400-007 CCDE:Cisco Certified Design Expert
Update:2026年4月20日
Questions and Answers: 400 Q&A
1.
A service provider recently migrated to an SD-WAN solution for delivering WAN connections to its customers. One of the main challenges with the SD-WAN deployment is that branch site volume increases every year, which causes management complexity. Which action resolves the issue?
2.
The Company XYZ network requires OSPF dead neighbor detection in a subsecond manner. However, the company network does not support BFD. Which other feature can be used to fulfill the design requirement?
3.
Which two design options are available to dynamically discover the RP in an IPv6 multicast network? (Choose two)
4.
A customer runs OSPF with Area 5 between its aggregation router and an internal router. When a network change occurs in the backbone, Area 5 starts having connectivity issues due to the SPF algorithm recalculating an abnormal number of times in Area 5. You are tasked to redesign this network to increase resiliency on the customer network with the caveat that Router B does not support the stub area. How can you accomplish this task?
5.
Which impact of using three or more ABRs between the backbone area and area 1 is true?
6.
Which mechanism enables small, unmanaged switches to plug into ports of access switches without risking switch loops?
7.
Company XYZ has a new network based on IPv6. Some of the subnets that they are planning to use will be confidential and need an addressing scheme that confines them to the local campus network. Which type of IPv6 addresses can be used for these networks in the IPv6 addressing design?
8.
How can EIGRP topologies be designed to converge as fast as possible in the event of a point-topoint link failure?
9.
Which three items do you recommend for control plane hardening of an infrastructure device? (Choose three.)
10.
A healthcare provider discovers that protected health information of patients was altered without patient consent. The healthcare provider is subject to HIPAA compliance and is required to protect PHI data. Which type of security safeguard should be implemented to resolve this issue?
11.
Which main IoT migration aspect should be reviewed for a manufacturing plant?
12.
Your network operations team is deploying Access Control Lists (ACLs) across your Internet gateways. They wish to place an ACL inbound on the Internet gateway interface facing the core network (the "trusted" interface). Which IP address would the ACL need for traffic sourced from the inside interface, to match the source address of the traffic?
13.
Which type of interface are OpenFlow and OpFlex?
14.
Which two business areas support continuity during emergencies by understanding data flows and business processes? (Choose two)
15.
A Service Provider is designing a solution for a managed CE service to a number of local customers using a single CE platform and wants to have logical separation on the CE platform using Virtual Routing and Forwarding (VRF) based on IP address ranges or packet length. Which is the most scalable solution to provide this type of VRF Selection process on the CE edge device?
16.
Company XYZ, a global content provider, owns data centers on different continents. Their data center design involves a standard three-layer design with a Layer 3-only core. HSRP is used as the FHRP. They require VLAN extension across access switches in all data centers, and they plan to purchase a Layer 2 interconnection between two of their data centers in Europe. In the absence of other business or technical constraints, which termination point is optimal for the Layer 2 interconnection?
17.
As more links are added to a network, the control plane slows down due to more data to process. As redundancy increases, MTTR also increases. Which risk increases along with the higher MTTR?
18.
A network security team uses a purpose-built tool to actively monitor the campus network, applications, and user activity. The team also analyzes enterprise telemetry data from IPFIX data records that are received from devices in the campus network. Which action can be taken based on the augmented data?
19.
During evaluation of migrating current on-premises infrastructure to add cloud-based infrastructure, a network planning team must meet three core requirements:
- Technology must be adaptable over the next three years (CapEx investment).
- Network bandwidth requirements are dynamic.
- Operational expenses (OpEx) must be minimized.
Which cloud strategy meets these requirements?
20.
A legacy enterprise is using a Service Provider MPLS network to connect its head office and branches. They want to extend the existing IP CCTV network to a new branch without routing changes or IP address changes. What is the best approach?
21.
An engineer is designing the network for a multihomed customer running in AS 111. The AS does not have any other ASs connected to it . Which technology is more comprehensive to use in the design to make sure that the AS is not being used as a transit AS?
22.
There are multiple trees in the Cisco FabricPath. All switches in the Layer 2 fabric share the same view of each tree. Which two concepts describe how the multicast traffic is load-balanced across this topology? (Choose two.)
23.
IPFIX data collection via standalone IPFIX probes is an alternative to flow collection from routers and switches. Which use case is suitable for using IPFIX probes?
24.
A company is assessing their technology landscape before moving to the cloud. They observe that over 5000 servers have less than 50% capacity utilization. What cloud architecture model best supports optimizing resource utilization?
25.
Company XYZ must design a DMVPN tunnel between the three sites. Chicago is going to act as the NHS, and the company wants DMVPN to detect peer endpoint failures. Which technology should be used in the design?
26.
Company XYZ must isolate and encrypt production traffic to meet HIPAA compliance. The current WAN includes MPLS and P2P links. What is the fastest deployment option?
27.
Which two characteristics are associated with 802.1s? (Choose two)
28.
Network changes due to mergers, acquisitions, and divestitures can be highly disruptive if not carefully planned. When an organization sells part of its business, it must detach those parts of the network with minimal risk and downtime. Which network design approach is appropriate to minimize the impact and risks as the divested parts of the network are detached?
29.
Which two types of planning approaches are used to develop business-driven network designs and to facilitate the design decisions? (Choose two)
30.
A business wants to centralize services via VDI technology and to replace remote WAN desktop PCs with thin client-type machines to reduce operating costs. Which consideration supports the new business requirement?
31.
A customer investigates connectivity options for a DCI between two production data centers. The solution must provide dual 10G connections between locations with no single points of failure for Day 1 operations. It must also include an option to scale for up to 20 resilient connections in the second year to accommodate isolated SAN over IP and isolated, dedicated replication IP circuits. All connectivity methods are duplex 10 Gbps. Which transport technology costs the least over two years, in the scenario?
32.
To protect against future perimeter breaches, which two design options can help? (Choose two)
33.
In an OSPF network with routers connected together with Ethernet cabling, which topology typically takes the longest to converge?
34.
Which two design solutions ensure sub-50 msec of the convergence time after a link failure in the network? (Choose two)
35.
A business invests in SDN and develops its own SDN controller that, due to budget constraints, runs on a single controller. The controller actively places an exclusive lock on the configuration of the devices to ensure it is the only source of changes to the environment. What is the result if the controller fails?
36.
An enterprise that runs numerous proprietary applications has major issues with its on-premises server estate hardware, to the point where business-critical functions are compromised. The enterprise accelerates plans to migrate services to the cloud. Which cloud service should be used if the enterprise wants to avoid hardware issues yet have control of its applications and operating system?
37.
Drag and drop the end-to-end network virtualization elements from the left onto the correct network areas on the right
38.
As part of workspace digitization, a large enterprise has migrated all their users to Desktop as a Service (DaaS), by hosting the backend system in their on-premises data center. Some of the branches have started to experience disconnections to the DaaS at periodic intervals, however, local users in the data center and head office do not experience this behavior. Which technology can be used to mitigate this issue?
39.
You are designing the routing design for two merging companies that have overlapping IP address space. Which of these must you consider when developing the routing and NAT design?
40.
Company XYZ wants to detect and block known attacks by inspecting every forwarded packet with minimal performance impact. What is the recommended design?
41.
Which two data plane hardening techniques are true? (Choose two)
42.
A network security team observes phishing attacks on a user machine from a remote location. The organization has a policy of saving confidential data on two different systems using different types of authentication. What is the next step to control such events after the security team verifies all users in Zero Trust modeling?
43.
n the Scrum Agile framework, who acts as the interface between the business/customers and the team?
44.
You have been asked to design a remote access VPN solution to support up to 2000 devices. You must ensure that only corporate assets are allowed to connect to the VPN, and users must authenticate to gain access based on their user role. Users must use a password that they are already using to access existing applications. A user may not always use the same device to access the VPN. Which two options combined meet the requirements? (Choose two)
45.
Which two points must network designers consider when designing a new network design or when evaluating an existing network design to help them understand the high-level design direction with regards to the security aspects? (Choose two)
46.
Which extensions to GRE tunneling provide session tracking and in-order packet delivery in exchange for additional state stored in tunnel endpoints?
47.
An existing wireless network was designed to support data traffic only. You must now install context-aware services for location tracking. What changes must be applied to the existing wireless network to increase the location accuracy? (Choose two)
48.
Which mechanism provides Layer 2 fault isolation between data centers?
49.
What two elements are critical for security and compliance in hybrid cloud environments? (Choose two)
50.
After a network audit, a network engineer must optimize the current network convergence time. The proposed solution must consider link layer and control plane failures. Which solution meets the requirements?
51.
A small organization of 20 employees is looking to deliver a network design service for modernizing customer networks to support advanced solutions.
- Project scope and weekly progress should be visualized by the management.
- Always consider feedback and make changes accordingly during the project.
- Should consider flexibility to change scope at any point in time.
Which project methodology meets the requirements and has the least impact on the outcome?
52.
Which two technologies enable multilayer segmentation? (Choose two.)
53.
Company XYZ is designing their network using the three-layer hierarchical model. At which layer must the QoS design classify or mark the traffic?
54.
Over the years, many solutions have been developed to limit control plane state which reduces the scope or the speed of control plane information propagation. Which solution removes more specific information about a particular destination as topological distance is covered in the network?
55.
Drag and drop the multicast protocols from the left onto the current design situation on the right.
56.
A customer has a functional requirement that states HR systems within a data center should be segmented from other systems that reside in the same data center and same VLAN. The systems run legacy applications by using hard-coded IP addresses. Which segmentation method is suitable and scalable for the customer?
57.
A company plans to use BFD between its routers to detect a connectivity problem inside the switched network. An IPS is transparently installed between the switches. Which packets should the IPS forward for BFD to work under all circumstances?
58.
Which design principle improves network resiliency?
59.
A customer is migrating from a TDM-based Layer 2 VPN (L2VPN) to an MPLS Layer 3 VPN (L3VPN) in phases. The backbone OSPF connection between HUB A and HUB B will be replaced by eBGP. During the migration, some spokes (A2 and B1) are already moved to the L3VPN. The goal is to avoid routing loops during this hybrid transition. Which design choice helps prevent routing loops during the backbone link migration?
60.
Which solution component helps to achieve comprehensive threat protection and compliance for migration to multicloud SDX architectures?
61.
What are two design constraints in a standard spine and leaf architecture? (Choose two.)
62.
Which feature is supported by NETCONF but is not supported by SNMP?
63.
The major business applications of an enterprise are largely monolithic and hard-coded. As part of a major modernization and overhaul of the applications, the goal is to move to a modular and containerized application architecture model. At the same time, decoupling from the hardware is desired to move to an on-demand provisioning. However, the CyberOps team mandated that the final architecture must provide the same security levels as an air-gapped data center. Which cloud architecture meets these requirements?
64.
The CIA triad is foundational to information security, and one can be certain that one or more of the principles within the CIA triad has been violated when data is leaked or a system is attacked Drag and drop the countermeasures on the left to the appropriate principle section on the right in any order
65.
A network design includes a long signaling delay in notifying the Layer 3 control plane that an interface has failed. Which two of these actions would reduce that delay? (Choose two.)
