Passed Exam Today SD-WAN-Engineer

Comprehensive and Detailed Explanation

To achieve strict regional isolation where branch sites only form VPN tunnels with Data Centers in their specific region (e.g., EU branches to EU DCs only), the correct architectural feature to utilize isVPN Clusters.

In Prisma SD-WAN (CloudGenix), aClusterdefines a logical security and topology boundary for the overlay network. By default, devices may be placed in a "Default" cluster where they attempt to form a mesh or hub-and-spoke topology with all other reachable devices in that context.

To enforce the new policy:

Logical Partitioning:The administrator should create separate VPN Clusters for each region (e.g., "Cluster-NA", "Cluster-EU", "Cluster-Asia").

Assignment:The Regional Data Center IONs and their corresponding Branch IONs must be moved into their respective clusters.

Result:The Prisma SD-WAN controller dictates that devices can only establish Secure Fabric (VPN) tunnels with other devices within thesame cluster. This effectively segments the global network, ensuring that an Asian branch never attempts to build a tunnel to a North American DC, satisfying the compliance requirement without complex access lists or manual tunnel configuration.

Option B (Manual Tunnels)is administratively unscalable and negates the benefits of SD-WAN automation.

Option C (Circuit Labels)is primarily for path selection and traffic steering, not for hard topology segmentation.

Option D (VRFs)is used for local Layer 3 segmentation (routing isolation) within a device, not for controlling WAN overlay tunnel formation scope.

Comprehensive and Detailed Explanation

Prisma SD-WAN separates real-time visibility from historical summarization.

Reports (C):TheReportssection is the dedicated engine for generating historical summaries. Administrators can create custom report templates (e.g., "Monthly Executive Summary") that include specific widgets like "Top Applications by Volume," "Site Availability," or "Circuit Utilization." Crucially, this feature allows forScheduling, where the system automatically generates the PDF report at a set interval (e.g., first day of the month) and emails it to a distribution list.

Activity Charts (A) / Media Analytics (B):These provide interactive, visual graphs for ad-hoc analysis but are not designed for generating downloadable, scheduled PDF summaries for management.

Flow Browser (D):This is for deep-dive troubleshooting of individual sessions, not for high-level aggregate reporting.

Comprehensive and Detailed Explanation

According to thePrisma SD-WAN Performance Policy Default Behaviordocumentation, the default action configured for applications (including real-time media) when a path experiences poor performance (violates the SLA thresholds for latency, jitter, or packet loss) is toMove Flows.

The Prisma SD-WAN ION device continuously monitors the health of all available paths. If the active path for a media application degrades and fails to meet the specified SLA, the default policy dictates that the traffic should be steered (moved) to an alternate, compliant path that meets the performance criteria.

WhileForward Error Correction (FEC)is a powerful feature available in Prisma SD-WAN to mitigate packet loss for real-time applications, it is anoptional actionthat must be explicitly enabled or configured within the performance policy rules. It is not thedefaultaction in the base system configuration; the primary default mechanism for handling performance issues is to leverage the multi-path fabric to switch to a better link.