300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) Part 3
Question #: 101
Topic #: 1
Refer to the exhibit. The network administrator has configured a centralized topology policy that results in the displayed routing table at a branch office. Which two configurations are verified by the output? (Choose two.)
A. The default route is configured locally.
B. This routing table is from a cEdge router.
C. The configured policy is adding a route tag of 300 to learned routes.
D. The default route is learned via OMP.
E. The routing table is for the transport VPN.
Selected Answer: BD
Question #: 102
Topic #: 1
An engineer must configure a centralized policy on a site in which all HTTP traffic should use the Public Internet circuit if the loss on this circuit is below 10%, otherwise MPLS should be used. Which configuration wizard fulfills this requirement?
A. Create Applications or Groups of Interest > Configure Traffic Data > Apply Policies to Sites and VPNs.
B. Configure VPN Membership > Apply Policies to Sites and VPNs.
C. Create Applications or Groups of Interest > Configure Traffic Rules > Apply Policies to Sites and VPNs.
D. Configure Topology > Apply Policies to Sites and VPNs.
Selected Answer: C
Question #: 103
Topic #: 1
An engineer must use data prefixes to configure centralized data policies using the vManage policy configuration wizard. What is the first step to accomplish this task?
A. Configure network topology.
B. Apply policies to sites and VPNs.
C. Configure traffic rules.
D. Create groups of interest.
Selected Answer: D
Question #: 104
Topic #: 1
Refer to the exhibit. The Cisco SD-WAN network is configured with a default full-mesh topology. Islamabad HQ and Islamabad WAN Edges must be used as the hub sites. Hub sites MPLS TLOC must be preferred when forwarding FTP traffic based on a configured SLA class list. Which policy configuration does the network engineer use to call the SLA class and set the preferred color to MPLS?
A. Centralized Policy, Traffic Policy
B. Centralized Policy, Topology
C. Localized Policy, Forwarding Class
D. Localized Policy, Route Policy
Selected Answer: A
Question #: 105
Topic #: 1
Refer to the exhibit. Which command allows traffic through the IPsec tunnel configured in VPN 0?
A. service netsvc1 vpn1
B. service netsvc1 address 1.1.1.1
C. service FW address 1.1.1.1
D. service local
Selected Answer: B
Question #: 106
Topic #: 1
An engineer is configuring a data policy for IPv4 prefixes for a single WAN Edge device on a site with multiple WAN Edge devices. How is this policy added using the policy configuration wizard?
A. In vBond orchestrator, select the configure –> policies screen, select the localized policy tab, and click add policy.
B. In vManage NMS, select the configure –> policies screen, select the localized policy tab, and click add policy.
C. In vSmart controller, select the configure –> policies screen, select the localized policy tab, and click add policy.
D. In vManage NMS, select the configure –> policies screen, select the centralized policy tab, and click add policy.
Selected Answer: D
Question #: 107
Topic #: 1
In a customer retail network with multiple data centers, what does the network administrator use to create a regional hub topology?
A. app route policy on vSmart
B. data policy on vSmart
C. control policy on vSmart
D. control policy on vManage
Selected Answer: D
Question #: 108
Topic #: 1
Which scheduling method is configured by default for the eight queues in the cloud vEdge router?
A. weighted round robin
B. priority queue
C. low latency queue
D. weighted random early detection
Selected Answer: A
Question #: 109
Topic #: 1
At which layer does the application-aware firewall block applications on a WAN Edge?
A. 3
B. 5
C. 2
D. 7
Selected Answer: A
Question #: 110
Topic #: 1
What is a benefit of the application-aware firewall?
A. It blocks traffic by MTU of the packet
B. It blocks encrypted traffic
C. It blocks traffic by application
D. It blocks traffic by MAC address
Selected Answer: C
Question #: 111
Topic #: 1
Refer to the exhibit. Which QoS treatment results from this configuration after the access list acl-guest is applied inbound on the vpn1 interface?
A. A TCP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped
B. A UDP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted
C. A UDP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped
D. A TCP packet sourcing from 172.16.20.1 and destined to 172.16.10.1 is accepted
Selected Answer: C
Question #: 112
Topic #: 1
Which on-the-box security feature is supported by the Cisco ISR 4451 SD-WAN device and not on vEdge?
A. IPsec/GRE cloud proxy
B. reverse proxy
C. Enterprise Firewall with Application Awareness
D. Cloud Express service
Selected Answer: C
Question #: 113
Topic #: 1
Which two mechanisms are used to guarantee the integrity of data packets in the Cisco SD-WAN architecture data plane? (Choose two.)
A. certificates
B. transport locations
C. authentication headers
D. encapsulation security payload
E. TPM chip
Selected Answer: CD
Question #: 114
Topic #: 1
Which value is verified in the certificates to confirm the identity of the physical WAN Edge device?
A. Serial Number
B. OTP
C. System-IP
D. Chassis-ID
Selected Answer: A
Question #: 115
Topic #: 1
Which hardware component is involved in the Cisco SD-WAN authentication process for ISR platforms?
A. ZTP
B. OTPC
C. SUDI
D. TPMD
Selected Answer: C
Question #: 116
Topic #: 1
A network administrator is configuring QoS on a WAN Edge 5000 router and needs to enable it on the transport side interface. Which policy setting must be selected to accomplish this goal?
A. Cloud QoS
B. Netflow
C. Application
D. Cloud QoS Service side
Selected Answer: C
Question #: 117
Topic #: 1
What is a benefit of the application-aware firewall feature in the Cisco SD-WAN solution?
A. application visibility
B. control policy enforcement
C. application monitoring
D. application malware protection
Selected Answer: B
Question #: 118
Topic #: 1
An engineer is tasked to improve throughput for connection-oriented traffic by decreasing round-trip latency. Which configuration will achieve this goal?
A. turn off ג€Enable TCP Optimizationג€
B. turn on ג€Enhance ECMP Keyingג€
C. turn on ג€Enable TCP Optimizationג€
D. turn off ג€Enhance ECMP Keyingג€
Selected Answer: D
Question #: 119
Topic #: 1
An engineer is configuring a WAN Edge router for DIA based on matching QoS parameters. Which two actions accomplish this task? (Choose two.)
A. Apply a data policy on WAN interface
B. Configure a control policy
C. Apply a QoS map policy
D. Configure NAT on the transport interface
E. Configure a centralized data policy
Selected Answer: DE
Question #: 120
Topic #: 1
Refer to the exhibit. Which shaping-rate does the engineer use to shape traffic at 9 Mbps?
A. 9
B. 9000
C. 90000
D. 9000000
Selected Answer: B
Question #: 121
Topic #: 1
An engineer wants to change the configuration of the certificate authorization mode from manual to automated. Which GUI selection will accomplish this?
A. Maintenance > Security
B. Configuration > Certificates
C. Administration > Settings
D. Tools > Operational Commands
Selected Answer: C
Question #: 122
Topic #: 1
Which two requirements must be met for DNS inspection when integrating with Cisco Umbrella? (Choose two.)
A. Attach security policy to the device template.
B. Create and attach a System feature template with the Umbrella registration credentials.
C. Register and configure the vManage public IP and serial number in the Umbrella portal.
D. Upload the WAN Edge serial allow list to the Umbrella portal.
E. Configure the Umbrella token on the vManage.
Selected Answer: AE
Question #: 123
Topic #: 1
Which two features does the application firewall provide? (Choose two.)
A. blocks traffic by application or application-family
B. numbered sequences of match-action pairs
C. classification of 1000+ layer 4 applications
D. application match parameters
E. classification of 1400+ layer 7 applications
Selected Answer: AE
Question #: 124
Topic #: 1
The network administrator is configuring a QoS scheduling policy on traffic received from transport side tunnels on WAN Edge 5000 routers at location:405608122. Which command must be configured on these devices?
A. mls qos
B. cloud-qos
C. service qos
D. cloud-mls qos
Selected Answer: C
Question #: 125
Topic #: 1
Refer to the exhibit. A network administrator is setting the queueing value for voice traffic for one of the WAN Edge routers using vManager GUI. Which queue value must be set to accomplish this task?
A. 0
B. 1
C. 2
D. 3
Selected Answer: A
Question #: 126
Topic #: 1
An engineer configures policing with a rate of 125 Bps and a burst rate of 8000 bits, as shown here:
Which configuration completes this task?
A. Configure 125 for rate and 1000 for burst.
B. Configure 125 for rate and 8000 for burst.
C. Configure 1000 for rate and 1000 for burst.
D. Configure 1000 for rate and 64000 for burst.
Selected Answer: C
Question #: 127
Topic #: 1
A Cisco SD-WAN customer has a requirement to calculate the SHA value for files as they pass through the device to see the returned disposition and determine if the file is good, unknown, or malicious. The customer also wants to perform real-time traffic analysis and generate alerts when threats are detected. Which two
Cisco SD-WAN solutions meet the requirements? (Choose two.)
A. Cisco Threat Grid
B. Cisco Trust Anchor Module
C. Cisco AMP
D. Cisco Secure Endpoint
E. Cisco Snort IPS
Selected Answer: AD
Question #: 128
Topic #: 1
Which two criteria are supported to filter traffic on a Cisco Umbrella Cloud-delivered firewall? (Choose two.)
A. geolocation
B. site ID
C. URL
D. protocol
E. tunnels
Selected Answer: DE
Question #: 129
Topic #: 1
Which command disables the logging of syslog messages to the local disk?
A. no system logging disk local
B. system logging server remote
C. no system logging disk enable
D. system logging disk disable
Selected Answer: C
Question #: 130
Topic #: 1
Which combination of platforms is managed by vManage?
A. ISR4351, ASR1002HX, vEdge2000, vEdge Cloud
B. ISR4321, ASR1001, Nexus, ENCS
C. ISR4321, ASR1001, ENCS, ISRv
D. ISR4351, ASR1009, vEdge2000, CSR1000v
Selected Answer: A
Question #: 131
Topic #: 1
Which alarm setting is configured to monitor serious events that affect, but do not shut down, the operation of a network function?
A. Critical
B. Medium
C. Major
D. Minor
Selected Answer: C
Question #: 132
Topic #: 1
Which pathway under Monitor > Network > Select Device is used to verify service insertion configuration?
A. System Status
B. Troubleshooting
C. Real Time
D. Events
Selected Answer: C
Question #: 133
Topic #: 1
Which API call retrieves a list of all devices in the network?
A. https://vmanage_IP_address/dataservice/system/device/{{model}}
B. http://vmanage_IP_address/dataservice/system/device/{{model}}
C. http://vmanage_IP_address/api-call/system/device/{{model}}
D. https://vmanage_IP_address/api-call/system/device/{{model}}
Selected Answer: A
Question #: 134
Topic #: 1
When software is upgraded on a vManage NMS, which two image-adding options store images in a local vManage software repository? (Choose two.)
A. To be downloaded over an ICMP connection
B. To be downloaded over a SNMP connection
C. To be downloaded over a control plane connection
D. To be downloaded over an out-of-band connection
E. To be downloaded over a SMTP connection
Selected Answer: CD
Question #: 135
Topic #: 1
Which logs verify when a device was upgraded?
A. ACL
B. Email
C. SNMP
D. Audit
Selected Answer: D
Question #: 136
Topic #: 1
Which protocol is used to measure loss, latency, jitter, and liveliness of the tunnel between WAN Edge router peers?
A. OMP
B. NetFlow
C. BFD
D. IP SLA
Selected Answer: C
Question #: 137
Topic #: 1
Which pathway under Monitor > Network > Select Device is used to verify service insertion configuration?
A. System Status
B. ACL Logs
C. Real Time
D. Events
Selected Answer: A
Question #: 138
Topic #: 1
Which two algorithms authenticate a user when configuring SNMPv3 monitoring on a WAN Edge router? (Choose two.)
A. AES-256
B. MD5
C. SHA-2
D. AES-128
E. SHA-1
Selected Answer: BE
Question #: 139
Topic #: 1
Refer to the exhibit. A network administrator is configuring OMP in vManage to advertise all the paths for the same prefix from a site that has two WAN Edge devices. Each WAN Edge device is connected to three ISPs and two private MPLS transports. What is the minimum value for `Number of Paths advertised per
Prefix` that should be configured?
A. 2
B. 3
C. 5
D. 10
Selected Answer: D
Question #: 140
Topic #: 1
In Cisco SD-WAN, which protocol is used for control connections between Cisco SD-WAN devices?
A. BGP
B. DTLS
C. OSPF
D. OMP
Selected Answer: B
Question #: 141
Topic #: 1
Which two products that perform lifecycle management for virtual instances are supported by WAN Edge cloud routers? (Choose two.)
A. AWS
B. Azure
C. VMware vCenter
D. OpenStack
E. IBM Cloud
Selected Answer: CD
Question #: 142
Topic #: 1
Which secure connection should be used to access the REST APIs through the Cisco vManage web server?
A. authenticated DTLS
B. authenticated HTTPS
C. JSON Inspector interface
D. HTTP inspector interface
Selected Answer: B
Question #: 143
Topic #: 1
DRAG DROP –
Drag and drop the steps from the left into the order on the right to upload software on vManage repository that is accessible from Maintenance > Software
Repository.
Select and Place:
Suggestion Answer:
Question #: 144
Topic #: 1
A network administrator is configuring an application-aware firewall between inside zones to an outside zone on a WAN Edge router using vManage GUI. Which kind of inspection is performed when the `inspect` action is used?
A. Layer 7 inspection for TCP and Layer 4 inspection for UDP
B. stateful inspection for TCP and stateless inspection of UDP
C. IPS inspection for TCP and Layer 4 inspection for UDP
D. stateful inspection for TCP and UDP
Selected Answer: A
Question #: 145
Topic #: 1
What is a description of vManage NMS?
A. A cluster consists of a minimum of two vManage NMSs.
B. It is a software process on a dedicated WAN Edge router in the network.
C. A cluster requires device templates to be created on an attached to the same server.
D. It is accessible only from VPN 512 (the management VPN).
Selected Answer: C
Question #: 146
Topic #: 1
A network administrator is creating an OMP feature template from the vManage GUI to be applied to WAN Edge routers. Which configuration attribute will avoid the redistribution of the routes back into the OMP from the LAN side?
A. configure ג€ECMP limitג€
B. configure ג€Send Backup Pathsג€
C. configure ג€Number of Paths Advertised per Prefixג€
D. configure ג€Overlay AS Numberג€
Selected Answer: D
Question #: 147
Topic #: 1
Where on vManage does an engineer find the details of control node failure?
A. Alarms
B. Events
C. Audit log
D. Network
Selected Answer: A
Question #: 148
Topic #: 1
DRAG DROP –
Drag and drop the REST API calls from the left onto the functions on the right.
Select and Place:
Suggestion Answer:
Question #: 149
Topic #: 1
A customer must upgrade the Cisco SD-WAN devices and controllers from version 19.2 to version 20.3. The devices include WAN Edge Cloud, vManage, vSmart, and vBond. Which types of image files are needed for this upgrade?
A. one file for vManage and one file for all other devices with extension .bin
B. one file for vManage, one for vSmart, and one for vBond + WAN Edge Cloud with extension .bin
C. one file for vManage and one file for all other devices with extension tar.gz
D. one file for vManage, one for vSmart, and one for vBond + WAN Edge Cloud with extension tar.gz
Selected Answer: C
Question #: 150
Topic #: 1
An engineer wants to automate the onboarding process for a WAN Edge router with vManage. Which command will accomplish this?
A. request vedge-cloud activate chassis-number serial
B. request vedge-cloud activate chassis-number token
C. request vedge-cloud activate serial token
D. request vedge-cloud activate chassis-number organization
Selected Answer: B