Cisco
300-415 · Question #276
300-415 Question #276: Real Exam Question with Answer & Explanation
The correct answer is B: Advertise to vSmart controllers.. To allow specific departments to use firewall protection when interacting with data center networks, a service-chained firewall must be deployed per VPN and its availability advertised to vSmart controllers.
Policies
Question
Which two actions must be taken to allow certain department to require firewall protection when interacting with data center networks without including other departments? (Choose two.)
Options
- AUse classification, policing, and marking
- BAdvertise to vSmart controllers.
- CThe regional hub advertises the availability of the firewall service.
- DApply data policies at vEdge.
- EDeploy a service-chained firewall service per VPN.
Explanation
To allow specific departments to use firewall protection when interacting with data center networks, a service-chained firewall must be deployed per VPN and its availability advertised to vSmart controllers.
Common mistakes.
- A. Using classification, policing, and marking are QoS mechanisms that control traffic flow and priority, but they do not directly enable or provision a firewall service for specific departments.
- C. While a regional hub might host the firewall, simply stating "The regional hub advertises the availability of the firewall service" is not precise enough; it is the vSmart that learns of the service from the devices providing it.
- D. Applying data policies at vEdge is a mechanism to enforce traffic flow, but it does not describe the prerequisite steps of deploying the service and making it known to the control plane, which are covered by B and E.
Concept tested. Cisco SD-WAN service chaining and VPN segregation
Topics
#SD-WAN Service Chaining#Service Advertisement#vSmart Controller#Traffic Steering
Community Discussion
No community discussion yet for this question.