400-007 Cisco Certified Design Expert (CCDE v3.0) Question and Answers

If the desire is to connect virtual network functions together to accommodate different types of network service connectivity what must be deployed?

Which technology is an open-source infrastructure automation tool that automates repetitive tasks for users who work in networks such as cloud provisioning and intraservice orchestration?

An engineer is designing the QoS strategy for Company XYZ. Based on initial analysis, a lot of scavenger type of traffic is traversing the network's 20Mb Internet link toward the service provider. The new design must use a QoS technique that limits scavenger traffic to 2 Mbps, which helps avoid oversubscription of the link during times of congestion. Which QoS technique can be used to facilitate this requirement?

Which design benefit of PortF ast is true?

A network attacker exploits application flaws to compromise critical systems in the organization with these objectives:

• Obtain sensitive data and export the data out of the network.

• Compromise developer and administrator credentials to potentially

What is the next step after application discovery is completed in Zero Trust networkings

Which issue poses a challenge for security architects who want end-to-end visibility of their networks?

An external edge router provides connectivity from a service provider to an enterprise Which two Internet edge best practices meet compliance regulations'? (Choose two )

Company XYZ has a new network based on IPv6. Some of the subnets that they are planning to use will be confidential and need an addressing scheme that confines them to the local campus network. Which type of IPv6 addresses can be used for these networks in the IPv6 addressing design?

Which aspect of BGP-LS makes it scalable in large network when multiarea topology information must be gathered?

Company XYZ is designing their network using the three-layer hierarchical model. At which layer must the QoS design classify or mark the traffic?

A network security team observes phishing attacks on a user machine from a remote location. The organization has a policy of saving confidential data on two different systems using different types of authentication. What is the next step to control such events after the security team verifies all users in Zero Trust modeling?

A banking customer determines that it is operating POS and POI terminals that are noncompliant with PCI DSS requirements, as it is running TLSv1.0. The customer plans to migrate the terminals to TLSv1.2. What are two requirements to complete the migration? (Choose two.)

Company XYZ wants to redesign the Layer 2 part of their network and wants to use all available uplinks for increased performance. They also want to have end host reachability supporting conversational learning. However, due to design constraints, they cannot implement port-channel on the uplinks. Which other technique can be used to make sure the uplinks are in active/active state?

A company requires an RPO of less than 10 seconds to ensure business continuity. Which technology should be deployed?

A green data center is being deployed and a design requirement is to be able to readily scale server virtualization Which IETF standard technology can provide this requirement?

An MPLS service provider is offering a standard EoMPLS-based VPLS service to Customer A. providing Layer 2 connectivity between a central site and approximately 100 remote sites. Customer A wants to use the VPLS network to carry its internal multicast video feeds which are sourced at the central site and consist of 20 groups at Mbps each. Which service provider recommendation offers the most scalability?

What advantage of placing the IS-IS layer 2 flooding domain boundary at the core Layer in a three-layer hierarchical network is true?

Which mechanism provides Layer 2 fault isolation between data centers?

Refer to the exhibit.

Company XYZ BGP topology is as shown in the diagram. The interface on the LA router connected toward the 10.1.5.0/24 network is faulty and is going up and down, which affects the entire routing domain. Which routing technique can be used in the routing policy design so that the rest of the network is not affected by the flapping issue?

Which two statements about MLD snooping are true? (Choose two)

Company XYZ has a hub-and-spoke topology over an SP-managed infrastructure. To measure traffic performance metrics, they implemented IP SLA senders on all spoke CE routers and an IP SLA responder on the hub CE router. What must they monitor to have visibility on the potential performance impact due to the constantly increasing number of spoke sites?

An enterprise requires MPLS connected branches to access cloud-based Microsoft 365 services over an SD-WAN solution. Internet access Is available only at dual regional hub sites that are connected to the MPLS network. Which connectivity method provides an optimum access method to the cloud-based services If one ISP suffers loss or latency?

Refer to the exhibit.

The network 10.10.0 .0/16 has been redistributed to OSPF processes and the best path to the destination from R1 has been chosen as R1-R2-R3 A failure occurred on the link between R2 and R3 and the path was changed to R1-R4-R5-R3 What happens when the link between R2 and R3 is restored'?

As part of a new network design documentation, you are required to explain the reason for choosing cisco FabricPath for Layer 2 loop avoidance.

Which two elements help Cisco FabricPath mitigate Layer 2 loops if they happen in the Layer 2 MP network?

(Choose two)

Which service abstracts away the management of the operating system, middleware, and runtime?

Company XYZ has a multicast domain that spans across multiple autonomous systems. The company wants to choose a technology that provides simplified and controlled approach to interconnecting the multicast domains. Which technology is the best fit for this purpose?

When an SDN-based model is used to transmit multimedia traffic, which aspect should an architect consider while designing the network?

What is an architectural framework created by ETSI that defines standards to decouple network functions from proprietary hardware-based appliances and have them run in software on standard x86 servers?

A service provider hires you to design its new managed CE offering to meet these requirements

• The CEs cannot run a routing protocol with the PE

• Provide the ability for equal or unequal ingress load balancing in dual-homed CE scenarios.

• Provide support for IPv6 customer routes

• Scale up to 250.000 CE devices per customer.

• Provide low operational management to scale customer growth.

• Utilize low-end (inexpensive) routing platforms for CE functionality.

Which tunneling technology do you recommend?

Enterprise XYZ wants to implement fast convergence on their network and optimize timers for OSPF However they also want to prevent excess flooding of LSAs if there is a constantly flapping link on the network Which timers can help prevent excess flooding of LSAs for OSPF?

A financial company requires that a custom TCP-based stock-trading application be prioritized over all other traffic for the business due to the associated revenue. The company also requires that VoIP be prioritized for manual trades. Which directive should be followed when a QoS strategy is developed for the business?

Various teams in different organizations within an enterprise are preparing low-level design documents to capture network parameters using a Waterfall project model:

• hardware sizing and power consumption

• Layer 2 and layer 3 services parameters

• configuration of all control plane protocols

Input from relevant stakeholders was captured at the start of the project, and the project scope has been defined based on the parameters above. What impact will it have on documentation and project deliverables if the stakeholders ask to have changes carried out in the network before the information has been captured?

Drag and drop the end-to-end network virtualization elements from the left onto the correct network areas on the right.

Refer to the exhibit.

The enterprise customer wants to stream one-way video from their head office to eight branch offices using multicast. Their current service provider provides a Layer3 VPN solution and manages the CE routers, but they do not currently support multicast. Which solution quickly allows this multicast traffic to go through while allowing for future scalability?

You are a network designer and you must ensure that the network you design is secure. How do you plan to prevent infected devices on your network from sourcing random DDoS attacks using forged source address?

Which three items do you recommend for control plane hardening of an infrastructure device? (Choose three.)

What are two advantages of controller-based networks versus traditional networks? (Choose two.)

Which two factors provide multifactor authentication for secure access to applications and data, no matter where the users are or which devices they are on? (Choose two.)

You are designing a network for a branch office. In order to improve convergence time, you are required to use the BFD feature Which four routing protocols can you use to facilitate this? (Choose four.)

Company XYZ is in the process of identifying which transport mechanism(s) to use as their WAN technology. Their main two requirements are.

• a technology that could offer DPI, SLA, secure tunnels, privacy, QoS, scalability, reliability, and ease of management

• a technology that is cost-effective

Which WAN technology(ies) should be included in the design of company XYZ?

Which two mechanisms avoid suboptimal routing in a network with dynamic mutual redistribution between multiple OSPFv2 and EIGRP boundaries? (Choose two.)

In an OSPF network with routers connected together with Ethernet cabling, which topology typically takes the longest to converge?

An engineer is designing a DMVPN network where OSPF has been chosen as the routing protocol A spoke-to-spoke 'J

Which two features are advantages of SD-WAN compared to MPLS-based connectivity? (Choose two.)

Which mechanism enables small, unmanaged switches to plug into ports of access switches without risking switch loops?

Which parameter is the most important factor to consider when deciding service placement in a cloud solution?

An architect receives a business requirement from a CTO that states the RTO and RPO for a new system should be as close as possible to zero. Which replication method and data center technology should be used?

You are tasked with the design of a high available network. Which two features provide fail closed environments? (Choose two.)

The network team in XYZ Corp wants to modernize their infrastructure and is evaluating an implementation and migration plan to allow integration MPLS-based, Layer 2 Ethernet services managed by a service provider to connect branches and remote offices. To decrease OpEx and improve

response times when network components fail, XYZ Corp decided to acquire and deploy new routers. The network currently is operated over E1 leased lines (2 Mbps) with a managed CE service provided by the telco.

Drag and drop the implementation steps from the left onto the corresponding targets on the right in the correct order.

Refer to the exhibit.

OSPF is running as the IGP to provide reachability to all AS100 networks R3 and R4 are the current ABRs at the boundary of OSPF Area0 and Areal Now BGP must be deployed within AS 100 because it will be receiving Internet routes from its eBGP peers (the service provider) connected to R1 and R2 What is an optimal solution for this deployment to configure BGP relationships and redistribute BGP learned routes into OSPF?

An enterprise solution team is performing an analysis of multilayer architecture and multicontroller SDN solutions for multisite deployments. The analysis focuses on the ability to run tasks on any controller via a standardized interface. Which requirement addresses this ability on a multicontroller platform?

While reviewing an existing network design, you are discussing the characteristics of different STP versions. Which protocol minimizes unicast flooding during a Topology Change Notification in a Layer 2 switched network with many VLANs?

Company XYZ is running BGP as their routing protocol. An external design consultant recommends that TCP path MTU discovery be enabled. Which effect will this have on the network?

What best describes the difference between Automation and Orchestration?

What are two examples of components that are part of an SDN architecture? (Choose two.)

What is a disadvantage of the traditional three-tier architecture model when east west traffic between different pods must go through the distribution and core layers?

Which undesired effect of increasing the jitter compensation buffer is true?

Which methodology is the leading lifecycle approach to network design and implementation?

What is the most important operational driver in building a resilient and secure modular network design?

Which two statements explain the operation of BFD asynchronous mode? (Choose two )

Company XYZ, a global content provider, owns data centers on different continents Their data center design involves a standard three-layer design with a Layer 3-only core VRRP is used as the FHRP They require VLAN extension across access switches in all data centers, and they plan to purchase a Layer 2 interconnection between two of their data centers in Europe in the absence of other business or technical constraints which termination point is optimal for the Layer 2 interconnection?

An enterprise wants to migrate an on-premises network to a cloud network, and the design team is finalizing the overall migration process. Drag and drop the options from the left into the correct order on the right.

What are two descriptions of network optimization? (Choose two.)

Which two characteristics apply to firewall transparent mode operations in a firewall solution design? (Choose two.)

SDN is still maturing Throughout the evolution of SDN which two things will play a key role in enabling a successful deployment and avoiding performance visibility gaps in the infrastructure? (Choose two.)

A BGP route reflector in the network is taking longer than expected to coverage during large network changes. Troubleshooting shows that the router cannot handle all the TCP acknowledgements during route updates. Which action can be performed to tune the device performance?

Your network operations team is deploying Access Control Lists (ACLs) across your Internet gateways They wish to place an ACL inbound on the Internet gateway interface facing the core network (the "trusted" interface). Which IP address would the ACL need for traffic sourced from the inside interface, to match the source address of the traffic?

Which two foundational aspects of loT are still evolving and being worked on by the industry at large? (Choose two)

Which three items do you recommend for control plane hardening of an infrastructure device? (Choose three.)

Which technology supports antispoofing and does not have any impact on encryption performance regardless of packet size?

Refer to the exhibit.

Traffic was equally balanced between Layer 3 links on core switches SW1 and SW2 before an introduction of the new video server in the network. This video server uses multicast to send video streams to hosts and now one of the links between core switches is over utilized Which design solution solves this issue?

Which two possible drawbacks should you consider when introducing Network Functions Virtualization in a network design? (Choose two)

Refer to the exhibit.

An engineer is designing the traffic flow for AS 111. Traffic from AS 111 should be preferred via AS 100 for all external routes. A method must be used that only affects AS 111. Which BGP attributes are best suited to control outbound traffic?

A Tier-3 Service Provider is evolving into a Tier-2 Service Provider due to the amount of Enterprise business it is receiving The network engineers are re-evaluating their IP/MPLS design considerations in order to support duplicate/overlapping IP addressing from their Enterprise customers within each Layer3 VPN. Which concept would need to be reviewed to ensure stability in their network?

A European national bank considers migrating its on-premises systems to a private cloud offering in a non-European location to significantly reduce IT costs. What is a primary factor prior to migration?

A software-defined network can be defined as a network with an API that allows applications to understand and react to the state of the network in near real time. A vendor is building an SDN solution that exposes an API to the RIB and potentially the forwarding engine directly. The solution provides off-box processes with the capability to interact with the routing table in the same way as a distributed routing process. Which SDN framework model does the solution use?

While designing a switched topology, in which two options is UplinkFast recommended? (Choose two )

A multicast network is sing Bidirectional PIM. Which two combined actions achieve high availability so that two RPs within the same network can act in a redundant manner? (Choose two)

Retef to the exhibit.

An engineer is designing a multiarea OSPF network for a client who also has a large EIGRP domain EIGRP routes are getting redistributed into OSPF ,OSPF area 20 has routers with limited memory and CPU resources The engineer wants to block routes from EIGRP 111 from propagating into area 20 and allow EIGRP 222 routes to How in Which OSPF area type fulfills this design requirement?

A key to maintaining a highly available network is building in the appropriate redundancy to protect against failure. This redundancy is carefully balanced with the inherent complexity of redundant systems. Which design consideration is relevant for enterprise WAN use cases when it comes to resiliency?

Company XYZ is running SNMPv1 in their network and understands that it has some flaws. They want to change the security design to implement SNMPv3 in the network Which network threat is SNMPv3 effective against?

Drag and drop the QoS technologies from the left onto the correct capabilities on the right

Which three tools are used for ongoing monitoring and maintenance of a voice and video environment? (Choose three.)

Company XYZ has designed their network to run GRE over IPsec on their Internet-based VPN to connect two sites. Which IPsec tunneling feature can they enable to optimize the data flow while ensuring that the headers contain no duplicate IP addresses?

Refer to the exhibit.

Company XYZ must design a DMVPN tunnel between the three sites Chicago is going to act as the NHS and the company wants DMVPN to detect peer endpoint failures Which technology should be used m the design?

Which SDN architecture component is used by the application layer to communicate with the control plane layer to provide instructions about the resources required by applications?

Company ABC uses IPv4-only. Recently they started deploying new endpoint devices. For operational reasons, IPv6 cannot be disabled on these new endpoint devices. Which security measure prevents the new endpoint from learning an IPv6 prefix from an attacker?

Which two design option are available to dynamically discover the RP in an IPv6 multicast network? (Choose

two)

You have been tasked with designing a data center interconnect as part of business continuity You want to use FCoE over this DCI to support synchronous replication. Which two technologies allow for FCoE via lossless Ethernet or data center bridging? (Choose two.)

Customer XYZ network consists of an MPLS core. IS-IS running as IGP a pair of BGP route reflectors for route propagation, and a few dozens of MPLS-TE tunnels for specific tactical traffic engineering requirements. The customer's engineering department has some questions about the use of the Overload Bit in the IS-IS networks and how it could be used to improve their current network design. Which two concepts about the Overload Bit are true? (Choose two.)

The network designer needs to use GLOP IP addresses in order to make them unique within their ASN Which multicast address range should be used?

Which design principal improves network resiliency?

Drag and drop the multicast protocols from the left onto the current design situation on the right.

Which architecture does not require an explicit multicast signaling protocol, such as PIM or P2MP, to signal the multicast state hop-by-hop, but instead uses a link state protocol to advertise the multicast forwarding state?

Company XYZ is planning to deploy primary and secondary (disaster recovery) data center sites. Each of these sites will have redundant SAN fabrics and data protection is expected between the data center sites. The sites are 100 miles (160 km) apart and target RPO/RTO are 3 hrs and 24 hrs, respectively. Which two considerations must Company XYZ bear in mind when deploying replication in their scenario? (Choose two.)