Cisco 300-415 Online Practice Questions and Exam Preparation

Cisco 300-415 Online Questions & Answers

• Question 241:

  Which two actions must be taken to allow certain department to require firewall protection when interacting with data center networks without including other departments? (Choose two.)

  A. Use classification, policing, and marking
  B. Advertise to vSmart controllers.
  C. The regional hub advertises the availability of the firewall service.
  D. Apply data policies at vEdge.
  E. Deploy a service-chained firewall service per VPN.
  C. The regional hub advertises the availability of the firewall service.
  E. Deploy a service-chained firewall service per VPN.

• Question 242:

  Which set of key security components of authentication, encryption, and integrity is used to establish an IPsec tunnel in the Cisco SD-WAN solution?

  A. Authentication is 1024-bit key; encryption is AES-128 cipher, and integrity is ESP, HMAC-MD5.
  B. Authentication is 1024-bit key; encryption is AES-256 cipher, and integrity is ESP, HMAC-MD5.
  C. Authentication is 2048-bit key; encryption is AES-256 cipher, and integrity is ESP, HMAC-SHA1.
  D. Authentication is 2048-bit key; encryption is AES-128 cipher, and integrity is ESP, HMAC-SHA1.
  C. Authentication is 2048-bit key; encryption is AES-256 cipher, and integrity is ESP, HMAC-SHA1.

• Question 243:

  An enterprise deployed a Cisco SD-WAN solution with hub-and-spoke topology using MPLS as the preferred network over the Internet. A network engineer must implement an application-aware routing policy to allow ICMP traffic to be load-balanced over both the available links.

  Which configuration meets the requirement?

  

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

  ---

  Explanation

  sla-class sla-class-name preferred-color colors - To set multiple tunnels to use when data traffic matches an SLA class, include the preferred-color option, specifying two or more tunnel colors. Traffic is load-balanced across all tunnels. If no tunnel matches the SLA, data traffic is sent through any available tunnel. In this sense, color preference is considered to be a loose matching, not a strict matching, because data traffic is always forwarded, whether a tunnel of the preferred color is available or not. When no tunnel matches the SLA, you can choose how to handle the data traffic:

• Question 244:

  Which policy allows communication between TLOCs of data centers and spokes and blocks communication between spokes?

  A. centralized data policy
  B. localized control policy
  C. centralized control policy
  D. localized data policy
  C. centralized control policy

  ---

  Explanation

  In Cisco SD-WAN, to implement hub and spoke topology means to restrict the spoke-to-spoke overlay connections. To do this, a centralized policy must be created and applied so that the remote sites will only receive the Transport Locators of the data center WAN Edges from the vSmart controllers.

• Question 245:

  An engineer is modifying an existing data policy for VPN 115 to meet these additional requirements:

  1. When browsing government websites, the traffic must use direct internet access.

  2. The source address of the traffic leaving the site toward the government websites must be set to an IP range associated with the country itself, a particular TLOC.

  The policy configuration is as follows:

  

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  C. Option C

• Question 246:

  Which attributes are configured to uniquely identify and represent a TLOC route?

  A. system IP address, link color, and encapsulation
  B. origin, originator, and preference
  C. site ID, tag, and VPN
  D. firewall, IPS, and application optimization
  A. system IP address, link color, and encapsulation

  ---

  Explanation

  TLOC routes are the logical tunnel termination points on the vEdge routers that connect into a transport network. A TLOC route is uniquely identified and represented by a three-tuple, consisting of system IP address, link color, and encapsulation (Generic Routing Encapsulation [GRE] or IPSec). In addition to system IP address, color, and encapsulation, TLOC routes also carry attributes such as TLOC private and public IP addresses, carrier, preference, site ID, tag, and weight. For a TLOC to be considered in an active state on a particular vEdge, an active BFD session must be associated with that vEdge TLOC.

  https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/CVD-SD-WAN-Design-2018OCT.pdf

• Question 247:

  Refer to the exhibit.

  What does the BFD value of 8 represent?

  

  A. dead timer of BFD session
  B. poll-interval of BFD session
  C. hello timer of BFD session
  D. number of BFD sessions
  D. number of BFD sessions

• Question 248:

  Which component of the Cisco SD-WAN network assures that only valid customer nodes are participating in the overlay network?

  A. vBond
  B. vManage
  C. vSmart
  D. WAN Edge
  A. vBond

  ---

  Explanation

  Cisco vBond Orchestrator orchestrates the initial control connection between Cisco vSmart Controllers and edge routers. It creates DTLS tunnels to the Cisco vSmart Controllers and edge routers to authenticate each node that is requesting control plane connectivity. This authentication behavior assures that only valid customer nodes can participate.

• Question 249:

  What is the function of colocation in Cloud OnRamp SaaS?

  A. In Cloud OnRamp, colocation supports the capability of virtualizing access-only locations and using colocation centers that require the customer to extend to the cloud.
  B. Cloud OnRamp incorporates regional colocation facilities by choosing between cloud access points at the remote site and regional cloud access points at the colocation facilities.
  C. With colocation facility in Cloud OnRamp, the customer faces challenges to virtualize the security and optimization infrastructure that influence traffic through network elements.
  D. The Cloud OnRamp for colocation solution restricts the creation of different VNF service chains orchestrated in Cisco vManage and deployed on a cluster in a colocation facility.
  B. Cloud OnRamp incorporates regional colocation facilities by choosing between cloud access points at the remote site and regional cloud access points at the colocation facilities.

• Question 250:

  Which solution provides enterprises with multiple distributed branch offices that are clustered around major cities or spread over several countries with the ability to regionalize the routing services in facilities?

  A. Cloud OnRamp for Colocation
  B. Cloud OnRamp for SaaS
  C. Cloud OnRamp for IaaS
  D. Cloud OnRamp for Mutlicloud
  A. Cloud OnRamp for Colocation