What are the three foundational elements required for the new operational paradigm? (Choose three.)
multiple technologies at multiple OSI layers
application QoS
fabric
assurance
policy-based automated provisioning of network
centralization
The new operational paradigm is a way of designing, deploying, and managing networks that leverages the power of intent-based networking. Intent-based networking is a network architecture that aligns the network with the business goals and policies, and uses artificial intelligence and automation to translate the intent into network configurations and actions. The new operational paradigm requires three foundational elements:
Fabric: A fabric is a network topology that consists of interconnected nodes that provide a consistent and scalable way of delivering network services and functions. A fabric can span across multiple domains, such as campus, branch, data center, and cloud, and can support multiple protocols, such as IP, Ethernet, MPLS, and VXLAN. A fabric enables the network to operate as a single entity, rather than a collection of disparate devices and links. A fabric also simplifies the network design and management, as it reduces the complexity and variability of the network elements and interfaces.
Assurance: Assurance is the process of continuously monitoring, verifying, and optimizing the network performance and behavior, based on the defined intent and policies. Assurance uses telemetry, analytics, and machine learning to collect and process data from the network devices and applications, and to provide insights and recommendations for network optimization and troubleshooting. Assurance also enables the network to self-heal and self-optimize, by applying corrective actions and adjustments to the network configurations and policies, based on the feedback loop from the data and analytics.
Policy-based automated provisioning of network: Policy-based automated provisioning of network is the process of applying the intent and policies to the network devices and services, using automation and orchestration tools. Policy-based automated provisioning of network abstracts the network complexity and heterogeneity, and allows the network operators to define the network requirements and outcomes in a high-level and declarative way, rather than specifying the low-level and imperative commands and parameters. Policy-based automated provisioning of network also enables the network to be agile and adaptive, as it can dynamically adjust the network configurations and policies, based on the changing network conditions and business needs.
References:
Cisco Intent-Based Networking
Cisco Digital Network Architecture
Cisco Routed Optical Networking
Cisco Operational Insights: A New Way of Seeing Operations
Which two Cisco ISE use cases typically involve the highest level of implementation complexity? (Choose two.)
Device management
Asset visibility
Software-defined segmentation
Software-defined access
Guest and wireless access
Cisco ISE use cases can be classified into four categories: device management, asset visibility, software-defined segmentation, and software-defined access. Each of these use cases has a different level of implementation complexity, depending on the network size, topology, security requirements, and integration with other technologies. Among these use cases, software-defined segmentation and software-defined access typically involve the highest level of implementation complexity, because they require:
A thorough understanding of the network architecture and design principles, such as hierarchical, modular, and scalable design.
A comprehensive assessment of the network devices, endpoints, users, applications, and policies, and their interdependencies and interactions.
A careful planning and testing of the network segmentation and access policies, using tools such as Cisco TrustSec, Cisco DNA Center, Cisco SD-Access, and Cisco ISE .
A smooth and secure migration from the existing network to the software-defined network, with minimal disruption and downtime.
A continuous monitoring and optimization of the network performance, security, and compliance, using tools such as Cisco Stealthwatch, Cisco Tetration, and Cisco ISE .
References:
Cisco Identity Services Engine (ISE) Use Cases, https://www.cisco.com/c/en/us/products/security/identity-services-engine/use-cases.html : Cisco Enterprise Network Architecture and Design, https://www.cisco.com/c/en/us/solutions/design-zone/networking-design-guides/enterprise-networking-design.html : Cisco ISE Network Discovery, https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26/b_ise_admin_guide_26_chapter_010011.html : Cisco TrustSec, https://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/index.html : Cisco DNA Center, https://www.cisco.com/c/en/us/products/cloud-systems-management/dna-center/index.html : Cisco SD-Access, https://www.cisco.com/c/en/us/solutions/enterprise-networks/software-defined-access/index.html : Cisco ISE Software-Defined Access, https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26/b_ise_admin_guide_26_chapter_010110.html : Cisco SD-Access Migration Guide, https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/sda-migration-guide.html : Cisco Stealthwatch, https://www.cisco.com/c/en/us/products/security/stealthwatch/index.html : Cisco Tetration, https://www.cisco.com/c/en/us/products/data-center-analytics/tetration/index.html : Cisco ISE Monitoring and Troubleshooting, https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26/b_ise_admin_guide_26_chapter_010100.html
Which is a benefit of a cloud-based SD-WAN deployment?
instant scale
security never a n issue
agility of change dependent only on your own internal IT processes
controller availability never an issue
might be required for compliance with industry standards
A cloud-based SD-WAN deployment is a model of delivering SD-WAN services from the cloud, rather than from on-premises hardware or software appliances. A cloud-based SD-WAN deployment has several benefits, such as:
Instant scale: A cloud-based SD-WAN deployment can scale up or down the network resources and bandwidth on demand, without requiring additional hardware or manual configuration. This enables the network to adapt to the changing traffic patterns and user demands, while optimizing the network performance and efficiency12.
Reduced costs: A cloud-based SD-WAN deployment can lower the capital and operational expenses of the network, by eliminating the need for expensive and complex WAN infrastructure, such as MPLS circuits, routers, firewalls, and WAN optimization devices. A cloud-based SD-WAN deployment can also leverage the economies of scale and the pay-as-you-go model of the cloud, which can reduce the network costs per megabit12.
Simplified management: A cloud-based SD-WAN deployment can simplify the network management and operation, by providing a centralized and unified dashboard that can monitor, configure, and troubleshoot the network across multiple sites and regions. A cloud-based SD-WAN deployment can alsoautomate the network provisioning, orchestration, and optimization, by applying intelligent policies and analytics based on the business intent and network conditions12.
Enhanced security: A cloud-based SD-WAN deployment can enhance the network security and compliance, by providing built-in and integrated security features, such as encryption, firewall, VPN, IPS, and antivirus. A cloud-based SD-WAN deployment can also leverage the cloud security services, such as SASE, toprovide secure and direct access to the cloud applications and platforms, without compromising the network performance and user experience123.
Improved cloud readiness: A cloud-based SD-WAN deployment can improve the cloud readiness and agility of the network, by enabling seamless and optimized connectivity to the public cloud, SaaS, and cloud interconnect providers. A cloud-based SD-WAN deployment can also support the multicloud and hybrid-cloud strategies, by allowing the network to operate as a cloud-native WAN overlay, using software-defined automation and orchestration tools123.
References:
What Is SD-WAN? - Software-Defined WAN (SDWAN) - Cisco
SD-WAN Benefits: 5 Business Advantages of SD-WAN - Fortinet
What are the Benefits of SD-WAN? - Cisco
What are the Benefits of SD-WAN?
SD-WAN and SASE: The new landscape of networking
https://salesconnect.cisco.com/sc/s/learning-activity-from-plan?ltui__urlRecordId=a0c8c00000P3hKMAAZ <ui__urlRedirect=learning-activity-from-plan<ui__parentUrl=
Which two activities should occur during an SE’s demo process? (Choose two.)
identifying which capabilities require demonstration
highlighting opportunities that although not currently within scope would result in lower operational costs and complexity
asking the customer to provide network drawings or white board the environment for you
determining whether the customer would like to dive deeper during a follow -up
leveraging a company such as Complete Communications to build a financial case
https://salesconnect.cisco.com/#/content-detail/10fb056b-4100-407b-a425-c48fdc30dd2a
Which are the three focus areas for reinventing the WAN? (Choose three.)
Secure Elastic Connectivity
Centralized device authentication
Application Quality of Experience
Operations
Cloud First
Execution
The three focus areas for reinventing the WAN are:
Secure Elastic Connectivity: This refers to the ability to provide secure and flexible connectivity to any application, anywhere, and anytime. Secure elastic connectivity enables the network to adapt to the changing business needs and user demands, while maintaining security and performance. Secure elastic connectivity leverages SD-WAN technologies, such as Cloud OnRamp, SASE, and ThousandEyes, to optimize the network path, encrypt the traffic, and monitor the end-to-end visibility across the WAN12.
Application Quality of Experience: This refers to the ability to ensure optimal and consistent user experience for any application, regardless of the network conditions. Application quality of experience uses SD-WAN technologies, such as vAnalytics, to measure and improve the application performance, availability, and reliability across the WAN3. Application quality of experience also uses intelligent policies and real-time analytics to prioritize the critical applications and steer the traffic to the best-performing path4.
Cloud First: This refers to the ability to embrace the cloud as the primary platform for delivering applications and services to the users. Cloud first enables the network to support the multicloud strategy and accelerate the cloud adoption. Cloud first leverages SD-WAN technologies, such as Cloud OnRamp, to simplify and automate the connectivity to the public cloud, SaaS, and cloud interconnect providers4. Cloud first also enables the network to operate as a cloud-native WAN overlay, using software-defined automation and orchestration tools5.
References:
Cisco SD-WAN Architecture Overview
SD-WAN and SASE: The new landscape of networking
Under the vAnalytics Hood: Enabling Total Network Visibility, Total Network Control
SD-WAN Capabilities - The New Landscape of Networking
Software-defined WAN (SD-WAN): the new landscape of networking
The 4 Focus areas for reinventing the WAN are:
• Secure Elastic Connectivity
• Cloud First
• Application Quality of Experience
• Agile Operations
https://salesconnect.cisco.com/sc/s/learning-activity-from-plan?ltui__urlRecordId=a0c8c00000P3hKMAAZ <ui__urlRedirect=learning-activity-from-plan<ui__parentUrl=learning-activity-from-plan
What are three ways in which Cisco ISE learns information about devices? (Choose three.)
user authentication to the ISE
SMTP agents
RPC mechanism via HTTPS
traffic generated by the device
network servers the device has accessed
RADIUS attributes
Which protocol runs between the vSmart controllers and between the vSmart controllers and the vEdge routers, and unifies all control plane functions under a single protocol umbrella?
OMP
BGP
VRRP
IKE
OSPF
The protocol that runs between the vSmart controllers and between the vSmart controllers and the vEdge routers, and unifies all control plane functions under a single protocol umbrella is the Overlay Management Protocol (OMP)12. OMP is a proprietary protocol that is designed to enable the Cisco SD-WAN solution, which provides a software overlay that runs over standard network transport, including MPLS, broadband, and internet to deliver applications and services3. OMP provides the following services12:
Orchestration of overlay network communication, including connectivity among network sites, service chaining, and VPN or VRF topologies
Distribution of service-level routing information and related location mappings
Distribution of data plane security parameters
Central control and distribution of routing policy
OMP is an all-encompassing information management and distribution protocol that enables the overlay network by separating services from transport. Services provided in a typical VPN setting are usually located within a VPN domain, and they are protected so that they are not visible outside the VPN. In such a traditional architecture, it is a challenge to extend VPN domains and service connectivity. OMP addresses these scalability challenges by providing an efficient way to manage service traffic based on the location of logical transport end points. This method extends the data plane and control plane separation concept from within routers to across the network2.
References:
1: Routing Configuration Guide for vEdge Routers, Cisco SD-WAN Release 20.x - Unicast Overlay Routing 2: Introduction to Overlay Management Protocol in Viptela 3: Cisco SD-WAN vEdge vManage vSmart IBM
Which two statements are true regarding SD-WAN demonstrations? (Choose two.)
As a Cisco SD-WAN SE, you should you should spend your time learning about the technology rather than contributing to demo innovation.
During a demo, you should demonstrate and discuss what the team considers important
details.
During a demo, you should consider the target audience and the desired outcome.
Use demonstrations primarily for large opportunities and competitive situations.
There is a big difference between demos that use a top down approach and demos that use a bottom up approach.
SD-WAN demonstrations are an effective way to showcase the benefits and features of Cisco SD-WAN solutions to potential customers. However, not all demos are created equal, and there are some best practices to follow to ensure a successful and engaging demo. Here are some explanations for why C and E are true statements regarding SD-WAN demonstrations:
C. During a demo, you should consider the target audience and the desired outcome. This is a true statement because different audiences may have different levels of technical knowledge, business needs, and expectations from the demo. For example, a demo for a C-level executive may focus more on the business outcomes and value proposition of SD-WAN, while a demo for a network engineer may dive deeper into the technical details and configuration options. Therefore, it is important to tailor the demo to the specific audience and the desired outcome, such as generating interest, building trust, or closing a deal.
E. There is a big difference between demos that use a top down approach and demos that use a bottom up approach. This is also a true statement because the two approaches have different advantages and disadvantages, and may suit different scenarios. A top down approach starts with the high-level overview of the SD-WAN solution, such as the architecture, components, benefits, and use cases, and then drills down into the specific features and functionalities. A bottom up approach starts withthe low-level details of the SD-WAN solution, such as the configuration, troubleshooting, and testing, and then builds up to the big picture and value proposition. A top down approach may be more suitable for a non-technical or business-oriented audience, while a bottom up approach may be more suitable for a technical or hands-on audience.
References :=
Cisco SD-WAN Demonstration Guide
SD-WAN Best Practices | Kentik Blog
SD-WAN best practices for a successful implementation
SD-WAN best practices - VMware Blogs
Stay focused and develop a custom story guide taking into consideration the target audience, desired outcome and story to tell while demonstrating the Viptela solution capabilities Slide 151 = There is a big difference demoing using a top down vs. bottom up approachhttps://salesconnect.cisco.com/sc/s/learning-activity-from-plan?ltui__urlRecordId=a0c8c00000P3hKMAAZ <ui__urlRedirect=learning-activity-from-plan<ui__parentUrl=learning-activity-from-plan
Which three ways are SD-Access and ACI Fabric similar? (Choose three.)
use of overlays
use of Virtual Network IDs
focus on user endpoints
use of group policy
use of Endpoint Groups
use of Scalable Group Tags
https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKDCN-2489.pdf Slide 20 -Overlay -VNID -Group Based Policy
https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKDCN-2489.pdf
Which two options are primary functions of Cisco ISE? (Choose two.)
allocating resources
enforcing endpoint compliance with network security policies
enabling WAN deployment over any type of connection
automatically enabling, disabling, or reducing allocated power to certain devices
providing VPN access for any type of device
providing information about every device that touches the network
Cisco ISE is a security policy management platform that provides secure access to network resources. Cisco ISE functions as a policy decision point and enables enterprises to ensure compliance, enhance infrastructure security, and streamline service operations1. Two of the primary functions of Cisco ISE are:
Enforcing endpoint compliance with network security policies: Cisco ISE can assess the posture of all endpoints that access the network, including 802.1X environments, and enforce the appropriate policies based on the device type, identity, location, and other attributes. Cisco ISE can also provide comprehensive client provisioning measures to ensure that the endpoints are compliant with the network security policies before granting them access. Cisco ISE can also quarantine or remediate non-compliant endpoints to prevent potential threats or vulnerabilities12.
Providing information about every device that touches the network: Cisco ISE can gather real-time contextual information from networks, users, and devices, and use that information to make governance decisions and apply policies. Cisco ISE can also discover, profile, and monitor the endpoint devices on the network, and classify them according to their associated policies and identity groups. Cisco ISE can also leverage the pxGrid framework to share the contextual information with other security tools and platforms, and enhance the network visibility and security13.
The other options are not primary functions of Cisco ISE, because:
Allocating resources: Cisco ISE does not allocate resources to the endpoints or the network devices. Cisco ISE can assign services or access levels based on the policies, but not resources such as bandwidth, memory, or CPU1.
Enabling WAN deployment over any type of connection: Cisco ISE does not enable WAN deployment over any type of connection. Cisco ISE can support VPN access for remote endpoints, but not WAN deployment for the network infrastructure1.
Automatically enabling, disabling, or reducing allocated power to certain devices: Cisco ISE does not automatically enable, disable, or reduce allocated power to certain devices. Cisco ISE can control the access and authorization of the devices, but not their power consumption or management1.
Providing VPN access for any type of device: Cisco ISE does not provide VPN access for any type of device. Cisco ISE can authenticate and authorize the VPN access for the endpoints, but not provide the VPN service or connection itself. Cisco ISE relies on other network devices, such as VPN gateways or routers, to provide the VPN access1.
References:
1: Cisco Content Hub - Cisco ISE Features 2: Cisco ISE Posture Service Overview 3: [Cisco ISE Profiler Service Overview]
