Cisco CCNP Enterprise 300-415 Questions & Answers

• Question 391:

  What is the purpose of “vpn 0” in the configuration template when onboarding a WAN Edge node?

  A. It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vSmart and vManager

  B. It carries control out-of-bond network management traffic among the Viptela devices in the overlay network.

  C. It carries control traffic over secure IPsec connections between vSmart controllers and vEdge routers, and between vSmart and vManager

  D. It carries control traffic over secure DTLS or TLS connections between vSmart controllers and vEdge routers, and between vSmart and vBond

  Correct Answer: D

• Question 392:

  Which two algorithms authenticate a user when configuring SNMPv3 monitoring on a WAN Edge router? (Choose two)

  A. AES-256

  B. SHA-1

  C. AES-128

  D. MD5

  E. SHA-2

  Correct Answer: BD

  https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/snmp/snmp-book.html

• Question 393:

  A network administrator is configuring an application-aware firewall between inside zones to an outside zone on a WAN edge router using vManage GUI. What kind of inspection is performed when the "inspect" action is used?

  A. Layer 7 inspection for TCP and Layer 4 inspection for UDP

  B. IPS inspection for TCP and-Layer 4 inspection for UDP

  C. stateful inspection for TCP and stateless inspection of UDP

  D. stateful inspection for TCP and UDP

  Correct Answer: D

  When the "inspect" action is used in the context of an application-aware firewall, it typically refers to stateful inspection for both TCP and UDP traffic. This allows the firewall to keep track of the state of network connections and make decisions based on the state of those connections.

• Question 394:

  Refer to the exhibit.

  vEdge-2(config-vpn-0)#interface ge0/2.101vEdge-2(config-interface)#ip address 10.1.100.0/24vEdge-2(config-interface)#tloc-extension ge0/0vEdge-2(config-interface)#mtu 1496vEdge-2(config-interface)#no shutdown

  

  What binding is created using the tloc-extension command?

  A. between ge0/2.101 of port-type transport and ge0/0 of port-type service

  B. between ge0/2.101 of port-type service and ge0/0 of port-type service

  C. between ge0/2.101 of port-type service and ge0/0 of port-type transport

  D. between ge0/2.101 of port-type transport and ge0/0 of port-type transport

  Correct Answer: D

• Question 395:

  A network administrator is configuring QoS on a Vedge 5000 router and needs to enable it on the transport side interface. Which policy setting must be selected to accomplish this goal?

  A. Cloud QoS Service side

  B. Cloud QoS

  C. Netflow

  D. Application

  Correct Answer: B

• Question 396:

  A policy is created to influence the routing path in the network using a group of prefixes. Which policy application will achieve this goal when applied to a site list?

  A. control-policy

  B. vpn-membership policy

  C. app-route policy

  D. cflowd-template

  Correct Answer: A

• Question 397:

  An engineer wants to track tunnel characteristics within a SLA-based policy for convergence.

  Which policy configuration will achieve this goal?

  A. Data policy

  B. Control policy

  C. App-route policy

  D. VPN membership policy

  Correct Answer: C

  App-Route policies allow you to define and manage application-aware routing policies based on specific application characteristics, such as application performance, latency, and other tunnel-related characteristics. These policies are used to ensure that traffic is routed over the most suitable paths to meet SLA (Service Level Agreement) requirements, including convergence and performance criteria.

• Question 398:

  What is a benefit of the application aware firewall feature in the Cisco SD-WAN solution?

  A. application monitoring

  B. application malware protection

  C. application visibility

  D. control policy enforcement

  Correct Answer: C

  https://www.cisco.com/c/dam/en/us/td/docs/routers/sdwan/configuration/config-18-4.pdf#page=242

• Question 399:

  Which protocol is used to measure loss, latency, jitter, and liveliness of the tunnel between WAN Edge router peers?

  A. OMP

  B. NetFlow

  C. BFD

  D. IP SLA

  Correct Answer: C

  Reference: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2019/pdf/TECCRS-2014.pdf

• Question 400:

  Which component of the Cisco SD-WAN secure extensible network provides a single pane of glass approach to network monitoring and configuration?

  A. APIC-EM

  B. vSmart

  C. vManage

  D. vBond

  Correct Answer: C

  vManage - The vManage controller is the centralized network management system that provides the GUI interface. This single pane of glass allows easy deployment, configuration, monitoring, and troubleshooting of the Cisco SD-WAN network.