Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: wrap60

Cisco 400-007 Dumps

Page: 1 / 35
Total 349 questions

Cisco Certified Design Expert (CCDE v3.1) Questions and Answers

Question 1

Which protocol does an SD-Access wireless Access Point use for its fabric data plane?

Options:

A.

GRE

B.

MPLS

C.

VXLAN

D.

LISP

E.

CAPWAP

Question 2

Company XYZ has a multicast domain that spans across multiple autonomous systems. The company wants a simplified and controlled approach to interconnecting multicast domains. Which technology is the best fit?

Options:

A.

MSDP

B.

PIM SSM

C.

MPLS

D.

PIM sparse mode

Question 3

A network architect must redesign a service provider edge, where multiservice and multitenant PEs are currently present. Which design feature should be minimized in the new design to achieve reliability?

Options:

A.

bridging

B.

fate sharing

C.

redundancy

D.

unicast overlay routing

Question 4

Company XYZ has 30 sites using MPLS L3 VPN and is concerned about data integrity. They want a centralized configuration model and minimal overhead. Which technology can be used?

Options:

A.

S-VTI

B.

DMVPN

C.

MGRE

D.

GET VPN

Question 5

A healthcare provider discovers that protected health information of patients was altered without patient consent. The healthcare provider is subject to HIPAA compliance and is required to protect PHI data. Which type of security safeguard should be implemented to resolve this issue?

Options:

A.

technical and physical access control

B.

administrative security management processes

C.

physical device and media control

D.

technical integrity and transmission security

Question 6

SDN is still maturing. Throughout the evolution of SDN, which two things will play a key role in enabling a successful deployment and avoiding performance visibility gaps in the infrastructure? (Choose two.)

Options:

A.

Rapid on-demand growth

B.

Dynamic real-time change

C.

Falling back to old behaviors

D.

Peer-to-peer controller infrastructure

E.

Integration of device context

Question 7

Which parameter is the most important factor to consider when deciding service placement in a cloud solution?

Options:

A.

Data replication cost

B.

Application structure

C.

Security framework implementation time

D.

Data confidentiality rules

Question 8

Which relationship between IBGP and the underlying physical topology is true?

Options:

A.

iBGP full mesh requirement does not dictate any specific network topology.

B.

iBGP can work only on a ring network topology with a link-state protocol like OSPF or IS-IS.

C.

iBGP full mesh requires an underlying fully meshed network topology.

D.

iBGP does not work on a ring network topology even with an underlying IGP.

Question 9

Which two impacts of adding the IP event dampening feature to a network design are true? (Choose two.)

Options:

A.

It protects against routing loops.

B.

It switches traffic immediately after a link failure.

C.

It speeds up link failure detection.

D.

It reduces the utilization of system processing resources.

E.

It improves overall network stability.

Question 10

In an OSPF network with routers connected together with Ethernet cabling, which topology typically takes the longest to converge?

Options:

A.

Partial mesh

B.

Full mesh

C.

Ring

D.

Squared

E.

Triangulated

Question 11

A business wants to centralize services via VDI technology and to replace remote WAN desktop PCs with thin client-type machines to reduce operating costs. Which consideration supports the new business requirement?

Options:

A.

VDI servers should be contained centrally within a DMZ

B.

The thin client traffic should be placed in a WAN QoS priority queue

C.

VDI servers should be contained within dedicated VLANs in each branch location

D.

The WAN should offer low latency and be resized

Question 12

Company XYZ wants to improve the security design of their network to include protection from reconnaissance and DoS attacks on their sub-interfaces destined toward next hop routers. Which technology can be used to prevent these types of attacks?

Options:

A.

MPP

B.

CPPr

C.

CoPP

D.

DPP

Question 13

Company XYZ allows employees to use any open desk and plug their laptops in. They want authentication using domain credentials and future capability for segmentation within the same subnet. Which protocol can be recommended?

Options:

A.

LDAP

B.

EAP

C.

TACACS+

D.

RADIUS

Question 14

What is a disadvantage of the traditional three-tier architecture model when east-west traffic between different pods must go through the distribution and core layers?

Options:

A.

Low bandwidth

B.

Security

C.

Scalability

D.

High latency

Question 15

How must the queue sizes be designed to ensure that an application functions correctly?

Options:

A.

Each individual device queuing delay in the chain must be less than or equal to the application required delay.

B.

The queuing delay on every device in the chain must be exactly the same to the application required delay.

C.

The default queue sizes are good for any deployment as it compensates the serialization delay.

D.

The sum of the queuing delay of all devices plus serialization delay in the chain must be less than or equal to the application required delay.

Question 16

The CIA triad is foundational to information security, and one can be certain that one or more of the principles within the CIA triad has been violated when data is leaked or a system is attacked Drag and drop the countermeasures on the left to the appropriate principle section on the right in any order

as

Options:

Question 17

A consultant needs to evaluate project management methodologies for a new service deployment on the existing network of a customer. The customer wants to be involved in the end-to-end project progress and be provided with frequent updates. The customer also wants the ability to change the requirements if needed, as the project progresses. Which project management methodology should be used?

Options:

A.

Three principles

B.

Phased

C.

Agile

D.

Waterfall

Question 18

Identity and access management between multiple users and multiple applications has become a mandatory requirement for Company XYZ to fight against ever-increasing cybersecurity threats. To achieve this, federated identity services have been deployed to provide Single Sign-On and Multi-Factor Authentication. Which protocol can be used by Company XYZ to provide authentication and authorization services?

Options:

A.

OAuth2

B.

OpenID Connect

C.

OpenID

D.

SAML2.0

Question 19

A multinational enterprise integrates a cloud solution with these objectives:

• Achieve seamless connectivity across different countries and regions

• Extend data center and private clouds into public clouds and provider-hosted clouds

What are two outcomes of deploying data centers and fabrics that interconnect different cloud networks? (Choose two.)

Options:

A.

Enhanced security

B.

Data and network ownership

C.

Ability to place workloads across clouds

D.

Centralized visibility

E.

Unidirectional workload mobility across the cloud

Question 20

What are two key design principles when using a hierarchical core-distribution-access network model? (Choose two.)

Options:

A.

A hierarchical network design model aids fault isolation

B.

The core layer is designed first, followed by the distribution layer and then the access layer

C.

The core layer provides server access in a small campus

D.

A hierarchical network design facilitates changes

E.

The core layer controls access to resources for security

Question 21

Retef to the exhibit.

as

An engineer is designing a multiarea OSPF network for a client who also has a large EIGRP domain. EIGRP routes are getting redistributed into OSPF. OSPF area 20 has routers with limited memory and CPU resources. The engineer wants to block routes from EIGRP 111 from propagating into area 20 and allow EIGRP 222 routes to flow in. Which OSPF area type fulfills this design requirement?

Options:

A.

area 20 as a stub area

B.

type 5 LSA filtering on the ASBR between EIGRP 111 and area 0

C.

area 20 as a NSSA area

D.

type 3 LSA filtering on the ABR between area 0 and area 20

Question 22

Which two features describe controller-based networking solutions compared to traditional networking solutions? (Choose two.)

Options:

A.

Inflate licensing costs

B.

Reduce network configuration complexity

C.

Provide centralization of primary IT functions

D.

Allow for fewer network failures

E.

Increase network bandwidth usage

Question 23

Company XYZ is revisiting the security design for their data center because they now have a requirement to control traffic within a subnet and implement deep packet inspection. Which technology meets the updated requirements and can be incorporated into the design?

Options:

A.

Routed firewall

B.

VLAN ACLs on the switch

C.

Transparent firewall

D.

Zone-based firewall on the Layer 3 device

Question 24

Which security architecture component offers streamlined security operations, ease of use, and visibility across all network security elements, independent of location or form factor?

Options:

A.

Threat-centric protection

B.

Integrated actionable intelligence

C.

Distributed enforcement

D.

Central command and control

Question 25

Company XYZ is running OSPF in their network. They have merged with another company that is running EIGRP as the routing protocol. Company XYZ now needs the two domains to talk to each other with redundancy, while maintaining a loop-free environment. The solution must scale when new networks are added into the network in the near future. Which technology can be used to meet these requirements?

Options:

A.

multipoint route-redistribution with route filtering using ACLs

B.

DUMP multipoint route-redistribution with route filtering using route tags

C.

DUMPS single point route-redistribution with route filtering using route tags

D.

DUMPS single point route-redistribution with route filtering using ACLs

Question 26

What best describes the difference between Automation and Orchestration?

Options:

A.

Automation refers to an automatic process for completing a single task and Orchestration refers to assembling and coordinating a set of tasks and conditions.

B.

Automation describes a hands-off configuration process while Orchestration refers to sets of automation tasks that require the network administrator to coordinate.

C.

Automation refers to an automatic process for completing multiple tasks with conditions and Orchestration refers to executing tasks in parallel.

D.

Automation refers to scripting languages (Python, Ansible etc.) and Orchestration refers to commercial products that control configuration deployment.

Question 27

You are designing a network running both IPv4 and IPv6 to deploy QoS. Which consideration is correct about the QoS for IPv4 and IPv6?

Options:

A.

IPv4 and IPv6 traffic types can use queuing mechanisms such as LLQ, PQ, and CQ.

B.

IPv6 packet classification is only available with process switching, whereas IPv4 packet classification is available with both process switching and CEF.

C.

IPv6 and IPv4 traffic types can use a single QoS policy to match both protocols.

D.

Different congestion management mechanisms need to be used for IPv4 and IPv6 traffic types.

Question 28

Which two conditions must be met for EIGRP to maintain an alternate loop-free path to a remote network? (Choose two.)

Options:

A.

The Reported Distance from a successor is lower than the local Feasible Distance.

B.

The Reported Distance from a successor is higher than the local Feasible Distance.

C.

The feasibility condition does not need to be met.

D.

The Feasible Distance from a successor is lower than the local Reported Distance.

E.

A feasible successor must be present.

Question 29

An enterprise requires MPLS-connected branches to access cloud-based Microsoft 365 services over an SD-WAN solution. Internet access is available only at dual regional hub sites that are connected to the MPLS network. Which connectivity method provides an optimum access method to the cloud-based services if one ISP suffers loss or latency?

Options:

A.

Cloud onRamp gateway site

B.

Cloud onRamp SWG

C.

Cloud onRamp

D.

Cloud onRamp SaaS

Question 30

Customer XYZ network consists of an MPLS core, IS-IS running as IGP, a pair of BGP route reflectors for route propagation, and a few dozen MPLS-TE tunnels for specific tactical traffic engineering requirements. The customer's engineering department has some questions about the use of the Overload Bit in the IS-IS networks and how it could be used to improve their current network design. Which two concepts about the Overload Bit are true? (Choose two.)

Options:

A.

It can be set on a router during the startup process for a fixed period of time

B.

Networks advertised within the LSPs of the respective node will become unreachable

C.

It forces the midpoint MPLS-TE node to reoptimize the primary tunnels going through the OL node.

D.

It can be set on a router until other interacting protocols have signaled convergence.

E.

It is not recommended on BGP Route Reflectors

Question 31

Hybrid cloud computing allows organizations to take advantage of public and private cloud models. Which best practice should organizations follow to ensure data security in the private cloud?

Options:

A.

Use standard protocols for data transmission over the network.

B.

Encrypt data when it is at rest and in motion.

C.

Communicate all data security risks to customers and end users.

D.

Use standard network protocols for data communication between unsecured network connections.

Question 32

Which feature is supported by NETCONF but is not supported by SNMP?

Options:

A.

Distinguishing between configuration data and operational data

B.

Taking administrative actions

C.

Collecting the status of specific fields

D.

Changing the configuration of specific fields

Question 33

Which technology is an open-source infrastructure automation tool that automates repetitive tasks for users who work in networks such as cloud provisioning and intraservice orchestration?

Options:

A.

Ansible

B.

Contrail

C.

Java

D.

Jinja2

Question 34

Refer to the exhibit.

as

Which impact of using three or more ABRs between the backbone area and area 1 is true?

Options:

A.

In a large-scale network LSA replication by all ABRs can cause serious scalability issues

B.

Multiple ABRs reduce the CPU processing on each ABR due to splitting prefix advertisement

C.

In a large-scale network multiple ABRs can create microloops

D.

Prefixes from the non-backbone area are advertised by one ABR to the backbone

Question 35

Which two features control multicast traffic in a VLAN environment? (Choose two)

Options:

A.

IGMP snooping

B.

MLD snooping

C.

RGMP

D.

PIM snooping

E.

pruning

Question 36

Organizations that embrace Zero Trust initiatives ranging from business policies to technology infrastructure can reap business and security benefits. Which two domains should be covered under Zero Trust initiatives? (Choose two)

Options:

A.

workload

B.

work domain

C.

workplace

D.

workgroup

E.

workspace

Question 37

Network operators have many options available, from fully centralized to fully distributed control planes, and each approach has its own set of characteristics. Drag and drop the characteristics from the left onto the corresponding approach on the right.

as

Options:

Question 38

Company XYZ runs OSPF in their network. A design engineer decides to implement hot-potato routing architecture. How can this implementation be achieved?

Options:

A.

Enable iBGP and apply prepend to ensure all prefixes will have the same length of the AS path attribute value.

B.

Redistribute the external prefixes onto OSPF and ensure the total metric calculation includes only the ext value and the value is the same in all ASBRs.

C.

Enable OSPF load-balancing over unequal cost path.

D.

Redistribute the external prefixes onto OSPF and ensure that the total metric calculation includes external internal values.

Question 39

Which technology supports antispoofing and does not have any impact on encryption performance regardless of packet size?

Options:

A.

MACsec

B.

IP source guard

C.

DHCP snooping with DAI

D.

IPsec

Question 40

Drag and drop the correct mitigation methods from the left onto the corresponding types of attack on the right

as

Options:

Question 41

The Company XYZ network is experiencing attacks against their router. Which type of Control Plane Protection must be used on the router to protect all control plane IP traffic that is destined directly for one of the router interfaces?

Options:

A.

Control Plane Protection host subinterface

B.

Control Plane Protection main interface

C.

Control Plane Protection transit subinterface

D.

Control Plane Protection CEF-exception subinterface

Question 42

Company XYZ is migrating their existing network to IPv6. Some access layer switches do not support IPv6, while core and distribution switches fully support unicast and multicast routing. The company wants to minimize cost of the migration. Which migration strategy should be used?

Options:

A.

The access layer switches must support IGMP snooping at a minimum. Any switches that do not support IGMP snooping must be replaced.

B.

Upgrade the non-supporting switches. Otherwise, it will cause an issue with the migration.

C.

Layer 2 switches will not affect the implementation of IPv6. They can be included in the design in their current state.

D.

The access layer switches must support DHCPv6. Any switches that do not support DHCPv6 must be replaced.

Question 43

As network designer, which option is your main concern with regards to virtualizing multiple network zones into a single hardware device?

Options:

A.

Fate sharing

B.

CPU resource allocation

C.

Congestion control

D.

Security

E.

Bandwidth allocation

Question 44

Which three elements help network designers to construct secure systems that protect information and resources (such as devices, communication, and data) from unauthorized access, modification, inspection, or destruction? (Choose three.)

Options:

A.

confidential

B.

serviceability

C.

reliability

D.

availability

E.

integrity

F.

scalability

Question 45

A multicast network is using Bidirectional PIM. Which two combined actions achieve high availability so that two RPs within the same network can act in a redundant manner? (Choose two)

Options:

A.

Use two phantom RP addresses

B.

Manipulate the administration distance of the unicast routes to the two RPs

C.

Manipulate the multicast routing table by creating static mroutes to the two RPs

D.

Advertise the two RP addresses in the routing protocol

E.

Use anycast RP based on MSDP peering between the two RPs

F.

Control routing to the two RPs through a longest match prefix

Question 46

Which development model is closely associated with traditional project management?

Options:

A.

Static model

B.

Agile model

C.

Evolutionary delivery model

D.

Lifecycle model

Question 47

A network security team observes phishing attacks on a user machine from a remote location. The organization has a policy of saving confidential data on two different systems using different types of authentication. What is the next step to control such events after the security team verifies all users in Zero Trust modeling?

Options:

A.

Enforce risk-based and adaptive access policies.

B.

Assess real-time security health of devices.

C.

Apply a context-based network access control policy for users.

D.

Ensure trustworthiness of devices.

Question 48

Drag and drop the characteristics from the left onto the corresponding network management options on the right.

as

Options:

Question 49

Which two features are advantages of SD-WAN compared to MPLS-based connectivity? (Choose two.)

Options:

A.

Uses FEC constructs for traffic forwarding, thereby improving efficiency

B.

Separates infrastructure and policy

C.

Uses policy-based forwarding of real-time traffic with less complexity

D.

Unifies the WAN backbone

E.

Manages failures through backup links

Question 50

Refer to the exhibit.

as

For Company XYZ, Bangkok is using ECMP to reach the 172.20.2.0/24 network. The company wants a design that would allow them to forward traffic from 172.16.2.0/24 toward 172.20.2.0/24 via the Singapore router as the preferred route. The rest of the traffic should continue to use ECMP. Which technology fulfills this design requirement?

Options:

A.

policy-based routing

B.

route summarization

C.

unequal-cost load balancing using variance

D.

LFA

Question 51

Company XYZ is running SNMPv1 in their network and understands that it has some flaws. They want to change the security design to implement SNMPv3 in the network. Which network threat is SNMPv3 effective against?

Options:

A.

Man-in-the-middle attack

B.

Masquerade threats

C.

DDoS attack

D.

Brute force dictionary attack

Question 52

Company XYZ connects its sites over a private WAN. Their overlay network is running a DMVPN setup where the headquarters site is the hub. The company is planning on implementing multicast routing on the network. What should be used in the multicast routing design?

Options:

A.

PIM dense mode with RP located at the hub

B.

PIM sparse mode with RP located at each remote site

C.

PIM sparse mode with RP located at the hub

D.

PIM dense mode with RP located at each remote site

Question 53

A business wants to refresh its legacy Frame Relay WAN and consolidate product specialists via video in 200 branches. Which technology should be used?

Options:

A.

DMVPN phase 1 network over the Internet

B.

Layer 3 MPLS VPN hub and spoke

C.

Layer 2 VPLS

D.

Layer 3 MPLS VPN full mesh

Question 54

Which design benefit of bridge assurance is true?

Options:

A.

It supposes a spanning-tree topology change upon connecting and disconnecting a station on a port

B.

It prevents switched traffic from traversing suboptimal paths on the network.

C.

It allows small, unmanaged switches to be plugged into ports of access switches without the risk of switch loops.

D.

It prevents switch loops caused by unidirectional point-to-point link condition on Rapid PVST+ and MST

Question 55

An enterprise plans to evolve from a traditional WAN network to a software-defined WAN network. The existing devices have limited capability when it comes to virtualization. As the migration is carried out, enterprise applications and services must not experience any traffic impact. Which implementation plan can be used to accommodate this during the migration phase?

Options:

A.

Deploy controllers, deploy SD-WAN edge routers in the data center, and migrate branch sites.

B.

Migrate data center WAN routers, migrate branch sites, and deploy SD-WAN edge routers.

C.

Migrate branch sites, migrate data center WAN routers, and deploy controllers.

D.

Deploy SD-WAN edge routers in the data center, deploy controllers, and migrate branch sites.

Question 56

Your company wants to deploy a new data center infrastructure. Based on the requirements you have chosen VXLAN as encapsulation technology. The customer is concerned about misconfiguration of Layer 2 devices and DC-wide outages caused by Layer 2 loops. What do you answer?

Options:

A.

VXLAN offers native loop avoidance mechanism

B.

Storm Control should be enabled on all ports

C.

VPC+ could prevent L2 loop on access ports

D.

BPDU Guard should be enabled on all VTEP access ports

Question 57

Refer to the exhibit.

as

This network is running legacy STP 802.1d. Assuming "hello_timer" is fixed to 2 seconds, which parameters can be modified to speed up convergence times after single link/node failure?

Options:

A.

The transit_delay=5 and bpdu_delay=20 are recommended values, considering hello_timer=2 and specified.

B.

Only the maximum_transmission_halt_delay and diameter parameters are configurable parameters in 802.1d to speed up STP convergence process.

C.

The max_age and forward delay parameters can be adjusted to speed up STP convergence process.

D.

Only the transit_delay and bpdu_delay timers are configurable parameters in 802.1d to speed up STP convergence process.

Question 58

A customer with two 10 Mbps Internet links (active-active) experiences degraded performance when one fails. Static routing is used, and bandwidth upgrades aren't possible. The design must be failure-resistant without increasing CAPEX.

Which solution should be proposed?

Options:

A.

Implement quality of service on the current links

B.

Add a third link to the current router

C.

Add an additional edge router connected to a second ISP

D.

Use dynamic routing for equal-cost multipath

Question 59

The goal for any network designer is to strive to build a resilient network that adapts to changing conditions rapidly with minimal impact on the services running over the network. A resilient network can adapt to failures, but which soft failure can be harder to define and detect?

Options:

A.

A network with operational challenges due to lack of skills

B.

A network that is not running in an optimal way

C.

A network which does not solve complexity issues

D.

A network or service that experiences outages

Question 60

Company XYZ has designed their network to run GRE over IPsec on their Internet-based VPN to connect two sites. Which IPsec tunneling feature can they enable to optimize the data flow while ensuring that the headers contain no duplicate IP addresses?

Options:

A.

Transport Mode in IPsec Phase I

B.

Transport Mode in IPsec Phase II

C.

Tunnel Mode in IPsec Phase II

D.

Tunnel Mode in IPsec Phase I

Question 61

A healthcare customer requested that SNMP traps must be sent over the MPLS Layer 3 VPN service. Which protocol must be enabled?

Options:

A.

SNMPv3

B.

Syslog

C.

Syslog TLS

D.

SNMPv2

E.

SSH

Question 62

Which Interconnectivity method offers the fastest convergence in the event of a unidirectional issue between three Layer 3 switches connected together with routed links in the same rack in a data center?

Options:

A.

Copper Ethernet connectivity with BFD enabled

B.

Copper Ethernet connectivity with UDLD enabled

C.

Fiber Ethernet connectivity with BFD enabled

D.

Fiber Ethernet connectivity with UDLD enabled

Question 63

What is the most important operational driver in building a resilient and secure modular network design?

Options:

A.

Dependencies on hardware or software that is difficult to scale

B.

Minimize app downtime

C.

Reduce the frequency of failures requiring human intervention

D.

Increase time spent on developing new features

Question 64

Company XYZ has implemented policy-based routing in their network. Which potential problem must be kept in mind about network reconvergence and PBR?

Options:

A.

It can limit network scalability

B.

It can create microloops during reconvergence

C.

It increases convergence time.

D.

It reduces convergence time.

Question 65

Which effect of using ingress filtering to prevent spoofed addresses on a network design is true?

Options:

A.

It reduces the effectiveness of DDoS attacks when associated with DSCP remarking to Scavenger.

B.

It protects the network infrastructure against spoofed DDoS attacks.

C.

It classifies bogon traffic and remarks it with DSCP bulk.

D.

It filters RFC 1918 IP addresses.

Question 66

What is a characteristic of a secure cloud architecture model?

Options:

A.

limited access to job function

B.

dedicated and restricted workstations

C.

multi-factor authentication

D.

software-defined network segmentation

Question 67

An existing wireless network was designed to support data traffic only. You must now install context-aware services for location tracking. What changes must be applied to the existing wireless network to increase the location accuracy? (Choose two)

Options:

A.

Add access points along the perimeter of the coverage area.

B.

Increase the access point density to create an average inter-access point distance of less than 40 feet or 12.2 meters.

C.

Use directional antennas to provide more cell overlapping.

D.

Install additional access points in monitor mode where the co-channel interference would otherwise be affected.

E.

Fine tune the radio configuration of the access point to have a higher average transmission power to achieve better coverage.

Question 68

A company plans to use BFD between its routers to detect a connectivity problem inside the switched network. An IPS is transparently installed between the switches. Which packets should the IPS forward for BFD to work under all circumstances?

Options:

A.

Fragmented packet with the do-not-fragment bit set

B.

IP packets with broadcast IP source addresses

C.

IP packets with the multicast IP source address

D.

IP packet with the multicast IP destination address

E.

IP packets with identical source and destination IP addresses

F.

IP packets with the destination IP address 0.0.0.0.

Question 69

Which two factors provide multifactor authentication for secure access to applications and data? (Choose two.)

Options:

A.

Persona-based

B.

Power-based

C.

Push-based

D.

Possession-based

E.

Pull-based

Question 70

A software-defined networking (SDN) controller learns network topology information by using BGP link-state sessions with the route reflectors of an MPLS-enabled network. The controller then uses the topology information to apply on-demand traffic policies to the network through a protocol that is supported from all Layer 3 routers. Each policy is represented as a RIB entry in the control plane of the router. Which SDN model has been implemented?

Options:

A.

SDN centralized

B.

SDN traffic engineering

C.

SD-WAN

D.

SDN hybrid

Question 71

In outsourced IT services, the RTO is defined within the SLA. Which two support terms are often included in the SLA by IT and other service providers? (Choose two.)

Options:

A.

Network size and cost

B.

Support availability

C.

Network sustainability

D.

Network reliability

E.

Resolution time

Question 72

Agile and Waterfall are two popular methods for organizing projects. What describes any Agile network design development process?

Options:

A.

Working design over comprehensive documentation

B.

Contract negotiation over customer collaboration

C.

Following a plan over responding to change

D.

Processes and tools over individuals and interactions over time

Question 73

Company XYZ branch offices connect to headquarters using two links, MPLS and Internet. The company wants to design traffic flow so voice traffic uses MPLS and all other traffic uses either link, avoiding process switching. Which technique can be used?

Options:

A.

Policy-based routing

B.

Virtual links

C.

Visualization

D.

Floating static route

Question 74

A network architect is designing a policy where database applications access the internet directly, while other traffic routes through the data center, with dynamic path switching based on performance. Which solution meets these requirements?

Options:

A.

MPLS L3VPN with QoS

B.

Cloud OnRamp for IaaS

C.

Cloud OnRamp for SaaS

D.

MPLS Direct Connect

Question 75

Which two advantages of using DWDM over traditional optical networks are true? (Choose two.)

Options:

A.

inherent topology flexibility and service protection provided without penalty through intelligent oversubscription of bandwidth reservation

B.

ability to expand bandwidth over existing optical infrastructure

C.

inherent topology flexibility with built-in service protection

D.

inherent topology flexibility with intelligent chromatic dispersion

E.

inherent topology flexibility with service protection provided through a direct integration with an upper layer protocol

Question 76

Which component of the SDN architecture automatically ensures that application traffic is routed according to policies established by network administrators?

Options:

A.

Packet forwarding engine

B.

Northbound API

C.

Southbound API

D.

SDN controller

Question 77

Which extensions to GRE tunneling provide session tracking and in-order packet delivery in exchange for additional state stored in tunnel endpoints?

Options:

A.

GRE Protocol Type and Checksum extension fields.

B.

GRE Version and Reserved0 extension fields.

C.

No extension fields are available in the GRE header to track session data and packet sequences.

D.

GRE Key and Sequence number extensions.

Question 78

Company XYZ is designing the IS-IS deployment strategy for their multiarea IS-IS domain. They want IS-IS neighbor relationships minimized on each segment and the LSDB size optimized. Which design can be used?

Options:

A.

Design all routers as Level 2 routers. Set the links between the routers as Level 1 with the area

B.

Design the network so that the routers connecting to other areas are Level 2 routers and internal routers are Level 1

C.

Design the network so that all routers are Level 1 routers

D.

Design the network so that the routers connecting to other areas are Level 1/Level 2 routers and internal routers are Level 1

Question 79

A business requirement stating that failure of WAN access for dual circuits into an MPLS provider for a Data Centre cannot happen due to related service credits that would need to be paid has led to diversely routed circuits to different points of presence on the provider’s network. What should a network designer also consider as part of the requirement?

Options:

A.

Provision of an additional MPLS provider

B.

Out of band access to the MPLS routers

C.

Ensuring all related remote branches are dual-homed to the MPLS network

D.

Dual PSUs & Supervisors on each MPLS router

Question 80

Which statement about OSPF hub-and-spoke topology is true?

Options:

A.

The DR election is a challenge unless a point-to-point network type is used

B.

The DR and BDR election occurs regardless of the underlying OSPF network type

C.

Traffic does not need to traverse the hub to reach the spokes.

D.

The spoke routers can belong to different areas regardless of the underlying OSPF network type

Question 81

Which service abstracts away the management of the operating system, middleware, and runtime?

Options:

A.

IaaS

B.

PaaS

C.

SaaS

D.

BMaaS

Question 82

You were tasked to enhance the security of a network with these characteristics:

    A pool of servers is accessed by numerous data centers and remote sites

    The servers are accessed via a cluster of firewalls

    The firewalls are configured properly and are not dropping traffic

    The firewalls occasionally cause asymmetric routing of traffic within the server data center.

Which technology should you recommend to enhance security by limiting traffic that could originate from a hacker compromising a workstation and redirecting flows at the servers?

Options:

A.

Poison certain subnets by adding static routes to Null0 on the core switches connected to the pool of servers.

B.

Deploy uRPF strict mode.

C.

Limit sources of traffic that exit the server-facing interface of the firewall cluster with ACLs.

D.

Deploy uRPF loose mode.

Question 83

Which two statements describe the functionality of OSPF packet-pacing timers? (Choose two.)

Options:

A.

The group-pacing timer controls the interval that is used for group and individual LSA refreshment

B.

OSPF flood-pacing timers allow dynamic control of the OSPF transmission queue size

C.

OSPF retransmission-pacing timers allow control of interpacket spacing between consecutive link-state update packets in the OSPF retransmission queue

D.

OSPF retransmission-pacing timers allow control of packet interleaving between nonconsecutive link-state update packets in the OSPF retransmission queue

E.

OSPF flood-pacing timers allow control of interpacket spacing between consecutive link-state update packets in the OSPF transmission queue

Question 84

Company XYZ network runs IPv4 and IPv6 and they want to introduce a multidomain, multicast-based network. The new design should use a flavor of PIM that forwards traffic using SPT. Which technology meets this requirement?

Options:

A.

PIM-DM

B.

PIM-SM

C.

PIM-SSM

D.

BIDIR-PIM

Question 85

The administrator of a small branch office wants to implement the Layer 2 network without running STP. The office has some redundant paths. Which mechanism can the administrator use to allow redundancy without creating Layer 2 loops?

Options:

A.

Use double-sided VPC on both switches

B.

Use two port channels as Flex links

C.

Use FabricPath with ECMP

D.

Use 802.3ad link bundling

Question 86

The Agile Manifesto is a document that defines the key values and principles behind the Agile philosophy and helps development teams work more efficiently and sustainably. Each of the four key values is split into two sections—a left-hand side and a right-hand side. In other words, though there is value in the items on the right, we value the items on the left more. What is one of the key values of the Agile Manifesto?

Options:

A.

Comprehensive documentation over working software

B.

Contract negotiation over customer collaboration

C.

Individuals and interactions over processes and tools

D.

Following a plan over responding to change

Question 87

As part of workspace digitization, a large enterprise has migrated all their users to Desktop as a Service (DaaS), by hosting the backend system in their on-premises data center. Some of the branches have started to experience disconnections to the DaaS at periodic intervals, however, local users in the data center and head office do not experience this behavior. Which technology can be used to mitigate this issue?

Options:

A.

tail drop

B.

traffic shaping

C.

WRED

D.

traffic policing

Question 88

A BGP route reflector in the network is taking longer than expected to converge during large network changes. Troubleshooting shows that the router cannot handle all the TCP acknowledgements during route updates. Which action can be performed to tune the device performance?

Options:

A.

Increase the size of the hold queue.

B.

Increase the size of the large buffers.

C.

Decrease the size of the small buffers.

D.

Increase the keepalive timers for each BGP neighbor.

Question 89

Which design benefit of PortFast is true?

Options:

A.

PortFast does not generate a spanning tree topology change when a station on a port is connected or disconnected

B.

PortFast disables spanning tree on the port, which puts the port into the forwarding state immediately after it is connected

C.

PortFast allows small, unmanaged switches to be plugged into ports of access switches without risking switch loops

D.

PortFast detects one-way communications on the physical port, which prevents switch loops

E.

PortFast prevents switch loops that are caused by a unidirectional point-to-point link condition on Rapid PVST+ and MST

F.

PortFast prevents switched traffic from traversing suboptimal paths on the network

Question 90

Which best practice ensures data security in the private cloud?

Options:

A.

Use IPsec for communication between unsecured network connection

B.

Encrypt data at rest and in transition.

C.

Use the same vendor for consistent encryption.

D.

Anonymize data ownership to comply with privacy rules.

Question 91

SDWAN networks capitalize the usage of broadband Internet links over traditional MPLS links to offer more cost benefits to enterprise customers. However, due to the insecure nature of the public Internet, it is mandatory to use encryption of traffic between any two SDWAN edge devices installed behind NAT gateways. Which overlay method can provide optimal transport over unreliable underlay networks that are behind NAT gateways?

Options:

A.

TLS

B.

DTLS

C.

IPsec

D.

GRE

Question 92

A software-defined network exposes an API to the RIB and forwarding engine, allowing off-box control of routing—what SDN model is used?

Options:

A.

Replace

B.

Augmented

C.

Hybrid

D.

Distributed

Question 93

A banking customer determines that it is operating POS and POI terminals that are noncompliant with PCI DSS requirements, as it is running TLSv1.0. The customer plans to migrate the terminals to TLSv1.2. What are two requirements to complete the migration? (Choose two.)

Options:

A.

Ensure that strong cryptography is applied for users who have administrative access through networks

B.

Apply strong cryptography and security protocols to safeguard sensitive cardholder data.

C.

Apply strong encryption for transmission of cardholder data across public networks.

D.

Protect all user systems against malware and frequently update antivirus software

E.

Maintain a policy that addresses information security for employees and third parties.

Question 94

Drag and drop the optical technology design characteristics on the left to the correct optical technologies on the right. Not all options are used

as

Options:

Question 95

Refer to the table.

as

A customer investigates connectivity options for a DCI between two production data centers. The solution must provide dual 10G connections between locations with no single points of failure for Day 1 operations. It must also include an option to scale for up to 20 resilient connections in the second year to accommodate isolated SAN over IP and isolated, dedicated replication IP circuits. All connectivity methods are duplex 10 Gbps. Which transport technology costs the least over two years, in the scenario?

Options:

A.

Metro Ethernet

B.

DWDM

C.

CWDM

D.

MPLS

Question 96

The network designer needs to use GLOP IP addresses in order to make them unique within their ASN. Which multicast address range should be used?

Options:

A.

232.0.0.0 to 232.255.255.255

B.

233.0.0.0 to 233.255.255.255

C.

239.0.0.0 to 239.255.255.255

D.

224.0.0.0 to 224.0.0.255

Question 97

Refer to the exhibit.

as

A company named XYZ needs to apply security policies for end-user browsing by installing a secure web proxy appliance. All the web traffic must be inspected by the appliance, and the remaining traffic must be inspected by an NGFW that has been upgraded with intrusion prevention system functionality. In which two ways must the routing be performed? (Choose two)

Options:

A.

Policy-based routing on the collapsed core

B.

Policy-based routing on the internet edge

C.

Policy-based routing on firewalls

D.

Static routing on the appliance

Question 98

A customer has a functional requirement that states HR systems within a data center should be segmented from other systems that reside in the same data center and same VLAN. The systems run legacy applications by using hard-coded IP addresses. Which segmentation method is suitable and scalable for the customer?

Options:

A.

Data center perimeter firewalling

B.

VACLs on data center switches

C.

Transparent firewalling

D.

Routed firewalls

Question 99

The Company XYZ network requires OSPF dead neighbor detection in a subsecond manner. However, the company network does not support BFD. Which other feature can be used to fulfill the design requirement?

Options:

A.

STP

B.

Fast hello

C.

LFA

D.

DPD

Question 100

Your network operations team is deploying Access Control Lists (ACLs) across your Internet gateways. They wish to place an ACL inbound on the Internet gateway interface facing the core network (the "trusted" interface). Which IP address would the ACL need for traffic sourced from the inside interface, to match the source address of the traffic?

Options:

A.

inside global

B.

outside global

C.

inside local

D.

outside local

Question 101

Which undesired effect of increasing the jitter compensation buffer is true?

Options:

A.

The overall transport jitter decreases and quality improves.

B.

The overall transport jitter increases and quality issues can occur.

C.

The overall transport delay increases and quality issues can occur.

D.

The overall transport delay decreases and quality improves.

Question 102

Refer to the exhibit.

as

This network is running OSPF and EIGRP as the routing protocols. Mutual redistribution of the routing protocols has been configured on the appropriate ASBRs. The OSPF network must be designed so that flapping routes in EIGRP domains do not affect the SPF runs within OSPF. The design solution must not affect the way EIGRP routes are propagated into the EIGRP domains. Which technique accomplishes the requirement?

Options:

A.

route summarization at the ASBR interfaces facing the OSPF domain

B.

route summarization on the appropriate ASBRs

C.

route summarization on the appropriate ABRs

D.

route summarization on EIGRP routers connecting toward the ASBR

Question 103

Which two statements about MLD snooping are true? (Choose two)

Options:

A.

When MLD snooping is enabled, QoS is automatically enabled

B.

A VLAN can support multiple active MLD snooping queriers, as long as each one is associated to a different multicast group

C.

An MLD snooping querier election occurs when any MLD snooping querier goes down or if there is an IP address change on the active querier

D.

When multiple MLD snooping queriers are enabled in a VLAN, the querier with the lowest IP address in the VLAN is elected as the active MLD snooping querier

Question 104

Refer to the exhibit.

as

Refer to the exhibit. A new high availability DB server cluster is installed in the network. These two servers require high bandwidth and low latency Layer 2 connectivity for database replication.

Which solution supports these requirements?

Options:

A.

Add two new links between SW1 and SW2 configured as LACP trunk with STP

B.

Add secondary links to REP segments 1 and 2

C.

Add two new links between SW1 and SW2 configured as REP segment 3

D.

Add two new links between SW1 and SW2 configured as REP segments 1 and 2 respectively

Page: 1 / 35
Total 349 questions