to verify service insertion configuration?

A) System Status
B) ACL Logs
C) Real Time
D) Events
Question
A bank is looking for improved customer experience for applications and reduce overhead related to compliance and security. Which key feature or features of the Cisco SD-WAN solution will help the bank to achieve their goals?

A) Integration with PaaS providers to offer the best possible application experience
B) QoS including application prioritization and meeting critical applications SLA for selecting optimal path
C) Implementation of BGP across the enterprise routing for selecting optimal path
D) Implementation of a modern age core banking system
Question
Which template configures the out-of band management VPN?

A) <strong>Which template configures the out-of band management VPN?</strong> A) B) C) D) <div style=padding-top: 35px>
B) <strong>Which template configures the out-of band management VPN?</strong> A) B) C) D) <div style=padding-top: 35px>
C) <strong>Which template configures the out-of band management VPN?</strong> A) B) C) D) <div style=padding-top: 35px>
D) <strong>Which template configures the out-of band management VPN?</strong> A) B) C) D) <div style=padding-top: 35px>
Question
<strong> Refer to the exhibit. What does the BFD value of 8 represent?</strong> A) dead timer of BFD session B) poll-interval of BFD session C) hello timer of BFD session D) number of BFD sessions <div style=padding-top: 35px> Refer to the exhibit. What does the BFD value of 8 represent?

A) dead timer of BFD session
B) poll-interval of BFD session
C) hello timer of BFD session
D) number of BFD sessions
Question
Which pathway under Monitor > Network > Select Device is used to verify service insertion configuration?

A) System Status
B) Troubleshooting
C) Real Time
D) Events
Question
A network administrator is configuring QoS on a vEdge 5000 router and needs to enable it on the transport side interface. Which policy setting must be selected to accomplish this goal?

A) Cloud QoS
B) Netflow
C) Application
D) Cloud QoS Service side
Question
Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? <strong>Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? </strong> A) B) C) D) <div style=padding-top: 35px>

A) <strong>Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? </strong> A) B) C) D) <div style=padding-top: 35px>
B) <strong>Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? </strong> A) B) C) D) <div style=padding-top: 35px>
C) <strong>Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? </strong> A) B) C) D) <div style=padding-top: 35px>
D) <strong>Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? </strong> A) B) C) D) <div style=padding-top: 35px>
Question
An engineer is tasked to improve throughput for connection-oriented traffic by decreasing round-trip latency. Which configuration will achieve this goal?

A) turn off "Enable TCP Optimization"
B) turn on "Enhance ECMP Keying"
C) turn on "Enable TCP Optimization"
D) turn off "Enhance ECMP Keying"
Question
Which scheduling method is configured by default for the eight queues in the cloud vEdge router?

A) weighted round robin
B) priority queue
C) low latency queue
D) weighted random early detection
Question
An engineer is configuring a list that matches all IP prefixes with lengths from /1 to /16 in a centralized control policy. Which list accomplishes this task?

A) 0.0.0.0/0 le 16
B) 0.0.0.0/1 le 16
C) 0.0.0.0/0 ge 1
D) 0.0.0.0/16 ge 1
Question
<strong> Refer to the exhibit. An engineer is troubleshooting tear down of control connections even though a valid CertificateSerialNumber is entered. Which two actions resolve the issue? (Choose two.)</strong> A) Enter a valid product ID (model) on the PNP portal B) Match the serial number file between the controllers C) Remove the duplicate IP in the network D) Restore network reachability for the controller E) Enter a valid serial number on the controllers for a given device <div style=padding-top: 35px> Refer to the exhibit. An engineer is troubleshooting tear down of control connections even though a valid CertificateSerialNumber is entered. Which two actions resolve the issue? (Choose two.)

A) Enter a valid product ID (model) on the PNP portal
B) Match the serial number file between the controllers
C) Remove the duplicate IP in the network
D) Restore network reachability for the controller
E) Enter a valid serial number on the controllers for a given device
Question
At which layer does the application-aware firewall block applications on a WAN Edge?

A) 3
B) 5
C) 2
D) 7
Question
<strong> Refer to the exhibit. An engineer is troubleshooting a control connection issue. What does connect mean in this show control connections output?</strong> A) Control connection is down B) Control connection is up C) Control connection attempt is in progress D) Control connection is connected <div style=padding-top: 35px> Refer to the exhibit. An engineer is troubleshooting a control connection issue. What does "connect" mean in this show control connections output?

A) Control connection is down
B) Control connection is up
C) Control connection attempt is in progress
D) Control connection is connected
Question
<strong> Refer to the exhibit. The control connection is failing. Which action resolves the issue?</strong> A) Validate the certificates authenticity on vSmart B) Restore the reachability to the vSmart C) Import vSmart in vManager D) Upload the WAN Edge list on vManage <div style=padding-top: 35px> Refer to the exhibit. The control connection is failing. Which action resolves the issue?

A) Validate the certificates authenticity on vSmart
B) Restore the reachability to the vSmart
C) Import vSmart in vManager
D) Upload the WAN Edge list on vManage
Question
<strong> Refer to the exhibit. An engineer is troubleshooting an issue where vManage and vSmart have a problem establishing a connection to vBond. Which action fixes the issue?</strong> A) Remove the encapsulation ipsec command under the tunnel interface of vBond Remove the encapsulation ipsec command under the tunnel interface of vBond B) Reconfigure the vbond command on the vBond as vbond 150.5.1.3 local Reconfigure the vbond command on the vBond as vbond 150.5.1.3 local C) Configure the tunnel interface on all three controllers with a color of transport D) Configure encapsulation as IPsec under the tunnel interface of vManage and vSmart <div style=padding-top: 35px> Refer to the exhibit. An engineer is troubleshooting an issue where vManage and vSmart have a problem establishing a connection to vBond. Which action fixes the issue?

A) Remove the encapsulation ipsec command under the tunnel interface of vBond Remove the encapsulation ipsec command under the tunnel interface of vBond
B) Reconfigure the vbond command on the vBond as vbond 150.5.1.3 local Reconfigure the vbond command on the vBond as vbond 150.5.1.3 local
C) Configure the tunnel interface on all three controllers with a color of transport
D) Configure encapsulation as IPsec under the tunnel interface of vManage and vSmart
Question
Which VPN connects the transport-side WAN Edge interface to the underlay/WAN network?

A) VPN 1
B) VPN 0
C) VPN 512
D) VPN 511
Question
An administrator must configure an ACL for traffic coming in from the service-side VPN on a specific WAN Edge device with circuit ID 123456789. Which policy must be used to configure this ACL?

A) local data policy
B) central data policy
C) app-aware policy
D) central control policy
Question
Which feature template configures OMP?

A) <strong>Which feature template configures OMP?</strong> A) B) C) D) <div style=padding-top: 35px>
B) <strong>Which feature template configures OMP?</strong> A) B) C) D) <div style=padding-top: 35px>
C) <strong>Which feature template configures OMP?</strong> A) B) C) D) <div style=padding-top: 35px>
D) <strong>Which feature template configures OMP?</strong> A) B) C) D) <div style=padding-top: 35px>
Question
In which VPN is the NAT operation on an outgoing interface configured for direct Internet access?

A) 0
B) 512
C) 10
D) 1
Question
Which attributes are configured to uniquely identify and represent a TLOC route?

A) system IP address, link color, and encapsulation
B) origin, originator, and preference
C) site ID, tag, and VPN
D) firewall, IPS, and application optimization
Question
<strong> Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?</strong> A) B) C) D) <div style=padding-top: 35px> Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?

A) <strong> Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?</strong> A) B) C) D) <div style=padding-top: 35px>
B) <strong> Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?</strong> A) B) C) D) <div style=padding-top: 35px>
C) <strong> Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?</strong> A) B) C) D) <div style=padding-top: 35px>
D) <strong> Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?</strong> A) B) C) D) <div style=padding-top: 35px>
Question
Which SD-WAN component is configured to enforce a policy to redirect branch-to-branch traffic toward a network service such as a firewall or IPS?

A) vBond
B) vSmart
C) WAN Edge
D) Firewall
Question
Which two mechanisms are used to guarantee the integrity of data packets in the Cisco SD-WAN architecture data plane? (Choose two.)

A) certificates
B) transport locations
C) authentication headers
D) encapsulation security payload
E) TPM chip
Question
Which policy configures an application-aware routing policy under Configuration > Policies ?

A) Data policy
B) Centralized policy
C) Localized policy
D) Control policy
Question
Which TCP Optimization feature is used by WAN Edge to prevent unnecessary and large initial TCP window sizes to maximize throughput and achieve a better quality?

A) SACK
B) SEQ
C) RTT
D) SYN
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/147
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 9: Implementing Cisco SD-WAN Solutions (ENSDWI)
1
What is the purpose of "vpn 0" in the configuration template when onboarding a WAN edge node?

A) It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vEdge and vManager.
B) It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vSmart and vBond.
C) It carries control traffic over secure DTLS or TLS connections between vSmart controllers and vEdge routers, and between vSmart and vBond.
D) It carries out-of-band network management traffic among the Viptela devices in the overlay network.
It carries control traffic over secure DTLS or TLS connections between vSmart controllers and vEdge routers, and between vSmart and vBond.
2
Which two hardware platforms support Cisco IOS XE SD-WAN images? (Choose two.)

A) ISR4000 series
B) ISR9300 series
C) vEdge-1000 series
D) ASR9000 series
E) ASR1000 series
ISR4000 series
ASR1000 series
3
A vEdge platform is sending VRRP advertisement messages every 10 seconds. Which value configures the router back to the default timer?

A) 2 seconds
B) 5 seconds
C) 1 second
D) 3 seconds
1 second
4
When a WAN Edge device joins the Cisco SD-WAN overlay, which Cisco SD-WAN component orchestrates the connection between the WAN Edge device and a vSmart controller?

A) vManage
B) vBond
C) OMP
D) APIC-EM
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
5
A policy is created to influence routing path in the network using a group of prefixes. Which policy application will achieve this goal when applied to a site list?

A) control-policy
B) vpn-membership policy
C) app-route policy
D) cflowd-template
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
6
Which two image formats are supported for controller codes? (Choose two.)

A) .nxos
B) .qcow2
C) .iso
D) .ova
E) .bin
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
7
Which component of the Cisco SD-WAN control plane architecture facilitates the storage of certificates and configurations for network components?

A) vSmart
B) WAN Edge
C) vManage
D) vBond
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
8
Which port is used for vBond under controller certificates if no alternate port is configured?

A) 12344
B) 12345
C) 12347
D) 12346
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
9
Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?

A) <strong>Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?</strong> A) B) C) D)
B) <strong>Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?</strong> A) B) C) D)
C) <strong>Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?</strong> A) B) C) D)
D) <strong>Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?</strong> A) B) C) D)
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
10
Which component of the Cisco SD-WAN architecture oversees the control plane of overlay network to establish, adjust, and maintain the connections between the WAN Edge devices that form the Cisco SD-WAN fabric?

A) APIC-EM
B) vSmart
C) vManage
D) vBond
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
11
An engineer is troubleshooting a vEdge router and identifies a " DCONFAIL - DTLS connection failure " message. What is the problem?

A) memory issue
B) certificate mismatch
C) organization mismatch
D) connectivity issue
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
12
How is the scalability of the Manage increased in Cisco SD-WAN Fabric?

A) Increase the bandwidth of the WAN link connected to the vManage
B) Increase licensing on the vManage
C) Deploy more than one vManage controllers on different physical server
D) Deploy multiple vManage controllers in a cluster
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
13
A network administrator is bringing up one WAN Edge router for branch connectivity. Which types of tunnels form when the WAN edge router connects to the Cisco SD-WAN fabric?

A) DTLS or TLS tunnel with vSmart controller and IPsec tunnel with vBond controller
B) DTLS or TLS tunnel with vBond controller and IPsec tunnel with vManage controller
C) DTLS or TLS tunnel with vBond controller and IPsec tunnel with other WAN Edge routers
D) DTLS or TLS tunnel with vSmart controller and IPsec tunnel with other WAN Edge routers
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
14
Which Cisco SD-WAN WAN Edge platform supports LTE and Wi-Fi?

A) ISR 1101
B) ASR 1001
C) CSR 1000v
D) vEdge 2000
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
15
In the Cisco SD-WAN solution, vSmart controller is responsible for which two actions? (Choose two.)

A) Authenticate and authorize vEdge routers.
B) Configure and monitor vEdge routers.
C) Distribute route and policy information via OMP.
D) Distribute the IP address from DHCP server to vEdge routers.
E) Distribute crypto key information among vEdge routers.
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
16
An engineer is troubleshooting a certificate issue on vEdge. Which command is used to verify the validity of the certificates?

A) show control local-properties
B) show control summary
C) show certificate installed
D) show certificate status
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
17
Which component of the Cisco SD-WAN control plane architecture should be located in a public Internet address space and facilitates NAT-traversal?

A) WAN Edge
B) vSmart
C) vBond
D) vManage
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
18
What are the two advantages of deploying cloud-based Cisco SD-WAN controllers? (Choose two.)

A) centralized control and data plane
B) infrastructure as a service
C) management of SLA
D) centralized raid storage of data
E) distributed authentication policies
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
19
Which two services are critical for zero touch provisioning on-boarding? (Choose two.)

A) EMAIL
B) SNMP
C) AAA
D) DHCP
E) DNS
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
20
What is a default protocol for control plane connection?

A) HTTPS
B) TLS
C) IPsec
D) DTLS
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
21
Which command verifies a policy that has been pushed to the vEdge router?

A) vSmart# show running-config policy vSmart# show running-config policy
B) vEdge# show running-config data policy vEdge# show running-config data policy
C) vSmart# show running-config apply policy show running-config apply policy
D) vEdge# show policy from-vsmart show policy from-vsmart
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
22
Which type of route advertisement of OMP can be verified?

A) Origin, TLOC, and VPN
B) Origin, TLOC, and service
C) OMP, VPN, and origin
D) OMP, TLOC, and service
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
23
<strong> Refer to the exhibit. Which binding is created using the tloc-extension command?</strong> A) between ge 0/2.101 of port-type transport and ge 0/0 of port-type service B) between ge 0/2.101 of port-type service and ge 0/0 of port-type service C) between ge 0/2.101 of port-type service and ge 0/0 of port-type transport D) between ge 0/2.101 of port-type transport and ge 0/0 of port-type transport Refer to the exhibit. Which binding is created using the tloc-extension command?

A) between ge 0/2.101 of port-type transport and ge 0/0 of port-type service
B) between ge 0/2.101 of port-type service and ge 0/0 of port-type service
C) between ge 0/2.101 of port-type service and ge 0/0 of port-type transport
D) between ge 0/2.101 of port-type transport and ge 0/0 of port-type transport
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
24
Which command displays BFD session summary information per TLOC on vEdge routers?

A) show bfd tloc-summary-list
B) show bfd history
C) show bfd summary
D) show bfd sessions
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
25
Which on-the-box security feature is supported by the Cisco ISR 4451 SD-WAN device and not on vEdge?

A) IPsec/GRE cloud proxy
B) reverse proxy
C) Enterprise Firewall with Application Awareness
D) Cloud Express service
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
26
On which device is a service FW address configured to insert firewall service at the hub?

A) vSmart at the branch
B) vEdge at the branch
C) vEdge at the hub
D) vSmart at the hub
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
27
An engineer is configuring a centralized policy to influence network route advertisement. Which controller delivers this policy to the fabric?

A) vSmart
B) vBond
C) vManage
D) WAN Edge
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
28
What is a benefit of the application-aware firewall?

A) It blocks traffic by MTU of the packet
B) It blocks encrypted traffic
C) It blocks traffic by application
D) It blocks traffic by MAC address
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
29
Which configuration changes the packet loss priority from low to high?

A) <strong>Which configuration changes the packet loss priority from low to high?</strong> A) B) C) D)
B) <strong>Which configuration changes the packet loss priority from low to high?</strong> A) B) C) D)
C) <strong>Which configuration changes the packet loss priority from low to high?</strong> A) B) C) D)
D) <strong>Which configuration changes the packet loss priority from low to high?</strong> A) B) C) D)
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
30
A voice packet requires a latency of 50 msec. Which policy is configured to ensure that a voice packet is always sent on the link with less than a 50 msec delay?

A) localized data
B) centralized control
C) localized control
D) centralized data
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
31
<strong> Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?</strong> A) B) C) D) Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?

A) <strong> Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?</strong> A) B) C) D)
B) <strong> Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?</strong> A) B) C) D)
C) <strong> Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?</strong> A) B) C) D)
D) <strong> Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?</strong> A) B) C) D)
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
32
Which two WAN Edge devices should be deployed in a cloud? (Choose two.)

A) ASR1000v
B) vEdge 100wm
C) CSR1000v
D) vEdge cloud
E) vEdge 5000v
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
33
Which device information is required on PNP/ZTP to support the zero touch onboarding process?

A) serial and chassis numbers
B) interface IP address
C) public DNS entry
D) system IP address
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
34
Which configuration step is taken on vManage after WAN Edge list is uploaded to support the on-boarding process before the device comes online?

A) Verify the device certificate
B) Enable the ZTP process
C) Set the device as valid
D) Send the list to controllers
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
35
Which feature builds transport redundancy by using the cross link between two redundant WAN Edge routers?

A) TLOC extension
B) quality of service
C) zero-touch provisioning
D) OMP
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
36
Two sites have one WAN Edge each. Each WAN Edge has two public TLOCs with no restrict configured. There is full reachability between the TLOCs. How many data tunnels are formed on each Edge router?

A) 6
B) 2
C) 4
D) 8
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
37
<strong> Refer to the exhibit. Which QoS treatment results from this configuration after the access list acl-guest is applied inbound on the vpn1 interface?</strong> A) A TCP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped B) A UDP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted C) A UDP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped D) A TCP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted Refer to the exhibit. Which QoS treatment results from this configuration after the access list acl-guest is applied inbound on the vpn1 interface?

A) A TCP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped
B) A UDP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted
C) A UDP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped
D) A TCP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
38
An engineer wants to track tunnel characteristics within a SLA-based policy for convergence. Which policy configuration will achieve this goal?

A) app-route policy
B) VPN membership policy
C) control policy
D) data policy
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
39
Which command on a WAN Edge device displays the information about the colors present in the fabric that are learned from vSmart via OMP?

A) show omp peers
B) show omp route
C) show omp sessions
D) show omp tlocs
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
40
Which value is verified in the certificates to confirm the identity of the physical WAN Edge device?

A) Serial Number
B) OTP
C) System-IP
D) Chassis-ID
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
41
Which secure connection should be used to access the REST APIs through the Cisco vManage web server?

A) authenticated DTLS
B) authenticated HTTPS
C) JSON Inspector interface
D) HTTP inspector interface
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
42
Which device in the Cisco SD-WAN solution receives and categorizes event reports, and generates alarms?

A) WAN Edge routers
B) vSmart controllers
C) vBond controllers
D) vManage NMS
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
43
Which alarm setting is configured to monitor serious events that affect, but do not shut down, the operation of a network function?

A) Critical
B) Medium
C) Major
D) Minor
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
44
A network administrator is creating an OMP feature template from the vManage GUI to be applied to WAN edge routers. Which configuration attribute will avoid the redistribution of the routes back into the OMP from the LAN side?

A) configure "ECMP limit"
B) configure "Send Backup Paths"
C) configure "Number of Paths Advertised per Prefix"
D) configure "Overlay AS Number"
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
45
Which logs verify when a device was upgraded?

A) ACL
B) Email
C) SNMP
D) Audit
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
46
A network administrator is configuring an application-aware firewall between inside zones to an outside zone on a WAN edge router using vManage GUI. Which kind of inspection is performed when the "inspect" action is used?

A) Layer 7 inspection for TCP and Layer 4 inspection for UDP
B) stateful inspection for TCP and stateless inspection of UDP
C) IPS inspection for TCP and Layer 4 inspection for UDP
D) stateful inspection for TCP and UDP
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
47
Which API call retrieves a list of all devices in the network?

A) https://vmanage_IP_address/dataservice/system/device/{{model}}
B) http://vmanage_IP_address/dataservice/system/device/{{model}}
C) http://vmanage_IP_address/api-call/system/device/{{model}}
D) https://vmanage_IP_address/api-call/system/device/{{model}}
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
48
Which hardware component is involved in the Cisco SD-WAN authentication process for ISR platforms?

A) ZTP
B) OTPC
C) SUDI
D) TPMD
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
49
Which two products that perform lifecycle management for virtual instances are supported by WAN Edge cloud routers? (Choose two.)

A) AWS
B) Azure
C) VMware vCenter
D) OpenStack
E) IBM Cloud
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
50
Which combination of platforms is managed by vManage?

A) ISR4351, ASR1002HX, vEdge2000, vEdge Cloud
B) ISR4321, ASR1001, Nexus, ENCS
C) ISR4321, ASR1001, ENCS, ISRv
D) ISR4351, ASR1009, vEdge2000, CSR1000v
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
51
Which two algorithms authenticate a user when configuring SNMPv3 monitoring on a WAN Edge router? (Choose two.)

A) AES-256
B) MD5
C) SHA-2
D) AES-128
E) SHA-1
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
52
In an AWS cloud, which feature provisions WAN Edge routers automatically in Cisco SD-WAN?

A) Cloud OnRamp
B) Cloud app
C) vAnalytics
D) Network Designer
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
53
Which command disables the logging of syslog messages to the local disk?

A) no system logging disk local
B) system logging server remote
C) no system logging disk enable
D) system logging disk disable
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
54
A large retail organization decided to move some of the branch applications to the AWS cloud. How does the network architect extend the in-house Cisco SD-WAN branch to cloud network into AWS?

A) Create virtual instances of vSmart Cloud through the AWS online software store
B) Create GRE tunnels to AWS from each branch over the Internet
C) Install the AWS Cloud Router in the main data center and provide the connectivity from each branch
D) Create virtual WAN Edge devices Cloud through the AWS online software store
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
55
Which two products are used to deploy Cisco WAN Edge Router virtual platforms? (Choose two.)

A) Sun Enterprise M4000 Server running Sun Solaris
B) Sun SPARC Node running AIX
C) Cisco UCS
D) HP ProLiant DL380 Generation 10 running HP-UX
E) Cisco ENCS 5000 Series
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
56
Which pathway under Monitor > Network > Select Device is used to verify service insertion configuration?

A) System Status
B) ACL Logs
C) Real Time
D) Events
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
57
A bank is looking for improved customer experience for applications and reduce overhead related to compliance and security. Which key feature or features of the Cisco SD-WAN solution will help the bank to achieve their goals?

A) Integration with PaaS providers to offer the best possible application experience
B) QoS including application prioritization and meeting critical applications SLA for selecting optimal path
C) Implementation of BGP across the enterprise routing for selecting optimal path
D) Implementation of a modern age core banking system
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
58
Which template configures the out-of band management VPN?

A) <strong>Which template configures the out-of band management VPN?</strong> A) B) C) D)
B) <strong>Which template configures the out-of band management VPN?</strong> A) B) C) D)
C) <strong>Which template configures the out-of band management VPN?</strong> A) B) C) D)
D) <strong>Which template configures the out-of band management VPN?</strong> A) B) C) D)
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
59
<strong> Refer to the exhibit. What does the BFD value of 8 represent?</strong> A) dead timer of BFD session B) poll-interval of BFD session C) hello timer of BFD session D) number of BFD sessions Refer to the exhibit. What does the BFD value of 8 represent?

A) dead timer of BFD session
B) poll-interval of BFD session
C) hello timer of BFD session
D) number of BFD sessions
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
60
Which pathway under Monitor > Network > Select Device is used to verify service insertion configuration?

A) System Status
B) Troubleshooting
C) Real Time
D) Events
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
61
A network administrator is configuring QoS on a vEdge 5000 router and needs to enable it on the transport side interface. Which policy setting must be selected to accomplish this goal?

A) Cloud QoS
B) Netflow
C) Application
D) Cloud QoS Service side
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
62
Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? <strong>Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? </strong> A) B) C) D)

A) <strong>Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? </strong> A) B) C) D)
B) <strong>Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? </strong> A) B) C) D)
C) <strong>Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? </strong> A) B) C) D)
D) <strong>Refer to the exhibit. An engineer is configuring service chaining. Which set of configurations is required for all traffic from Site ID 1 going toward Site ID 2 to get filtered through the firewall on the hub site? </strong> A) B) C) D)
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
63
An engineer is tasked to improve throughput for connection-oriented traffic by decreasing round-trip latency. Which configuration will achieve this goal?

A) turn off "Enable TCP Optimization"
B) turn on "Enhance ECMP Keying"
C) turn on "Enable TCP Optimization"
D) turn off "Enhance ECMP Keying"
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
64
Which scheduling method is configured by default for the eight queues in the cloud vEdge router?

A) weighted round robin
B) priority queue
C) low latency queue
D) weighted random early detection
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
65
An engineer is configuring a list that matches all IP prefixes with lengths from /1 to /16 in a centralized control policy. Which list accomplishes this task?

A) 0.0.0.0/0 le 16
B) 0.0.0.0/1 le 16
C) 0.0.0.0/0 ge 1
D) 0.0.0.0/16 ge 1
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
66
<strong> Refer to the exhibit. An engineer is troubleshooting tear down of control connections even though a valid CertificateSerialNumber is entered. Which two actions resolve the issue? (Choose two.)</strong> A) Enter a valid product ID (model) on the PNP portal B) Match the serial number file between the controllers C) Remove the duplicate IP in the network D) Restore network reachability for the controller E) Enter a valid serial number on the controllers for a given device Refer to the exhibit. An engineer is troubleshooting tear down of control connections even though a valid CertificateSerialNumber is entered. Which two actions resolve the issue? (Choose two.)

A) Enter a valid product ID (model) on the PNP portal
B) Match the serial number file between the controllers
C) Remove the duplicate IP in the network
D) Restore network reachability for the controller
E) Enter a valid serial number on the controllers for a given device
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
67
At which layer does the application-aware firewall block applications on a WAN Edge?

A) 3
B) 5
C) 2
D) 7
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
68
<strong> Refer to the exhibit. An engineer is troubleshooting a control connection issue. What does connect mean in this show control connections output?</strong> A) Control connection is down B) Control connection is up C) Control connection attempt is in progress D) Control connection is connected Refer to the exhibit. An engineer is troubleshooting a control connection issue. What does "connect" mean in this show control connections output?

A) Control connection is down
B) Control connection is up
C) Control connection attempt is in progress
D) Control connection is connected
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
69
<strong> Refer to the exhibit. The control connection is failing. Which action resolves the issue?</strong> A) Validate the certificates authenticity on vSmart B) Restore the reachability to the vSmart C) Import vSmart in vManager D) Upload the WAN Edge list on vManage Refer to the exhibit. The control connection is failing. Which action resolves the issue?

A) Validate the certificates authenticity on vSmart
B) Restore the reachability to the vSmart
C) Import vSmart in vManager
D) Upload the WAN Edge list on vManage
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
70
<strong> Refer to the exhibit. An engineer is troubleshooting an issue where vManage and vSmart have a problem establishing a connection to vBond. Which action fixes the issue?</strong> A) Remove the encapsulation ipsec command under the tunnel interface of vBond Remove the encapsulation ipsec command under the tunnel interface of vBond B) Reconfigure the vbond command on the vBond as vbond 150.5.1.3 local Reconfigure the vbond command on the vBond as vbond 150.5.1.3 local C) Configure the tunnel interface on all three controllers with a color of transport D) Configure encapsulation as IPsec under the tunnel interface of vManage and vSmart Refer to the exhibit. An engineer is troubleshooting an issue where vManage and vSmart have a problem establishing a connection to vBond. Which action fixes the issue?

A) Remove the encapsulation ipsec command under the tunnel interface of vBond Remove the encapsulation ipsec command under the tunnel interface of vBond
B) Reconfigure the vbond command on the vBond as vbond 150.5.1.3 local Reconfigure the vbond command on the vBond as vbond 150.5.1.3 local
C) Configure the tunnel interface on all three controllers with a color of transport
D) Configure encapsulation as IPsec under the tunnel interface of vManage and vSmart
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
71
Which VPN connects the transport-side WAN Edge interface to the underlay/WAN network?

A) VPN 1
B) VPN 0
C) VPN 512
D) VPN 511
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
72
An administrator must configure an ACL for traffic coming in from the service-side VPN on a specific WAN Edge device with circuit ID 123456789. Which policy must be used to configure this ACL?

A) local data policy
B) central data policy
C) app-aware policy
D) central control policy
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
73
Which feature template configures OMP?

A) <strong>Which feature template configures OMP?</strong> A) B) C) D)
B) <strong>Which feature template configures OMP?</strong> A) B) C) D)
C) <strong>Which feature template configures OMP?</strong> A) B) C) D)
D) <strong>Which feature template configures OMP?</strong> A) B) C) D)
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
74
In which VPN is the NAT operation on an outgoing interface configured for direct Internet access?

A) 0
B) 512
C) 10
D) 1
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
75
Which attributes are configured to uniquely identify and represent a TLOC route?

A) system IP address, link color, and encapsulation
B) origin, originator, and preference
C) site ID, tag, and VPN
D) firewall, IPS, and application optimization
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
76
<strong> Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?</strong> A) B) C) D) Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?

A) <strong> Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?</strong> A) B) C) D)
B) <strong> Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?</strong> A) B) C) D)
C) <strong> Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?</strong> A) B) C) D)
D) <strong> Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic bursts exceed 20 MB, traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?</strong> A) B) C) D)
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
77
Which SD-WAN component is configured to enforce a policy to redirect branch-to-branch traffic toward a network service such as a firewall or IPS?

A) vBond
B) vSmart
C) WAN Edge
D) Firewall
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
78
Which two mechanisms are used to guarantee the integrity of data packets in the Cisco SD-WAN architecture data plane? (Choose two.)

A) certificates
B) transport locations
C) authentication headers
D) encapsulation security payload
E) TPM chip
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
79
Which policy configures an application-aware routing policy under Configuration > Policies ?

A) Data policy
B) Centralized policy
C) Localized policy
D) Control policy
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
80
Which TCP Optimization feature is used by WAN Edge to prevent unnecessary and large initial TCP window sizes to maximize throughput and achieve a better quality?

A) SACK
B) SEQ
C) RTT
D) SYN
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 147 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree