300-415 Question #37: Real Exam Question with Answer & Explanation

Question

Explanation

This question tests knowledge of the correct sequential workflow to configure a centralized data policy in an SD-WAN solution (most likely Cisco SD-WAN/vManage) to steer traffic toward a Direct Internet Access (DIA) or Internet exit point.

Approach. The correct sequence for creating a data policy to direct traffic to an Internet exit typically follows this order: (1) Navigate to the Policy configuration section (e.g., vManage > Configuration > Policies), (2) Create or add a Centralized Policy and assign it a name/description, (3) Add a Data Policy component, define match conditions (traffic selectors such as destination prefix, application, or DSCP), and set the action to redirect traffic (e.g., Accept + NAT, or set next-hop to the Internet-facing interface/VPN 0), (4) Associate the policy with the relevant site-list and VPN-list so it applies to the correct devices and traffic domains, and finally (5) Activate/save and push the policy so it is distributed to the vSmart controllers and enforced on WAN Edge routers. The key concept is that match criteria must be defined before actions, and the policy must be scoped to a site/VPN before activation.

Concept tested. Cisco SD-WAN (Viptela/vManage) Centralized Data Policy configuration - specifically the ordered workflow of defining traffic match rules, setting forwarding actions (DIA/NAT/Internet exit), scoping the policy to sites and VPNs, and activating it via vSmart controller distribution.

Reference. Cisco SD-WAN Policies Configuration Guide - Centralized Data Policy; Cisco DevNet / ENSDWI (300-415) exam blueprint, Section 4: Policies

No community discussion yet for this question.