Cisco 400-007 - Cisco Certified Design Expert (CCDE v3.1)

A soft failure refers to a condition where the network continues to operate, but performance or behavior is degraded in a way that is not immediately visible or detectable—this includes suboptimal routing, misconfigured protocols, or resource inefficiencies. These are harder to define and detect because they don't cause total outages but still impact user experience or service quality. In contrast, hard failures like outages (Option D) are more visible and measurable.

This aligns with CCDE v3.1’s guidance on resilience, observability, and performance-aware design, emphasizing proactive identification of non-fatal but service-impacting anomalies.

==========

In IPv6, routers advertise prefixes via Router Advertisement (RA) messages. An attacker could inject rogue RAs to manipulate the IPv6 configuration of endpoints.

Router Advertisement Guard (RA Guard) blocks unauthorized RA messages from being received on access ports, preventing endpoints from receiving incorrect IPv6 prefixes from malicious or misconfigured devices.

This security feature is crucial when devices have IPv6 enabled but the network is IPv4-only.

Other options explained:

A: Source Guard and Prefix Guard enforce valid address and prefix assignment but do not prevent RA spoofing directly.

C: Prefix Guard focuses on controlling prefixes being assigned, not blocking RA messages.

D: Secure Neighbor Discovery (SEND) provides cryptographic protection but is rarely deployed due to complexity.

In MPLS networks, the MPLS header contains a 3-bit EXP (experimental) field that is used for QoS classification. Since the customer edge (CE) is managed by the service provider, it is common and best practice to map customer traffic classification (DSCP) into MPLS EXP at ingress into the MPLS core. This allows consistent QoS treatment throughout the core.

DSCP provides granular QoS markings (6-bit field, 64 values) which can be easily mapped to 3-bit EXP (8 values).

Mapping DSCP to EXP supports the 6-class model required by many service providers.

Why other options are incorrect:

A, C: IP CoS and IP precedence are legacy and not as granular as DSCP.

B: Flow-label is used in IPv6 for traffic engineering, not for MPLS QoS classification.

—

Fate-sharing describes a situation where two or more services or components are tied together such that failure in one leads to failure in others. In resilient design, the goal is often to eliminate fate-sharing by decoupling dependencies.

A: A single point of failure (like a shared power supply or converged service path) that brings down multiple components exemplifies fate-sharing.

B is incorrect because fate-sharing is a risk, not a protective measure.

C and D refer to device behavior (stateful inspection, transport layer behavior) rather than architectural dependency.

==========

C (Service orchestration platform):As branch scale increases, orchestration platforms automate multi-site deployment, configuration, and policy management. They integrate with controllers and external systems to reduce manual intervention, improve scalability, and enforce service consistency across thousands of locations.

Other options explained:

A: Management systems assist monitoring but don’t address provisioning complexity.

B: Lifecycle models guide processes but are not technical automation solutions.

D: Manual teams are not scalable for high-volume growth.

The Host Subinterface in Control Plane Protection (CPPr) protects traffic destined to the router itself (e.g., routing protocols, management traffic).

This is critical in preventing DoS or CPU exhaustion attacks targeting control plane services directly.

Why other options are incorrect:

B: Main interface refers to the global control plane policy but lacks the granularity.

C: Transit subinterface protects transit traffic handled by the forwarding plane.

D: CEF-exception handles non-IP or exception traffic, not regular control plane IP traffic.

—

Automation: The execution of individual tasks or configurations without manual intervention.

Orchestration: The coordination and sequencing of multiple automation tasks into structured workflows to achieve complex operational goals.

Why other options are incorrect:

B, C, D: They incorrectly define orchestration as either partially manual, parallel execution, or limited to commercial tools, which is not accurate in design principles.

—

Both FabricPath and TRILL are Layer 2 multipath technologies designed to eliminate spanning tree and allow for efficient forwarding across Layer 2 fabrics using routing techniques:

B (FabricPath permits active-active FHRP and TRILL supports anycast gateway):FabricPath (Cisco proprietary) integrates with vPC+ to allow active-active First Hop Redundancy Protocol (FHRP) operation at the access layer. This enables multiple default gateways to operate simultaneously, improving resiliency and utilization.TRILL (IEEE standard) uses anycast gateway functionality natively, where multiple switches share the same IP and MAC address for default gateway, allowing hosts to forward to any available gateway, providing active-active behavior at Layer 3.

Other options explained:

A: Incorrect — both FabricPath and TRILL are based on IS-IS for control plane operations; VXLAN is not part of TRILL.

C: Incorrect — both FabricPath and TRILL support ECMP (Equal Cost Multi-Path) to utilize multiple paths efficiently.

D: Incorrect — both technologies allow active-active forwarding at Layer 2.

This comparison highlights CCDE v3.1 design expertise in data center fabric architectures and control plane technologies.

The hub CE router is receiving IP SLA probes from all spokes, processing and responding to every request. As more spokes are added, the CPU workload on the hub increases exponentially due to:

Processing incoming IP SLA packets.

Generating and transmitting responses.

Monitoring CPU utilization at the hub ensures early detection of processing bottlenecks that could impact SLA accuracy and overall performance — a core CCDE v3.1 business-driven design consideration in centralized measurement architectures.

Why other options are incorrect:

A & B: Spoke resources are minimally taxed.

D: Buffer usage isn't the main limiting factor for IP SLA responsiveness.

A (Encryption + strong authentication) aligns most closely with Zero Trust’s emphasis on always verifying identity and protecting data as it moves across untrusted networks.

Data-in-motion encryption ensures confidentiality, and two-factor authentication ensures strict identity verification.

Why other options are incorrect:

B: Data-at-rest encryption is important but not as critical as controlling data in motion for Zero Trust.

C: Categorization helps in segmentation but is not the core Zero Trust principle.

D: High availability is a design requirement, not the primary Zero Trust security control.

—