Which feature is unique to Cisco SD-WAN IPsec tunnels compared to native IPsec VPN tunnels?

Correct Answer:A
Cisco SD-WAN IPsec tunnels are different from native IPsec VPN tunnels in several ways. One of the unique features of Cisco SD-WAN IPsec tunnels is that they support real-time dynamic path selection, which means that they can automatically choose the best path for each application based on the network conditions and policies. This feature improves the performance, reliability, and efficiency of the network traffic. Native IPsec VPN tunnels, on the other hand, do not have this capability and rely on static routing or manual configuration to select the path for each tunnel. This can result in suboptimal
performance, increased latency, and higher costs. References := Traditional IPsec Versus Cisco SD-WAN IPsec, SD-WAN vs IPsec VPN??s - What??s the difference?, SD-WAN vs. VPN: How Do They Compare?, Traditional IPSEC Versus SD-WAN IPSEC

DRAG DROP
An engineer must configure a site-to-site IPsec VPN connection between an on-premises Cisco IOS XE router In Controller mode and AWS. The IKE version must be changed from IKEv1to IKEv2 in Cisco vManage. Drag and drop the steps from the left onto the order on the right to complete the configuration.

Solution:
Step 1 = Click Configuration, select Templates, and then select Feature Templates. Step 2 = Click Add Template, select the device, and then click Basic Configuration. Step 3 = Shut down the tunnel and then remove the ISAKMP profile. Step 4 = Attach the IKEv2 profile and then run the no shutdown command on the tunnel.
The process of configuring a site-to-site IPsec VPN connection between an on-premises Cisco IOS XE router in Controller mode and AWS, and changing the IKE version from IKEv1 to IKEv2 in Cisco vManage involves several steps123.
✑ Click Configuration, select Templates, and then select Feature Templates: This is the first step where you navigate to the Templates section in the Configuration menu of Cisco vManage1.
✑ Click Add Template, select the device, and then click Basic Configuration: In this step, you add a new template for the device and proceed with the basic configuration1.
✑ Shut down the tunnel and then remove the ISAKMP profile: Before changing the IKE version, you need to shut down the existing tunnel and remove the ISAKMP profile that is configured for IKEv12.
✑ Attach the IKEv2 profile and then run the no shutdown command on the tunnel:
Finally, you attach the newly created IKEv2 profile to the tunnel and bring the tunnel back up2.
References :=
✑ Configuring Internet Key Exchange Version 2 (IKEv2) - Cisco
✑ Switch from IKEv1 to IKEv2 on Cisco Routers - Cisco Community
✑ Configure IOS-XE Site-to-Site VPN Connection to Amazon Web Services - Cisco Community

Does this meet the goal?

Correct Answer:A

Refer to the exhibits.


An engineer must redistribute OSPF internal routes into BGP to connect an on-premises network to a cloud provider. Which two commands should the engineer run on router R2? (Choose two.)

Correct Answer:AD
To redistribute OSPF internal routes into BGP for connecting an on-premises network to a cloud provider, the engineer should run the commands ??router bgp 100?? and ??redistribute ospf 1?? on router R2. The command ??router bgp 100?? is used to create a BGP routing process with AS number 100. The command ??redistribute ospf 1?? is used to redistribute OSPF routes from process ID 1 into BGP. References: = I need to access the specific content of Designing and Implementing Cloud Connectivity (ENCC) v1.0 from Cisco??s official resources to provide exact references. However, I don??t have direct access to external databases or resources, including the Cisco ENCC course materials. I recommend referring to the ENCC course materials for the most accurate and detailed information. Please note that this answer is based on general networking principles and may not reflect the specific content of the ENCC course. Always refer to the official course materials for the most accurate information.

DRAG DROP
An engineer needs to configure enhanced policy-based routing (ePBR) for IPv4 by using Cisco vManage. Drag and drop the steps from the left onto the order on the right to complete the configuration of the ePBR using the CLI add-on template.

Solution:
Enhanced Policy-Based Routing (ePBR) is used to direct packets that arrive at an interface to a specified next-hop. It is very useful in managing a large number of configured access lists more efficiently. In ePBR, the router drops the traffic packets if the next hop configured in the PBR policy is not reachable. To avoid packet loss in such
scenarios, you must configure multiple next hops for each access control entry. Here are the steps to configure ePBR for IPv4 using Cisco vManage:
✑ Configure an extended ACL: This step involves defining the network or the host.
For example, you can permit IPv4 traffic from any source to specific hosts.
✑ Configure a class map that matches the ACL: Class maps match the parameters in the ACLs. For instance, you can create a class map of type traffic and match it with the previously created ACL.
✑ Configure the policy map with the action to set the next hop: Policy maps with ePBR then take detailed actions based on the set statements configured. You can configure an ePBR policy map with the class map and set the next hop.
✑ Apply the service policy on the interface: Finally, you apply the ePBR policy map to the interface. For example, you can apply the policy map to a GigabitEthernet interface.
References :=
✑ Implementing Enhanced Policy Based Routing - Cisco
✑ Cisco Catalyst SD-WAN Policies Configuration Guide, Cisco IOS XE
✑ How to configure PBR - Cisco Community

Does this meet the goal?

Correct Answer:A

An engineer must configure an IPsec tunnel to the cloud VPN gateway. Which Two actions send traffic into the tunnel? (Choose two.)

Correct Answer:AE
To send traffic into an IPsec tunnel to the cloud VPN gateway, the engineer must configure two actions:
✑ Configure access lists that match the interesting user traffic. This is the traffic that needs to be encrypted and sent over the IPsec tunnel. The access lists are applied to the crypto map that defines the IPsec parameters for the tunnel.
✑ Configure policy-based routing (PBR). This is a technique that allows the engineer to override the routing table and forward packets based on a defined policy. PBR can be used to send specific traffic to the IPsec tunnel interface, regardless of the destination IP address. This is useful when the cloud VPN gateway has a dynamic IP address or when multiple cloud VPN gateways are available for load balancing or redundancy. References:
✑ Designing and Implementing Cloud Connectivity (ENCC) v1.0, Module 3:
Implementing Cloud Connectivity, Lesson 3: Implementing IPsec VPNs to the Cloud, Topic: Configuring IPsec VPNs on Cisco IOS XE Routers
✑ Security for VPNs with IPsec Configuration Guide, Cisco IOS XE, Chapter: Configuring IPsec VPNs, Topic: Configuring Crypto Maps
✑ [Cisco IOS XE Gibraltar 16.12.x Feature Guide], Chapter: Policy-Based Routing, Topic: Policy-Based Routing Overview