Designing Cisco Enterprise Networks for System Engineers — Question 13

Which two statements regarding Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure? (Choose two.)

Answer options

• A. Open Certificate Authority and automated enrollment feature.
• B. By default, all incoming traffic is denied at the transport (WAN) side interfaces.
• C. Only authorized controllers are allowed to communicate back to the vEdge router after the vEdge router establishes connections with the controllers.
• D. In case of direct Internet access, the only traffic allowed back is the traffic matching the state table entries on the vEdge router.
• E. The vEdge routers run on hardened Linux operating systems.

Correct answer: C, D

Explanation

The correct answers, C and D, address security measures that ensure only trusted controllers can interact with the vEdge router and restricts traffic to that which is recognized, thus mitigating potential DoS attacks. Options A, B, and E do not directly contribute to preventing DoS attacks on the infrastructure like C and D do.