clapgeek logo
Refer to the exhibit Which command allows traffic through the IPsec tunnel configured in VPN 0?
What problem happens on a device with two serial numbers, a unique device identifier (UDI), and secure unique device identifier (SUDI) when an engineer provisions ISR 4000 by PnP using only a UDI?
Refer to the exhibit.
An SD-WAN customer has 23 sites connected to its hub site, where a pair of WAN Edge devices and controllers are placed. All other branches have a single WAN Edge device connected to multiprotocol label switching (MPLS) and public internet circuits. An engineer must configure application-aware routing for a branch that has MPLS and public internet circuits provisioned using feature templates. The requirements for application-aware routing are:
All types of traffic prefers using public-internet circuit.
If the average latency reaches 100 ms, jitter 85 ms, and packet loss 5%, then video and voice traffic switches to the MPLS circuit.
Which feature template must be configured or modified in addition to configuring a centralized policy?
A large retail organization decided to move some of the branch applications to the AWS cloud. How does the network architect extend the in-house Cisco SD-WAN branch to cloud network into AWS?
Which command displays BFD session summary information per TLOC on vEdge routers?
Which type of connection is created between a host VNet and a transit VNet when configuring Cloud OnRamp for laaS?
Which type of policy must be applied on a WAN Edge application-aware firewall to control traffic between two or more VPNs?
Which two virtualized environments are available for a company to install the controllers using the on-premises model? (Choose two )
How is an event monitored and reported for an individual device in the overlay network at site ID:S4300T6E43F36?
An enterprise deployed a Cisco SD-WAN solution with hub-and-spoke topology using MPLS as the preferred network over the Internet. A network engineer must implement an application-aware routing policy to allow ICMP traffic to be load-balanced over both the available links. Which configuration meets the requirement?
A)
B)
C)
D)
In which VPN is the NAT operation on an outgoing interface configured for direct Interne! access?
Which VPN connects the transport-side WAN Edge interface to the underlay/WAN network?
An engineer provisions a WAN Edge router. Which command should be used from the WAN Edge router to activate it with vManage?
Refer to the exhibit vManage and vBond have an issue establishing a connection with each other Which action resolves the issue?
An engineer wants to track tunnel characteristics within an SLA-based policy for convergence. Which policy configuration will achieve this goal?
Refer to the exhibit. Which configuration value is used to change the administrative distance of iBGP routes to 20?
Which two services are critical for zero touch provisioning on-boarding? (Choose two)
What two functions describe the TCP optimization tool used in the Cisco SD-WAN? (Choose two.)
A network administrator is configuring VRRP to avoid a traffic black hole when the transport side of the network is down on the master device. What must be configured to get the fastest failover to standby?
Drag and drop the attributes from the left that make each transport location unique onto the right. Not all options are used.
Which two performance data details are provided by Cisco SO-WAN vAnalytics? (Choose two)
An organization requires the use of integrated preventative engines, exploit protection, and the most updated and advanced signature-based antivirus with sandboxing and threat intelligence to stop malicious attachments before they reach users and get executed. Which Cisco SD-WAN solution meets the requirements?
When software is upgraded on a vManage NMS, which two image-adding options store images in a local vManage software repository? (Choose two.)
An engineer is tasked to improve throughput for connection-oriented traffic by decreasing round-trip latency. Which configuration will achieve this goal?
Refer to the exhibit.
Which two configurations are needed to get the WAN Edges registered with the controllers when certificates are used? (Choose two)
Drag and drop the steps from the left into the order on the right to upload software on vManage repository that is accessible from maintenance > Software Repository.
Drag and drop the devices from the left onto the correct functions on the right.
The network administrator is configuring a QoS scheduling policy on traffic received from transport side tunnels on WAN Edge 5000 routers at location 406141498 Which command must be configured on these devices?
If Smart Account Sync is not used, which Cisco SD-WAN component is used to upload an authorized serial number file?
What is the minimum Red Hat Enterprise Linux operating system requirement for a Cisco SD-WAN controller deployment via KVM?
Refer to the exhibit.
vManage and vSmart have an issue establishing a connection to vBond. Which configuration resolves the issue?
Refer to the exhibit.
A customer wants to implement primary and secondary Cisco SD-WAN overlay routing for prefixes that are advertised for both data centers. The east data center (TLOC 101.101.101.101) is primary for east sites, and the west data center (TLOC 100.100.100.100) is primary for west sites. Which configuration change achieves this objective?
What is the result during a WAN Edge software upgrade process if the version of the WAN Edge software is higher than the one running on a controller device?
Which statement describes the requirement of integrating a secure internet gateway (SIG) with a Cisco SD-WAN Edge device?
Refer to the exhibit An engineer is configuring a QoS policy to shape traffic for VLAN 100 on a subinterface Which policy configuration accomplishes the task?
A)
B)
C)
D)
Which device in the SD- WAN solution receives and categorizes event reports, and generates alarms?
What is the default value for the number of paths advertised per prefix in the OMP feature template?
Refer to the exhibit A small company was acquired by a large organization As a result, the new organization decided to update information on their Enterprise RootCA and generated a new certificate using openssl Which configuration updates the new certificate and issues an alert in vManage Monitor | Events Dashboard?
A customer wants to use AWS for Cisco SD-WAN laaS services by deploying virtual SD-WAN routers in a transit AWS VPC The transit VPC then connects via site-to-site IPsec tunnels to an AWS transit gateway Which transit VPC connects via site-to-site IPsec tunnels to an AWS transit gateway?
Which protocol Is used by the REST API to communicate with network services in the Cisco SO-WAN network?
A network administrator is creating an OMP feature template from the vManage GUI to be applied to WAN edge routers. Which configuration attribute will avoid the redistribution of the routes back into the OMP from the LAN side?
Refer to the exhibit. Company ABC has a hub-and-spoke topology in place and currently is load balancing their data traffic at the hub site over MPLS and the public Internet. The leased circuit must be preferred over the shared circuit. Which configuration meets the requirement?
An engineer wants to change the configuration of the certificate authorization mode from manual to automated. Which GUI selection will accomplish this?
What is the OMP graceful restart default value on vSmart controllers and WAN Edge routers?
Which plane assists in the automatic onboarding of the SD-WAN routers into the SD-WAN overlay?
An engineer must avoid routing loops on the SD-WAN fabric for routes advertised between data center sites Which BGP loop prevention attribute must be configured on the routers to meet this requirement?
An organization wants to use the cisco SD-WAN regionalized service-chaining feature to optimize cost and user experience with application in the network, which allows branch routers to analyze and steer traffic toward the required network function. Which feature meets this requirement?
An engineer is configuring a centralized policy to influence network route advertisement. Which controller delivers this policy to the fabric?
A company deploys a Cisco SD-WAN solution but has an unstable Internet connection. When the link to vSmart comes back up, the WAN Edge router routing table is not refreshed, and some traffic to the destination network is dropped. The headquarters is the hub site, and it continuously adds new sites to the SD-WAN network. An engineer must configure route refresh between WAN Edge and vSmart within 2 minutes. Which configuration meets this requirement?
Refer to the exhibit.
An enterprise has hub and spoke topology where it has several VPNs. An engineer must allow users in VPN91 to reach users in VPN92 and VPN10 to reach VPN91 and VPN92. Which configuration meets these requirements?
Refer to the exhibit The network team must configure application-aware routing for the Service VPN 50.0.0.0/16 The SLA must prefer MPLS for video traffic but the remaining traffic must use a public network What must be defined other than applications before the application-aware policy is create?
Which Cloud OnRamp solution is used by partners and vendors without Cisco SD-WAN but still needs connectivity to their customers without installing SD-WAN routing appliances on their sites?
Which component of the Cisco SD-WAN architecture oversees the control plane of overlay network to establish, adjust, and maintain the connections between the WAN Edge devices that form the Cisco SD-WAN fabric?
Which two prerequisites must be met before the Cloud onRamp for laaS is initiated on vManage to expand to the AWS cloud? (Choose two)
A company is using Catalyst SD-WAN Manager as its root certificate authority server and must generate a root certificate using the vShell (Linux) built into the CLI of Catalyst SD-WAN Manager. Which command must be issued to generate the root certificate?
Which Cisco SD-WAN component the initial communication between WAN Edge devices to join the fabric?
Refer to the exhibit The network team must configure El GRP peering at HQ with devices in the service VPN connected to WAN Edge CSRv. CSRv is currently configured with
A)
B)
C)
D)
Which two resource data types are used to collect information for monitoring using REST API in Cisco SD-WAN? (Choose two.)
Which actions must be taken to allow certain departments to require firewall protection when interacting with data center network without including other departments? (Choose two.)
Refer to the exhibit. A customer wants to deploy service insertion at site1. Which traffic from VPN 10 must route to this site through a firewall. A policy must be in place to route VPN 10 traffic from all sites toward this firewall. Which configuration must be on the vSmart controller to meet this requirement?
In which device state does the WAN edge router create control connections, but data tunnels are not created?
Refer to the exhibit. A Cisco SD-WAN network carries traffic for several departments and over 1200 users with several applications at site A and site B branches over the MPLS1 circuit. An engineer is provisioning a higher bandwidth on-demand metro circuit as a backup connection. Which two configurations must the engineer apply to implement the on-demand tunnels? (Choose two.)
Refer to the exhibit An engineer must configure a QoS policy between me hub and site A (spoke) over a standard internet circuit where traffic shaping is adjusted automatically based on evaiiabk» bandwidth Which configuration meets the requirement?
An engineer is applying QoS policy for the transport-side tunnel interfaces to enable scheduling and shaping for a WAN Edge cloud router Which command accomplishes the task?
An administrator is configuring the severity level on the vManage NMS for events that indicate that an action must be taken immediately. Which severity level must be configured?
How must the application-aware enterprise firewall policies be applied within the same WAN Edge router?
What is the default value for the Multiplier field of the BFD basic configuration in vManage?
Refer to the exhibit Cisco SD-WAN is deployed with controllers hosted in a data center All branches have WAN Edge devices with dual connections to the data center one via Internet and the other using MPLS Three branches out of 20 have issues with their control connections on MPLS circuit The local error refers to Control Connection Failure Which action resolves the issue*?
Which component is used for stateful inspection of TCP, UDP. and ICMP flows in Cisco SD-WAN firewall policies?
Refer to the exhibit. An engineer must configure the Overlay Management Protocol route preference so that when B2 tries to reach host routes advertised by B1 it always chooses the MPLS circuit. Which two match conditions must be configured to accomplish this task? (Choose two.)
Refer to the exhibit.
The network team must configure branch B WAN Edge device 103 to establish dynamic full-mesh IPsec tunnels between all colors with branches over MPLS and Internet circuits. The branch ts configured with:
Which configuration meets the requirement?
A)
B)
C)
D)
Refer to the exhibit.
Which configuration change is needed to configure the tloc-extention on Branch1-Edge1?
Refer to the exhibit An engineer is getting a CTORGNMMIS error on a controller connection Which action resolves this issue?
An engineer is troubleshooting a certificate issue on vEdge. Which command is used to verify the validity of the certificates?
What are the two impacts of losing vManage connectivity to fabric in the Cisco SD-WAN network? (Choose two)
Refer to the exhibit.
An engineer is troubleshooting a control connection Issue. What does "connect" mean in this how control connections output?
What is the default value (in milliseconds) set tor the poll interval in the BFD basic configuration?
Company ABC has decided to deploy the controllers using the On-Prem method. How does the administrator upload the WAN Edge list to the vManage?
A)
B)
C)
D)
A customer has 1 to 100 service VPNs and wants to restrict outbound updates for VPN1 Which control policy configuration restricts these updates?
A)
B)
C)
D)
An engineer is troubleshooting a vEdge router and identifies a “DCONFAIL – DTLS connection failure” message. What is the problem?
What is the main purpose of using TLOC extensions in WAN Edge router configuration?
Refer to the exhibit A user has selected the options while configuring a VPN Interface Ethernet feature template What is the required configuration parameter the user must set in this template for this feature to function?
Which control policy assigned to Drenches in the out direction establishes a strict hub-and-spoke topology tor VPN2?
A)
B)
C)
D)
Refer to the exhibit. Which configuration stops Netconf CLI logging on WAN Edge devices during migration?
A network administrator configures SNMPv3 on a Cisco WAN Edge router from CLI for monitoring purposes How many characters are supported by the snmp user
Drag and drop the functions from the left onto the correct templates on the right.
An enterprise has these three WAN connections:
public Internet
business internet
MPLS
An engineer must configure two available links to route traffic via both links. Which configuration achieves this objective?
Which policy tracks path characteristics such as loss, latency, and jitter in vManage?
Refer to the exhibit.
The engineer must assign community tags to 3 of its 74 critical server networks as soon as that are advertised to BGP peers. These server networks must not be advertised outside AS. Which configuration fulfill this requirement?
A)
B)
C)
D)
Which Cisco router provides a distributed multicore architecture optimized for SD-WAN branch support?
Customer has two branch silos with overlapping IPs How must the data policy be configured to establish communication between the sites and server to avoid overlapping?
A)
B)
C)
D)
An engineer must configure the SD-WAN Edge router to identify DSCP 26 traffic coming from the router's local site and then change the DSCP value to DSCP 18 before sending it over to the SD-WAN fabric. What are the two ways to create the required configuration? (Choose two).
When VPNs are grouped to create destination zone in Zone-Based Firewall, how many zones can a single VPN be part of?
Refer to the exhibit. Which configuration ensures that OSPP routes learned from Site2 are reachable at Stein and vice-versa?
The branch users of an organization must be prevented from accessing malicious destinations, and the local files on users' systems must be protected from malware. Which two Cisco products must the organization deploy? (Choose two.)
Which scheduling method is configured by default for the eight queues in the cloud vEdge router1?
Refer to the exhibit.
Which shaping-rate does the engineer use to shape traffic at 9 Mbps?
Which two types of SGT propagation are supported by Cisco TrustSec? (Choose two.)
Which two vRoute attributes should be matched or set in vSmart policies and modified by data policies? (Choose two.)
Which two actions are necessary to set the Controller Certificate Authorization mode to indicate a root certificate? (Choose two)
Drag and drop the components from the left onto the corresponding Cisco NFV infrastructure Building Blocks on the right. Not all options are used.
Exhibit.
The SD-WAN network is configured with a default full-mash topology. An engineer wants Barcelona and Paris to communicate to each other through the London site using a control Which control policy configuration accomplishes the task?
A)
B)
C)
D)
Which behavior describes a WAN Edge router running dual DIA when its DPI engine has identified a cloud SaaS application?
Which secure tunnel type should be used to connect one WAN Edge router to other WAN Edge routers?
How does the Cisco SD-WAN Cloud OnRamp solution rate the performance of a SaaS application from a branch office to the cloud via a given path?
Refer to the exhibit.
The SD-WAN network is configured with a default full-mesh topology. The SD-WAN engineer wants the Barcelona WAN Edge to use MPLS TLOC as the preferred TLOC when communicating with Rome site. Which configuration must the engineer use to create a list to select MPLS color toward the Rome TLOC?
A)
B)
C)
D)
Refer to the exhibit.
Customer XYZ cannot provision dual connectivity on both of its routers due to budget constraints but wants to use both R1 and R2 interlaces for users behind them for load balancing toward the hub site. Which configuration achieves this objective?
A customer has MPLS and Internet as the TLOC colors An engineer must configure conlroJIers with the Internet and not with MPLS Which configuration achieves this requirement on vManage?
A)
B)
C)
D)
Refer to the exhibit. Which configuration extends the INET interface on R1 to be used by R2 for control and data connections?
A)
B)
C)
What are two benefits of installing Cisco SD-WAN controllers on cloud-hosted services? (Choose two.)
Company E wants to deploy Cisco SD-WAN with controllers in AWS The company's existing WAN is on private MPLS without Internet access to controllers m AWS An Internet circuit is added to a site in addition to the existing MPLS circuit. Which interface template establishes BFD neighbors over both transports?
A)
B)
C)
Miss
D)
An engineer must configure local redundancy on a site. Which configuration accomplish this task?
An engineer must improve video quality by limiting HTTP traffic to the Internet without any failover. Which configuration in vManage achieves this goal?
A policy is created to influence routing in the network using a group of prefixes. What policy application will achieve this goal when applied to a site list?
Which two mechanisms are used by vManage to ensure that the certificate serial number of the WAN Edge router that is needed to authenticate is listed in the WAN Edge Authorized Señal Number Hst’ (Choose two)
A network administrator is configuring a centralized control policy based on match action pairs for multiple conditions, which order must be configured to prefer Prefix List over TLOC and TLOC over Origin?
Drag and drop the security terminologies from the left onto the PCI-compliant network features and devices on the right.
TESTED 07 Apr 2026
