SD-WAN-Engineer Practice Questions

Comprehensive and Detailed Explanation at least 150 to 250 words each from Palo Alto Networks SD-WAN Engineer documents:

In Prisma SD-WAN, the Signal-to-Noise Ratio (SNR) is a critical metric used to monitor the health and performance of cellular WAN interfaces. SNR measures the strength of the desired signal relative to the background noise level; higher values indicate a cleaner signal, while lower values suggest that noise is overwhelming the signal, typically leading to increased packet loss, high latency, and reduced throughput.

Analyzing the provided graph, Carrier-1 (blue line) shows a severe drop in SNR, plummeting from approximately 4.5 dB to nearly 0.3 dB between 15:00 and 23:00. An SNR value this low is indicative of a failing or highly unstable link that cannot reliably sustain data traffic, directly supporting Inference A—that Carrier-1 experienced significant performance degradation. In contrast, Carrier-2 (green line) maintains a much higher and more consistent SNR throughout the same period.

Prisma SD-WAN’s AppFabric uses application-based path selection and SLA monitoring to ensure the best possible user experience. When the system detects that a primary path (like Carrier-1) has degraded below acceptable thresholds—often triggered by high loss or latency resulting from poor signal quality—it will dynamically steer application flows to an alternative healthy path. Therefore, Inference D is correct: because Carrier-1’s quality became untenable while Carrier-2 remained stable, the ION device would have likely initiated a path switchover to move traffic from the degraded Carrier-1 to the healthier Carrier-2.

Comprehensive and Detailed Explanation

In Prisma SD-WAN (formerly CloudGenix), the establishment of Secure Fabric (VPN) tunnels is automated but relies heavily on the correct definition of the Network Context for each interface. If a tunnel fails to form on a newly added s2econdary circuit, it is typically due to a misconfiguration in how the interface is defined in the ION portal.

1. Interface Scope (Statement D):

The Scope setting on an interface determines its function in the network topology.

Global Scope: This defines the interface as a WAN-facing port. The ION device will only attempt to build VPN tunnels (overlay) on interfaces configured with Global scope.

Local Scope: This defines the interface as a LAN-facing port (for users, switches, or APs). If the administrator mistakenly sets the scope to "Local" for the new internet line, the ION treats it as a private LAN segment and will not initiate any tunnel negotiation or WAN signaling on that port.

2. Interface Role/Circuit Category (Statement A):

Prisma SD-WAN uses Circuit Categories (often referred to as Interface Roles in general networking terms, or specifically "Circuit Category" in the ION UI) to determine peering logic.

To form a tunnel over a public internet link to a Data Center, the circuit attached to the interface must be categorized as "Internet".

The controller uses this category to match compatible endpoints. It knows that a "Private WAN" (MPLS) link cannot directly tunnel to an "Internet" link without a gateway. If the new circuit is not correctly selected/categorized as "Internet" (e.g., left undefined or set to a different category), the system will not attempt to build the standard IPSec overlay to the Data Center's public IP address.