300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) Part 1
Question #: 1
Topic #: 1
Which component of the Cisco SD-WAN architecture oversees the control plane of overlay network to establish, adjust, and maintain the connections between the
WAN Edge devices that form the Cisco SD-WAN fabric?
A. APIC-EM
B. vSmart
C. vManage
D. vBond
Selected Answer: B
Question #: 2
Topic #: 1
Which two hardware platforms support Cisco IOS XE SD-WAN images? (Choose two.)
A. ISR4000 series
B. ISR9300 series
C. vEdge-1000 series
D. ASR9000 series
E. ASR1000 series
Selected Answer: AE
Question #: 3
Topic #: 1
What is a default protocol for control plane connection?
A. HTTPS
B. TLS
C. IPsec
D. DTLS
Selected Answer: D
Question #: 4
Topic #: 1
DRAG DROP –
Drag and drop the devices from the left onto the correct functions on the right.
Select and Place:
Suggestion Answer:
Question #: 5
Topic #: 1
Which component of the Cisco SD-WAN control plane architecture should be located in a public Internet address space and facilitates NAT-traversal?
A. WAN Edge
B. vSmart
C. vBond
D. vManage
Selected Answer: C
Question #: 6
Topic #: 1
Which Cisco SD-WAN WAN Edge platform supports LTE and Wi-Fi?
A. ISR 1101
B. ASR 1001
C. CSR 1000v
D. vEdge 2000
Selected Answer: A
Question #: 7
Topic #: 1
Refer to the exhibit. What does the BFD value of 8 represent?
A. dead timer of BFD session
B. poll-interval of BFD session
C. hello timer of BFD session
D. number of BFD sessions
Selected Answer: D
Question #: 8
Topic #: 1
A network administrator is bringing up one WAN Edge router for branch connectivity. Which types of tunnels form when the WAN edge router connects to the
Cisco SD-WAN fabric?
A. DTLS or TLS tunnel with vSmart controller and IPsec tunnel with vBond controller
B. DTLS or TLS tunnel with vBond controller and IPsec tunnel with vManage controller
C. DTLS or TLS tunnel with vBond controller and IPsec tunnel with other WAN Edge routers
D. DTLS or TLS tunnel with vSmart controller and IPsec tunnel with other WAN Edge routers
Selected Answer: D
Question #: 9
Topic #: 1
If Smart Account Sync is not used, which Cisco SD-WAN component is used to upload an authorized serial number file?
A. WAN Edge
B. vSmart
C. vBond
D. vManage
Selected Answer: D
Question #: 10
Topic #: 1
Which port is used for vBond under controller certificates if no alternate port is configured?
A. 12344
B. 12345
C. 12347
D. 12346
Selected Answer: D
Question #: 11
Topic #: 1
In the Cisco SD-WAN solution, vSmart controller is responsible for which two actions? (Choose two.)
A. Authenticate and authorize WAN Edge routers.
B. Configure and monitor WAN Edge routers.
C. Distribute route and policy information via OMP.
D. Distribute the IP address from DHCP server to WAN Edge routers.
E. Distribute crypto key information among WAN Edge routers.
Selected Answer: CE
Question #: 12
Topic #: 1
When a WAN Edge device joins the Cisco SD-WAN overlay, which Cisco SD-WAN component orchestrates the connection between the WAN Edge device and a vSmart controller?
A. vManage
B. vBond
C. OMP
D. APIC-EM
Selected Answer: B
Question #: 13
Topic #: 1
In an AWS cloud, which feature provisions WAN Edge routers automatically in Cisco SD-WAN?
A. Cloud OnRamp
B. Cloud app
C. vAnalytics
D. Network Designer
Selected Answer: A
Question #: 14
Topic #: 1
A large retail organization decided to move some of the branch applications to the AWS cloud. How does the network architect extend the in-house Cisco SD-
WAN branch to cloud network into AWS?
A. Create virtual instances of vSmart Cloud through the AWS online software store
B. Create GRE tunnels to AWS from each branch over the Internet
C. Install the AWS Cloud Router in the main data center and provide the connectivity from each branch
D. Create virtual WAN Edge devices Cloud through the AWS online software store
Selected Answer: D
Question #: 15
Topic #: 1
Which two products are used to deploy Cisco WAN Edge Router virtual platforms? (Choose two.)
A. Sun Enterprise M4000 Server running Sun Solaris
B. Sun SPARC Node running AIX
C. Cisco UCS
D. HP ProLiant DL380 Generation 10 running HP-UX
E. Cisco ENCS 5000 Series
Selected Answer: CE
Question #: 16
Topic #: 1
A bank is looking for improved customer experience for applications and reduce overhead related to compliance and security. Which key feature or features of the
Cisco SD-WAN solution will help the bank to achieve their goals?
A. Integration with PaaS providers to offer the best possible application experience
B. QoS including application prioritization and meeting critical applications SLA for selecting optimal path
C. Implementation of BGP across the enterprise routing for selecting optimal path
D. Implementation of a modern age core banking system
Selected Answer: B
Question #: 17
Topic #: 1
Which two prerequisites must be met before the Cloud onRamp for IaaS is initiated on vManage to expand to the AWS cloud? (Choose two.)
A. Attach an OSPF feature template to the AWS cloud Edge router template.
B. Attach the ג€AmazonCreateVPCג€ and ג€AmazonProvisionEC2ג€ permission policy to the IAM account.
C. Subscribe to the SD-WAN Edge router AMI in the AWS account.
D. Attach a device template to the cloud WAN Edge router to be deployed in the AWS.
E. Preprovision the transit VPC in the AWS region.
Selected Answer: CD
Question #: 18
Topic #: 1
In a Cisco SD-WAN network, which component is responsible for distributing route and policy information via the OMP?
A. vManage
B. vSmart Controller
C. vBond Orchestrator
D. WAN Edge Router
Selected Answer: B
Question #: 19
Topic #: 1
DRAG DROP –
Drag and drop the components from the left onto the corresponding Cisco NFV Infrastructure Building Blocks on the right. Not all options are used.
Select and Place:
Suggestion Answer:
Question #: 20
Topic #: 1
For data plane resiliency, what does the Cisco SD-WAN software implement?
A. multiple vBond orchestrators
B. establishing affinity between vSmart controllers and WAN Edge routers
C. OMP
D. BFD
Selected Answer: D
Question #: 21
Topic #: 1
Refer to the exhibit. Which configuration configures IPsec tunnels in active and standby?
A. vpn 1 service netsvc1 interface ipsec1 ipsec2 from-vsmart lists vpn-list 1 vpn 1
B. vpn 0 service netsvc1 interface ipsec1 ipsec2 from-vsmart lists vpn-list 0 vpn 0
C. vpn 1 service netsvc1 interface ipsec1 ipsec2 vpn-list 1 count ServicePSec1_275676046 from-vsmart lists vpn-list 1 vpn 1
D. vpn 0 service netsvc1 interface ipsec1 ipsec2 vpn-list 1 count ServicePSec1_275676046 from-vsmart lists vpn-list 0 vpn 0
Selected Answer: A
Question #: 22
Topic #: 1
An organization wants to use the Cisco SD-WAN regionalized service-chaining feature to optimize cost and user experience with applications in the network, which allows branch routers to analyze and steer traffic toward the required network function. Which feature meets this requirement?
A. Cloud onRamp for Colocation
B. Cloud onRamp for IaaS
C. Cloud Services Platform
D. VNF Service Chaining
Selected Answer: A
Question #: 23
Topic #: 1
DRAG DROP –
Drag and drop the BFD parameters from the left onto the BFD configurations on the right.
Select and Place:
Suggestion Answer:
Question #: 24
Topic #: 1
Which Cisco SD-WAN component facilitates the initial communication between WAN Edge devices to join the fabric?
A. WAN Edge Router
B. vSmart Controller
C. vManage
D. vBond Orchestrator
Selected Answer: D
Question #: 25
Topic #: 1
What is an attribute of TLOC?
A. tag
B. service
C. local preference
D. encryption
Selected Answer: A
Question #: 26
Topic #: 1
What is the behavior of vBond orchestrator?
A. It builds permanent connections with vSmart controllers.
B. It builds permanent connections with WAN Edge routers.
C. It updates vSmart of WAN Edge routers behind NAT devices using OMP.
D. It maintains vSmart and WAN Edge routers secure connectivity state.
Selected Answer: C
Question #: 27
Topic #: 1
Which routing protocol is used to exchange control plane information between vSmart controllers and WAN Edge routers in the Cisco SD-WAN secure extensible network?
A. BGP
B. OSPF
C. BFD
D. OMP
Selected Answer: D
Question #: 28
Topic #: 1
What is a requirement for a WAN Edge to reach vManage, vBond, and vSmart controllers in a data center?
A. OMP
B. IGP
C. QoS
D. TLS
Selected Answer: B
Question #: 29
Topic #: 1
Which secure tunnel type should be used to connect one WAN Edge router to other WAN Edge routers?
A. DTLS
B. SSL VPN
C. IPsec
D. TLS
Selected Answer: C
Question #: 30
Topic #: 1
What is the default value (in milliseconds) set for the poll interval in the BFD basic configuration?
A. 300,000
B. 600,000
C. 900,000
D. 1,200,000
Selected Answer: B
Question #: 31
Topic #: 1
Which plane builds and maintains the network topology and makes decisions on traffic flows?
A. data
B. orchestration
C. management
D. control
Selected Answer: D
Question #: 32
Topic #: 1
How is TLOC defined?
A. It is represented by a unique identifier to specify a site in a SD-WAN architecture.
B. It specifies a Cisco SD-WAN overlay in a multitenant vSMART deployment.
C. It is represented by a group of QoS policies applied to a WAN Edge router.
D. It is a unique collection of GRE or IPsec encapsulations, link color, and system IP address.
Selected Answer: D
Question #: 33
Topic #: 1
Which vBond system configuration under VPN 0 allows for a routable public IP address even if the DNS name, hostname, or IP address of the vBond orchestrator are omitted?
A. WAN
B. local
C. dns-name
D. vbond-only
Selected Answer: B
Question #: 34
Topic #: 1
What are the two advantages of deploying cloud-based Cisco SD-WAN controllers? (Choose two.)
A. centralized control and data plane
B. infrastructure as a service
C. management of SLA
D. centralized raid storage of data
E. distributed authentication policies
Selected Answer: BC
Question #: 35
Topic #: 1
Which two image formats are supported for controller codes? (Choose two.)
A. .nxos
B. .qcow2
C. .iso
D. .ova
E. .bin
Selected Answer: B
Question #: 36
Topic #: 1
Which two platforms for the Cisco SD-WAN architecture are deployable in a hypervisor on-premises or in IAAS Cloud? (Choose two.)
A. CSR 1000v
B. ISR 4431
C. vEdge 100c
D. vEdge 2000
E. vEdge Cloud
Selected Answer: A
Question #: 37
Topic #: 1
How is the scalability of the Manage increased in Cisco SD-WAN Fabric?
A. Increase the bandwidth of the WAN link connected to the vManage
B. Increase licensing on the vManage
C. Deploy more than one vManage controllers on different physical server
D. Deploy multiple vManage controllers in a cluster
Selected Answer: D
Question #: 38
Topic #: 1
Which component of the Cisco SD-WAN control plane architecture facilitates the storage of certificates and configurations for network components?
A. vSmart
B. WAN Edge
C. vManage
D. vBond
Selected Answer: C
Question #: 39
Topic #: 1
An engineer is troubleshooting a vEdge router and identifies a `DCONFAIL `” DTLS connection failure` message. What is the problem?
A. memory issue
B. certificate mismatch
C. organization mismatch
D. connectivity issue
Selected Answer: D
Question #: 40
Topic #: 1
An engineer is troubleshooting a certificate issue on vEdge. Which command is used to verify the validity of the certificates?
A. show control local-properties
B. show control summary
C. show certificate installed
D. show certificate status
Selected Answer: A
Question #: 41
Topic #: 1
Refer to the exhibit. An engineer is troubleshooting a control connection issue. What does `connect` mean in this show control connections output?
A. Control connection is down
B. Control connection is up
C. Control connection attempt is in progress
D. Control connection is connected
Selected Answer: C
Question #: 42
Topic #: 1
In which device state does the WAN Edge router create control connections, but data tunnels are not created?
A. valid
B. backup
C. active
D. staging
Selected Answer: D
Question #: 43
Topic #: 1
What is the purpose of `vpn 0` in the configuration template when onboarding a WAN Edge node?
A. It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vEdge and vManager.
B. It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vSmart and vBond.
C. It carries control traffic over secure DTLS or TLS connections between vSmart controllers and vEdge routers, and between vSmart and vBond.
D. It carries out-of-band network management traffic among the Cisco SD-WAN devices in the overlay network.
Selected Answer: C
Question #: 44
Topic #: 1
A policy is created to influence routing path in the network using a group of prefixes. Which policy application will achieve this goal when applied to a site list?
A. control-policy
B. vpn-membership policy
C. app-route policy
D. cflowd-template
Selected Answer: A
Question #: 45
Topic #: 1
Refer to the exhibit. An engineer is troubleshooting an issue where vManage and vSmart have a problem establishing a connection to vBond. Which action fixes the issue?
A. Remove the encapsulation ipsec command under the tunnel interface of vBond
B. Reconfigure the vbond command on the vBond as vbond 150.5.1.3 local
C. Configure the tunnel interface on all three controllers with a color of transport
D. Configure encapsulation as IPsec under the tunnel interface of vManage and vSmart
Selected Answer: B
Question #: 46
Topic #: 1
Refer to the exhibit. The control connection is failing. Which action resolves the issue?
A. Validate the certificates authenticity on vSmart
B. Restore the reachability to the vSmart
C. Import vSmart in vManager
D. Upload the WAN Edge list on vManage
Selected Answer: B
Question #: 47
Topic #: 1
Refer to the exhibit. An engineer is troubleshooting tear down of control connections even though a valid CertificateSerialNumber is entered. Which two actions resolve the issue? (Choose two.)
A. Enter a valid product ID (model) on the PNP portal
B. Match the serial number file between the controllers
C. Remove the duplicate IP in the network
D. Restore network reachability for the controller
E. Enter a valid serial number on the controllers for a given device
Selected Answer: AE
Question #: 48
Topic #: 1
Which protocol is used for the vManage to connect to the vSmart Controller hosted in Cloud?
A. PnP Server
B. ZTP
C. HTTP
D. NETCONF
Selected Answer: D
Question #: 49
Topic #: 1
Which third-party Enterprise CA server must be used for a cloud-based vSmart controller?
A. RootCert
B. VeriSign
C. Microsoft
D. RADIUS
Selected Answer: A
Question #: 50
Topic #: 1
Which set of elements are verified by the controller to confirm the identity of edge devices?
A. certificates, organization name, and serial number of the device
B. organization name, serial number, and system IP of the device
C. certificates, organization name, and vBond domain
D. certificates, system IP, and vBond domain
Selected Answer: A
