Implementing Cisco SD-WAN Solutions (ENSDWI) Exam

Sample Questions and Answers

What is the purpose of configuring control policy “Set Preference” on an OMP route?

A) To influence route selection priority across the overlay
B) To block the route advertisement
C) To change IP addressing
D) To configure device passwords

Answer: A
Explanation: Preference adjusts route priority for path control.

Which protocol or mechanism is used by Cisco SD-WAN WAN edges to discover the vBond orchestrator?

A) DNS resolution of vBond FQDN
B) Static IP only
C) DHCP option 150
D) Manual configuration only

Answer: A
Explanation: WAN edges use DNS to locate vBond for initial connectivity.

In Cisco SD-WAN, what are “transport colors” used for?

A) Labeling different underlay transport types for routing and policy decisions
B) Physical cable colors
C) VLAN color codes
D) Device group identifiers

Answer: A
Explanation: Colors differentiate Internet, MPLS, LTE, etc., for path selection.

Which two components in Cisco SD-WAN architecture are mandatory for initial device authentication and orchestration? (Choose two)

A) vBond orchestrator
B) vSmart controller
C) vManage NMS
D) WAN edge router only

Answer: A, B
Explanation: vBond authenticates devices; vSmart manages routing control.

What type of telemetry data can Cisco SD-WAN collect for network performance and troubleshooting?

A) Application statistics, path health, CPU/memory usage, and interface metrics
B) Only syslog messages
C) Only SNMP traps
D) Only static routing tables

Answer: A
Explanation: Comprehensive telemetry improves monitoring and troubleshooting.

What is the function of the “Control Policy” action “Set TLOC Preference”?

A) Influences which transport location (TLOC) path is preferred for traffic forwarding
B) Blocks all traffic on TLOC
C) Changes VLAN tags
D) Configures IP addressing

Answer: A
Explanation: TLOC preference helps control overlay path selection.

How does Cisco SD-WAN ensure high availability for data plane traffic?

A) By dynamically switching tunnels based on SLA probe results and link health
B) By disabling backup interfaces
C) By static routing only
D) By blocking redundant paths

Answer: A
Explanation: Dynamic path selection optimizes uptime.

What is the maximum number of VPNs supported on a Cisco SD-WAN WAN edge device?

A) 1024
B) 4096
C) 512
D) 256

Answer: A
Explanation: Cisco SD-WAN supports up to 1024 VPNs.

 

In Cisco SD-WAN, what does the acronym TLOC stand for?

A) Transport Locator
B) Traffic Localizer
C) Tunnel Location
D) Transport Local Offset

Answer: A
Explanation: TLOC identifies the physical location of a WAN edge in the overlay network.

Which routing protocol is integrated into Cisco SD-WAN to enable dynamic underlay routing?

A) OSPF and BGP
B) RIP only
C) Static routing only
D) EIGRP only

Answer: A
Explanation: OSPF and BGP can be used for underlay routing in Cisco SD-WAN.

Which Cisco SD-WAN feature provides automatic failover between multiple WAN transports?

A) Dynamic path selection with SLA probing
B) Static routing
C) Manual tunnel switching
D) VLAN trunking

Answer: A
Explanation: SLA probes measure link quality and dynamically select the best path.

What is the purpose of the control policy action “Set OMP Metric”?

A) To influence the OMP route cost to prefer specific routes
B) To block OMP routes
C) To encrypt OMP messages
D) To reset WAN edges

Answer: A
Explanation: Modifies the OMP metric for route preference.

What is the role of vSmart controllers in Cisco SD-WAN?

A) They manage control plane functions, route distribution, and policy enforcement
B) They act as WAN edge routers
C) They provide physical transport connectivity
D) They are used for device onboarding only

Answer: A
Explanation: vSmart controllers orchestrate routing and policies across the overlay.

Which transport interface characteristic must be considered when configuring underlay IP addressing?

A) IP address uniqueness and reachability
B) MAC address only
C) VLAN membership only
D) Interface speed only

Answer: A
Explanation: Underlay IPs must be unique and reachable for transport connectivity.

What type of data encryption is used for control plane communication in Cisco SD-WAN?

A) TLS 1.2
B) IPsec
C) SSL 3.0
D) SSH

Answer: A
Explanation: Control plane (OMP) uses TLS for secure communication.

What is the significance of “VPN 512” in Cisco SD-WAN?

A) It is the management VPN used for system services
B) It is reserved for transport interfaces
C) It is a default user VPN
D) It is used for guest traffic only

Answer: A
Explanation: VPN 512 is reserved for management.

How are IPsec tunnels established between WAN edges?

A) Using pre-shared keys and certificates exchanged during onboarding
B) Manually configured keys only
C) No encryption is used
D) Static GRE tunnels only

Answer: A
Explanation: IPsec tunnels are dynamically established using secure keys and certificates.

Which CLI command verifies the status of OMP adjacency on a WAN edge?

A) show sdwan omp peers
B) show ip route
C) show crypto isakmp sa
D) show interfaces

Answer: A
Explanation: Displays OMP peer status.

In Cisco SD-WAN, what is a “Control Policy”?

A) A policy that modifies control plane routing behavior
B) A policy that forwards user traffic
C) A firewall policy only
D) An ACL applied on interfaces

Answer: A
Explanation: Control policies affect routing and advertisement control.

What is the purpose of the “Data Policy” in Cisco SD-WAN?

A) To enforce traffic forwarding decisions and QoS
B) To establish IPsec tunnels
C) To configure IP addresses
D) To create VLANs

Answer: A
Explanation: Data policies shape user traffic based on application and SLA.

Which protocol is used by Cisco SD-WAN WAN edges to exchange control information with vBond orchestrators?

A) DTLS and TLS
B) SSH only
C) HTTP only
D) FTP

Answer: A
Explanation: DTLS and TLS secure the initial onboarding communication.

What is the default maximum number of TLOCs a WAN edge can have?

A) 8
B) 2
C) 16
D) 4

Answer: A
Explanation: WAN edges can have up to 8 TLOCs.

What does the “show sdwan tunnel statistics” command display?

A) Data plane tunnel status, latency, jitter, and packet loss metrics
B) CPU usage
C) Control plane peer status
D) Interface errors

Answer: A
Explanation: Shows detailed metrics for overlay tunnels.

Which Cisco SD-WAN feature allows segmentation of the network by isolating traffic into separate VRFs?

A) VPN segmentation
B) VLAN tagging only
C) NAT
D) Static routing

Answer: A
Explanation: VPNs provide segmentation via separate VRFs.

What is the purpose of a vBond orchestrator in Cisco SD-WAN?

A) Initial device authentication and orchestrating control connections
B) Forwarding user data
C) Managing IP addressing
D) Replacing WAN edge devices

Answer: A
Explanation: vBond authenticates devices during onboarding.

How does Cisco SD-WAN implement application-aware routing?

A) Using DPI for traffic classification and SLA-based path selection
B) Using static routes only
C) Using VLAN ACLs only
D) By ignoring application types

Answer: A
Explanation: DPI enables intelligent path selection per application.

In Cisco SD-WAN, which VPN is typically used for Internet breakout?

A) VPN 10 (or any user-defined VPN)
B) VPN 0
C) VPN 512
D) VPN 4094

Answer: A
Explanation: User VPNs such as VPN 10 are used for Internet breakout.

Which type of certificate is used for device authentication in Cisco SD-WAN?

A) X.509 certificates signed by a trusted CA
B) Self-signed certificates only
C) PGP keys
D) Password authentication only

Answer: A
Explanation: X.509 certificates ensure secure device identity.

Which Cisco SD-WAN command would you use to check the status of the vManage connection?

A) show control connections
B) show ip interface brief
C) show crypto session
D) show running-config

Answer: A
Explanation: Displays status of control connections, including vManage.

What is the significance of the “transport color” attribute in path selection?

A) It helps classify underlay transports (MPLS, Internet, LTE) for policy decisions
B) It colors the CLI output
C) It refers to VLAN colors
D) It is not used in Cisco SD-WAN

Answer: A
Explanation: Colors help distinguish transport types for routing decisions.

How can you enforce bandwidth limits on specific application traffic in Cisco SD-WAN?

A) Using data policies with QoS profiles
B) Only by configuring interface speed
C) Only with ACLs
D) By disabling tunnels

Answer: A
Explanation: Data policies apply QoS shaping per app.

Which two Cisco SD-WAN components are mandatory to deploy before WAN edge devices can join the overlay? (Choose two)

A) vBond orchestrator
B) vSmart controller
C) vManage NMS
D) VPN 0 configuration

Answer: A, B
Explanation: vBond authenticates devices; vSmart manages routing.

How does Cisco SD-WAN handle route leaking between different VPNs?

A) Through route-target import/export using OMP policies
B) It does not support route leaking
C) Only via static routes
D) Via NAT only

Answer: A
Explanation: Route leaking is controlled by route-target import/export.

What is the default port used for communication between Cisco SD-WAN controllers?

A) TCP 12346
B) UDP 4500
C) TCP 22
D) UDP 500

Answer: A
Explanation: TCP 12346 is the default control plane port.

Which Cisco SD-WAN feature allows proactive path failure detection?

A) SLA probes with jitter, latency, and packet loss thresholds
B) Manual link testing only
C) Ping commands only
D) Interface shutdown

Answer: A
Explanation: SLA probes monitor path health proactively.