part 1

Question 1

Which component of the Cisco SD-WAN secure extensible network provides a single pane of glass approach to network monitoring and configuration?

A. APIC-EM
B. vSmart
C. vManage
D. vBond

Answer 1

C

Question 2

What is a benefit of the application aware firewall feature in the Cisco SD-WAN solution?

A. application monitoring
B. application malware protection
C. application visibility
D. control policy enforcement

Answer 2

C

Question 3

A network administrator is configuring QoS on a vEdge 5000 router and needs to enable it on the transport side interface. Which policy setting must be selected to accomplish this goal?

A. Cloud QoS Service side
B. Cloud QoS
C. Netflow
D. Application

Answer 3

B

Question 4

A policy is created to influence routing path in the network using a group of prefixes. What policy application will achieve this goal when applied to a site list?

A. control-policy
B. vpn-membership policy
C. app-route policy
D. cflowd-template

Answer 4

A

Question 5

An engineer wants to track tunnel characteristics within a SLA-based policy for convergence. Which policy configuration will achieve this goal?

A. Data policy
B. Control policy
C. App-route policy
D. VPN membership policy

Answer 5

C

Question 6

Refer to the exhibit.

vEdge-2(config-vpn-0)#interface ge0/2.101
vEdge-2(config-interface)#ip address 10.1.100.0/24
vEdge-2(config-interface)#tloc-extension ge0/0
vEdge-2(config-interface)#mtu 1496
vEdge-2(config-interface)#no shutdown

What binding is created using the tloc-extension command?

A. between ge0/2.101 of port-type transport and ge0/0 of port-type service
B. between ge0/2.101 of port-type service and ge0/0 of port-type service
C. between ge0/2.101 of port-type service and ge0/0 of port-type transport
D. between ge0/2.101 of port-type transport and ge0/0 of port-type transport

Answer 6

D

Question 7

Which two algorithms authenticate a user when configuring SNMPv3 monitoring on a WAN Edge router? (Choose two)

A. AES-256
B. SHA-1
C. AES-128
D. MD5
E. SHA-2

Answer 7

D,E

Question 8

A network administrator is configuring an application-aware firewall between inside zones to an outside zone on a WAN edge router using vManage GUI. What kind of inspection is performed when the ”inspect” action is used?

A. Layer 7 inspection for TCP and Layer 4 inspection for UDP
B. IPS inspection for TCP and-Layer 4 inspection for UDP
C. stateful inspection for TCP and stateless inspection of UDP
D. stateful inspection for TCP and UDP

Answer 8

D

Question 9

What is the purpose of ”vpn 0” in the configuration template when onboarding a WAN edge node?

A. It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vSmart and vManager
B. It carries control out-of-bond network management traffic among the Viptela devices in the overlay network.
C. It carries control traffic over secure DTLS or TLS connections between vSmart controllers and vEdge routers, and between vSmart and vBond

Answer 9

C

Question 10

In Cisco SD-WAN, what protocol is used for control connections between SD-WAN devices?

A. BGP
B. OSPF
C. DTLS
D. OMP

Answer 10

C

Question 11

In an AWS cloud, which feature provision WAN Edge routers automatically in Cisco SD-WAN?

A. Cloud OnRamp
B. vAnalytics
C. Cloud app
D. Network Designer

Answer 11

A

Question 12

When a WAN Edge device joins the SD-WAN overlay, which Cisco SD-WAN components orchestrates the connection between the WAN Edge device and a vSmart controller?

A. OMP
B. vBond
C. vManage
D. APIC-EM

Answer 12

B

Question 13

A network administrator is bringing up one WAN Edge for branch connectivity. Which types of tunnels form when the WAN edge router connects to the SD-WAN fabric?

A. DTLS or TLS tunnel with vBond controller and IPsec tunnel with vManage controller
B. DTLS or TLS tunnel with vBond controller and IPsec tunnel with other WAN Edge routers
C. DTLS or TLS tunnel with vSmart controller and IPsec tunnel with other Edge routers
D. DTLS or TLS tunnel with vSmart controller and IPsec tunnel with vBond controller

Answer 13

C

Question 14

In the Cisco SD-WAN solution, vSmart controller is responsible for which two actions? (Choose two)

A. Authenticate and authorize vEdge routers.
B. Distribute the IP address from DHCP server to vEdge routers.
C. Distribute crypto key information among vEdge routers
D. Configure and monitor vEdge routers.
E. Distribute route and policy information via OMP.

Answer 14

C,E

Question 15

Which device in the SD-WAN solution receives and categorizes event reports, and generates alarms?

A. vSmart controllers
B. WAN Edge routers
C. vBond controllers
D. vManage NMS

Answer 15

D

Question 16

An administrator needs to configure SD-WAN to divert traffic from the company’s private network to an ISP network. What action should be taken to accomplish this goal?

A. configure the data security policy
B. configure the application aware policy
C. configure the control policy
D. configure the data policy

Answer 16

D

Question 17

Drag and drop the definitions from the left to the configuration on the right.



Answer 17

+ destination zone: grouping of VPNs where the data traffic flows terminate
+ firewall policy: matching condition that allows traffic flow between two zones
+ source zone: grouping of VPNs where the data traffic flows originate
+ zone pair: container that associates forwarding and blocking decisions

Question 18

Drag and drop the attributes from the left that make each transport location unique onto the right. Not all options are used.



Answer 18

+ target 1: color
+ target 2: IP address
+ target 3: encapsulation

Question 19

Drag and drop the steps from the left into the order on the right to upload software on vManage repository that is accessible from maintenance > Software Repository.



Answer 19

+ Step 1: Click the repository
+ Step 2: Click Add new software
+ Step 3: Select vManage to store the software image
+ Step 4: Choose the file and click to upload

Question 20

Which software security feature is supported by the Cisco ISR 4451 router?

A. IPsec/GRE cloud proxy
B. reverse proxy
C. Enterprise Firewall with Application Awareness
D. Cloud Express service

Answer 20

C

Question 21

Which feature builds transport redundancy by using the cross link between two redundant WAN Edge routers?

A. OMP
B. TLOC extension
C. quality of service
D. zero-touch provisioning

Answer 21

B

Question 22

An engineer is configuring a centralized policy to influence network route advertisement. Which controller delivers this policy to the fabric?

A. vSmart
B. vBond
C. WAN Edge
D. vManage

Answer 22

A

Question 23

Which two WAN Edge devices should be deployed in a cloud? (Choose two)

A. vEdge 100wm
B. ASR 1000v
C. CSR 1000v
D. vEdge 5000v
E. vEdge cloud

Answer 23

C,E

Question 24

Which two products that perform lifecycle management for virtual instances are supported by WAN Edge cloud routers? (Choose two)

A. OpenStack
B. VMware vCenter
C. AWS
D. IBM Cloud
E. Azure

Answer 24

A,B

Question 25

Which secure connection should be used to access the REST APIs through the Cisco vManage web server?

A. HTTP inspector interface
B. authenticated HTTPS
C. authenticated DTLS
D. JSON Inspector interface

Answer 25

B

Question 26

What is a description of vManage NMS?

A. A cluster requires device templates to be created on and attached to the same server
B. It is accessible only from VPN 512 (the management VPN)
C. It is a software process on a dedicated WAN Edge router in the network
D. A cluster consists of a minimum of two vManage NMSs

Answer 26

A

Question 27

In which device state does the WAN edge router create control connections, but data tunnels are not created?

A. valid
B. backup
C. active
D. staging

Answer 27

D

Question 28

A network administrator is configuring OMP in vManage to advertise all the paths for the same prefix from a site that has two WAN Edge devices. Each WAN Edge device is connected to three ISPs and two private MPLS transports. What is the minimum value for ‘Number of Paths advertised per Prefix” that should be configured?

A. 2
B. 3
C. 5
D. 10

Answer 28

C

Question 29

A network administrator is configuring a tunnel interface on a branch Cisco IOS XE router to run TLOC extensions. Which configuration will extend a TLOC over a GRE tunnel to another router in the branch?

Option A
Option B
Option C
Option D


A. Option A
B. Option B
C. Option C
D. Option D

Answer 29

C

Question 30

If Smart Account Sync is not used, which Cisco SD-WAN component is used to upload an authorized serial number file?

A. vSmart
B. WAN Edge
C. vManage
D. vBond

Answer 30

C

Question 31

A network administrator is creating an OMP feature template from the vManage GUI to be applied to WAN edge routers. Which configuration attribute will avoid the redistribution of the routes back into the OMP from the LAN side?

A. configure “Number of Paths Advertised per Prefix”
B. configure “ECMP limit”
C. configure “Send Backup Paths”
D. configure “Overlay AS Number”

Answer 31

D

Question 32

An engineer is tasked to improve throughput for connection-oriented traffic by decreasing round-trip latency. Which configuration will achieve this goal?

A. turn on “Enable TCP Optimization”
B. turn off “Enable TCP Optimization”
C. turn off “Enhance ECMP Keying”
D. turn on “Enhance ECMP Keying”

Answer 32

A

Question 33

Which VPN connects the transport-side WAN Edge interface to the underlay/WAN network?

A. VPN 0
B. VPN 1
C. VPN 511
D. VPN 512

Answer 33

A

Question 34

Which port is used for vBond under controller certificates if no alternate port is configured?

A. 12345
B. 12347
C. 12346
D. 12344

Answer 34

C