BD2G

Question 1

In an organization that uses the Co-Termination licensing model, which two operations enable licenses to be applied?
(Choose two.)
A. Renew the Dashboard license.
B. License a network.
C. License more devices.
D. Call Meraki support.
E. Wait for the devices to auto-renew.

Answer 1

Answer: AC

Question 2

Which two Systems Manager Live tools are available only for Apple Macs and Windows PCs and cannot be used on
iOS or Android mobile devices? (Choose two.)
A. OS updates
B. Send notification
C. Selective wipe
D. Screenshot
E. Remote Desktop

Answer 2

Answer: CE

Question 3

What happens when an additional seven APs are claimed on this network without adding licenses?
A. All APs immediately stop functioning.
B. All network devices stop functioning in 30 days.
C. One AP Immediately stops functioning.
D. All APs stop functioning in 30 days.

Answer 3

Answer: B

Question 4

Refer to the exhibit. What does the MX Security Appliance send to determine whether VPN traffic exceeds the
configured latency threshold in the VoIP custom performance class?

A. 1000-byte TCP probes every second, through VPN tunnels that are established over the primary
WAN link.
B. 100-byte UDP probes every second, through VPN tunnels that are established over every WAN
link.
C. 100-byte UDP probes every second, through VPN tunnels that are established over the primary
WAN link.
D. 1000-byte TCP probes every second, through VPN tunnels that are established over every WAN
link.

Answer 4

Answer: D

Question 5

What is the role of the Meraki Dashboard as the service provider when using SAML for single sign-on to the
Dashboard?
A. The Dashboard generates the SAML request.
B. The Dashboard provides user access credentials.
C. The Dashboard parses the SAML request and authenticates users.
D. The Dashboard generates the SAML response.

Answer 5

Answer: A

Question 6

Refer to the exhibit. What are two outcomes reflected in the Web App Health application? (Choose two.)

A. Users on both networks may be experiencing issues when attempting to reach Google.
B. Network #1 could not load Google because of a remote server issue.
C. Network #2 had better application performance than Network #1.
D. Network #2 could not load Google because of a local client misconfiguration.
E. Neither network recorded any server-side performance issues.

Answer 6

Answer: BE

Question 7

What are two organization permission types? (Choose two.)
A. Full
B. Read-only
C. Monitor-only
D. Write
E. Write-only

Answer 7

Answer: AB

Question 8

Refer to the exhibit. Which design recommendation should be considered?
A. A 25-percent throughput loss occurs for every hop. Cisco Meraki best practice recommends a 1-
hop maximum.
B. A 25-percent throughput loss occurs for every hop. Cisco Meraki best practice recommends a 2-
hop maximum.
C. A 50-percent throughput loss occurs for every hop. Cisco Meraki best practice recommends a 1-
hop maximum.
D. A 50-percent throughput loss occurs for every hop. Cisco Meraki best practice recommends a 2-
hop maximum.

Answer 8

Answer: A

Question 9

What are two roles of the network and device tags in a Dashboard? (Choose two.)
A. Tags enable administrators to configure a combination of network and device specific tags to
create summary reports filtered for specific devices across multiple networks.
B. Network tags can be used to assign networks to separate Auto VPN domains in an Organization
with many networks.
C. Network tags can be used to simplify the assignment of network-level permissions in an
Organization with many networks.
D. Device tags can be used to simplify the assignment of device-level permissions in an
Organization with many administrators.
E. Device tags can be assigned to MR APs to influence the gateway selection for repeaters in a
mesh wireless network.

Answer 9

Answer: AE

Question 10

Refer to the exhibit. Which outcome occurs when logging is set to Enabled?

A. Outbound flows are sent to a configured syslog server if a syslog sender is configured for flows.
B. The hits counter within this section is now enabled.
C. This firewall rule is now enabled.
D. Inbound flows are sent to a configured syslog server if a syslog server configured for flows.

Answer 10

Answer: D

Question 11

Refer to the exhibit. What is the minimal Cisco Meraki Insight licensing requirement?

A. A single Meraki Insight license must be configured on network A to gain Web App Health visibility
on network B.
B. A single Meraki Insight license must be configured on network B to gain Web App Health visibility
on network B.
C. A single Meraki Insight license must be configured on network A, and a single license must be
configured on network B, to gain Web App Health visibility on network B.
D. Two Meraki Insight licenses must be configured on network A to gain Web App Health visibility on
network B.
E. Two Meraki Insight licenses must be configured on network A and a single license must be
configured on network B, to gain Web App Health visibility on network B.

Answer 11

Answer: E

Question 12

Air Marshal has contained a malicious SSID.
What are two effects on connectivity? (Choose two.)
A. Currently associated clients stay connected.
B. New clients can connect.
C. Currently associated clients are affected by restrictive traffic shaping rules.
D. New clients cannot connect.
E. Currently associated clients are disconnected.

Answer 12

Answer: DE

Question 13

What is the best practice Systems Manager enrollment method when deploying corporate-owned iOS devices?
A. manual
B. Apple Configurator
C. Sentry enrollment
D. DEP

Answer 13

Answer: D

** Corrected **

Question 14

A customer requires a hub-and-spoke Auto VPN deployment with two NAT-mode hubs with dual uplink connections
and 50 remote sites with a single uplink connection.
How many tunnels does each hub need to support?
A. 52
B. 54
C. 100
D. 104

Answer 14

Answer: C

Question 15

Which order is accurate for a firmware upgrade on MX appliances in a high-availability configuration?
A. starts on the secondary MX appliance and then occurs on the primary MX appliance
B. starts on both MX appliances at the same time and then reboots both appliances after traffic on
the primary MX appliance ceases
C. starts on both MX appliances at the same time and then immediately reboots both appliances
D. starts on the primary MX appliance and then occurs on the secondary MX appliance

Answer 15

Answer: D

Confirmed

Question 16

How is high-availability supported for Cisco Meraki devices?
A. Only the MX Security Appliances that use VRRP support high availability.
B. An active/active high-availability pair is recommended for MX Security Appliances.
C. The MX Security Appliances and MS Series Switches that use VRRP support an active/passive
high-availability pair.
D. The MX Security Appliances and MS Series Switches that use HSRP support an active/passive
high-availability pair.

Answer 16

Answer: A

Question 17

Which three verbs of request are available in the Cisco Meraki API? (Choose three.)
A. SET
B. PUT
C. PATCH
D. ADD
E. POST
F. GET

Answer 17

Answer: BEF

Question 18

A customer wants to use Microsoft Azure to host corporate application servers.
Which feature does the customer get by using a vMX appliance rather than connecting directly to Azure by VPN?
A. malware protection
B. SD-WAN
C. next-generation firewall
D. intrusion prevention

Answer 18

Answer: C

Question 19

Refer to the exhibit. What is an advantage of implementing inter-VLAN routing on an MX Security Appliance rather than
performing inter-VLAN routing on an MS Series Switch?

A. The MX appliance performs IDS/IPS for inter-VLAN traffic.
B. The MX appliance performs AMP for inter-VLAN traffic.
C. The MX appliance performs data encryption for inter-VLAN traffic.
D. The MX appliance performs content filtering for inter-VLAN traffic.

Answer 19

Answer: C

** Need to check **

Question 20

Which API endpoint clones a new Organization?
A. POST /organizations/clone/{organizationId}
B. PUT /organizations/{organizationId}/clone
C. POST /organizations/{organizationId}/new
D. POST /organizations/{organizationId}/clone

Answer 20

Answer: C

Question 21

What happens to an unsupervised iOS device when the “Meraki management” profile is removed?
A. The “Meraki management” profile is removed. All configuration profiles that Systems Manager
pushed remain.
B. The “Meraki management” profile is removed. All configuration profiles that Systems Manager
pushed are also removed.
C. The “Meraki management” profile is removed and then pushed automatically by Systems
Manager.
D. The “Meraki management” profile cannot be removed.

Answer 21

Answer: B

Question 22

Which requirement is needed to implement Fast Lane on Cisco Meraki APs?
A. wireless profile installed on an Apple iOS device
B. wireless profile installed on a Cisco iOS access point
C. adaptive 802.11r disabled
D. traffic shaping rule tagging traffic with a DSCP value of 46 to Apple.com

Answer 22

Answer: A

Question 23

Which type of authentication protocol is used when using OSPF on an MX appliance?
A. MD5
B. certificate
C. plaintext
D. SHA-1

Answer 23

Answer: A

Question 24

When wireless SSIDs are configured in Dashboard, which setting on the Access Control page affects the ability of a 2.4
GHz only client device from associating to the WLAN for the first time?

A. Content filtering
B. Bridge mode
C. 802.11r
D. Dual band operating with Band Steering

Answer 24

Answer: D

Question 25

Which two actions can extend the video retention of a Cisco Meraki MV Smart Camera? (Choose two.)
A. enabling audio compression
B. installing an SSD memory extension
C. enabling motion-based retention
D. enabling maximum retention limit
E. configuring a recording schedule

Answer 25

Answer: CE

Question 26

How does a Meraki device behave if cloud connectivity is temporarily lost?
A. The offline device continues to run with its last known configuration until cloud connectivity is
restored.
B. The offline device reboots every 5 minutes until connection is restored.
C. The offline device stops passing traffic.
D. The offline device tries to form a connection with a local backup sever.

Answer 26

Answer: A

** Corrected **

Question 27

Where should a network admin navigate to investigate wireless mesh information between Meraki APs?
A. Wireless > Monitor > Access Points > AP > RF
B. Wireless > Configure > Radio Settings
C. Wireless > Monitor > Wireless Health
D. Wireless > Monitor > RF Spectrum

Answer 27

Answer: A

Question 28

Refer to the exhibit (meraki-scanning). During a Meraki AP deployment, the default SSID that the exhibit shows is broadcast.
What causes this behavior?
A. An AP does not have a wired connection to the network.
B. An AP cannot connect to the default gateway.
C. An AP has never connected to the Meraki Cloud Controller.
D. An AP has Site Survey mode enabled.

Answer 28

Answer: C

Question 29

A Cisco Meraki MV camera is monitoring an office and its field of vision currently captures work desks and employee
computer screens. However, recording employee computer screens is prohibited by local regulation.
Which feature in Dashboard can be used to preserve the current position of the camera while also meeting regulation
requirements?
A. zone exclusion
B. privacy window
C. area or interest
D. sensor crop
E. restricted mode

Answer 29

Answer: B

** Corrected **

Question 30

Which Cisco Meraki product must be deployed in addition to Systems Manager so that Systems Manager Sentry
enrollment can be used?
A. MS Switch
B. Meraki Insight
C. MR Access Point
D. MV Smart Camera

Answer 30

Answer: C

Question 31

Which information do the MXs in a High Availability pair share?
A. spanning-tree state
B. time synchronization state
C. DHCP association database
D. stateful firewall database

Answer 31

Answer: C

** Corrected **

Question 32

Which VLAN is used to source pings across the site-to-site VPN when using the MX Live tools?
A. highest VLAN ID that is configured and set to NO to use VPN
B. lowest VLAN ID that is configured and set to YES to use VPN
C. highest VLAN ID that is configured and set to YES to use VPN
D. lowest VLAN ID configured and set to NO to use VPN

Answer 32

Answer: C

Question 33

A new application needs to be pushed to all iOS devices. Some devices report “NotNow” in the event log and do not
install the application.
What does the “NotNow” event indicate?
A. The application requires the most recent iOS version.
B. The device is locked with a passcode.
C. The device cannot connect to Apple servers.
D. The device cannot connect to Cisco Meraki servers.

Answer 33

Answer: B

Question 34

Which information is used to calculate whether a WAN link has high usage?
A. data under Security & SD WAN > Appliance Status > Uplink > Live Data
B. total historical throughput of an uplink
C. total number of devices that are actively passing traffic
D. value under Security & SD WAN > SD WAN & Traffic Shaping > Uplink Configuration

Answer 34

Answer: D

Question 35

Which configuration step is necessary when automatic updating is required of iOS apps provisioned through Systems
Manager that are found in the App Store?
A. No configuration step is necessary; automatic updating is the default behavior.
B. Configure automatic updating of iOS devices in the Meraki installed profile.
C. Create a security policy that enables automatic updates.
D. Create a profile with automatic update enabled and apply it to iOS devices.

Answer 35

Answer: C

Question 36

Of which two solutions is a Cisco Meraki device a component? (Choose two.)
A. cloud-managed
B. on premises
C. hybrid
D. Cisco Catalyst
E. Cisco Prime Infrastructure

Answer 36

Answer: AC

Question 37

When an SSID is configured with Sign-On Splash page enabled, which two settings must be configured for
unauthenticated clients to have full network access and not be allow listed? (Choose two.)
A. Controller disconnection behavior
B. Captive Portal strength
C. Simultaneous logins
D. Firewall & traffic shaping
E. RADIUS for splash page settings

Answer 37

Answer: AB

Question 38

Refer to the exhibit. Assuming this MX has established a full tunnel with its VPN peer, how will the MX route the WebEx
traffic?

A. WebEx traffic will prefer WAN 2 as long as it meets the thresholds in the “Conf” performance
class.
B. WebEx traffic will prefer WAN 1 as it is the primary uplink.
C. WebEx traffic will prefer WAN 2 as long as it is up.
D. WebEx traffic will be load-balanced between both active WAN links.

Answer 38

Answer: B

Question 39

For which two reasons can an organization become “Out of License”? (Choose two.)
A. licenses that are in the wrong network
B. more hardware devices than device licenses
C. expired device license
D. licenses that do not match the serial numbers in the organization
E. MR licenses that do not match the MR models in the organization

Answer 39

Answer: BC

Question 40

Refer to the exhibit. Which two actions are required to optimize load balancing asymmetrically with a 4:1 ratio between
links? (Choose two.)

A. Change the primary uplink to “none”.
B. Add an internet traffic preference that defines the load-balancing ratio as 4:1.
C. Enable load balancing.
D. Set the speed of the cellular uplink to zero.
E. Change the assigned speeds of WAN 1 and WAN 2 so that the ratio is 4:1.

Answer 40

Answer: BC

Question 41

How is an organization defined within the context of the Cisco Meraki dashboard?
A. It serves as the boundary of the administrative domain of the account including license, inventory,
and user management.
B. It is defined by the network construct of the user and categorized as either SME (small medium
enterprise), campus, or a distributed enterprise
C. It contains Cisco Meraki devices, their configurations, statistics, and any client device information.
D. It consists of multiple service

Answer 41

Answer: A

Question 42

What are two ways peers interact with ports that Auto VPN uses? (Choose two.)
A. For IPsec tunneling, peers use high UDP ports within the 32768 to 61000 range.
B. Peers contact the VPN registry at UDP port 9350.
C. For IPsec tunneling, peers use high TCP ports within the 32768 to 61000 range.
D. Peers contact the VPN registry at TCP port 9350.
E. For IPsec tunneling, peers use UDP ports 500 and 4500.

Answer 42

Answer: BC

** Need to Research **

Question 43

What occurs when a configuration change is made to an MX network that is bound to a configuration template?
A. The configuration change in the bound network is combined with the template configuration inside
the template.
B. The more restrictive configuration is preferred.
C. The configuration change in the bound network overrides the template configuration.
D. The template configuration overrides the configuration change in the bound network.

Answer 43

Answer: A

Question 44

One thousand concurrent users stream video to their laptops. A 30/70 split between 2.4 GHz and 5 GHz is used.
Based on client count, how many APs (rounded to the nearest whole number) are needed?
A. 26
B. 28
C. 30
D. 32

Answer 44

Answer: C

Question 45

Refer to the exhibit . For an AP that displays this alert, which network access control method must be in use?

A. preshared key
B. WPA2-enterprise with my RADIUS server
C. splash page with my RADIUS server
D. MAC-based access control with RADIUS server

Answer 45

Answer: A

Question 46

Which Meraki Dashboard menu section is accessed to enable Sentry enrollment on an SSID?
A. Wireless > Configure > Access Control
B. Wireless > Configure > Splash page
C. Wireless > Configure > Firewall & Traffic Shaping
D. Wireless > Configure > SSIDs

Answer 46

Answer: A

Question 47

Company iPads are enrolled in Systems Manager without supervision, and profiles are pushed through Systems
Manager.
Which outcome occurs when a user attempts to remove the “Meraki Management” profile on an iPad?
A. The “Meraki Management” profile cannot be removed.
B. The “Meraki Management” profile is removed and then pushed automatically by Systems
Manager.
C. The “Meraki Management” profile is removed. All the profiles that Systems Manager pushed are
also removed.
D. The “Meraki Management” profile is removed. All the profiles Systems Manager pushed remain.

Answer 47

Answer: C

Question 48

Refer to the exhibit. Which IDS/IPS mode is the MX Security Appliance configured for?

A. quarantine
B. prevention
C. detection
D. blocking

Answer 48

Answer: B

Question 49

Which two primary metrics does Meraki Insight use to calculate the Application Performance Score? (Choose two.)
A. Maximum Jitter
B. Total Bandwidth Usage
C. Maximum Latency
D. Per-flow Goodput
E. Application Response Time

Answer 49

Answer: DE

Question 50

What is a feature of distributed Layer 3 roaming?
A. An MX Security Appliance is not required as a concentrator.
B. An MX Security Appliance is required as a concentrator.
C. All wireless client traffic can be split-tunneled.
D. All wireless client traffic is tunneled.

Answer 50

Answer: A