Cisco 400-007 - Cisco Certified Design Expert (CCDE v3.1)

A (VXLAN offers native loop avoidance): VXLAN uses Layer 3 underlay with encapsulation, inherently avoiding Layer 2 loops common in traditional Layer 2 fabrics.

Why other options are incorrect:

B: Storm control mitigates broadcast storms but doesn't prevent loops.

C: vPC+ helps but doesn’t replace VXLAN's loop-free architecture.

D: BPDU Guard helps protect edge ports, but loop prevention in VXLAN is primarily handled by its Layer 3 foundation.

C (Untrusted VLAN): In out-of-band NAC Real-IP Gateway mode, unauthenticated clients are placed into the untrusted VLAN. The Clean Access Server handles traffic from these clients until authentication is complete.

Why other options are incorrect:

A: Authentication VLAN applies to some inline modes but not Real-IP Gateway.

B: User VLAN is assigned after successful authentication.

D: Management VLAN is used for administration, not for client onboarding.

—

The scenario requires controlling how AS 111 sends its outbound traffic (egress traffic). BGP policy control for outbound traffic is best handled via manipulating the BGP Local Preference attribute, as:

Local Preference (LocalPref) influences path selection for outbound traffic by setting a preference for one path over another.

It is evaluated within the AS and does not require coordination with external autonomous systems.

LocalPref changes are fully contained inside AS 111 and satisfy the requirement to only affect AS 111.

A higher Local Preference value is preferred, thus you set higher values for routes learned via AS 100.

Why other options are incorrect:

A (community): Typically influences inbound traffic or interacts with upstream providers.

B (MED): Influences inbound traffic for external neighbors, not outbound.

D (AS Path): Also primarily influences inbound traffic selection by remote ASes.

OSPF uses pacing timers to control how quickly it sends LSAs to neighbors to prevent network flooding and CPU spikes:

C. Retransmission-pacing timer: Controls spacing between retransmitted LSAs queued after a lost or unacknowledged transmission.

E. Flood-pacing timer: Controls spacing between consecutive LSAs when flooding new information to peers.

These timers are critical in scaling OSPF in dense or unstable topologies and are key to tuning control plane convergence performance without destabilizing routers.

B (Hybrid cloud): Combines private infrastructure with public cloud capabilities, offering flexibility for changing technology requirements while controlling operational expenses. The enterprise can invest CapEx in private resources while using public cloud elasticity for dynamic bandwidth or compute needs.

Hybrid solutions allow gradual migration and innovation while maintaining control and compliance over sensitive workloads.

Other options explained:

A: Private cloud limits flexibility and increases CapEx.

C: Public cloud minimizes CapEx but may increase OpEx for unpredictable workloads.

D: Multicloud adds complexity and often increases OpEx and operational management overhead.

—

D (Lifecycle model):The lifecycle model aligns directly with traditional project management (such as Waterfall). It follows a sequential, phase-driven process: requirement gathering, design, implementation, testing, and maintenance. Each phase must be completed before moving to the next, with defined milestones and documentation.

Other options explained:

A: "Static model" is not a standard recognized development model.

B: Agile is iterative and adaptive, opposite of traditional models.

C: Evolutionary delivery is more incremental, not fully aligned with traditional models.

D (Unique Local Addresses — ULA): IPv6 addresses in the FC00::/7 range, used for internal networks only, not routable over the global internet.

Ideal for campus or enterprise networks requiring internal-only addressability while avoiding conflict with global prefixes.

Why other options are incorrect:

A & B: Not valid IPv6 address types.

C: Link-local addresses (FE80::/10) are valid only for single-hop communication and cannot be routed even within the local campus.

—

A (Access):QoS classification and marking should occur as close to the traffic source as possible—at the access layer—so that policies can be consistently applied throughout the network.

Other options explained:

B/D: QoS policies at these layers rely on markings applied earlier.

C: Collapsed core is simply core and distribution merged, but marking should still happen at access.

B (Confidentiality):Protects data from unauthorized access or disclosure.

E (Integrity):Ensures data remains accurate and unaltered.

F (Availability):Ensures that data and systems are accessible when needed.

Other options explained:

A: Cryptography is a tool used to achieve confidentiality, integrity, or authentication, but it's not part of the CIA triad itself.

C/D: Authorization and identification are security processes, but not part of the core CIA triad.

A (QoE estimation): In SDN-based designs, particularly for multimedia traffic (voice, video, streaming), Quality of Experience (QoE) estimation is crucial to ensure end-user satisfaction. SDN can dynamically allocate resources based on real-time measurements of packet loss, jitter, delay, and other QoE indicators to maintain service quality.

Other options explained:

B: Security is always important but not unique to multimedia design.

C: Traffic patterns are part of capacity planning but secondary to QoE for multimedia.

D: Flow forwarding is handled by the SDN controller but does not directly address multimedia quality.

—