What ensures devices enroll securely with the SD-WAN manager during bootstrap?

Study for the CCNP Software-Defined Wide Area Network (SD-WAN) Exam. Master key concepts with flashcards and multiple choice questions, each complete with hints and explanations. Gear up to ace your exam!

Multiple Choice

What ensures devices enroll securely with the SD-WAN manager during bootstrap?

Explanation:
During bootstrap, establishing a trusted identity is essential, and that is achieved with certificate-based enrollment guided by the SD-WAN orchestrators. The device carries a bootstrap certificate or a trusted CA chain, and when it first powers up, it reaches out to vBond. vBond authenticates the device using its certificate, then directs the device to enroll with vManage, often exchanging or presenting certificates that vManage trusts. This TLS-based, mutual-authentication flow ensures only devices with valid, authorized certificates can enroll and receive configuration, policies, and overlay information. Security hinges on identity verification via certificates rather than simple passwords, and it relies on the orchestration layer to approve and provision the device. In contrast, using password-only authentication lacks strong mutual trust; an IPsec handshake without certificates isn’t designed for initial enrollment, and MPLS labels have no role in the bootstrap enrollment process.

During bootstrap, establishing a trusted identity is essential, and that is achieved with certificate-based enrollment guided by the SD-WAN orchestrators. The device carries a bootstrap certificate or a trusted CA chain, and when it first powers up, it reaches out to vBond. vBond authenticates the device using its certificate, then directs the device to enroll with vManage, often exchanging or presenting certificates that vManage trusts. This TLS-based, mutual-authentication flow ensures only devices with valid, authorized certificates can enroll and receive configuration, policies, and overlay information.

Security hinges on identity verification via certificates rather than simple passwords, and it relies on the orchestration layer to approve and provision the device. In contrast, using password-only authentication lacks strong mutual trust; an IPsec handshake without certificates isn’t designed for initial enrollment, and MPLS labels have no role in the bootstrap enrollment process.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy