Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Cisco
  3. 300-440

Cisco 300-440 Exam (page: 1)
Cisco Designing and Implementing Cloud Connectivity (ENCC)
Updated on: 12-Feb-2026

Viewing Page 1 of 9
300-440 PDF 84 Questions

Refer to the exhibit.



While troubleshooting an IPsec connection between a Cisco WAN edge router and an Amazon Web Services (AWS) endpoint, a network engineer observes that the security association status is active, but no traffic flows between the devices What is the problem?

  1. wrong ISAKMP policy
  2. identity mismatch
  3. wrong encryption
  4. IKE version mismatch

Answer(s): B

Explanation:

An identity mismatch occurs when the local and remote identities configured on the IPsec peers do not match. This can prevent the establishment of an IPsec tunnel or cause traffic to be dropped by the IPsec policy. In this case, the network engineer should verify that the local and remote identities configured on the Cisco WAN edge router and the AWS endpoint match the values expected by each peer. The identities can be an IP address, a fully qualified domain name (FQDN), or a distinguished name (DN). The identities are exchanged during the IKE phase 1 negotiation and are used to authenticate the peers. If the identities do not match, the peers will reject the IKE proposal and the IPsec tunnel will not be established or will be torn down. Reference := Configure IOS-XE Site-to-Site VPN Connection to Amazon Web Services, Topic: Troubleshooting Designing and Implementing Cloud Connectivity (ENCC) v1.0, Module 3: Implementing Cloud Connectivity, Lesson 2: Implementing Cisco SD-WAN Cloud OnRamp for IaaS, Topic: Troubleshooting Cisco SD-WAN Cloud OnRamp for IaaS
Cisco IOS Security Configuration Guide, Release 15M&T, Chapter: Configuring IPsec Network Security, Topic: Configuring IPsec Identity and Peer Addressing



Refer to the exhibit.



A network engineer discovers that the policy that is configured on an on-premises Cisco WAN edge router affects only the route tables of the specific devices that are listed in the site list.
What is the problem?

  1. An inbound policy must be applied.
  2. The action must be set to deny
  3. A localized data policy must be configured.
  4. A centralized data policy must be configured

Answer(s): D

Explanation:

A centralized data policy is a policy that is applied to all devices in the overlay network, regardless of the site list. A localized data policy is a policy that is applied only to the devices that are listed in the site list. In this case, the network engineer wants to apply the policy to all devices in the overlay network, not just the specific devices in the site list. Therefore, a centralized data policy must be configured on the on-premises Cisco WAN edge router. Reference := Designing and Implementing Cloud Connectivity (ENCC) v1.0, Module 3: Implementing Cloud Connectivity, Lesson 3: Implementing Cisco SD-WAN Cloud OnRamp for Colocation, Topic:
Centralized Data Policy
[Cisco SD-WAN Cloud OnRamp for Colocation Deployment Guide], Chapter: Configuring Centralized Data Policy



A company with multiple branch offices wants a connectivity model to meet its network architecture requirements. The company focuses on ensuring low latency and efficient routing for its critical business applications.
Which connectivity model meets these requirements?

  1. hub-and-spoke topology with SD-WAN technology, using dynamic routing and OSPF as the routing protocol
  2. fully meshed topology with SD-WAN technology, using dynamic routing and BGP as the routing protocol
  3. point-to-point topology using dedicated leased lines and static routing
  4. star topology with internet-based VPN connections and static routing

Answer(s): B

Explanation:

A fully meshed topology with SD-WAN technology, using dynamic routing and BGP as the routing protocol, meets the requirements of the company because it provides the following benefits:
It allows direct and secure connectivity between any two branch offices, without the need for a central hub or intermediary devices12. This reduces the latency and improves the performance of the critical business applications.
It leverages SD-WAN technology to optimize the traffic flow and application quality of service (QoS) across the WAN13. SD-WAN can dynamically select the best path for each application based on the network conditions and policies13. SD-WAN can also provide redundancy, security, and visibility for the WAN13.
It uses dynamic routing and BGP as the routing protocol to exchange routing information and establish connectivity between the branch offices14. BGP is a scalable and flexible protocol that can support multiple address families, such as IPv4 and IPv6, and multiple routing policies, such as local preference and route filtering14. BGP can also enable seamless integration with the cloud service providers (CSPs) and internet service providers (ISPs)14.



DRAG DROP (Drag and Drop is not supported)
An engineer signs in to Cisco vManage and needs to configure a custom application with a Cisco SD-WAN centralized policy. Drag and drop the steps from the left onto the order on the right to complete the configuration.

  1. See Explanation section for answer.

Answer(s): A

Explanation:

To configure a custom application with Cisco SD-WAN centralized policy, you need to follow these steps25:
Click Configuration, select Policies, and then select Centralized Policy. Click Custom Options, select Centralized Policy, and then select Lists. Click Custom Applications, and then select New Custom Application. Enter a name for the application, enter the match criteria, and then click Add.

The process of configuring a custom application with a Cisco SD-WAN centralized policy using Cisco vManage involves several steps1.
Click Configuration, select Policies, and then select Centralized Policy: This is the first step where you navigate to the Policies section in the Configuration menu of Cisco vManage1. Click Custom Options, select Centralized Policy, and then select Lists: In this step, you select the Custom Options, then select Centralized Policy, and finally select Lists1. Click Custom Applications, and then select New Custom Application: After setting up the Lists, you click on Custom Applications and then select New Custom Application1. Enter a name for the application, enter the match criteria, and then click Add: Finally, you enter a name for the application, specify the match criteria, and then click Add to complete the configuration1.



Which Microsoft Azure service enables a dedicated and secure connection between an on-premises infrastructure and Azure data centers through a colocation provider?

  1. Azure Private Link
  2. Azure ExpressRoute
  3. Azure Virtual Network
  4. Azure Site-to-Site VPN

Answer(s): B

Explanation:

Azure ExpressRoute is a service that enables a dedicated and secure connection between an on- premises infrastructure and Azure data centers through a colocation provider. A colocation provider is a third-party data center that offers network connectivity services to multiple customers. Azure ExpressRoute allows customers to bypass the public internet and connect directly to Azure services, such as virtual machines, storage, databases, and more. This provides benefits such as lower latency, higher bandwidth, more reliability, and enhanced security. Azure ExpressRoute also supports hybrid scenarios, such as connecting to Office 365, Dynamics 365, and other SaaS applications hosted on Azure. Azure ExpressRoute requires a physical connection between the customer's network and the colocation provider's network, as well as a logical connection between the customer's network and the Azure virtual network. The logical connection is established using a Border Gateway Protocol (BGP) session, which exchanges routing information between the two networks. Azure ExpressRoute supports two models: standard and premium. The standard model offers connectivity to all Azure regions within the same geopolitical region, while the premium model offers connectivity to all Azure regions globally, as well as additional features such as increased route limits, global reach, and Microsoft peering.


Reference:

Designing and Implementing Cloud Connectivity (ENCC) v1.0, Learning Plan: Designing and Implementing Cloud Connectivity v1.0 (ENCC 300-440) Exam Prep, ENCC | Designing and Implementing Cloud Connectivity | Netec



Viewing Page 1 of 9



Share your comments for Cisco 300-440 exam with other users:

Samir 8/1/2023 3:07:00 PM

very useful tools
UNITED STATES


Saeed 11/7/2023 3:14:00 AM

looks a good platform to prepare az-104
Anonymous


Matiullah 6/24/2023 7:37:00 AM

want to pass the exam
Anonymous


SN 9/5/2023 2:25:00 PM

good resource
UNITED STATES


Zoubeyr 9/8/2023 5:56:00 AM

question 11 : d
FRANCE


User 8/29/2023 3:24:00 AM

only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.
Anonymous


CW 7/6/2023 7:37:00 PM

good questions. thanks.
Anonymous


Farooqi 11/21/2023 1:37:00 AM

good for practice.
INDIA


Isaac 10/28/2023 2:30:00 PM

great case study
UNITED STATES


Malviya 2/3/2023 9:10:00 AM

the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.
INDIA


rsmyth 5/18/2023 12:44:00 PM

q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk
IRELAND


Keny 6/23/2023 9:00:00 PM

thanks, very relevant
PERU


Muhammad Rawish Siddiqui 11/29/2023 12:14:00 PM

wrong answer. it is true not false.
SAUDI ARABIA


Josh 7/10/2023 1:54:00 PM

please i need the mo-100 questions
Anonymous


VINNY 6/2/2023 11:59:00 AM

very good use full
Anonymous


Andy 12/6/2023 5:56:00 AM

very valid questions
Anonymous


Mamo 8/12/2023 7:46:00 AM

will these question help me to clear pl-300 exam?
UNITED STATES


Marial Manyang 7/26/2023 10:13:00 AM

please provide me with these dumps questions. thanks
Anonymous


Amel Mhamdi 12/16/2022 10:10:00 AM

in the pdf downloaded is write google cloud database engineer i think that it isnt the correct exam
FRANCE


Angel 8/30/2023 10:58:00 PM

i think you have the answers wrong regarding question: "what are three core principles of web content accessibility guidelines (wcag)? answer: robust, operable, understandable
UNITED STATES


SH 5/16/2023 1:43:00 PM

these questions are not valid , they dont come for the exam now
UNITED STATES


sudhagar 9/6/2023 3:02:00 PM

question looks valid
UNITED STATES


Van 11/24/2023 4:02:00 AM

good for practice
Anonymous


Divya 8/2/2023 6:54:00 AM

need more q&a to go ahead
Anonymous


Rakesh 10/6/2023 3:06:00 AM

question 59 - a newly-created role is not assigned to any user, nor granted to any other role. answer is b https://docs.snowflake.com/en/user-guide/security-access-control-overview
Anonymous


Nik 11/10/2023 4:57:00 AM

just passed my exam today. i saw all of these questions in my text today. so i can confirm this is a valid dump.
HONG KONG


Deep 6/12/2023 7:22:00 AM

needed dumps
INDIA


tumz 1/16/2024 10:30:00 AM

very helpful
UNITED STATES


NRI 8/27/2023 10:05:00 AM

will post once the exam is finished
UNITED STATES


kent 11/3/2023 10:45:00 AM

relevant questions
Anonymous


Qasim 6/11/2022 9:43:00 AM

just clear exam on 10/06/2202 dumps is valid all questions are came same in dumps only 2 new questions total 46 questions 1 case study with 5 question no lab/simulation in my exam please check the answers best of luck
Anonymous


Cath 10/10/2023 10:09:00 AM

q.112 - correct answer is c - the event registry is a module that provides event definitions. answer a - not correct as it is the definition of event log
VIET NAM


Shiji 10/15/2023 1:31:00 PM

good and useful.
INDIA


Ade 6/25/2023 1:14:00 PM

good questions
Anonymous