Cisco 300-415 Online Practice Questions and Exam Preparation

Cisco 300-415 Online Questions & Answers

• Question 271:

  An engineer must avoid routing loops on the SD-WAN fabric for routes advertised between data center sites.

  Which BGP loop prevention attribute must be configured on the routers to meet this requirement?

  A. static routing on all WAN Edge routers instead of BGP
  B. same BGP AS between all CE and PE routers
  C. same OMP overlay-as on WAN Edge routers of all data centers
  D. same BGP AS between all WAN Edge routers and CE routers
  C. same OMP overlay-as on WAN Edge routers of all data centers

  ---

  Explanation

  References:

  https://www.cisco.com/c/en/us/support/docs/routers/sd-wan/215992-how-to-avoid-bgp-omp-routing-loop-in-sd.html

• Question 272:

  What are the two requirements for plug-and-play provisioning on Cisco IOS XE SD-WAN devices? (Choose two.)

  A. The gateway router for the WAN Edge device must be able to reach devicehelper.cisco.com.
  B. The gateway router for the WAN Edge device must be able to reach public DNS servers.
  C. The gateway router for the WAN Edge device must be able to reach ztp.viptela.com.
  D. Devices at branch offices must be able to reach the Cisco SD-WAN vSmart controller at the headquarters site.
  E. The WAN Edge device must have a valid certificate.
  D. Devices at branch offices must be able to reach the Cisco SD-WAN vSmart controller at the headquarters site.
  E. The WAN Edge device must have a valid certificate.

• Question 273:

  Refer to the exhibit.

  

  A WAN Edge device was recently added to vManage, but a control connection could not be established.

  Which action resolves this issue?

  A. Rectify the Root CA certificate mismatch on WAN Edge devices.
  B. Resolve the ZTP reachability and rectify smart account credentials issue.
  C. Install the bootstrap code on WAN Edge and check for CSR.
  D. Send the serial number to vBond from the vManage controller.
  D. Send the serial number to vBond from the vManage controller.

  ---

  Explanation

  Problem Statement

  A device's serial number is missing from the vSmart controllers.

  Identify the Problem

  Issue the show control connections-history command. In the Local Error column of the output, the values BIDNTVRFD, CRTREJSER, and SERNTPRES indicate a missing serial number. BIDNTVRFD indicates a missing serial number for vBond orchestrators. CRTREJSER indicates a missing serial number for vEdge routers and vSmart controllers. SERNTPRES on a vBond orchestrator indicates a serial number mismatch between vSmart controllers.

  Resolve the Problem

  Send the device's serial number to the controllers:

  1. In vManage NMS, select the Configuration Certificates screen.

  2. In the vEdge List tab, select the device whose serial number is missing.

  3. Click Send to Controllers.

  https://community.cisco.com/t5/networking-knowledge-base/sd-wan-routers-troubleshoot-control-connections/ta-p/3813237

• Question 274:

  What must an engineer consider when deploying an SD-WAN on-premises architecture based on the ESXI hypervisor?

  A. Cisco must provision the backup and snapshots platform for the SD-WAN architecture.
  B. The IT team will be given access by Cisco to a vManage for configuration templates and policies configuration.
  C. The IT team is required to provision the SD-WAN controllers and is responsible for backups and disaster recovery implementation.
  D. The managed service provider must provision controllers with their appropriate certificates.
  C. The IT team is required to provision the SD-WAN controllers and is responsible for backups and disaster recovery implementation.

  ---

  Explanation

  The IT team is required to download the SD-WAN Orchestrator and use the necessary guides to complete your installation, including provisioning the correct environment, Disaster Recovery and Snapshots of the SD-WAN Controller VM for on prem.

• Question 275:

  An engineer modifies a data policy for DIA in VPN 200 to meet the requirements for traffic destined to these locations:

  1. external networks; must be translated

  2. external networks; must use a public TLOC color

  3. syslog servers, must use a private TLOC color

  Here is the existing data policy configuration:

  

  Which policy configuration sequence set meets the requirements?

  A. sequence 25 match destination-ip 0.0.0.0/0 ! action accept set local-tloc-list color biz-Internet sequence 30 match destination-data-prefix-list SYSLOG-SERVERS ! action accept set local-tloc-list color mpls
  B. sequence 15 match destination-ip 0.0.0.0/0 ! action accept set local-tloc-list color biz-Internet sequence 30 match destination-data-prefix-list SYSLOG-SERVERS ! action accept nat use-vpn 0
  C. sequence 15 match destination-data-prefix-list SYSLOG-SERVERS ! action accept set local-tloc-list color mpls sequence 20 match destination-ip 0.0.0.0/0 ! action accept set local-tloc-list color biz-internet
  D. sequence 5 match source-ip 0.0.0.0/0 ! action accept set local-tloc-list color biz-internet sequence 30 match destination-data-prefix-list SYSLOG-SERVERS ! action accept set local-tloc-list color mpls
  C. sequence 15 match destination-data-prefix-list SYSLOG-SERVERS ! action accept set local-tloc-list color mpls sequence 20 match destination-ip 0.0.0.0/0 ! action accept set local-tloc-list color biz-internet

• Question 276:

  DRAG DROP

  Drag and drop the components from the left onto the corresponding Cisco NFV infrastructure Building Blocks on the right. Not all options are used.

  Select and Place:

  

  

• Question 277:

  Refer to the exhibit.

  

  A customer wants to implement primary and secondary Cisco SD-WAN overlay routing for prefixes that are advertised for both data centers. The east data center (TLOC 101.101.101.101) is primary for east sites, and the west data center (TLOC 100.100.100.100) is primary for west sites.

  Which configuration change achieves this objective?

  

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

  ---

  Explanation

  Preference 400 is prefered over 200

• Question 278:

  A customer has MPLS and Internet as the TLOC colors. An engineer must configure controllers with the Internet and not with MPLS.

  Which configuration achieve this requirement on vManage?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

• Question 279:

  What is the first step for setting up traffic flows when enabling TLS Proxy in SD-WAN for security?

  A. The sender authenticates the devices and individual users, and the receiver verifies the signature by decrypting the message with the public key of the sender.
  B. Certificate authorities in TLS Proxy issue certificates for authentication to all entitles such as hosts, network devices, or users.
  C. When decryption policy is enabled for the flow, a client hello packet is received by Unified Threat Defense to define the decryption action.
  D. The TCP connection is established between the client and the proxy, and between the proxy and the server.
  D. The TCP connection is established between the client and the proxy, and between the proxy and the server.

• Question 280:

  Which vBond system configuration under VPN 0 allows for a routable public IP address even if the DNS name, hostname, or IP address of the vBond orchestrator are omitted?

  A. WAN
  B. local
  C. dns-name
  D. vbond-only
  B. local