Cisco
300-415 · Question #243
300-415 Question #243: Real Exam Question with Answer & Explanation
The correct answer is C: The gray-listed domains are unresolved.. If the intelligent proxy in a Cisco SD-WAN network becomes unreachable, domains that are on the gray-list will not be resolved, as the proxy is essential for their dynamic analysis.
Security and Quality of Service
Question
What happens if the intelligent proxy is unreachable in the Cisco SD-WAN network?
Options
- AThe block-listed domains are unresolved.
- BThe Cisco Umbrella Connector locally resolves the DNS request.
- CThe gray-listed domains are unresolved.
- DThe Cisco Umbrella Connector temporarily redirects HTTPS traffic.
Explanation
If the intelligent proxy in a Cisco SD-WAN network becomes unreachable, domains that are on the gray-list will not be resolved, as the proxy is essential for their dynamic analysis.
Common mistakes.
- A. Block-listed domains are typically handled by local DNS policies or the Umbrella cloud directly, not solely dependent on the intelligent proxy for their 'unresolved' state when the proxy is down.
- B. The Cisco Umbrella Connector does not locally resolve all DNS requests when the intelligent proxy is unreachable; its primary function is to forward DNS queries to Umbrella, not to act as a standalone resolver for all categories.
- D. The intelligent proxy's primary role is DNS resolution and policy enforcement, not redirecting HTTPS traffic when it is unreachable; HTTPS traffic redirection is handled by other components or policies.
Concept tested. Cisco SD-WAN intelligent proxy failure behavior
Reference. https://docs.umbrella.com/umbrella-user-guide/docs/about-the-intelligent-proxy
Topics
#Umbrella Integration#Intelligent Proxy#Gray-listed Domains#SD-WAN Security Failure
Community Discussion
No community discussion yet for this question.