Pre-Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 400-007 - Cisco Certified Design Expert (CCDE v3.1)

Cisco 400-007 Premium Access     Download Demo    
Page: 7 / 15
Total 503 questions

Software-defined network and traditional networks might appear the same to the end-user, but behind the scenes, each has unique sets of characteristics. Drag and drop these characteristic found on the left to the corresponding category on the right in no particular order?

Which two characteristics apply to firewall transparent mode operations in a firewall solution design? (Choose two.)

A.

Changes in the existing IP addressing and subnets are required

B.

The firewall can participate actively on spanning tree.

C.

Multicast traffic can traverse the firewall.

D.

OSPF adjacencies can be established through the firewall

E.

The firewall acts like a router hop in the network.

: 494 DRAG DROP

The customer ' s network manager asked for some key points to use m a presentation on overlay/underlay features and responsibilities. Drag and drop the features or responsibilities from the left onto the corresponding groups on the right in no particular order.

Company XYZ is designing the network for IPv6 security and they have these design requirements:

A switch or router must deny access to traffic from sources with addresses that are correct but topologically incorrect.

Devices must block Neighbor Discovery Protocol resolution for destination addresses not found in the binding table.

Which two IPv4 security features are recommended for this company? (Choose two)

A.

IPv6 DHCP Guard

B.

IPv6 Source Guard

C.

IPv6 Destination Guard

D.

IPv6 Prefix Guard

E.

IPv6 RA Guard

The network designer needs to use GLOP IP addresses in order to make them unique within their ASN. Which multicast address range should be used?

A.

232.0.0.0 to 232.255.255.255

B.

233.0.0.0 to 233.255.255.255

C.

239.0.0.0 to 239.255.255.255

D.

224.0.0.0 to 224.0.0.255

Which solution component helps to achieve comprehensive threat protection and compliance for migration to multicloud SDX architectures?

A.

System-oriented architecture

B.

OSASE architecture

C.

Platform-oriented architecture

D.

SASE architecture

A network architect is working on the baseline policies dealing with the use of Infrastructure-as-Code within an IT department, and has been requested to present the plan at the monthly management board meeting. What are two examples of operational aspects of Infrastructure-as-Code that can be highlighted during the presentation? (Choose two.)

A.

API for programmatic control

B.

automatic trouble ticketing

C.

automated workflows

D.

source code management repository

E.

telemetry and monitoring

You were tasked to enhance the security of a network with these characteristics:

A pool of servers is accessed by numerous data centers and remote sites

The servers are accessed via a cluster of firewalls

The firewalls are configured properly and are not dropping traffic

The firewalls occasionally cause asymmetric routing of traffic within the server data center.

Which technology should you recommend to enhance security by limiting traffic that could originate from a hacker compromising a workstation and redirecting flows at the servers?

A.

Poison certain subnets by adding static routes to Null0 on the core switches connected to the pool of servers.

B.

Deploy uRPF strict mode.

C.

Limit sources of traffic that exit the server-facing interface of the firewall cluster with ACLs.

D.

Deploy uRPF loose mode.

Refer to the exhibit. An architect has been tasked to design an ISIS solution for a medium-size financial customer. The resulting design must meet these requirements:

•Traffic from the branches toward major sites is limited to 500 Mbps.

•Traffic from the major sites toward HQ is limited to 1Gbps.

•The number of branch sites will increase to 30 within the next three years.

•Link and node failures in a region must only have an impact within that region

Which two ISIS design aspects must be included? (Choose two.)

A.

Region-A and Region-B major routers establish passive ISIS peering with HQ router.

B.

Branch site routers and major site routers establish L2 adjacency.

C.

Region-A and Region-B major routers advertise a default route toward the other region.

D.

Different ISIS instances on HQ router to separate Region-A and Region-B.

E.

Branch site routers establish L1 adjacencies and major site routers establish L1/L2 adjacencies.

An enterprise plans to evolve from a traditional WAN network to a software-defined WAN network. The existing devices have limited capability when it comes to virtualization. As the migration is carried out, enterprise applications and services must not experience any traffic impact. Which implementation plan can be used to accommodate this during the migration phase?

A.

Deploy controllers, deploy SD-WAN edge routers in the data center, and migrate branch sites.

B.

Migrate data center WAN routers, migrate branch sites, and deploy SD-WAN edge routers.

C.

Migrate branch sites, migrate data center WAN routers, and deploy controllers.

D.

Deploy SD-WAN edge routers in the data center, deploy controllers, and migrate branch sites.