300-415 Question #263: Real Exam Question with Answer & Explanation

Question

Options

• ACreate a localized policy and add it to the interface feature template.
• BCreate a localized policy, add it to VPN template, and add an ACL to the interface feature template.
• CCreate a prefix list, add it to the localized policy, and add it to the interface feature template.
• DCreate a localized policy, add it to the device template, and add an ACL to the interface feature template.

Explanation

To block FTP traffic from a Service VPN on a WAN Edge device, an engineer should create an ACL within a localized policy, potentially using a prefix list for matching, and then apply this policy to the relevant interface feature template.

Common mistakes.

• A. Creating a localized policy is the general first step, but it is too vague as it doesn't specify creating an ACL or the necessary matching criteria to block specific traffic like FTP.
• B. Applying a localized policy to a VPN template is not the correct mechanism for applying interface-level ACLs to block traffic, and the steps for ACL application are misaligned with standard SD-WAN practices.
• D. While creating a localized policy and associating it with a device template is correct, choice C more specifically highlights the creation and integration of a prefix list, which is a key component for defining traffic matching within the ACL for blocking.

Concept tested. Localized policy ACL for traffic blocking

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-release-17/sd-wan-security/sd-wan-security-book/security-firewall.html

No community discussion yet for this question.