Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← SD-WAN Architecture practice sets

CCNP SD-WAN Architecture • Complete Question Bank

CCNP SD-WAN Architecture — All Questions With Answers

Complete CCNP SD-WAN Architecture question bank — all 0 questions with answers and detailed explanations.

58
Questions
Free
No signup
Certifications/CCNP/Practice Test/SD-WAN Architecture/All Questions
Question 1mediummultiple choice
Read the full MPLS explanation →

A network engineer is deploying a Cisco SD-WAN solution for a global enterprise with multiple regional hubs. The engineer wants to ensure that traffic from branch offices to the internet is always forwarded directly from the branch, even if the branch has a primary MPLS link and a backup broadband link. The engineer configures the vSmart policy to direct internet-bound traffic to use the local exit at the branch. However, after deployment, the engineer notices that some internet traffic is still being sent to the regional hub before reaching the internet. What is the most likely cause of this behavior?

Question 2mediummultiple choice
Read the full MPLS explanation →

An enterprise is migrating from a traditional MPLS WAN to Cisco SD-WAN. The network team has deployed vEdge routers at all branch offices and a vSmart controller in the data center. The engineer configures a centralized control policy to influence path selection based on cost and latency. After the policy is activated, the engineer notices that some branches are not receiving the updated policy and are still using the default best-path selection. The vSmart is reachable from all branches, and the vEdge routers show that they are connected to the vSmart. What is the most likely reason for this issue?

Question 3hardmultiple choice
Study the full SD-WAN breakdown →

A network engineer is configuring a Cisco SD-WAN fabric with vManage, vSmart, and vBond controllers. The engineer wants to ensure that all branch routers automatically discover the vSmart and vBond controllers without manual configuration on each branch. The engineer has configured the vBond with a public IP address and enabled NAT traversal. However, branch routers are failing to establish control connections. The engineer verifies that the branch routers have the correct organization name and that the vBond is reachable from the branches. What is the most likely missing configuration?

Question 4hardmultiple choice
Read the full MPLS explanation →

A large enterprise uses Cisco SD-WAN with multiple transport clouds (MPLS and Internet). The network team wants to ensure that voice traffic between two branch offices always uses the MPLS link, even if the Internet link has lower latency. The engineer creates a centralized data policy on the vSmart to match voice traffic based on DSCP EF and sets the preferred color to 'mpls'. After applying the policy, the engineer tests and finds that voice traffic is still using the Internet link. The vEdge routers show that the policy is received and active. What is the most likely reason for this failure?

Question 5mediummultiple choice
Read the full MPLS explanation →

A network engineer is troubleshooting a Cisco SD-WAN deployment where a branch office has two WAN links: a primary MPLS link and a backup LTE link. The engineer wants to configure application-aware routing so that critical applications (e.g., Salesforce) always use the MPLS link as long as its loss is below 2% and latency below 150 ms. The engineer configures an app-route policy on the vSmart with the appropriate SLA requirements. After deployment, the engineer notices that Salesforce traffic is still using the LTE link even when the MPLS link meets the SLA. What is the most likely cause?

Question 6hardmultiple choice
Study the full SD-WAN breakdown →

An enterprise is deploying Cisco SD-WAN with a hub-and-spoke topology. The hub site has a vSmart controller and a vEdge router. The branch sites have vEdge routers. The engineer wants to ensure that all inter-branch traffic goes through the hub for security inspection. The engineer configures a centralized control policy on the vSmart to set the 'hub' as the preferred path for all routes. After the policy is applied, the engineer notices that branch-to-branch traffic is still going directly, bypassing the hub. The vEdge routers show that the control policy is received. What is the most likely issue?

Question 7mediummultiple choice
Read the full MPLS explanation →

A network engineer is configuring a Cisco SD-WAN solution for a retail chain with hundreds of stores. The engineer wants to use a centralized data policy to steer all YouTube traffic to a specific WAN link (broadband) to save MPLS bandwidth. The engineer creates a policy that matches YouTube traffic by destination IP and sets the preferred color to 'biz-internet'. After applying the policy, the engineer tests and finds that YouTube traffic is still using the MPLS link. The vEdge routers show that the policy is received and active. What is the most likely reason?

Question 8easymultiple choice
Study the full SD-WAN breakdown →

An enterprise is deploying Cisco SD-WAN with multiple vSmart controllers for redundancy. The engineer configures the vEdge routers to connect to two vSmart controllers. After deployment, the engineer notices that the vEdge routers are only connected to one vSmart, and the second vSmart is not being used. The vEdge routers show that the second vSmart is reachable. What is the most likely reason for this behavior?

Question 9easymultiple choice
Read the full MPLS explanation →

A network engineer is configuring a Cisco SD-WAN solution for a multinational corporation. The engineer wants to use a centralized data policy to steer all traffic from the Finance department (VPN 10) to a specific WAN link (MPLS) for security reasons. The engineer creates a policy that matches traffic from VPN 10 and sets the preferred color to 'mpls'. After applying the policy, the engineer tests and finds that traffic from VPN 10 is still using the Internet link. The vEdge routers show that the policy is received and active. What is the most likely reason?

Question 10mediummultiple choice
Study the full SD-WAN breakdown →

A multinational enterprise is deploying Cisco SD-WAN to interconnect 500 branch sites with two data centers. The network architect must ensure that the control plane remains operational even if the vSmart controllers become unreachable. Which design approach should the architect choose to meet this requirement?

Question 11mediummultiple choice
Read the full wireless explanation →

An architect is designing an SD-Access fabric for a large campus network. The design must support wireless clients that roam across different access switches without requiring a centralized wireless LAN controller. Which fabric component and protocol combination should the architect use to enable this mobility?

Question 12mediummultiple choice
Study the full SD-WAN breakdown →

A service provider is deploying NFV to offer managed SD-WAN services to enterprise customers. The architect must place virtual network functions (VNFs) such as vEdge routers and firewalls in the provider's data center. Which VNF placement model allows the provider to chain these functions efficiently and scale per customer?

Question 13mediummultiple choice
Study the full SD-WAN breakdown →

A campus network architect is redesigning the LAN to support high availability and east-west traffic growth. The current design uses a traditional three-tier hierarchy with a collapsed core. The architect must choose a new design that provides predictable latency, simple scalability, and efficient use of uplinks. Which design should the architect select?

Question 14hardmultiple choice
Study the full SD-WAN breakdown →

An enterprise is deploying a virtualized network function (VNF) for a next-generation firewall on a KVM-based hypervisor. The architect must ensure that the VNF can handle high throughput without CPU bottlenecks. Which hypervisor configuration technique should the architect use to dedicate physical CPU cores to the VNF?

Question 15mediummultiple choice
Read the full MPLS explanation →

A network architect is designing the QoS architecture for a Cisco SD-WAN deployment that carries voice, video, and data traffic across MPLS and Internet transports. The design must use a consistent DiffServ marking strategy across all transports and ensure that voice traffic is prioritized over video. Which QoS policy type and marking approach should the architect use?

Question 16easymultiple choice
Study the full SD-WAN breakdown →

An enterprise is deploying Cisco SD-WAN with vManage, vSmart, vBond, and vEdge routers. The architect must design the control plane to securely onboard new vEdge routers and establish DTLS/TLS tunnels. Which component is responsible for the initial authentication and coordination of control plane connections?

Question 17mediummultiple choice
Study the full SD-Access breakdown →

A network architect is designing a Cisco SD-Access fabric for a university campus that requires segmentation between student, faculty, and guest traffic. The design must use Cisco TrustSec for scalable security group tags (SGTs) and integrate with Cisco ISE for policy enforcement. Which fabric component should the architect use to enforce SGT-based policies at the access layer?

Question 18easymultiple choice
Study the full SD-WAN breakdown →

A company is deploying a virtualized network function (VNF) for a Cisco CSR1000v router on a VMware vSphere hypervisor. The architect must choose the hypervisor type to ensure the best performance for the VNF. Which hypervisor type is VMware vSphere classified as, and why is it suitable for VNF deployment?

Question 19mediummultiple choice
Open the full BGP breakdown →

Consider the following SD-WAN configuration snippet on a Cisco IOS-XE router:

interface GigabitEthernet0/0/1
 ip address 10.1.1.1 255.255.255.0

tunnel-interface

encapsulation ipsec

color biz-internet

no allow-service bgp

allow-service dhcp allow-service dns allow-service icmp !

What is the effect of this configuration?

Question 20mediummultiple choice
Review the full OSPF breakdown →

Given the following SD-WAN configuration on a Cisco IOS-XE router:

router ospf 1

redistribute bgp 65000 subnets

network 192.168.1.0 0.0.0.255 area 0

!

interface GigabitEthernet0/0/0
 ip address 192.168.1.1 255.255.255.0
 ip ospf network point-to-point

!

Which statement is true?

Question 21mediummultiple choice
Study the full SD-WAN breakdown →

Examine the following SD-WAN policy configuration on a Cisco vSmart controller:

policy control-policy CONTROL_POLICY sequence 10 match route prefix-list PL_10 action accept set community 100:10 ! prefix-list PL_10 sequence 10 match ip-address 10.0.0.0/24 !

What is the effect of this control policy?

Question 22mediummultiple choice
Read the full VPN explanation →

Consider the following SD-WAN device configuration on a Cisco IOS-XE router:

sdwan

interface GigabitEthernet0/0/1

tunnel-interface

encapsulation ipsec

color public-internet allow-service all !

interface GigabitEthernet0/0/2

tunnel-interface

encapsulation ipsec

color 3g allow-service all !

Which statement about this configuration is true?

Question 23mediummultiple choice
Study the full SD-WAN breakdown →

Given the following SD-WAN CLI output on a Cisco IOS-XE router:

show sdwan omp routes

10.1.1.0/24, received, admin-distance: 250 via 10.0.0.1, interface GigabitEthernet0/0/1, color biz-internet, loss: 0, latency: 10 via 10.0.0.2, interface GigabitEthernet0/0/2, color 3g, loss: 1, latency: 50

Which statement is true?

Question 24mediummultiple choice
Read the full VPN explanation →

Examine the following SD-WAN configuration on a Cisco vEdge router:

vpn 0

interface ge0/0
 ip address 10.0.0.1/24

tunnel-interface

encapsulation ipsec

color public-internet allow-service all !

interface ge0/1
 ip address 10.0.0.2/24

tunnel-interface

encapsulation ipsec

color 3g allow-service all !

Which statement is correct?

Question 25easymultiple choice
Study the full SD-WAN breakdown →

In Cisco SD-WAN, what is the default OMP hello interval (in seconds) between a vEdge router and a vSmart controller?

Question 26easymultiple choice
Study the full SD-WAN breakdown →

Which component in Cisco SD-WAN is responsible for orchestrating the overlay network, including authentication and NAT traversal?

Question 27mediummultiple choice
Study the full SD-WAN breakdown →

In Cisco SD-WAN, what is the maximum number of TLOCs that can be associated with a single OMP route?

Question 28mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of SD-WAN edge device (vEdge/cEdge) bring-up sequence into the correct order, from first to last.

Question 29mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of SD-WAN overlay routing protocol (OMP) route advertisement sequence into the correct order, from first to last.

Question 30mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of Cisco SD-WAN control plane establishment sequence into the correct order, from first to last.

Question 31mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of SD-WAN zero-touch provisioning (ZTP) flow into the correct order, from first to last.

Question 32mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of SD-WAN policy creation and push via vManage into the correct order, from first to last.

Question 33mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of OMP route advertisement between vSmart and vEdge into the correct order, from first to last.

Question 34mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of BFD session establishment for path liveliness into the correct order, from first to last.

Question 35mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of SD-WAN traffic engineering app-aware routing steps into the correct order, from first to last.

Question 36mediummatching
Study the full SD-WAN breakdown →

Drag and drop each SD-WAN controller on the left to its matching function on the right.

Question 37mediummatching
Study the full SD-WAN breakdown →

Drag and drop each SD-WAN plane on the left to its matching function on the right.

Question 38hardmatching
Study the full SD-WAN breakdown →

Drag and drop each OMP attribute on the left to its matching behavior on the right.

Question 39hardmatching
Study the full SD-WAN breakdown →

Drag and drop each SD-WAN policy type on the left to its matching application point on the right.

Question 40mediummatching
Study the full SD-WAN breakdown →

Drag and drop each WAN transport type on the left to its matching SD-WAN characteristic on the right.

Question 41mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of SD-WAN zero-touch provisioning (ZTP) flow into the correct order, from first to last.

Question 42mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of SD-WAN policy creation and push via vManage into the correct order, from first to last.

Question 43mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of OMP route advertisement between vSmart and vEdge into the correct order, from first to last.

Question 44mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of BFD session establishment for path liveliness into the correct order, from first to last.

Question 45mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps of SD-WAN traffic engineering app-aware routing steps into the correct order, from first to last.

Question 46mediummatching
Study the full SD-WAN breakdown →

Drag and drop each SD-WAN controller on the left to its matching function on the right.

Question 47mediummatching
Study the full SD-WAN breakdown →

Drag and drop each SD-WAN plane on the left to its matching function on the right.

Question 48hardmatching
Study the full SD-WAN breakdown →

Drag and drop each OMP attribute on the left to its matching behavior on the right.

Question 49mediummatching
Study the full SD-WAN breakdown →

Drag and drop each SD-WAN policy type on the left to its matching application point on the right.

Question 50mediummatching
Study the full SD-WAN breakdown →

Drag and drop each WAN transport type on the left to its matching SD-WAN characteristic on the right.

Question 51mediummulti select
Study the full SD-WAN breakdown →

Which two statements about SD-WAN control plane components are true? (Choose two.)

Question 52hardmulti select
Study the full SD-WAN breakdown →

Which three statements about SD-WAN overlay tunnels and transport are true? (Choose three.)

Question 53mediummulti select
Study the full SD-WAN breakdown →

Which two statements about SD-WAN policy architecture are true? (Choose two.)

Question 54hardmulti select
Study the full SD-WAN breakdown →

Which three statements about SD-WAN segmentation and multi-tenancy are true? (Choose three.)

Question 55mediummulti select
Study the full SD-WAN breakdown →

Which two statements about Cisco SD-WAN control plane components are true? (Choose two.)

Question 56hardmulti select
Study the full SD-WAN breakdown →

Which two statements about Cisco SD-WAN overlay routing and OMP are true? (Choose two.)

Question 57mediummulti select
Study the full SD-WAN breakdown →

Which three statements about Cisco SD-WAN security and segmentation are true? (Choose three.)

Question 58easymulti select
Study the full SD-WAN breakdown →

Which three statements about Cisco SD-WAN architecture components and their roles are true? (Choose three.)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CCNP Practice Test 1 — 10 Questions→CCNP Practice Test 2 — 10 Questions→CCNP Practice Test 3 — 10 Questions→CCNP Practice Test 4 — 10 Questions→CCNP Practice Test 5 — 10 Questions→CCNP Practice Exam 1 — 20 Questions→CCNP Practice Exam 2 — 20 Questions→CCNP Practice Exam 3 — 20 Questions→CCNP Practice Exam 4 — 20 Questions→Free CCNP Practice Test 1 — 30 Questions→Free CCNP Practice Test 2 — 30 Questions→Free CCNP Practice Test 3 — 30 Questions→CCNP Practice Questions 1 — 50 Questions→CCNP Practice Questions 2 — 50 Questions→CCNP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

ArchitectureEnterprise Network DesignSD-Access ArchitectureSD-WAN ArchitectureQoS ArchitectureVirtualizationNetwork Function VirtualizationVirtual Machines and HypervisorsVRF and Path IsolationInfrastructureOSPFBGPEIGRPVLANs and TrunkingSpanning Tree ProtocolEtherChannelWireless InfrastructureMPLSWAN TechnologiesNAT and DHCPIP MulticastQoSNetwork AssuranceSNMP and SyslogNetFlow and TelemetrySPAN and RSPANIP SLASecurityAAA, RADIUS, and TACACS+ACLs and CoPP802.1X and TrustSecVPN TechnologiesInfrastructure SecurityAutomationPython for Network AutomationAnsible AutomationREST APIs and Data ModelsCisco DNA CenterModel-Driven Telemetry

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All SD-WAN Architecture setsAll SD-WAN Architecture questionsCCNP Practice Hub