Cisco Certified Design Expert (CCDE v3.1) Questions and Answers
Which issue poses a challenge for security architects who want end-to-end visibility of their networks?
You are leading design discussions about IPv6 implementation into an existing Enterprise network A question is raised regarding older Layer 2 switches that exist in the network, and if any changes are required to these switches for successful IPv6 implementation Which two responses do you give? (Choose two.)
A green data center is being deployed and a design requirement is to be able to readily scale server virtualization Which IETF standard technology can provide this requirement?
Which interface between the controller and the networking device enables the two tocommunicateandallowsthecontrollertoprogramthedataplaneforwardingtablesofthenetworking device?
When planning their cloud migration journey what is crucial for virtually all organizations to perform?
SDN is still maturing Throughout the evolution of SDN which two things will play a key role in enabling a successful deployment and avoiding performance visibility gaps in the infrastructure? (Choose two.)
Which two factors provide multifactor authentication for secure access to applications and data, no matter where the users are or which devices they are on? (Choose two.)
Which technology supports antispoofing and does not have any impact on encryption performance regardless of packet size?
Which two descriptions of CWDM are true? (Choose two)
Which action must be taken before new VoIP systems are implemented on a network to ensure that the network is ready to handle the traffic?
Company XYZ wants to deploy OSPF. The design plan requires that two OSPF networks be mutually redistributed at multiple locations and ensure end-to-end connectivity to all of the company's networks Which technology can be used to fulfill the requirements while avoiding the creation of routing loops?
What are two primary design constraints when a robust infrastructure solution is created? (Choose two.)
You are a network designer and you must ensure that the network you design is secure. How do you plan to prevent infected devices on your network from sourcing random DDoS attacks using forged source address?
Which two statements describe the functionality of OSPF packet-pacing timers? (Choose two )
The group-pacing timer controls the interval that is used for group and individual LSA refreshment
Company ABC wants to minimize the risk of users plugging unauthorized switches and hubs into the network Which two features can be used on the LAN access ports to support this design requirement? (Choose two.)
Drag and drop the optical technology design characteristics on the left to the correct optical technologies on the right. Not all options are used
Two companies need to implement an extranet overlay network solution by using a VPN tunnel over the internet to use each other's HTTP REST APIs The solution must only provide data integrity because data confidentiality will be covered at the application layer The existing firewall devices will be used as VPN endpoints for the tunnel but they have limited available resources Which type of VPN tunnel must be deployed for the extranet service?
Your network operations team is deploying Access Control Lists (ACLs) across your Internet gateways They wish to place an ACL inbound on the Internet gateway interface facing the core network (the "trusted" interface). Which IP address would the ACL need for traffic sourced from the inside interface, to match the source address of the traffic?
Refer to the exhibit.
Which impact of using three or more ABRs between the backbone area and area 1 is true?
Drag and drop the design characteristics from the left onto the correct network filter techniques on the right. Not all options are used.
Which mechanism enables small, unmanaged switches to plug into ports of access switches without risking switch loops?
Which two statements describe the usage of the IS-IS overload bit technique? (Choose two )
Which solution component helps to achieve rapid migration to the cloud for SaaS and public cloud leveraging SD-WAN capabilities?
A business customer deploys workloads in the public cloud. Now the customer network faces governance issues with the flow of IT traffic and must ensure the security of data and intellectual property. Which action helps to identify the issue for further resolution?
A product manufacturing organization is integrating cloud services into their IT solution The IT team is working on the preparation phase of the implementation approach, which includes the Define Strategy step. This step defines the scope of IT, the application, and the service What is one topic that should be considered in the Define Strategy step?
Company XYZhasa hub-and-spoketopology overan SP-managed infrastructure.To measure trafficperformancemetrics, they implemented IP SLA senders on all spokeCErouters and an IP SLA responder on the hubCErouter. What must they monitor to have visibility on the potential performance impact due to the constantly increasing number of spoke sites?
An engineer is designing a DMVPN network where OSPF has been chosen as the routing protocol A spoke-to-spoke 'J
Which extensions to GRE tunneling provide session tracking and in-order packet delivery in exchange for additional state stored in tunnel endpoints?
A legacy enterprise is using a Service Provider MPLS network to connect its head office and branches. Recently, they added a new branch to their network. Due to physical security concerns, they want to extend their existing IP CCTV network of the head office to the new branch, without any routing changes in the network. They are also under some time constraints. What is the best approach to extend the existing IP CCTV network to the new branch, without incurring any IP address changes?
An architect prepares a network design for a startup company. The design must be able to meet business requirements while the business grows and divests due to rapidly changing markets. What is the highest priority in this design?
An engineer is designing the QoS strategy for Company XYZ. Based on initial analysis, a lot of scavenger type of traffic is traversing the network's 20Mb Internet link toward the service provider. The new design must use a QoS technique that limits scavenger traffic to 2 Mbps, which helps avoid oversubscription of the link during times of congestion. Which QoS technique can be used to facilitate this requirement?
When a company network architect is working on a new network design, they are expected to ensure that business requirements and technical aspects are factored in, but often there are other factors that comes into play as well Which non-business constraint must also be considered throughout the design phase?
Which BGP feature provides fast convergence?
An MPLS service provider is offering a standard EoMPLS-based VPLS service to Customer A. providing Layer 2 connectivity between a central site and approximately 100 remote sites. Customer A wants to use the VPLS network to carry its internal multicast video feeds which are sourced at the central site and consist of 20 groups at Mbps each. Which service provider recommendation offers the most scalability?
A key to maintaining a highly available network is building in the appropriate redundancy to protect against failure. This redundancy is carefully balanced with the inherent complexity of redundant systems. Which design consideration is relevant for enterprise WAN use cases when it comes to resiliency?
While designing a switched topology, in which two options is UplinkFast recommended? (Choose two )
An enterprise requires MPLS connected branches to access cloud-based Microsoft 365 services over an SD-WAN solution. Internet access Is available only at dual regional hub sites that are connected to the MPLS network. Which connectivity method provides an optimum access method to the cloud-based services If one ISP suffers loss or latency?
VPLS is implemented in a Layer 2 network with 2000 VLANs. What is the primary concern to ensure successful deployment of VPLS?
Refer to the exhibit. An architect must design an enterprise WAN that connects the headquarters with 22 branch offices. The number of remote sites is expected to triple in the next three years. The final solution must comply with these requirements:
Only the loopback address of each of the enterprise CE X and Y routers must be advertised to the interconnecting service provider cloud network.
The transport layer must carry the VPNv4 label and VPN payload over the MP-BGP control plane.
The transport layer must not be under service provider control.
Which enterprise WAN transport virtualization technique meets the requirements?
QUESTION 69 Refer to the exhibit. AJI links are P2P Layer 3. A high availability application is synchronizing data between host A and host B. To increase chance of delivery the same data is sent twice from host A on two different NICs toward the two NICs on host B.
Which solution must be deployed in the network to ensure that any failure in the network does not trigger data loss on host B?
An Agile for Infrastructure transition often means dismantling traditional IT hierarchies and rebuilding it to align with business objectives and workflows Organizations are seeing the benefits of using automation tools in the network such as faster more efficient more effective delivery of products and services. Which two components help increasing overall productivity and improve company culture? (Choose two.)
dedicated infrastructure
Which design benefit of PortF ast is true?
Which three characteristics of the Single Tier and the Dual Tier Headend Architectures for DMVPN designs are true? (Choose three.)
Which actions are performed at the distribution layer of the three-layer hierarchical network design model? (Choose two)
Which design solution reduces the amount of IGMP state in the network?
You are designing the QoS policy for a company that is running many TCP-based applications. The company is experiencing tail drops for these applications. The company wants to use a congestion avoidance technique for these applications. Which QoS strategy can be used to fulfill the requirement?
A network security team uses a purpose-built tool to actively monitor the campus network, applications, and user activity. The team also analyzes enterprise telemetry data from IPFIX data records that are received from devices in the campus network. Which action can be taken based on the augmented data?
If the desire is to connect virtual network functions together to accommodate different types of network service connectivity what must be deployed?
Refer to the exhibit A customer network design team is planning a migration from a legacy TDM-based L2VPN to an MPLS-based L3VPN Migration is planned in a phased approach:
•OSPF backbone Link between HUB A and HUB B sites to be migrated to eBGP
•Spoke A2 and Spoke B1 will be migrated to the L3VPN
Which solution design can be considered to avoid routing loops during backbone link migration?
Which type of interface are OpenFlow and OpFlex?
Which design principal improves network resiliency?
An IT services company offers cloud services to a banking customer. The banking customer has raised a ticket about unauthorized access and data loss. They use an authentication token on a mobile phone for authenticating access to the cloud platform from their local applications. The security response team has determined that the attacker used a phishing scheme in an effort to replace the token allowing them to direct the banking data to which policy change can help prevent identical situations in the future ?
Which two features control multicast traffic in a VLAN environment? (Choose two)
Cost is often one of the motivators for a business to migrate from a traditional network to a software- defined network. Which design decision is directly influenced by CAPEX drivers?
A Service Provider is designing a solution for a managed CE service to a number of local customers using a single CE platform and wants to have logical separation on the CE platform using Virtual Routing and Forwarding (VRF) based on IP address ranges or packet length. Which is the most scalable solution to provide this type of VRF Selection process on the CE edge device?
A customer has a functional requirement that states HR systems within a data center should be segmented from other systems that reside in the same data center and same VLAN. The systems run legacy applications by using hard-coded IP addresses. Which segmentation method is suitable and scalable for the customer?
An enterprise organization currently provides WAN connectivity to their branch sites using MPLS technology, and the enterprise network team is considering rolling out SD-WAN services for all sites.
With regards to the deployment planning, drag and drop the actions from the left onto the corresponding steps on the right.
Table
Description automatically generated with medium confidenceA healthcare customer requested that SNMP traps must be sent over the MPLS Layer 3 VPN service. Which protocol must be enabled?
You are designing a new Ethernet-based metro-area network for an enterprise customer to connect 50 sites within the same city OSPF will be the routing protocol used. The customer is primarily concerned with IPv4 address conservation and convergence time. Which two combined actions do you recommend? (Choose two)
SD-WAN can be used to provide secure connectivity to remote offices, branch offices, campus networks, data centers, and the cloud over any type of IP-based underlay transport network. Which two statements describe SD WAN solutions? (Choose two.)
A company plans to use BFD between its routers to detect a connectivity problem inside the switched network. An IPS is transparently installed between the switches. Which packets shold the IPS forward for BFD to work under all circumstances?
Company XYZ is designing the IS-IS deployment strategy for their multiarea IS-IS domain. They want IS-IS neighbour relationships to be minimized on each network segment and want to optimize the size of the IS-IS LSDB on each router. Which can design can be used to meet these requirements?
A company uses equipment from multiple vendors in a data center fabric to deliver SDN, enable maximum flexibility, and provide the best return on investment. Which YANG data model should be adopted for comprehensive features to simplify and streamline automation for the SDN fabric?
Which two design option are available to dynamically discover the RP in an IPv6 multicast network? (Choose
two)
The network designer needs to use GLOP IP addresses in order to make them unique within their ASN Which multicast address range should be used?
Which undesired effect of increasing the jitter compensation buffer is true?
A company is reviewing their technology roadmap ahead of their cloud journey The as-is assessment found that a large inventory (5000+) of servers sees less than 50% capacity utilization Which cloud architecture model supports the company to optimize the resource utilization'?
Which main IoT migration aspect should be reviewed for a manufacturing plant?
Various teams in different organizations within an enterprise are preparing low-level design documents to capture network parameters using a Waterfall project model:
• hardware sizing and power consumption
• Layer 2 and layer 3 services parameters
• configuration of all control plane protocols
Input from relevant stakeholders was captured at the start of the project, and the project scope has been defined based on the parameters above. What impact will it have on documentation and project deliverables if the stakeholders ask to have changes carried out in the network before the information has been captured?
Which purpose of a dynamically created tunnel interface on the design of IPv6 multicast services Is true?
Refer to the exhibit.
An engineer is designing the network for a multihomed customer running in AS 111 does not have any other Ass connected to it. Which technology is more comprehensive to use in the design to make sure that the AS is not being used as a transit AS?
An enterprise that runs numerous proprietary applications has major issues with its on-premises server estate hardware, to the point where business-critical functions are compromised. The enterprise accelerates plans to migrate services to the cloud. Which cloud service should be used if the enterprise wants to avoid hardware issues yet have control of its applications and operating system?
Company XYZ, a global content provider, owns data centers on different continents Their data center design involves a standard three-layer design with a Layer 3-only core VRRP is used as the FHRP They require VLAN extension across access switches in all data centers, and they plan to purchase a Layer 2 interconnection between two of their data centers in Europe in the absence of other business or technical constraints which termination point is optimal for the Layer 2 interconnection?
What is a web-based model in which a third-party provider hosts applications that are available to customers over the Internet?
Which optimal use of interface dampening on a fast convergence network design is true?
Refer to the exhibit.
A customer runs OSPF with Area 5 between its aggregation router and an internal router When a network change occurs in the backbone. Area 5 starts having connectivity issues due to the SPF algorithm recalculating an abnormal number of times in Area 5 You are tasked to redesign this network to increase resiliency on the customer network with the caveat that Router B does not support the stub area How can you accomplish this task*?
Which two technologies enable multilayer segmentation? (Choose two.)
Which design benefit of bridge assurance is true?
Router R1 is a BGP speaker with one peering neighbor over link "A". When the R1 link/interface "A" fails, routing announcements are terminated, which results in the tearing down of the state for all BGP routes at each end of the link. What is this a good example of?
An enterprise solution team is performing an analysis of multilayer architecture and multicontroller SDN solutions for multisite deployments. The analysis focuses on the ability to run tasks on any controller via a standardized interface. Which requirement addresses this ability on a multicontroller platform?
A service provider recently migrated to an SD-WAN solution for delivering WAN connections to its customers. One of the main challenges with the SD-WAN deployment is that branch site volume increases every year, which causes management complexity. Which action resolves the issue?
A BGP route reflector in the network is taking longer than expected to coverage during large network changes. Troubleshooting shows that the router cannot handle all the TCP acknowledgements during route updates. Which action can be performed to tune the device performance?
What are two key design principles when using a hierarchical core-distribution-access network model? (Choose two )
The goal for any network designer is to strive to build a resilient network that adapts to changing conditions rapidly with minimal impact on the services running over the network A resilient network can adapt to failures but which soft failure can be harder to define and detect?
Which two factors must be considered for high availability in campus LAN designs to mitigate concerns about unavailability of network resources? (Choose two.)
Hybrid cloud computing allows organizations to like advantage of public and private cloud models Which best practice should organizations follow to ensure data security in the private cloud?
The Company XYZ network requires OSPF dead neighbor detection in a subsecond manner However the company network does not support BFD Which other feature can be used to fulfill the design requirement?
A software-defined networking (SDN) controller teams network topology information by using BGP link-state sessions with the route reflectors of an MPLS-enabled network. The controller then uses the topology information to apply on-demand traffic policies to the network through a protocol that is supported from all Layer 3 routers Each policy is represented as a RIB entry in the control plane of the router Which SDN model has been implemented?
Which two features describe controller-based networking solutions compared to traditional networking solutions? (Choose two.)
Company XYZhas implemented policy-based routing in their network. Which potential problem must be kept in mind about network reconvergence and PBR?
Company XYZnetwork runsIPv4and IPv6 and they want to Introduce a multidomain, multicast-based network. The new design should use a flavor of PIM that forwards traffic using SPT. Which technology meets this requirement?
A network engineering team is in the process of designing a lab network for a customer demonstration. The design engineer wants to show that the resiliency of the MPLS traffic Engineering Fast Reroute solution has the same failover/failback times as a traditional SONET/SDH network (around 50MSEC). In order to address both link failure and node failure within the lab typology network, which type of the MPLS TE tunnels must be considered for this demonstration?
A small organization of 20 employees is looking to deliver a network design service for modernizing customer networks to support advanced solutions.
Projectscope and weekly progress should be visualized by the management.
Always consider feedback and make changes accordingly during the project.
Should consider flexibility to change scope at the point of time.
Which project methodology meets the requirements and have the least impact on the outcome?
Refer tothe exhibit.
Traffic was equally balanced between Layer 3 links on core switches SW1 and SW2 before an introduction of the new video server in the network. This video server uses multicast to send video streams to hosts and now one of the links between core switches is over utilized Which design solution solves this issue?
Which two points must network designers consider when designing a new network design or when evaluating an existing network design to help them understand the high-level design direction with regards to the security aspects? (Choose two)
Which two types of planning approaches are used to develop business-driven network designs and to facilitate the design decisions? (Choose two)
Network operators have many options available, from fully centralized to fully distributed control planes, and each approach has its own set of characteristics. Drag and drop the characteristics from the left onto the corresponding approach on the right.
As part of a new network design documentation, you are required to explain the reason for choosing cisco FabricPath for Layer 2 loop avoidance.
Which two elements help Cisco FabricPath mitigate Layer 2 loops if they happen in the Layer 2 MP network?
(Choose two)
In the wake of a security compromise incident where the internal networks were breached by an outside attacker at the perimeter of the infrastructure, an enterprise is now evaluating potential measures that can help protect against the same type of incident in the future. What are two design options that can be employed? (Choose two)
A European national bank considers migrating its on-premises systems to a private cloud offering in a non-European location to significantly reduce IT costs. What is a primary factor prior to migration?
Which two foundational aspects of loT are still evolving and being worked on by the industry at large? (Choose two)
For a company that offers online billing systems for their customers, which strategy ensures the RPO is kept as low as possible?
An architect receives a functional requirement for a NAC system from a customer security policy stating that if a corporate Wi-Fi device does not meet current AV definitions, then it cannot access the corporate network until the definitions are updated. Which component should be built into the NAC design?
Whileaccess lists are generally associated with routers and firewalls, they can also be applied on layer 2 interfaces and to VLANs to provide granular security. Which are two benefits of using layer 2 access lists for segmentation? (Choose two.)
How many fully established neighbour relationships exist on an Ethernet with five routers running OSPF as network type broadcast?
An architect designs a multi-controller network architecture with these requirements:
Achieve fast failover to control traffic when controllers fail.
Yield a short distance and high resiliency in the connection between the switches and the controller.
Reduce connectivity loss and enable smart recovery to improve the SDN survivability.
Improve connectivity by adding path diversity and capacity awareness for controllers.
Which control plane component of the multi-controller must be built to meet the requirements?
As network designer, which option is your main concern with regards to virtualizing multiple network zones into a single hardware device?
A company requires an RPO of less than 10 seconds to ensure business continuity. Which technology should be deployed?
The major business applications of an enterprise are largely monolithic and hard-coded As part of a major modernization and overhaul of the applications the goal is to move to a modular and containerized application architecture mode At the same time decoupling from the hardware is desired to move to an on-demand provisioning However the CyberOps team mandated that the final architecture must provide the same security levels as an air-gapped data center. Which cloud architecture meets these requirements?
Refer to the exhibit.
Company XYZ BGP topology is as shown in the diagram. The interface on the LA router connected toward the 10 1.5.0/24 network is faulty and is going up and down, which affects the entire routing domain. Which routing technique can the network administrator use so that the rest of the network is not affected by the flapping issue?
What are two common approaches to analyzing and designing networks? (Choose two.)
The Layer 3 control plane is the intelligence over the network that steers traffic toward its intended destination. Which two techniques can be used in service provider-style networks to offer a more dynamic, flexible, controlled, and secure control plane design? (Choose two.)
Which mechanism provides Layer 2 fault isolation between data centers?
Drag and drop the QoS technologies from the left onto the correct capabilities on the right
Network changes because of mergers, acquisitions, and divestment can be very disruptive to the network if not carried out carefully. When an organization sells parts of its business, it must detach the affected parts of the network from the rest of the network. Which network design approach is appropriate to minimize the impact and risks as the divested parts of the network are detached?
A large enterprise customer has a single router that uses two active/active 10-Mbps internet links in one of its
offices. Each link currently handles approximately 7 Mbps of traffic, which is close to the full link capacity.
When a link fails, the failure leads to significantly degraded performance of all applications. Static routing is
used. The current ISP cannot deliver additional bandwidth capacity on the existing links. The customer needs
a network design that is resistant to failure, but does not increase CAPEX. Which solution should be proposed
to the customer?
A network attacker exploits application flaws to compromise critical systems in the organization with these objectives:
• Obtain sensitive data and export the data out of the network.
• Compromise developer and administrator credentials to potentially
What is the next step after application discovery is completed in Zero Trust networkings
Feature-rich networks are complex network models that provide one or more features in addition to the network topology In attributed networks, attributes are assigned to the nodes to describe the corresponding entities For example, in a friendship network the actors can be described by their genre and their age Which two alternative network models can be used to model interaction over time or to model each attribute by a specific relationship?
