Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Cisco
  3. CCDE v3.0
  4. 400-007 - Cisco Certified Design Expert (CCDE v3.1)

Cisco 400-007 Cisco Certified Design Expert (CCDE v3.1) Exam Practice Test

Demo: 118 questions
Total 396 questions
Get 400-007 Full Access Download 400-007 PDF

Cisco Certified Design Expert (CCDE v3.1) Questions and Answers

Question 1

What are two design constraints in a standard spine and leaf architecture? (Choose two.)

Options:

A.

Spine switches can connect to each other.

B.

Each spine switch must connect to every leaf switch.

C.

Leaf switches must connect to each other.

D.

Endpoints connect only to the spine switches.

E.

Each leaf switch must connect to every spine switch.

Question 2

What are two examples of business goals to be considered when a network design is built? (Choose two.)

Options:

A.

standardize resiliency

B.

minimize operational costs

C.

integrate endpoint posture

D.

ensure faster obsolescence

E.

reduce complexity

Question 3

The cloud like the Internet is a massive network of independent resources that are designed to be fault tolerant Software components that run in the cloud have no dependencies on the underlying infrastructure which may fail at any time Which two constraints of REST are important when building cloud-based solutions'? (Choose two )

Options:

A.

separation of resources from representation

B.

migration of resources by representations

C.

distribution of resources through platforms

D.

hyper-scale as the engine of application state

E.

self-descriptive messages

Question 4

In search of a system capable of hosting, monitoring compiling. and testing code in an automated way, what can be recommended to the organization?

Options:

A.

Jenkins

B.

Ansible

C.

Perl

D.

Chef

Question 5

You are designing a new Ethernet-based metro-area network for an enterprise customer to connect 50 sites within the same city OSPF will be the routing protocol used. The customer is primarily concerned with IPv4 address conservation and convergence time. Which two combined actions do you recommend? (Choose two)

Options:

A.

Use a multipoint Metro-E service for router connections

B.

Use a single address per router for all P2P links

C.

Use P2P links between routers in a hub-and-spoke design

D.

Configure address aggregation at each site router

E.

Determine which OSPF routers will be DR/BDR

Question 6

Backupsand mirror-copies of data are an essential part of RPO solutions If a business wants to reduce their CAPEX for disaster recovery, which of the following solutions are applicable?

Options:

A.

Perform an annual cyber security assessment or penetration test

B.

Renew backup software annually to get the newest version of the console and stay protected

C.

Migrate parts of or all the infrastructure to the cloud

D.

Build a redundant infrastructure for business continuity / disaster recovery purposes at another location

Question 7

An engineer must design a network for a company that uses OSPF LFA to reduce loops. Which type of loop would be reduced by using this design?

Options:

A.

DTP

B.

micro loops

C.

STP

D.

REP

Question 8

Which two factors must be considered for high availability in campus LAN designs to mitigate concerns about unavailability of network resources? (Choose two.)

Options:

A.

device resiliency

B.

device type

C.

network type

D.

network resiliency

E.

network size

Question 9

Refer to the table.

A customer investigates connectivity options for a DCI between two production data centers. The solution must provide dual 10G connections between locations with no single points of failure for Day 1 operations. It must also include an option to scale for up to 20 resilient connections in the second year to accommodate isolated SAN over IP and isolated, dedicated replication IP circuits. All connectivity methods are duplex 10 Gbps. Which transport technology costs the least over two years, in the scenario?

Options:

A.

Metro Ethernet

B.

DWDM

C.

CWDM

D.

MPLS

Question 10

Two routers R1 and R2 are directly connected through an Ethernet link. Both routers are running OSPF over the Ethernet link and OSPF has been registered with BFD. R1 has been set up to transmit BFD at a 50 ms interval, but R2 can receive only at a 100 ms rate due to platform limitations. What does this mean?

Options:

A.

After the initial timer exchange. R2 sets its transmission rate to the R1 Desired Min TX interval

B.

After the initial timer exchange. R1 sets its transmission rate to the R2 Required Min RX interval

C.

Timers renegotiate indefinitely, so the timer exchange phase never converges

D.

R2 sets the P-bit on all BFD control packets until R2 sends a packet with the F-bit set

Question 11

Company XYZ wants to secure the data plane of their network. Which two technologies can be included in the security design? (Choose two)

Options:

A.

DAI

B.

IP Source Guard

C.

BEEP

D.

CPPr

E.

MPP

Question 12

An IT service provider is upgrading network infrastructure to comply with PCI security standards. The network team finds that 802.1X and VPN authentication based on locally-significant certificates are not available on some legacy phones.

Which workaround solution meets the requirement?

Options:

A.

Replace legacy phones with new phones because the legacy phones will lose trust if the certificate is renewed.

B.

Enable phone VPN authentication based on end-user username and password.

C.

Temporarily allow fallback to TLS 1.0 when using certificates and then upgrade the software on legacy phones.

D.

Use authentication-based clear text password with no EAP-MD5 on the legacy phones.

Question 13

A business wants to refresh its legacy Frame Relay WAN. It currently has product specialists in each of its 200 branches but plans to reduce and consolidate resources. The goal is to have product specialists available via video link when customers visit the nationwide branch offices. Which technology should be used to meet this objective?

Options:

A.

DMVPN phase 1 network over the Internet

B.

Layer 3 MPLS VPN hub and spoke

C.

Layer2VPLS

D.

Layer 3 MPLS VPN full mesh

Question 14

A company created an IPv6 adoption plan for its campus network that requires dual-stack connectivity on the network Campus users must have IPv6 connectivity to an HR management application which is the first IPv6-only application hosted in the company s data center. Which two security mechanisms can be used to prevent a malicious user from masquerading as the IPv6 gateway? (Choose two)

Options:

A.

IPv6 RA guard

B.

IPv6 snooping

C.

IPv6 device tracking

D.

IPv6 address glean

E.

port ACLs

Question 15

Which main IoT migration aspect should be reviewed for a manufacturing plant?

Options:

A.

Sensors

B.

Security

C.

Applications

D.

Wi-Fi Infrastructure

E.

Ethernet Switches

Question 16

Which undesired effect of increasing the jitter compensation buffer is true?

Options:

A.

The overall transport jitter decreases and quality improves.

B.

The overall transport jitter increases and quality issues can occur.

C.

The overall transport delay increases and quality issues can occur.

D.

The overall transport delay decreases and quality improves.

Question 17

Company XYZ connects its sites over a private WAN. Their overlay network is running a DMVPN setup where the headquarters site is the hub. The company is planning on implementing multicast routing on the network. What should be used in the multicast routing design?

Options:

A.

PIM dense mode with RP located at the hub

B.

PIM sparse mode with RP located at each remote site

C.

PIM sparse mode with RP located at the hub

D.

PIM dense mode with RP located at each remote site

Question 18

During a pre-sales meeting with a potential customer the customer CTO asks a question about advantages of controller-based networks versus a traditional network What are two advantages to mention? (Choose two)

Options:

A.

per device forwarding tables

B.

programmatic APIs available per device

C.

abstraction of individual network devices

D.

distributed control plane

E.

consistent device configuration

Question 19

End users are moving swiftly toward a hybrid cloud model to support faster IT service delivery. To implement a hybrid cloud architecture, what are two critical requirements for broader cloud service provider and vendor interoperability in terms of cloud security and compliance? (Choose two.)

Options:

A.

cloud integration and data security

B.

tighter controls based on dynamic policy enforcement

C.

security event and data interoperability

D.

flexible controls based on policy application

E.

orchestration and cross cloud access security

Question 20

The Agile release train workflow focuses on tasks which can be accomplished reliably and efficiently Scrum and Kanban are two of the most popular Agile frameworks, but both have a specific use case based on the implementation requirements In which two situations are Kanban the ideal framework to use”? (Choose two.)

Options:

A.

acquisition of automation tools

B.

carrier lead times

C.

network configuration design

D.

physical hardware deployment

E.

logical topology deployment

Question 21

You are using iSCSI to transfer files between a 10 Gigabit Ethernet storage system and a 1 Gigabit Ethernet server The performance is only approximately 700 Mbps and output drops are occurring on the server switch port. Which action will improve performance in a cost-effective manner?

Options:

A.

Change the protocol to CIFS.

B.

Increase the queue to at least 1 GB

C.

Use a WRED random drop policy

D.

Enable the TCP Nagle algorithm on the receiver

Question 22

A multicast network is sing Bidirectional PIM. Which two combined actions achieve high availability so that two RPs within the same network can act in a redundant manner? (Choose two)

Options:

A.

Use two phantom RP addresses

B.

Manipulate the administration distance of the unicast routes to the two RPs

C.

Manipulate the multicast routing table by creating static mroutes to the two RPs

D.

Advertise the two RP addresses in the routing protocol

E.

Use anycast RP based on MSDP peering between the two RPs

F.

Control routing to the two RPs through a longest match prefix

Question 23

A green data center is being deployed and a design requirement is to be able to readily scale server virtualization Which IETF standard technology can provide this requirement?

Options:

A.

data center bridging

B.

unified fabric

C.

Transparent Interconnection of Lots of Links

D.

fabric path

Question 24

You want to add 900 VLANs to the existing 90 VLANs on a data center Which two spanning-tree concerns must you consider? (Choose two )

Options:

A.

STP is increased by a factor of 10 convergence time

B.

To add 990 VLANs to the switching hardware reserved VLANs requires you to use extended VLAN

C.

The diameter of the STP topology is increased.

D.

The PVST+ increases CPU utilization

E.

BPDU does not support 990 VLANs

Question 25

A business requirement is supplied to an architect from a car manufacturer stating their business model is changing to just-in-time manufacturing and a new network is required, the manufacturer does not produce all of the specific components m-house. which area should the architect focus on initially?

Options:

A.

Automation

B.

Zero Trust Networking

C.

Low Latency Infrastructure

D.

Modularity

Question 26

The General Bank of Greece plans to upgrade its legacy end-of-life WAN network with a new flexible, manageable, and scalable solution. The mam requirements are ZTP support, end-to-end encryption application awareness and segmentation. The CTO states that the main goal of the bank is CAPEX reduction. Which WAN technology should be used for the solution?

Options:

A.

SD-branch

B.

DMVPN with PfR

C.

managed SD-WAN

D.

SD-WAN

Question 27

What is a disadvantage of the traditional three-tier architecture model when east west traffic between different pods must go through the distribution and core layers?

Options:

A.

low bandwidth

B.

security

C scalability

C.

high latency

Question 28

Company XYZ is running SNMPv1 in their network and understands that it has some flaws. They want to change the security design to implement SNMPv3 in the network Which network threat is SNMPv3 effective against?

Options:

A.

man-in-the-middle attack

B.

masquerade threats

C.

DDoS attack

D.

brute force dictionary attack

Question 29

Refer to the exhibit.

Company XYZ BGP topology is as shown in the diagram. The interface on the LA router connected toward the 10.1.5.0/24 network is faulty and is going up and down, which affects the entire routing domain. Which routing technique can be used in the routing policy design so that the rest of the network is not affected by the flapping issue?

Options:

A.

Use route dampening on LA router for the 10 1 5 0/24 network so that it does not get propagated when it flaps up and down

B.

Use route filtering on Chicago router to block the 10.1.5.0/24 network from coming in from the LA router

C.

Use route filtering on LA router to block the 10.15.0/24 network from getting propagated toward Chicago and New York

D.

Use route aggregation on LA router to summarize the 10.1.4.0V24, 10.1.5.0724, 10.1.6.0/24. and 10.1.7.0/24 networks toward Chicago

Question 30

Which DCI technology utilizes a “flood and learn” technique to populate the Layer2 forwarding table?

Options:

A.

LISP

B.

OTV

C.

VPLS

D.

EVPN

Question 31

An enterprise that runs numerous proprietary applications has major issues with its on-premises server estate hardware, to the point where business-critical functions are compromised. The enterprise accelerates plans to migrate services to the cloud. Which cloud service should be used if the enterprise wants to avoid hardware issues yet have control of its applications and operating system?

Options:

A.

SaaS

B.

PaaS

C.

laaS

D.

hybrid cloud

Question 32

If the desire is to connect virtual network functions together to accommodate different types of network service connectivity what must be deployed?

Options:

A.

bridging

B.

service chaining

C.

linking

D.

daisy chaining

E.

switching

Question 33

Company XYZhas30 sitesrunningalegacy private WAN architecture that connects to the Internet via multiple high- speed connections The company is now redesigning their network and must comply with these design requirements :

    Use a private WAN strategy that allows the sites to connect to each other directly and caters for future expansion.

    Use the Internet as the underlay for the private WAN.

    Securely transfer the corporate data over the private WAN.

Which two technologies should be Incorporated into the design of this network? (Choose two.)

Options:

A.

S-VTI

B.

IPsec

C.

DMVPN

D.

GET VPN

E.

PPTP

Question 34

With virtualization being applied in many parts of the network every physical link is likely to carry one or more virtual links, but what is a drawback in cases like this?

Options:

A.

unneeded tunneling

B.

fate sharing

C.

bandwidth utilization

D.

serialization delay

Question 35

Which two points must network designers consider when designing a new network design or when evaluating an existing network design to help them understand the high-level design direction with regards to the security aspects? (Choose two)

Options:

A.

Consider Business objectives and goals

B.

Consider organization’s security policy standards

C.

Consider for only multi-site networks

D.

Consider for only new network technologies and components

Question 36

When a detection system for protecting a network from threats sourced from the Internet is designed there are two common deployment methods, where the system is placed differently relative to the perimeter firewall

•An unfiltered detection system examines the raw Internet data streams before it reaches the firewall

•A screened detection solution which monitors traffic that is allowed through the firewall Both have its advantages and disadvantages drag and drop the characteristics on the left to the corresponding category on the right in no particular order.

Options:

Question 37

In an OSPF network with routers connected together with Ethernet cabling, which topology typically takes the longest to converge?

Options:

A.

partial mesh

B.

full mesh

C.

ring

D.

squared

E.

triangulated

Question 38

Refer to the exhibit.

Company XYZ BGP topology is as shown in the diagram. The interface on the LA router connected toward the 10 1.5.0/24 network is faulty and is going up and down, which affects the entire routing domain. Which routing technique can the network administrator use so that the rest of the network is not affected by the flapping issue?

Options:

A.

The LA administrator should use route aggregation to summarize the 10 1 4.0/24, 10 1 5 0/24, 10.1.6.0/24, and 10 1 7 0/24 networks toward Chicago

B.

The LA administrator should use route dampening for the 10.1.5 0/24 network so that it does not get propagated when it flaps up and down.

C.

The LA administrator should use route filtering to block the 10.1.5.0/24 network from getting propagated toward Chicago and New York.

D.

The Chicago administrator should use route filtering to block the 10.1.5.0/24 network from coming in from the LA router.

Question 39

Which two advantages of using DWDM over traditional optical networks are true? (Choose two.)

Options:

A.

inherent topology flexibility and service protection provided without penalty through intelligent oversubscription of bandwidth reservation

B.

ability to expand bandwidth over existing optical Infrastructure

C.

inherent topology flexibility with built-in service protection

D.

inherent topology flexibility with intelligent chromatic dispersion

E.

inherent topology flexibility with a service protection provided through a direct integration with an upper layer protocol

Question 40

Company XYZ is designing the IS-IS deployment strategy for their multiarea IS-IS domain. They want IS-IS neighbour relationships to be minimized on each network segment and want to optimize the size of the IS-IS LSDB on each router. Which can design can be used to meet these requirements?

Options:

A.

Design all routers as Level 2 routers. Set the links between the routers as Level 1 with the area

B.

Design the network so that the routers connecting to other areas are Level 2 routers and internal routers are Level 1

C.

Design the network so that all routers are Level 1 routers

D.

Design the network so that the routers connecting to other areas are Level 1/Level 2 routers and internal routers are Level 1

Question 41

Refer to the exhibit.

The enterprise customer wants to stream one-way video from their head office to eight branch offices using multicast. Their current service provider provides a Layer3 VPN solution and manages the CE routers, but they do not currently support multicast. Which solution quickly allows this multicast traffic to go through while allowing for future scalability?

Options:

A.

Enable a GRE tunnel between nodes CE1 and CE2

B.

Enable a GRE tunnel between nodes C2 and C4

C.

Enable a GRE tunnel between nodes C1 and C4

D.

Implement hub and spoke MPLS VPN over DMVPN (also known as 2547o DMVPN) between CE1 and CE2

E.

The service provider must provide a Draft Rosen solution to enable a GRE tunnel between nodes PE1 and PE2

Question 42

Which protocol does an SD-Access wireless Access Point use for its fabric data plane?

Options:

A.

GRE

B.

MPLS

C.

VXLAN

D.

LISP

E.

CAPWAP

Question 43

Refer to the exhibit.

An engineer is designing the network for a multihomed customer running in AS 111 does not have any other Ass connected to it. Which technology is more comprehensive to use in the design to make sure that the AS is not being used as a transit AS?

Options:

A.

Configure the AS-set attribute to allow only routes from AS 111 to be propagated to the neighbor ASs.

B.

Use the local preference attribute to configure your AS as a non-transit'' AS.

C.

include an AS path access list to send routes to the neighboring ASs that only have AS 111 in the AS path field.

D.

Include a prefix list to only receive routes from neighboring ASs.

Question 44

Company XYZ wants to use the FCAPS ISO standard for network management design. The focus of the design should be to minimize network outages by employing a set of procedures and activities to detect and isolate network issues and the appropriate corrective actions to overcome current issues and prevent them from occurring again. Which layer accomplishes this design requirement?

Options:

A.

fault management

B.

performance management

C.

security management

D.

accounting management

Question 45

Which three elements help network designers to construct secure systems that protect information and resources (such as devices, communication, and data) from unauthorized access, modification, inspection, or destruction? (Choose three.)

Options:

A.

confidential

B.

serviceability

C.

reliability

D.

availability

E.

integrity

F.

scalability

Question 46

A key to maintaining a highly available network is building in the appropriate redundancy to protect against failure. This redundancy is carefully balanced with the inherent complexity of redundant systems. Which design consideration is relevant for enterprise WAN use cases when it comes to resiliency?

Options:

A.

Design in a way that expects outages and attacks on the network and its protected resources

B.

The design approach should consider simple and centralized management aspect

C.

Design in a way that it simplifies and improves ease of deployment

D.

Design automation tools wherever it is appropriate for greater visibility

Question 47

A network architect in an enterprise is designing a network policy for certain database applications. The goal of the policy is to allow these applications to access the internet directly, whereas other user and network applications that communicate with systems or users outside their own network must be routed through the data center. The focus is on achieving higher availability and a better user experience for the database applications, but switching between different network paths based on performance characteristics must be supported.

Which solution meets these requirements?

Options:

A.

MPLS L3VPN with QoS

B.

Cloud onRamp for laaS

C.

Cloud onRamp for SaaS

D.

MPLS direct connect

Question 48

Company XYZwants to improve the security design of their network to include protection from reconnaissance and DoS attacks on their sub interfaces destined toward next hop routers. Which technology can be used to prevent these types of attacks?

Options:

A.

MPP

B.

CPPr

C.

CoPP

D.

DPP

Question 49

Refer to the exhibit.

Company XYZ must design a DMVPN tunnel between the three sites Chicago is going to act as the NHS and the company wants DMVPN to detect peer endpoint failures Which technology should be used m the design?

Options:

A.

VPLS

B.

IP SLA

C.

GRE

D.

L2TPv3

Question 50

SDN emerged as a technology trend that attracted many industries to move from traditional networks to SDN. Which challenge is solved by SDN for cloud service providers?

Options:

A.

need for intelligent traffic monitoring

B.

exponential growth of resource-intensive application

C.

complex and distributed management flow

D.

higher operating expense and capital expenditure

Question 51

A BGP route reflector in the network is taking longer than expected to coverage during large network changes. Troubleshooting shows that the router cannot handle all the TCP acknowledgements during route updates. Which action can be performed to tune the device performance?

Options:

A.

Increase the size of the hold queue.

B.

Increase the size of the large buffers.

C.

Decrease the size of the small buffers.

D.

Increase the keepalive timers for each BGP neighbor.

Question 52

A business invests in SDN and develops its own SDN controller that, due to budget constraints, runs on a single controller. The controller actively places an exclusive lock on the configuration of the devices to ensure it is the only source of changes to the environment. What is the result if the controller fails?

Options:

A.

All device configurations are in read-only mode until the controller is restored.

B.

The control plane is unavailable until the controller is restored.

C.

If a device fails, the configuration backup is unavailable-

D.

Manual changes are only possible until the controller is restored

Question 53

Company XYZ was not satisfied with the reconvergence time OSPF is taking. BFD was implemented to try to reduce the reconvergence time, but the network is still experiencing delays when having to reconverge. Which technology will improve the design?

Options:

A.

OSPF fast hellos

B.

BFD echo

C.

Change the protocol to BGP

D.

Change the OSPF hello and dead intervals

Question 54

Which actions are performed at the distribution layer of the three-layer hierarchical network design model? (Choose two)

Options:

A.

Fast transport

B.

Reliability

C.

QoS classification and marking boundary

D.

Fault isolation

E.

Redundancy and load balancing

Question 55

As a service provider is implementing Strong Access Control Measures, which two ofthefollowingPCIDataSecurityStandardrequirementsmustbemet’(Choosetwo.)

Options:

A.

Assign a unique ID each person with computer access

B.

Restrict access to cardholder data to on a need-to-know basis

C.

Encrypt transmission of cardholder data across open or public networks

D.

Each location must require validating PCI compliance if business has multiple locations

E.

Protect stored cardholder data

Question 56

Over the years, many solutions have been developed to limit control plane state which reduces the scope or the speed of control plane information propagation Which solution removes more specific information about a particular destination as topological distance is covered in the network?

Options:

A.

aggregation

B.

summarization

C.

back-off timers

D.

layering

Question 57

Which MPLS TE design consideration is true?

Options:

A.

MPLS TE replaces LDP and the dependency of the IGP to identify the best path.

B.

MPLS TE provides link and node protection

C.

MPLS TE optimizes the routing of IP traffic, given the constraints imposed by backbone capacity and

application requirements.

D.

MPLS TE requires Layer 3 VPN full-mesh topology deployment

Question 58

An IT services company offers cloud services to a banking customer. The banking customer has raised a ticket about unauthorized access and data loss. They use an authentication token on a mobile phone for authenticating access to the cloud platform from their local applications. The security response team has determined that the attacker used a phishing scheme in an effort to replace the token allowing them to direct the banking data to which policy change can help prevent identical situations in the future ?

Options:

A.

Monitor connections to unknown cloud instances through the use of SSL decryption

B.

Monitor all API interfacing to the storage platform for suspicious activity

C.

Monitor any access from the outside except for expected operational areas of an organization

D.

Monitor the privileges for users that are making changes in the firewall configuration.

Question 59

What are two primary design constraints when a robust infrastructure solution is created? (Choose two.)

Options:

A.

monitoring capabilities

B.

project time frame

C.

staff experience

D.

component availability

E.

total cost

Question 60

You are designing a network running both IPv4 and IPv6 to deploy QoS Which consideration is correct about the QoS for IPv4 and IPv6?

Options:

A.

IPv4 and IPv6 traffic types can use use queuing mechanisms such as LLQ, PQ and CQ.

B.

IPv6 packet classification is only available with process switching, whereas IPv4 packet classification is available with both process switching and CEF.

C.

IPv6 and IB/4 traffic types can use a single QoS policy to match both protocols

D.

Different congestion management mechanisms need to be used for IPv4 and IPv6 traffic types

Question 61

Company XYZ is running BGP as their routing protocol. An external design consultant recommends that TCP path MTU discovery be enabled. Which effect will this have on the network?

Options:

A.

It will enhance the performance of TCP-based applications.

B.

It will increase the convergence time.

C.

It will improve the convergence time.

D.

It will create a loop free path.

Question 62

Which aspect of BGP-LS makes it scalable in large network when multiarea topology information must be gathered?

Options:

A.

transmit flow control

B.

open-loop flow control

C.

hardware flow control

D.

TCP-based flow control

Question 63

Which two characteristics are associated with 802 1s? (Choose two)

Options:

A.

802.1s supports up to 1024 instances of 802.1

B.

802.1 s is a Cisco enhancement to 802.1w.

C.

802.1s provides for faster convergence over 802 1D and PVST+.

D.

CPU and memory requirements are the highest of all spanning-tree STP implementations.

E.

802.1s maps multiple VLANs to the same spanning-tree instance

Question 64

Which technology supports antispoofing and does not have any impact on encryption performance regardless of packet size?

Options:

A.

MACsec

B.

IP source guard

C.

DHCP snooping with DAI

D.

IPsec

Question 65

Agile and Waterfall are two popular methods for organizing projects. What describes any Agile network design development process?

Options:

A.

working design over comprehensive documentation

B.

contract negotiation over customer collaboration

C.

following a plan over responding to change

D.

processes and tools over individuals and interactions over time

Question 66

Company XYZhas implemented policy-based routing in their network. Which potential problem must be kept in mind about network reconvergence and PBR?

Options:

A.

It can limit network scalability

B.

It can create microloops during reconvergence

C.

It increases convergence time.

D.

It reduces convergence time.

Question 67

Which design consideration is valid when you contrast fabricPath and trill?

Options:

A.

FabricPath uses IS-IS, but TRILL uses VxLAN

B.

FabricPath permits active-active FHRP and TRILL support anycast gateway.

C.

FabricPath Permits ECMP, but TRILL does not

D.

FabricPath permits active-active mode, but TRILL supports only active-standby mode.

Question 68

Which two statements describe the functionality of OSPF packet-pacing timers? (Choose two )

The group-pacing timer controls the interval that is used for group and individual LSA refreshment

Options:

A.

OSPF flood-pacing timers allow dynamic control of the OSPF transmission queue size

B.

OSPF retransmission-pacing timers allow control of interpacket spaang between consecutive link-state update packets in the OSPF retransmission queue.

C.

OSPF retransmission-pacing timers allow control of packet interleaving between nonconsecutive link-state update packets in the OSPF retransmission queue.

D.

OSPF flood-pacing timers allow control of interpacket spacing between consecutive link-state update packets in the OSPF transmission queue

Question 69

Which architecture does not require an explicit multicast signaling protocol, such as PIM or P2MP, to signal the multicast state hop-by-hop, but instead uses a link state protocol to advertise the multicast forwarding state?

Options:

A.

Binary indexed explicit routing

B.

Binary intermediate enhanced routing

C.

Bit indexed explicit replication

D.

Bi-directional implicit replication

Question 70

You are a network designer and you must ensure that the network you design is secure. How do you plan to prevent infected devices on your network from sourcing random DDoS attacks using forged source address?

Options:

A.

ACL based forwarding

B.

unicast RPF loose mode

C.

unicast RPF strict mode

D.

ACL filtering by destination

Question 71

An enterprise solution team is performing an analysis of multilayer architecture and multicontroller SDN solutions for multisite deployments. The analysis focuses on the ability to run tasks on any controller via a standardized interface. Which requirement addresses this ability on a multicontroller platform?

Options:

A.

Deploy a root controller to gather a complete network-level view.

B.

Use the East-West API to facilitate replication between controllers within a cluster.

C.

Build direct physical connectivity between different controllers.

D.

Use OpenFlow to implement and adapt new protocols.

Question 72

Company XYZisplanningto deploy primary and secondary (disaster recovery) data center sites. Each of these sites will have redundant SAN fabrics and data protection is expected between the data center sites. The sites are 100 miles (160 km) apart and target RPO/RTO are 3 hrs and 24 hrs, respectively. Which two considerations must Company XYZ bear in mind when deploying replication in their scenario? (Choose two.)

Options:

A.

Target RPO/RTO requirements cannot be met due to the one-way delay introduced by the distance between sites.

B.

VSANs must be routed between sites to isolate fault domains and increase overall availability.

C.

Synchronous data replication must be used to meet the business requirements

D.

Asynchronous data replication should be used in this scenario to avoid performance impact in the primary site.

E.

VSANs must be extended from the primary to the secondary site to improve performance and availability.

Question 73

Refer to the exhibit.

The network 10.10.0 .0/16 has been redistributed to OSPF processes and the best path to the destination from R1 has been chosen as R1-R2-R3 A failure occurred on the link between R2 and R3 and the path was changed to R1-R4-R5-R3 What happens when the link between R2 and R3 is restored'?

Options:

A.

The path R1-R4-R5-R3 continues to be the best path because the metric is better

B.

The path reverts back to R1-R2-R3 because the route type is E1

C.

The path R1-R4-R5-R3 continues to be the best path because OSPF does not compare the metrics between two domains

D.

The path reverts to R1-R2-R3 because this was the previous best path

Question 74

Which two types of planning approaches are used to develop business-driven network designs and to facilitate the design decisions? (Choose two)

Options:

A.

cost optimization approach

B.

strategic planning approach

C.

modular approach

D.

tactical planning approach

E.

business optimization approach

Question 75

Which two statements explain the operation of BFD asynchronous mode? (Choose two )

Options:

A.

BFD asynchronous mode with echo packets combines the control packets and echo packets into a single packet.

B.

BFD asynchronous mode without echo packets uses control packets, and BFD asynchronous mode with echo packets does not.

C.

BFD asynchronous mode with and without echo packets use control packets.

D.

BFD asynchronous without echo packets has control packets sent back to the originating router, which echoes the control packet to detect failures.

E.

BFD asynchronous mode with echo packets uses separate control packets and echo packets.

Question 76

Which two possible drawbacks should you consider when introducing Network Functions Virtualization in a network design? (Choose two)

Options:

A.

Bandwidth utilization increases

B.

Traffic flows are suboptimal

C.

High-end routers are required to support NFV

D.

OpenFlow must be supported in the network

E.

An SDN orchestration layer is required to support NFV

Question 77

Company XYZ is migrating their existing network to IPv6 and they must plan for Layer 2 and Layer 3 devices Some of the access layer switches do not support IPv6, however, core and distribution switches fully support unicast and multicast routing. The company wants to minimize cost of the migration. Which migration strategy should be used in the design?

Options:

A.

The access layer switches must support IGMP snooping at a minimum. Any switches that do not support IGM snooping must be replaced.

B.

Upgrade the nonsupporting switches Otherwise, it will cause an issue with the migration.

C.

Layer 2 switches will not affect the implementation of IPv6. They can be included in the design in their current state.

D.

The access layer switches must support DHCPv6. Any switches that do not support DHCPv6 must be replaced.

Question 78

How can EIGRP topologies be designed to converge as fast as possible in the event of a point-to-point link failure?

Options:

A.

Limit the query domain by use of distribute lists.

B.

Build neighbor adjacencies in a triangulated fashion.

C.

Build neighbor adjacencies in squared fashion.

D.

Limit the query domain by use of summarization.

E.

Limit the query domain by use of default routes.

Question 79

A product manufacturing organization is integrating cloud services into their IT solution The IT team is working on the preparation phase of the implementation approach, which includes the Define Strategy step. This step defines the scope of IT, the application, and the service What is one topic that should be considered in the Define Strategy step?

Options:

A.

financial and governance models

B.

innovate and align with business according to volume

C.

due diligence and financial scenarios

D.

contingency exit strategy steps

Question 80

A financial company requires that a custom TCP-based stock-trading application be prioritized over all other traffic for the business due to the associated revenue. The company also requires that VoIP be prioritized for manual trades. Which directive should be followed when a QoS strategy is developed for the business?

Options:

A.

Allow VoIP and the custom application to share the same priority queue,

B.

The custom application and VoIP must be assigned their own separate priority queue.

C.

Interleave the custom application with other TCP applications in the same CBWR

D.

Avoid placing the custom application in a CBWFQ queue that contains other

Question 81

Your company wants to deploy a new data center infrastructure Based on the requirements you have chosen VXLAN as encapsulation technology The customer is concerned about miss-configuration of Layer 2 devices and DC wide outages caused by Layer 2 loops What do you answer?

Options:

A.

VXLAN offers native loop avoidance mechanism

B.

Storm Control should be enabled on all ports

C.

VPC+ could prevent L2 loop on access ports

D.

BPDU Guard should be enabled on all VTEP access ports

Question 82

Which statement about OSPF hub-and-spoke topology is true?

Options:

A.

The DR election is a challenge unless a point-to-point network type is used

B.

The DR and BDR election occurs regardless of the underlying OSPF network type

C.

Traffic does not need to traverse the hub to reach the spokes.

D.

The spoke routers can belong to different areas regardless of the underlying OSPF network type

Question 83

Creating a network that functions as a strategic part of the business rather than simply being a cost center, starts with a good understanding of business requirements and processes What specific type of knowledge helps to create high-level LAN WAN. and data center designs that support and enable the business?

Options:

A.

risk assessment

B.

monitoring and management of data

C.

understanding of data flows

D.

recovery time of the system s functionality

Question 84

Refer to the exhibit.

Company XYZ is currently running IPv4 but has decided to start the transition into IPv6. The initial objective is to allow communication based on IPv6 wherever possible, and there should still be support in place for devices that only support IPv4. These devices must be able to communicate to IPv6 devices as well. Which solution must be part of the design?

Options:

A.

address family translation

B.

dual stack

C.

host-to-host tunneling

D.

6rd tunneling

Question 85

A network attacker exploits application flaws to compromise critical systems in the organization with these objectives:

• Obtain sensitive data and export the data out of the network.

• Compromise developer and administrator credentials to potentially

What is the next step after application discovery is completed in Zero Trust networkings

Options:

A.

Establish visibility and behavior modeling

B.

Enforce policies and microsegmentation.

C.

Assess real-time security health.

D.

Ensure trustworthiness of systems.

Question 86

A business customer deploys workloads in the public cloud. Now the customer network faces governance issues with the flow of IT traffic and must ensure the security of data and intellectual property. Which action helps to identify the issue for further resolution?

Options:

A.

Set up a secure tunnel from customer routers to ensure that traffic is protected as it travels to the cloud service providers.

B.

Send IPFIX telemetry data from customer routers to a centralized collector to identify traffic to cloud service providers

C.

Build a zone-based firewall policy on Internet edge firewalls that collects statistics on traffic sent to cloud service providers

D.

Apply workload policies that dictate the security requirements to the workloads that are placed in the cloud.

Question 87

Company XYZ must design a strategy to protect their routers from DoS attacks, such as traffic destined to the router's own route processor, using separate control plane categories. Which two capabilities can be used to achieve this requirement? (Choose two.)

Options:

A.

Control Plane Protection using queue thresholding on the transit subinterface

B.

Control Plane Protection using port filtering on the transit subinterface

C.

Control Plane Protection using port filtering on the main interface

D.

Control Plane Protection using queue thresholding on the host subinterface

E.

Control Plane Protection using port filtering on the host subinterface

Question 88

Refer to the exhibit.

A company named XYZ needs to apply security policies for end-user browsing by installing a secure web proxy appliance All the web traffic must be inspected by the appliance, and the remaining traffic must be inspected by an NGFW that has been upgraded with intrusion prevention system functionality In which two ways must the routing be performed? (Choose two )

constraint-based OSPF routing

Options:

A.

policy-based routing on the collapsed core

B.

policy-based routing on the internet edge

C.

policy-based routing on firewalls

D.

static routing on the appliance

Question 89

A network design includes a long signaling delay in notifying the Layer 3 control plane that an interface has failed Which two of these actions would reduce that delay? (Choose two.)

Options:

A.

Increase network stability.

B.

Reduce the time for the network to reconverge.

C.

Increase the notification of interface flaps.

D.

Enable lower data link layer recovery systems to have an opportunity to restore the interface

Question 90

QUESTION 69 Refer to the exhibit. AJI links are P2P Layer 3. A high availability application is synchronizing data between host A and host B. To increase chance of delivery the same data is sent twice from host A on two different NICs toward the two NICs on host B.

Which solution must be deployed in the network to ensure that any failure in the network does not trigger data loss on host B?

Options:

A.

EIGRP with feasible successors

B.

BFD

C.

IP Fast Reroute

D.

Static routes

Question 91

Which two characteristics apply to firewall transparent mode operations in a firewall solution design? (Choose two.)

Options:

A.

Changes in the existing IP addressing and subnets are required

B.

The firewall can participate actively on spanning tree.

C.

Multicast traffic can traverse the firewall.

D.

OSPF adjacencies can be established through the firewall

E.

The firewall acts like a router hop in the network.

Question 92

Refer to the diagram.

Which solution must be used to send traffic from the foreign wireless LAN controller to the anchor wireless LAN controller?

Options:

A.

Send packets from the foreign controller to the anchor controller via Layer 3 MPLS VPN or VRF-Lite

B.

Send packets without encapsulation to the anchor controller over the routed network.

C.

Encapsulate packets into an EoIP tunnel and send them to the anchor controller.

D.

Send packets from the foreign controller to the anchor controller via IPinIP or IPsec tunnel.

Question 93

A customer migrates from a traditional Layer 2 data center network into a new SDN-based spine-and-leaf VXLAN data center within the same location Its applications cannot be readdressed and the customer does not want to perform the migration in a single operation How should the legacy network and new network be connected?

Options:

A.

via Layer 3 links to border leaf switches

B.

via a Layer 2 trunk and Layer 3 routed links to border leaf switches

C.

via a Layer 2 trunk and Layer 3 routed links to spine switches

D.

via a Layer 2 trunk to border leaf switches

Question 94

Most security monitoring systems use a signature-based approach to detect threats In which two instances are systems based on Network Behavior Anomaly Detection better than signature-based systems when it comes to detecting security threat vectors'? (Choose two.)

Options:

A.

malware detection

B.

encrypted threat traffic

C.

spyware detection

D.

intrusion threat detection

E.

new zero-day attacks

Question 95

Which action must be taken before new VoIP systems are implemented on a network to ensure that the network is ready to handle the traffic?

Options:

A.

Evaluate bandwidth utilization and connection quality

B.

Enable special requirements such as direct DID lines on pickup

C.

Make recommendations to limit the size of the half-open session table on routers

D.

Check if anomaly detection is enabled for SIP and H.323 on Layer 3 devices

Question 96

Which two control plane policer designs must be considered to achieve high availability? (Choose two.)

Options:

A.

Control plane policers are enforced in hardware to protect the software path, but they are hardware platform dependent in terms of classification ability.

B.

Control plane policers are really needed only on externally facing devices.

C.

Control plane policers can cause the network management systems to create false alarms.

D.

Control plane policers must be processed before a forwarding decision is made.

E.

Control plane policers require that adequate protocols overhead are factored in to allow protocol convergence.

Question 97

Which two design solutions ensure sub 50 msec of the convergence time after a link failure in the network?

(Choose two)

Options:

A.

BFD

B.

Ti-LFA

C.

minimal BGP scan time

D.

MPLS-FRR

E.

IGP fast hello

Question 98

Which component of the SDN architecture automatically ensures that application traffic is routed according to policies established by network administrators?

Options:

A.

packet forwarding engine

B.

northbound API

C.

southbound API

D.

SDN controller

Question 99

Refer to the exhibit.

ACME Mining has four data centers in Santiago. Cape Town. Mumbai, and Beijing, full-mesh connected via a 400 Mb/s EVP-LAN They want to deploy a new mission-critical application with these

requirements:

    clusterheartbeat2Mb/s continuous (250 KB/s)

    cluster heartbeat one-way maximum latency 100 ms

These are the current ping tests results between the four data centers:

Which hosting data center pair can host the new application?

Options:

A.

Mumbai and Beijing

B.

Santiago and Cape Town

C.

Santiago and Mumbai

D.

Cape Town and Mumbai

E.

Cape Town and Beijing

F.

Santiago and Beijing

Question 100

Refer to the exhibit Company XYZ is a large enterprise network where the WAN traffic utilizes most of the link. The IT team in the company often reports Stuck-In-Active problems The company is set to acquire another company that will also be running EIGRP and which will connect to the Company XYZ R3 and R4 routers This acquisition could make the issue worse Which design solution solves this problem?

Options:

A.

Utilize the EIGRP unequal cost load-balancing feature on R5 and R6 to provide an intenm solution

B.

Implement EIGRP Route Flap Dampening

C.

Deploy the EIGRP stub capability on R5 and R6 with the connected and summary options enabled.

D.

Advertise only the default route to R5 and R6. filtering all other routes.

Question 101

What is a characteristic of a secure cloud architecture model?

Options:

A.

limited access to job function

B.

dedicated and restricted workstations

C.

multi-factor authentication

D.

software-defined network segmentation

Question 102

Company XYZ wants to prevent switch loops caused by unidirectional point-point-link condition on Rapid FVST + and MST. Which technology can be used in the design to meet this requirement?

Options:

A.

STPBPDU guard

B.

STP bridge assurance

C.

MSTP

D.

TRILL

Question 103

A European national bank considers migrating its on-premises systems to a private cloud offering in a non-European location to significantly reduce IT costs. What is a primary factor prior to migration?

Options:

A.

data governance

B.

additional latency

C.

security

D.

cloud connectivity

Question 104

Which two statements describe network automation and network orchestration? (Choose two.)

Options:

A.

Network automation does not provide governance or policy management.

B.

Network automation spans multiple network services, vendors, and environments.

C.

Network orchestration is done through programmatic REST APIs enabling automation across devices and management platforms.

D.

Provisioning network services is an example of network automation.

E.

Network orchestration is used to run single, low-level tasks without human intervention

Question 105

You are designing the routing design for two merging companies that have overlapping IP address space. Which of these must you consider when developing the routing and NAT design?

Options:

A.

Local to global NAT translation is done after routing

B.

Global to local NAT translation is done before routing.

C.

Local to global NAT translation is done before policy-based routing

D.

Global to local NAT translation is done after policy-based routing.

Question 106

VPLS is implemented in a Layer 2 network with 2000 VLANs. What is the primary concern to ensure successful deployment of VPLS?

Options:

A.

Flooding is necessary to propagate MAC address reachability information

B.

PE scalability

C.

The underlying transport mechanism

D.

VLAN scalability

Question 107

Which layer of the SDN architecture orchestrates how the applications are given the resources available in the network?

Options:

A.

orchestration layer

B.

southbound API

C.

northbound API

D.

control layer

Question 108

Which two impacts of adding the IP event dampening feature to a network design are true? (Choose two.)

Options:

A.

It protects against routing loops.

B.

It switches traffic immediately after a link failure.

C.

lt speeds up link failure detection.

D.

It reduces the utilization of system processing resources.

E.

It improves overall network stability.

Question 109

IPFIX data collection via standalone IPFIX probes is an alternative to flow collection from routers and switches. Which use case is suitable for using IPFIX probes?\

Options:

A.

performance monitoring

B.

security

C.

observation of critical links

D.

capacity planning

Question 110

An engineer must redesign the QoS strategy for Company XYZ The current network is experiencing many dropped packets due to oversubscription of the guaranteed bandwidth allocated by the service provider. Company XYZ wants a design with a QoS strategy that controls the traffic flow leaving the Edge router to minimize packet drops Which QoS technique can be recommended as a solution?

Options:

A.

LLQ

B.

traffic shaping

C.

rate-limiting

D.

policing

Question 111

During evaluation of migrating current on premises infrastructure to add cloud-based infrastructure, a network planning team must meet three core requirements as they make recommendations on which cloud strategy to adopt going forward

• Technology is changing rapidly, therefore the enterprise must be open to adopting new ways of doing things, and be ready to invest CapEx-funds in the next three years

• Network bandwidth capacity requirements are dynamic and are expected to change over the next year

• If new technologies are to be introduced, operational expenses must be kept at a minimum. Which cloud strategy meets these requirements?

Options:

A.

private

B.

hybrid

C.

public

D.

multicloud

Question 112

Network operators have many options available, from fully centralized to fully distributed control planes, and each approach has its own set of characteristics. Drag and drop the characteristics from the left onto the corresponding approach on the right.

Options:

Question 113

An engineer is designing the QoS strategy for Company XYZ. Based on initial analysis, a lot of scavenger type of traffic is traversing the network's 20Mb Internet link toward the service provider. The new design must use a QoS technique that limits scavenger traffic to 2 Mbps, which helps avoid oversubscription of the link during times of congestion. Which QoS technique can be used to facilitate this requirement?

Options:

A.

class-based traffic policing

B.

LLQ

C.

CBWFQ

D.

class-based traffic shaping

Question 114

Drag and drop the correct mitigation methods from the left onto the corresponding types of attack on the right

Options:

Question 115

What is a connection service inside a data center that provides direct connectivity to a cloud provider?

Options:

A.

Cloud onRamp

B.

Cloud gateway

C.

Cloud direct connect

D.

Carrier-neutral facility

Question 116

An existing wireless network was designed to support data traffic only. You must now install context Aware services for location tracking changes must be applied to the existing wireless network to increase the location accuracy? (Chose two)

Options:

A.

Add access points along the perimeter of the coverage area.

B.

Increase the access point density to create an average inter-access point distance of less than 40 feet or 12.2 meters

C.

Use directional antennas to provide more cell overlapping

D.

Install additional access points in monitor mode where the co-channel interference would otherwise be affected

E.

Fine tune the radio configuration of the access point to have a higher average transmission power to achieve better coverage

Question 117

Two enterprise networks must be connected together. Both networks are using the same private IP addresses.

The client requests from both sides should be translated using hide NAT (dynamic NAT) with the overload

feature to save IF addresses from the NAT pools. Which design addresses this requirement using only one

Cisco I OS NAT router for both directions?

Options:

A.

This is not possible, because two Cisco IOS NAT routers are required to do dynamic NAT, with overload in

both directions.

B.

The ip nat inside and ip nat outside commands must be configured at the interfaces with the overload

option in both directions.

C.

The overload feature is the default and does not have to be configured.

D.

Two different NAT pools must be used for the ip nat inside source and the ip nat outside source commands

for the overload feature in both directions.

E.

The Nat Virtual interface must be used to achieve this requirement.

Question 118

Organic growth or decline comes from a company's normal business activities, rather than through acquisitions or divestment. Changes in usage patterns can also cause organic change in network requirements Which tool is useful when designing and operationalizing a network that is in the process of change?

Options:

A.

change management

B.

modularity

C.

mobility

D.

monitoring

Load More 400-007 Questions
Demo: 118 questions
Total 396 questions
Get 400-007 Full Access Download 400-007 PDF