400-007 CCDE:Cisco Certified Design Expert

Which SDN architecture component is used by the application layer to communicate with the control plane layer to provide instructions about the resources required by applications?

The goal for any network designer is to strive to build a resilient network that adapts to changing conditions rapidly with minimal impact on the services running over the network. A resilient network can adapt to failures, but which soft failure can be harder to define and detect?

A product manufacturing organization is integrating cloud services into their IT solution. The IT team is working on the preparation phase of the mplementation approach, which includes the Define Strategy step. This step defines the scope of IT, the application, and the service. What is one topic that should be considered in the Define Strategy step?

A company is designing an internet-based remote access VPN for 1000 remote sites. The admin suggests GETVPN. What is a potential issue?

You are tasked to design a QoS policy for a service provider so they can include it in the design of their MPLS core network. If the design must support an MPLS network with six classes, and CEs will be managed by the service provider, which QoS policy should be recommended?

A customer runs OSPF with Area 5 between its aggregation router and an internal router. When a network change occurs in the backbone, Area 5 starts having connectivity issues due to the SPF algorithm recalculating an abnormal number of times in Area 5. You are tasked to redesign this network to increase resiliency on the customer network with the caveat that Router B does not support the stub area. How can you accomplish this task?

What two elements are critical for security and compliance in hybrid cloud environments? (Choose two)

IPFIX data collection via standalone IPFIX probes is an alternative to flow collection from routers and switches. Which use case is suitable for using IPFIX probes?

Two enterprise networks must be connected together. Both networks are using the same private IP addresses. The client requests from both sides should be translated using hide NAT (dynamic NAT) with the overload feature to save IP addresses from the NAT pools. Which design addresses this requirement using only one Cisco IOS NAT router for both directions?

Which network management framework can be used to develop a network architecture that contains business requirements analysis, gap analysis, and network diagrams as artifacts to be used for design and implementation later?

An engineer is designing the network for a multihomed customer running in AS 111. The AS does not have any other ASs connected to it . Which technology is more comprehensive to use in the design to make sure that the AS is not being used as a transit AS?

The line between security and compliance is easily blurred and is, to a large extent, a moving target Drag and drop each of the requirements on the left to the appropriate section on the righ

Which relationship between IBGP and the underlying physical topology is true?

A service provider hires you to design its new managed CE offering to meet these requirements:

Company XYZ is running OSPF in their network. They have merged with another company that is running EIGRP as the routing protocol. Company XYZ now needs the two domains to talk to each other with redundancy, while maintaining a loop-free environment. The solution must scale when new networks are added into the network in the near future. Which technology can be used to meet these requirements?

Company XYZ wants to use the FCAPS ISO standard for network management design, focusing on minimizing outages through detection, isolation, and corrective actions. Which layer accomplishes this design requirement?

A network architect must redesign a service provider edge, where multiservice and multitenant PEs are currently present. Which design feature should be minimized in the new design to achieve reliability?

An architect prepares a network design for a startup company. The design must meet business requirements while the business grows and divests due to rapidly changing markets. What is the highest priority in this design?

The enterprise customer wants to stream one-way video from their head office to eight branch offices using multicast. Their current service provider provides a Layer 3 VPN solution and manages the CE routers, but they do not currently support multicast. Which solution quickly allows this multicast traffic to go through while allowing for future scalability?

Which issue poses a challenge for security architects who want end-to-end visibility of their networks?

Customer XYZ network consists of an MPLS core, IS-IS running as IGP, a pair of BGP route reflectors for route propagation, and a few dozen MPLS-TE tunnels for specific tactical traffic engineering requirements. The customer's engineering department has some questions about the use of the Overload Bit in the IS-IS networks and how it could be used to improve their current network design. Which two concepts about the Overload Bit are true? (Choose two.)

What is a disadvantage of the traditional three-tier architecture model when east-west traffic between different pods must go through the distribution and core layers?

Which design consideration is valid when you contrast FabricPath and TRILL?

A company requires an RPO of less than 10 seconds to ensure business continuity. Which technology should be deployed?

The administrator of a small branch office wants to implement the Layer 2 network without running STP. The office has some redundant paths. Which mechanism can the administrator use to allow redundancy without creating Layer 2 loops?

Which option is a fate-sharing characteristic in regards to network design?

As technologies such as big data, cloud, and loT continue to grow, so will the demand for network bandwidth Business strategies must be flexible to accommodate these changes when it comes to priorities and direction and the network design strategy also must be agile and adaptable Drag and drop the benefits from the left onto the corresponding strategic approaches on the right as they relate to network design and management.

Which statement about hot-potato routing architecture design is true?

How must the queue sizes be designed to ensure that an application functions correctly?

Drag and drop the design use cases from the left onto the correct uRPF techniques used to prevent spoofing attacks Not all options are used.

An enterprise organization currently provides WAN connectivity to their branch sites using MPLS technology, and the enterprise network team is considering rolling out SD-WAN services for all sites. With regards to the deployment planning, drag and drop the actions from the left onto the corresponding steps on the right

Drag and drop the correct mitigation methods from the left onto the corresponding types of attack on the right

A European government passport agency considers upgrading its IT systems to increase performance and workload flexibility in response to constantly changing requirements. The budget manager wants to reduce capital expenses and IT staff and must adopt the lowest-cost technology. Which technology choice is suitable?

What advantage of placing the IS-IS Layer 2 flooding domain boundary at the core layer in a three-layer hierarchical network is true?

The Layer 3 control plane steers traffic toward destinations. Which two techniques offer a more dynamic, flexible, controlled, and secure control plane design in service provider networks? (Choose two.)

OSPF is running as the IGP to provide reachability to all AS100 networks. R3 and R4 are the current ABRs at the boundary of OSPF Area 0 and Area 1. Now BGP must be deployed within AS 100 because it will be receiving Internet routes from its eBGP peers (the service provider) connected to R1 and R2. What is an optimal solution for this deployment to configure BGP relationships and redistribute BGP learned routes into OSPF?

Your network operations team is deploying Access Control Lists (ACLs) across your Internet gateways. They wish to place an ACL inbound on the Internet gateway interface facing the core network (the "trusted" interface). Which IP address would the ACL need for traffic sourced from the inside interface, to match the source address of the traffic?

An enterprise solution team is analyzing multilayer architecture and multicontroller SDN solutions for multisite deployments. The analysis focuses on the ability to run tasks on any controller via a standardized interface. Which requirement addresses this ability on a multicontroller platform?

Which undesired effect of increasing the jitter compensation buffer is true?

What is a description of a control plane action?

Which aspect of BGP-LS makes it scalable in large networks when multiarea topology information must be gathered?

Which three elements help network designers to construct secure systems that protect information and resources (such as devices, communication, and data) from unauthorized access, modification, inspection, or destruction? (Choose three.)

For Company XYZ, Bangkok is using ECMP to reach the 172.20.2.0/24 network. The company wants a design that would allow them to forward traffic from 172.16.2.0/24 toward 172.20.2.0/24 via the Singapore router as the preferred route. The rest of the traffic should continue to use ECMP. Which technology fulfills this design requirement?

An engineer is designing the traffic flow for AS 111. Traffic from AS 111 should be preferred via AS 100 for all external routes. A method must be used that only affects AS 111. Which BGP attributes are best suited to control outbound traffic?

The Company XYZ network requires OSPF dead neighbor detection in a subsecond manner. However, the company network does not support BFD. Which other feature can be used to fulfill the design requirement?

Two routers R1 and R2 are directly connected through an Ethernet link. Both routers are running OSPF over the Ethernet link and OSPF has been registered with BFD. R1 has been set up to transmit BFD at a 50 ms interval, but R2 can receive only at a 100 ms rate due to platform limitations. What does this mean?

A customer investigates connectivity options for a DCI between two production data centers to aid a large-scale migration project. The migration is estimated to take 20 months to complete but might extend an additional 10 months if issues arise. All connectivity options meet the requirements to migrate workloads. Which transport technology provides the best ROI based on cost and flexibility?

With virtualization applied throughout the network, every physical link may carry one or more virtual links. What is a key drawback of this?

Which two characteristics are associated with 802.1s? (Choose two)

Which management category is not part of FCAPS framework?

What is an architectural framework created by ETSI that defines standards to decouple network functions from proprietary hardware-based appliances and have them run in software on standard x86 servers?

Which action must be taken before new VoIP systems are implemented on a network to ensure that the network is ready to handle the traffic?

Company XYZ runs OSPF in their network. A design engineer decides to implement hot-potato routing architecture. How can this implementation be achieved?

The network 10.10.0.0/16 has been redistributed to OSPF processes and the best path to the destination from R1 has been chosen as R1–R2–R3. A failure occurred on the link between R2 and R3 and the path was changed to R1–R4–R5–R3. What happens when the link between R2 and R3 is restored?

A customer has a functional requirement that states HR systems within a data center should be segmented from other systems that reside in the same data center and same VLAN. The systems run legacy applications by using hard-coded IP addresses. Which segmentation method is suitable and scalable for the customer?

Your company designed a network to allow server VLANs to span all access switches in a data center. In the design, Layer 3 VLAN interfaces and HSRP are configured on the aggregation switches. Which two features improve STP stability within the network design? (Choose two.)

Network changes due to mergers, acquisitions, and divestitures can be highly disruptive if not carefully planned. When an organization sells part of its business, it must detach those parts of the network with minimal risk and downtime. Which network design approach is appropriate to minimize the impact and risks as the divested parts of the network are detached?

Which two actions must be taken when assessing an existing wireless network implementation for its readiness to support voice traffic? (Choose two.)

In a redundant hub-and-spoke design with inter-spoke links, load oscillation and routing instability occur due to overload conditions. Which two design changes improve resiliency? (Choose two)

Which two features control multicast traffic in a VLAN environment? (Choose two)

SDWAN networks capitalize the usage of broadband Internet links over traditional MPLS links to offer more cost benefits to enterprise customers. However, due to the insecure nature of the public Internet, it is mandatory to use encryption of traffic between any two SDWAN edge devices installed behind NAT gateways. Which overlay method can provide optimal transport over unreliable underlay networks that are behind NAT gateways?

You want to add 900 VLANs to an existing 90 in a data center. What are two spanning tree concerns to consider?

Which architecture does not require an explicit multicast signaling protocol, such as PIM or P2MP, to signal the multicast state hop-by-hop, but instead uses a link state protocol to advertise the multicast forwarding state?

As part of workspace digitization, a large enterprise has migrated all their users to Desktop as a Service (DaaS), by hosting the backend system in their on-premises data center. Some of the branches have started to experience disconnections to the DaaS at periodic intervals, however, local users in the data center and head office do not experience this behavior. Which technology can be used to mitigate this issue?

A company named XYZ needs to apply security policies for end-user browsing by installing a secure web proxy appliance. All the web traffic must be inspected by the appliance, and the remaining traffic must be inspected by an NGFW that has been upgraded with intrusion prevention system functionality. In which two ways must the routing be performed? (Choose two)