Labour Day Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! 400-007 Cisco Certified Design Expert (CCDE v3.0) is now Stable and With Pass Result

400-007 Practice Exam Questions and Answers

Cisco Certified Design Expert (CCDE v3.0)

Last Update 9 hours ago
Total Questions : 329

400-007 is stable now with all latest exam questions are added 9 hours ago. Just download our Full package and start your journey with Cisco Certified Design Expert (CCDE v3.0) certification. All these Cisco 400-007 practice exam questions are real and verified by our Experts in the related industry fields.

400-007 PDF

400-007 PDF (Printable)
$159.6
$399

400-007 Testing Engine

400-007 PDF (Printable)
$179.6
$449

400-007 PDF + Testing Engine

400-007 PDF (Printable)
$239.6
$599
Question # 1

Company XYZ needs advice in redesigning their legacy Layer 2 infrastructure. Which technology should be included in the design to minimize or avoid convergence delays due to STP or FHRP and provide a loop-free topology?

Options:

A.  

Use switch clustering in the access layer.

B.  

Use switch clustering in the core/distribution layer.

C.  

Use spanning-tree PortFast.

D.  

Use BF

D.  

Discussion 0
Question # 2

Identity and access management between multiple users and multiple applications has become a mandatory requirement for Company XYZ to fight against ever increasing cybersecurity threats. To achieve this, federated identity services have been deployed in the Company XYZ network to provide single sign-on and Multi-Factor Authentication for the applications and services. Which protocol can be used by Company XYZ to provide authentication and authorization services?

Options:

A.  

OAuth2

B.  

OpenID Connect

C.  

OpenID

D.  

SAML2.0

Discussion 0
Question # 3

Which statement about hot-potato routing architecture design is true?

Options:

A.  

Hot-potato routing is the preferred architecture when connecting to content providers

B.  

Hop-potato keeps traffic under the control of the network administrator for longer

C.  

OSPF uses hot-potato routing if all ASBRs use the same value for the external metric

D.  

Hot-potato routing is prone to misconfiguration as well as poor coordination between two networks

Discussion 0
Question # 4

Refer to the exhibit.

Question # 4

As part of a redesign project, you must predict multicast behavior What happens to the multicast traffic received on the shared tree (*,G), if it is received on the LHR interface indicated*?

Options:

A.  

It is dropped due to an unsuccessful RPF check against the multicast source

B.  

It is switched give that no RPF check is performed

C.  

It is switched due to a successful RPF check against the routing table

D.  

It is dropped due to an unsuccessful RPk8t8ck against the multicast receiver.

Discussion 0
Question # 5

What best describes the difference between Automation and Orchestration?

Options:

A.  

Automation refers to an automatic process for completing a single task and Orchestration refers to assembling and coordinating a set of tasks and conditions.

B.  

Automation describes a hands-off configuration process while Orchestration refers to sets of automation tasks that require the network administrator to coordinate

C.  

Automation refers to an automatic process for completing multiple tasks with conditions and Orchestration refers to executing tasks in parallel.

D.  

Automation refers to scripting languages (Python. Ansible etc.) and Orchestration refers to commercial products that control configuration deployment

Discussion 0
Question # 6

Which two benefits can software defined networks provide to businesses? (Choose two.)

Options:

A.  

provides additional redundancy

B.  

decentralized management

C.  

reduced latency

D.  

enables innovation

E.  

reduction of OpEx/CapEx

F.  

meets high traffic demands

Discussion 0
Question # 7

The Company XYZ network is experiencing attacks against their router. Which type of Control Plane Protection must be used on the router to protect all control plane IP traffic that is destined directly for one of the router interfaces?

Options:

A.  

Control Plane Protection host subinterface

B.  

Control Plane Protection main interface

C.  

Control Plane Protection transit subinterface

D.  

Control Plane Protection CEF-exception subinterface

Discussion 0
Question # 8

Refer to the table.

Question # 8

A customer investigates connectivity options for a DCI between two production data centers to aid a large-scale migration project. The migration is estimated to take 20 months to complete but might extend an additional 10 months if issues arise. All connectivity options meet the requirements to migrate workloads. Which transport technology provides the best ROI based on cost and flexibility?

Options:

A.  

CWDM over dark fiber

B.  

MPLS

C.  

DWDM over dark fiber

D.  

Metro Ethernet

Discussion 0
Question # 9

Which protocol does an SD-Access wireless Access Point use for its fabric data plane?

Options:

A.  

GRE

B.  

MPLS

C.  

VXLAN

D.  

LISP

E.  

CAPWAP

Discussion 0
Question # 10

In a redundant hub and spoke "wheel" design, all spokes are connected to the hub, and spokes are connected to other spokes as well. During failure on one spoke link, the traffic from that site can be sent to a neighboring site for it to be forwarded to the hub site. But during peak hours, a link is overloaded and traffic is re-routed to a neighbor, which subsequently becomes overloaded. This overload results in network traffic oscillation as the load varies at each spoke site. This design provides more redundancy but not more resiliency because the routing protocol must process many alternate paths to determine the lowest cost path. Which two design

changes help to improve resilience in this case? (Choose two.)

Options:

A.  

Increase the number of redundant paths considered during the routing convergence calculation.

B.  

Eliminate links between every spoke.

C.  

Increase routing protocol convergence timers.

D.  

Increase unequal-cost parallel paths.

E.  

Use two links to each remote site instead of one.

Discussion 0
Question # 11

Which two advantages of using DWDM over traditional optical networks are true? (Choose two.)

Options:

A.  

inherent topology flexibility and service protection provided without penalty through intelligent oversubscription of bandwidth reservation

B.  

ability to expand bandwidth over existing optical Infrastructure

C.  

inherent topology flexibility with built-in service protection

D.  

inherent topology flexibility with intelligent chromatic dispersion

E.  

inherent topology flexibility with a service protection provided through a direct integration with an upper layer protocol

Discussion 0
Question # 12

Which three elements help network designers to construct secure systems that protect information and resources (such as devices, communication, and data) from unauthorized access, modification, inspection, or destruction? (Choose three.)

Options:

A.  

confidential

B.  

serviceability

C.  

reliability

D.  

availability

E.  

integrity

F.  

scalability

Discussion 0
Question # 13

Company XYZ must design a strategy to protect their routers from DoS attacks, such as traffic destined to the router's own route processor, using separate control plane categories. Which two capabilities can be used to achieve this requirement? (Choose two.)

Options:

A.  

Control Plane Protection using queue thresholding on the transit subinterface

B.  

Control Plane Protection using port filtering on the transit subinterface

C.  

Control Plane Protection using port filtering on the main interface

D.  

Control Plane Protection using queue thresholding on the host subinterface

E.  

Control Plane Protection using port filtering on the host subinterface

Discussion 0
Question # 14

How can EIGRP topologies be designed to converge as fast as possible in the event of a point-to-point link failure?

Options:

A.  

Limit the query domain by use of distribute lists.

B.  

Build neighbor adjacencies in a triangulated fashion.

C.  

Build neighbor adjacencies in squared fashion.

D.  

Limit the query domain by use of summarization.

E.  

Limit the query domain by use of default routes.

Discussion 0
Question # 15

An MPLS service provider is offering a standard EoMPLS-based VPLS service to Customer

A.  

providing Layer 2 connectivity between a central site and approximately 100 remote sites. Customer A wants to use the VPLS network to carry its internal multicast video feeds which are sourced at the central site and consist of 20 groups at Mbps each. Which service provider recommendation offers the most scalability?

Options:

A.  

EoMPLS-based VPLS can carry multicast traffic in a scalable manner

B.  

Use a mesh of GRE tunnels to carry the streams between sites

C.  

Enable snooping mechanisms on the provider PE routers.

D.  

Replace VPLS with a Layer 3 MVPN solution to carry the streams between sites

Discussion 0
Question # 16

Retef to the exhibit.

Question # 16

This network is running OSPF and EIGRP as the routing protocols Mutual redistribution of the routing protocols has been contoured on the appropriate ASBRs The OSPF network must be designed so that flapping routes m EIGRP domains do not affect the SPF runs within OSPF The design solution must not affect the way EIGRP routes are propagated into the EIGRP domains Which technique accomplishes the requirement?

Options:

A.  

route summarization the ASBR interfaces facing the OSPF domain

B.  

route summarization on the appropriate ASBRS.

C.  

route summarization on the appropriate ABRS.

D.  

route summarization on EIDRP routers connecting toward the ASBR

Discussion 0
Question # 17

Which purpose of a dynamically created tunnel interface on the design of IPv6 multicast services Is true?

Options:

A.  

first-hop router registration to the RP

B.  

multicast client registration to the RP

C.  

multicast source registration to the RP

D.  

transport of all IPv6 multicast traffic

Discussion 0
Question # 18

SDN is still maturing Throughout the evolution of SDN which two things will play a key role in enabling a successful deployment and avoiding performance visibility gaps in the infrastructure? (Choose two.)

Options:

A.  

rapid on-demand growth

B.  

dynamic real-time change

C.  

falling back to old behaviors

D.  

peer-to-peer controller infrastructure

E.  

integration of device context

Discussion 0
Question # 19

Which DCI technology utilizes a “flood and learn” technique to populate the Layer2 forwarding table?

Options:

A.  

LISP

B.  

OTV

C.  

VPLS

D.  

EVPN

Discussion 0
Question # 20

An enterprise organization currently provides WAN connectivity to their branch sites using MPLS technology, and the enterprise network team is considering rolling out SD-WAN services for all sites.

With regards to the deployment planning, drag and drop the actions from the left onto the corresponding steps on the right.

Question # 20

Options:

Discussion 0
Question # 21

Agile and Waterfall are two popular methods for organizing projects. What describes any Agile network design development process?

Options:

A.  

working design over comprehensive documentation

B.  

contract negotiation over customer collaboration

C.  

following a plan over responding to change

D.  

processes and tools over individuals and interactions over time

Discussion 0
Question # 22

Company XYZ wants to redesign the Layer 2 part of their network and wants to use all available uplinks for increased performance. They also want to have end host reachability supporting conversational learning. However, due to design constraints, they cannot implement port-channel on the uplinks. Which other technique can be used to make sure the uplinks are in active/active state?

Options:

A.  

TRILL

B.  

LISP

C.  

MSTP

D.  

switch stack

Discussion 0
Question # 23

Which development model is closely associated with traditional project management?

Options:

A.  

static model

B.  

Agile model

C.  

evolutionary delivery model

D.  

lifecycle model

Discussion 0
Question # 24

A healthcare provider discovers that protected health information of patients was altered without patient consent. The healthcare provider is subject to HIPAA compliance and is required to protect PHI data. Which type of security safeguard should be implemented to resolve this issue?

Options:

A.  

technical and physical access control

B.  

administrative security management processes

C.  

physical device and media control

D.  

technical integrity and transmission security

Discussion 0
Question # 25

Which feature is supported by NETCONF but is not supported by SNMP?

Options:

A.  

distinguishing between configuration data and operational data

B.  

taking administrative actions

C.  

collecting the status of specific fields

D.  

changing the configuration of specific fields

Discussion 0
Question # 26

A network hacker is trying to interrupt the transport packet on IPSE

C.  

A packet with duplicate sequence numbers is introduced. The customer sends high-priority traffic during this window. Which design parameter should be considered to mitigate this issue?

Options:

A.  

Classify and Mark duplicate sequence packets.

B.  

Apply anti-replay window 4096.

C.  

Restrict keywork in IPSEC Tunnel.

D.  

Increase QoS shape policy.

Discussion 0
Question # 27

Which network management framework can be used to develop a network architecture that contains business requirements analysis, gap analysis, and network diagrams as artifacts to be used for design and implementation later?

Options:

A.  

TOGAF

B.  

ITIL

C.  

FCAPS

D.  

Cobit

Discussion 0
Question # 28

A business wants to centralize services via VDI technology and to replace remote WAN desktop PCs with thin client-type machines to reduce operating costs Which consideration supports the new business requirement?

Options:

A.  

VDI servers should be contained centrally within a DMZ

B.  

The thin client traffic should be placed in a WAN QoS priority queue

C.  

VDI servers should be contained within dedicated VLANs in each branch location

D.  

The WAN should offer low latency and be resized

Discussion 0
Question # 29

Drag and drop the design use cases from the left onto the correct uRPF techniques used to prevent spoofing attacks Not all options are used.

Question # 29

Options:

Discussion 0
Question # 30

Which two aspects are considered when designing a dual hub dual DMVPN cloud topology? (Choose two )

Options:

A.  

will only work with single-tier headend architecture

B.  

hub sites must connect to both DMVPN clouds

C.  

recommended for high availability

D.  

spoke-to-spoke traffic will transit the hub unless spokes exchange dynamic routing directly

E.  

requires all sites to have dual Internet connections

Discussion 0
Question # 31

Drag and drop the multicast protocols from the left onto the current design situation on the right.

Question # 31

Options:

Discussion 0
Question # 32

A multinational enterprise integrates a cloud solution with these objectives

• Achieve seamless connectivity across different countries and regions

• Extend data center and private clouds into public clouds and provider-hosted clouds

What are two outcomes of deploying data centers and fabrics that interconnect different cloud networks? (Choose two.)

Options:

A.  

enhanced security

B.  

data and network ownership

C.  

ability to place workloads across clouds

D.  

centralized visibility

E.  

unidirectional workload mobility across the cloud

Discussion 0
Question # 33

A financial company requires that a custom TCP-based stock-trading application be prioritized over all other traffic for the business due to the associated revenue. The company also requires that VoIP be prioritized for manual trades. Which directive should be followed when a QoS strategy is developed for the business?

Options:

A.  

Allow VoIP and the custom application to share the same priority queue,

B.  

The custom application and VoIP must be assigned their own separate priority queue.

C.  

Interleave the custom application with other TCP applications in the same CBWR

D.  

Avoid placing the custom application in a CBWFQ queue that contains other

Discussion 0
Question # 34

You have been tasked with designing a data center interconnect as part of business continuity You want to use FCoE over this DCI to support synchronous replication. Which two technologies allow for FCoE via lossless Ethernet or data center bridging? (Choose two.)

Options:

A.  

DWDM

B.  

EoMPLS

C.  

SONET/SDH

D.  

Multichassis EtherChannel over Pseudowire

E.  

VPLS

Discussion 0
Question # 35

Company XYZ has 30 sites running a legacy private WAN architecture that connects to the Internet via multiple high- speed connections The company is now redesigning their network and must comply with these design requirements :

  • Use a private WAN strategy that allows the sites to connect to each other directly and caters for future expansion.
  • Use the Internet as the underlay for the private WAN.
  • Securely transfer the corporate data over the private WAN.

Which two technologies should be Incorporated into the design of this network? (Choose two.)

Options:

A.  

S-VTI

B.  

IPsec

C.  

DMVPN

D.  

GET VPN

E.  

PPTP

Discussion 0
Question # 36

Refer to the exhibit.

Question # 36

Traffic was equally balanced between Layer 3 links on core switches SW1 and SW2 before an introduction of the new video server in the network. This video server uses multicast to send video streams to hosts and now one of the links between core switches is over utilized Which design solution solves this issue?

Options:

A.  

Add more links between core switches.

B.  

Aggregate links Layer 2 link aggregation.

C.  

Apply a more granular load- balancing method on SW1.

D.  

Apply a more granular load-balancing method on SW2.

E.  

Filter IGMP joins on an over -utilized link.

Discussion 0
Question # 37

Which two actions must merchants do to be compliant with the Payment Card Industry Data Security Standard? (Choose two.)

Options:

A.  

conduct risk analyses

B.  

install firewalls

C.  

use antivirus software

D.  

establish monitoring policies

E.  

establish risk management policies

Discussion 0
Question # 38

You are designing a large-scale DMVPN network with more than 500 spokes using EIGRP as the IGP protocol Which design option eliminates potential tunnel down events on the spoke routers due to the holding time expiration?

Options:

A.  

Increase the hold queue on the physical interface of the hub router.

B.  

Increase the hold queue on the tunnel interface of the spoke routers

C.  

Increase the hold queue on the tunnel interface of the hub router

D.  

Apply QoS for pak_priority class

E.  

Increase the hold queue on the physical interface of the spoke routers.

Discussion 0
Question # 39

Two enterprise networks must be connected together. Both networks are using the same private IP addresses.

The client requests from both sides should be translated using hide NAT (dynamic NAT) with the overload

feature to save IF addresses from the NAT pools. Which design addresses this requirement using only one

Cisco I OS NAT router for both directions?

Options:

A.  

This is not possible, because two Cisco IOS NAT routers are required to do dynamic NAT, with overload in

both directions.

B.  

The ip nat inside and ip nat outside commands must be configured at the interfaces with the overload

option in both directions.

C.  

The overload feature is the default and does not have to be configured.

D.  

Two different NAT pools must be used for the ip nat inside source and the ip nat outside source commands

for the overload feature in both directions.

E.  

The Nat Virtual interface must be used to achieve this requirement.

Discussion 0
Question # 40

How many fully established neighbour relationships exist on an Ethernet with five routers running OSPF as network type broadcast?

Options:

A.  

5

B.  

6

C.  

7

D.  

10

E.  

20

Discussion 0
Question # 41

A software-defined network can be defined as a network with an API that allows applications to understand and react to the state of the network in near real time. A vendor is building an SDN solution that exposes an API to the RIB and potentially the forwarding engine directly. The solution provides off-box processes with the capability to interact with the routing table in the same way as a distributed routing process. Which SDN framework model does the solution use?

Options:

A.  

replace

B.  

augmented

C.  

hybrid

D.  

distributed

Discussion 0
Question # 42

What is an architectural framework created by ETSI that defines standards to decouple network functions from proprietary hardware-based appliances and have them run in software on standard x86 servers?

Options:

A.  

NPIV

B.  

NFVIS

C.  

NFV

D.  

VNF

Discussion 0
Question # 43

Router R1 is a BGP speaker with one peering neighbor over link "A". When the R1 link/interface "A" fails, routing announcements are terminated, which results in the tearing down of the state for all BGP routes at each end of the link. What is this a good example of?

Options:

A.  

fault isolation

B.  

resiliency

C.  

redundancy

D.  

fate sharing

Discussion 0
Question # 44

As a network designer you need to support an enterprise with hundreds of remote sites connected over a single WAN network that carries different types of traffic, including VoIP, video, and data applications which of following design considerations will not impact design decision?

Options:

A.  

Focus on the solution instead of the problem, which helps to reduce downtime duration

B.  

The location of the data collection

C.  

What direction the data or flows should be metered

D.  

Identify traffic types and top talkers over this link

Discussion 0
Question # 45

Which two statements describe network automation and network orchestration? (Choose two.)

Options:

A.  

Network automation does not provide governance or policy management.

B.  

Network automation spans multiple network services, vendors, and environments.

C.  

Network orchestration is done through programmatic REST APIs enabling automation across devices and management platforms.

D.  

Provisioning network services is an example of network automation.

E.  

Network orchestration is used to run single, low-level tasks without human intervention

Discussion 0
Question # 46

A business requirement is supplied to an architect from a car manufacturer stating their business model is changing to just-in-time manufacturing and a new network is required, the manufacturer does not produce all of the specific components m-house. which area should the architect focus on initially?

Options:

A.  

Automation

B.  

Zero Trust Networking

C.  

Low Latency Infrastructure

D.  

Modularity

Discussion 0
Question # 47

Refer to the exhibit.

Question # 47

This network is running OSPF as the routing protocol. The internal networks are being advertised in OSPF London and Rome are using the direct link to reach each other although the transfer rates are better via Barcelona Which OSPF design change allows OSPF to calculate the proper costs?

Options:

A.  

Change the OSPF reference bandwidth to accommodate faster links.

B.  

Filter the routes on the link between London and Rome

C.  

Change the interface bandwidth on all the links.

D.  

Implement OSPF summarisation to fix the issue

Discussion 0
Question # 48

What is a web-based model in which a third-party provider hosts applications that are available to customers over the Internet?

Options:

A.  

PaaS

B.  

SaaS

C.  

laaS

D.  

WaaS

Discussion 0
Question # 49

Which design benefit of bridge assurance is true?

Options:

A.  

It supposes a spanning-tee topology change upon connecting and disconnecting a station on a port

B.  

It prevents switched traffic from traversing suboptimal paths on the network.

C.  

It allows small, unmanaged switches to be plugged into ports of access switches without the risk of switch loops.

D.  

It prevents switch loops caused by unidirectional point-to-point link condition on Rapid PVST + and MST

Discussion 0
Question # 50

Company XYZ wants to deploy OSP

F.  

The design plan requires that two OSPF networks be mutually redistributed at multiple locations and ensure end-to-end connectivity to all of the company's networks Which technology can be used to fulfill the requirements while avoiding the creation of routing loops?

Options:

A.  

Create a virtual link between ASBRs.

B.  

Change the router ID for both ASBRs.

C.  

Redistribute routes as external type 2 routes.

D.  

Use route maps on ASBRs to filter routes with tags so they are not redistributed.

Discussion 0
Question # 51

Which two foundational aspects of loT are still evolving and being worked on by the industry at large? (Choose two)

Options:

A.  

WiFi protocols

B.  

Regulatory domains

C.  

Low energy Bluetooth sensors

D.  

loT consortia

E.  

Standards

Discussion 0
Question # 52

Which two protocols are used bv SDN controllers to communicate with switches and routers? (Choose two )

Options:

A.  

OpenFlash

B.  

OpenFlow

C.  

NetFlash

D.  

Open vSwitch Database

E.  

NetFlow

Discussion 0
Question # 53

Which two characteristics apply to firewall transparent mode operations in a firewall solution design? (Choose two.)

Options:

A.  

Changes in the existing IP addressing and subnets are required

B.  

The firewall can participate actively on spanning tree.

C.  

Multicast traffic can traverse the firewall.

D.  

OSPF adjacencies can be established through the firewall

E.  

The firewall acts like a router hop in the network.

Discussion 0
Question # 54

A customer migrates from a traditional Layer 2 data center network into a new SDN-based spine-and-leaf VXLAN EVPN data center within the same location The networks are joined to enable host migration at Layer 2 What is the final migration step after hosts have physically migrated to have traffic flowing through the new network without changing any host configuration?

Options:

A.  

Shut down legacy Layer 3 SVIs. clear ARP caches on all hosts being migrated and then configure the legacy VRRP address onto new VXLAN core switches

B.  

Increase VRRP priorities on new infrastructure over legacy VRRP values, then shut down legacy SVIs

C.  

Shut down legacy infrastructure to allow VXLAN gateways to become active

D.  

Shut down legacy Layer 3 SVIs and activate new preconfigured Layer 3 SVIs on VXLAN

Discussion 0
Question # 55

Which two points must network designers consider when designing a new network design or when evaluating an existing network design to help them understand the high-level design direction with regards to the security aspects? (Choose two)

Options:

A.  

Consider Business objectives and goals

B.  

Consider organization’s security policy standards

C.  

Consider for only multi-site networks

D.  

Consider for only new network technologies and components

Discussion 0
Question # 56

A key to maintaining a highly available network is building in the appropriate redundancy to protect against failure. This redundancy is carefully balanced with the inherent complexity of redundant systems. Which design consideration is relevant for enterprise WAN use cases when it comes to resiliency?

Options:

A.  

Design in a way that expects outages and attacks on the network and its protected resources

B.  

The design approach should consider simple and centralized management aspect

C.  

Design in a way that it simplifies and improves ease of deployment

D.  

Design automation tools wherever it is appropriate for greater visibility

Discussion 0
Question # 57

What is a disadvantage of the traditional three-tier architecture model when east west traffic between different pods must go through the distribution and core layers?

Options:

A.  

low bandwidth

B.  

security

C.  

scalability

D.  

high latency

Discussion 0
Question # 58

Which three items do you recommend for control plane hardening of an infrastructure device? (Choose three.)

Options:

A.  

redundant AAA servers

B.  

Control Plane Policing

C.  

warning banners

D.  

to enable unused .services

E.  

SNMPv3

F.  

routing protocol authentication

Discussion 0
Question # 59

Which three Cisco products are used in conjunction with Red Hat to provide an NFVi solution? (Choose three.)

Options:

A.  

Cisco Prime Service Catalog

B.  

Cisco Open Virtual Switch

C.  

Cisco Nexus switches

D.  

Cisco UCS

E.  

Cisco Open Container Platform

F.  

Cisco Virtual Network Function

Discussion 0
Question # 60

Which two statements about MLD snooping are true? (Choose two)

Options:

A.  

When MLD snooping is enabled, QoS is automatically enabled.

B.  

A VLAN can support multiple active MLD snooping queries, as long as each one is associated to a different

multicast group.

C.  

AN MLD snooping querier election occurs when any MLD snooping querier goes down or if there is an IP

address change on the active querier.

D.  

When multiple MLD snooping queriers are enabled in a VLAN, the querier with the lowest IP address in the

VLAN is elected as the active MLD snooping querier.

Discussion 0
Question # 61

Which methodology is the leading lifecycle approach to network design and implementation?

Options:

A.  

PPDIOO

B.  

Waterfall model

C.  

Spiral model

D.  

V model

Discussion 0
Question # 62

Which solution component helps to achieve rapid migration to the cloud for SaaS and public cloud leveraging SD-WAN capabilities?

Options:

A.  

service-oriented cloud architecture

B.  

Cloud onramp

C.  

cloud registry

D.  

microservices in the cloud

Discussion 0
Question # 63

In search of a system capable of hosting, monitoring compiling. and testing code in an automated way, what can be recommended to the organization?

Options:

A.  

Jenkins

B.  

Ansible

C.  

Perl

D.  

Chef

Discussion 0
Question # 64

Which component of the SDN architecture automatically ensures that application traffic is routed according to policies established by network administrators?

Options:

A.  

packet forwarding engine

B.  

northbound API

C.  

southbound API

D.  

SDN controller

Discussion 0
Question # 65

A large enterprise customer has a single router that uses two active/active 10-Mbps internet links in one of its

offices. Each link currently handles approximately 7 Mbps of traffic, which is close to the full link capacity.

When a link fails, the failure leads to significantly degraded performance of all applications. Static routing is

used. The current ISP cannot deliver additional bandwidth capacity on the existing links. The customer needs

a network design that is resistant to failure, but does not increase CAPEX. Which solution should be proposed

to the customer?

Options:

A.  

Implement quality of service on the current links.

B.  

Add a third link to the current router.

C.  

Add an additional edge router connected to a second ISP.

D.  

Use dynamic routing for equal-cost multipath.

Discussion 0
Question # 66

The network designer needs to use GLOP IP address in order make them unique within their ASN, which

multicast address range will be considered?

Options:

A.  

239.0.0.0 to 239.255.255.255

B.  

224.0.0.0 to 224.0.0.255

C.  

233.0.0.0 to 233.255.255.255

D.  

232.0.0.0 to 232.255.255.255

Discussion 0
Question # 67

An enterprise plans to evolve from a traditional WAN network to a software-defined WAN network. The existing devices have limited capability when it comes to virtualization. As the migration is carried out, enterprise applications and services must not experience any traffic impact. Which implementation plan can be used to accommodate this during the migration phase?

Options:

A.  

Deploy controllers, deploy SD-WAN edge routers. In the data center, and migrate branch sites.

B.  

Migrate data center WAN routers, migrate branch sites, and deploy SD-WAN edge routers.

C.  

Migrate branch sites, migrate data center WAN routers, and deploy controllers.

D.  

Deploy SD-WAN edge routers in the data center, deploy controllers, and migrate branch sites

Discussion 0
Question # 68

Which two data plane hardening techniques are true? (Choose two)

Options:

A.  

warning banners

B.  

redundant AAA servers

C.  

Control Plane Policing

D.  

SNMPv3

E.  

infrastructure ACLs

F.  

disable unused services

G.  

routing protocol authentication

Discussion 0
Question # 69

Question # 69

Refer to the exhibit A service provider has a requirement to use Ethernet OAM to detect end-to-end connectivity failures between SP-SW1 and SP- SW2 Which two ways to design this solution are true? (Choose two)

Options:

A.  

Enable unicast heartbeat messages to be periodically exchanged between MEPs

B.  

Enable Connectivity Fault Management on the SP switches

C.  

Use upward maintenance endpoints on the SP switches

D.  

Forward E-LMI PDUs over VPLS

E.  

Forward LLD PDUs over the VPLS

Discussion 0
Question # 70

Organizations that embrace Zero Trust initiatives ranging from business policies to technology infrastructure can reap business and security benefits. Which two domains should be covered under Zero Trust initiatives? (Choose two)

Options:

A.  

workload

B.  

work domain

C.  

workplace

D.  

workgroup

E.  

workspace

Discussion 0
Question # 71

What advantage of placing the IS-IS layer 2 flooding domain boundary at the core Layer in a three-layer hierarchical network is true?

Options:

A.  

The Layer 1 and Layer 2 domains can easily overlap

B.  

It reduces the complexity of the Layer 1 domains

C.  

It can be applied to any kind of topology

D.  

The Layer 2 domain is contained and more stable

Discussion 0
Question # 72

Customer XYZ network consists of an MPLS core. IS-IS running as IGP a pair of BGP route reflectors for route propagation, and a few dozens of MPLS-TE tunnels for specific tactical traffic engineering requirements. The customer's engineering department has some questions about the use of the Overload Bit in the IS-IS networks and how it could be used to improve their current network design. Which two concepts about the Overload Bit are true? (Choose two.)

Options:

A.  

It can be set on a router during the startup process for a fixed period of time

B.  

Networks advertised within the LSPs of the respective node will become unreachable

C.  

It forces the midpoint MPLS-TE node to reoptimize the primary tunnels going through the OL node.

D.  

It can be set on a router until other interacting protocols have signaled convergence.

E.  

It is not recommended on BGP Route Reflectors

Discussion 0
Question # 73

A network attacker exploits application flaws to compromise critical systems in the organization with these objectives:

• Obtain sensitive data and export the data out of the network.

• Compromise developer and administrator credentials to potentially

What is the next step after application discovery is completed in Zero Trust networkings

Options:

A.  

Establish visibility and behavior modeling

B.  

Enforce policies and microsegmentation.

C.  

Assess real-time security health.

D.  

Ensure trustworthiness of systems.

Discussion 0
Question # 74

Refer to the exhibit.

Question # 74

Your company designed a network to allow server VLANs to span all access switches in a data center In the design, Layer 3 VLAN interfaces and HSRP are configured on the aggregation switches Which two features improve STP stability within the network design? (Choose two.)

Options:

A.  

BPDU guard on access ports

B.  

BPDU guard on the aggregation switch downlinks toward access switches

C.  

root guard on the aggregation switch downlinks toward access switches

D.  

root guard on access ports

E.  

edge port on access ports

F.  

access switch pairs explicitly determined to be root and backup root bridges

Discussion 0
Question # 75

Refer to the exhibit.

Question # 75

The network 10.10.0 .0/16 has been redistributed to OSPF processes and the best path to the destination from R1 has been chosen as R1-R2-R3 A failure occurred on the link between R2 and R3 and the path was changed to R1-R4-R5-R3 What happens when the link between R2 and R3 is restored'?

Options:

A.  

The path R1-R4-R5-R3 continues to be the best path because the metric is better

B.  

The path reverts back to R1-R2-R3 because the route type is E1

C.  

The path R1-R4-R5-R3 continues to be the best path because OSPF does not compare the metrics between two domains

D.  

The path reverts to R1-R2-R3 because this was the previous best path

Discussion 0
Question # 76

In the case of outsourced IT services, the RTO is defined within the SL

A.  

Which two support terms are often included in the SLA by IT and other service providers? (Choose two.)

Options:

A.  

network size and cost

B.  

support availability

C.  

network sustainability

D.  

network reliability

E.  

resolution time

Discussion 0
Question # 77

A network security team observes phishing attacks on a user machine from a remote location. The organization has a policy of saving confidential data on two different systems using different types of authentication. What is the next step to control such events after the security team verifies all users in Zero Trust modeling?

Options:

A.  

Enforce risk-based and adaptive access policies.

B.  

Assess real-time security health of devices.

C.  

Apply a context-based network access control policy for users.

D.  

Ensure trustworthiness of devices.

Discussion 0
Question # 78

While designing a switched topology, in which two options is UplinkFast recommended? (Choose two )

Options:

A.  

when switches of different spanning-tree types are connected (for example. 802.1d connecting to 802.1w)

B.  

on distribution layer switches

C.  

when hello timers are changed to more aggressive values

D.  

on access layer switches

E.  

on the core switches

Discussion 0
Question # 79

Company XYZ was not satisfied with the reconvergence time OSPF is taking. BFD was implemented to try to reduce the reconvergence time, but the network is still experiencing delays when having to reconverge. Which technology will improve the design?

Options:

A.  

OSPF fast hellos

B.  

BFD echo

C.  

Change the protocol to BGP

D.  

Change the OSPF hello and dead intervals

Discussion 0
Question # 80

Drag and drop the FCAPS network management reference models from the left onto the correct definitions on the right.

Question # 80

Options:

Discussion 0
Question # 81

Company XYZ wants to secure the data plane of their network. Which two technologies can be included in the security design? (Choose two)

Options:

A.  

DAI

B.  

IP Source Guard

C.  

BEEP

D.  

CPPr

E.  

MPP

Discussion 0
Question # 82

An engineer is designing the QoS strategy for Company XYZ. Based on initial analysis, a lot of scavenger type of traffic is traversing the network's 20Mb Internet link toward the service provider. The new design must use a QoS technique that limits scavenger traffic to 2 Mbps, which helps avoid oversubscription of the link during times of congestion. Which QoS technique can be used to facilitate this requirement?

Options:

A.  

class-based traffic policing

B.  

LLQ

C.  

CBWFQ

D.  

class-based traffic shaping

Discussion 0
Question # 83

An IT service provider is upgrading network infrastructure to comply with PCI security standards. The network team finds that 802.1X and VPN authentication based on locally-significant certificates are not available on some legacy phones.

Which workaround solution meets the requirement?

Options:

A.  

Replace legacy phones with new phones because the legacy phones will lose trust if the certificate is renewed.

B.  

Enable phone VPN authentication based on end-user username and password.

C.  

Temporarily allow fallback to TLS 1.0 when using certificates and then upgrade the software on legacy phones.

D.  

Use authentication-based clear text password with no EAP-MD5 on the legacy phones.

Discussion 0
Question # 84

Company XYZ wants to improve the security design of their network to include protection from reconnaissance and DoS attacks on their sub interfaces destined toward next hop routers. Which technology can be used to prevent these types of attacks?

Options:

A.  

MPP

B.  

CPPr

C.  

CoPP

D.  

DPP

Discussion 0
Question # 85

Company XYZ is planning to deploy primary and secondary (disaster recovery) data center sites. Each of these sites will have redundant SAN fabrics and data protection is expected between the data center sites. The sites are 100 miles (160 km) apart and target RPO/RTO are 3 hrs and 24 hrs, respectively. Which two considerations must Company XYZ bear in mind when deploying replication in their scenario? (Choose two.)

Options:

A.  

Target RPO/RTO requirements cannot be met due to the one-way delay introduced by the distance between sites.

B.  

VSANs must be routed between sites to isolate fault domains and increase overall availability.

C.  

Synchronous data replication must be used to meet the business requirements

D.  

Asynchronous data replication should be used in this scenario to avoid performance impact in the primary site.

E.  

VSANs must be extended from the primary to the secondary site to improve performance and availability.

Discussion 0
Question # 86

VPLS is implemented in a Layer 2 network with 2000 VLANs. What is the primary concern to ensure successful deployment of VPLS?

Options:

A.  

Flooding is necessary to propagate MAC address reachability information

B.  

PE scalability

C.  

The underlying transport mechanism

D.  

VLAN scalability

Discussion 0
Question # 87

Which architecture does not require an explicit multicast signaling protocol, such as PIM or P2MP, to signal the multicast state hop-by-hop, but instead uses a link state protocol to advertise the multicast forwarding state?

Options:

A.  

Binary indexed explicit routing

B.  

Binary intermediate enhanced routing

C.  

Bit indexed explicit replication

D.  

Bi-directional implicit replication

Discussion 0
Question # 88

A service provider hires you to design its new managed CE offering to meet these requirements

• The CEs cannot run a routing protocol with the PE

• Provide the ability for equal or unequal ingress load balancing in dual-homed CE scenarios.

• Provide support for IPv6 customer routes

• Scale up to 250.000 CE devices per customer.

• Provide low operational management to scale customer growth.

• Utilize low-end (inexpensive) routing platforms for CE functionality.

Which tunneling technology do you recommend?

Options:

A.  

FlexVPN

B.  

point-to-point GRE

C.  

DMVPN

D.  

LISP

Discussion 0
Question # 89

SDWAN networks capitalize the usage of broadband Internet links over traditional MPLS links to offer more cost benefits to enterprise customers. However, due to the insecure nature of the public Internet, it is mandatory to use encryption of traffic between any two SDWAN edge devices installed behind NAT gateways. Which overlay method can provide optimal transport over unreliable underlay networks that are behind NAT gateways?

Options:

A.  

TLS

B.  

DTLS

C.  

IPsec

D.  

GRE

Discussion 0
Question # 90

The Layer 3 control plane is the intelligence over the network that steers traffic toward its intended destination. Which two techniques can be used in service provider-style networks to offer a more dynamic, flexible, controlled, and secure control plane design? (Choose two.)

Options:

A.  

access control lists

B.  

firewalls

C.  

QoS policy propagation with BGP

D.  

remote black-holing trigger

E.  

prefix lists

Discussion 0
Question # 91

Which effect of using ingress filtering to prevent spoofed addresses on a network design is true?

Options:

A.  

It reduces the effectiveness of DDoS attacks when associated with DSCP remarking to Scavenger.

B.  

It protects the network Infrastructure against spoofed DDoS attacks.

C.  

It Classifies bogon traffic and remarks it with DSCP bulk.

D.  

It filters RFC 1918 IP addresses.

Discussion 0
Question # 92

An international media provider is an early adopter of Docker and micro services and is using an open-source homegrown container orchestration system. A few years ago, they migrated from on-premises data centers to the cloud Now they are faced with challenges related to management of the deployed services with their current homegrown orchestration system.

Which platform is well-suited as a state-aware orchestration system?

Options:

A.  

Puppet

B.  

Kubemetes

C.  

Ansible

D.  

Terraform

Discussion 0
Question # 93

You are using iSCSI to transfer files between a 10 Gigabit Ethernet storage system and a 1 Gigabit Ethernet server The performance is only approximately 700 Mbps and output drops are occurring on the server switch port. Which action will improve performance in a cost-effective manner?

Options:

A.  

Change the protocol to CIFS.

B.  

Increase the queue to at least 1 GB

C.  

Use a WRED random drop policy

D.  

Enable the TCP Nagle algorithm on the receiver

Discussion 0
Question # 94

The network designer needs to use GLOP IP addresses in order to make them unique within their ASN Which multicast address range should be used?

Options:

A.  

232.0.0.0 to 232 255.255.255

B.  

H233.0.0 0 to 233.255.255 255

C.  

239000 to 239255255.255

D.  

224000 to 2240.0 255

Discussion 0
Question # 95

You are designing a network running both IPv4 and IPv6 to deploy QoS Which consideration is correct about the QoS for IPv4 and IPv6?

Options:

A.  

IPv4 and IPv6 traffic types can use use queuing mechanisms such as LLQ, PQ and CQ.

B.  

IPv6 packet classification is only available with process switching, whereas IPv4 packet classification is available with both process switching and CE

F.  

C.  

IPv6 and IB/4 traffic types can use a single QoS policy to match both protocols

D.  

Different congestion management mechanisms need to be used for IPv4 and IPv6 traffic types

Discussion 0
Question # 96

An engineer is designing a DMVPN network where OSPF has been chosen as the routing protocol A spoke-to-spoke 'J

Options:

A.  

Configure all the sites as network type broadcast

B.  

The network type on all sites should be point-to-multipoint

C.  

The network type should be point-to-multipoint for the hub and point-to-point for the spokes.

D.  

The hub should be set as the DR by specifying the priority to 255.

E.  

The hub should be the DR by changing the priority of the spokes to 0.

Discussion 0
Question # 97

A business invests in SDN and develops its own SDN controller that, due to budget constraints, runs on a single controller. The controller actively places an exclusive lock on the configuration of the devices to ensure it is the only source of changes to the environment. What is the result if the controller fails?

Options:

A.  

All device configurations are in read-only mode until the controller is restored.

B.  

The control plane is unavailable until the controller is restored.

C.  

If a device fails, the configuration backup is unavailable-

D.  

Manual changes are only possible until the controller is restored

Discussion 0
Question # 98

Which two statements describe the usage of the IS-IS overload bit technique? (Choose two )

Options:

A.  

lf overload-bit is set on a Level 2 intermediate system, the other Level 2 intermediate systems in the topology will stop using the overloaded IS to forward Level 2 traffic However, the intermediate system can still forward Level 1 traffic

B.  

It can be set in intermediate systems (IS-IS routers) to prioritize control plane CSNP packets.

C.  

It can be used to automatically synchronize the link-state database between Level 1 intermediate systems

D.  

It can be set in intermediate systems (IS-IS routers) to avoid traffic black holes until routing protocols are fully converged after a reload operation.

E.  

It can be set in intermediate systems (IS-IS routers) to attract transit traffic from other intermediate systems

Discussion 0
Get 400-007 dumps and pass your exam in 24 hours!

Free Exams Sample Questions