Which protocol is used to measure loss, latency, jitter, and liveliness of the tunnel between WAN Edge router peers?

A. OMP

B. NetFlow

C. BFD

D. IP SLA

How should the IP addresses be assigned for all members of a Cisco vManager cluster located in the same data center?

A. in overlapping IPs

B. in different subnets

C. in the same subnet

D. in each controller with a /32 subnet

A network administrator is configuring an application-aware firewall between inside zones to an outside zone on a WAN Edge router using vManage GUI. Which kind of inspection is performed when the `inspect` action is used?

A. Layer 7 inspection for TCP and Layer 4 inspection for UDP

B. stateful inspection for TCP and stateless inspection of UDP

C. IPS inspection for TCP and Layer 4 inspection for UDP

D. stateful inspection for TCP and UDP

Which feature template configures OMP?

Refer to the exhibit. A small company was acquired by a large organization. As a result, the new organization decided to update information on their Enterprise
RootCA and generated a new certificate using openssl. Which configuration updates the new certificate and issues an alert in vManage Monitor | Events
Dashboard?

DRAG DROP
-
Drag and drop the steps from the left into the sequence on the right for a WAN Edge router after powering on for zero touch provisioning.
 

Which Cisco SD-WAN WAN Edge platform supports LTE and Wi-Fi?

A. ISR 1101

B. ASR 1001

C. CSR 1000v

D. vEdge 2000

An enterprise is continuously adding new sites to its Cisco SD-WAN network. It must configure any cached routes ushed when OMP peers have lost adjacency.
Which configuration allows the cached OMP routes to be ushed after every 24 hours from its routing table?

A.

An engineer configured a data policy called ROME-POLICY. Which configuration allows traffic flow from the Rome internal network toward other sites?

A.

B.

C.

D.

Which behavior describes a WAN Edge router running dual DIA when its DPI engine has identified a cloud SaaS application?

A. The gateway WAN Edge router DPI engine accepts the DNS query for SaaS applications, and DNS queries for noncloud applications follow the explicit path.

B. The WAN Edge DPI engine never selects a subperforming DIA circuit for the first application, and the WAN Edge router finds the SaaS application.

C. Existing ows change the path and drop the traffic when the performance of the chosen path degrades.

D. Application traffic ows are routed over best performing DIA circuit, which makes the routing decision based on the best performing path.

An administrator needs to configure Cisco SD-WAN to divert traffic from the company's private network to an ISP network. Which action should be taken to accomplish this goal?

A. configure the security policy

B. configure the control policy

C. configure the data policy

D. configure the application aware policy

An engineer creates this data policy for DIA for VPN 10:

Which policy sequence enables DIA for external networks?

A.

An engineer creates a data policy to prevent communication from the 172.20.21.0/24 network to the 172.20.41.0/24 network. Which configuration accomplishes this task?

A.

Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design?

Which control policy assigned to branches in the out direction establishes a strict hub-and-spoke topology for VPN2?

A. B

Which service VPN must be reachable from all WAN Edge devices and the controllers?

A. VPN0

B. VPN10

C. VPN215

D. VPN512

What is the result during a WAN Edge software upgrade process if the version of the WAN Edge software is higher than the one running on a controller device?

A. The upgrade button is greyed out.

B. The upgrade fails with a warning message.

C. The upgrade proceeds with a warning message.

D. The upgrade proceeds with no warning message.

Which secure tunnel type should be used to connect one WAN Edge router to other WAN Edge routers?

A. DTLS

B. SSL VPN

C. IPsec

D. TLS

What is the size of SGT data in the metadata header?

A. 8 bits

B. 16 bits

C. 24 bits

D. 32 bits

What must an engineer consider when deploying an SD-WAN on-premises architecture based on ESXI hypervisor?

A. Cisco must provision the backup and snapshots platform for the SD-WAN architecture.

B. The IT team will be given access by Cisco to a vManage for configuration templates and policies configuration.

C. The IT team is required to provision the SD-WAN controllers and is responsible for backups and disaster recovery implementation.

D. The managed service provider must provision controllers with their appropriate certificates.

How is an event monitored and reported for an individual device in the overlay network at site ID:S4300T6E43F36?

A. The device sends event notifications to vManage.

B. The device sends notifications to vSmart that sends them to vManage.

C. The device sends a critical alarm of events to vManage.

D. The device sends a critical alarm to vSmart that sends it to vManage.

Which feature builds transport redundancy by using the cross link between two redundant WAN Edge routers?

A. TLOC extension

B. quality of service

C. zero-touch provisioning

D. OMP

How many cloud gateway instance(s) can be created per region when provisioning Cloud OnRamp for Multicloud from AWS in a multiregion environment?

A. one

B. two

C. three

D. four

A policy is created to influence routing path in the network using a group of prefixes. Which policy application will achieve this goal when applied to a site list?

A. control-policy

B. vpn-membership policy

C. app-route policy

D. c owd-template

Which type of certificate is installed on vManage for a user to access vManage via a web browser?

A. Controller certificate

B. Web Server certificate

C. SD-AVC certificate

D. WAN Edge certificate

Refer to the exhibit. A WAN Edge router is configured with SLAs. Which TLOC does the traffic take if the internet TLOC has latency 100 ms, loss 2%, jitter 50ms, and the MPLS TLOC has latency 50 ms, loss 1%, and jitter 150 ms?

A. MPLS

B. internet

C. MPLS or internet

D. drop

An engineer must improve video quality by limiting HTTP traffic to the Internet without any failover. Which configuration in vManage achieves this goal?

Which routes are similar to the IP route advertisements when the routing information of WAN Edge routers is learned from the local site and local routing protocols?

A. BGP

B. OMP

C. TLOC

D. service

Which protocol is used to propagate multicast join requests over the Cisco SD-WAN fabric?

A. Auto-RP

B. ARP

C. OMP

D. IGMP

What is the behavior of vBond orchestrator?

A. It builds permanent connections with vSmart controllers.

B. It builds permanent connections with WAN Edge routers.

C. It updates vSmart of WAN Edge routers behind NAT devices using OMP.

D. It maintains vSmart and WAN Edge routers secure connectivity state.

An engineer must apply the configuration for certificate installation to vBond Orchestrator and vSmart Controller. Which configuration accomplishes this task?

A. A

Which component is responsible for routing protocols such as BGP and OSPF in a Cisco SD-WAN solution?

A. vSmart Controller

B. WAN Edge Router

C. vManage

D. vBond Orchestrator

An administrator must deploy the controllers using the On-Prem method while vManage can access the PnP portal from inside. How are the two WAN Edge authorized allowed lists to be made available to vManage? (Choose two.)

For data plane resiliency, what does the Cisco SD-WAN software implement?

A. multiple vBond orchestrators

B. establishing a nity between vSmart controllers and WAN Edge routers

C. OMP

D. BFD

What is the main purpose of using TLOC extensions in WAN Edge router configuration?

A. transports control traffic to remote-site WAN Edge routers

B. creates an IPsec tunnel from WAN Edge to vBond Orchestrator

C. creates hardware-level transport redundancy at the local site

D. transports control traffic to a redundant vSmart Controller

Refer to the exhibit. An MPLS connection on R2 must extend to R1. Users behind R1 must have dual connectivity for data traffic. Which configuration provides R1 control connectivity over the MPLS connection?

An enterprise needs DIA on some of its branches with a common location ID: A042:B49C:D02E::72.
Which WAN Edge configuration meets the requirement?

A. vpn 1 interface ge0/1 ip address 172.16.0.1/24 vpn 512 ip route 0.0.0.0/0 vpn 0

B. vpn 1 ip route 0.0.0.0/0 vpn 1 interface ge0/0 ip address 172.16.0.1/24 nat

C. vpn 0 ip route 0.0.0.0/0 vpn 0 vpn 1 interface ge0/1 ip address 172.16.0.1/24 nat

D. vpn 0 interface ge0/0 ip address 172.16.0.1/24 nat vpn 1 ip route 0.0.0.0/0 vpn 0

Drag and drop the REST API calls from the left onto the functions on the right.

Select and Place:

An engineer is tasked to improve throughput for connection-oriented traffic by decreasing round-trip latency. Which configuration will achieve this goal?

A. turn off Enable TCP Optimization

B. turn on Enhance ECMP Keying

C. turn on Enable TCP Optimization

D. turn off Enhance ECMP Keying

Two sites have one WAN Edge each. Each WAN Edge has two public TLOCs with no restrict configured. There is full reachability between the TLOCs. How many data tunnels are formed on each WAN Edge router?

A. 6

B. 2

C. 4

D. 8

Drag and drop the attributes from the left that make each transport location unique onto the right. Not all options are used.

Select and Place:

An administrator must configure an ACL for traffic coming in from the service-side VPN on a specific WAN Edge device with circuit ID 123456789.
Which policy must be used to configure this ACL?

A. local data policy

B. central data policy

C. app-aware policy

D. central control policy

Which set of key security components of authentication, encryption, and integrity is used to establish an IPsec tunnel in the Cisco SD-WAN solution?

A. Authentication is 1024-bit key; encryption is AES-128 cipher, and integrity is ESP, HMAC-MD5.

B. Authentication is 1024-bit key; encryption is AES-256 cipher, and integrity is ESP, HMAC-MD5.

C. Authentication is 2048-bit key; encryption is AES-256 cipher, and integrity is ESP, HMAC-SHA1.

D. Authentication is 2048-bit key; encryption is AES-128 cipher, and integrity is ESP, HMAC-SHA1.

Which SD-WAN component is configured to enforce a policy to redirect branch-to-branch traffic toward a network service such as a firewall or IPS?

A. vBond

B. vSmart

C. WAN Edge

D. Firewall

Drag and drop the vManage policy configuration procedures from the left onto the correct definitions on the right.

Select and Place:

Refer to the exhibit. An enterprise decides to use the Cisco SD-WAN Cloud onRamp for SaaS feature and utilize

A. Q site Biz iNET to reach SaaS Cloud for branch C, currently reaching SaaS Cloud directly. Which role must be assigned to devices at both sites in vManage Cloud Express for this solution to work?

B. Branch to be added as Client Sites and

C. Q as DI

D. Q to be added as Gateway and Branch as DI

E. Branch to be added as DIA and

F. Q as Client Site.

G. Q to be added as Gateway and Branch as Client Site.

Which two prerequisites must be met before the Cloud onRamp for IaaS is initiated on vManage to expand to the flaws cloud? (Choose two.)

A. Attach an OSPF feature template to the flaws cloud Edge router template.

B. Attach the AmazonCreateVPC and AmazonProvisionEC2 permission policy to the IAM account.

C. Subscribe to the SD-WAN Edge router AMI in the flaws account.

D. Attach a device template to the cloud WAN Edge router to be deployed in the flaws.

E. Preprovision the transit VPC in the flaws region.

How is multicast routing enabled on devices in the Cisco SD-WAN overlay network?

A. The WAN Edge routers originate multicast service routes to the vSmart controller via OMP, which then forwards joins for requested multicast groups based on IGMP v2 or v3 toward the source or PIM-RP as speci ed in the original PIM join message.

B. The WAN Edge routers originate multicast service routes to the vSmart controller via OMP, which then forwards joins for requested multicast groups based on IGMP v1 or v2 toward the source or PIM-RP as speci ed in the original PIM join message.

C. The vSmart controller originates multicast service routes to the WAN Edge routers via OMP, which then forwards joins for requested multicast groups based on IGMP v1 or v2 toward the source or PIM-RP as speci ed in the original PIM join message.

D. The vSmart controller originates multicast service routes to the WAN Edge routers via OMP, which then forwards joins for requested multicast groups based on IGMP v2 or v3 toward the source or PIM-RP as speci ed in the original PIM join message.

Which API call retrieves a list of all devices in the network?

A. https://vmanage_IP_address/dataservice/system/device/{{model}}

B. http://vmanage_IP_address/dataservice/system/device/{{model}}

C. http://vmanage_IP_address/api-call/system/device/{{model}}

D. https://vmanage_IP_address/api-call/system/device/{{model}}

Refer to the exhibit.

Which two configurations are needed to get the WAN Edges registered with the controllers when certificates are used? (Choose two.)

A. Install the certificate received from the CA server manually on the WAN Edge.

B. Generate a CSR manually within vManage server.

C. Generate a CSR manually on the WAN Edge.

D. Install the certificate received from the CA server manually on the vManage.

E. Request a certificate manually from the Enterprise CA server.