Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ENCOR 2024 > Cisco SD-WAN > Flashcards

Cisco SD-WAN Flashcards

1
Q

Drag and drop the characteristics of Cisco SD-WAN from the left onto the right. Not all options are used.

A

Centralized distribution of policies throughout the network.
Operates over DTLS/TLS authenticated and secured tunnels.
Provides flexibility and scalability through a hub and spoke architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

1.3 Architecture Cisco SD-WAN

In a Cisco SD-WAN network, which VPN Identifier is reserved for carrying out-of-band network management traffic?

A. VPN 0
B. VPN 1
C. VPN 512
D. VPN 514

A

C. VPN 512

VPN 0—Transport VPN, which carries control traffic via the configured WAN transport interfaces. Initially, VPN 0 contains all of a device’s interfaces except for the management interface, and all interfaces are disabled.
VPN 512—Management VPN, which carries out-of-band network management traffic among the Viptela devices in the overlay network. The interface used for management traffic resides in VPN 512. By default, VPN 512 is configured and enabled on all vEdge routers except for vEdge 100. For controller devices, by default, VPN 512 is not configured.
VPNs 1 through 511, and 513 through 65530—VPNs on vEdge routers for service-side data traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

1.3 Architecture Cisco SD-WAN

In a Cisco SD-WAN network, which VPN Identifier is reserved as the transport VPN, carrying control traffic?

A. VPN 0
B. VPN 1
C. VPN 512
D. VPN 514

A

A. VPN 0

VPN 0—Transport VPN, which carries control traffic via the configured WAN transport interfaces. Initially, VPN 0 contains all of a device’s interfaces except for the management interface, and all interfaces are disabled.
VPN 512—Management VPN, which carries out-of-band network management traffic among the Viptela devices in the overlay network. The interface used for management traffic resides in VPN 512. By default, VPN 512 is configured and enabled on all vEdge routers except for vEdge 100. For controller devices, by default, VPN 512 is not configured.
VPNs 1 through 511, and 513 through 65530—VPNs on vEdge routers for service-side data traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In a Cisco SD-WAN solution, how is the health of a data plane tunnel monitored?

A. with IP SLA
B. ARP probing
C. using BFD
D. with OMP

A

C. using BFD

Cisco SD-WAN BFD :
Runs on SD-WAN tunnel to detect failures in the overlay tunnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

1.3 Architecture Cisco SD-WAN

In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)

A. advertisement of network prefixes and their attributes
B. configuration of control and data policies
C. gathering of underlay infrastructure data
D. delivery of crypto keys
E. segmentation and differentiation of traffic

A

A. advertisement of network prefixes and their attributes
D. delivery of crypto keys

A and D is correct.
The OMP protocol is responsible for:
– Distribution of Transport Locators (TLOCs) among network sites in the sd-wan domain.
– Distribution of service-side reachability information.
– Distribution of service-chaining information.
– Distribution of data plane security parameters, VPN labels, and crypto keys.
– Distribution of data and application-aware routing (AAR) policies. (Answer E is not correct as OMP is only distribute, not configure data policies)

p634 in the OCG (under vSmart):
“OMP is a proprietary routing protocol similar to BGP that can advertise routes, next hop, keys and policy information needed to establish and maintain the SD-WAN fabric.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In Cisco SD-WAN, which protocol is used to measure link quality?

A. IPsec
B. OMP
C. RSVP
D. BFD

A

D. BFD

The BFD (Bidirectional Forwarding Detection) is a protocol that detects link failures as part of the Cisco SD-WAN (Viptela) high availability solution, is enabled by default on all vEdge routers, and you cannot disable it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Refer to the exhibit. What step resolves the authentication issue?

A. use basic authentication
B. change the port to 12446
C. target 192.168.100.82 in the URI
D. restart the vsmart host

A

C. target 192.168.100.82 in the URI

C is the correct answer. vManage is used for managing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

1.3 Architecture Cisco SD-WAN

Which two Cisco SD-WAN components exchange OMP information? (Choose two.)

A. WAN Edge
B. vBond
C. vManage
D. vAnalytics
E. vSmart

A

A. WAN Edge
E. vSmart

“Overlay Management Protocol (OMP): The OMP routing protocol has a similar structure to BGP and manages the SD-WAN overlay network. Its protocol runs between vSmart controllers and between vSmart controllers and WAN edge routers, where control plane information—such as route prefixes, next-hop routes, crypto keys, and policy information—is exchanged over a secure DTLS or TLS connection.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The Overlay Management Protocol (OMP) is used as the control plane protocol and forms peers between the VSmart Controller and the SD-WAN edge devices. OMP is responsible for advertising which three types of routes in the SD-WAN network? (Choose three.)

A. OMP routes
B. TLOCs
C. MP-BGP
D. LISP routes
E. Service routes

A

A. OMP routes
B. TLOCs
E. Service routes

  • OMP routes: OMP Routes, also referred to as vRoutes, are prefixes learned at the local site via connected interfaces, static routes, and dynamic routing protocols (such as OSPF, EIGRP, and BGP) running on the service side of the vEdge. These prefixes are redistributed into OMP and advertised to the vSmart controller so that they can be carried across the overlay fabric to all other WAN edge nodes. OMP routes resolve their next-hop to a TLOC. An OMP route is installed in the forwarding table only if the next-hop TLOC is known and there is a BFD session in UP state associated with that TLOC;
  • TLOC routes advertise Transport Locators of the connected WAN transports, along with additional attributes such as public and private IP addresses, color, TLOC preference, site ID, weight, tags, and encryption keys.
  • Service routes advertise embedded network services such as firewalls and IPS that are connected to the vEdge local-site network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two.)

A. It enforces a single, scalable, hub-and-spoke topology.
B. It simplifies endpoint provisioning through standalone router management.
C. It allows configuration of application-aware policies with real time enforcement.
D. It improves endpoint protection by integrating embedded and cloud security features.
E. It provides resilient and effective traffic flow using MPLS.

A

C. It allows configuration of application-aware policies with real time enforcement.
D. It improves endpoint protection by integrating embedded and cloud security features.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are two benefits of implementing a traditional WAN instead of an SD-WAN solution? (Choose two.)

A. lower control plane abstraction
B. faster fault detection
C. simplified troubleshooting
D. comprehensive configuration standardization
E. lower data plane overhead

A

A. lower control plane abstraction
E. lower data plane overhead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

1.3 Architecture Cisco SD-WAN

What is a characteristic of Cisco SD-WAN?

A. uses unique per-device feature templates
B. requires manual secure tunnel configuration
C. uses control plane connections between routers
D. operates over DTLS/TLS authenticated and secured tunnels

A

D. operates over DTLS/TLS authenticated and secured tunnels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a characteristic of vManage?

A. It leverages the overlay management protocol to interface with WAN Edge devices.
B. It supports protocols such as OSPF to integrate with legacy network devices.
C. It requires a public IP address to allow WAN Edge devices to discover fabric components.
D. It uses NETCONF to configure vSmart devices to build the overlay network data plane.

A

D. It uses NETCONF to configure vSmart devices to build the overlay network data plane.

vManage => NETCONF => vSmart => OMP => VEdge

While it’s true that the vSmart controllers don’t construct the data plane, answers A and B are clearly referencing vSmart.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a TLOC in a Cisco SD-WAN deployment?

A. value that identifies a specific tunnel within the Cisco SD-WAN overlay
B. identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay
C. attribute that acts as a next hop for network prefixes
D. component set by the administrator to differentiate similar nodes that offer a common service

A

C. attribute that acts as a next hop for network prefixes

TLOC: The Transport Location (TLOC) identifier is the next hop of the OMP route. This attribute is very similar to the BGP_NEXT_HOP attribute. Within the TLOC, there are three values:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a VPN in a Cisco SD-WAN deployment?

A. common exchange point between two different services
B. attribute to identify a set of services offered in specific places in the SD-WAN fabric
C. virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric
D. virtual channel used to carry control plane information

A

C. virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric.

[…] VPN Segmentation: Traffic isolation is key to any security strategy. Traffic that enters the router is assigned to a VPN, which not only isolates user traffic, but also provides routing table isolation. This ensures that a user in one VPN cannot transmit data to another VPN unless explicitly configured to do so. When traffic is transmitted across the WAN, a label is inserted after the ESP header to identify the VPN that the user’s traffic belongs to when it reaches the remote destination. ««<

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the centralized control policy in a Cisco SD-WAN deployment?

A. set of statements that defines how routing is performed
B. set of rules that governs nodes authentication within the cloud
C. list of ordered statements that define user access policies
D. list of enabled services for all nodes within the cloud

A

A. set of statements that defines how routing is performed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the data policy in a Cisco SD-WAN deployment?

A. list of ordered statements that define node configurations and authentication used within the SD-WAN overlay
B. set of statements that defines how data is forwarded based on IP packet information and specific VPNs
C. detailed database mapping several kinds of addresses with their corresponding location
D. group of services tested to guarantee devices and links liveliness within the SD-WAN overlay

A

B. set of statements that defines how data is forwarded based on IP packet information and specific VPNs

The Cisco SD-WAN architecture implements two types of data policy:

Centralized data policy controls the flow of data traffic based on the source and destination addresses and ports and DSCP fields in the packet’s IP header (referred to as a 5-tuple), and based on network segmentation and VPN membership. These types of data policy are provisioned centrally, on the Cisco vSmart controller, and they affect traffic flow across the entire network.

Localized data policy controls the flow of data traffic into and out of interfaces and interface queues on a Cisco vEdge device. This type of data policy is provisioned locally using access lists. It allows you to classify traffic and map different classes to different queues. It also allows you to mirror traffic and to police the rate at which data traffic is transmitted and received.

18
Q

1.3 Architecture Cisco SD-WAN

What is the function of vBond in a Cisco SD-WAN deployment?

A. initiating connections with SD-WAN routers automatically
B. pushing of configuration toward SD-WAN routers
C. onboarding of SD-WAN routers into the SD-WAN overlay
D. gathering telemetry data from SD-WAN routers

A

C. onboarding of SD-WAN routers into the SD-WAN overlay

Orchestration plane (vBond) assists in securely onboarding the SD-WAN WAN Edge routers into the SD-WAN overlay.

19
Q

What is the role of the vSmart controller in a Cisco SD-WAN environment?

A. It performs authentication and authorization.
B. It manages the control plane.
C. It is the centralized network management system.
D. It manages the data plane.

A

B. It manages the control plane.

  • It performs authentication and authorization. (vBond)
  • It manages the control plane. (vSmart)
  • It is the centralized network management system. (vManage)
  • It manages the data plane. (vEdge)
20
Q

What is the role of vSmart in a Cisco SD-WAN environment?

A. to establish secure control plane connections
B. to monitor, configure, and maintain SD-WAN devices
C. to provide secure data plane connectivity over WAN links
D. to perform initial authentication of devices

A

A. to establish secure control plane connections

vSmart controllers play a crucial role in orchestrating and managing the control plane operations in an SD-WAN architecture. They are responsible for establishing and maintaining secure control plane connections among different SD-WAN devices (such as edge routers or vEdge devices).

These controllers help in enforcing policies, distributing routing information, facilitating secure communication between SD-WAN components, and ensuring that the SD-WAN fabric operates based on defined business policies and requirements. They play a key role in controlling the behavior and forwarding decisions of SD-WAN devices by providing centralized intelligence for the control plane of the network.

21
Q

What is used by vManage to interact with Cisco SD-WAN devices in the fabric?

A. IPsec
B. northbound API
C. RESTCONF
D. southbound API

A

D. southbound API

vManage interacts with Cisco SD-WAN devices in the fabric using southbound APIs. These APIs facilitate communication and management of the network devices.

22
Q

Which action is the vSmart controller responsible for in a Cisco SD-WAN deployment?

A. onboard WAN Edge nodes into the Cisco SD-WAN fabric
B. gather telemetry data from WAN Edge routers
C. distribute policies that govern data forwarding performed within the Cisco SD-WAN fabric
D. handle, maintain, and gather configuration and status for nodes within the Cisco SD-WAN fabric

A

C. distribute policies that govern data forwarding performed within the Cisco SD-WAN fabric

vSmart functions:
1. vSmart is the brain of the entire system.
2. Works with vBond to authenticate Viptela devices as they join the network.
3. Builds Control Plane connections with vEdge using TLS.
4. Orchestrate connectivity between vEdges via the policies there by creating the network topology.
5. Acts as a Route reflector by advertising the branches prefixes based on the policy.
6. Shares the data plane keys of a vEdge with other vEdges based on the policy to allow them to build the tunnels – IKEless IPSEC.
7. Policies are configured on vSmart.

23
Q

Which action is the vSmart controller responsible for in an SD-WAN deployment?

A. onboard vEdge nodes into the SD-WAN fabric
B. gather telemetry data from vEdge routers
C. distribute security information for tunnel establishment between vEdge routers
D. manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric

A

C distribute security information for tunnel establishment between vEdge routers

  • onboard vEdge nodes into the SD-WAN fabric (vBond)
  • gather telemetry data from vEdge routers (vAnalytics)
  • distribute security information for tunnel establishment between vEdge routers (vSmart)
  • manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric (vManage)

The vSmart controller acts as a centralized brain of the SD-WAN architecture, responsible for orchestrating and managing the SD-WAN fabric. It’s involved in the control plane operations, managing the configuration, policies, and status information for the network elements, including vEdge routers.

Specifically, the vSmart controller performs tasks such as policy distribution, control plane intelligence, configuration management, and providing routing information to the SD-WAN edge devices (vEdge routers). It helps in making forwarding decisions and ensuring that the SD-WAN fabric operates according to the defined policies and configurations across the network.

24
Q

1.3 Architecture Cisco SD-WAN

Which characteristic applies to a traditional WAN solution but not to a Cisco SD-WAN solution?

A. lengthy installation times
B. centralized reachability, security, and application policies
C. low complexity and increased overall solution scale
D. operates over DTLS/TLS authenticated and secured tunnels

A

A. lengthy installation times

Compared to traditional WAN deployment, SD-WAN enables enterprises to deploy wide area networks 100x faster with 3x the cost-savings.

25
Q

Which characteristic applies to a traditional WAN solution but not to a Cisco SD-WAN solution?

A. time consuming configuration and maintenance
B. centralized reachability, security, and application policies
C. low complexity and increased overall solution scale
D. operates over DTLS/TLS authenticated and secured tunnels

A

A. time consuming configuration and maintenance

26
Q

1.3 Architecture Cisco SD-WAN

Which Cisco SD-WAN component acts as a single pane of glass for management and offers centralized fault, performance, accounting, and configuration management?

A. vBond
B. vEdge
C. vSmart
D. vManage

A

D. vManage

27
Q

Which Cisco SD-WAN component authenticates the routers and the vSmart controllers?

A. vEdge
B. Manage NMS
C. Analytics
D. vBond orchestrator

A

D. vBond orchestrator

28
Q

Which component handles the orchestration plane of the Cisco SD-WAN?

A. vBond
B. vSmart
C. vManage
D. WAN Edge

A

A. vBond

vManager
- is the controller (the management plane)

vSmart
- is the control plane.

vEdge
- is the data plane.

vBond
- is the orchestrator plane

29
Q

Which control plane protocol is used between Cisco SD-WAN routers and vSmart controllers?

A. TCP
B. OMP
C. UDP
D. BGP

A

B. OMP

The Viptela Overlay Management Protocol (OMP) establishes and maintains the Viptela control plane.

OMP is enabled by default on all vEdge routers, vManage NMSs, and vSmart controllers, so there is no need to explicitly configure or enable OMP. OMP must be operational for the Viptela overlay network to function. If you disable it, you disable the overlay network.

30
Q

Which controller is capable of acting as a STUN server during the onboarding process of Edge devices?

A. vBond
B. vSmart
C. vManage
D. PNP Server

A

A. vBond

The SD-WAN Validator (Former name vBond) plays a crucial role and acts as a Session Traversal Utilities for NAT (STUN) server, which allows other control components and SD-WAN routers to discover their own mapped/translated IP addresses and port numbers.

31
Q

Which controller is the single plane of management for Cisco SD-WAN?

A. vBond
B. vSmart
C. vManage
D. vEdge

A

C. vManage

vManage serves as the single plane of management in a Cisco SD-WAN deployment.

It provides a centralized interface for network administrators to manage, configure, monitor, and troubleshoot the entire SD-WAN fabric.

32
Q

Which function is performed by vSmart in the Cisco SD-WAN architecture’?

A. distribution of IPsec keys Most Voted
B. execution of localized policies
C. redistribution between OMP and other routing protocols
D. facilitation of NAT detection and traversal

A

A. distribution of IPsec keys

needs to be confirmed.

33
Q

Which function is performed by vSmart in the Cisco SD-WAN architecture?

A. aggregation and distribution of VPN routing information
B. execution of localized policies
C. facilitation of NAT detection and traversal
D. redistribution between OMP and other routing protocols

A

A. aggregation and distribution of VPN routing information

In the Cisco SD-WAN architecture, the vSmart controller acts as the centralized brain of the network. It is responsible for aggregating and distributing VPN (Virtual Private Network) routing information across the SD-WAN fabric

34
Q

1.3 Architecture Cisco SD-WAN

Which of the following statements regarding the use of Bidirectional Forwarding Detection (BFD) in a Cisco SD-WAN environment are true?

A. BFD cannot be disabled on SD-WAN routers.
B. OSPFv3 is not supported with BFD.
C. In addition to link failure detection, it is also used to measure loss and latency used by application aware routing.
D. Is not typically enabled for OMP.
E. Does not support BGP.

A

A. BFD cannot be disabled on SD-WAN routers.
C. In addition to link failure detection, it is also used to measure loss and latency used by application aware routing.

35
Q

Which policy feature is used with TrustSec to provide endpoint entitlement in an enterprise network?

A. security group tags
B. access control lists
C. virtual local area network
D. virtual routing and forwarding

A

A. security group tags

TrustSec utilizes Security Group Tags (SGTs) to define and enforce policies based on the identity of the endpoints in the network. This helps in dynamically assigning and enforcing access policies based on the security group to which an endpoint belongs.

36
Q

Which protocol does Cisco SD-WAN use to protect control plane communication?

A. STUN
B. OMP
C. IPsec
D. DTLS

A

D. DTLS

37
Q

Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?

A. IKE
B. TLS
C. IPsec
D. ESP

A

B. TLS

“The WAN Edge routers form a permanent Datagram Transport Layer Security (DTLS) or Transport Layer Security (TLS) control connection to the vSmart controllers and connect to both of the vSmart controllers over each transport”

38
Q

Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?

A. DTLS
B. IPsec
C. PGP
D. HTTPS

A

A. DTLS

he Cisco Catalyst SD-WAN control plane has been designed with network and device security in mind. The foundation of the control plane is one of two security protocols derived from Secure Sockets Layer (SSL)—​the Datagram Transport Layer Security (DTLS) protocol and the Transport Layer Security (TLS) protocol

39
Q

1.4 Architecture Cisco SD-Access

Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD-Access architecture?

A. underlay network
B. VPN routing/forwarding
C. easy virtual network
D. overlay network

A

D. overlay network

logical network will be the overlay and physical network would be the underlying devices under the sd-wan fabric

40
Q

Which technology provides an overlay fabric to connect remote locations utilizing commodity data paths and improves network performance, boosts security, and reduces costs?

A. InfiniBand
B. VTEP
C. SD-WAN
D. VXLAN

A

C. SD-WAN

41
Q

Why does the vBond orchestrator have a public IP?

A. to allow for global reachability from all WAN Edges in the Cisco SD-WAN and to facilitate NAT traversal
B. to provide access to Cisco Smart Licensing servers for license enablement
C. to enable vBond to learn the public IP of WAN Edge devices that are behind NAT gateways or in private address space
D. to facilitate downloading and distribution of operational and security patches

A

A. to allow for global reachability from all WAN Edges in the Cisco SD-WAN and to facilitate NAT traversal

ENCOR 2024 (34 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions