Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 300-445

Cisco 300-445 Exam
Designing and Implementing Enterprise Network Assurance (Page 3 )

Updated On: 25-Jan-2026
Page 3 of 15
PDF with 57 Questions

An engineer deployed a Cisco ThousandEyes Enterprise Agent on a Meraki MX to monitor a critical SaaS application.
Which kind of monitoring has the engineer set up?

  1. active monitoring
  2. passive monitoring
  3. agentless monitoring
  4. server monitoring

Answer(s): A

Explanation:

In the Designing and Implementing Enterprise Network Assurance (300-445 ENNA) curriculum, understanding the distinction between different monitoring methodologies is fundamental to architecting an effective assurance strategy.
When an engineer deploys a ThousandEyes Enterprise Agent on a Meraki MX appliance, they are implementing active monitoring.

Active monitoring, as defined in standard network assurance frameworks like RFC 7799, involves the generation of synthetic traffic or "probes" that are sent across the network to a specific destination. These probes, which can utilize protocols such as ICMP, TCP, or HTTP/S, simulate real user transactions to measure performance metrics including latency, packet loss, jitter, and path visualization. The Enterprise Agent acts as a dedicated vantage point, executing these tests at scheduled intervals to provide a proactive baseline of network and application health. This allows the engineer to identify performance degradation or outages even when no real users are actively using the application, ensuring that issues are detected before they impact the business.

It is important to contrast this with passive monitoring (Option B). In the Meraki ecosystem, Meraki

Insight (MI) natively performs passive monitoring by observing and analyzing actual user traffic flows (HTTP/S data) as they traverse the MX appliance without injecting additional traffic.
While passive monitoring is excellent for understanding real-world user experience and server response times, it relies on existing traffic and cannot provide hop-by-hop path visualization across the Internet in the same way active synthetic probing does.

By integrating the ThousandEyes Enterprise Agent--which runs as a containerized service within the MX architecture--the engineer gains the benefits of active monitoring directly from the branch edge. This eliminates the need for separate hardware and provides deep, "outside-in" and "inside-out" visibility into SaaS application performance. Therefore, the deployment of a ThousandEyes agent explicitly enables active monitoring (Option A) to supplement the native passive capabilities of the Meraki platform.



Refer to the exhibit.



An engineer must configure Cisco ThousandEyes SSO to use Microsoft Entra ID using the configuration shown in the exhibit.
Which feature must be set to override to complete the configuration?

  1. Service Provider Issuer
  2. Logout Page URL
  3. Login Page URL
  4. Identity Provider Issuer

Answer(s): D

Explanation:

In the Designing and Implementing Enterprise Network Assurance (300-445 ENNA) architecture, secure administrative access via Single Sign-On (SSO) is a critical component of platform governance. The exhibit illustrates the ThousandEyes SSO configuration panel being integrated with Microsoft Entra ID (formerly Azure AD).
When configuring SAML-based authentication, the "Identity Provider Issuer" (Option D) is a unique identifier provided by the IdP (Microsoft) that must match exactly between the two systems.

According to ENNA implementation guidelines, ThousandEyes populates default fields based on standard SAML metadata. However, Microsoft Entra ID often utilizes a specific GUID-based format for the Issuer URL (e.g., https://sts.windows.net/tenant-id/) that may differ from the generic URL format expected by the platform's initial auto-fill. To ensure a successful SAML handshake, the engineer must select the "Override" checkbox next to the Identity Provider Issuer field. This action unlocks the field, allowing the engineer to manually paste the exact string provided in the Entra ID Federation Metadata document. If this value is not overridden and matched precisely, the SAML assertion will be rejected, resulting in a failed authentication attempt.

While the Login and Logout URLs (Options B and C) are also critical, they are typically correctly identified during the initial setup or metadata import; the Identity Provider Issuer is the most frequent point of mismatch requiring an manual override in Entra ID environments due to its strict "Audience Restriction" requirements. The Service Provider Issuer (Option A) is generally a fixed value (https://app.thousandeyes.com) that rarely requires overriding as it defines ThousandEyes' own identity to the IdP.

Therefore, selecting the override for the Identity Provider Issuer is the necessary step to complete the integration and allow enterprise users to authenticate securely using their corporate credentials.



An architect needs to analyze network path metrics from their internal network, specifically from the access layer to a cloud-hosted web server.1 Which ThousandEyes agent is most appropriate for this task?

  1. Synthetic Agent
  2. Enterprise Agent
  3. Cloud Agent
  4. Endpoint Agent

Answer(s): B

Explanation:

In the framework of Designing and Implementing En8terprise Network Assurance (300-445 ENNA), selecting the correct agent type depends heavily on the vantage point required for the specific observation. For this scenario, the architect must collect metrics from the internal network access layer--the point closest to where the users or devices reside within the corporate perimeter-- towards a cloud-hosted destination.

The Enterprise Agent (Option B) is the most appropriate choice because it is specifically designed to be deployed on infrastructure owned and managed by the organization. These agents are "inside- out" vantage points that can be installed directly on Cisco Catalyst 9300 or 9400 Series switches at the access layer using Docker containers. By deploying an Enterprise Agent at the access layer, the architect gains visibility into the entire network path, starting from the internal LAN, traversing the edge/WAN, and reaching into the cloud-hosted web server. This allows for the identification of issues such as local congestion, ISP peering problems, or cloud provider latency.

Other options do not meet the criteria:

Synthetic Agent (Option A): This is a distractor term. All ThousandEyes agents (Cloud, Enterprise, and Endpoint) are synthetic agents because they all perform active synthetic testing.

Cloud Agent (Option C): These are pre-deployed by Cisco in global ISP data centers and provide an "outside-in" view.14 While useful for monitoring public-facing availability, they cannot provide visibility into the internal network or the access layer of the organization.

Endpoint Agent (Option D): While these are installed on end-user machines and provide a "user- centric" view, they are generally not used for infrastructure-level path analysis from the access layer switches themselves.

Thus, the Enterprise Agent is the definitive choice for monitoring from the access layer to the cloud.



A network engineer is investigating widespread reports of poor performance for a data center- hosted web application.
Which ThousandEyes agent type would be most effective for quickly identifying the root cause?

  1. Synthetic Agent
  2. Enterprise Agent
  3. Endpoint Agent
  4. Cloud Agent

Answer(s): D

Explanation:

According to the Designing and Implementing Enterprise Network Assurance (300-445 ENNA) guidelines, troubleshooting widespread performance issues for a public or data center-hosted app17lication requires an "outside-in" perspective.
When reports are widespread,18 the goal is to determine if the issue is global, regional, or specific to certain ISP paths leading to the data center.

The Cloud Agent (Option D) is the most effective tool for this task because these agents are maintained by Cisco ThousandEyes in over 240+ locations worldwide within Tier 1, 2, and 3 ISPs and cloud provider regions.19 Because they are pre-deployed and immediately available, a network engineer can instantly run tests from multiple global locations toward the data center-hosted application without having to install any software or manage any infrastructure. This allows the engineer to quickly compare performance metrics (latency, loss, and page load times) across different geographies. If Cloud Agents in London report no issues while those in New York report high packet loss, the engineer can immediately pinpoint the root cause as a regional ISP or peering issue rather than a failure within the data center itself.

Enterprise Agent (Option B): While these could be used if they were already installed in various branch offices, they require ownership of the infrastructure and deployment time. They are better suited for "inside-out" monitoring.

Endpoint Agent (Option C): These are useful for troubleshooting individual user experience but are not the "quickest" way to baseline global performance against a data center application during a widespread event.

Synthetic Agent (Option A): As noted previously, this is a generic term describing the underlying technology used by all ThousandEyes agent types.

Therefore, Cloud Agents provide the necessary breadth and immediate availability to perform rapid root cause analysis for widespread application performance issues.



An architect needs to measure end-user experience for internal web applications and SaaS products.20 Which ThousandEyes agent should be deployed for this purpose?

  1. Synthetic Agent
  2. Enterprise Agent
  3. Cloud Agent
  4. Endpoint Agent

Answer(s): D

Explanation:

In the context of Designing and Implementing Enterprise Network Assurance (300-445 ENNA), measuring the "lived experience" of an end-user requires data collection from the actual device being used to access the services. Unlike server-side or infrastructure-side monitoring, user experience (UX) monitoring must account for local variables like Wi-Fi signal quality, CPU/memory usage, and browser-level pe21rformance.

The Endpoint Agent (Option D) is the correct choice for this architecture. It is a lightweight software service installed directly on Windows or macOS workstations, as well as RoomOS devices. The Endpoint Agent provides a dual-monitoring approach: Real User Monitoring (RUM) and Scheduled Synthetic Tests.24 RUM captures actual browser sessions to SaaS (e.g., Salesforce, Microsoft 365) or internal apps, providing a "Experience Score" and a detailed waterfall view of page load components.25 Simultaneously, the agent can run background synthetic network tests to measure latency and path visualization from the user's specific location, whether they are in a branch office, at home on a VPN, or in a coffee shop.

Comparing other agents:

Enterprise Agents (Option B) can simulate a user at a branch office, but they cannot provide insight into the specific health of an individual's laptop or their unique Wi-Fi environment.

Cloud Agents (Option C) are entirely outside the user's network and cannot measure the performance of internal web applications or the "last mile" connectivity of the employee.

Synthetic Agent (Option A) remains a distractor term.

By deploying Endpoint Agents, the architect ensures they have granular, contextual data that correlates application performance directly with the user's device and local network environment.



Viewing page 3 of 15
Viewing questions 11 - 15 out of 57 questions



Post your Comments and Discuss Cisco 300-445 exam prep with other Community members:

Join the 300-445 Discussion