Chapter 11 - SD-WAN Design Flashcards

1
Q

Which device is the brains in SD-WAN?

  1. vEdge
  2. vSmart
  3. vBond
  4. vManage
A

B. vSmart is the brains of the SD-WAN architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the function of vBond?

  1. To bond vEdge devices to each other
  2. To establish OMP connectivity
  3. To establish control channels with vSmart controllers
  4. To perform initial authentication of vEdge devices
A

D. vBond performs the initial authentication of vEdge devices and orchestrates vSmart and vEdge connectivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You configure a new vEdge manually with IP address, gateway, and vBond IP address. What method of onboarding are you using?

  1. Bootstrapping
  2. Manual configuration
  3. ZTP
  4. PnP
A

B. With manual configuration, a site network administrator manually configures minimal information that allows a vEdge device to connect with the vBond orchestrator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are three types of OMP routes?

  1. Static, dynamic, and redundant
  2. Static, OSPF, and BGP
  3. Prefix routes, TLOC routes, and service routes
  4. ZTP, DTLS, and OMP
A

OMP advertises prefix, TLOC, and service routes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Two vEdge routers are used at a branch site. If Layer 2 redundancy is implemented on the LAN, which of the following will take care of failover?

  1. BGP
  2. OSPF
  3. Static
  4. VRRP
A

D. VRRP is used for Layer 2 redundancy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following gathers information about latency, jitter, and packet loss?

  1. SNMP
  2. BFD
  3. IPFIX
  4. Probes
A

B. The BFD probes provide information about latency, jitter, and loss on all the transport links.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following increases availability and scalability in the control plane?

  1. Creating a vManage cluster
  2. Adding vSmart controllers
  3. Adding vEdge devices at the branch
  4. Adding vBond orchestrators
A

B. In the control plane, add a vSmart controller to increase capacity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which multicast protocol is supported by Cisco SD-WAN?

  1. MSDP
  2. SSM
  3. PIM-SM
  4. BIDIR-PIM
A

C. Cisco SD-WAN supports only PIM-SM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the function of vSmart?

  1. Provides routing and enforces policies
  2. Bonds vEdge devices to each other
  3. Establishes control channel to controllers
  4. Performs initial authentication of vEdge devices
A

A. vSmart controllers provide routing, enforce data plane policies, and enforce segmentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which plane is responsible for central configuration? configuration?

  1. Orchestration
  2. Management
  3. Control
  4. Data
A

B. The management plane (vManage) is responsible for central configuration and monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In Cisco SD-WAN overlay networks, multicast streams are sent to what device?

  1. RP
  2. Replicator
  3. PIM-SM
  4. vSmart controller
A

B. The multicast stream is sent to the replicator in the SD-WAN network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which plane is responsible for maintaining the network topology?

  1. Orchestration
  2. Management
  3. Control
  4. Data
A

C. The control plane builds and maintains the network topology and makes decisions on where traffic flows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which component provides end-to-end visibility of applications with real-time information of application scores?

  1. vSmart
  2. vManage
  3. vEdge
  4. vAnalytics
A

D. vAnalytics, a component of vManage, provides end-to-end visibility of applications with real-time information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In SD-WAN, what are gold, blue, bronze, green ?

  1. vSmart rainbow colors
  2. Private colors
  3. Public colors
  4. VPN colors
A

C. Predefined public colors include 3g, biz, internet, blue, bronze, custom1, custom2, custom3, default, gold, green, lte, public-internet, red, and silver.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or false: A vEdge device uses a native underlay IP address when using a private color.

A

True.

When using a private color, the vEdge device is using a native private underlay IP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In SD-WAN, what are mpls, metro-ethernet, and private1?

  1. vSmart rainbow colors
  2. Private colors
  3. Public colors
  4. VPN colors
A

B. Private colors include metro-ethernet, mpls, private1, private2, private3, private4, private5, and private6.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which route type contains firewall and VPN labels?

  1. OMP routes
  2. TLOC routes
  3. Service routes
  4. BGP routes
A

C. Service routes contain routes for services such as firewall, intrusion prevention, application optimization, and VPN labels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which route type contains static and OSPF routes?

  1. OMP routes
  2. TLOC routes
  3. Service routes
  4. BGP routes
A

A. OMP routes include prefixes learned at the local site, including static, OSPF, and BGP routes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Attributes such as transport location identifier, origin, preference, and site ID are part of which type of routes?

  1. OMP routes
  2. TLOC routes
  3. Service routes
  4. BGP routes
A

A. Transport location identifier, origin, preference, and site ID are attributes of OMP routes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Attributes such as TLOC private address, carrier, encapsulation type, and weight are part of which type of routes?

  1. OMP routes
  2. TLOC routes
  3. Service routes
  4. BGP routes
A

B. TLOC private address, carrier, encapsulation type, and weight attributes are part of TLOC routes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following are requirements for ZTP? (Choose two.)

  1. PnP Connect portal linked to CCW
  2. Provisioning file uploaded to vManage
  3. Configuration of the IP address, gateway IP address, and vBond IP address
  4. Configuration of the organization name, system IP address, and site ID
A
  1. A and B.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. Which of the following are requirements for manual configuration? (Choose two.)
  2. PnP Connect portal linked to CCW
  3. Provisioning file uploaded to vManage
  4. Configuration of the IP address, gateway IP address, and vBond IP address
  5. Configuration of the organization name, system IP address, and site ID
A

C and D.

23
Q

What security model is used in the control plane?

  1. RBAC
  2. Hierarchical model
  3. Segmentation
  4. Zero Trust
A

D. The control plane uses the Zero Trust model.

24
Q

What security feature is used in the management plane?

  1. RBAC
  2. Hierarchical model
  3. Segmentation
  4. Zero Trust
A

A. The management plane uses role-based access control.

25
Q

What is not a predefined vManage user group?

  1. Basic
  2. Operator
  3. SuperUser
  4. Netadmin
A

C. vManage predefined user groups are basic, operator, and netadmin.

26
Q

What are the hashing algorithm and preferred encryption with TLS/DTLS for SD-WAN? (Choose two.)

  1. SHA256
  2. SHA512
  3. AES-256-GCM
  4. CBC
A

A and C. SHA256 and AES-256-GCM are used.

27
Q

Which of the following deploys vManage, vSmart, and vBond in a service provider’s cloud infrastructure?

  1. On-premises deployment
  2. Managed SP deployment
  3. Cisco cloud deployment
  4. Hybrid deployment
A

B.

28
Q

Which of the following scales the orchestration, management, and control planes?

  1. Hierarchical network
  2. Data center
  3. Horizontal solution scaling
  4. vManage cluster
A

C. To increase the availability and redundancy of the orchestration, management, and control planes, you can implement horizontal solution scaling.

29
Q

A site has two vEdge routers. Which of the following provides site redundancy for a Layer 2 LAN?

  1. OSPF
  2. VRRP
  3. Multiple vSmart controllers
  4. vManage cluster
A

B. For Layer 2 LANs, failure of VRRP on one of the vEdge routers causes failover to the second vEdge router.

30
Q

A site has two vEdge routers. Which of the following provides site redundancy for a Layer 3 LAN?

  1. OSPF
  2. VRRP
  3. Multiple vSmart controllers
  4. vManage cluster
A

A. For Layer 3 LANs, failure of OSPF on one of the vEdge routers causes failover to the second vEdge router.

31
Q

How are VPNs identified in SD-WAN?

  1. Color
  2. Number
  3. Name
  4. Interface
A

B. Each VPN is assigned a value from 0 to 65,530.

32
Q

Which VPN is identified as VPN 512?

  1. System
  2. DTLS/TLS
  3. Management
  4. OMP
A

C. VPN 512 is the management VPN.

33
Q

How are headers appended to an original packet in SD-WAN?

  1. IP-UDP-VPN-ESP-Packet
  2. IP-UDP-ESP-VPN-Packet
  3. VPN-IP-ESP-UDP-Packet
  4. ESP-VPN-IP-UDP-Packet
A

B. Headers are appended as follows: IP-UDP-ESP-VPN-Packet.

34
Q

Which VPN topology connects all sites to each other?

  1. Point-to-point
  2. Hub-and-spoke
  3. Partial-mesh
  4. Full-mesh
A

D.

35
Q

Which VPN topology connects remote sites to a single site?

  1. Point-to-point
  2. Hub-and-spoke
  3. Partial-mesh
  4. Full-mesh
A

B.

36
Q
  1. Which VPN topology connects one site to another single site?
  2. Point-to-point
  3. Hub-and-spoke
  4. Partial-mesh
  5. Full-mesh
A

A.

37
Q

Which VPN topology connects most sites directly to all other sites?

  1. Point-to-point
  2. Hub-and-spoke
  3. Partial-mesh
  4. Full-mesh
A

C.

38
Q

What technology gathers information about latency, jitter, and packet loss to measure performance of transport links in SD-WAN?

  1. SNMP
  2. BFD
  3. IPFIX
  4. Probes
A

B. BFD probes provide information about latency, jitter, and loss on all the transport links, enabling the determination of best paths.

39
Q

The use of ACLs and QoS at a site is an example of which policy type?

  1. Centralized control policy
  2. Centralized data policy
  3. Localized data policy
  4. Localized control policy
A

C. Localized data policies allow you to configure how data traffic is handled at a specific site, such as through ACLs, QoS, mirroring, and policing.

40
Q

The use of service chaining and traffic engineering for a site is an example of which policy type?

  1. Centralized control policy
  2. Centralized data policy
  3. Localized data policy
  4. Localized control policy
A

B. Centralized data policies can be used in configuring application firewalls, service chaining, traffic engineering, and QoS.

41
Q

The customization of routing decisions is an example of which policy type?

  1. Centralized control policy
  2. Centralized data Policy
  3. Localized data policy
  4. Localized control policy
A

A. Centralized control policies operate on the routing and TLOC information and allow for customization of routing decisions and determination of routing paths through the overlay network.

42
Q

Which solution selects the optimal path based on real-time performance for different traffic types?

  1. BGP
  2. AAR
  3. OSFP
  4. LLQ
A

B. Application-aware routing selects the optimal optimal path based on real-time path performance characteristics for different traffic types.

43
Q

Which queuing technique is used in vEdge interface queue 2?

  1. WFQ
  2. LLQ
  3. WRR
  4. Tail drop
A

C. Queues 1 through 7 use Weighted Round Robin (WRR) for scheduling.

44
Q

Which queuing technique is used in vEdge interface queue 0?

  1. WFQ
  2. LLQ
  3. WRR
  4. Tail drop
A

B. Queue 0 uses LLQ.

45
Q

Which congestion-avoidance algorithm is used in queue 0?

  1. WFQ
  2. LLQ
  3. WRR
  4. Tail drop
A

D. Tail drop is the congestion-avoidance algorithm used in queue 0.

46
Q

By default, how are control and BFD traffic marked in SD-WAN?

  1. DSCP 48
  2. DSCP 46
  3. DSCP 30
  4. DSCP 34
A

A. Control and BFD traffic is marked as DSCP 48 decimal (CS6).

47
Q

How is multicast traffic routed in an SD-WAN overlay network?

  1. Via the RP
  2. Via the MPLS RP
  3. Via IGMPv2
  4. Via the replicator
A

D. The vEdge replicator forwards streams to multicast receivers in the SD-WAN network.

48
Q

Which of the following are benefits of DIA? (Choose two.)

  1. Reduced bandwidth and costs on the private WAN circuit
  2. Prioritized overlay traffic to the headend
  3. Improved user branch experience
  4. Linking of the underlay to the overlay
A

A and C. Direct Internet Access (DIA) reduces bandwidth, latency, and cost on WAN links and improves branch office user experience.

49
Q

This plane assists in the automatic onboarding of SD-WAN routers into the SD-WAN overlay.

A

Orchestration plane

50
Q

This plane is responsible for central configuration and monitoring.

A

Management plane

51
Q

This plane builds and maintains the network topology and makes decisions on where traffic flows.

A

Control plane

52
Q

This plane is responsible for forwarding packets based on decisions from the control plane.

A

Data plane

53
Q

What is vManage?

A

The vManage component resides in the management plane.

vManage is the centralized network management system (NMS) that provides a GUI interface to monitor, configure, and maintain all Cisco SD-WAN devices and links in the underlay and overlay networks. vManage supports web console, REST API, CLI, syslog, SNMP, and NETCONF.

54
Q

OMP advertises three types of routes. What are they?

A

OMP routes: OMP advertises prefixes learned at the local site, including static, OSPF, or BGP routes. These routes are also called vRoutes.

TLOC routes: Transport location (TLOC) routes are logical tunnel termination points on WAN edge routers that connect to the transport network.

Service routes: OMP advertises routes for services such as firewalls, intrusion prevention, application optimization, and VPN labels.