ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-415 All Questions

View all questions & answers for the 300-415 exam
Go to Exam

Exam 300-415 topic 1 question 284 discussion

Actual exam question from Cisco's 300-415
Question #: 284
Topic #: 1
[All 300-415 Questions]

An engineer modifies a data policy for DIA in VPN 200 to meet the requirements for traffic destined to these locations:
• external networks; must be translated
• external networks; must use a public TLOC color
• syslog servers, must use a private TLOC color

Here is the existing data policy configuration:



Which policy configuration sequence set meets the requirements?

  • A.
  • B.
  • C.
  • D.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by NetArch_Teck at July 18, 2023, 5 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mikidvd51
7 months, 3 weeks ago
These are not a serious questions for CERT to verify your knowledge . It's more like they wanna catch you on stupid details. I regret I submitted for this cisco CERT exam. This will be my last cisco CERT exam a undertake and I swear I don't continue further on these cisco "games". I passed ~6 cisco exams so far in 13 years , but this the most ridiculous bunch of questions and answers I have met yet.
upvoted 1 times
...
[Removed]
1 year, 9 months ago
Selected Answer: C
The answer A is NOT correct because of the sequence numbers. These are higher and will never match the requirements. the correct answer is C
upvoted 2 times
elninio13
1 year, 7 months ago
How its C when it uses sequence 20 ???? Its already used on the original config
upvoted 1 times
...
elninio13
1 year, 7 months ago
Only way C to be correct is that we will modify the sequence 20.
upvoted 3 times
...
...
NetArch_Teck
1 year, 11 months ago
The existing policy defines the first request "external networks must be translated" *match desination-ip 0.0.0.0/0* *nat use-vpn 0* (External Networks must use a public TLOC color) *match destination-ip 0.0.0.0/0* *set local-tloc-list color biz-internet* - (Public TLOC Color) (syslog servers, must use a private TLOC color) *match destination-data-prefix-list SYSLOG-SERVERS* *set local-tloc-list color MPLS* (Private TLOC Color) The sequence are set in an ordered structure, consisting of match and action conditions, in which data traffic is analysed! If a route does not match any of the conditions in a route, it is rejected by default! Option [A] fulfils the request and follows the ordered sequence of paired match and action conditions!
upvoted 2 times
NetArch_Teck
1 year, 11 months ago
The formatting is not very well presented and after further inspection I can see the public color of biz-internet within answer [C] The nat use-vpn 0 command is for DIA Therefore the answer is option [C]
upvoted 1 times
elninio13
1 year, 7 months ago
so we can use same sequence twice?
upvoted 1 times
...
incog
1 year, 10 months ago
seq 20 is overlapping in option C, it seens like D is correct, syslog needs to go via MPLS
upvoted 1 times
...
...
Zamochit
1 year, 4 months ago
For me is C also , but, when I read "external networks must be translated" i am thinking to translate them , so nat in a some way, so NAT VPN 0, then in the C we are not indicating that, but i am in my mind thinking that's a policy in cli, so i am replacing and the nat VPN 0 is being keeped, because if not we are not translating. Anyway C is the good answer for me. You should match Syslog servers before for sure, because if not 0.0.0.0/0 will match all your traffic before any kind of match. Always from particular to global, like acls, route maps ,etc. Thanks for sharing
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel