Review #1: Terminology
1) What term describes placing a packet into an IPsec tunnel?
2) Describe/define the following: a. Cloud Portal b. Orchestrator
c. Passthrough flow
3) True/False: An overlay tunnel can use one or more underlay
tunnels to transport packets that match a Business Intent
Overlay.
4) How many Orchestrators would be used by a typical
organization?
?
?
d) Stale flow e) Business Intent Overlay f) Local Internet
Breakout
© 2020 Silver Peak Systems, Inc. All Rights Reserved.30
Review #2: Products and Licensing
6) True/False: The Orchestrator is always hosted outside a
customer’s network.
7) True/False: The Cloud Portal automatically builds tunnels from a
new device to existing appliances, then tells the Orchestrator the
device has been registered.
8) True/False: A 100 Mbps license, or 1 block, is required to
handle 75 Mbps of LAN traffic.
9) What is Boost?
10) What Boost Feature reduces the bandwidth required using
deduplication and compression??
11) Name the other Boost Feature. a. What does it do?
12) True/False: Boost is included with an Unlimited License.
?
?
Review #3: Orchestrator Setup Lab
14) True/False: The lab steps are only a guideline. If you simply
look at the screenshots, you can get through the lab tasks much
faster?
15) True/False: I should have written down my ReadyTech Lab Access
Code.
16) Why should you select Thin as the Disk Provisioning option when
installing the Orchestrator?
17) True/False: RFC-1701 defines the Enterprise SD-WAN
standard.
?
?
Review #4: Dynamic Path Control
19) When using Business Intent Overlays, is load balancing between
appliances flow- based or packet-based?
20) What are Silver Peak’s three options for dynamically choosing
an underlay tunnel?
21) What four line characteristics are used to determine the
quality of a tunnel?
22) Do you think local internet breakout traffic is: a. Flow or
packet based? b. Why?
23) Can an appliance load-balance an overlay over the Red and Blue
underlay tunnels shown in the diagram to the right? a. Why or why
not?
Site 2
Site 1
LAN WAN
Review #5: Path Conditioning
24) When can FEC make a loss problem worse?
25) What is a typical WAN ISP SLA for loss for… a) Internet b)
MPLS
?
?
Review #6: Boost
29) What three factors are the primary contributors to
latency?
30) How do we accelerate TCP flows?
31) Why does Asymmetry break TCP Acceleration?
32) What benefit does the Network Memory component of Boost
provide?
?
?
Review #7: Licensing Process
34) What is the first step in setting up your Silver Peak
network?
35) True/False: There are unique license keys that are different
for each EdgeConnect appliance and the Orchestrator.
36) What is required for an appliance without direct Internet
connectivity to register?
37) How long is a device’s license period?
?
?
Review #8: Orchestrator Configuration and Licensing Lab
39) What is the default user name and password for the Orchestrator
GUI?
40) What is the filename extension of the Orchestrator installation
file?
41) Select all the correct statements: On the Cloud Portal screen
in Orchestrator, Registered = Yes indicates:
A. The Orchestrator was able to reach the Cloud Portal on the
internet.
B. The Orchestrator was recognized by the Cloud Portal to belong to
your company based on its serial number.
C. The Account Name and Account Key were correctly entered.
D. The Orchestrator will now be able to manage any EdgeConnect
clients associated with that account
?
?
Review #9: Path Selection & Subnet Sharing
43) What does ‘Auto (system)’ in the route ‘Type’ field mean?
44) What does Subnet Sharing do?
45) What must happen before subnets will be shared between
appliances?
46) What happens to shared subnets if all tunnels to a site go
down?
47) Besides Subnet Sharing, how else can an appliance dynamically
learn routes?
48) What does FROM_WAN mean in the additional info column of the
data path routing table?
49) What is the management routing table used for?
50) True/False: Syslog entries from an appliance will be reported
to the Syslog server using the main data path Routes table.
86
Review #10: Router Mode
51) What is the name of the mode that is the recommended best
practice?
52) True/False: You must use mgmt0 out of band to manage the
appliances.
53) What are the 3 basic Silver Peak Reference Architectures?
54) True/False: Router Mode cannot be deployed out of path.
55) How many IP addresses do you need in router mode?
56) True/False: As shown in the diagram, in Inline Router Mode,
passthrough traffic that arrives on lan1 cannot be forwarded out
lan0.
WAN wan0
Review #11: Bridge Mode
57) How many IP addresses do you need in Bridge Mode?
58) True/False: The lan0 and wan0 of an appliance in Bridge Mode
connect to two different subnets.
59) What is the failure mode of an appliance in Bridge Mode?
60) If you want an Inline appliance to use multicast, should an
appliance be in Bridge or Router Mode?
61) True/False: In Bridge Mode, you don’t have to use mgmt0 to
manage the appliance, you can use a data path interface.
62) True/False: In Bridge Mode, passthrough traffic arriving on
lan0 can be forwarded out wan1 (see picture)
108
Review #12: Server Mode
63) True/False: Server mode is the default for freshly installed
ECVs.
64) What is the difference between Server Mode and Router
Mode?
65) True/False: Server Mode can be Inline or Out-of-Path.
66) Why would you use server mode?
?
?
Review #13: Data Security
67) True/False: To block all incoming connections from the
internet, the Stateful Firewall should be set to Harden on an
interface.
68) True/False: The Stateful+SNAT interface firewall setting maps
LAN addresses to WAN addresses for packets being placed in a
tunnel.
69) If you want to allow inbound connections from the Internet to
only one LAN side server, what feature should you use to permit
connections ONLY to that server on the LAN?
70) True/False: A Zone Based Firewall policy that permits
connections initiated from zone A to zone B, will also permit
connections to be initiated from zone B to zone A.
71) What is required for us to de-duplicate SSL traffic and why do
we need to do it?
?
?
Review #14: Interface Labels and Deployment Profiles
74) True/False: An interface labeled ‘Voice’ only allows VOIP
traffic.
75) True/False: A deployment profile defines how many interfaces
and sub-interfaces will be configured for an appliance.
76) Does a deployment profile… a. Contain IP addresses? b. Can
include VLAN numbers? c. ZBF (Zone Based Firewall) security
policies?
77) Customers need to access a LAN-side web server inside a branch
office. (see diagram) What WAN-side (Internet) firewall settings
and features should be used?
78) What is the purpose of the NAT flag?
79) True/False: Your network branch offices have overlapping local
subnet addresses in the 192.168.x.x space. Enabling Stateful+SNAT
will hide the overlap because the tunnel traffic will be
NAT’d.
wan0 lan0wan0 Internetlan0
Review #15: Template Groups
81) Where can you get an explanation of template fields?
82) How do you determine where a template will be applied?
83) How do you determine which template will be applied?
?
?
Review #16: Business Intent Overlays
85) What are the three match choices for placing incoming LAN
traffic into an overlay? a) Which is the most used?
86) What are the three Service Level Objective options?
87) How does an overlay treat a SLO parameter set to ‘0’?
88) In the overlay list, which Business Intent Overlay has the
highest priority—the top or bottom?
89) You have two Business Intent Overlays, shown in order. If IP
phone traffic arrives on the “Data” port, which BIO is used? : •
All - matches all traffic coming in on the LAN0 port labeled Data •
VOIP - matches IP phone traffic based on an ACL
?
?
Review #17: BIO and Appliance Configuration Labs
91) What are the four default Business Intent Overlays?
92) What is the purpose of a Port Group?
93) Describe how one can view the MAC addresses of the Network
Adapters in ESXi.
94) True/False: It is best practice to use DHCP to assign the IP
Address for mgmt0.
?
?
Review #18: Orchestrator Registration Lab
96) Name some things that could prevent the Appliance Discovered
button from showing.
97) True/False: Appliances must always be manually approved by an
Administrator?
98) Why might the wrong IP Address show up in the Appliances
Discovered tab?
?
?
Review #19: Automated Provisioning and Deployment
100) What matches a physical device with a preconfiguration
file?
101) What matches a virtual appliance with a preconfig YAML
file?
102) True/False: A preconfig file cannot assign IP addresses to
interfaces because they are different at every site.
?
?
Review #20: Quality of Service
104) What determines which traffic class a packet is placed
in?
105) What determines the behavior of individual traffic
classes
106) In order to avoid starving any traffic class, the sum of
__________ shouldn’t exceed ________?
107) True/False: The Shaper ID column defines the order in which
classes are serviced.
?
?
Review #21: Reporting and Monitoring
109) What 3 lines commonly appear on most Silver Peak statistical
graphs?
110) What are the Line colors for those lines? LAN: ________ WAN:
________ Ratio: __________
111) Why is the Ratio usually useful?
112) On an appliance, what single page shows Bandwidth Usage, Top
Applications, Latency, Loss and Top flows?
113) Where should you check first when troubleshooting a problem
happening ‘now’?
114) How can you tell if a flow is being optimized?
115) What will tell you which QoS Policy rule caused a flow to end
up in a particular shaper traffic class?
116) What are the 5 main sections of a Flow Detail?
?
?
Review #22: Built in Diagnosis Tools
118) What option is required to make sure a Ping is sourced from
the correct interface or IP address when testing
reachability?
119) What options can be used to make sure a traceroute is sourced
from the correct IP address or interface when testing
reachability?
120) How do you display the options available for running the ping
and traceroute commands from the UI?
121) True/False: Iperf is always safe to run on a production
network.
?
?
Review #23: Business Intent Overlay Path Selection
123) A packet matches a Business Intent Overlay. There's a Routes
(subnet) table match with a destination that is part of the
overlay. Is the first packet (SYN) sent through a tunnel or
not?
124) Same scenario as above, but there is no match in Routes
table?
125) True/False: Once the traffic is matched to an overlay, a
determination needs to made as to if it will: a. will be backhauled
through an IPsec tunnel to a non-Silver-Peak device. b. broken out
locally direct to the internet. c. sent through a secure tunnel to
an external service like Zscaler.
?
?
Review #24: Boost and Asymmetry
127) What is TCP asymmetry?
128) What is a good indicator of asymmetry?
129) What are some causes of TCP asymmetry?
130) What are some possible solutions?
?
?
Review #25: Flow Detail
132) What is your best friend when troubleshooting a connection
between two endpoints that transits an appliance?
133) How do you display the Flow Detail?
134) What are the 5 main sections of the Flow Detail?
135) What section will tell you if an overlay or the default route
policy was matched?
136) How can you see the external (upstream) source address of an
outbound flow when the interface is set to Stateful+SNAT?
?
?
Review #26: Overlays & Tunnels
138) What are some reasons a tunnel might not come up?
139) Can a user configure a Business Intent Overlay from the
appliance's web interface?
140) What effect does the order of overlays in the list on the BIO
page have on it’s priority?
141) If you delete a BIO created tunnel on an appliance, what will
happen within 5 minutes?
142) If you apply a BIO to an appliance without a matching label or
ACL, will traffic be routed into the associated overlay
tunnels?
143) How many active primary links do you need for a Link Bonding
Policy of “High Availability”?
?
?
Review #27: Licensing
145) How long is an appliance license lease?
146) What protocol and port number do the Appliances and
Orchestrator use to talk to the Cloud Portal?
147) Does the Orchestrator require Internet connectivity to
register with the Cloud Portal?
148) Does an appliance require direct internet connectivity to the
Cloud Portal to register? If not, what would need to be
configured?
149) True/False: An unlicensed appliance will send all incoming
traffic Passthrough Shaped.
?
?
Review #28: Routing and Reachability
151) True/False: If you are doing internet breakout on a WAN
interface, it should be set to ‘‘Harden”.
152) True/False: CDP (Cisco Discovery Protocol) tests Layer 3
connectivity.
153) What is a common misconfiguration when redirecting traffic out
of path?
154) How do the Silver Peaks attract traffic via a routing protocol
when the local OEM routers are learning the same subnets via a
different path?
155) What should the local devices point to when redundant Silver
Peaks are using VRRP on the lan side of the network to
deterministically route traffic?
156) A data center appliance is BGP peered to local routers and is
learning routes from them. The branch appliances can’t reach the
subnets beyond the routers. What might be the problem?
303