Valid 500-490 Dumps shared by ExamDiscuss.com for Helping Passing 500-490 Exam! ExamDiscuss.com now offer the newest 500-490 exam dumps, the ExamDiscuss.com 500-490 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 500-490 dumps with Test Engine here:
Which two statements regarding Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure? (Choose two.)
Correct Answer: B,E
Explanation Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure by using two mechanisms: Only authorized controllers are allowed to communicate back to the vEdge router after the vEdge router establishes connection with the controllers. This means that the vEdge router initiates a secure connection to the vSmart controller and the vBond orchestrator using DTLS or TLS, and verifies their identity using certificates. The vEdge router does not accept any incoming connections from the controllers, and only responds to the messages that match the established sessions. This prevents unauthorized or malicious traffic from reaching the vEdge router and consuming its resources12. By default, all incoming traffic is denied at the transport (WAN) side interfaces. This means that the vEdge router applies an implicit deny-all policy to any traffic that arrives from the WAN side, unless it is explicitly allowed by a security policy. The security policy can be configured to permit only the traffic that matches certain criteria, such as source, destination, protocol, port, or application. This reduces the attack surface of the vEdge router and protects it from unwanted or harmful traffic34. References: Cisco SD-WAN Security Features Cisco SD-WAN Design Guide Cisco SD-WAN Security Policy Configuration Guide Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
