Cisco: Exam Questions 400-007

We recommend you to try the PREMIUM 400-007 Dumps From Exambible
https://www.exambible.com/400-007-exam/ (267 Q&As)
Cisco
Exam Questions 400-007
Cisco Certified Design Expert (CCDE v3.0) Written Exam
Your Partner of IT Exam visit - https://www.exambible.com

About Exambible
Your Partner of IT Exam
Found in 1998
Exambible is a company specialized on providing high quality IT exam practice study materials, especially Cisco CCNA, CCDA,
CCNP, CCIE, Checkpoint CCSE, CompTIA A+, Network+ certification practice exams and so on. We guarantee that the
candidates will not only pass any IT exam at the first attempt but also get profound understanding about the certificates they have
got. There are so many alike companies in this industry, however, Exambible has its unique advantages that other companies could
not achieve.
Our Advances
* 99.9% Uptime
All examinations will be up to date.
* 24/7 Quality Support
We will provide service round the clock.
* 100% Pass Rate
Our guarantee that you will pass the exam.
* Unique Gurantee
If you do not pass the exam at the first time, we will not only arrange FULL REFUND for you, but also provide you another
exam of your claim, ABSOLUTELY FREE!

NEW QUESTION 1
An enterprise that runs numerous proprietary applications has major issues with its on-premises server estate hardware, to the point where business-critical
functions are compromised. The enterprise accelerates plans to migrate services to the cloud. Which cloud service should be used if the enterprise wants to avoid
hardware issues yet have control of its applications and operating system?
A. SaaS
B. PaaS
C. laaS
D. hybrid cloud
Answer: C
NEW QUESTION 2
SDWAN networks capitalize the usage of broadband Internet links over traditional MPLS links to offer more cost benefits to enterprise customers. However, due to
the insecure nature of the public Internet, it is mandatory to use encryption of traffic between any two SDWAN edge devices installed behind NAT gateways. Which
overlay method can provide optimal transport over unreliable underlay networks that are behind NAT gateways?
A. TLS
B. DTLS
C. IPsec
D. GRE
Answer: C
NEW QUESTION 3
Which best practice ensures data security in the private cloud?
A. Use IPsec for communication between unsecured network connection

B. Encrypt data at rest and in transition.
C. Use the same vendor for consistent encryption.
D. Anonymize data ownership to comply with privacy rules.
Answer: B
NEW QUESTION 4
As part of workspace digitization, a large enterprise has migrated all their users to Desktop as a Sen/ice (DaaS), by hosting the backend system in their on-
premises data center. Some of the branches have started to experience disconnections to the DaaS at periodic intervals, however, local users in the data center
and head office do not experience this behavior. Which technology can be used to mitigate this issue?
A. tail drop
B. traffic shaping
C. WRED
D. traffic policing
Answer: B
Explanation:
Traffic Shaping does help with congestion and better bandwidth utilization over the WAN.
NEW QUESTION 5
An enterprise has identified these causes for inefficient CAPEX spending:
CAPEX planning is driven by technology and not by business objectives.
The CAPEX planning team lacks the data it needs to perform due diligence tasks.
The organizational structure lacks sufficient accountability and incentives.
Which corporate cultural change contributes to improving the effectiveness of CAPEX spending?
A. Build a financial control function that delivers high-quality reports on operational expenses for business insight and financial reporting.
B. CxO-level staff must have a full technical understanding but the should not trust their technical leaders fully.
C. Adopt new organizational models that promote real accountability for RO
D. not just revenu
E. EBITDA, and cash.
F. Marketing and product management divisions must reduce their CAPEX budgets significantly to drive the change.
Answer: C
NEW QUESTION 6
Which SDN architecture component is used by the application layer to communicate with the control plane layer to provide instructions about the resources
required by applications?
A. southbound APIs
B. northbound APIs
C. orchestration layer
D. SDN controller
Answer: B

NEW QUESTION 7
Company XYZ wants to improve the security design of their network to include protection from reconnaissance and DoS attacks on their sub interfaces destined
toward next hop routers. Which technology can be used to prevent these types of attacks?
A. MPP
B. CPPr
C. CoPP
D. DPP
Answer: B
Explanation:
https://learningnetwork.cisco.com/s/question/0D53i00000KsuyvCAB/copp-vs-cppr
NEW QUESTION 8
Refer to the table.
A customer investigates connectivity options for a DCI between two production data centers to aid a
large-scale migration project. The solution must provide a single 10G connection between locations and be able to run its own varying QoS profiles without service
provider interaction based on the migration stages. All connectivity methods are at 10 Gbps. Which transport technology costs the least if the connectivity is
required for just one year?
A. MPLS wires only

B. CWDM over dark fiber
C. DWDM over dark fiber
D. Metro Ethernet
Answer: A
NEW QUESTION 9
Which solution component helps to achieve rapid migration to the cloud for SaaS and public cloud leveraging SD-WAN capabilities?
A. service-oriented cloud architecture

B. Cloud onramp
C. cloud registry
D. microservices in the cloud
Answer: B
NEW QUESTION 10
What statement describes the application layer as defined in the software-defined networking architecture?
A. This layer is responsible for collecting the network status such as network usage and topology.
B. This layer contains programs that communicate their desired network behavior to controllers.
C. This layer is responsible for handling packets based on the rules provided by the controller.
D. This layer processes the instructions and requirements sent by networking components.
Answer: B
NEW QUESTION 10
You were tasked to enhance the security of a network with these characteristics:
• A pool of servers is accessed by numerous data centers and remote sites
• The servers are accessed via a cluster of firewalls
• The firewalls are configured properly and are not dropping traffic
• The firewalls occasionally cause asymmetric routing of traffic within the server data center.
Which technology should you recommend to enhance security by limiting traffic that could originate from a hacker compromising a workstation and redirecting
flows at the servers?
A. Poison certain subnets by adding static routes to Null0 on the core switches connected to the pool of servers.
B. Deploy uRPF strict mode.
C. Limit sources of traffic that exit the server-facing interface of the firewall cluster with ACLs.
D. Deploy uRPF loose mode
Answer: C
NEW QUESTION 11
Which two pain points are the most common for container technology adoption? (Choose two)

A. Performance
B. Security
C. Cost
D. Container deployment
E. Skilled staff
F. Compliance
Answer: DE
NEW QUESTION 13
Which purpose of a dynamically created tunnel interface on the design of IPv6 multicast services Is true?
A. first-hop router registration to the RP

B. multicast client registration to the RP
C. multicast source registration to the RP
D. transport of all IPv6 multicast traffic
Answer: D
NEW QUESTION 14
Refer to the exhibit.
An engineer is designing the network for a multihomed customer running in AS 111 does not have any other Ass connected to it. Which technology is more
comprehensive to use in the design to make sure that the AS is not being used as a transit AS?
A. Configure the AS-set attribute to allow only routes from AS 111 to be propagated to the neighbor ASs.
B. Use the local preference attribute to configure your AS as a non-transit'' AS.
C. include an AS path access list to send routes to the neighboring ASs that only have AS 111 in the AS path field.
D. Include a prefix list to only receive routes from neighboring ASs.
Answer: C
NEW QUESTION 16
Which two actions must be taken when assessing an existing wireless network implementation for its readiness to support voice traffic? (Choose two.)
A. Check for high roaming delay.

B. Check for uniform radio coverage across the floors.
C. Check for high channel utilization.
D. Check for latency over wireless.
E. Identify frequent TX power changes.
Answer: AC
Explanation:
https://community.cisco.com/t5/wireless/channel-utilization/td-p/2716667
NEW QUESTION 20
What are two design constraints in a standard spine and leaf architecture? (Choose two.)
A. Spine switches can connect to each other.

B. Each spine switch must connect to every leaf switch.
C. Leaf switches must connect to each other.
D. Endpoints connect only to the spine switches.
E. Each leaf switch must connect to every spine switch.
Answer: BE
NEW QUESTION 22
How can EIGRP topologies be designed to converge as fast as possible in the event of a point-to-point link failure?
A. Limit the query domain by use of distribute lists.

B. Build neighbor adjacencies in a triangulated fashion.

C. Build neighbor adjacencies in squared fashion.
D. Limit the query domain by use of summarization.
E. Limit the query domain by use of default routes.
Answer: D
NEW QUESTION 24
The enterprise customer wants to stream one-way video from their head office to eight branch offices using multicast. Their current service provider provides a
Layer3 VPN solution and manages the CE routers, but they do not currently support multicast. Which solution quickly allows this multicast traffic to go through
while allowing for future scalability?
A. Enable a GRE tunnel between nodes CE1 and CE2

B. Enable a GRE tunnel between nodes C2 and C4
C. Enable a GRE tunnel between nodes C1 and C4
D. Implement hub and spoke MPLS VPN over DMVPN (also known as 2547o DMVPN) between CE1 and CE2
E. The service provider must provide a Draft Rosen solution to enable a GRE tunnel between nodes PE1 and PE2
Answer: B
NEW QUESTION 26
Company XYZ has a new network based on IPv6. Some of the subnets that they are planning to use will be confidential and need an addressing scheme that
confines them to the local campus network. Which type of IPv6 addresses can be used for these networks in the IPv6 addressing design?
A. local addresses
B. private addresses
C. link-local addresses
D. unique local addresses
Answer: D
NEW QUESTION 29
What is a disadvantage of the traditional three-tier architecture model when east west traffic between different pods must go through the distribution and core
layers?
A. low bandwidth
B. securityC scalability
C. high latency
Answer: A
NEW QUESTION 31
Which extensions to GRE tunneling provide session tracking and in-order packet delivery in exchange for additional state stored in tunnel endpoints?
A. GRE Protocol Type and Checksum extension fields.

B. GRE Version and Reserved0 extension fields.
C. No extension fields are available in the GRE header to track session data and packet sequences.
D. GRE Key and Sequence number extensions.
Answer: D
NEW QUESTION 33
Drag and drop the multicast protocols from the left onto the current design situation on the right.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
A picture containing table Description automatically generated
IPv4:
Host Registration - IGMP
Router Registration - PIM-DM, PIM-SM, SSM, BIDIR Inter-Domain Source Discovery - MSDP
IPv6:
Host Registration - MLD
Router Registration - PIM-SM, SSM, BIDIR
NEW QUESTION 35
An engineer is designing the QoS strategy for Company XYZ. Based on initial analysis, a lot of scavenger type of traffic is traversing the network's 20Mb Internet
link toward the service provider. The new design must use a QoS technique that limits scavenger traffic to 2 Mbps, which helps avoid oversubscription of the link
during times of congestion. Which QoS technique can be used to facilitate this requirement?
A. class-based traffic policing

B. LLQ
C. CBWFQ
D. class-based traffic shaping
Answer: C
NEW QUESTION 40
Sometimes SDN leverages various overlay networking technologies to create layer(s) of network abstraction. What describes an overlay network?
A. It transmits packets that traverse over network devices like switches and routers
B. It encapsulates packets at source and destination, which incurs additional overhead
C. Packet delivery and reliability occurs at Layer 3 and Layer 4
D. It is responsible for the delivery of packets; NAT- or VRF-based segregation is required
Answer: B
NEW QUESTION 41
In the case of outsourced IT services, the RTO is defined within the SLA. Which two support terms are often included in the SLA by IT and other service providers?
(Choose two.)
A. network size and cost

B. support availability
C. network sustainability
D. network reliability
E. resolution time
Answer: BE
NEW QUESTION 43
Which three elements help network designers to construct secure systems that protect information and resources (such as devices, communication, and data)
from unauthorized access, modification, inspection, or destruction? (Choose three.)
A. confidential
B. serviceability
C. reliability
D. availability
E. integrity
F. scalability
Answer: ADE

NEW QUESTION 48
An architect receives a business requirement from a CTO that states the RTO and RPO for a new system should be as close as possible to zero. Which replication
method and data center technology should be used?
A. asynchronous replication over dual data centers via DWDM

B. synchronous replication over geographically dispersed dual data centers via MPLS
C. synchronous replication over dual data centers via Metro Ethernet
D. asynchronous replication over geographically dispersed dual data centers via CWDM
Answer: B
Explanation:
RTO and RPO are measures of how quickly and accurately a system can be recovered after a disaster or failure. RTO refers to the amount of time it takes to
restore a system to its normal operation after a failure, while RPO refers to the amount of data that can be lost as a result of a failure. In synchronous replication,
data is written to both the primary and secondary systems at the same time. This ensures that the data on the secondary system is always up-to-date and ready
for use in the event of a disaster or failure. Geographically dispersed dual data centers refer to two data centers that are located in different geographical locations,
which can help to reduce the risk of a disaster or failure impacting both data centers at the same time.
NEW QUESTION 50
Which design principal improves network resiliency?
A. Added load-balancing
B. Added redundancy
C. Added confidentiality
D. Added reliability
Answer: B
NEW QUESTION 51
The controller has a global view of the network, and it can easily ensure that the network is in a consistent and optimal configuration. Which two statements
describe a centralized SDN control path? (Choose two.)
A. Scaling of the centralized controller cluster is challenging for services like DHCP and load-balancing.
B. It is highly-available by design with no single-point-of-failure risks present.
C. Integrating smart NIC capabilities on the local host level is made easier through rest APIs.
D. It significantly improves the latency when performing reactive handling of PACKET_IN events.
E. It centralized controller can support all southbound APIs, which allows for easy integration with legacy equipment.
Answer: AE
NEW QUESTION 52
A small organization of 20 employees is looking to deliver a network design service for modernizing customer networks to support advanced solutions.
Project scope and weekly progress should be visualized by the management.
Always consider feedback and make changes accordingly during the project.
Should consider flexibility to change scope at the point of time.
Which project methodology meets the requirements and have the least impact on the outcome?
A. Scrum
B. LEAN
C. Kanban
D. Six-Sigma
Answer: A
Explanation:
https://firebrand.training/uk/blog/scrum-vs-six-sigma-which-one-is-right-for-you
NEW QUESTION 54
Company ABC uses IPv4-only. Recently they started deploying new endpoint devices. For operational reasons, IPv6 cannot be disabled on these new endpoint
devices. Which security measure prevents the new endpoint from learning an IPv6 prefix from an attacker?
A. Source Guard and Prefix Guard

B. Router Advertisement Guard
C. Prefix Guard
D. Secure Neighbor Discovery
Answer: B
NEW QUESTION 59
Which tool automates network implementation activities and shortens the implementation lifecycle?
A. LISP
B. Java
C. Conclusion
D. Python

Answer: D
NEW QUESTION 64
You have been tasked with designing a data center interconnect to provide business continuity You want to encrypt the traffic over the DCI using IEEE 802 1AE
MACsec to prevent the deployment of any firewall or IPS. Which two interconnect technologies support MACsec? (Choose two.)
A. EoMPLS
B. MPLS Layer 3 VPN
C. DMVPN
D. GET VPN
E. KVPLS
Answer: AE
NEW QUESTION 67
An international media provider is an early adopter of Docker and micro services and is using an open-source homegrown container orchestration system. A few
years ago, they migrated from on-premises data centers to the cloud Now they are faced with challenges related to management of the deployed services with
their current homegrown orchestration system.
Which platform is well-suited as a state-aware orchestration system?
A. Puppet
B. Kubemetes
C. Ansible
D. Terraform
Answer: B
NEW QUESTION 70
Which two data plane hardening techniques are true? (Choose two)
A. warning banners
B. redundant AAA servers
C. Control Plane Policing
D. SNMPv3
E. infrastructure ACLs
F. disable unused services
G. routing protocol authentication
Answer: EF
NEW QUESTION 74
Company XYZ is planning to deploy primary and secondary (disaster recovery) data center sites. Each of these sites will have redundant SAN fabrics and data
protection is expected between the data center sites. The sites are 100 miles (160 km) apart and target RPO/RTO are 3 hrs and 24 hrs, respectively. Which two
considerations must Company XYZ bear in mind when deploying replication in their scenario? (Choose two.)
A. Target RPO/RTO requirements cannot be met due to the one-way delay introduced by the distance between sites.
B. VSANs must be routed between sites to isolate fault domains and increase overall availability.
C. Synchronous data replication must be used to meet the business requirements
D. Asynchronous data replication should be used in this scenario to avoid performance impact in the primary site.
E. VSANs must be extended from the primary to the secondary site to improve performance and availability.
Answer: CD
Explanation:
synchronous data replication must be used to meet the business requirements, is incorrect. As described above, asynchronous replication would be a better
choice in this scenario due to the distance between the data center sites and the target RPO/RTO requirements.
asynchronous data replication should be used in this scenario to avoid performance impact in the primary site, is correct. Asynchronous replication would allow
Company XYZ to meet the target RPO/RTO requirements while avoiding the performance impact of synchronous replication.
NEW QUESTION 75
Which two possible drawbacks should you consider when introducing Network Functions Virtualization in a network design? (Choose two)
A. Bandwidth utilization increases

B. Traffic flows are suboptimal
C. High-end routers are required to support NFV
D. OpenFlow must be supported in the network
E. An SDN orchestration layer is required to support NFV
Answer: CE
NEW QUESTION 76
Refer to the diagram.

Which solution must be used to send traffic from the foreign wireless LAN controller to the anchor wireless LAN controller?
A. Send packets from the foreign controller to the anchor controller via Layer 3 MPLS VPN or VRF-Lite
B. Send packets without encapsulation to the anchor controller over the routed network.
C. Encapsulate packets into an EoIP tunnel and send them to the anchor controller.
D. Send packets from the foreign controller to the anchor controller via IPinIP or IPsec tunnel.
Answer: C
NEW QUESTION 80
A Tier-3 Service Provider is evolving into a Tier-2 Service Provider due to the amount of Enterprise business it is receiving The network engineers are re-
evaluating their IP/MPLS design considerations in order to support duplicate/overlapping IP addressing from their Enterprise customers within each Layer3 VPN.
Which concept would need to be reviewed to ensure stability in their network?
A. Assigning unique Route Distinguishers

B. Assigning unique Route Target ID'S
C. Assigning unique IP address space for the Enterprise NAT/Firewalls
D. Assigning unique VRF ID's to each L3VPN
Answer: A
NEW QUESTION 81
Which two statements explain the operation of BFD asynchronous mode? (Choose two )
A. BFD asynchronous mode with echo packets combines the control packets and echo packets into a single packet.
B. BFD asynchronous mode without echo packets uses control packets, and BFD asynchronous mode with echo packets does not.
C. BFD asynchronous mode with and without echo packets use control packets.
D. BFD asynchronous without echo packets has control packets sent back to the originating router, which echoes the control packet to detect failures.
E. BFD asynchronous mode with echo packets uses separate control packets and echo packets.
Answer: CE
NEW QUESTION 85
Which two technologies enable multilayer segmentation? (Choose two.)
A. policy-based routing
B. segment routing
C. data plane markings
D. firewalls
E. filter lists
Answer: AD
NEW QUESTION 90
An enterprise plans to evolve from a traditional WAN network to a software-defined WAN network. The existing devices have limited capability when it comes to
virtualization. As the migration is carried out, enterprise applications and services must not experience any traffic impact. Which implementation plan can be used
to accommodate this during the migration phase?
A. Deploy controllers, deploy SD-WAN edge router

B. In the data center, and migrate branch sites.
C. Migrate data center WAN routers, migrate branch sites, and deploy SD-WAN edge routers.
D. Migrate branch sites, migrate data center WAN routers, and deploy controllers.
E. Deploy SD-WAN edge routers in the data center, deploy controllers, and migrate branch sites
Answer: A
NEW QUESTION 93
The network team in XYZ Corp wants to modernize their infrastructure and is evaluating an implementation and migration plan to allow integration MPLS-based,

Layer 2 Ethernet services managed by a service provider to connect branches and remote offices. To decrease OpEx and improve
response times when network components fail, XYZ Corp decided to acquire and deploy new routers. The network currently is operated over E1 leased lines (2
Mbps) with a managed CE service provided by the telco.
Drag and drop the implementation steps from the left onto the corresponding targets on the right in the correct order.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Table Description automatically generated
NEW QUESTION 98
While designing a switched topology, in which two options is UplinkFast recommended? (Choose two )
A. when switches of different spanning-tree types are connected (for exampl

B. 802.1d connecting to 802.1w)
C. on distribution layer switches
D. when hello timers are changed to more aggressive values
E. on access layer switches
F. on the core switches
Answer: AD
NEW QUESTION 101

An external edge router provides connectivity from a service provider to an enterprise Which two Internet edge best practices meet compliance regulations'?
(Choose two )
A. Implement filtenng to control traffic that is sourced from the infrastructure IP space.
B. Enable and use only secure protocols.
C. Send logs to a centralized logging collection server.
D. Implement EBGP to advertise all owned IP blocks.
E. Use login banners and interface access lists to restrict administrative access to the system
Answer: BE
NEW QUESTION 104

Company XYZ uses an office model where the employees can use any open desk and plug their laptops in. They want to authenticate the end users using their
domain username and password before allowing them access to the network. The design must also accommodate the ability of controlling traffic within the same
group or subnet if a macro (or micro) segmentation-based model is adopted in the future. Which protocol can be recommended for this design to authenticate end
users?
A. LDAP
B. EAP
C. TACACS+
D. RADIUS
Answer: D
Explanation:
https://www.networkstraining.com/what-is-cisco-ise/
NEW QUESTION 107

As a network designer you need to support an enterprise with hundreds of remote sites connected over a single WAN network that carries different types of traffic,
including VoIP, video, and data applications which of following design considerations will not impact design decision?

A. Focus on the solution instead of the problem, which helps to reduce downtime duration
B. The location of the data collection
C. What direction the data or flows should be metered
D. Identify traffic types and top talkers over this link
Answer: A
NEW QUESTION 111

The network designer needs to use GLOP IP addresses in order to make them unique within their ASN Which multicast address range should be used?
A. 232.0.0.0 to 232 255.255.255

B. H233.0.0 0 to 233.255.255 255
C. 239000 to 239255255.255
D. 224000 to 2240.0 255
Answer: B
NEW QUESTION 115

Drag and drop the end-to-end network virtualization elements from the left onto the correct network areas on the right.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Graphical user interface Description automatically generated with medium confidence
NEW QUESTION 119

A customer has a functional requirement that states HR systems within a data center should be segmented from other systems that reside in the same data center
and same VLAN. The systems run legacy applications by using hard-coded IP addresses. Which segmentation method is suitable and scalable for the customer?
A. data center perimeter firewalling

B. VACLs on data center switches
C. transparent firewalling
D. routed firewalls
Answer: B
NEW QUESTION 123

A network architect must redesign a service provider edge, where multiservice and multitenant PEs are currently present. Which design feature should be
minimized in the new design to achieve reliability?
A. bridging
B. fate sharing
C. redundancy
D. unicast overlay routing
Answer: B
NEW QUESTION 127

Company XYZ is running OSPF in their network. They have merged with another company that is running EIGRP as the routing protocol. Company XYZ now
needs the two domains to talk to each other with redundancy, while maintaining a loop free environment. The solution must scale when new networks are added

into the network in the near future. Which technology can be used to meet these requirements?
A. multipoint route-redistribution with route filtering using ACLs

B. DUMP multipoint route-redistribution with route filtering using route tags
C. DUMPS single point route-redistribution with route filtering using route tags
D. DUMPS single point route-redistribution with route filtering using ACLs
Answer: B
NEW QUESTION 128

Which two benefits can software defined networks provide to businesses? (Choose two.)
A. provides additional redundancy

B. decentralized management
C. reduced latency
D. enables innovation
E. reduction of OpEx/CapEx
F. meets high traffic demands
Answer: DE
NEW QUESTION 132

Which two application requirements are mandatory tor traffic to receive proper treatment when placed in the priority queue? (Choose two.)
A. small transactions (HTTP-like behavior)

B. WRED drop treatment
C. tolerance to packet loss
D. intolerance to jitter
E. TCP-based application
Answer: AD
NEW QUESTION 135

Which design solution reduces the amount of IGMP state in the network?
A. IGMP filtering
B. IGMPv3 with PIM-SSM
C. multiple multicast domains
D. one multicast group address thorough network regardless of IGMP version
Answer: A
NEW QUESTION 140

A senior network designer suggests that you should improve network convergence times by reducing BGP timers between your CE router and the PE router of the
service provider. Which two factors should you consider to adjust the timer values? (Choose two.)
A. service provider agreement to support tuned timers

B. manual updates to the peer groups
C. service provider scheduling of changes to the PE
D. number of routes on the CE router
E. number of VRFs on the PE router
Answer: AD
NEW QUESTION 144

Company XYZ is designing their network using the three-layer hierarchical model. At which layer must the QoS design classify or mark the traffic?
A. access
B. core
C. collapsed core
D. distribution
Answer: A
NEW QUESTION 147

You are using iSCSI to transfer files between a 10 Gigabit Ethernet storage system and a 1 Gigabit Ethernet server The performance is only approximately 700
Mbps and output drops are occurring on the server switch port. Which action will improve performance in a cost-effective manner?
A. Change the protocol to CIFS.

B. Increase the queue to at least 1 GB
C. Use a WRED random drop policy
D. Enable the TCP Nagle algorithm on the receiver
Answer: A
NEW QUESTION 148

What are two key design principles when using a hierarchical core-distribution-access network model? (Choose two )
A. A hierarchical network design model aids fault isolation

B. The core layer is designed first, followed by the distribution layer and then the access layer
C. The core layer provides server access in a small campus.
D. A hierarchical network design facilitates changes
E. The core layer controls access to resources for security
Answer: AD
NEW QUESTION 149

You are designing a large-scale DMVPN network with more than 500 spokes using EIGRP as the IGP protocol Which design option eliminates potential tunnel
down events on the spoke routers due to the holding time expiration?
A. Increase the hold queue on the physical interface of the hub router.
B. Increase the hold queue on the tunnel interface of the spoke routers
C. Increase the hold queue on the tunnel interface of the hub router
D. Apply QoS for pak_priority class
E. Increase the hold queue on the physical interface of the spoke routers.
Answer: C
NEW QUESTION 153

A banking customer determines that it is operating POS and POI terminals that are noncompliant with PCI DSS requirements, as it is running TLSv1.0. The
customer plans to migrate the terminals to TLSv1.2. What are two requirements to complete the migration? (Choose two.)
A. Ensure that strong cryptography is applied for users who have administrative access through networks
B. Apply strong cryptography and security protocols to safeguard sensitive cardholder data.
C. Apply strong encryption for transmission of cardholder data across public networks.
D. Protect all user systems against malware and frequently update antivirus software
E. Maintain a policy that addresses information security for employees and third parties.
Answer: CE
NEW QUESTION 156

This network is running OSPF as the routing protocol. The internal networks are being advertised in OSPF London and Rome are using the direct link to reach
each other although the transfer rates are better via Barcelona Which OSPF design change allows OSPF to calculate the proper costs?
A. Change the OSPF reference bandwidth to accommodate faster links.

B. Filter the routes on the link between London and Rome
C. Change the interface bandwidth on all the links.
D. Implement OSPF summarisation to fix the issue
Answer: A
NEW QUESTION 159

A product manufacturing organization is integrating cloud services into their IT solution The IT team is working on the preparation phase of the implementation
approach, which includes the Define Strategy step. This step defines the scope of IT, the application, and the service What is one topic that should be considered
in the Define Strategy step?
A. financial and governance models

B. innovate and align with business according to volume
C. due diligence and financial scenarios
D. contingency exit strategy steps
Answer: D

NEW QUESTION 162

A service provider hires you to design its new managed CE offering to meet these requirements
• The CEs cannot run a routing protocol with the PE
• Provide the ability for equal or unequal ingress load balancing in dual-homed CE scenarios.
• Provide support for IPv6 customer routes
• Scale up to 250.000 CE devices per customer.
• Provide low operational management to scale customer growth.
• Utilize low-end (inexpensive) routing platforms for CE functionality. Which tunneling technology do you recommend?
A. FlexVPN
B. point-to-point GRE
C. DMVPN
D. LISP
Answer: D
NEW QUESTION 163

Company XYZ is redesigning their QoS policy. Some of the applications used by the company are real-time applications. The QoS design must give these
applications preference in terms of transmission. Which QoS strategy can be used to fulfill the requirement?
A. weighted fair queuing

B. weighted random early detection
C. low-latency queuing
D. first-in first-out
Answer: C
NEW QUESTION 165

You are tasked to design a QoS policy for a service provider so they can include it in the design of their MPLS core network If the design must support an MPLS
network with six classes, and CEs will be managed by the service provider, which QoS policy should be recommended?
A. map IP CoS bits into the IP Precedence field

B. map flow-label bits into the Exp field
C. map IP precedence bits into the DSCP field
D. map DSCP bits into the Exp field
Answer: D
NEW QUESTION 167

Which design benefit of bridge assurance is true?
A. It supposes a spanning-tee topology change upon connecting and disconnecting a station on a port
B. It prevents switched traffic from traversing suboptimal paths on the network.
C. It allows small, unmanaged switches to be plugged into ports of access switches without the risk of switch loops.
D. It prevents switch loops caused by unidirectional point-to-point link condition on Rapid PVST + and MST
Answer: D
NEW QUESTION 169

An existing wireless network was designed to support data traffic only. You must now install context Aware services for location tracking changes must be applied
to the existing wireless network to increase the location accuracy? (Chose two)
A. Add access points along the perimeter of the coverage area.

B. Increase the access point density to create an average inter-access point distance of less than 40 feet or 12.2 meters
C. Use directional antennas to provide more cell overlapping
D. Install additional access points in monitor mode where the co-channel interference would otherwise be affected
E. Fine tune the radio configuration of the access point to have a higher average transmission power to achieve better coverage
Answer: BE
NEW QUESTION 174

Company XYZ has a multicast domain that spans across multiple autonomous systems. The company wants to choose a technology that provides simplified and
controlled approach to interconnecting the multicast domains. Which technology is the best fit for this purpose?
A. MSDP
B. PIM SSM
C. MPLS
D. PIM sparse mode
Answer: A
NEW QUESTION 175

You want to mitigate failures that are caused by STP loops that occur before UDLD detects the failure or that are caused by a device that is no longer sending
BPDUs. Which mechanism do you use along with UDLD?
A. Root guard
B. BPDU guard

C. Loop guard
D. BPDU filtering
Answer: C
NEW QUESTION 177

An MPLS service provider is offering a standard EoMPLS-based VPLS service to Customer A. providing Layer 2 connectivity between a central site and
approximately 100 remote sites. Customer A wants to use the VPLS network to carry its internal multicast video feeds which are sourced at the central site and
consist of 20 groups at Mbps each. Which service provider recommendation offers the most scalability?
A. EoMPLS-based VPLS can carry multicast traffic in a scalable manner

B. Use a mesh of GRE tunnels to carry the streams between sites
C. Enable snooping mechanisms on the provider PE routers.
D. Replace VPLS with a Layer 3 MVPN solution to carry the streams between sites
Answer: D
NEW QUESTION 180

A network architect in an enterprise is designing a network policy for certain database applications. The goal of the policy is to allow these applications to access
the internet directly, whereas other user and network applications that communicate with systems or users outside their own network must be routed through the
data center. The focus is on achieving higher availability and a better user experience for the database applications, but switching between different network paths
based on performance characteristics must be supported.
Which solution meets these requirements?
A. MPLS L3VPN with QoS

B. Cloud onRamp for laaS
C. Cloud onRamp for SaaS
D. MPLS direct connect
Answer: C
Explanation:
https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-wan/nb-06-cloud-onramp-saas-faq-ct
NEW QUESTION 182

Your network operations team is deploying Access Control Lists (ACLs) across your Internet gateways They wish to place an ACL inbound on the Internet gateway
interface facing the core network (the "trusted" interface). Which IP address would the ACL need for traffic sourced from the inside interface, to match the source
address of the traffic?
A. inside global
B. outside global
C. inside local
D. outside local
Answer: C
NEW QUESTION 185

Company XYZ wants to secure the data plane of their network. Which two technologies can be included in the security design? (Choose two)
A. DAI
B. IP Source Guard
C. BEEP
D. CPPr
E. MPP
Answer: AB
NEW QUESTION 186

Which parameter is the most important factor to consider when deciding service placement in a cloud solution?
A. data replication cost

B. application structure
C. security framework Implementation time
D. data confidentiality rules
Answer: D
NEW QUESTION 190

Company XYZ must design a strategy to protect their routers from DoS attacks, such as traffic destined to the router's own route processor, using separate control
plane categories. Which two capabilities can be used to achieve this requirement? (Choose two.)
A. Control Plane Protection using queue thresholding on the transit subinterface

B. Control Plane Protection using port filtering on the transit subinterface
C. Control Plane Protection using port filtering on the main interface
D. Control Plane Protection using queue thresholding on the host subinterface
E. Control Plane Protection using port filtering on the host subinterface

Answer: DE
NEW QUESTION 193

Company ABC wants to minimize the risk of users plugging unauthorized switches and hubs into the network Which two features can be used on the LAN access
ports to support this design requirement? (Choose two.)
A. Loop Guard
B. PortFast
C. DTF
D. Root Guard
E. BPDU Guard
Answer: BE
NEW QUESTION 194

Which two factors must be considered for high availability in campus LAN designs to mitigate concerns about unavailability of network resources? (Choose two.)
A. device resiliency
B. device type
C. network type
D. network resiliency
E. network size
Answer: AD
NEW QUESTION 195

Which two features describe controller-based networking solutions compared to traditional networking solutions? (Choose two.)
A. inflate licensing costs

B. reduce network configuration complexity
C. provide centralization of primary IT functions
D. allow for fewer network failures
E. increase network bandwidth usage
Answer: BC
NEW QUESTION 199

Which mechanism enables small, unmanaged switches to plug into ports of access switches without risking switch loops?
A. PortFast
B. UDLD
C. Root guard
D. BPDU guard
Answer: D
NEW QUESTION 201

What is a characteristic of a secure cloud architecture model?
A. limited access to job function

B. dedicated and restricted workstations
C. multi-factor authentication
D. software-defined network segmentation
Answer: D
NEW QUESTION 205

An enterprise campus is adopting a network virtualization design solution with these requirements
It must include the ability to virtualize the data plane and control plane by using VLANs and VRFs
It must maintain end-to-end logical path transport separation across the network
resources available grouped at the access edge
Which two primary models can this network virtualization design be categorized? (Choose two)
A. Path isolation
B. Session isolation
C. Group virtualization
D. Services virtualization
E. Edge isolation
Answer: AD
NEW QUESTION 206

Which two conditions must be met for EIGRP to maintain an alternate loop-free path to a remote network? (Choose two.)
A. The Reported Distance from a successor is lower than the local Feasible Distance.

B. The Reported Distance from a successor is higher than the local Feasible Distance.
C. The feasibility condition does not need to be met.
D. The Feasible Distance from a successor is lower than the local Reported Distance.
E. A feasible successor must be present.
Answer: AE
NEW QUESTION 211

Company XYZ needs advice in redesigning their legacy Layer 2 infrastructure. Which technology should be included in the design to minimize or avoid
convergence delays due to STP or FHRP and provide a loop-free topology?
A. Use switch clustering in the access layer.

B. Use switch clustering in the core/distribution layer.
C. Use spanning-tree PortFast.
D. Use BFD.
Answer: B
NEW QUESTION 212

A network engineering team is in the process of designing a lab network for a customer demonstration. The design engineer wants to show that the resiliency of
the MPLS traffic Engineering Fast Reroute solution has the same failover/failback times as a traditional SONET/SDH network (around 50MSEC). In order to
address both link failure and node failure within the lab typology network, which type of the MPLS TE tunnels must be considered for this demonstration?
A. TE backup tunnel
B. Next-hop (NHop) tunnel
C. FRR Backup tunnel
D. next-next-hop (NNHop) tunnel
Answer: D
NEW QUESTION 217

An enterprise wants to provide low-cost delivery of network systems that can be scaled on business demand, followed by an initiative to reduce capital expenses
for new IT equipment. Which technology meets these goals'?
A. laaS within a private cloud

B. laaS within an on-premises location
C. PaaS within a public cloud
D. SaaS within an on-premises location
Answer: C
NEW QUESTION 222

An enterprise solution team is performing an analysis of multilayer architecture and multicontroller SDN solutions for multisite deployments. The analysis focuses
on the ability to run tasks on any controller via a standardized interface. Which requirement addresses this ability on a multicontroller platform?
A. Deploy a root controller to gather a complete network-level view.

B. Use the East-West API to facilitate replication between controllers within a cluster.
C. Build direct physical connectivity between different controllers.
D. Use OpenFlow to implement and adapt new protocols.
Answer: D
NEW QUESTION 224

Company XYZ has a hub-and-spoke topology over an SP-managed infrastructure. To measure traffic performance metrics, they implemented IP SLA senders on
all spoke CE routers and an IP SLA responder on the hub CE router. What must they monitor to have visibility on the potential performance impact due to the
constantly increasing number of spoke sites?
A. CPU and memory usage on the spoke routers

B. memory usage on the hub router
C. CPU usage on the hub router
D. interface buffers on the hub and spoke routers
Answer: C
NEW QUESTION 226

SD-WAN can be used to provide secure connectivity to remote offices, branch offices, campus networks, data centers, and the cloud over any type of IP-based
underlay transport network. Which two statements describe SD WAN solutions? (Choose two.)
A. SD-WAN networks are inherently protected against slow performance.

B. Control and data forwarding planes are kept separate.
C. Improved operational efficiencies result In cost savings.
D. Solutions include centralized orchestration, control, and zero-touch provisioning.
E. Solutions allow for variations of commodity and specialized switching hardware.
Answer: BD

NEW QUESTION 227

Retef to the exhibit.
An engineer is designing a multiarea OSPF network for a client who also has a large EIGRP domain EIGRP routes are getting redistributed into OSPF ,OSPF area
20 has routers with limited memory and CPU resources The engineer wants to block routes from EIGRP 111 from propagating into area 20 and allow EIGRP 222
routes to How in Which OSPF area type fulfills this design requirement?
A. area 20 as a stub area

B. type 5 LSA filtering on the ASBR between EIGRP 111 and area a
C. area 20 as a NSSA area
D. type 3 LSA filtering on the ABR between area 0 area 20
Answer: C
NEW QUESTION 228

Which three tools are used for ongoing monitoring and maintenance of a voice and video environment? (Choose three.)
A. flow-based analysis to measure bandwidth mix of applications and their flows

B. call management analysis to identify network convergence-related failures
C. call management analysis to identify CAC failures and call quality issues
D. active monitoring via synthetic probes to measure loss, latency, and jitter
E. passive monitoring via synthetic probes to measure loss, latency, and jitter
F. flow-based analysis with PTP time-stamping to measure loss, latency, and jitter
Answer: ACD
NEW QUESTION 230

Which two factors provide multifactor authentication for secure access to applications and data, no matter where the users are or which devices they are on?
(Choose two.)
A. persona-based
B. power-based
C. push-based
D. possession-based
E. pull-based
Answer: CD
NEW QUESTION 234

What are two examples of business goals to be considered when a network design is built? (Choose two.)
A. standardize resiliency
B. minimize operational costs
C. integrate endpoint posture
D. ensure faster obsolescence
E. reduce complexity
Answer: BE
NEW QUESTION 237

A company plans to use BFD between its routers to detect a connectivity problem inside the switched network. An IPS is transparently installed between the
switches. Which packets shold the IPS forward for BFD to work under all circumstances?
A. Fragmented packet with the do-not-fragment bit set

B. IP packets with broadcast IP source addresses
C. IP packets with the multicast IP source address
D. IP packet with the multicast IP destination address

E. IP packets with identical source and destination IP addresses

F. IP packets with the destination IP address 0.0.0.0.
Answer: E
NEW QUESTION 241

As network designer, which option is your main concern with regards to virtualizing multiple network zones into a single hardware device?
A. Fate sharing
B. CPU resource allocation
C. Congestion control
D. Security
E. Bandwidth allocation
Answer: A
NEW QUESTION 245

Refer to the exhibit
A service provider has a requirement to use Ethernet OAM to detect end-to-end connectivity failures between SP-SW1 and SP- SW2 Which two ways to design
this solution are true? (Choose two)
A. Enable unicast heartbeat messages to be periodically exchanged between MEPs

B. Enable Connectivity Fault Management on the SP switches
C. Use upward maintenance endpoints on the SP switches
D. Forward E-LMI PDUs over VPLS
E. Forward LLD PDUs over the VPLS
Answer: BC
NEW QUESTION 247

Which two advantages of using DWDM over traditional optical networks are true? (Choose two.)
A. inherent topology flexibility and service protection provided without penalty through intelligent oversubscription of bandwidth reservation
B. ability to expand bandwidth over existing optical Infrastructure
C. inherent topology flexibility with built-in service protection
D. inherent topology flexibility with intelligent chromatic dispersion
E. inherent topology flexibility with a service protection provided through a direct integration with an upper layer protocol
Answer: BC
NEW QUESTION 249

Company XYZ runs OSPF in their network. A design engineer decides to implement hot-potato routing architecture. How can this implementation be achieved?
A. Enable iBGP and apply prepend to ensure all prefixes will have the same length of the AS path attribute value.
B. Redistribute the external prefixes onto OSPF and ensure the total metric calculation includes only the ext value and the value is the same in all ASBRs.
C. Enable OSPF load-balancing over unequal cost path.
D. Redistribute the external prefixes onto OSPF and ensure that the total metric calculation includes external internal values.
Answer: D
NEW QUESTION 250

The Company XYZ network is experiencing attacks against their router. Which type of Control Plane Protection must be used on the router to protect all control
plane IP traffic that is destined directly for one of the router interfaces?
A. Control Plane Protection host subinterface

B. Control Plane Protection main interface
C. Control Plane Protection transit subinterface
D. Control Plane Protection CEF-exception subinterface
Answer: A
NEW QUESTION 253

A green data center is being deployed and a design requirement is to be able to readily scale server virtualization Which IETF standard technology can provide this
requirement?
A. data center bridging

B. unified fabric
C. Transparent Interconnection of Lots of Links
D. fabric path
Answer: C
NEW QUESTION 255

Which two statements describe network automation and network orchestration? (Choose two.)
A. Network automation does not provide governance or policy management.

B. Network automation spans multiple network services, vendors, and environments.
C. Network orchestration is done through programmatic REST APIs enabling automation across devices and management platforms.
D. Provisioning network services is an example of network automation.
E. Network orchestration is used to run single, low-level tasks without human intervention
Answer: AC
NEW QUESTION 256

An enterprise requires MPLS connected branches to access cloud-based Microsoft 365 services over an SD-WAN solution. Internet access Is available only at
dual regional hub sites that are connected to the MPLS network. Which connectivity method provides an optimum access method to the cloud-based services If
one ISP suffers loss or latency?
A. Cloud onRamp gateway site

B. Cloud onRamp SWG
C. Cloud onRamp
D. Cloud onRamp SaaS
Answer: D
Explanation:
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/cloudonramp/vedge-20-x/cloud-onramp-boo
NEW QUESTION 258

A BGP route reflector in the network is taking longer than expected to coverage during large network changes. Troubleshooting shows that the router cannot
handle all the TCP acknowledgements during route updates. Which action can be performed to tune the device performance?
A. Increase the size of the hold queue.

B. Increase the size of the large buffers.
C. Decrease the size of the small buffers.
D. Increase the keepalive timers for each BGP neighbor.
Answer: A
NEW QUESTION 260

Company XYZ is designing the IS-IS deployment strategy for their multiarea IS-IS domain. They want IS-IS neighbour relationships to be minimized on each
network segment and want to optimize the size of the IS-IS LSDB on each router. Which can design can be used to meet these requirements?
A. Design all routers as Level 2 router

B. Set the links between the routers as Level 1 with the area
C. Design the network so that the routers connecting to other areas are Level 2 routers and internal routers are Level 1
D. Design the network so that all routers are Level 1 routers
E. Design the network so that the routers connecting to other areas are Level 1/Level 2 routers and internal routers are Level 1
Answer: D
NEW QUESTION 261

......

Relate Links
100% Pass Your 400-007 Exam with Exambible Prep Materials
https://www.exambible.com/400-007-exam/
Contact us
We are proud of our high-quality customer service, which serves you around the clock 24/7.
Viste - https://www.exambible.com/

Powered by TCPDF (www.tcpdf.org)

Cisco: Exam Questions 400-007

Uploaded by

Copyright:

Available Formats

Cisco: Exam Questions 400-007

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco: Exam Questions 400-007

Uploaded by

Copyright:

Available Formats

We recommend you to try the PREMIUM 400-007 Dumps From Exambible

https://www.exambible.com/400-007-exam/ (267 Q&As)

Your Partner of IT Exam visit - https://www.exambible.com

Your Partner of IT Exam

Your Partner of IT Exam visit - https://www.exambible.com

A. Use IPsec for communication between unsecured network connection

Your Partner of IT Exam visit - https://www.exambible.com

A. MPLS wires only

A. service-oriented cloud architecture

Your Partner of IT Exam visit - https://www.exambible.com

A. first-hop router registration to the RP

A. Check for high roaming delay.

A. Spine switches can connect to each other.

A. Limit the query domain by use of distribute lists.

Your Partner of IT Exam visit - https://www.exambible.com

B. Build neighbor adjacencies in a triangulated fashion.

A. Enable a GRE tunnel between nodes CE1 and CE2

A. GRE Protocol Type and Checksum extension fields.

Your Partner of IT Exam visit - https://www.exambible.com

A. class-based traffic policing

A. network size and cost

Your Partner of IT Exam visit - https://www.exambible.com

A. asynchronous replication over dual data centers via DWDM

A. Source Guard and Prefix Guard

Your Partner of IT Exam visit - https://www.exambible.com

A. Bandwidth utilization increases

Your Partner of IT Exam visit - https://www.exambible.com

A. Assigning unique Route Distinguishers

A. Deploy controllers, deploy SD-WAN edge router

Your Partner of IT Exam visit - https://www.exambible.com

A. when switches of different spanning-tree types are connected (for exampl

NEW QUESTION 101

NEW QUESTION 104

NEW QUESTION 107

Your Partner of IT Exam visit - https://www.exambible.com

NEW QUESTION 111

A. 232.0.0.0 to 232 255.255.255

NEW QUESTION 115

NEW QUESTION 119

A. data center perimeter firewalling

NEW QUESTION 123

NEW QUESTION 127

Your Partner of IT Exam visit - https://www.exambible.com

A. multipoint route-redistribution with route filtering using ACLs

NEW QUESTION 128

A. provides additional redundancy

NEW QUESTION 132

A. small transactions (HTTP-like behavior)

NEW QUESTION 135

NEW QUESTION 140

A. service provider agreement to support tuned timers

NEW QUESTION 144

NEW QUESTION 147

A. Change the protocol to CIFS.

NEW QUESTION 148

Your Partner of IT Exam visit - https://www.exambible.com

A. A hierarchical network design model aids fault isolation

NEW QUESTION 149

NEW QUESTION 153