Which Cisco SD-WAN feature provides application identification-based policy enforcement within overlay VPNs?

• A. DPI-based application awareness
• B. VPN segmentation
• C. Zero-touch provisioning
• D. Centralized data policy

Answer: (A)

Application identification-based policy enforcement relies on deep packet inspection to recognize the actual application generating each flow. In Cisco SD-WAN, this DPI-based app awareness lets you create policies that act on the application itself, not just on IP addresses or ports. Once an app is identified, the overlay can enforce routing preferences, QoS, or security rules specifically for that app across all sites connected by the overlay VPNs. For example, you can give high priority to business-critical apps like UC or cloud SaaS, ensuring they traverse the best paths, while keeping nonessential apps from consuming bandwidth. VPN segmentation deals with isolating traffic between VPN tunnels, zero-touch provisioning handles device onboarding, and centralized data policy manages policy distribution—none of these provide the per-application enforcement capability that DPI-based application awareness delivers.