Cisco 500-220 Practice Test - Questions Answers, Page 2

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MX_Security_and_SD-WAN/MX_Templates_Best_Practices#:~:text=policy%2C%20choose%20Save-,Local%20Overrides,will%20override%20the%20template%20configuration.

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Best_Practice_Design_-_MR_Wireless/High_Density_Wi-Fi_Deployments

This is because the alert mentions 802.1X failure, which is a network access control method that is used with WPA2-enterprise and RADIUS servers1.

This question is related to the topic ofWireless Access Points Quick Startin the Cisco Meraki documentation. You can find more information about this topic in theWireless Access Points Quick Startarticle or theUsing the Cisco Meraki Device Local Status Pagepage.

SM Sentry enrollment can be enabled on any MR network via the Splash page section of the Wireless > Configure > Access control page. https://documentation.meraki.com/MR/MR_Splash_Page/Systems_Manager_Sentry_Enrollment

To clarify, when an SSID is configured with Sign-On Splash page enabled, the two settings that must be configured for unauthenticated clients to have full network access and not be allow listed are:

Controller disconnection behavior: This setting determines how the clients are treated when the Meraki cloud controller is unreachable. The options areRestrictedorUnrestricted. The former option blocks all traffic from unauthenticated clients until the controller is reachable again.The latter option allows unauthenticated clients to access the network without signing on until the controller is reachable again1.

Captive Portal strength: This setting determines how often the clients are redirected to the splash page for authentication. The options areBlock all access until sign-on is completeorAllow non-HTTP traffic prior to sign-on. The latter option allows unauthenticated clients to access other protocols such as DNS, DHCP, ICMP, etc., but blocks HTTP and HTTPS traffic until they sign on.This option is recommended for compatibility with devices that do not support web-based authentication1.

Assuming this MX has established a full tunnel with its VPN peer, the MX will route the WebEx traffic based on the SD-WAN policy configured in the exhibit. The SD-WAN policy has two performance classes:ConfandDefault.TheConfperformance class matches the traffic with destination port 9000, which is used by WebEx for VoIP and video RTP3. TheConfperformance class has a preferred uplink of WAN 2 and a failover uplink of WAN 1. It also has thresholds for latency, jitter, and loss that determine when to switch from the preferred uplink to the failover uplink. Therefore, the WebEx traffic will prefer WAN 2 as long as it meets the thresholds in theConfperformance class. If WAN 2 exceeds the thresholds or goes down, the WebEx traffic will switch to WAN 1 as the failover uplink.

More hardware devices than device licenses: An organization needs to have enough device licenses to cover all the hardware devices in its network. A device license is consumed by each device that is added to the network.If the number of devices exceeds the number of licenses, the organization will be out of license and will lose access to some features and support until it purchases more licenses or removes some devices4.

Expired device license: A device license has an expiration date that depends on the license term purchased by the organization. If a device license expires, it will no longer be valid and will not count towards the license limit.The organization will need to renew the expired license or purchase a new one to avoid being out of license4.

To clarify, to optimize load balancing asymmetrically with a 4:1 ratio between links, two actions that are required are:

Enable load balancing: This option allows the MX to use both of its uplinks for load balancing.When load balancing is enabled under Security & SD-WAN > Configure > SD-WAN & Traffic shaping, traffic flows will be distributed between the two uplinks proportional to the WAN 1 and WAN 2 bandwidths specified under Uplink configuration1.

Change the assigned speeds of WAN 1 and WAN 2 so that the ratio is 4:1: The assigned speed of a WAN link is a value that indicates the bandwidth available on that link.By changing the assigned speeds of WAN 1 and WAN 2 so that they reflect the desired load-balancing ratio, the administrator can ensure that the MX uses both links efficiently and proportionally1. For example, if WAN 1 has a bandwidth of 100 Mbps and WAN 2 has a bandwidth of 25 Mbps, then setting their assigned speeds to 100 Mbps and 25 Mbps respectively will achieve a 4:1 load-balancing ratio.