Cisco
300-415 · Question #440
300-415 Question #440: Real Exam Question with Answer & Explanation
The correct answer is B: application/application family list. To identify scavenger-class traffic from site 101 users and steer it through a firewall, the policy must match both the application type (scavenger category) and the source network prefix of the users.
Policies
Question
An engineer is creating a policy for VPN1 users. Their scavenger traffic at site 101 must pass through a firewall. Which two match conditions must be selected to enable this policy? (Choose two.)
Options
- Aprotocol
- Bapplication/application family list
- Csource data prefix
- Dpacket length
- Edestination port
Explanation
To identify scavenger-class traffic from site 101 users and steer it through a firewall, the policy must match both the application type (scavenger category) and the source network prefix of the users.
Common mistakes.
- A. 'protocol' alone identifies IP protocol numbers (TCP/UDP) but cannot distinguish scavenger traffic from other traffic sharing the same protocol, making it insufficient for this use case.
- D. 'packet length' is unrelated to QoS traffic classification and does not identify scavenger-class flows.
- E. 'destination port' identifies specific application ports but scavenger class spans many applications and ports, making a single port match inadequate to capture the full scavenger traffic category.
Concept tested. SD-WAN data policy match conditions for application-based traffic steering
Topics
#Policy Matching#Traffic Classification#SD-WAN Security#VPN Policies
Community Discussion
No community discussion yet for this question.