Independence Day Special Sale Limited Time 70% Discount Offer - Ends in

1d 6h 25m 24s - Coupon code: buysanta

Login / Register

Search 

Home / Cisco / CCDE v3.0 / 400-007 / Cisco Certified Design Expert (CCDE v3.0)

Question # 4

Which two design solutions ensure sub 50 msec of the convergence time after a link failure in the
network?

(Choose two)

A.
BFD

B.
Ti-LFA

C.
minimal BGP scan time

D.
MPLS-FRR
zendesk chat
E.
IGP fast hello

Chat with us
View Answer Full Access

Question # 5
Type your message here
An enterprise plans to evolve from a traditional WAN network to a software-defined WAN network. The
existing devices have limited capability when it comes to virtualization. As the migration is carried out,
enterprise applications and services must not experience any traffic impact. Which implementation plan
can be used to accommodate this during the migration phase?

A.
Deploy controllers, deploy SD-WAN edge routers. In the data center, and migrate branch sites.

B.
Migrate data center WAN routers, migrate branch sites, and deploy SD-WAN edge routers.

C.
Migrate branch sites, migrate data center WAN routers, and deploy controllers.

D.
Deploy SD-WAN edge routers in the data center, deploy controllers, and migrate branch sites

View Answer Full Access

Question # 6

A European national bank considers migrating its on-premises systems to a private cloud offering in a
non-European location to significantly reduce IT costs. What is a primary factor prior to migration?

A.
data governance

B.
additional latency

C.
security

D.
cloud connectivity

View Answer Full Access

Question # 7

Company XYZ network runs IPv4 and IPv6 and they want to Introduce a multidomain, multicast-based
network. The new design should use a flavor of PIM that forwards traffic using SPT. Which technology
meets this requirement?
A.
PIM-DM

B.
PIM-SM

C.
PIM-SSM

D.
BIDIR-PIM

View Answer Full Access

Question # 8

Drag and drop the FCAPS network management reference models from the left onto the correct
definitions on the right.

View Answer Full Access

Question # 9

Company XYZ has a new network based on IPv6. Some of the subnets that they are planning to use will be
confidential and need an addressing scheme that confines them to the local campus network. Which type
of IPv6 addresses can be used for these networks in the IPv6 addressing design?

A.
local addresses

B.
private addresses

C.
link-local addresses

D.
unique local addresses

View Answer Full Access

Question # 10

You have been asked to design a remote access VPN solution to support up to 2000 devices. You must
ensure that only corporate assets are allowed to connect to the VPN, and users must authenticate to gain
access of their based on their user role. Users must use a password that they are already using to access
existing applications . A user may not always use the same device to access the VPN. Which two options
combined meet the requirements? (Choose two)

A.
Use local usernames and passwords on the VPN device

B.
Deploy a central authentication directory that users can be authenticated and authorized against

C.
Deploy certificates that are unique to each user

D.
Deploy an IPsec VPN solution

E.
Deploy certificates that are unique to each device

F.
Deploy a SSL VPN solution

View Answer Full Access

Question # 11

Company XYZ has a hub-and-spoke topology over an SP-managed infrastructure. To measure traffic
performance metrics, they implemented IP SLA senders on all spoke CE routers and an IP SLA responder
on the hub CE router. What must they monitor to have visibility on the potential performance impact due
to the constantly increasing number of spoke sites?
A.
CPU and memory usage on the spoke routers

B.
memory usage on the hub router

C.
CPU usage on the hub router

D.
interface buffers on the hub and spoke routers

View Answer Full Access

Question # 12

Company XYZ wants to deploy OSPF. The design plan requires that two OSPF networks be mutually
redistributed at multiple locations and ensure end-to-end connectivity to all of the company's networks
Which technology can be used to fulfill the requirements while avoiding the creation of routing loops?

A.
Create a virtual link between ASBRs.

B.
Change the router ID for both ASBRs.

C.
Redistribute routes as external type 2 routes.

D.
Use route maps on ASBRs to filter routes with tags so they are not redistributed.

View Answer Full Access

Question # 13

What are two advantages of controller-based networks versus traditional networks? (Choose two.)

A.
the ability to have forwarding tables at each device

B.
more flexible configuration per device
C.
more consistent device configuration

D.
programmatic APIs that are available per device

E.
the ability to configure the features for the network rather than per device

View Answer Full Access

Question # 14

Which three tools are used for ongoing monitoring and maintenance of a voice and video environment?
(Choose three.)

A.
flow-based analysis to measure bandwidth mix of applications and their flows

B.
call management analysis to identify network convergence-related failures

C.
call management analysis to identify CAC failures and call quality issues

D.
active monitoring via synthetic probes to measure loss, latency, and jitter

E.
passive monitoring via synthetic probes to measure loss, latency, and jitter

F.
flow-based analysis with PTP time-stamping to measure loss, latency, and jitter

View Answer Full Access

Question # 15

While designing a switched topology, in which two options is UplinkFast recommended? (Choose two )

A.
when switches of different spanning-tree types are connected (for example. 802.1d connecting to
802.1w)
B.
on distribution layer switches

C.
when hello timers are changed to more aggressive values

D.
on access layer switches

E.
on the core switches

View Answer Full Access

Question # 16

Drag and drop the design characteristics from the left onto the correct network filter techniques on the
right. Not all options are used.

View Answer Full Access

Question # 17

Agile and Waterfall are two popular methods for organizing projects. What describes any Agile network
design development process?

A.
working design over comprehensive documentation

B.
contract negotiation over customer collaboration

C.
following a plan over responding to change

D.
processes and tools over individuals and interactions over time

View Answer Full Access

Question # 18

The major business applications of an enterprise are largely monolithic and hard-coded As part of a major
modernization and overhaul of the applications the goal is to move to a modular and containerized
application architecture mode At the same time decoupling from the hardware is desired to move to an
on-demand provisioning However the CyberOps team mandated that the final architecture must provide
the same security levels as an air-gapped data center. Which cloud architecture meets these
requirements?

A.
laaS

B.
private cloud

C.
PaaS

D.
hybrid cloud

E.
public cloud

View Answer Full Access

Question # 19

Which SDN architecture component is used by the application layer to communicate with the control
plane layer to provide instructions about the resources required by applications?

A.
southbound APIs

B.
northbound APIs
C.
orchestration layer

D.
SDN controller

View Answer Full Access

Question # 20

Company XYZ is planning to deploy primary and secondary (disaster recovery) data center sites. Each of
these sites will have redundant SAN fabrics and data protection is expected between the data center
sites. The sites are 100 miles (160 km) apart and target RPO/RTO are 3 hrs and 24 hrs, respectively.
Which two considerations must Company XYZ bear in mind when deploying replication in their scenario?
(Choose two.)

A.
Target RPO/RTO requirements cannot be met due to the one-way delay introduced by the distance
between sites.

B.
VSANs must be routed between sites to isolate fault domains and increase overall availability.

C.
Synchronous data replication must be used to meet the business requirements

D.
Asynchronous data replication should be used in this scenario to avoid performance impact in the primary
site.

E.
VSANs must be extended from the primary to the secondary site to improve performance and availability.

View Answer Full Access

Question # 21

A legacy enterprise is using a Service Provider MPLS network to connect its head office and branches.
Recently, they added a new branch to their network. Due to physical security concerns, they want to
extend their existing IP CCTV network of the head office to the new branch, without any routing changes
in the network. They are also under some time constraints. What is the best approach to extend the
existing IP CCTV network to the new branch, without incurring any IP address changes?
A.
GRE

B.
L2TPv3

C.
VXLAN

D.
EoMPLS

View Answer Full Access

Question # 22

An architect designs a multi-controller network architecture with these requirements:

Achieve fast failover to control traffic when controllers fail.

Yield a short distance and high resiliency in the connection between the switches and the
controller.

Reduce connectivity loss and enable smart recovery to improve the SDN survivability.

Improve connectivity by adding path diversity and capacity awareness for controllers.

Which control plane component of the multi-controller must be built to meet the requirements?

A.
control node reliability

B.
controller stale consistency

C.
control path reliability

D.
controller clustering

View Answer Full Access

Question # 23

Which three Cisco products are used in conjunction with Red Hat to provide an NFVi solution? (Choose
three.)

A.
Cisco Prime Service Catalog

B.
Cisco Open Virtual Switch

C.
Cisco Nexus switches

D.
Cisco UCS

E.
Cisco Open Container Platform

F.
Cisco Virtual Network Function

View Answer Full Access

Question # 24

In a redundant hub and spoke "wheel" design, all spokes are connected to the hub, and spokes are
connected to other spokes as well. During failure on one spoke link, the traffic from that site can be sent
to a neighboring site for it to be forwarded to the hub site. But during peak hours, a link is overloaded and
traffic is re-routed to a neighbor, which subsequently becomes overloaded. This overload results in
network traffic oscillation as the load varies at each spoke site. This design provides more redundancy but
not more resiliency because the routing protocol must process many alternate paths to determine the
lowest cost path. Which two design

changes help to improve resilience in this case? (Choose two.)

A.
Increase the number of redundant paths considered during the routing convergence calculation.

B.
Eliminate links between every spoke.

C.
Increase routing protocol convergence timers.

D.
Increase unequal-cost parallel paths.
E.
Use two links to each remote site instead of one.

View Answer Full Access

Question # 25

An enterprise that runs numerous proprietary applications has major issues with its on-premises server
estate hardware, to the point where business-critical functions are compromised. The enterprise
accelerates plans to migrate services to the cloud. Which cloud service should be used if the enterprise
wants to avoid hardware issues yet have control of its applications and operating system?

A.
SaaS

B.
PaaS

C.
laaS

D.
hybrid cloud

View Answer Full Access

Question # 26

You are designing a network running both IPv4 and IPv6 to deploy QoS Which consideration is correct
about the QoS for IPv4 and IPv6?

A.
IPv4 and IPv6 traffic types can use use queuing mechanisms such as LLQ, PQ and CQ.

B.
IPv6 packet classification is only available with process switching, whereas IPv4 packet classification is
available with both process switching and CEF.

C.
IPv6 and IB/4 traffic types can use a single QoS policy to match both protocols

D.
Different congestion management mechanisms need to be used for IPv4 and IPv6 traffic types
 View Answer Full Access

Question # 27

A multicast network is sing Bidirectional PIM. Which two combined actions achieve high availability so
that two RPs within the same network can act in a redundant manner? (Choose two)

A.
Use two phantom RP addresses

B.
Manipulate the administration distance of the unicast routes to the two RPs

C.
Manipulate the multicast routing table by creating static mroutes to the two RPs

D.
Advertise the two RP addresses in the routing protocol

E.
Use anycast RP based on MSDP peering between the two RPs

F.
Control routing to the two RPs through a longest match prefix

View Answer Full Access

Question # 28

What are two examples of business goals to be considered when a network design is built? (Choose two.)

A.
standardize resiliency

B.
minimize operational costs

C.
integrate endpoint posture

D.
ensure faster obsolescence

E.
reduce complexity

View Answer Full Access

Question # 29

Which two statements describe network automation and network orchestration? (Choose two.)

A.
Network automation does not provide governance or policy management.

B.
Network automation spans multiple network services, vendors, and environments.

C.
Network orchestration is done through programmatic REST APIs enabling automation across devices and
management platforms.

D.
Provisioning network services is an example of network automation.

E.
Network orchestration is used to run single, low-level tasks without human intervention

View Answer Full Access

Question # 30

Which solution component helps to achieve rapid migration to the cloud for SaaS and public cloud
leveraging SD-WAN capabilities?

A.
service-oriented cloud architecture

B.
Cloud onramp

C.
cloud registry

D.
microservices in the cloud

View Answer Full Access

Question # 31

A software-defined networking (SDN) controller teams network topology information by using BGP link-
state sessions with the route reflectors of an MPLS-enabled network. The controller then uses the
topology information to apply on-demand traffic policies to the network through a protocol that is
supported from all Layer 3 routers Each policy is represented as a RIB entry in the control plane of the
router Which SDN model has been implemented?

A.
SDN centralized

B.
SDN traffic engineering

C.
SD-WAN

D.
SDN hybrid

View Answer Full Access

Question # 32

The network designer needs to use GLOP IP addresses in order to make them unique within their ASN
Which multicast address range should be used?

A.
232.0.0.0 to 232 255.255.255

B.
H233.0.0 0 to 233.255.255 255

C.
239000 to 239255255.255

D.
224000 to 2240.0 255

View Answer Full Access

Question # 33
Refer to the exhibit.

This network is running OSPF as the routing protocol. The internal networks are being advertised in
OSPF London and Rome are using the direct link to reach each other although the transfer rates are
better via Barcelona Which OSPF design change allows OSPF to calculate the proper costs?

A.
Change the OSPF reference bandwidth to accommodate faster links.

B.
Filter the routes on the link between London and Rome

C.
Change the interface bandwidth on all the links.

D.
Implement OSPF summarisation to fix the issue

View Answer Full Access

Question # 34

Refer to the diagram.

Which solution must be used to send traffic from the foreign wireless LAN controller to the anchor
wireless LAN controller?

A.
Send packets from the foreign controller to the anchor controller via Layer 3 MPLS VPN or VRF-Lite

B.
Send packets without encapsulation to the anchor controller over the routed network.

C.
Encapsulate packets into an EoIP tunnel and send them to the anchor controller.

D.
Send packets from the foreign controller to the anchor controller via IPinIP or IPsec tunnel.

View Answer Full Access

Question # 35

Company XYZ needs advice in redesigning their legacy Layer 2 infrastructure. Which technology should
be included in the design to minimize or avoid convergence delays due to STP or FHRP and provide a
loop-free topology?

A.
Use switch clustering in the access layer.

B.
Use switch clustering in the core/distribution layer.

C.
Use spanning-tree PortFast.

D.
Use BFD.

View Answer Full Access

Question # 36

A small organization of 20 employees is looking to deliver a network design service for modernizing
customer networks to support advanced solutions.

Project scope and weekly progress should be visualized by the management.

Always consider feedback and make changes accordingly during the project.

Should consider flexibility to change scope at the point of time.

Which project methodology meets the requirements and have the least impact on the outcome?

A.
Scrum

B.
LEAN

C.
Kanban

D.
Six-Sigma

View Answer Full Access

Question # 37

Which solution component helps to achieve comprehensive threat protection and compliance for
migration to multicloud SDX architectures?

A.
system-oriented architecture

B.
OSASE architecture

C.
platform-oriented architecture

D.
SASE architecture

View Answer Full Access

Question # 38

As a network designer you need to support an enterprise with hundreds of remote sites connected over a
single WAN network that carries different types of traffic, including VoIP, video, and data applications
which of following design considerations will not impact design decision?

A.
Focus on the solution instead of the problem, which helps to reduce downtime duration

B.
The location of the data collection

C.
What direction the data or flows should be metered

D.
Identify traffic types and top talkers over this link

View Answer Full Access

Question # 39

The Agile Manifesto is a document that defines the key values and principles behind the Agile philosophy
and helps development teams work more efficiently and sustainably Each of the four key values is split
into two sections a left-hand side and a right-hand side In other words, though there is value in the items
on the right we value the items on the left more What is one of the key values of the Agile Manifesto?

A.
comprehensive documentation over working software

B.
contract negotiation over customer collaboration

C.
individuals and interactions over processes and tools

D.
following a plan over responding to change

View Answer Full Access

Question # 40

Which two pain points are the most common for container technology adoption? (Choose two)
A.
Performance

B.
Security

C.
Cost

D.
Container deployment

E.
Skilled staff

F.
Compliance

View Answer Full Access

Question # 41

Various teams in different organizations within an enterprise are preparing low-level design documents
to capture network parameters using a Waterfall project model:

• hardware sizing and power consumption

• Layer 2 and layer 3 services parameters

• configuration of all control plane protocols

Input from relevant stakeholders was captured at the start of the project, and the project scope has been
defined based on the parameters above. What impact will it have on documentation and project
deliverables if the stakeholders ask to have changes carried out in the network before the information has
been captured?

A.
This provides more opportunity to think outside the box.

B.
Rework is expected before the delivery.

C.
Significant effort and time are required.

D.
This provides a flexible approach to incorporate changes.

View Answer Full Access

Question # 42

A.
low bandwidth

B.
security

C scalability

C.
high latency

View Answer Full Access

Question # 43

The SD-WAN architecture is composed of separate orchestration management, control, and data planes
Which activity happens at the orchestration plane?

A.
automatic onboarding of the SD-WAN routers into the SD-WAN overlay

B.
decision-making process on where traffic flows

C.
packet forwarding

D.
central configuration and monitoring

View Answer Full Access

Question # 44

What is an architectural framework created by ETSI that defines standards to decouple network
functions from proprietary hardware-based appliances and have them run in software on standard x86
servers?
A.
NPIV

B.
NFVIS

C.
NFV

D.
VNF

View Answer Full Access

Question # 45

You were tasked to enhance the security of a network with these characteristics:

• A pool of servers is accessed by numerous data centers and remote sites

• The servers are accessed via a cluster of firewalls

• The firewalls are configured properly and are not dropping traffic

• The firewalls occasionally cause asymmetric routing of traffic within the server data center.

Which technology should you recommend to enhance security by limiting traffic that could originate from
a hacker compromising a workstation and redirecting flows at the servers?

A.
Poison certain subnets by adding static routes to Null0 on the core switches connected to the pool of
servers.

B.
Deploy uRPF strict mode.

C.
Limit sources of traffic that exit the server-facing interface of the firewall cluster with ACLs.

D.
Deploy uRPF loose mode

View Answer Full Access

Question # 46
Retef to the exhibit.

An engineer is designing a multiarea OSPF network for a client who also has a large EIGRP domain EIGRP
routes are getting redistributed into OSPF ,OSPF area 20 has routers with limited memory and CPU
resources The engineer wants to block routes from EIGRP 111 from propagating into area 20 and allow
EIGRP 222 routes to How in Which OSPF area type fulfills this design requirement?

A.
area 20 as a stub area

B.
type 5 LSA filtering on the ASBR between EIGRP 111 and area a

C.
area 20 as a NSSA area

D.
type 3 LSA filtering on the ABR between area 0 area 20

View Answer Full Access

Question # 47

Company XYZ is migrating their existing network to IPv6 and they must plan for Layer 2 and Layer 3
devices Some of the access layer switches do not support IPv6, however, core and distribution switches
fully support unicast and multicast routing. The company wants to minimize cost of the migration. Which
migration strategy should be used in the design?

A.
The access layer switches must support IGMP snooping at a minimum. Any switches that do not support
IGM snooping must be replaced.

B.
Upgrade the nonsupporting switches Otherwise, it will cause an issue with the migration.

C.
Layer 2 switches will not affect the implementation of IPv6. They can be included in the design in their
current state.

D.
The access layer switches must support DHCPv6. Any switches that do not support DHCPv6 must be
replaced.

View Answer Full Access

Question # 48

Which issue poses a challenge for security architects who want end-to-end visibility of their networks?

A.
too many overlapping controls

B.
too many disparate solutions and technology silos

C.
an overabundance of manual processes

D.
a network security skills shortage

View Answer Full Access

Question # 49

Which security architecture component offers streamlined security operations, ease of use, and visibility
across all network security elements, independent of location or form factor?

A.
threat-centric protection

B.
integrated actionable intelligence

C.
distributed enforcement

D.
central command and control

View Answer Full Access

Question # 50

Refer to the exhibit.

Traffic was equally balanced between Layer 3 links on core switches SW1 and SW2 before an
introduction of the new video server in the network. This video server uses multicast to send video
streams to hosts and now one of the links between core switches is over utilized Which design solution
solves this issue?

A.
Add more links between core switches.

B.
Aggregate links Layer 2 link aggregation.

C.
Apply a more granular load- balancing method on SW1.

D.
Apply a more granular load-balancing method on SW2.
E.
Filter IGMP joins on an over -utilized link.

View Answer Full Access

Question # 51

According to the CIA triad principles for network security design, which principle should be priority for a
Zero Trust network?

A.
requirement for data-in-motion encryption and 2FA authentication

B.
requirement for data-at-rest encryption foe user identification within the VPN termination hardware

C.
categorization of systems, data, and enterprise BYOD assets that are connected to network zones based
on individual privacy needs

D.
ensuring that authorized users have high-availability system access from defined zones to defined
systems or zones

View Answer Full Access

Question # 52

Refer to the exhibit.

Which impact of using three or more ABRs between the backbone area and area 1 is true?

A.
In a large-scale network LSA replication by all ABRs can cause serious scalability issues

B.
Multiple ABRs reduce the CPU processing on each A6R due to splitting prefix advertisement

C.
In a large-scale network multiple ABRs can create microloops.

D.
Prefixes from the non-backbone area are advertised by one ABR to the backbone

View Answer Full Access

Question # 53

How many fully established neighbour relationships exist on an Ethernet with five routers running OSPF
as network type broadcast?

A.
5

B.
6

C.
7

D.
10

E.
20

View Answer Full Access

Question # 54

Which purpose of a dynamically created tunnel interface on the design of IPv6 multicast services Is true?

A.
first-hop router registration to the RP

B.
multicast client registration to the RP

C.
multicast source registration to the RP

D.
transport of all IPv6 multicast traffic

View Answer Full Access

Question # 55

The Layer 3 control plane is the intelligence over the network that steers traffic toward its intended
destination. Which two techniques can be used in service provider-style networks to offer a more
dynamic, flexible, controlled, and secure control plane design? (Choose two.)

A.
access control lists

B.
firewalls

C.
QoS policy propagation with BGP

D.
remote black-holing trigger

E.
prefix lists

View Answer Full Access

Question # 56

An enterprise campus is adopting a network virtualization design solution with these requirements

It must include the ability to virtualize the data plane and control plane by using VLANs and VRFs
It must maintain end-to-end logical path transport separation across the network
resources available grouped at the access edge

Which two primary models can this network virtualization design be categorized? (Choose two)

A.
Path isolation

B.
Session isolation

C.
Group virtualization

D.
Services virtualization

E.
Edge isolation

View Answer Full Access

Question # 57

Which component of the SDN architecture automatically ensures that application traffic is routed
according to policies established by network administrators?

A.
packet forwarding engine

B.
northbound API

C.
southbound API

D.
SDN controller
 View Answer Full Access

Question # 58

Refer to the exhibit.

After a network audit a network engineer must optimize the current network convergence time The
proposed solution must consider link layer and control plane failures. Which solution meets the
requirements?

A.
Configure debounce timers

B.
Increase fast hello timers

C.
Implement BFD

D.
Enable LSP fast flood

View Answer Full Access

Question # 59

Organizations that embrace Zero Trust initiatives ranging from business policies to technology
infrastructure can reap business and security benefits. Which two domains should be covered under Zero
Trust initiatives? (Choose two)

A.
workload

B.
work domain

C.
workplace

D.
workgroup

E.
workspace

View Answer Full Access

Question # 60

What advantage of placing the IS-IS layer 2 flooding domain boundary at the core Layer in a three-layer
hierarchical network is true?

A.
The Layer 1 and Layer 2 domains can easily overlap

B.
It reduces the complexity of the Layer 1 domains

C.
It can be applied to any kind of topology

D.
The Layer 2 domain is contained and more stable

View Answer Full Access

Question # 61

Which two characteristics apply to firewall transparent mode operations in a firewall solution design?
(Choose two.)

A.
Changes in the existing IP addressing and subnets are required

B.
The firewall can participate actively on spanning tree.

C.
Multicast traffic can traverse the firewall.
D.
OSPF adjacencies can be established through the firewall

E.
The firewall acts like a router hop in the network.

View Answer Full Access

Question # 62

Which two statements about MLD snooping are true? (Choose two)

A.
When MLD snooping is enabled, QoS is automatically enabled.

B.
A VLAN can support multiple active MLD snooping queries, as long as each one is associated to a different

multicast group.

C.
AN MLD snooping querier election occurs when any MLD snooping querier goes down or if there is an IP

address change on the active querier.

D.
When multiple MLD snooping queriers are enabled in a VLAN, the querier with the lowest IP address in
the

VLAN is elected as the active MLD snooping querier.

View Answer Full Access

Question # 63

What are two primary design constraints when a robust infrastructure solution is created? (Choose two.)

A.
monitoring capabilities

B.
project time frame

C.
staff experience
D.
component availability

E.
total cost

View Answer Full Access

Question # 64

Enterprise XYZ wants to implement fast convergence on their network and optimize timers for OSPF
However they also want to prevent excess flooding of LSAs if there is a constantly flapping link on the
network Which timers can help prevent excess flooding of LSAs for OSPF?

A.
OSPF propagation timers

B.
OSPF throttling timers

C.
OSPF delay timers

D.
OSPF flooding timers

View Answer Full Access

Question # 65

You are designing the routing design for two merging companies that have overlapping IP address space.
Which of these must you consider when developing the routing and NAT design?

A.
Local to global NAT translation is done after routing

B.
Global to local NAT translation is done before routing.

C.
Local to global NAT translation is done before policy-based routing

D.
Global to local NAT translation is done after policy-based routing.
 View Answer Full Access

Question # 66

A European government passport agency considers upgrading its IT systems to increase performance and
workload flexibility in response to constantly changing requirements. The budget manager wants to
reduce capital expenses and IT staff and must adopt the lowest-cost technology. Which technology choice
is suitable?

A.
on premises

B.
private cloud

C.
public cloud

D.
hybrid cloud

View Answer Full Access

Question # 67

Refer to the table.

A customer investigates connectivity options for a DCI between two production data centers to aid a
large-scale migration project. The migration is estimated to take 20 months to complete but might extend
an additional 10 months if issues arise. All connectivity options meet the requirements to migrate
workloads. Which transport technology provides the best ROI based on cost and flexibility?

A.
CWDM over dark fiber

B.
MPLS

C.
DWDM over dark fiber

D.
Metro Ethernet

View Answer Full Access

Question # 68

Which two mechanisms avoid suboptimal routing in a network with dynamic mutual redistribution
between multiple OSPFv2 and EIGRP boundaries? (Choose two.)

A.
AD manipulation

B.
matching OSPF external routes

C.
route tagging

D.
route tagging

E.
route filtering

F.
matching EIGRP process ID

View Answer Full Access

Question # 69

A network architect must redesign a service provider edge, where multiservice and multitenant PEs are
currently present. Which design feature should be minimized in the new design to achieve reliability?

A.
bridging

B.
fate sharing

C.
redundancy

D.
unicast overlay routing

View Answer Full Access

Question # 70

Company XYZ has implemented policy-based routing in their network. Which potential problem must be
kept in mind about network reconvergence and PBR?

A.
It can limit network scalability

B.
It can create microloops during reconvergence

C.
It increases convergence time.

D.
It reduces convergence time.

View Answer Full Access

Question # 71

A network attacker exploits application flaws to compromise critical systems in the organization with
these objectives:

• Obtain sensitive data and export the data out of the network.

• Compromise developer and administrator credentials to potentially

What is the next step after application discovery is completed in Zero Trust networkings

A.
Establish visibility and behavior modeling
B.
Enforce policies and microsegmentation.

C.
Assess real-time security health.

D.
Ensure trustworthiness of systems.

View Answer Full Access

Question # 72

A business wants to refresh its legacy Frame Relay WAN. It currently has product specialists in each of its
200 branches but plans to reduce and consolidate resources. The goal is to have product specialists
available via video link when customers visit the nationwide branch offices. Which technology should be
used to meet this objective?

A.
DMVPN phase 1 network over the Internet

B.
Layer 3 MPLS VPN hub and spoke

C.
Layer2VPLS

D.
Layer 3 MPLS VPN full mesh

View Answer Full Access

Question # 73

Which effect of using ingress filtering to prevent spoofed addresses on a network design is true?

A.
It reduces the effectiveness of DDoS attacks when associated with DSCP remarking to Scavenger.

B.
It protects the network Infrastructure against spoofed DDoS attacks.

C.
It Classifies bogon traffic and remarks it with DSCP bulk.
D.
It filters RFC 1918 IP addresses.

View Answer Full Access

Question # 74

Which encoding format does cisco ios XE software support for NETCONF?

A.
It supports HTML encoding for NETCONF

B.
It supports YAML encoding for NETCONF

C.
It supports XML encoding for NETCONF

D.
It supports JSON encoding for NETCONF

View Answer Full Access

Question # 75

Which two conditions must be met for EIGRP to maintain an alternate loop-free path to a remote
network? (Choose two.)

A.
The Reported Distance from a successor is lower than the local Feasible Distance.

B.
The Reported Distance from a successor is higher than the local Feasible Distance.

C.
The feasibility condition does not need to be met.

D.
The Feasible Distance from a successor is lower than the local Reported Distance.

E.
A feasible successor must be present.
 View Answer Full Access

Question # 76

Your network operations team is deploying Access Control Lists (ACLs) across your Internet gateways
They wish to place an ACL inbound on the Internet gateway interface facing the core network (the
"trusted" interface). Which IP address would the ACL need for traffic sourced from the inside interface, to
match the source address of the traffic?

A.
inside global

B.
outside global

C.
inside local

D.
outside local

View Answer Full Access

Question # 77

A business wants to centralize services via VDI technology and to replace remote WAN desktop PCs with
thin client-type machines to reduce operating costs Which consideration supports the new business
requirement?

A.
VDI servers should be contained centrally within a DMZ

B.
The thin client traffic should be placed in a WAN QoS priority queue

C.
VDI servers should be contained within dedicated VLANs in each branch location

D.
The WAN should offer low latency and be resized

View Answer Full Access

Question # 78
Which function is performed at the access layer of the three-layer hierarchical network design model?

A.
fault isolation

B.
QoS classification and marking boundary

C.
reliability -

D.
fast transport

E.
redundancy and load balancing

View Answer Full Access

Question # 79

A banking customer determines that it is operating POS and POI terminals that are noncompliant with
PCI DSS requirements, as it is running TLSv1.0. The customer plans to migrate the terminals to TLSv1.2.
What are two requirements to complete the migration? (Choose two.)

A.
Ensure that strong cryptography is applied for users who have administrative access through networks

B.
Apply strong cryptography and security protocols to safeguard sensitive cardholder data.

C.
Apply strong encryption for transmission of cardholder data across public networks.

D.
Protect all user systems against malware and frequently update antivirus software

E.
Maintain a policy that addresses information security for employees and third parties.

View Answer Full Access

Question # 80
A customer migrates from a traditional Layer 2 data center network into a new SDN-based. spine-and-
leaf VXLAN EVPN data center within the same location. The networks are joined to enable host migration
at Layer 2 Which activity should be completed each time a legacy network is migrated?

A.
The migrated VLAN should be pruned from the Layer 2 interconnects.

B.
The migrated network should have a VXLAN VNID configured within the new network.

C.
The migrated network should be advertised to the EVPN network as a Type 2 network.

D.
The migrated network should be added to the EVPN BGP routing.

View Answer Full Access

Question # 81

What is a characteristic of a secure cloud architecture model?

A.
limited access to job function

B.
dedicated and restricted workstations

C.
multi-factor authentication

D.
software-defined network segmentation

View Answer Full Access

Question # 82

Network changes because of mergers, acquisitions, and divestment can be very disruptive to the network
if not carried out carefully. When an organization sells parts of its business, it must detach the affected
parts of the network from the rest of the network. Which network design approach is appropriate to
minimize the impact and risks as the divested parts of the network are detached?
A.
redundant design

B.
modular design

C.
less complex design

D.
routed access design

View Answer Full Access

Question # 83

You are designing a large-scale DMVPN network with more than 500 spokes using EIGRP as the IGP
protocol Which design option eliminates potential tunnel down events on the spoke routers due to the
holding time expiration?

A.
Increase the hold queue on the physical interface of the hub router.

B.
Increase the hold queue on the tunnel interface of the spoke routers

C.
Increase the hold queue on the tunnel interface of the hub router

D.
Apply QoS for pak_priority class

E.
Increase the hold queue on the physical interface of the spoke routers.

View Answer Full Access

Question # 84

An engineer must design a network for a company that uses OSPF LFA to reduce loops. Which type of
loop would be reduced by using this design?

A.
DTP
B.
micro loops

C.
STP

D.
REP

View Answer Full Access

Question # 85

Company XYZ is running SNMPv1 in their network and understands that it has some flaws. They want to
change the security design to implement SNMPv3 in the network Which network threat is SNMPv3
effective against?

A.
man-in-the-middle attack

B.
masquerade threats

C.
DDoS attack

D.
brute force dictionary attack

View Answer Full Access

Question # 86

A customer migrates from a traditional Layer 2 data center network into a new SDN-based spine-and-leaf
VXLAN EVPN data center within the same location The networks are joined to enable host migration at
Layer 2 What is the final migration step after hosts have physically migrated to have traffic flowing
through the new network without changing any host configuration?

A.
Shut down legacy Layer 3 SVIs. clear ARP caches on all hosts being migrated and then configure the
legacy VRRP address onto new VXLAN core switches

B.
Increase VRRP priorities on new infrastructure over legacy VRRP values, then shut down legacy SVIs
C.
Shut down legacy infrastructure to allow VXLAN gateways to become active

D.
Shut down legacy Layer 3 SVIs and activate new preconfigured Layer 3 SVIs on VXLAN

View Answer Full Access

Question # 87

Refer to the exhibit.

A customer runs OSPF with Area 5 between its aggregation router and an internal router When a
network change occurs in the backbone. Area 5 starts having connectivity issues due to the SPF algorithm
recalculating an abnormal number of times in Area 5 You are tasked to redesign this network to increase
resiliency on the customer network with the caveat that Router B does not support the stub area How
can you accomplish this task*?

A.
Increase the bandwidth on the connection between Router A and Router B

B.
Implement LSA filtering ontheAB, allowing summary routes and preventing more specific routes into
Area 5

C.
Create a virtual link to Area 0 from Router B to the ABR

D.
Turn on LSA throttling on all devices in Area 5

E.
Set Area 5 to stubby at the ABR anyway
 View Answer Full Access

Question # 88

Drag and drop the design use cases from the left onto the correct uRPF techniques used to prevent
spoofing attacks Not all options are used.

View Answer Full Access

Question # 89

Which action must be taken before new VoIP systems are implemented on a network to ensure that the
network is ready to handle the traffic?

A.
Evaluate bandwidth utilization and connection quality

B.
Enable special requirements such as direct DID lines on pickup

C.
Make recommendations to limit the size of the half-open session table on routers

D.
Check if anomaly detection is enabled for SIP and H.323 on Layer 3 devices

View Answer Full Access

Question # 90

Company XYZ must design a strategy to protect their routers from DoS attacks, such as traffic destined to
the router's own route processor, using separate control plane categories. Which two capabilities can be
used to achieve this requirement? (Choose two.)
A.
Control Plane Protection using queue thresholding on the transit subinterface

B.
Control Plane Protection using port filtering on the transit subinterface

C.
Control Plane Protection using port filtering on the main interface

D.
Control Plane Protection using queue thresholding on the host subinterface

E.
Control Plane Protection using port filtering on the host subinterface

View Answer Full Access

Question # 91

You are a network designer and you must ensure that the network you design is secure. How do you plan
to prevent infected devices on your network from sourcing random DDoS attacks using forged source
address?

A.
ACL based forwarding

B.
unicast RPF loose mode

C.
unicast RPF strict mode

D.
ACL filtering by destination

View Answer Full Access

Question # 92

Which undesired effect of increasing the jitter compensation buffer is true?

A.
The overall transport jitter decreases and quality improves.

B.
The overall transport jitter increases and quality issues can occur.

C.
The overall transport delay increases and quality issues can occur.

D.
The overall transport delay decreases and quality improves.

View Answer Full Access

Question # 93

Which two advantages of using DWDM over traditional optical networks are true? (Choose two.)

A.
inherent topology flexibility and service protection provided without penalty through intelligent
oversubscription of bandwidth reservation

B.
ability to expand bandwidth over existing optical Infrastructure

C.
inherent topology flexibility with built-in service protection

D.
inherent topology flexibility with intelligent chromatic dispersion

E.
inherent topology flexibility with a service protection provided through a direct integration with an upper
layer protocol

View Answer Full Access

Question # 94

Company XYZ has 30 sites using MPLS L3 VPN and the company is now concerned about data integrity.
The company wants to redesign the security aspect of their network based on these requirements:

• Securely transfer the corporate data over the private WAN

• Use a centralized configuration model.

• Minimize overhead on the tunneled traffic.

Which technology can be used in the new design to meet the company's requirements?

A.
S-VTI

B.
DMVPN

C.
MGRE

D.
GET VPN

View Answer Full Access

Question # 95

Company XYZ was not satisfied with the reconvergence time OSPF is taking. BFD was implemented to try
to reduce the reconvergence time, but the network is still experiencing delays when having to reconverge.
Which technology will improve the design?

A.
OSPF fast hellos

B.
BFD echo

C.
Change the protocol to BGP

D.
Change the OSPF hello and dead intervals

View Answer Full Access

Question # 96

Company XYZ plans to run OSPF on a DMVPN network. They want to use spoke-to-spoke tunnels in the
design What is a drawback or concern in this type of design?

A.
Additional host routes will be inserted into the routing tables
B.
Manual configuration of the spokes with the appropriate priority will be needed

C.
There will be split-horizon issue at the hub

D.
Manual configuration of the spoke IP address on the hub will be needed

View Answer Full Access

Question # 97

You are designing a network for a branch office. In order to improve convergence time, you are required
to use the BFD feature Which four routing protocols can you use to facilitate this? (Choose four.)

A.
IS-IS

B.
static

C.
RIP

D.
EIGRP

E.
BGP

View Answer Full Access

Question # 98

Your company wants to deploy a new data center infrastructure Based on the requirements you have
chosen VXLAN as encapsulation technology The customer is concerned about miss-configuration of Layer
2 devices and DC wide outages caused by Layer 2 loops What do you answer?

A.
VXLAN offers native loop avoidance mechanism

B.
Storm Control should be enabled on all ports
 C.
VPC+ could prevent L2 loop on access ports

D.
BPDU Guard should be enabled on all VTEP access ports

View Answer Full Access

Home All Vendors Unlimited Access Testimonials About us Contact us Copyright © 2014-2024
Exact2Pass. All Rights
Reserved