Cisco Certified Design Expert (CCDE v3.1) Questions and Answers
Which protocol does an SD-Access wireless Access Point use for its fabric data plane?
Company XYZ has a multicast domain that spans across multiple autonomous systems. The company wants a simplified and controlled approach to interconnecting multicast domains. Which technology is the best fit?
A network architect must redesign a service provider edge, where multiservice and multitenant PEs are currently present. Which design feature should be minimized in the new design to achieve reliability?
Company XYZ has 30 sites using MPLS L3 VPN and is concerned about data integrity. They want a centralized configuration model and minimal overhead. Which technology can be used?
A healthcare provider discovers that protected health information of patients was altered without patient consent. The healthcare provider is subject to HIPAA compliance and is required to protect PHI data. Which type of security safeguard should be implemented to resolve this issue?
SDN is still maturing. Throughout the evolution of SDN, which two things will play a key role in enabling a successful deployment and avoiding performance visibility gaps in the infrastructure? (Choose two.)
Which parameter is the most important factor to consider when deciding service placement in a cloud solution?
Which relationship between IBGP and the underlying physical topology is true?
Which two impacts of adding the IP event dampening feature to a network design are true? (Choose two.)
In an OSPF network with routers connected together with Ethernet cabling, which topology typically takes the longest to converge?
A business wants to centralize services via VDI technology and to replace remote WAN desktop PCs with thin client-type machines to reduce operating costs. Which consideration supports the new business requirement?
Company XYZ wants to improve the security design of their network to include protection from reconnaissance and DoS attacks on their sub-interfaces destined toward next hop routers. Which technology can be used to prevent these types of attacks?
Company XYZ allows employees to use any open desk and plug their laptops in. They want authentication using domain credentials and future capability for segmentation within the same subnet. Which protocol can be recommended?
What is a disadvantage of the traditional three-tier architecture model when east-west traffic between different pods must go through the distribution and core layers?
How must the queue sizes be designed to ensure that an application functions correctly?
The CIA triad is foundational to information security, and one can be certain that one or more of the principles within the CIA triad has been violated when data is leaked or a system is attacked Drag and drop the countermeasures on the left to the appropriate principle section on the right in any order
A consultant needs to evaluate project management methodologies for a new service deployment on the existing network of a customer. The customer wants to be involved in the end-to-end project progress and be provided with frequent updates. The customer also wants the ability to change the requirements if needed, as the project progresses. Which project management methodology should be used?
Identity and access management between multiple users and multiple applications has become a mandatory requirement for Company XYZ to fight against ever-increasing cybersecurity threats. To achieve this, federated identity services have been deployed to provide Single Sign-On and Multi-Factor Authentication. Which protocol can be used by Company XYZ to provide authentication and authorization services?
A multinational enterprise integrates a cloud solution with these objectives:
• Achieve seamless connectivity across different countries and regions
• Extend data center and private clouds into public clouds and provider-hosted clouds
What are two outcomes of deploying data centers and fabrics that interconnect different cloud networks? (Choose two.)
What are two key design principles when using a hierarchical core-distribution-access network model? (Choose two.)
Retef to the exhibit.
An engineer is designing a multiarea OSPF network for a client who also has a large EIGRP domain. EIGRP routes are getting redistributed into OSPF. OSPF area 20 has routers with limited memory and CPU resources. The engineer wants to block routes from EIGRP 111 from propagating into area 20 and allow EIGRP 222 routes to flow in. Which OSPF area type fulfills this design requirement?
Which two features describe controller-based networking solutions compared to traditional networking solutions? (Choose two.)
Company XYZ is revisiting the security design for their data center because they now have a requirement to control traffic within a subnet and implement deep packet inspection. Which technology meets the updated requirements and can be incorporated into the design?
Which security architecture component offers streamlined security operations, ease of use, and visibility across all network security elements, independent of location or form factor?
Company XYZ is running OSPF in their network. They have merged with another company that is running EIGRP as the routing protocol. Company XYZ now needs the two domains to talk to each other with redundancy, while maintaining a loop-free environment. The solution must scale when new networks are added into the network in the near future. Which technology can be used to meet these requirements?
What best describes the difference between Automation and Orchestration?
You are designing a network running both IPv4 and IPv6 to deploy QoS. Which consideration is correct about the QoS for IPv4 and IPv6?
Which two conditions must be met for EIGRP to maintain an alternate loop-free path to a remote network? (Choose two.)
An enterprise requires MPLS-connected branches to access cloud-based Microsoft 365 services over an SD-WAN solution. Internet access is available only at dual regional hub sites that are connected to the MPLS network. Which connectivity method provides an optimum access method to the cloud-based services if one ISP suffers loss or latency?
Customer XYZ network consists of an MPLS core, IS-IS running as IGP, a pair of BGP route reflectors for route propagation, and a few dozen MPLS-TE tunnels for specific tactical traffic engineering requirements. The customer's engineering department has some questions about the use of the Overload Bit in the IS-IS networks and how it could be used to improve their current network design. Which two concepts about the Overload Bit are true? (Choose two.)
Hybrid cloud computing allows organizations to take advantage of public and private cloud models. Which best practice should organizations follow to ensure data security in the private cloud?
Which feature is supported by NETCONF but is not supported by SNMP?
Which technology is an open-source infrastructure automation tool that automates repetitive tasks for users who work in networks such as cloud provisioning and intraservice orchestration?
Refer to the exhibit.
Which impact of using three or more ABRs between the backbone area and area 1 is true?
Which two features control multicast traffic in a VLAN environment? (Choose two)
Organizations that embrace Zero Trust initiatives ranging from business policies to technology infrastructure can reap business and security benefits. Which two domains should be covered under Zero Trust initiatives? (Choose two)
Network operators have many options available, from fully centralized to fully distributed control planes, and each approach has its own set of characteristics. Drag and drop the characteristics from the left onto the corresponding approach on the right.
Company XYZ runs OSPF in their network. A design engineer decides to implement hot-potato routing architecture. How can this implementation be achieved?
Which technology supports antispoofing and does not have any impact on encryption performance regardless of packet size?
Drag and drop the correct mitigation methods from the left onto the corresponding types of attack on the right
The Company XYZ network is experiencing attacks against their router. Which type of Control Plane Protection must be used on the router to protect all control plane IP traffic that is destined directly for one of the router interfaces?
Company XYZ is migrating their existing network to IPv6. Some access layer switches do not support IPv6, while core and distribution switches fully support unicast and multicast routing. The company wants to minimize cost of the migration. Which migration strategy should be used?
As network designer, which option is your main concern with regards to virtualizing multiple network zones into a single hardware device?
Which three elements help network designers to construct secure systems that protect information and resources (such as devices, communication, and data) from unauthorized access, modification, inspection, or destruction? (Choose three.)
A multicast network is using Bidirectional PIM. Which two combined actions achieve high availability so that two RPs within the same network can act in a redundant manner? (Choose two)
Which development model is closely associated with traditional project management?
A network security team observes phishing attacks on a user machine from a remote location. The organization has a policy of saving confidential data on two different systems using different types of authentication. What is the next step to control such events after the security team verifies all users in Zero Trust modeling?
Drag and drop the characteristics from the left onto the corresponding network management options on the right.
Which two features are advantages of SD-WAN compared to MPLS-based connectivity? (Choose two.)
Refer to the exhibit.
For Company XYZ, Bangkok is using ECMP to reach the 172.20.2.0/24 network. The company wants a design that would allow them to forward traffic from 172.16.2.0/24 toward 172.20.2.0/24 via the Singapore router as the preferred route. The rest of the traffic should continue to use ECMP. Which technology fulfills this design requirement?
Company XYZ is running SNMPv1 in their network and understands that it has some flaws. They want to change the security design to implement SNMPv3 in the network. Which network threat is SNMPv3 effective against?
Company XYZ connects its sites over a private WAN. Their overlay network is running a DMVPN setup where the headquarters site is the hub. The company is planning on implementing multicast routing on the network. What should be used in the multicast routing design?
A business wants to refresh its legacy Frame Relay WAN and consolidate product specialists via video in 200 branches. Which technology should be used?
Which design benefit of bridge assurance is true?
An enterprise plans to evolve from a traditional WAN network to a software-defined WAN network. The existing devices have limited capability when it comes to virtualization. As the migration is carried out, enterprise applications and services must not experience any traffic impact. Which implementation plan can be used to accommodate this during the migration phase?
Your company wants to deploy a new data center infrastructure. Based on the requirements you have chosen VXLAN as encapsulation technology. The customer is concerned about misconfiguration of Layer 2 devices and DC-wide outages caused by Layer 2 loops. What do you answer?
Refer to the exhibit.
This network is running legacy STP 802.1d. Assuming "hello_timer" is fixed to 2 seconds, which parameters can be modified to speed up convergence times after single link/node failure?
A customer with two 10 Mbps Internet links (active-active) experiences degraded performance when one fails. Static routing is used, and bandwidth upgrades aren't possible. The design must be failure-resistant without increasing CAPEX.
Which solution should be proposed?
The goal for any network designer is to strive to build a resilient network that adapts to changing conditions rapidly with minimal impact on the services running over the network. A resilient network can adapt to failures, but which soft failure can be harder to define and detect?
Company XYZ has designed their network to run GRE over IPsec on their Internet-based VPN to connect two sites. Which IPsec tunneling feature can they enable to optimize the data flow while ensuring that the headers contain no duplicate IP addresses?
A healthcare customer requested that SNMP traps must be sent over the MPLS Layer 3 VPN service. Which protocol must be enabled?
Which Interconnectivity method offers the fastest convergence in the event of a unidirectional issue between three Layer 3 switches connected together with routed links in the same rack in a data center?
What is the most important operational driver in building a resilient and secure modular network design?
Company XYZ has implemented policy-based routing in their network. Which potential problem must be kept in mind about network reconvergence and PBR?
Which effect of using ingress filtering to prevent spoofed addresses on a network design is true?
What is a characteristic of a secure cloud architecture model?
An existing wireless network was designed to support data traffic only. You must now install context-aware services for location tracking. What changes must be applied to the existing wireless network to increase the location accuracy? (Choose two)
A company plans to use BFD between its routers to detect a connectivity problem inside the switched network. An IPS is transparently installed between the switches. Which packets should the IPS forward for BFD to work under all circumstances?
Which two factors provide multifactor authentication for secure access to applications and data? (Choose two.)
A software-defined networking (SDN) controller learns network topology information by using BGP link-state sessions with the route reflectors of an MPLS-enabled network. The controller then uses the topology information to apply on-demand traffic policies to the network through a protocol that is supported from all Layer 3 routers. Each policy is represented as a RIB entry in the control plane of the router. Which SDN model has been implemented?
In outsourced IT services, the RTO is defined within the SLA. Which two support terms are often included in the SLA by IT and other service providers? (Choose two.)
Agile and Waterfall are two popular methods for organizing projects. What describes any Agile network design development process?
Company XYZ branch offices connect to headquarters using two links, MPLS and Internet. The company wants to design traffic flow so voice traffic uses MPLS and all other traffic uses either link, avoiding process switching. Which technique can be used?
A network architect is designing a policy where database applications access the internet directly, while other traffic routes through the data center, with dynamic path switching based on performance. Which solution meets these requirements?
Which two advantages of using DWDM over traditional optical networks are true? (Choose two.)
Which component of the SDN architecture automatically ensures that application traffic is routed according to policies established by network administrators?
Which extensions to GRE tunneling provide session tracking and in-order packet delivery in exchange for additional state stored in tunnel endpoints?
Company XYZ is designing the IS-IS deployment strategy for their multiarea IS-IS domain. They want IS-IS neighbor relationships minimized on each segment and the LSDB size optimized. Which design can be used?
A business requirement stating that failure of WAN access for dual circuits into an MPLS provider for a Data Centre cannot happen due to related service credits that would need to be paid has led to diversely routed circuits to different points of presence on the provider’s network. What should a network designer also consider as part of the requirement?
Which statement about OSPF hub-and-spoke topology is true?
Which service abstracts away the management of the operating system, middleware, and runtime?
You were tasked to enhance the security of a network with these characteristics:
A pool of servers is accessed by numerous data centers and remote sites
The servers are accessed via a cluster of firewalls
The firewalls are configured properly and are not dropping traffic
The firewalls occasionally cause asymmetric routing of traffic within the server data center.
Which technology should you recommend to enhance security by limiting traffic that could originate from a hacker compromising a workstation and redirecting flows at the servers?
Which two statements describe the functionality of OSPF packet-pacing timers? (Choose two.)
Company XYZ network runs IPv4 and IPv6 and they want to introduce a multidomain, multicast-based network. The new design should use a flavor of PIM that forwards traffic using SPT. Which technology meets this requirement?
The administrator of a small branch office wants to implement the Layer 2 network without running STP. The office has some redundant paths. Which mechanism can the administrator use to allow redundancy without creating Layer 2 loops?
The Agile Manifesto is a document that defines the key values and principles behind the Agile philosophy and helps development teams work more efficiently and sustainably. Each of the four key values is split into two sections—a left-hand side and a right-hand side. In other words, though there is value in the items on the right, we value the items on the left more. What is one of the key values of the Agile Manifesto?
As part of workspace digitization, a large enterprise has migrated all their users to Desktop as a Service (DaaS), by hosting the backend system in their on-premises data center. Some of the branches have started to experience disconnections to the DaaS at periodic intervals, however, local users in the data center and head office do not experience this behavior. Which technology can be used to mitigate this issue?
A BGP route reflector in the network is taking longer than expected to converge during large network changes. Troubleshooting shows that the router cannot handle all the TCP acknowledgements during route updates. Which action can be performed to tune the device performance?
Which design benefit of PortFast is true?
Which best practice ensures data security in the private cloud?
SDWAN networks capitalize the usage of broadband Internet links over traditional MPLS links to offer more cost benefits to enterprise customers. However, due to the insecure nature of the public Internet, it is mandatory to use encryption of traffic between any two SDWAN edge devices installed behind NAT gateways. Which overlay method can provide optimal transport over unreliable underlay networks that are behind NAT gateways?
A software-defined network exposes an API to the RIB and forwarding engine, allowing off-box control of routing—what SDN model is used?
A banking customer determines that it is operating POS and POI terminals that are noncompliant with PCI DSS requirements, as it is running TLSv1.0. The customer plans to migrate the terminals to TLSv1.2. What are two requirements to complete the migration? (Choose two.)
Drag and drop the optical technology design characteristics on the left to the correct optical technologies on the right. Not all options are used
Refer to the table.
A customer investigates connectivity options for a DCI between two production data centers. The solution must provide dual 10G connections between locations with no single points of failure for Day 1 operations. It must also include an option to scale for up to 20 resilient connections in the second year to accommodate isolated SAN over IP and isolated, dedicated replication IP circuits. All connectivity methods are duplex 10 Gbps. Which transport technology costs the least over two years, in the scenario?
The network designer needs to use GLOP IP addresses in order to make them unique within their ASN. Which multicast address range should be used?
Refer to the exhibit.
A company named XYZ needs to apply security policies for end-user browsing by installing a secure web proxy appliance. All the web traffic must be inspected by the appliance, and the remaining traffic must be inspected by an NGFW that has been upgraded with intrusion prevention system functionality. In which two ways must the routing be performed? (Choose two)
A customer has a functional requirement that states HR systems within a data center should be segmented from other systems that reside in the same data center and same VLAN. The systems run legacy applications by using hard-coded IP addresses. Which segmentation method is suitable and scalable for the customer?
The Company XYZ network requires OSPF dead neighbor detection in a subsecond manner. However, the company network does not support BFD. Which other feature can be used to fulfill the design requirement?
Your network operations team is deploying Access Control Lists (ACLs) across your Internet gateways. They wish to place an ACL inbound on the Internet gateway interface facing the core network (the "trusted" interface). Which IP address would the ACL need for traffic sourced from the inside interface, to match the source address of the traffic?
Which undesired effect of increasing the jitter compensation buffer is true?
Refer to the exhibit.
This network is running OSPF and EIGRP as the routing protocols. Mutual redistribution of the routing protocols has been configured on the appropriate ASBRs. The OSPF network must be designed so that flapping routes in EIGRP domains do not affect the SPF runs within OSPF. The design solution must not affect the way EIGRP routes are propagated into the EIGRP domains. Which technique accomplishes the requirement?
Which two statements about MLD snooping are true? (Choose two)
Refer to the exhibit.
Refer to the exhibit. A new high availability DB server cluster is installed in the network. These two servers require high bandwidth and low latency Layer 2 connectivity for database replication.
Which solution supports these requirements?