Cisco 400-007 Cisco Certified Design Expert (CCDE v3.1) Exam Practice Test

Which option is a fate-sharing characteristic in regards to network design?

Which design consideration is valid when you contrast fabricPath and trill?

What are two common approaches to analyzing and designing networks? (Choose two.)

Cost is often one of the motivators for a business to migrate from a traditional network to a software- defined network. Which design decision is directly influenced by CAPEX drivers?

Company XYZ plans to run OSPF on a DMVPN network. They want to use spoke-to-spoke tunnels in the design What is a drawback or concern in this type of design?

Which three elements help network designers to construct secure systems that protect information and resources (such as devices, communication, and data) from unauthorized access, modification, inspection, or destruction? (Choose three.)

As a network designer you need to support an enterprise with hundreds of remote sites connected over a single WAN network that carries different types of traffic, including VoIP, video, and data applications which of following design considerations will not impact design decision?

Drag and drop the FCAPS network management reference models from the left onto the correct definitions on the right.

How can EIGRP topologies be designed to converge as fast as possible in the event of a point-to-point link failure?

Company XYZ is running OSPF in their network. They have merged with another company that is running EIGRP as the routing protocol. Company XYZ now needs the two domains to talk to each other with redundancy, while maintaining a loop free environment. The solution must scale when new networks are added into the network in the near future. Which technology can be used to meet these requirements?

Company XYZ has two offices connected to each other over unequal redundant paths and they are running OSPF as the routing protocol An external network architect recommends BFD for OSPF Which effect would BFD have in the case of a link failure?

Refer to the exhibit.

Two data center siles X and Y are connected with a direct backdoor link with these conditions •Site-specific firewalls are deployed behind the Internet edge routers R1 and R2 •Both sites are advertising the address pool 100 75 10 0/23 toward the internet Site-X finds that Internet traffic returning from user PCs comes back on the Site-Y link Which design resolves the issue?

According to the CIA triad principles for network security design, which principle should be priority for a Zero Trust network?

Which two statements describe network automation and network orchestration? (Choose two.)

Which two features are advantages of SD-WAN compared to MPLS-based connectivity? (Choose two.)

A green data center is being deployed and a design requirement is to be able to readily scale server virtualization Which IETF standard technology can provide this requirement?

Which function is performed at the access layer of the three-layer hierarchical network design model?

Company XYZ has a new network based on IPv6. Some of the subnets that they are planning to use will be confidential and need an addressing scheme that confines them to the local campus network. Which type of IPv6 addresses can be used for these networks in the IPv6 addressing design?

You want to mitigate failures that are caused by STP loops that occur before UDLD detects the failure or that are caused by a device that is no longer sending BPDUs. Which mechanism do you use along with UDLD?

Which design solution reduces the amount of IGMP state in the network?

End users are moving swiftly toward a hybrid cloud model to support faster IT service delivery. To implement a hybrid cloud architecture, what are two critical requirements for broader cloud service provider and vendor interoperability in terms of cloud security and compliance? (Choose two.)

Company XYZ is designing the network for IPv6 security and they have these design requirements:

A switch or router must deny access to traffic from sources with addresses that are correct, but are topologically incorrect

Devices must block Neighbor Discovery Protocol resolution for destination addresses that are not found in the binding table.

Which two IPv4 security features are recommended for this company? (Choose two)

Which optimal use of interface dampening on a fast convergence network design is true?

Which feature must be part of the network design to wait a predetermined amount of time before notifying the routing protocol of a change in the path in the network?

An architect receives a business requirement from a CTO that states the RTO and RPO for a new system should be as close as possible to zero. Which replication method and data center technology should be used?

A private cloud is accessed over the private IT network infrastructure that is potentially vulnerable to violations, data leaks, and man-in- the-middle attacks. The security team is evaluating the following solutions to address the challenges:

•Encrypt data at rest and in transition.

•Use strong identity and access management (IAM) capabilities.

•Communicate the inherent data security risks to your customers and end-users.

Assuming that adoption of a hybrid cloud model is likely to occur within the next 12 months, which two solutions can also help provide protection in a hybrid cloud environment? (Choose two.)

Which solution component helps to achieve rapid migration to the cloud for SaaS and public cloud leveraging SD-WAN capabilities?

Refer to the exhibit.

Company XYZ BGP topology is as shown in the diagram. The interface on the LA router connected toward the 10 1.5.0/24 network is faulty and is going up and down, which affects the entire routing domain. Which routing technique can the network administrator use so that the rest of the network is not affected by the flapping issue?

Which best practice ensures data security in the private cloud?

Which design benefit of PortF ast is true?

In a redundant hub and spoke "wheel" design, all spokes are connected to the hub, and spokes are connected to other spokes as well. During failure on one spoke link, the traffic from that site can be sent to a neighboring site for it to be forwarded to the hub site. But during peak hours, a link is overloaded and traffic is re-routed to a neighbor, which subsequently becomes overloaded. This overload results in network traffic oscillation as the load varies at each spoke site. This design provides more redundancy but not more resiliency because the routing protocol must process many alternate paths to determine the lowest cost path. Which two design

changes help to improve resilience in this case? (Choose two.)

A Service Provider is designing a solution for a managed CE service to a number of local customers using a single CE platform and wants to have logical separation on the CE platform using Virtual Routing and Forwarding (VRF) based on IP address ranges or packet length. Which is the most scalable solution to provide this type of VRF Selection process on the CE edge device?

A service provider recently migrated to an SD-WAN solution for delivering WAN connections to its customers. One of the main challenges with the SD-WAN deployment is that branch site volume increases every year, which causes management complexity. Which action resolves the issue?

Which purpose of a dynamically created tunnel interface on the design of IPv6 multicast services Is true?

A customer asks you to perform a high level review of their upcoming WAN refresh for remote sites The review is specially focused on their retail store operations consisting of 500+ locations connected via mutlipoint IPsec VPN solution. Which routing protocol would be valid but would also be the most restrictive for the expansion of this deployment model?

Refer to the exhibit.

Company XYZ is currently running IPv4 but has decided to start the transition into IPv6. The initial objective is to allow communication based on IPv6 wherever possible, and there should still be support in place for devices that only support IPv4. These devices must be able to communicate to IPv6 devices as well. Which solution must be part of the design?

Customer XYZ network consists of an MPLS core. IS-IS running as IGP a pair of BGP route reflectors for route propagation, and a few dozens of MPLS-TE tunnels for specific tactical traffic engineering requirements. The customer's engineering department has some questions about the use of the Overload Bit in the IS-IS networks and how it could be used to improve their current network design. Which two concepts about the Overload Bit are true? (Choose two.)

A network engineering team is in the process of designing a lab network for a customer demonstration. The design engineer wants to show that the resiliency of the MPLS traffic Engineering Fast Reroute solution has the same failover/failback times as a traditional SONET/SDH network (around 50MSEC). In order to address both link failure and node failure within the lab typology network, which type of the MPLS TE tunnels must be considered for this demonstration?

An engineer must redesign the QoS strategy for Company XYZ The current network is experiencing many dropped packets due to oversubscription of the guaranteed bandwidth allocated by the service provider. Company XYZ wants a design with a QoS strategy that controls the traffic flow leaving the Edge router to minimize packet drops Which QoS technique can be recommended as a solution?

Which two statements explain the operation of BFD asynchronous mode? (Choose two )

When designing a WAN that will be carrying real-time traffic, what are two important reasons to consider serialization delay? (Choose two )

Refer to the exhibit.

For Company XYZ Bangkok is using ECMP to reach the 172 20 2 0/24 network The company wants a design that would allow them to forward traffic from 172 16 2 0/24 toward 172 20 2 0/24 via the Singapore router as the preferred route The rest of the traffic should continue to use ECMP Which technology fulfills this design requirement?

What are two key design principles when using a hierarchical core-distribution-access network model? (Choose two )

Refer to the table.

A customer investigates connectivity options for a DCI between two production data centers to aid a large-scale migration project. The solution must provide a single 10G connection between locations and be able to run its own varying QoS profiles without service provider interaction based on the migration stages. All connectivity methods are at 10 Gbps. Which transport technology costs the least if the connectivity is required for just one year?

Company XYZ is designing their network using the three-layer hierarchical model. At which layer must the QoS design classify or mark the traffic?

Which two factors must be considered while calculating the RTO? (Choose two )

A business requirement stating that failure of WAN access for dual circuits into an MPLS provider for a Data Centre cannot happen due to related service credits that would need to be paid has led to diversely routed circuits to different points of presence on the providers network? What should a network designer also consider as part of the requirement?

The controller has a global view of the network, and it can easily ensure that the network is in a consistent and optimal configuration. Which two statements describe a centralized SDN control path? (Choose two.)

Company XYZ is migrating their existing network to IPv6 and they must plan for Layer 2 and Layer 3 devices Some of the access layer switches do not support IPv6, however, core and distribution switches fully support unicast and multicast routing. The company wants to minimize cost of the migration. Which migration strategy should be used in the design?

What are two top cloud-native security challenges faced by today's cloud-oriented organizations? (Choose two.)

Refer to the exhibit.

The network 10.10.0 .0/16 has been redistributed to OSPF processes and the best path to the destination from R1 has been chosen as R1-R2-R3 A failure occurred on the link between R2 and R3 and the path was changed to R1-R4-R5-R3 What happens when the link between R2 and R3 is restored'?

A network security team observes phishing attacks on a user machine from a remote location. The organization has a policy of saving confidential data on two different systems using different types of authentication. What is the next step to control such events after the security team verifies all users in Zero Trust modeling?

Which two possible drawbacks should you consider when introducing Network Functions Virtualization in a network design? (Choose two)

Company XYZ wants to deploy OSPF. The design plan requires that two OSPF networks be mutually redistributed at multiple locations and ensure end-to-end connectivity to all of the company's networks Which technology can be used to fulfill the requirements while avoiding the creation of routing loops?

Which SDN architecture component is used by the application layer to communicate with the control plane layer to provide instructions about the resources required by applications?

Company XYZ is running SNMPv1 in their network and understands that it has some flaws. They want to change the security design to implement SNMPv3 in the network Which network threat is SNMPv3 effective against?

The Agile release train workflow focuses on tasks which can be accomplished reliably and efficiently Scrum and Kanban are two of the most popular Agile frameworks, but both have a specific use case based on the implementation requirements In which two situations are Kanban the ideal framework to use”? (Choose two.)

Company XYZ has 30 sites running a legacy private WAN architecture that connects to the Internet via multiple high- speed connections The company is now redesigning their network and must comply with these design requirements :

Use a private WAN strategy that allows the sites to connect to each other directly and caters for future expansion.

Use the Internet as the underlay for the private WAN.

Securely transfer the corporate data over the private WAN.

Which two technologies should be Incorporated into the design of this network? (Choose two.)

Company XYZ has multiple production units and marketing departments across the region The current network is a mixture of point-to-point links and MPLS Layer 3 VPN service from the provider. The Info-Sec team has suggested to isolate production traffic end-to-end with an encryption over the transport network to comply with the HIPAA standard Which solution must be used in their design if Company XYZ wants a quick roll out”?

Which two points must network designers consider when designing a new network design or when evaluating an existing network design to help them understand the high-level design direction with regards to the security aspects? (Choose two)

Company XYZ wants to use the FCAPS ISO standard for network management design. The focus of the design should be to monitor and keep track of any performance issues by continuously collecting and analyzing statistical information to monitor, correct, and optimize any reduced responsiveness across the network. Which layer accomplishes this design requirement?

Company XYZ has implemented policy-based routing in their network. Which potential problem must be kept in mind about network reconvergence and PBR?

Which management category is not part of FCAPS framework?

Scrum is a subset of Agile and is a lightweight process framework for Agile development Which role becomes the interface between the business the customers and their product-related needs on one side and the Team on the other?

Which protocol does an SD-Access wireless Access Point use for its fabric data plane?

Company ABC uses IPv4-only. Recently they started deploying new endpoint devices. For operational reasons, IPv6 cannot be disabled on these new endpoint devices. Which security measure prevents the new endpoint from learning an IPv6 prefix from an attacker?

A network attacker exploits application flaws to compromise critical systems in the organization with these objectives:

• Obtain sensitive data and export the data out of the network.

• Compromise developer and administrator credentials to potentially

What is the next step after application discovery is completed in Zero Trust networkings

Creating a network that functions as a strategic part of the business rather than simply being a cost center, starts with a good understanding of business requirements and processes What specific type of knowledge helps to create high-level LAN WAN. and data center designs that support and enable the business?

An enterprise service provider is designing the network for a customer who runs a video application in both a centralized and distributed fashion The team has looked at the following parameters

•The available bandwidth for branches and the associated cost

•Video resource cost

•Usage patterns at hub-and-spoke sites.

•Call agent bridge selection algorithm

Which key piece of information is missing and needs to be taken into consideration in order to determine the correct resource allocation model?

Which technology is an open-source infrastructure automation tool that automates repetitive tasks for users who work in networks such as cloud provisioning and intraservice orchestration?

During evaluation of migrating current on premises infrastructure to add cloud-based infrastructure, a network planning team must meet three core requirements as they make recommendations on which cloud strategy to adopt going forward

• Technology is changing rapidly, therefore the enterprise must be open to adopting new ways of doing things, and be ready to invest CapEx-funds in the next three years

• Network bandwidth capacity requirements are dynamic and are expected to change over the next year

• If new technologies are to be introduced, operational expenses must be kept at a minimum. Which cloud strategy meets these requirements?

An enterprise wants to provide low-cost delivery of network systems that can be scaled on business demand, followed by an initiative to reduce capital expenses for new IT equipment. Which technology meets these goals'?

Retef to the exhibit.

This network is running OSPF and EIGRP as the routing protocols Mutual redistribution of the routing protocols has been contoured on the appropriate ASBRs The OSPF network must be designed so that flapping routes m EIGRP domains do not affect the SPF runs within OSPF The design solution must not affect the way EIGRP routes are propagated into the EIGRP domains Which technique accomplishes the requirement?

When planning their cloud migration journey what is crucial for virtually all organizations to perform?

Company XYZ has a hub-and-spoke topology over an SP-managed infrastructure. To measure traffic performance metrics, they implemented IP SLA senders on all spoke CE routers and an IP SLA responder on the hub CE router. What must they monitor to have visibility on the potential performance impact due to the constantly increasing number of spoke sites?

Which architecture does not require an explicit multicast signaling protocol, such as PIM or P2MP, to signal the multicast state hop-by-hop, but instead uses a link state protocol to advertise the multicast forwarding state?

Drag and drop the QoS technologies from the left onto the correct capabilities on the right

How many fully established neighbour relationships exist on an Ethernet with five routers running OSPF as network type broadcast?

An enterprise solution team is performing an analysis of multilayer architecture and multicontroller SDN solutions for multisite deployments. The analysis focuses on the ability to run tasks on any controller via a standardized interface. Which requirement addresses this ability on a multicontroller platform?

An enterprise network has two core routers that connect to 200 distribution routers and uses full-mesh IBGP peering between these routers as its routing method. The distribution routers are experiencing high CPU utilization due to the BGP process. Which design solution is the most cost effective?

Drag and drop the multicast protocols from the left onto the current design situation on the right.

An architect receives a functional requirement for a NAC system from a customer security policy stating that if a corporate Wi-Fi device does not meet current AV definitions, then it cannot access the corporate network until the definitions are updated. Which component should be built into the NAC design?

A banking customer determines that it is operating POS and POI terminals that are noncompliant with PCI DSS requirements, as it is running TLSv1.0. The customer plans to migrate the terminals to TLSv1.2. What are two requirements to complete the migration? (Choose two.)

Which two descriptions of CWDM are true? (Choose two)

Identity and access management between multiple users and multiple applications has become a mandatory requirement for Company XYZ to fight against ever increasing cybersecurity threats. To achieve this, federated identity services have been deployed in the Company XYZ network to provide single sign-on and Multi-Factor Authentication for the applications and services. Which protocol can be used by Company XYZ to provide authentication and authorization services?

Company XYZ has a multicast domain that spans across multiple autonomous systems. The company wants to choose a technology that provides simplified and controlled approach to interconnecting the multicast domains. Which technology is the best fit for this purpose?

Agile and Waterfall are two popular methods for organizing projects. What describes any Agile network design development process?

An existing wireless network was designed to support data traffic only. You must now install context Aware services for location tracking changes must be applied to the existing wireless network to increase the location accuracy? (Chose two)

What advantage of placing the IS-IS layer 2 flooding domain boundary at the core Layer in a three-layer hierarchical network is true?

Refer to the exhibit.

An engineer is designing the traffic flow for AS 111. Traffic from AS 111 should be preferred via AS 100 for all external routes. A method must be used that only affects AS 111. Which BGP attributes are best suited to control outbound traffic?

Company XYZ uses an office model where the employees can use any open desk and plug their laptops in. They want to authenticate the end users using their domain username and password before allowing them access to the network. The design must also accommodate the ability of controlling traffic within the same group or subnet if a macro (or micro) segmentation-based model is adopted in the future. Which protocol can be recommended for this design to authenticate end users?

What are two design constraints in a standard spine and leaf architecture? (Choose two.)

You are designing a network running both IPv4 and IPv6 to deploy QoS Which consideration is correct about the QoS for IPv4 and IPv6?

You are tasked with the design of a high available network. Which two features provide fail closed environments? (Choose two.)

Two enterprise networks must be connected together. Both networks are using the same private IP addresses.

The client requests from both sides should be translated using hide NAT (dynamic NAT) with the overload

feature to save IF addresses from the NAT pools. Which design addresses this requirement using only one

Cisco I OS NAT router for both directions?

Backups and mirror-copies of data are an essential part of RPO solutions If a business wants to reduce their CAPEX for disaster recovery, which of the following solutions are applicable?

You are tasked to design a QoS policy for a service provider so they can include it in the design of their MPLS core network If the design must support an MPLS network with six classes, and CEs will be managed by the service provider, which QoS policy should be recommended?

A Tier-3 Service Provider is evolving into a Tier-2 Service Provider due to the amount of Enterprise business it is receiving The network engineers are re-evaluating their IP/MPLS design considerations in order to support duplicate/overlapping IP addressing from their Enterprise customers within each Layer3 VPN. Which concept would need to be reviewed to ensure stability in their network?

In search of a system capable of hosting, monitoring compiling. and testing code in an automated way, what can be recommended to the organization?

Which aspect of BGP-LS makes it scalable in large network when multiarea topology information must be gathered?

Company XYZ wants to use the FCAPS ISO standard for network management design. The focus of the design should be to minimize network outages by employing a set of procedures and activities to detect and isolate network issues and the appropriate corrective actions to overcome current issues and prevent them from occurring again. Which layer accomplishes this design requirement?

Drag and drop the design use cases from the left onto the correct uRPF techniques used to prevent spoofing attacks Not all options are used.

Which design benefit of bridge assurance is true?

Refer to the table.

A customer investigates connectivity options for a DCI between two production data centers. The solution must provide dual 10G connections between locations with no single points of failure for Day 1 operations. It must also include an option to scale for up to 20 resilient connections in the second year to accommodate isolated SAN over IP and isolated, dedicated replication IP circuits. All connectivity methods are duplex 10 Gbps. Which transport technology costs the least over two years, in the scenario?

Which two statements describe the functionality of OSPF packet-pacing timers? (Choose two )

The group-pacing timer controls the interval that is used for group and individual LSA refreshment

Company XYZ, a global content provider, owns data centers on different continents Their data center design involves a standard three-layer design with a Layer 3-only core VRRP is used as the FHRP They require VLAN extension across access switches in all data centers, and they plan to purchase a Layer 2 interconnection between two of their data centers in Europe in the absence of other business or technical constraints which termination point is optimal for the Layer 2 interconnection?

What is a characteristic of a secure cloud architecture model?

You are a network designer and you must ensure that the network you design is secure. How do you plan to prevent infected devices on your network from sourcing random DDoS attacks using forged source address?

Which two types of planning approaches are used to develop business-driven network designs and to facilitate the design decisions? (Choose two)

An organization is working on a design solution for a new Internet-based remote access virtual private network that has 1000 remote sites. A network administrator recommends GETVPN as the model What is a potential problem of using GETVPN in this situation?

Company XYZ has two routing domains in their network, EIGRP and OSPF. The company wants to provide full reachability between the two domains by implementing redistribution on a router running both protocols. They need to design the redistribution in a way that the OSPF routers will see link costs added to external routes. How must the redistribution strategy be designed for this network?

Which Interconnectivity method offers the fastest convergence in the event of a unidirectional issue between three Layer 3 switches connected together with routed links in the same rack in a data center?

A software-defined networking (SDN) controller teams network topology information by using BGP link-state sessions with the route reflectors of an MPLS-enabled network. The controller then uses the topology information to apply on-demand traffic policies to the network through a protocol that is supported from all Layer 3 routers Each policy is represented as a RIB entry in the control plane of the router Which SDN model has been implemented?