Spring Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Cisco
  3. CCNP Enterprise
  4. 300-415
  5. 300-415 - Implementing Cisco SD-WAN Solutions (300-415 ENSDWI)

Cisco 300-415 Implementing Cisco SD-WAN Solutions (300-415 ENSDWI) Exam Practice Test

Page: 1 / 45
Total 446 questions
Get 300-415 Full Access Download 300-415 PDF

Implementing Cisco SD-WAN Solutions (300-415 ENSDWI) Questions and Answers

Question 1

What is a benefit of the application aware firewall feature in the Cisco SD-WAN solution?

Options:

A.

application monitoring

B.

application malware protection

C.

application visibility

D.

control policy enforcement

Question 2

Which set of platforms must he in separate VMS as of release 16.1?

Options:

A.

vSmart and WAN Edge

B.

WAN Edge and vBond

C.

vManagc and vSmart

D.

vBond and vSmart

Question 3

The network administrator is configuring a QoS scheduling policy on traffic received from transport side tunnels on WAN Edge 5000 routers at location 406141498 Which command must be configured on these devices?

Options:

A.

cloud-qos

B.

service qos

C.

cloud-mis qos

D.

mis qos

Question 4

What are the two components of an application-aware firewall? (Choose two.)

Options:

A.

zone pair

B.

sequence

C.

lists

D.

default action

E.

sequence action

F.

firewall policy

Question 5

An engineer must configure egress QoS for voice traffic. Which queue must the engineer configure on the WAN Edge router to accomplish the task?

Options:

A.

queue 0

B.

queue 1

C.

queue 3

D.

queue 7

Question 6

Question # 6

An engineer is creating a policy for VPN1 users. Their scavenger traffic at site 101 must pass through a firewall. Which two match conditions must be selected to enable this policy? (Choose two.)

Options:

A.

destination port

B.

source data prefix

C.

packet length

D.

protocol

E.

application/application family list

Question 7

Which configuration changes the packet loss priority from low to highly?

A)

Question # 7

B)

Question # 7

C)

Question # 7

D)

Question # 7

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 8

Refer to the exhibit.

Question # 8

Question # 8

vManage and vBond have an issue establishing a connection to each other. Which configuration resolves the issue?

Options:

A.

Configure the timezone on vBond to Europe/London.

B.

Configure the encapsulation ipsec command under the tunnel interface on vManage.

C.

Configure a default route on vBond pointing to 172.16.2.254.

D.

Remove the encapsulation ipsec command under the tunnel interface of vBond.

Question 9

An engineer creates a data policy to prevent communication from the 172.20.21.0/24 network to the 172.20.41.0/24 network. Which configuration accomplishes this task?

Question # 9

Question # 9

Question # 9

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 10

Drag and drop the BFD parameters from the left onto the BFD configurations on the right.

Question # 10

Options:

Question 11

Refer to the exhibit.

Question # 11

Customer XYZ cannot provison dual connectivity on both Its routers due to budget constratnts but wants to use tnth RI and R2 interface for users behind them for load toward the hub site Which configurauon achieves this objectives?

A)

Question # 11

B)

Question # 11

C)

Question # 11

D)

Question # 11

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 12

What is a default protocol for control plane connection?

Options:

A.

IPsec

B.

HTTPS

C.

TLS

D.

DTLS

Question 13

Refer to the exhibit.

Question # 13

cEdge101 has six possible routes to connect to spokes. However, only four routes are currently in use. Which CLI configuration ensures that all six routes are used?

Options:

A.

cEdge101# omp | send-path-limit 16

B.

cEdge101# omp | send-backup-paths | send-path-limit 16

C.

vsmart# omp | send-backup-paths

D.

vsmart# omp | no shutdown | send-path-limit 16 | send-backup-paths | graceful-restart

Question 14

An engineer must configure a centralized policy on a site in which all HTTP traffic should use the Public Internet circuit if the loss on this circuit is below 10%. otherwise MPLS should be used Which configuration wizard fulfils this requirement?

Options:

A.

Create Applications or Groups of Interest > Configure Traffic Rules > Apply Policies to Sites and VPNs

B.

Configure VPN Membership > Apply Policies to Sites and VPNs

C.

Create Applications or Groups of interest > Configure Traffic Data > Apply Policies to Sites and VPNs

D.

Configure Topology > Apply Policies to Sites and VPNs

Question 15

Which feature builds transport redundancy by using the cross link between two redundant WAN Edge routers?

Options:

A.

OMP

B.

zero-touch provisioning

C.

quality of service

D.

TLOC extension

Question 16

Drag and drop the attributes from the left that make each transport location unique onto the right. Not all options are used.

Question # 16

Options:

Question 17

Which application list is preconfigured?

Options:

A.

Google_Apps

B.

Cisco Apps

C.

Microsoft_Office365

D.

P2P_Apps

Question 18

How many vManage NMSs should be installed in each domain to achieve scalability and redundancy?

Options:

A.

two instances

B.

two clusters

C.

three or more in a cluster

D.

two or more in a cluster

Question 19

An organization requires the use of integrated preventative engines, exploit protection, and the most updated and advanced signature-based antivirus with sandboxing and threat intelligence to stop malicious attachments before they reach users and get executed. Which Cisco SD-WAN solution meets the requirements?

Options:

A.

Cisco Trust Anchor module

B.

URL filtering and Umbrella DNS security

C.

Cisco AMP and Threat Grid

D.

Snort IPS

Question 20

A customer wants to use AWS for Cisco SD-WAN laaS services by deploying virtual SD-WAN routers in a transit AWS VPC The transit VPC then connects via site-to-site IPsec tunnels to an AWS transit gateway Which transit VPC connects via site-to-site IPsec tunnels to an AWS transit gateway?

Options:

A.

Cisco Cloud onRamp for Multicloud

B.

Cisco Cloud onRamp for SaaS

C.

Cisco Cloud onRamp for Colocation

D.

Cisco Cloud onRamp for laaS

Question 21

Which protocol is used for the vManage to connect to the vSmart Controller hosted in Cloud?

Options:

A.

PnP Server

B.

ZTP

C.

NETCONF

D.

HTTP

Question 22

Which component is used for stateful inspection of TCP, UDP. and ICMP flows in Cisco SD-WAN firewall policies?

Options:

A.

zones

B.

sites

C.

subnets

D.

interfaces

Question 23

Refer to the exhibit.

Question # 23

vManage and vSmart have an issue establishing a connection to vBond. Which configuration resolves the issue?

Options:

A.

Configure the tunnel interface on all three controllers with a color of transport.

B.

Change the timezone on the vSmart to Europe/London.

C.

Configure the (11.1.1.X/24) IP addresses on the elhO interfaces on vManage and vSmart.

D.

Reconfigure the system-ip parameter on vSmart to 11.1.1.2.

Question 24

Refer to the exhibit.

Question # 24

An enterprise has enabled load balancing over MPLS and Internet links. Which feature from the monitoring tool does an engineer use to visualize the available links utilized by the data traffic between Service VPNs?

Options:

A.

Simulate Flows

B.

App Route Visualization

C.

Top Talkers

D.

Control Connections (Live View)

Question 25

An administrator must configure an ACL for traffic coming in from the service-side VPN on a specific WAN device with circuit ID 391897770. Which policy must be used to configure this ACL?

Options:

A.

local data policy

B.

central data policy

C.

app-aware policy

D.

central control policy

Question 26

Which control policy assigned to Drenches in the out direction establishes a strict hub-and-spoke topology tor VPN2?

A)

Question # 26

B)

Question # 26

C)

Question # 26

D)

Question # 26

Options:

A.

Option

B.

Option

C.

Option

D.

Option

Question 27

Refer to the exhibit.

Question # 27

An engineer is troubleshooting a control connection Issue. What does "connect" mean in this how control connections output?

Options:

A.

Control connection is down

B.

Control connection is connected

C.

Control connection attempt is in progress

D.

Control connection is up

Question 28

Refer to the exhibit.

Question # 28

The engineer must assign community tags to 3 of its 74 critical server networks as soon as that are advertised to BGP peers. These server networks must not be advertised outside AS. Which configuration fulfill this requirement?

A)

Question # 28

B)

Question # 28

C)

Question # 28

D)

Question # 28

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 29

Which issue triggers the Cisco Umbrella resolver to toward DNS requests to the intelligent proxy?

Which issue triggers the Cisco Umbrella resolver to toward DNS requests to the intelligent proxy?

Options:

A.

A domain is nonexistent.

B.

A domain is block-listed.

C.

A domain is locally reachable.

D.

A domain is grey-listed.

Question 30

An engineer is tasked to improve throughput for connection-oriented traffic by decreasing round-trip latency. Which configuration will achieve this goal?

Options:

A.

turn on "Enable TCP Optimization"

B.

turn off "Enhance ECMP Keying"

C.

turn off "Enable TCP Optimization"

D.

turn on "Enhance ECMP Keying"

Question 31

Which data policy configuration influences BGP routing traffic flow from LAN to WAN?

A)

Question # 31

B)

Question # 31

C)

Question # 31

D)

Question # 31

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 32

Which protocol is used between redundant vSmart controllers to establish a permanent communication channel?

Options:

A.

IPsec

B.

HTTPs

C.

DTLS

D.

SSL

Question 33

How does the replicator role function in cisco SD-WAN?

Options:

A.

WAN Edge devices advertise the rendezvous point to all the receivers through the underlay network.

B.

vSmart Controllers advertise the rendezvous point to all the receivers through the overlay network.

C.

WAN Edge devices advertise the rendezvous point to all receivers through the overlay network.

D.

vSmart Controllers advertise the rendezvous point to all the receivers through the underlay network.

Question 34

Which component of the Cisco SD-WAN secure extensible network provides a single pane of glass approach to network monitoring and configuration?

Options:

A.

APIC-EM

B.

vSmart

C.

vManage

D.

vBond

Question 35

An engineer creates this data policy for DIA for VPN 10:

Question # 35

Which policy sequence enables DIA for external networks?

Question # 35

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 36

A network administrator configures SNMFV3 on a Cisco WAN Edge router from CL I for monitoring purposes How many characters are supported by the snmp user username command?

Options:

A.

from 1 to 8

B.

from 1 to 16

C.

from 1 to 32

D.

from 1 to 48

Question 37

A bank is looking for improved customer experience for applications and reduce overhead related to compliance and security. Which key feature or features of the Cisco SD-WAN solution will help the bank to achieve their goals?

Options:

A.

Integration with PaaS providers to offer the best possible application experience

B.

QoS including application prioritization and meeting critical applications SLA for selecting optimal path.

C.

implementation of a modem age core banking system

D.

implementation of BGP across the enterprise routing for selecting optimal path

Question 38

When VPNs are grouped to create destination zone in Zone-Based Firewall, how many zones can a single VPN be part of?

Options:

A.

two

B.

four

C.

one

D.

three

Question 39

What is a benefit of the application-aware firewall?

Options:

A.

It blocks traffic by MAC address

B.

It blocks traffic by MTU of the packet.

C.

It blocks traffic by application.

D.

It blocks encrypted traffic

Question 40

What is a requirement for deployment of on-premises vBond controllers through the Cisco Plug and Play Connect process?

Options:

A.

a DNS name that identifies vBond

B.

a defined controller profile

C.

Internet connectivity from vManage

D.

a CSV The that contains ail controllers

Question 41

Which third-party Enterprise CA server must be used (or a cloud-based vSmart controller?

Options:

A.

RootCert

B.

Microsoft

C.

RADIUS

D.

VeriSign

Question 42

Question # 42

Refer to the exhibit A user has selected the options while configuring a VPN Interface Ethernet feature template What is the required configuration parameter the user must set in this template for this feature to function?

Options:

A.

The "IP MTU" field must be increased from the default value of 1500 to support the additional overhead.

B.

The "Shaping Rate (Kbps)" field must be configured with a value

C.

The "Adaptive QoS" field must be set to "on"

D.

The "Bandwidth Downstream" field must be configured with a value

Question 43

An engineer configured a data policy called ROME-POLICY. Which configuration allows traffic flow from the Rome internal network toward other sites?

Options:

A.

apply-policy site-list Rome data-policy ROME-POLICY from-tunnel

B.

apply-policy site-list Rome data-policy ROME-POLICY from-service

C.

site-list Rome control-policy ROME-POLICY in

D.

site-list Rome control-policy ROME-POLICY out

Question 44

Question # 44

Refer to the exhibit. An ongineer configured OMP with an ovorlay-as of 10666. What is tho AS-PATH for prefix 104.104.104.104/32 on R1007?

Options:

A.

100 10666 104

B.

100 10666

C.

100 10666 20 104

D.

100 20 104

Question 45

What do receivers request to join multicast streams in a Cisco SO-WAN network?

Options:

A.

IGMP membership reports directly with a multicast router.

B.

Multicast service routes with the vSmart controller

C.

IGMP membership reports directly with the vBond orchestrator.

D.

PIM messages with the nearest neighboring multicast router.

Question 46

A customer has 1 to 100 service VPNs and wants to restrict outbound updates for VPN1 Which control policy configuration restricts these updates?

A)

Question # 46

B)

Question # 46

C)

Question # 46

D)

Question # 46

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 47

An engineer is configuring a data policy for packets that must be captured through the policy. Which command accomplishes this task?

Options:

A.

policy > data-policy > vpn-list > sequence > default-action > drop

B.

policy > data-policy > vpn-list > sequence > action

C.

policy > data-policy > vpn-list > sequence > default-action > accept

D.

policy > data-policy > vpn-list > sequence > match

Question 48

Which command verifies a policy that has been pushed to the vEdge router?

Options:

A.

vEdge# show running-config data policy

B.

vEdge# show policy from-vsmart

C.

vSmart# show running-config policy

D.

vSmart# show running-config apply-policy

Question 49

Question # 49

Refer to the exhibit The network team must configure application-aware routing for the Service VPN 50.0.0.0/16 The SLA must prefer MPLS for video traffic but the remaining traffic must use a public network What must be defined other than applications before the application-aware policy is create?

Options:

A.

SLA Class, Site VPN. Prefix

B.

Data Prefix, Site VPN TLOC

C.

Application, SLA VPN. Prefix

D.

Color, SLA Class, Sue, VPN

Question 50

How is the scalability of the vManage increased in Cisco SD-WAN Fabric?

Options:

A.

Increase licensing on the vManage

B.

Deploy multiple vManage controllers in a cluster

C.

Deploy more than one vManage controllers on different physical server.

D.

Increase the bandwidth of the WAN link connected to the vManage

Question 51

What is the function of colocation in Cloud OnRamp SaaS?

Options:

A.

Cloud OnRamp incorporates regional colocation facilities by choosing between cloud access points at the remote site and regional cloud access points at the colocation facilities.

B.

The Cloud OnRamp for colocation solution restricts the creation of different VNF service chains orchestrated in Cisco vManage and deployed on a cluster in a colocation facility.

C.

In Cloud OnRamp. colocation supports the capability of virtualizing access-only locations and using colocation centers that require the customer to extend to the cloud.

D.

With colocation facility in Cloud OnRamp. the customer faces challenges to virtualize the security and optimization infrastructure that influence traffic through network elements.

Question 52

Which behavior describes a WAN Edge router running dual DIA when its DPI engine has identified a cloud SaaS application?

Options:

A.

Application traffic flows are routed over best performing DIA circuit, which makes the routing decision based on the best performing path.

B.

The gateway WAN Edge router DPI engine accepts the DNS query for SaaS applications, and DNS queries for noncloud applications follow the explicit path.

C.

Existing flows change the path and drop the traffic when the performance of the chosen path degrades.

D.

The WAN Edge DPI engine never selects a subperforming DIA circuit for the first application, and the WAN Edge router finds the SaaS application.

Question 53

Question # 53

Refer to the exhibit. The ge0/0 interface connects to a 30-MB link. A network administrator wants to always have 10 MB available for high priority traffic. When lower-priority traffic busts exceed 20 MB. Traffic should be redirected to the second WAN interface ge0/1. Which set of configurations accomplishes this task?

A)

Question # 53

B)

Question # 53

C)

Question # 53

D)

Question # 53

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 54

Which percentage for total memory or total CPU usage for a device is classified as normal in the WAN Edge Health pane?

Options:

A.

more than 80 percent usage

B.

less than 70 percent usage

C.

between 70 to 90 percent usage

D.

more than 90 percent usage

Question 55

What is a requirement for a WAN Edge to reach vManage, vBond, and vSmart controllers in a data center?

Options:

A.

IGP

B.

QoS

C.

TLS

D.

OMP

Question 56

Which destination UDP port is used by WAN Edge router to make a DTLS connection with vBond Orchestrator?

Options:

A.

12343

B.

12345

C.

12346

D.

12347

Question 57

Which combination of platforms are managed by vManage?

Options:

A.

ISR4321, ASR1001, ENCS, lSRv

B.

ISR4351, ASR1002HX, vEdge2000, vEdge Cloud

C.

ISR4321, ASR1001, Nexus, ENCS

D.

lSR435l, ASRl009, vEdge2000, CSR1000v

Question 58

Company ABC has decided to deploy the controllers using the On-Prem method. How does the administrator upload the WAN Edge list to the vManage?

A)

Question # 58

B)

Question # 58

C)

Question # 58

D)

Question # 58

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 59

What are the two advantages of configuration groups in a Cisco SD-WAN deployment? (Choose two.)

Options:

A.

Individual devices are associated with a configuration group and a device template.

B.

Individual devices are added to multiple groups.

C.

Individual devices are grouped based on a shared configuration.

D.

A subset of devices is identified with tags.

E.

An individual device has multiple tag rules.

Question 60

Drag and drop the steps from the left Into the order on the right to delete a software image for a WAN Edge router starting with Maintenance > Software Upgrade > Device list on vManage.

Question # 60

Options:

Question 61

Drag and drop the route verification output from show omp tlocs from the left onto the correct explanations on the right.

Question # 61

Options:

Question 62

In Cisco SD-WAN, what protocol is used for control connections between SD-WAN devices?

Options:

A.

DTLS

B.

OMP

C.

BGP

D.

OSPF

Question 63

What is an attribute of TLOC’?

Options:

A.

encryption

B.

local preference

C.

tag

D.

service

Question 64

Which attribute identifies the type of a vRoute?

Options:

A.

tag

B.

encapsulation

C.

originator

D.

origin

Question 65

Which Cisco SD-WAN configuration provides the advantages of day-zero deployment and reusable configuration components?

Options:

A.

CLI-based templates

B.

configuration groups

C.

configuration via the vBond controller

D.

configuration through a Cisco Prime server

Question 66

What is a description of vManage NMS?

Options:

A.

It is accessible only from VPN 512 (the management VPN).

B.

A cluster requires device templates to be created on and attached to the same server

C.

It is a software process on a dedicated WAN Edge router in the network.

D.

A cluster consists of a minimum of two vManage NMSs

Question 67

Which two different states of a WAN Edge certificate are shown on vManage? (Choose two.)

Options:

A.

inactive

B.

active

C.

staging

D.

invalid

E.

provisioned

Question 68

Refer to the exhibit.

Question # 68

The Cisco SD-WAN network is configured with a default full-mesh topology. An engineer wants Paris WAN Edge to use the Internet HOC as the preferred TLOC for MSN Messenger and AOL Messenger traffic. Which policy achieves this goal?

A)

Question # 68

B)

Question # 68

C)

Question # 68

D)

Question # 68

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 69

A network administrator is creating an OMP feature template from the vManage GUI to be applied to WAN edge routers. Which configuration attribute will avoid the redistribution of the routes back into the OMP from the LAN side?

Options:

A.

configure "Number of Paths Advertised per Prefix"

B.

configure "Overlay AS Number"

C.

configure "Send Backup Paths"

D.

configure "ECMP limit"

Question 70

What is the main purpose of using TLOC extensions in WAN Edge router configuration?

Options:

A.

creates hardware-level transport redundancy at the local site

B.

creates an IPsec tunnel from WAN Edge to vBond Orchestrator

C.

transports control traffic to a redundant vSmart Controller

D.

transports control traffic w remote-site WAN Edge routers

Question 71

Which type of lists are used to group related items via an application-aware routing policy under the policy lists command hierarchy on vSmart controllers?

Options:

A.

data prefix, she. and VPN

B.

OSCP value, application, and VPN

C.

data prefix, application, and SLA class

D.

DSCP value, site, and VPN

Question 72

A network administrator is configuring a centralized control policy based on match action pairs for multiple conditions, which order must be configured to prefer Prefix List over TLOC and TLOC over Origin?

Options:

A.

highest to lowest sequence number

B.

nonsequential order

C.

deterministic order

D.

lowest to highest sequence number

Question 73

Refer to the exhibit.

Question # 73

An engineer configured OMP with an overlay-as of 10666. What is the AS-PATH for prefix 104.104.104.104/32 on R100?

Options:

A.

100 10666

B.

100 20 104

C.

100 10666 20 104

D.

100 10666 104

Question 74

Which value of the IPsec rekey timer must be set by the engineer for an OMP graceful restart value set for 24 hours?

Options:

A.

6 hours

B.

12 hours

C.

36 hours

D.

48 hours

Question 75

Where on vManage does an engineer find the details of control node failure?

Options:

A.

Alarms

B.

Events

C.

Audit log

D.

Network

Question 76

What is a benefit of using REST APIs?

Options:

A.

predefined automation and orchestration platform for event management and logging

B.

user-defined automation and integration into other orchestration systems or tools

C.

vAnalytics to simplify operational services integration and real-time event monitoring

D.

predefined SD-WAN controller with other platform integration for event management and logging

Question 77

Which feature delivers traffic to the Cisco Umbrella SIG cloud from a Cisco SD-WAN domain?

Options:

A.

L2TPv3 tunnel

B.

IPsec tunnel

C.

local umbrella agent

D.

source NAT

Question 78

Question # 78

Refer to the exhibit. An engineer is troubleshooting a control connection issue on a WAN Edge device that shows socket errors. The packet capture shows some ICMP packets dropped between the two devices. Which action resolves the issue?

Options:

A.

Recover the vManage controller that is down m a high availability cluster

B.

Change the system IP or restart the VWN Edge 4 the system IP is changed

C.

Remove IP duplication in the network and configure a unique IP address

D.

Recover vBond or wart for the controller to reload which could be caused by a reset

Question 79

Question # 79

Refer to the exhibit. Which issue is shown, and which action must an engineer take to resolve the issue?

Options:

A.

An IPsec issue; verify and resolve the tunnel configurations on devices.

B.

An organization name issue; verify and correct the configuration on the devices.

C.

A certificate issue; verify and correct the certificate attributes.

D.

A connectivity issue; verify and resolve the reachability to the controller.

Question 80

Question # 80

Refer to the exhibit. Which configuration extends the INET interface on R1 to be used by R2 for control and data connections?

A)

Question # 80

B)

Question # 80

C)

Question # 80

Options:

A.

Option A

B.

Option B

C.

Option C

Question 81

Which VPN connects the transport-side WAN Edge interface to the underlay/WAN network?

Options:

A.

VPN 1

B.

VPN 511

C.

VPN 0

D.

VPN 512

Question 82

Which SD-WAN component detects path performance information in the organization to report the issue to the service provider at site ID:S4288T5E44F04?

Options:

A.

vAnalytics

B.

vManage NMS

C.

vBond Orchestrator

D.

Cisco DNA

Question 83

Question # 83

Refer to the exhibit Which configuration ensures that OSPF routes learned from Site2 are reachable at Sitel and vice-versa?

Question # 83

Question # 83

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 84

Question # 84

Refer to the exhibit. Which configuration value is used to change the administrative distance of iBGP routes to 20?

Options:

A.

Configure internal Routes Distance to 20

B.

Configure Propagate AS Path to off

C.

Configure Local Distance to 20

D.

Configure External routes distance 20

Question 85

Question # 85

Refer to the exhibit. A Cisco SD-WAN network carries traffic for several departments and over 1200 users with several applications at site A and site B branches over the MPLS1 circuit. An engineer is provisioning a higher bandwidth on-demand metro circuit as a backup connection. Which two configurations must the engineer apply to implement the on-demand tunnels? (Choose two.)

Options:

A.

B.

C.

D.

E.

Question 86

Which type of route advertisement of OMP can be verified?

Options:

A.

OMP, VPN. and origin

B.

Origin, TLOC, and VPN

C.

Origin, TLOC, and service

D.

OMP, TLOC and service

Question 87

Which protocol runs between the vSmart controllers and WAN Edge routers when the vSmart controller acts like a route reflector?

Options:

A.

OMP outside the DTLS/TLS control connection

B.

BGP inside the DTLS/TLS

C.

IPsec inside the DTLS/TLS control connection

D.

OMP inside the DTLS/TLS control connection

Question 88

What is the function of the AppNav Controller in the Cisco SD-WAN AppNav solution?

Options:

A.

It accelerates specific traffic based on preconfigured policies.

B.

It provides information about configured optimization policies on SD-WAN edge devices.

C.

It provides configuration and monitoring for WAAS nodes.

D.

It intercepts and distributes network traffic based on configured policies.

Question 89

Question # 89

Refer to the exhibit. A customer wants to deploy service insertion at site1. Which traffic from VPN 10 must route to this site through a firewall. A policy must be in place to route VPN 10 traffic from all sites toward this firewall. Which configuration must be on the vSmart controller to meet this requirement?

Options:

A.

B.

C.

D.

Question 90

Which Cisco router provides a distributed multicore architecture optimized for SD-WAN branch support?

Options:

A.

Cisco 1000 ISR series

B.

Cisco 2900 ISR series

C.

Cisco Catalyst 3850 series

D.

Cisco 3900 ISR series

Question 91

Which two criteria ate supported to filter traffic on a Cisco Umbrella Cloud-delivered firewall? (Choose two )

Options:

A.

tunnels

B.

site ID

C.

URL

D.

geolocation

E.

protocol

Question 92

Which two features does the application firewall provide? (Choose two.)

Options:

A.

classification of 1400+ layer 7 applications

B.

blocks traffic by application or application-family

C.

numbered sequences of match-action pairs

D.

classification of 1000+ layer 4 applications

E.

application match parameters

Question 93

Which configuration defines the groups of interest before creation of the access list or route map?

A)

Question # 93

B)

Question # 93

C)

Question # 93

D.

Question # 93

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 94

Question # 94

Question # 94

Refer to the exhibit. Company ABC has a hub-and-spoke topology in place and currently is load balancing their data traffic at the hub site over MPLS and the public Internet. The leased circuit must be preferred over the shared circuit. Which configuration meets the requirement?

Question # 94

Question # 94

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 95

Which capability does Cisco SD-WAN Multi-Region Fabric provide?

Options:

A.

end-to-end SLA-aware routing

B.

overlay support for IP multicast

C.

end-to-end encryption for inter-region traffic

D.

assignment of a single vSmart controller to handle region 0 and noncore regions

Question 96

When the VPN membership policy is being controlled at the vSmart controller, which policy disallows VPN 1 at sites 20 and 30?

A)

Question # 96

B)

Question # 96

C)

Question # 96

D)

Question # 96

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 97

Which template configures the out-of-band management VPN?

A)

Question # 97

B)

Question # 97

C)

Question # 97

D)

Question # 97

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 98

An engineering team must prepare a traffic engineering policy where an MPLS circuit is preferred for traffic coming from the Admin VLAN Internet should be used as a backup only. Which configuration fulfill this requirement?

A)

Question # 98

B)

Question # 98

C)

Question # 98

D)

Question # 98

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 99

Question # 99

Refer to the exhibit. An enterprise network is connected with an ISP network on an 80 Mbps bandwidth link. The network operation team observes 100 Mbps traffic on the 1Gig-ISP link during peak hours Which configuration provides bandwidth control to avoid traffic congestion during peak hours?

A)

Question # 99

B)

Question # 99

C)

Question # 99

D)

Question # 99

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 100

An engineer wants to change the configuration of the certificate authorization mode from manual to automated. Which GUI selection will accomplish this?

Options:

A.

Maintenance > Security

B.

Configuration > Certificates

C.

Administration > Settings

D.

Tools > Operational Commands

Question 101

Which cloud based component in cisco SD-WAN is responsible for establishing a secure connection to each WAN edge router and distributes routers and policy information via omp?

Options:

A.

vBond

B.

vManage

C.

vSmart

D.

WAN Edge

Question 102

A network administrator is configuring VRRP to avoid a traffic black hole when the transport side of the network is down on the master device. What must be configured to get the fastest failover to standby?

Options:

A.

lower timer interval

B.

prefix-list tracking

C.

higher group ID number

D.

OMP tracking

Question 103

Which two requirements must be met for DNS inspection when integrating with cisco umbrella? (Choose two)

Options:

A.

Upload the WAN Edge serial allow list to the Umbrella portal.

B.

Attach security policy to the device template.

C.

Configure the Umbrella token on the vManage

D.

Create and attach a System feature template with the Umbrella registration credentials.

E.

Register and configure the vManage public IP and serial number in the Umbrella portal.

Question 104

Refer to the exhibit.

Question # 104

Customer XYZ cannot provision dual connectivity on both of its routers due to budget constraints but wants to use both R1 and R2 interlaces for users behind them for load balancing toward the hub site. Which configuration achieves this objective?

Question # 104

Question # 104

Question # 104

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 105

Which secure connection should be used to access the REST APIs through the Cisco vManage web server?

Options:

A.

HTTP inspector interface

B.

authenticated HTTPS

C.

authenticated DTLS

D.

JSON Inspector interface

Question 106

Which plane builds and maintains the network topology and makes decisions on traffic flows?

Options:

A.

orchestration

B.

management

C.

control

D.

data

Question 107

In a Cisco SD-WAN architecture, what is the role of the WAN Edge?

Options:

A.

It provides orchestration to assist in automatic provisioning of WAN Edge routers and overlay

B.

It is the management plane responsible for centralized configuration and monitoring

C.

It is the control plane that builds and maintains network topology

D.

It is the data plane that is responsible for forwarding traffic

Question 108

Which action is performed during the onboarding process when a WAN Edge router is connected to ZTP server ztp.viptela com?

Options:

A.

The router is connected to WAN Edge Cloud Center

B.

The router is synced with vSmart Controller via an IPsec tunnel

C.

The router receives its vBond Orchestrator information

D.

The router is connected 10 vSmart Controller via a DTLSTLS tunnel

Question 109

Refer to the exhibit.

Question # 109

The network team must configure branch B WAN Edge device 103 to establish dynamic full-mesh IPsec tunnels between all colors with branches over MPLS and Internet circuits. The branch ts configured with:

Question # 109

Question # 109

Which configuration meets the requirement?

A)

Question # 109

B)

Question # 109

C)

Question # 109

D)

Question # 109

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 110

What are two benefits of installing Cisco SD-WAN controllers on cloud-hosted services? (Choose two.)

Options:

A.

utilizes well-known cloud services such as Azure. AWS. and GCP

B.

accelerates Cisco SD-WAN deployment

C.

allows integration of the WAN Edge devices In the cloud

D.

installs the controllers in two cloud regions in a primary and backup setup

E.

automatically Implements zone-based firewalling on the controllers

Question 111

What is the ZTP workflow for Cisco IOS XE-based devices?

Question # 111

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 112

A network administrator is configuring Qos on a vEdge 5000 router and needs to enable it on the transport side interface. Which policy setting must be selected to accomplish this goal?

Options:

A.

Cloud QoS Service side

B.

Cloud QoS

C.

NetFlow

D.

Application

Question 113

Which feature template configures OMP?

A)

Question # 113

B)

Question # 113

C)

Question # 113

D)

Question # 113

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 114

Which device in the SD- WAN solution receives and categorizes event reports, and generates alarms?

Options:

A.

WAN Edge routers

B.

vSmart controllers

C.

vManage NMS

D.

vBond controllers

Question 115

Which component of the Cisco SD-WAN control plane architecture should be located in a public Internet address space and facilitates NAT-traversal?

Options:

A.

vBond

B.

WAN Edge

C.

vSmart

D.

vManage

Question 116

How many subnets are necessary in Azure VNet for a WAN Edge device to function in the cloud deployment?

Options:

A.

CSR is the WAN Edge device that is supported in the Microsoft cloud. The Microsoft underlay cloud fabric performs the management function.

B.

There must be three subnets in VNet: management, public, and services.

C.

One public subnet is required in VNet. The Microsoft underlay cloud fabric performs all of the routing functions for WAN Edge.

D.

Public and services subnets are required in VNet. The Microsoft underlay cloud fabric performs the management function.

Question 117

An organization wants to discover monitor and track the applications running on the WAN Edge device on the LAN Which configuration achieves this goal?

Question # 117

Question # 117

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 118

Question # 118

Refer to the exhibit Which configuration sets up direct Internet access for VPN 1?

Question # 118

Question # 118

Options:

A.

Option A

B.

Option B

C.

Option C

Question 119

Which protocol is used to measure jitter, loss, and latency on SD-WAN overlay tunnels?

Options:

A.

QoE

B.

OMP

C.

BGP

D.

BFD

Question 120

Drag and drop the alarm states from the left onto the corresponding alarm descriptions on the right.

Question # 120

Options:

Question 121

In the Cisco SD_WAN solution, vSmart controller is responsible for which two actions? (Choose two.)

Options:

A.

Distribute crypto key information among vEdge routers

B.

Configure and monitor vEdge routers.

C.

Authenticate and authorize vEdge routers.

D.

Distribute the IP address from DHCP server to vEdge routers.

E.

Distribute route and policy information via OMP.

Question 122

What are the default username and password for vSmart Controller when it is installed on a VMware ESXi hypervisor'?

Options:

A.

username Cisco password admin

B.

username admin password Cisco

C.

username Cisco password Cisco

D.

username admin password admin

Question 123

Configure individual VRFs for each customer according to the topology to achieve these goals :

Question # 123

Question # 123

R1

Question # 123

Question # 123

Question # 123

Question # 123

R2

Question # 123

Question # 123

Question # 123

Question # 123

SW1

Question # 123

Question # 123

Question # 123

SW2

Question # 123

Question # 123

Question # 123

SW3

Question # 123

Question # 123

Question # 123

Question # 123

Question # 123

Question # 123

Question # 123

Options:

Question 124

An engineer must configure two branch WAN Edge devices where an Internet connection is available and the controllers are in the headquarters. The requirement is to have IPsec VPN tunnels established between the same colors. Which configuration meets the requirement on both WAN Edge devices?

Question # 124

Question # 124

Question # 124

Question # 124

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 125

Refer to the exhibit.

Question # 125

Which QoS treatment results from this configuration after the access list acl-guest is applied inbound on the vpn1 interface?

Options:

A.

A UDP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted

B.

A TCP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped

C.

A UDP packet souring from 172.16.10.1 and destined to 172.16.20.1 is dropped.

D.

A TCP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted

Question 126

Which platform cannot provide IPS and URL filtering capabilities?

Options:

A.

Cisco CSR 1000V

B.

Cisco ISR 1000

C.

Cisco Catalyst 8300

D.

Cisco ISR 4000

Question 127

Question # 127

Refer to the exhibit. The Cisco SD-WAN is deployed using the default topology. The engineer wants to configure a service insertion policy such that all data traffic between Rome to Paris is forwarded through the NGFW located in London. Which configuration fulfills this requirement, assuming that the Service VPN ID is 1?

Options:

A.

Option A127

B.

Option B127

C.

Option C127

D.

Option D127

Question 128

Which on-the-box security feature supported by the Cisco ISR 4451 SD-WAN device and not on vEdge?

Options:

A.

Cloud Express service

B.

Enterprise Firewall with Application Awareness

C.

reverse proxy

D.

IPsec/GRE cloud proxy

Question 129

Which encryption algorithm is used for encrypting SD-WAN data plane traffic?

Options:

A.

Triple DES

B.

IPsec

C.

AES-128

D.

AES-256 GCM

Question 130

An engineer modifies a data policy for DIA in VPN 67. The location has two Internet-bound circuits. Only the web browsing traffic must be admitted for DIA. without further discrimination about which transport to use.

Here is the existing data policy configuration:

Question # 130

Which policy configuration sequence meets the requirements?

Question # 130

Question # 130

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 131

Which controller is excluded from the process of checking against the authorized, allowed list?

Options:

A.

vBond

B.

PnP

C.

vSmart

D.

vManage

Question 132

Which protocol is used to propagate multicast join requests over the Cisco SD-WAN fabric?

Options:

A.

ARP

B.

Auto-RP

C.

OMP

D.

IGMP

Question 133

Which SD-WAN devices require multicast PIM and IGMP configurations when setting up SD-WAN multicast?

Options:

A.

branch devices with multicast receivers

B.

branch devices with unicast traffic

C.

data center replicator devices

D.

data center devices with multicast sources

Load More 300-415 Questions 
Page: 1 / 45
Total 446 questions
Get 300-415 Full Access Download 300-415 PDF