preguntas-2

What are two benefits of installing Cisco SD-WAN controllers on cloud-hosted services? (Choose two). installs the controllers in two cloud regions in a primary and backup setup. accelerates Cisco SD-WAN deployment. allows integration of the WAN Edge devices in the cloud. utilizes well-known cloud services such as Azure, AWS, and GCP. automatically implements zone-based firewalling on the controllers.

An engineer is troubleshooting a certificate issue on vEdge. Which command is used to verify the validity of the certificates?. show control local-properties. show control summary. show certificate installed. show certificate status.

An engineer is configuring a data policy for IPv4 prefixes for a single WAN Edge device on a site with multiple WAN edge devices. How is the policy added using the policy configuration wizard?. In vManage NMS, select the configure > policies screen, select the centralized policy tab, and click add policy. In vManage NMS, select the configure > policies screen, select the localized policy tab, and click add policy. In vSmart controller, select the configure > policies screen, select the localized policy tab, and click add policy. In vBond orchestrator, select the configure > policies screen, select the localized policy tab, and click add policy.

Where does the Cisco V-Edge Router perform QoS traffic classification?. Per VPN. Ingress interface. Egress interface. Per vEdge.

Which component of the Cisco SD-WAN architecture oversees the control plane of overlay network to establish, adjust, and maintain the connections that form the Cisco SD-WAN fabric?. vBond. vManage. vSmart. APIC-EM.

Which two sets of identifiers does OMP carry when it advertises TLOC routes between WAN Edge routers? (Choose two). TLOC public and private address, carrier, and preference. VPN ID, local site network, and BGP next-hop IP address. source and destination IP address, MAC, and site ID. TLOC public and private address, tunnel ID, and performance. system IP address, link color, and encapsulation.

What are the two advantages of deploying cloud-based Cisco SD-WAN controllers? (Choose two). management of SLA. centralized raid storage of data. centralized control and data plane. distributed authentication policies. infrastructure as a service.

An engineer is applying QoS policy for the transport-side tunnel interfaces to enable scheduling and shaping for a WAN Edge cloud router. Which command accomplishes the task?. cloud-qos-service-side. qos-scheduler QOS_0. rewrite-rule QOS-REQWRITE. qos-map QOS.

An enterprise has these three WAN connections: + public Internet + business Internet + MPLS An engineer must configure two available links to route traffic via both links. Which configuration achieves this objective?. omp no shutdown route-limit 2. omp no shutdown overlay-as 2. omp no shutdown ecmp-limit 2. omp no shutdown send-path-limit 2.

Refer to the exhibit. Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?. interface ge0/2.704 ip address 10.113.4.1/30 encapsulation ipsec color mpls restrict no shutdown. interface ge0/2.704 ip address 10.113.4.2/30 mtu 1496 tloc-extension ge0/1. interface ge0/2.704 ip address 10.113.4.2/30 tloc-extension ge0/2. interface ge0/2.704 ip address 10.113.4.1/30 tunnel-interface encapsulation ipsec color mpls-restrict mtu 1496 tloc-extension ge0/2 no shutdown.

Which command verifies a policy that has been pushed to the vEdge router?. vSmart# show running-config apply policy. vSmart# show running-config policy. vEdge# show policy from-vsmart. vEdge# show running-config data policy.

The SD-WAN network is configured with a default full-mesh topology. An engineer wants Barcelona and Paris to communicate to each other through the London site using a control policy. Which control policy configuration accomplishes the task?. configuration -- policies -- centralized policy -- centralized policy -- traffic policy. configuration -- policies -- centralized policy -- localized policy -- access control lists. configuration -- policies -- centralized policy -- localized policy -- route policy. configuration -- policies -- centralized policy -- centralized policy -- topology.

Which component of the Cisco SD-WAN network assures that only valid customer nodes are participating in the overlay network?. vManage. WAN Edge. vSmart. vBond.

Which configuration defines the groups of interest before creation of the access list or route map?. configuration policies -- custom options -- lists. configuration templates -- device. configuration policies -- localized policy. configuration policies -- centralized policy.

How is TLOC defined?. It is represented by a unique identifier to specify a site in as SD-WAN architecture. It is a unique collection of GRE or IPsec encapsulation, link color, and system IP address. It specifies a Cisco SD-WAN overlay in a multitenant vSMART deployment. It is represented by group of QoS policies applied to a WAN Edge router.

An engineer must configure a centralized policy on a site in which all HTTP traffic should use the Public Internet circuit if the loss on this circuit is below 10%. Otherwise MPLS should be used. Which configuration wizard fulfills this requirement?. Configure VPN Membership > Apply Policies to Sites and VPNs. Create Applications or Groups of Interest > Configure Traffic Rules > Apply Policies to Sites and VPNs. Create Applications or Groups of interest > Configure Traffic Data > Apply Policies to Sites and VPNs. Configure Topology > Apply Policies to Sites and VPNs.

Which SD-WAN component detects path performance information in the organization to report the issue to the service provider at site ID:123456?. vBond Orchestrator. vAnalytics. vManage NMS. Cisco DNA.

Which two vRoute attributes should be matched or set in vSmart policies and modified by data policies? (Choose two). preference. TLOC. VPN. site ID. origin.

Which type of route advertisement of OMP can be verified?. OMP, VPN, and origin. OMP, TLOC, and service. Origin, TLOC, and VPN. Origin, TLOC, and service.

SD-WAN customer has a requirement to calculate the SHA value for files as they pass through the device to see the returned disposition and determine if the file is good, unknown or malicious. The customer also wants to perform real-time traffic analysis and generate alerts when threats and detected. Which two Cisco sd-wan solutions meet the requirement? (Choose two). Cisco Secure Endpoint. Cisco Trust Anchor Module. Cisco AMP. Cisco Snort IP. Cisco Threat Grid.

Which platform cannot provide IPS and URL filtering capabilities?. Cisco Catalyst 8300. Cisco ISR 4000. Cisco CSR 1000V. Cisco ISR 1000.

Which NAT type must the engineer configure for the vEdge router to bring up the data plane tunnels?. Use public color on the TLOC. Enable Full Cone NAT on the vEdge interface. Enable Symmetric NAT on the vEdge interface. Use private color on the TLOC.

An engineer modifies a data policy for DIA in VPN 67. The location has two Internet-bound circuits. Only the web browsing traffic must be admitted for DIA, without further discrimination about which transport to use. Here is the existing data policy configuration: data-policy DIA vpn-list VPN-67 sequence 10 match destination-data-prefix-list INTERNAL-NETWORKS ! ! default-action drop Which policy configuration sequence meets the requirements?. sequence 5 match destination-port 80 443 destination-ip 0.0.0.0/0 ! action accept nat use-vpn 0. sequence 20 match destination-port 80 443 source-ip 0.0.0.0/0 ! action accept set local-tloc-list color biz-internet. sequence 20 match destination-port 80 443 destination-ip 0.0.0.0/0 ! action accept nat use-vpn 0. sequence 5 match destination-port 80 443 source-ip 0.0.0.0/0 ! action accept set local-tloc-list color biz-internet.

An engineer is configuring a shaping rate of 1 Mbps on the WAN link of a WAN Edge router. Which configuration accomplishes this task?. vpn vpn-id interface interface-name shaping-rate 1000. interface interface-name vpn vpn-id shaping-rate 1000. vpn vpn-id interface interface-name shaping-rate 1000000. interface interface-name vpn vpn-id shaping-rate 1000000.

Drag and drop the devices from the left onto the correct functions on the right. Note: You just need to click on one of the boxes on the right to match it with the corresponding box on the left. establishes a secured data plane. first point of authentication. single pane of glass. enforces control policies.

An engineer must create a QoS policy by creating a class map and assigning it to the LLQ queue on a WAN Edge router Which configuration accomplishes the task?. Configuration -- policies -- localized policy -- lists. Configuration -- policies -- centralized policy -- lists. Configuration -- policies -- centralized policy -- traffic policy. Configuration -- policies -- localized policy -- forwarding class QoS.

An engineer must deploy a QoS policy with these requirements: * policy name: App-police * police rate: 1000000 * burst: 1000000 * exceed: drop Which configuration meets the requirements?. vpn-list VPN10 sequence 1 match app-list youtube action accept set policer App-police. policy data-policy policy-name vpn-list 10 sequence 1 action accept set policer App-police. vpn 10 interface ge0/0/0 set policer App-police in default action accept. policy action accept set policer App-police.

Which two architectural components are part of an SD-WAN high availability vManage cluster? (Choose two). application server. NAT router. network configuration system. messaging server. WAN Edge router.

Which plane builds and maintains the network topology and makes decisions on traffic flows?. Management. Data. Orchestration. Control.

On which device is a service FW address configured to insert firewall service at the hub?. vSmart at the branch. vEdge at the branch. vSmart at the hub. vEdge at the hub.

Which two options are SD-WAN solution capabilities? (Choose two). The separation of management plane, control plane and data plane to enable horizontal scaling. Truck roll branch turn up for easy provisioning and new installations. Ability to provide and integrate security with complementary products and applications. Cloud hosted or on-premise fully redundant management and control plane functions.

Company E wants to deploy Cisco SD-WAN with controllers in AWS. The company’s existing WAN is on private MPLS without internet access to controllers in AWS. An internet circuit is added to a site in addition to the existing MPLS circuit. Which interface template establishes BFD neighbors over both transports?. Restrict On. Maximum Control Connections -- 1. vBond as Stun Server. Maximum Control connections -- 0.

Which feature template configures OMP?. Section Parameter Type Variable/Value Basic Number of Global 16 Config Paths adver advertise Radio Global Off Static Global Off. Section Parameter Type Variable/Value Server Hostname/ Global 10.4.48.13 IP address VPN ID Global 1 Source Inter Global loopback0. Section Parameter Type Variable/Value Server Authentication Global local Order Local User/admin/ Device user_admin_Pass Password Specific. Section Parameter Type Variable/Value Basic VPN Global 512 Config Name Global Management VPN IPv4 Prefix Global 0.0.0.0/0 Route Gateway Radio button Next Hop Next Hop Device Speci vpn512_next_h.

An engineer modifies a data policy for DIA in VPN 200 to meet the requirements for traffic destined to these locations: – external networks; must be translated – external networks; must use a public TLOC color – syslog servers, must use a private TLOC color Here is the existing data policy configuration: data-policy DIA vpn-list VPN-200 sequence 10 match destination-data prefix-list INTERNAL-NETWORKS ! action accept sequence 20 match destination-ip 0.0.0.0/0 ! action accept nat use-vpn 0 ! ! default-action reject. sequence 25 match destination-ip 0.0.0.0/0 ! action accept set local-tloc-list color biz-internet sequence 30 match destination-data-prefix-list SYSLOG-SERVERS ! action accept set local-tloc-list color mpls. sequence 15 match destination-ip 0.0.0.0/0 ! action accept set local-tloc-list color biz-internet sequence 30 match destination-data-prefix-list SYSLOG-SERVERS ! action accept nat use-vpn 0. sequence 15 match destination-data-prefix-list SYSLOG-SERVERS ! action accept set local-tloc-list color mpls sequence 20 match destination-ip 0.0.0.0/0 ! action accept set local-tloc-list color biz-internet. sequence 5 match source-ip 0.0.0.0/0 ! action accept set local-tloc-list color biz-internet sequence 30 match destination-data-prefix-list SYSLOG-SERVERS ! action accept set local-tloc-list color mpls.

Which two criteria are supported to filter traffic in an Cisco umbrella Cloud-delivered firewall? (Choose two). Geolocation. Tunnel. URL. Site ID. Protocol.

Refer to the exhibit. Which configuration configures IPsec tunnels in active and standby? from-vsmart data-policy_1_ServiceIsertionIPSec direction from-service vpn-list 1 sequence 1 match destination-ip 64.102.6.247/32 action accept set service netsvc1 service local default-action accept. vpn 1 service netsvc1 interface ipsec1 ipsec2 vpn-list 1 count ServicePSec1_275676046 from-vsmart lists vpn-list 1 vpn 1. vpn 1 service netsvc1 interface ipsec1 ipsec2 from-vsmart lists vpn-list 0 vpn 0. vpn 1 service netsvc1 interface ipsec1 ipsec2 from-vsmart lists vpn-list 1 vpn 1. vpn 1 service netsvc1 interface ipsec1 ipsec2 vpn-list 1 count ServicePSec1_275676046 from-vsmart lists vpn-list 0 vpn 0.

A vEdge platform is sending VRRP advertisement messages every 10 seconds. Which value configures the router back to the default timer?. 5 seconds. 1 second. 2 seconds. 3 seconds.

Which REST API call checks the status of an action that is performed on a device?. configuration status. troubleshoot status. monitor status. admin status.

Which action is performed during the onboarding process when a WAN Edge router is connected to ZTP server ztp.viptela.com?. The router is connected to WAN Edge Cloud Center. The router is synced with vSmart Controller via an IPsec tunnel. The router receives its vBond Orchestrator information. The router is connected to vSmart Controller via a DTLS/TLS tunnel.

Which two actions must be taken to allow certain department to require firewall protection when interacting with data center networks without including other departments? (Choose two). Deploy a service-chained firewall service per VPN. Apply data policies at vEdge. Use classification, policing, and marking. Advertise to vSmart controllers. The regional hub advertises the availability of the firewall service.

vManage and vBond have an issue establishing a connection to vSmart. Which two actions does the administrator take to fix the issue? (Choose two). Manually resync vManage and vBond. Delete and re-add vSmart. Click Generate and validate CSR. Reconfigure the vSmart from CLI with the proper Hostname & System IP. Request a certificate from the certificate server based on the CSR for the vSmart. Install the certificate received from the certificate server.

The network team must configure application-aware routing for the Service VPN 50.0.0.0/16. The SLA must prefer MPLS for video traffic, but the remaining traffic must use a public network. What must be defined other than applications before the application-aware policy is created?. SLA Class, Site, VPN, Prefix. Color, SLA Class, Site, VPN. Application, SLA, VPN, Prefix. Data Prefix, Site, VPN, TLOC.

A customer has 1 to 100 service VPNs and wants to restrict outbound updates for VPN1. Which control policy configuration restricts these updates?. policy lists vpn-list restricted_vpns vpn 2-100 ! ! vpn-membership restrict_1 sequence 10 match vpn-list restricted_vpns action reject ! ! default-action accept ! !. policy lists vpn-list VPN2-100 vpn 2-100 ! ! control-policy restrict_2-100 sequence 10 match route vpn-list VPN2-100 ! action reject ! default-action accept. policy lists vpn-list VPN1 vpn 1 ! ! control-policy restrict_1 sequence 10 match route vpn-list VPN1 ! action reject ! default-action accept. policy lists vpn-list restricted_vpns vpn 1 ! ! vpn-membership restrict_1 sequence 100 match vpn-list restricted_vpns action reject ! ! default-action accept ! !.

What are the two components of an application-aware firewall? (Choose two). firewall policy. zone pair. sequence. default action. lists.

An engineer is troubleshooting a vEdge router and identifies a “DCONFAIL – DTLS connection failure” message. What is the problem?. connectivity issue. certificate mismatch. organization mismatch. memory issue.

Which SD-WAN component is configured to enforce a policy to redirect branch-to-branch traffic toward a network service such as a firewall or IPS?. WAN Edge. vBond. vSmart. Firewall.

Two sites have one WAN Edge each. Each WAN Edge has two public TLOCs with no restrict configured. There is full reachability between the TLOCs. How many data tunnels are formed on each Edge router?. 8. 2. 4. 6.