Chapter 11 - SD-WAN Design

Question 1

Which device is the brains in SD-WAN?

1. vEdge
2. vSmart
3. vBond
4. vManage

Answer 1

B. vSmart is the brains of the SD-WAN architecture.

Question 2

What is the function of vBond?

1. To bond vEdge devices to each other
2. To establish OMP connectivity
3. To establish control channels with vSmart controllers
4. To perform initial authentication of vEdge devices

Answer 2

D. vBond performs the initial authentication of vEdge devices and orchestrates vSmart and vEdge connectivity.

Question 3

You configure a new vEdge manually with IP address, gateway, and vBond IP address. What method of onboarding are you using?

1. Bootstrapping
2. Manual configuration
3. ZTP
4. PnP

Answer 3

B. With manual configuration, a site network administrator manually configures minimal information that allows a vEdge device to connect with the vBond orchestrator.

Question 4

What are three types of OMP routes?

1. Static, dynamic, and redundant
2. Static, OSPF, and BGP
3. Prefix routes, TLOC routes, and service routes
4. ZTP, DTLS, and OMP

Answer 4

OMP advertises prefix, TLOC, and service routes.

Question 5

Two vEdge routers are used at a branch site. If Layer 2 redundancy is implemented on the LAN, which of the following will take care of failover?

1. BGP
2. OSPF
3. Static
4. VRRP

Answer 5

D. VRRP is used for Layer 2 redundancy.

Question 6

Which of the following gathers information about latency, jitter, and packet loss?

1. SNMP
2. BFD
3. IPFIX
4. Probes

Answer 6

B. The BFD probes provide information about latency, jitter, and loss on all the transport links.

Question 7

Which of the following increases availability and scalability in the control plane?

1. Creating a vManage cluster
2. Adding vSmart controllers
3. Adding vEdge devices at the branch
4. Adding vBond orchestrators

Answer 7

B. In the control plane, add a vSmart controller to increase capacity.

Question 8

Which multicast protocol is supported by Cisco SD-WAN?

1. MSDP
2. SSM
3. PIM-SM
4. BIDIR-PIM

Answer 8

C. Cisco SD-WAN supports only PIM-SM.

Question 9

What is the function of vSmart?

1. Provides routing and enforces policies
2. Bonds vEdge devices to each other
3. Establishes control channel to controllers
4. Performs initial authentication of vEdge devices

Answer 9

A. vSmart controllers provide routing, enforce data plane policies, and enforce segmentation.

Question 10

Which plane is responsible for central configuration? configuration?

1. Orchestration
2. Management
3. Control
4. Data

Answer 10

B. The management plane (vManage) is responsible for central configuration and monitoring.

Question 11

In Cisco SD-WAN overlay networks, multicast streams are sent to what device?

1. RP
2. Replicator
3. PIM-SM
4. vSmart controller

Answer 11

B. The multicast stream is sent to the replicator in the SD-WAN network.

Question 12

Which plane is responsible for maintaining the network topology?

1. Orchestration
2. Management
3. Control
4. Data

Answer 12

C. The control plane builds and maintains the network topology and makes decisions on where traffic flows.

Question 13

Which component provides end-to-end visibility of applications with real-time information of application scores?

1. vSmart
2. vManage
3. vEdge
4. vAnalytics

Answer 13

D. vAnalytics, a component of vManage, provides end-to-end visibility of applications with real-time information.

Question 14

In SD-WAN, what are gold, blue, bronze, green ?

1. vSmart rainbow colors
2. Private colors
3. Public colors
4. VPN colors

Answer 14

C. Predefined public colors include 3g, biz, internet, blue, bronze, custom1, custom2, custom3, default, gold, green, lte, public-internet, red, and silver.

Question 15

True or false: A vEdge device uses a native underlay IP address when using a private color.

Answer 15

True.

When using a private color, the vEdge device is using a native private underlay IP.

Question 16

In SD-WAN, what are mpls, metro-ethernet, and private1?

1. vSmart rainbow colors
2. Private colors
3. Public colors
4. VPN colors

Answer 16

B. Private colors include metro-ethernet, mpls, private1, private2, private3, private4, private5, and private6.

Question 17

Which route type contains firewall and VPN labels?

1. OMP routes
2. TLOC routes
3. Service routes
4. BGP routes

Answer 17

C. Service routes contain routes for services such as firewall, intrusion prevention, application optimization, and VPN labels.

Question 18

Which route type contains static and OSPF routes?

1. OMP routes
2. TLOC routes
3. Service routes
4. BGP routes

Answer 18

A. OMP routes include prefixes learned at the local site, including static, OSPF, and BGP routes.

Question 19

Attributes such as transport location identifier, origin, preference, and site ID are part of which type of routes?

1. OMP routes
2. TLOC routes
3. Service routes
4. BGP routes

Answer 19

A. Transport location identifier, origin, preference, and site ID are attributes of OMP routes.

Question 20

Attributes such as TLOC private address, carrier, encapsulation type, and weight are part of which type of routes?

1. OMP routes
2. TLOC routes
3. Service routes
4. BGP routes

Answer 20

B. TLOC private address, carrier, encapsulation type, and weight attributes are part of TLOC routes.

Question 21

Which of the following are requirements for ZTP? (Choose two.)

1. PnP Connect portal linked to CCW
2. Provisioning file uploaded to vManage
3. Configuration of the IP address, gateway IP address, and vBond IP address
4. Configuration of the organization name, system IP address, and site ID

Answer 21

13. A and B.

Question 22

14. Which of the following are requirements for manual configuration? (Choose two.)
15. PnP Connect portal linked to CCW
16. Provisioning file uploaded to vManage
17. Configuration of the IP address, gateway IP address, and vBond IP address
18. Configuration of the organization name, system IP address, and site ID

Answer 22

C and D.

Question 23

What security model is used in the control plane?

1. RBAC
2. Hierarchical model
3. Segmentation
4. Zero Trust

Answer 23

D. The control plane uses the Zero Trust model.

Question 24

What security feature is used in the management plane?

1. RBAC
2. Hierarchical model
3. Segmentation
4. Zero Trust

Answer 24

A. The management plane uses role-based access control.

Question 25

What is not a predefined vManage user group?

1. Basic
2. Operator
3. SuperUser
4. Netadmin

Answer 25

C. vManage predefined user groups are basic, operator, and netadmin.

Question 26

What are the hashing algorithm and preferred encryption with TLS/DTLS for SD-WAN? (Choose two.)

1. SHA256
2. SHA512
3. AES-256-GCM
4. CBC

Answer 26

A and C. SHA256 and AES-256-GCM are used.

Question 27

Which of the following deploys vManage, vSmart, and vBond in a service provider’s cloud infrastructure?

1. On-premises deployment
2. Managed SP deployment
3. Cisco cloud deployment
4. Hybrid deployment

Answer 27

B.

Question 28

Which of the following scales the orchestration, management, and control planes?

1. Hierarchical network
2. Data center
3. Horizontal solution scaling
4. vManage cluster

Answer 28

C. To increase the availability and redundancy of the orchestration, management, and control planes, you can implement horizontal solution scaling.

Question 29

A site has two vEdge routers. Which of the following provides site redundancy for a Layer 2 LAN?

1. OSPF
2. VRRP
3. Multiple vSmart controllers
4. vManage cluster

Answer 29

B. For Layer 2 LANs, failure of VRRP on one of the vEdge routers causes failover to the second vEdge router.

Question 30

A site has two vEdge routers. Which of the following provides site redundancy for a Layer 3 LAN?

1. OSPF
2. VRRP
3. Multiple vSmart controllers
4. vManage cluster

Answer 30

A. For Layer 3 LANs, failure of OSPF on one of the vEdge routers causes failover to the second vEdge router.

Question 31

How are VPNs identified in SD-WAN?

1. Color
2. Number
3. Name
4. Interface

Answer 31

B. Each VPN is assigned a value from 0 to 65,530.

Question 32

Which VPN is identified as VPN 512?

1. System
2. DTLS/TLS
3. Management
4. OMP

Answer 32

C. VPN 512 is the management VPN.

Question 33

How are headers appended to an original packet in SD-WAN?

1. IP-UDP-VPN-ESP-Packet
2. IP-UDP-ESP-VPN-Packet
3. VPN-IP-ESP-UDP-Packet
4. ESP-VPN-IP-UDP-Packet

Answer 33

B. Headers are appended as follows: IP-UDP-ESP-VPN-Packet.

Question 34

Which VPN topology connects all sites to each other?

1. Point-to-point
2. Hub-and-spoke
3. Partial-mesh
4. Full-mesh

Answer 34

D.

Question 35

Which VPN topology connects remote sites to a single site?

1. Point-to-point
2. Hub-and-spoke
3. Partial-mesh
4. Full-mesh

Answer 35

B.

Question 36

29. Which VPN topology connects one site to another single site?
30. Point-to-point
31. Hub-and-spoke
32. Partial-mesh
33. Full-mesh

Answer 36

A.

Question 37

Which VPN topology connects most sites directly to all other sites?

1. Point-to-point
2. Hub-and-spoke
3. Partial-mesh
4. Full-mesh

Answer 37

C.

Question 38

What technology gathers information about latency, jitter, and packet loss to measure performance of transport links in SD-WAN?

1. SNMP
2. BFD
3. IPFIX
4. Probes

Answer 38

B. BFD probes provide information about latency, jitter, and loss on all the transport links, enabling the determination of best paths.

Question 39

The use of ACLs and QoS at a site is an example of which policy type?

1. Centralized control policy
2. Centralized data policy
3. Localized data policy
4. Localized control policy

Answer 39

C. Localized data policies allow you to configure how data traffic is handled at a specific site, such as through ACLs, QoS, mirroring, and policing.

Question 40

The use of service chaining and traffic engineering for a site is an example of which policy type?

1. Centralized control policy
2. Centralized data policy
3. Localized data policy
4. Localized control policy

Answer 40

B. Centralized data policies can be used in configuring application firewalls, service chaining, traffic engineering, and QoS.

Question 41

The customization of routing decisions is an example of which policy type?

1. Centralized control policy
2. Centralized data Policy
3. Localized data policy
4. Localized control policy

Answer 41

A. Centralized control policies operate on the routing and TLOC information and allow for customization of routing decisions and determination of routing paths through the overlay network.

Question 42

Which solution selects the optimal path based on real-time performance for different traffic types?

1. BGP
2. AAR
3. OSFP
4. LLQ

Answer 42

B. Application-aware routing selects the optimal optimal path based on real-time path performance characteristics for different traffic types.

Question 43

Which queuing technique is used in vEdge interface queue 2?

1. WFQ
2. LLQ
3. WRR
4. Tail drop

Answer 43

C. Queues 1 through 7 use Weighted Round Robin (WRR) for scheduling.

Question 44

Which queuing technique is used in vEdge interface queue 0?

1. WFQ
2. LLQ
3. WRR
4. Tail drop

Answer 44

B. Queue 0 uses LLQ.

Question 45

Which congestion-avoidance algorithm is used in queue 0?

1. WFQ
2. LLQ
3. WRR
4. Tail drop

Answer 45

D. Tail drop is the congestion-avoidance algorithm used in queue 0.

Question 46

By default, how are control and BFD traffic marked in SD-WAN?

1. DSCP 48
2. DSCP 46
3. DSCP 30
4. DSCP 34

Answer 46

A. Control and BFD traffic is marked as DSCP 48 decimal (CS6).

Question 47

How is multicast traffic routed in an SD-WAN overlay network?

1. Via the RP
2. Via the MPLS RP
3. Via IGMPv2
4. Via the replicator

Answer 47

D. The vEdge replicator forwards streams to multicast receivers in the SD-WAN network.

Question 48

Which of the following are benefits of DIA? (Choose two.)

1. Reduced bandwidth and costs on the private WAN circuit
2. Prioritized overlay traffic to the headend
3. Improved user branch experience
4. Linking of the underlay to the overlay

Answer 48

A and C. Direct Internet Access (DIA) reduces bandwidth, latency, and cost on WAN links and improves branch office user experience.

Question 49

This plane assists in the automatic onboarding of SD-WAN routers into the SD-WAN overlay.

Answer 49

Orchestration plane

Question 50

This plane is responsible for central configuration and monitoring.

Answer 50

Management plane

Question 51

This plane builds and maintains the network topology and makes decisions on where traffic flows.

Answer 51

Control plane

Question 52

This plane is responsible for forwarding packets based on decisions from the control plane.

Answer 52

Data plane

Question 53

What is vManage?

Answer 53

The vManage component resides in the management plane.

vManage is the centralized network management system (NMS) that provides a GUI interface to monitor, configure, and maintain all Cisco SD-WAN devices and links in the underlay and overlay networks. vManage supports web console, REST API, CLI, syslog, SNMP, and NETCONF.

Question 54

OMP advertises three types of routes. What are they?

Answer 54

OMP routes: OMP advertises prefixes learned at the local site, including static, OSPF, or BGP routes. These routes are also called vRoutes.

TLOC routes: Transport location (TLOC) routes are logical tunnel termination points on WAN edge routers that connect to the transport network.

Service routes: OMP advertises routes for services such as firewalls, intrusion prevention, application optimization, and VPN labels.