Refer to the exhibit. Which setting should be enabled for this network Agent to Server test to avoid test traffic being detected by firewalls as malicious?
Correct Answer: A
In theDesigning and Implementing Enterprise Network Assurance (300-445 ENNA)architecture, a critical challenge in active synthetic monitoring is ensuring that test probes accurately reflect user traffic without being dropped by intermediate security appliances. Standard network tests often utilize separate connections for measuring performance metrics (latency/loss) and for path discovery (hop-by-hop visualization). This behavior can be flagged by stateful firewalls or Intrusion Prevention Systems (IPS) as suspicious or malicious scanning activity. To mitigate this, the engineer should enablePath Trace Mode: In Session(Option A). When this mode is active, ThousandEyes performs path discovery using the exact same TCP session established for the performance measurement. By embedding path discovery probes within an active, established session, the traffic appears to firewalls as part of a legitimate, ongoing communication stream rather than an independent series of probes with varying TTL values that might trigger "anti-spoofing" or "scanning" alerts. Reviewing the alternative options: * Protocol: TCP (Option B):While using TCP is generally more firewall-friendly than ICMP, the exhibit shows TCP is already selected. The issue is not the protocol itself, but how the path discovery probes are handled relative to the session. * Port: 5000 (Option C):Changing the port to a non-standard value like 5000 often makes trafficmore likely to be scrutinized or blocked by default firewall policies compared to standard web ports like 80. * Probing Mode: Force SYN (Option D):Forcing SYN packets is a technique used to bypass certain types of load balancers but does not address the fundamental issue of path discovery probes being seen as a separate, malicious scan by stateful inspection engines. Therefore, enablingIn Sessionpath trace mode is the most effective way to ensure consistent visibility through security-hardened environments.
300-445 Exam Question 7
A network engineer needs to monitor the performance of a business-critical web application accessed by remote employees connecting through a Cisco AnyConnect VPN. Which two agent deployment methods are most suitable for this scenario? (Choose two)
Correct Answer: A,D
For theDesigning and Implementing Enterprise Network Assurance (300-445 ENNA)exam, monitoring remote workforces requires a strategy that captures both the user's local environment and the regional internet health. In a scenario involving Cisco AnyConnect VPN, the "last mile" connectivity of the employee is often the most significant variable in application performance. Utilizing the ThousandEyes Endpoint Agent(Option D) is the most effective way to monitor this environment. Because the agent resides directly on the remote employee's machine, it can monitor the performance of the web application both "inside" and "outside" the VPN tunnel. It provides visibility into the local Wi-Fi signal strength, the health of the AnyConnect client, and the latency experienced as traffic traverses the VPN headend. This allows engineers to differentiate between a slow home internet connection and an issue with the VPN concentrator. Deploying ThousandEyes Cloud Agents(Option A) serves as a critical baseline. By running tests from Cloud Agents in the same regions as the remote employees, the engineer can determine if the "internet" in that region is healthy. If a Cloud Agent in London shows a perfect response time while an Endpoint Agent in London shows high latency, the engineer can immediately isolate the problem to the user's specific setup or the VPN path, rather than a regional ISP outage. Other options are less suitable for monitoring theremote employee's experience: * AppDynamics (Option B)provides server-side code visibility but cannot see the user's home Wi-Fi or local network path. * Enterprise Agents on the VPN concentrator (Option C)can monitor the pathfromthe data center to the app, but they cannot see the path from theuserto the concentrator. * Enterprise Agents in the data center (Option E)provide an "inside-out" view of the app's health but miss the entire remote access experience.
300-445 Exam Question 8
You want to monitor Microsoft Teams using ThousandEyes endpoint agents. Which tests are available for this type of application monitoring?
Correct Answer: D
According to theDesigning and Implementing Enterprise Network Assurance (300-445 ENNA)best practices for collaboration monitoring,Microsoft Teams(as well as Webex and Zoom) is monitored using a combination ofScheduled and Dynamic tests(Option D). * Scheduled Tests:These are used to proactively monitor the reachability and performance of the Microsoft Teams infrastructure. The Teams template typically includes scheduled HTTP Server tests to teams.microsoft.com and login.microsoftonline.com, along with network-layer tests to theTeams Transport Relay(e.g., worldaz.tr.teams.microsoft.com). These provide a continuous baseline of connectivity regardless of whether a user is currently in a call. * Dynamic Tests:These are a unique feature for collaboration monitoring. When an Endpoint Agent detects that the Teams application has initiated a real-time media session (audio or video call), it automatically triggers aDynamic Testto the specific IP and port being used for that call. This allows IT teams to see the exact network path-including hop-by-hop latency and loss-of the actual call traffic while the session is active. Real User Tests (Option C)are generally not used for Teams monitoring in the same way they are for web- based SaaS apps. Because most users utilize the Teamsdesktop clientrather than the browser, the RUM browser extension cannot capture the rich telemetry of the desktop application's internal signaling and media streams. Therefore, the specialized "Automated Session Testing" provided byDynamic Tests, combined with the proactive health checks ofScheduled Tests, constitutes the complete assurance strategy for Microsoft Teams.
300-445 Exam Question 9
What are the different ways to deploy a ThousandEyes Agent in a Switch? (Choose all that apply)
Correct Answer: E
In theDesigning and Implementing Enterprise Network Assurance (300-445 ENNA)architecture, the deployment of ThousandEyes Enterprise Agents on switching infrastructure is designed to be highly flexible, catering to different management styles and network scales. Modern Cisco switches, specifically theCatalyst 9300 and 9400 Series, support the execution of containerized applications directly on the switch's hardware through theCisco IOS XE Application Hostingframework.1 Application Hosting (Option A)refers to the manual method using the Cisco IOS XE Command Line Interface (CLI). An engineer can use app-hosting commands to install, configure, and manage the Docker- based Enterprise Agent.2This provides granular control over resource allocation and networking for the container.Catalyst Center (Option B)provides a GUI-driven, automated workflow to deploy agents at scale across an entire campus fabric.3It simplifies the lifecycle management by handling the installation and activation across multiple switches simultaneously. For switches acting as edge devices in an SD-WAN fabric, Catalyst SD-WAN Manager (Option C)orchestrates the deployment through centralized policies and templates, allowing the agent to be pushed as part of a device configuration. Finally, while theThousandEyes Portal (Option D)is the management plane for tests, it is also where the Docker image and Account Group Token are obtained for any of the aforementioned deployment methods. Each method provides the same end result: an Enterprise Agent running "on-box" to provide deep visibility into the network path starting directly from the access or core layer. Therefore,All of the above(Option E) is the correct answer as it encompasses the manual, automated, and orchestrated methods available for switch- based deployment as per the 300-445 ENNA official guidelines.
300-445 Exam Question 10
Thousand23Eyes WAN Insights integrates with Cisco SD-WAN to provide visibility into network performance and generate path recommendations. Which two data sources from the SD-WAN environment are e25ssential for WAN Insights to function? (Choose two)
Correct Answer: B,D
The architecture forDesigning and Implementing Enterprise Network Assurance (300-445 ENNA) specifies that ThousandEyes WAN Insights relies on deep integration with the Cisco SD-WAN management stack. To generate its predictive path recommendations, the platform must ingest specific telemetry data that reflects both the network's behavior and the applications traversing it. The first essential data source ishistorical network performance metrics collected by vAnalytics(Option B). Before WAN Insights can be activated, vAnalytics must be enabled to collect and enrich raw network telemetry from the edge routers.34This data includes granular metrics for every SD-WAN tunnel, such as packet loss, latency, and jitter.35WAN Insights analyzes these historical trends to forecast future path quality and determine which transport circuits are most likely to meet application SLAs over a long-term period. The second essential data source isapplication traffic flow data(Option D). WAN Insights must understand which applications are currently active in the fabric to prioritize recommendations for "business-critical" services like Office 365, Webex, or custom internal apps.38This information is ingested as flow records from the SD-WAN data plane and categorized based on theApplication Listsdefined inCisco Catalyst SD-WAN Manager (vManage). Options A and E are configuration or logging data that, while useful for general management, are not the raw telemetry inputs used by the WAN Insights predictive engine. Option C is incorrect because WAN Insights explicitly uses infrastructure telemetry rather than ThousandEyes agent-based synthetic data for its SD-WAN fabric calculations. By combiningvAnalytics performance metricsandapplication flow data, WAN Insights can provide the "Predictive Path Recommendatio41ns" that are a hallmark of modern network assurance.