Recommend!!

Get the Full 400-007 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/400-007-exam-dumps.html (0 New Questions)

Cisco
Exam Questions 400-007
Cisco Certified Design Expert (CCDE v3.0) Written Exam

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full 400-007 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/400-007-exam-dumps.html (0 New Questions)

NEW QUESTION 1
A multicast network is sing Bidirectional PIM. Which two combined actions achieve high availability
so that two RPs within the same network can act in a redundant manner? (Choose two)

A. Use two phantom RP addresses

B. Manipulate the administration distance of the unicast routes to the two RPs
C. Manipulate the multicast routing table by creating static mroutes to the two RPs
D. Advertise the two RP addresses in the routing protocol
E. Use anycast RP based on MSDP peering between the two RPs
F. Control routing to the two RPs through a longest match prefix

Answer: AF

NEW QUESTION 2
Which effect of using ingress filtering to prevent spoofed addresses on a network design is true?

A. It reduces the effectiveness of DDoS attacks when associated with DSCP remarking to Scavenger.
B. It protects the network Infrastructure against spoofed DDoS attacks.
C. It Classifies bogon traffic and remarks it with DSCP bulk.
D. It filters RFC 1918 IP addresses.

Answer: B

NEW QUESTION 3
Which BGP feature provides fast convergence?

A. BGP PIC |
B. BGP-EVPN
C. BGP FlowSpec
D. BGP-LS

Answer: A

NEW QUESTION 4
Which mechanism provides Layer 2 fault isolation between data centers?

A. fabric path
B. OTL
C. advanced VPLS
D. LISP
E. TRILL

Answer: D

NEW QUESTION 5
In an OSPF network with routers connected together with Ethernet cabling, which topology
typically takes the longest to converge?

A. partial mesh
B. full mesh
C. ring
D. squared
E. triangulated

Answer: B

NEW QUESTION 6
Company XYZ is designing the network for IPv6 security and they have these design
requirements:
- A switch or router must deny access to traffic from sources with addresses that are correct, but
are topologically incorrect
- Devices must block Neighbor Discovery Protocol resolution for destination addresses that are
not found in the binding table.
Which two IPv4 security features are recommended for this company? (Choose two)

A. IPv6 DHCP Guard

B. IPv6 Source Guard
C. IPv6 Destination Guard
D. IPv6 Prefix Guard
E. IPv6 RA Guard

Answer: CD

NEW QUESTION 7
Which two impacts of adding the IP event dampening feature to a network design are true?

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full 400-007 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/400-007-exam-dumps.html (0 New Questions)

(Choose two.)

A. It protects against routing loops.

B. It switches traffic immediately after a link failure.
C. lt speeds up link failure detection.
D. It reduces the utilization of system processing resources.
E. It improves overall network stability.

Answer: DE

NEW QUESTION 8
Company XYZ needs advice in redesigning their legacy Layer 2 infrastructure.
Which technology should be included in the design to minimize or avoid convergence delays due to STP or FHRP and provide a loop-free topology?

A. Use switch clustering in the access layer.

B. Use switch clustering in the core/distribution layer.
C. Use spanning-tree PortFast.
D. Use BFD.

Answer: B

NEW QUESTION 9
What is the most important operational driver in building a resilient and secure modular network design?

A. Dependencies on hardware or software that is difficult to scale

B. Minimize app downtime
C. Reduce the frequency of failures requiring human intervention
D. Increase time spent on developing new features

Answer: C

NEW QUESTION 10
An enterprise requires MPLS connected branches to access cloud-based Microsoft 365 services over an SD-WAN solution. Internet access Is available only at
dual regional hub sites that are connected to the MPLS network.
Which connectivity method provides an optimum access method to the cloud- based services If one ISP suffers loss or latency?

A. Cloud onRamp gateway site

B. Cloud onRamp SWG
C. Cloud onRamp
D. Cloud onRamp SaaS

Answer: D

NEW QUESTION 10
Refer to the exhibit.

An engineer is designing the network for a multihomed customer running in AS 111 does not have any other Ass connected to it.
Which technology is more comprehensive to use in the design to make sure that the AS is not being used as a transit AS?

A. Configure the AS-set attribute to allow only routes from AS 111 to be propagated to the neighborASs.
B. Use the local preference attribute to configure your AS as a non-transit'' AS.
C. include an AS path access list to send routes to the neighboring ASs that only have AS 111 in theAS path field.
D. Include a prefix list to only receive routes from neighboring ASs.

Answer: C

NEW QUESTION 15
Organizations that embrace Zero Trust initiatives ranging from business policies to technology infrastructure can reap business and security benefits.
Which two domains should be covered under Zero Trust initiatives? (Choose two)

A. workload
B. work domain
C. workplace
D. workgroup
E. workspace

Answer: AC

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full 400-007 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/400-007-exam-dumps.html (0 New Questions)

NEW QUESTION 19
An enterprise that runs numerous proprietary applications has major issues with its on-premises server estate hardware, to the point where business-critical
functions are compromised. The enterprise accelerates plans to migrate services to the cloud.
Which cloud service should be used if the enterprise wants to avoid hardware issues yet have control of its applications and operating system?

A. SaaS
B. PaaS
C. laaS
D. hybrid cloud

Answer: C

NEW QUESTION 24
Company XYZ wants to secure the data plane of their network.
Which two technologies can be included in the security design? (Choose two)

A. DAI
B. IP Source Guard
C. BEEP
D. CPPr
E. MPP

Answer: AB

NEW QUESTION 27
Company XYZ has a new network based on IPv6. Some of the subnets that they are planning to use will be confidential and need an addressing scheme that
confines them to the local campus network.
Which type of IPv6 addresses can be used for these networks in the IPv6 addressing design?

A. local addresses
B. private addresses
C. link-local addresses
D. unique local addresses

Answer: D

NEW QUESTION 30
Refer to the exhibit. Your company designed a network to allow server VLANs to span all access switches in a data center.
In the design, Layer 3 VLAN interfaces and HSRP are configured on the aggregation switches.
Which two features improve STP stability within the network design? (Choose two.)

A. BPDU guard on access ports

B. BPDU guard on the aggregation switch downlinks toward access switches
C. root guard on the aggregation switch downlinks toward access switches
D. root guard on access ports
E. edge port on access ports
F. access switch pairs explicitly determined to be root and backup root bridges

Answer: AE

NEW QUESTION 31
You have been tasked with designing a data center interconnect to provide business continuity.
You want to encrypt the traffic over the DCI using IEEE 802.1AE MACsec to prevent the deployment of any firewall or IPS.
Which two interconnect technologies support MACsec? (Choose two.)

A. EoMPLS
B. MPLS Layer 3 VPN
C. DMVPN
D. GET VPN

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full 400-007 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/400-007-exam-dumps.html (0 New Questions)

E. KVPLS

Answer: AE

NEW QUESTION 34
While reviewing an existing network design, you are discussing the characteristics of different STP versions.
Which protocol minimizes unicast flooding during a Topology Change Notification in a Layer 2 switched network with many VLANs?

A. PVRSTP
B. MST
C. STP
D. PVSTP+

Answer: A

NEW QUESTION 36
When designing a WAN that will be carrying real-time traffic, what are two important reasons to consider serialization delay? (Choose two )

A. Serialization delays are invariable because they depend only on the line rate of the interface
B. Serialization delays are variable because they depend on the line rate of the interface and on thetype of the packet being serialized.
C. Serialization delay is the time required to transmit the packet on the physical media.
D. Serialization delays are variable because they depend only on the size of the packet beingserialized
E. Serialization delay depends not only on the line rate of the interface but also on the size of thepacket

Answer: BD

NEW QUESTION 40
Which two foundational aspects of loT are still evolving and being worked on by the industry at large? (Choose two)

A. WiFi protocols
B. Regulatory domains
C. Low energy Bluetooth sensors
D. loT consortia
E. Standards

Answer: AC

NEW QUESTION 45
Your network operations team is deploying Access Control Lists (ACLs) across your Internet gateways.
They wish to place an ACL inbound on the Internet gateway interface facing the core network (the "trusted" interface).
Which IP address would the ACL need for traffic sourced from the inside interface, to match the source address of the traffic?

A. inside global
B. outside global
C. inside local
D. outside local

Answer: C

NEW QUESTION 46
You were tasked to enhance the security of a network with these characteristics:
- A pool of servers is accessed by numerous data centers and remote sites
- The servers are accessed via a cluster of firewalls
- The firewalls are configured properly and are not dropping traffic
- The firewalls occasionally cause asymmetric routing of traffic within the server data center.
Which technology should you recommend to enhance security by limiting traffic that could originate from a hacker compromising a workstation and redirecting
flows at the servers?

A. Poison certain subnets by adding static routes to Null0 on the core switches connected to thepool of servers.
B. Deploy uRPF strict mode.
C. Limit sources of traffic that exit the server-facing interface of the firewall cluster with ACLs.
D. Deploy uRPF loose mode

Answer: C

NEW QUESTION 49
A network architect must redesign a service provider edge, where multiservice and multitenant PEs are currently present.
Which design feature should be minimized in the new design to achieve reliability?

A. bridging
B. fate sharing
C. redundancy
D. unicast overlay routing

Answer: B

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full 400-007 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/400-007-exam-dumps.html (0 New Questions)

NEW QUESTION 53
You are designing a network running both IPv4 and IPv6 to deploy QoS.
Which consideration is correct about the QoS for IPv4 and IPv6?

A. IPv4 and IPv6 traffic types can use use queuing mechanisms such as LLQ, PQ and CQ.
B. IPv6 packet classification is only available with process switching, whereas IPv4 packetclassification is available with both process switching and CEF.
C. IPv6 and IB/4 traffic types can use a single QoS policy to match both protocols
D. Different congestion management mechanisms need to be used for IPv4 and IPv6 traffic types

Answer: C

NEW QUESTION 58
A company plans to use BFD between its routers to detect a connectivity problem inside the switched network.
An IPS is transparently installed between the switches.
Which packets shold the IPS forward for BFD to work under all circumstances?

A. Fragmented packet with the do-not-fragment bit set

B. IP packets with broadcast IP source addresses
C. IP packets with the multicast IP source address
D. IP packet with the multicast IP destination address
E. IP packets with identical source and destination IP addresses
F. IP packets with the destination IP address 0.0.0.0.

Answer: E

NEW QUESTION 61
A Tier-3 Service Provider is evolving into a Tier-2 Service Provider due to the amount of Enterprise business it is receiving.
The network engineers are re-evaluating their IP/MPLS design considerations in order to support duplicate/overlapping IP addressing from their Enterprise
customers within each Layer3 VPN.
Which concept would need to be reviewed to ensure stability in their network?

A. Assigning unique Route Distinguishers

B. Assigning unique Route Target ID'S
C. Assigning unique IP address space for the Enterprise NAT/Firewalls
D. Assigning unique VRF ID's to each L3VPN

Answer: A

NEW QUESTION 66
A Service Provider is designing a solution for a managed CE service to a number of local customers using a single CE platform and wants to have logical
separation on the CE platform using Virtual Routing and Forwarding (VRF) based on IP address ranges or packet length.
Which is the most scalable solution to provide this type of VRF Selection process on the CE edge device?

A. Static Routes for Route Leaking

B. Policy Based Routing
C. OSPF per VRF Instance
D. Multi-Protocol BGP

Answer: B

NEW QUESTION 70
What best describes the difference between Automation and Orchestration?

A. Automation refers to an automatic process for completing a single task and Orchestration refersto assembling and coordinating a set of tasks and conditions.
B. Automation describes a hands-off configuration process while Orchestration refers to sets ofautomation tasks that require the network administrator to
coordinate
C. Automation refers to an automatic process for completing multiple tasks with conditions andOrchestration refers to executing tasks in parallel.
D. Automation refers to scripting languages (Pytho
E. Ansible etc.) and Orchestration refers tocommercial products that control configuration deployment

Answer: A

NEW QUESTION 73
Which design benefit of PortF ast is true?

A. PortFast does not generate a spanning tree topology change hen a station on a port is connectedor disconnected
B. PortFast disables spanning tree on the port, which puts the port into the forwarding stateimmediately after it is connected
C. PortFast allows small, unmanaged switches to be plugged into ports of access switches withoutrisking switch loops
D. PortFast detects one-way communications on the physical port, which prevents switch loops
E. PortFast prevents switch loops that are caused by a unidirectional point to point link condition onRapid PVST+ and MST
F. PortFast prevents switched traffic from traversing suboptimal paths on the network

Answer: A

NEW QUESTION 78
You are a network designer and you must ensure that the network you design is secure.
How do you plan to prevent infected devices on your network from sourcing random DDoS attacks using forged source address?

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full 400-007 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/400-007-exam-dumps.html (0 New Questions)

A. ACL based forwarding

B. unicast RPF loose mode
C. unicast RPF strict mode
D. ACL filtering by destination

Answer: C

NEW QUESTION 80
Which protocol does an SD-Access wireless Access Point use for its fabric data plane?

A. GRE
B. MPLS
C. VXLAN
D. LISP
E. CAPWAP

Answer: C

NEW QUESTION 82
Refer to the exhibit. AJI links are P2P Layer 3. A high availability application is synchronizing data between host A and host B.

To increase chance of delivery the same data is sent twice from host A on two different NICs toward the two NICs on host B.
Which solution must be deployed in the network to ensure that any failure in the network does not trigger data loss on host B?

A. EIGRP with feasible successors

B. BFD
C. IP Fast Reroute
D. Static routes

Answer: C

NEW QUESTION 84
You want to split an Ethernet domain in two.
Which parameter must be unique in this design to keep the two domains separated?

A. VTP domain
B. VTP password
C. STP type
D. VLAN ID

Answer: D

NEW QUESTION 85
Drag and Drop Question
Drag and drop the FCAPS network management reference models from the left onto the correct definitions on the right.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full 400-007 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/400-007-exam-dumps.html (0 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 90
How many fully established neighbour relationships exist on an Ethernet with five routers running OSPF as network
type broadcast?

A. 5
B. 6
C. 7
D. 10
E. 20

Answer: C

NEW QUESTION 92
Two enterprise networks must be connected together. Both networks are using the same private IP addresses.
The client requests from both sides should be translated using hide NAT (dynamic NAT) with the overload feature to save IF addresses from the NAT pools.
Which design addresses this requirement using only one Cisco I OS NAT router for both directions?

A. This is not possible, because two Cisco IOS NAT routers are required to do dynamic NAT, withoverload in both directions.
B. The ip nat inside and ip nat outside commands must be configured at the interfaces with theoverload option in both directions.
C. The overload feature is the default and does not have to be configured.
D. Two different NAT pools must be used for the ip nat inside source and the ip nat outside sourcecommands for the overload feature in both directions.
E. The Nat Virtual interface must be used to achieve this requirement.

Answer: D

NEW QUESTION 95
Which two application requirements are mandatory tor traffic to receive proper treatment when placed in the priority queue? (Choose two.)

A. small transactions (HTTP-like behavior)

B. WRED drop treatment
C. tolerance to packet loss
D. intolerance to jitter
E. TCP-based application

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full 400-007 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/400-007-exam-dumps.html (0 New Questions)

Answer: AD

NEW QUESTION 100

Which two conditions must be met for EIGRP to maintain an alternate loop-free path to a remote network? (Choose two.)

A. The Reported Distance from a successor is lower than the local Feasible Distance.
B. The Reported Distance from a successor is higher than the local Feasible Distance.
C. The feasibility condition does not need to be met.
D. The Feasible Distance from a successor is lower than the local Reported Distance.
E. A feasible successor must be present.

Answer: AE

NEW QUESTION 105

Which two statements about MLD snooping are true? (Choose two)

A. When MLD snooping is enabled, QoS is automatically enabled.

B. A VLAN can support multiple active MLD snooping queries, as long as each one is associated toa different multicast group.
C. AN MLD snooping querier election occurs when any MLD snooping querier goes down or if thereis an IP address change on the active querier.
D. When multiple MLD snooping queriers are enabled in a VLAN, the querier with the lowest IPaddress in the VLAN is elected as the active MLD snooping querier.

Answer: CD

NEW QUESTION 107

What are two primary design constraints when a robust infrastructure solution is created? (Choose two.)

A. monitoring capabilities
B. project time frame
C. staff experience
D. component availability
E. total cost

Answer: BE

NEW QUESTION 111

An architect designs a multi-controller network architecture with these requirements:
- Achieve fast failover to control traffic when controllers fail.
- Yield a short distance and high resiliency in the connection between the switches and the controller.
- Reduce connectivity loss and enable smart recovery to improve the SDN survivability.
- Improve connectivity by adding path diversity and capacity awareness for controllers.
Which control plane component of the multi-controller must be built to meet the requirements?

A. control node reliability

B. controller stale consistency
C. control path reliability
D. controller clustering

Answer: B

NEW QUESTION 113

Which three tools are used for ongoing monitoring and maintenance of a voice and video environment? (Choose three.)

A. flow-based analysis to measure bandwidth mix of applications and their flows

B. call management analysis to identify network convergence-related failures
C. call management analysis to identify CAC failures and call quality issues
D. active monitoring via synthetic probes to measure loss, latency, and jitter
E. passive monitoring via synthetic probes to measure loss, latency, and jitter
F. flow-based analysis with PTP time-stamping to measure loss, latency, and jitter

Answer: ACD

NEW QUESTION 116

Company XYZ is running OSPF in their network. They have merged with another company that is running EIGRP as the routing protocol. Company XYZ now
needs the two domains to talk to each other with redundancy, while maintaining a loop free environment.
The solution must scale when new networks are added into the network in the near future.
Which technology can be used to meet these requirements?

A. multipoint route-redistribution with route filtering using ACLs

B. DUMP multipoint route-redistribution with route filtering using route tags
C. DUMPS single point route-redistribution with route filtering using route tags
D. DUMPS single point route-redistribution with route filtering using ACLs

Answer: B

NEW QUESTION 121

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full 400-007 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/400-007-exam-dumps.html (0 New Questions)

Which MPLS TE design consideration is true?

A. MPLS TE replaces LDP and the dependency of the IGP to identify the best path.
B. MPLS TE provides link and node protection
C. MPLS TE optimizes the routing of IP traffic, given the constraints imposed by backbone capacityand application requirements.
D. MPLS TE requires Layer 3 VPN full-mesh topology deployment

Answer: C

NEW QUESTION 122

......

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full 400-007 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/400-007-exam-dumps.html (0 New Questions)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

400-007 Practice Exam Features:

* 400-007 Questions and Answers Updated Frequently

* 400-007 Practice Questions Verified by Expert Senior Certified Staff

* 400-007 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* 400-007 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The 400-007 Practice Test Here

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Powered by TCPDF (www.tcpdf.org)