Question 6
Which design principle should be followed in a Cisco SD-Access wireless network
deployment?




A. The WLC is connected outside of the fabric correct
B. The WLC is part of the fabric overlay wrong
C. The access point is connected outside of the fabric
D. The WLC is part of the fabric underlay
Explanation
This section gives some important considerations for deploying WLC and APs in an SD-Access Wireless
network:
Access points must be deployed as follows:
+ Be directly connected to the fabric edge (or to an extended node switch)
+ Be part of the fabric overlay
+ Belong to the INFRA_VN, which is mapped to the global routing table
+ Join the WLC in Local mode
WLCs must be deployed as follows:
+ Be connected outside the fabric (optionally directly to border)
+ Reside in the global routing table
+ No need for inter-VRF leaking for an AP to join the WLC
+ Communicate to only one control-plane node (two for redundancy); hence one WLC can belong to
only one fabric domain(FD)
Reference: https://www.cisco.com/c/dam/en/us/td/docs/cloud-systems-management/networkautomation-and-management/dna-center/deploy-guide/cisco-dna-center-sd-access-wl-dg.pdf (page
10)
Question 17
In a Cisco DNA Center Plug and Play environment, why would a device be labeled
unclaimed?




A. The device has not been assigned a workflow. correct
B. The device is from a third-party vendor. Wrong
C. The device had an error and could not be provisioned.
D. The device could not be added to the fabric.
Explanation
The Network Plug and Play application provides a way to automatically and remotely provision and
onboard new network devices with minimal network administrator and field personnel involvement.
From the "Network Plug and Play Dashboard Elements" table:
Pie chart showing the number of devices in each of the following states:
+ Error - Device had an error and could not be provisioned.
+ Unclaimed - Device has not been assigned a workflow.
+ Planned - Device is added to Network Plug and Play and has been assigned a workflow, but has not
yet contacted the server.
+ Provisioned - Device is successfully onboarded and added to inventory.
Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automationand-management/dna-center/1-25/user_guide/b_dnac_ug_1_2_5/b_dnac_ug_1_2_4_chapter_010.html
Question 8
What is the function of a fabric border node in a Cisco SD-Access environment?


A. To attach and register clients to the fabric
B. To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks
correct


C. To handle an ordered list of IP addresses and locations for endpoints in the fabric.
Wrong
D. To collect traffic flow information toward external networks
Explanation
There are five basic device roles in the fabric overlay:
+ Control plane node: This node contains the settings, protocols, and mapping tables to provide the
endpoint-to-location (EID-to-RLOC) mapping system for the fabric overlay.
+ Fabric border node: This fabric device (for example, core layer device) connects external Layer 3
networks to the SDA fabric.
+ Fabric edge node: This fabric device (for example, access or distribution layer device) connects
wired endpoints to the SDA fabric.
+ Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the SDA
fabric.
+ Intermediate nodes: These are intermediate routers or extended switches that do not provide any
sort of SD-Access fabric role other than underlay services.
Reference: CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide
Question 6
What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two)



A. It provides resilient and effective traffic flow using MPLS
B. It improves endpoint protection by integrating embedded and cloud security
features wrong
C. It allows configuration of application-aware policies with real time enforcement correct


D. It enforces a single, scalable, hub-and-spoke topology
E. It simplifies endpoint provisioning through standalone router management correct
Explanation
The top SD-WAN benefits are:
+ Increased bandwidth at a lower cost
+ Centralized management across branch networks
+ Full visibility into the network
+ Providing organizations with more connection type options and vendor selection when building a
network.
Reference: https://www.sdxcentral.com/networking/sd-wan/definitions/sd-wan-technology/
-> We can provision endpoints (vEdges) through a centralized router vManage -> Answer 'It simplifies
endpoint provisioning through standalone router management' is correct.
Answer 'It provides resilient and effective traffic flow using MPLS' is not correct as we can use different
kind of connections on SD-WAN: MPLS, LTE, 4G, xDSL, Internet connections…
Application-Aware Routing policy is configured in vManage as a centralized data policy that maps
the service-side application(s) to specific SLA requirements. The centralized policies provisioned in
vSmart controller is pushed to relevant WAN Edge devices for enforcement. The defined policy
consists of match-action pairs, where the match statement defines the application-list or the type of
traffic to match, and the action statement defines the SLA action the WAN Edge devices must enforce
for the specified traffic.
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-applicationaware-routing-deploy-guide.html
-> Therefore answer 'It allows configuration of application-aware policies with real time enforcement'
is correct.
Answer 'It enforces a single, scalable, hub-and-spoke topology' is not correct as it is not a benefit of
SD-WAN.
Answer 'It improves endpoint protection by integrating embedded and cloud security features' is not
wrong but it is not the best choice so we don’t choose it.