Versa Networks VNX301 Exam - Topic 3 Question 6 Discussion

The correct answer is A. In Versa Secure SD-WAN onboarding, the branch moves through three staging phases before becoming fully operational. Versa documentation states that in Stage 3, Versa Director pushes the stage-three configuration to the branch device over the IKE session and reboots the branch. After this stage, the branch becomes fully operational and is part of the customer SD-WAN network. At this point, IKE and IPsec sessions are created between the branch and Controller, and VXLAN and ESP sessions are created between branch to branch.

This distinction is important because the Controller connection is used for SD-WAN control-plane functions, while branch-to-branch overlay communication uses tunnel encapsulation for data forwarding. The documentation also notes that branch-to-branch ESP is maintained using a lightweight DH key-pair proprietary protocol.

Options B, C, and D are incorrect. HTTPS to Director alone does not represent the complete SD-WAN operational tunnel state. BGP to Analytics is not the required operational tunnel set. GRE-only tunnels without IPsec do not match the Versa Stage 3 SD-WAN tunnel behavior described in the staging documentation.