Domain 2 Answer Key

Cisco DNA Center can be used to install ThousandEyes Enterprise Agents on Cisco Catalyst 9300 and 9400 Series switches, allowing your IT team to easily monitor performance and quickly identify issues with critical services that your users rely on.

Additionally, Application Hosting with Docker via CLI is another great option for the installation of Enterprise agents.

The ThousandEyes - Meraki integration allows users to install ThousandEyes Enterprise Agents on supported Meraki MX switches, providing better monitoring and testing capabilities for customers interested in improving the quality of their experience and adding the appropriate SD-WAN policies to optimize network performance.

The correct answer is C) Execute the full agent lifecycle.

After the application is up and running, the agent (ThousandEyes-agent) process connects to the controller in the cloud environment. To apply configuration changes, you need to stop and deactivate the container before modifying the configuration. The full lifecycle (stop, deactivate, activate, start) ensures that the changes are properly applied.

Why the other options are incorrect:

• A) Simply restarting the container is insufficient; the app hosting application needs to be deactivated before making configuration changes.
• B) While reinstalling with the correct settings would work, it's an unnecessarily lengthy process. The existing agent can be reconfigured.
• D) The app hosting application must be stopped and deactivated; it will not automatically pick up the new configuration.

Group Policy Objects (GPOs) only apply to computers within the designated domain. Before troubleshooting further, verify the PC is part of the correct domain.

The other options are incorrect because:

• A) EPA installation via GPO isn't dependent on specific user logins.
• C) Rebooting the PC won't restart server components or affect GPO deployment.
• D) Restarting the server is irrelevant if the PC isn't a member of the domain where the GPO is deployed.

Option B is the most efficient method. Options A, C, and D are slower and less efficient processes for enterprise-scale deployment.

Enabling the Path Trace Mode: In Session setting configures the test to establish a TCP connection with the target and use that same connection for sending path traces. This helps avoid firewall detection because the path trace packets appear as part of an established session, rather than as separate, potentially malicious traffic.

• B) is incorrect: Protocol: TCP simply defines the protocol used for the test packets and does not address firewall behavior.
• C) is incorrect: The Port number is irrelevant to how firewalls handle path trace packets.
• D) is incorrect: Probing Mode: Force SYN is a fallback mechanism related to TCP probing and does not affect firewall detection of path traces.

Correct: B) Create a DNS Server test monitoring the AAAA record and D) Create a DNS Server test monitoring the NS record.

• The AAAA record resolves to the IPv6 IP address, and the DNS Server test is the only test that provides the resolution time metric.
• The same applies to the NS record, which provides name server resolution times.

Incorrect:

• A) Create a DNS Server test monitoring the A record: The A record resolves to an IPv4 address, not IPv6.
• C) Create a DNS Trace test monitoring the ANY record: The ANY query type retrieves all available records, but the resolution time metric is not available in the DNS Trace test.
• E) Create a DNS Trace test monitoring the NS record: The resolution time metric is not available in the DNS Trace test.

The correct answer is D) The agent does not support Page load tests.

To run Page Load, Transaction, and API tests, the agent must have BrowserBot installed. If it doesn't, it will be unavailable when selecting agents in the test settings.

Incorrect:

• A & B) The agent is not running/disabled: If the agent is not running or disabled, it will show the label "(disabled)" in addition to being grayed out.
• C) The agent is still registering: The agent would not show up on the list of agents if it was still registering to the platform.

The Transaction test type is the most useful for this scenario. This type of test can mimic user interactions with a website, allowing you to identify precisely where the latency occurs. Since the problem is related to performance while logging in or adding items to the cart, a transaction test can be configured to follow a user's journey and pinpoint the source of the issue.

The answer is Enterprise Agent and Agent-to-agent test type. This combination is ideal because it allows for the monitoring of specific network metrics between the branch offices and the data center. The Enterprise Agent is the best choice for this scenario as it provides detailed insights into network performance, while the agent-to-agent test type is the most suitable for measuring communication and network performance between two specific locations.

The correct answers are A) Create a new custom application monitor and C) Add a new scheduled test to the monitor.

To monitor a web application from the employee's point of view using an Endpoint Agent, you need to:

1. Create a custom application monitor to define the specific web application you want to track.

2. Add a scheduled test to this monitor to regularly check the application's performance.

Incorrect options:

• B) Create a new google suite monitor: The Google suite application monitor is a pre-defined template with 3 Scheduled HTTP server tests to monitor meet.google.com, mail.google.com, and docs.google.com, plus 1 Scheduled Network test to Google's DNS. This is not suitable for monitoring a custom web application.

• D) Add a new dynamic test to the monitor: Dynamic tests are specifically designed to monitor traffic for certain applications like Microsoft Teams, Webex, or Zoom. They are not appropriate for monitoring a custom web application.

• E) Add a new test template: All monitor applications are already templates. Adding a new template is not an action that would directly contribute to monitoring the web application.

The correct answer is A) *-corporate. Here's why:

• Wildcard Usage: ThousandEyes supports the use of wildcards (like *) in label filters. The * symbol represents any string of characters.
• Matching the Pattern: You want to match any agent name (agentname) followed by a hyphen and the word "corporate" (-corporate). The filter *-corporate achieves this by using the wildcard to match any characters before "-corporate".

Let's break down why the other options are incorrect:

• B) agentname-*: This would match any agent with the prefix "agentname-" followed by any characters, not specifically those connected to the corporate network.
• C) agent*corporate: This filter is too broad; it would match any agent with "agent" somewhere in the name, followed by any characters, and ending with "corporate".

The correct answer is C) Real user tests.

Real user tests in ThousandEyes utilize a browser plugin to capture user interactions and performance metrics as users navigate websites within defined monitored domain sets. This provides insights into actual user experience with web applications.

The correct answer is C) Scheduled, dynamic, and real user tests.

ThousandEyes provides multiple options for monitoring applications like Microsoft Teams:

• Scheduled tests establish a performance baseline by running HTTP server or network tests at regular intervals.
• Dynamic tests automatically trigger tests to remote servers when specific applications (like Teams) initiate network connections.
• Real user tests capture the actual user experience with Teams during live sessions using the browser plugin.

All are valid answers, hence D is the right answer.

Further explanations:

• A) There is a script sample specific to this use case.
• B) The recorder IDE can help you get started by recording the user workflow on your personal PC and translate it to JavaScript.
• C) This Github repository is maintained and owned by ThousandEyes. Useful script samples can be found to match your use case.

The correct answer is B) Transaction monitoring.

While the other options provide valuable network-level insights, transaction monitoring is specifically designed to simulate and measure multi-step user workflows within a web application. For an e-commerce checkout process, transaction tests can simulate actions such as adding items to a cart, entering payment information, and completing the purchase. This provides a comprehensive understanding of performance and user experience throughout the entire checkout flow.

False. While Synthetic tests provide valuable insights, they cannot capture the full range of real user behavior. Consider using Real User Monitoring (RUM) tools in conjunction with Synthetic Tests for a more comprehensive picture.

The correct answers are D) Parameters are not supported by HTTP server OAuth authentication; use a Transaction script instead and E) Parameters are not supported by HTTP server OAuth authentication; use an API test instead.

The question describes an OAuth flow that requires sending parameters in the initial token request. This is not supported by the HTTP Server test type.

• Basic and NTLM authentication only use username/password credentials.
• While the HTTP Server test's OAuth configuration can handle token-based authentication, it doesn't allow for parameters in the token request.

Transaction scripts and API tests provide the necessary flexibility to handle this flow. Transaction scripts allow you to script the entire process, while API tests are specifically designed for interacting with APIs and support parameters in requests.

The correct answer is D) Exclude the MFA step from the transaction test and focus only on the SAML login.

ThousandEyes transaction tests are not designed to interact with external authentication mechanisms like mobile app-based OTPs. The most practical approach in this scenario is to exclude the MFA step from the test and focus on monitoring the SAML-based SSO login process. This provides valuable insights into the performance and availability of the SSO system without the complexities of handling dynamic OTPs.

The correct answers are B) Verify the correctness of credentials by manually logging into the application from different locations, C) Analyze the ThousandEyes waterfall charts and HTTP response codes to identify potential bottlenecks or errors, and D) Contact the web application vendor to report the issue and inquire about possible server-side problems.

When troubleshooting intermittent failures in a transaction test using Basic Authentication, it's essential to take a multi-faceted approach:

• Credential Verification: Ensure the credentials used in the test are accurate by manually logging in from different locations. This rules out any typos or location-specific access issues.
• Waterfall Chart and Response Code Analysis: Examine the ThousandEyes waterfall charts and HTTP response codes for clues. Slow-loading resources, server errors, or authentication-related errors can point to the root cause.
• Vendor Communication: If the issue persists after verifying credentials and analyzing ThousandEyes data, contact the web application vendor. They may have insights into server-side problems or recent changes that could be affecting the test.