Welcome to download the Newest 2passeasy 400-007 dumps

https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

Exam Questions 400-007

Cisco Certified Design Expert (CCDE v3.0) Written Exam

https://www.2passeasy.com/dumps/400-007/

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy 400-007 dumps
https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

NEW QUESTION 1
You want to mitigate failures that are caused by STP loops that occur before UDLD detects the failure
or that are caused by a device that is no longer sending BPDUs. Which mechanism do you use along
with UDLD?

A. Root guard
B. BPDU guard
C. Loop guard
D. BPDU filtering

Answer: C

NEW QUESTION 2
A multicast network is sing Bidirectional PIM. Which two combined actions achieve high availability
so that two RPs within the same network can act in a redundant manner? (Choose two)

A. Use two phantom RP addresses

B. Manipulate the administration distance of the unicast routes to the two RPs
C. Manipulate the multicast routing table by creating static mroutes to the two RPs
D. Advertise the two RP addresses in the routing protocol
E. Use anycast RP based on MSDP peering between the two RPs
F. Control routing to the two RPs through a longest match prefix

Answer: AF

NEW QUESTION 3
Refer to the table.

A customer investigates connectivity options for a DCI between two production data centers to aid a
large-scale migration project. The migration is estimated to take 20 months to complete but might extend an additional 10 months if issues arise. All connectivity
options meet the requirements to migrate workloads. Which transport technology provides the best ROI based on cost and flexibility?

A. CWDM over dark fiber

B. MPLS
C. DWDM over dark fiber
D. Metro Ethernet

Answer: D

NEW QUESTION 4
Which effect of using ingress filtering to prevent spoofed addresses on a network design is true?

A. It reduces the effectiveness of DDoS attacks when associated with DSCP remarking to Scavenger.
B. It protects the network Infrastructure against spoofed DDoS attacks.
C. It Classifies bogon traffic and remarks it with DSCP bulk.
D. It filters RFC 1918 IP addresses.

Answer: B

NEW QUESTION 5
Which BGP feature provides fast convergence?

A. BGP PIC |
B. BGP-EVPN
C. BGP FlowSpec
D. BGP-LS

Answer: A

NEW QUESTION 6
Which two data plane hardening techniques are true? (Choose two)

A. warning banners
B. redundant AAA servers

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy 400-007 dumps
https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

C. Control Plane Policing

D. SNMPv3
E. routing protocol authentication

Answer: EF

NEW QUESTION 7
You are tasked with the design of a high available network. Which two features provide fail closed environments? (Choose two.)

A. EIGRP
B. RPVST+
C. MST
D. L2MP

Answer: AB

NEW QUESTION 8
In an OSPF network with routers connected together with Ethernet cabling, which topology
typically takes the longest to converge?

A. partial mesh
B. full mesh
C. ring
D. squared
E. triangulated

Answer: B

NEW QUESTION 9
Which two impacts of adding the IP event dampening feature to a network design are true?
(Choose two.)

A. It protects against routing loops.

B. It switches traffic immediately after a link failure.
C. lt speeds up link failure detection.
D. It reduces the utilization of system processing resources.
E. It improves overall network stability.

Answer: DE

NEW QUESTION 10
A small organization of 20 employees is looking to deliver a network design service for
modernizing customer networks to support advanced solutions:
- Project scope and weekly progress should be visualized by the management.
- Always consider feedback and make changes accordingly during the project.
- Should consider flexibility to change scope at the point of time.
Which project methodology meets the requirements and have the least impact on the outcome?

A. Scrum
B. LEAN
C. Kanban
D. Six-Sigma

Answer: C

NEW QUESTION 10
A European government passport agency considers upgrading its IT systems to increase
performance and workload flexibility in response to constantly changing requirements. The
budget manager wants to reduce capital expenses and IT staff and must adopt the lowest-cost
technology. Which technology choice is suitable?

A. on premises
B. private cloud
C. public cloud
D. hybrid cloud

Answer: B

NEW QUESTION 14
Which two control plane policer designs must be considered to achieve high availability? (Choose
two.)

A. Control plane policers are enforced in hardware to protect the software path, but they arehardware platform dependent in terms of classification ability.
B. Control plane policers are really needed only on externally facing devices.
C. Control plane policers can cause the network management systems to create false alarms.
D. Control plane policers must be processed before a forwarding decision is made.
E. Control plane policers require that adequate protocols overhead are factored in to allow protocolconvergence.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy 400-007 dumps
https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

Answer: AD

NEW QUESTION 18
The Company XYZ network is experiencing attacks against their router.
Which type of Control Plane Protection must be used on the router to protect all control plane IP traffic that is destined directly for one of the router interfaces?

A. Control Plane Protection host subinterface

B. Control Plane Protection main interface
C. Control Plane Protection transit subinterface
D. Control Plane Protection CEF-exception subinterface

Answer: A

NEW QUESTION 19
What is the most important operational driver in building a resilient and secure modular network design?

A. Dependencies on hardware or software that is difficult to scale

B. Minimize app downtime
C. Reduce the frequency of failures requiring human intervention
D. Increase time spent on developing new features

Answer: C

NEW QUESTION 20
An enterprise requires MPLS connected branches to access cloud-based Microsoft 365 services over an SD-WAN solution. Internet access Is available only at
dual regional hub sites that are connected to the MPLS network.
Which connectivity method provides an optimum access method to the cloud- based services If one ISP suffers loss or latency?

A. Cloud onRamp gateway site

B. Cloud onRamp SWG
C. Cloud onRamp
D. Cloud onRamp SaaS

Answer: D

NEW QUESTION 21
An enterprise that runs numerous proprietary applications has major issues with its on-premises server estate hardware, to the point where business-critical
functions are compromised. The enterprise accelerates plans to migrate services to the cloud.
Which cloud service should be used if the enterprise wants to avoid hardware issues yet have control of its applications and operating system?

A. SaaS
B. PaaS
C. laaS
D. hybrid cloud

Answer: C

NEW QUESTION 24
Company XYZ has 30 sites running a legacy private WAN architecture that connects to the Internet via multiple highspeed connections.
The company is now redesigning their network and must comply with these design requirements:
- Use a private WAN strategy that allows the sites to connect to each other directly and caters for future expansion.
- Use the Internet as the underlay for the private WAN. Securely transfer the corporate data over the private WAN.
Which two technologies should be Incorporated into the design of this network? (Choose two.)

A. S-VTI
B. IPsec
C. DMVPN
D. GET VPN
E. PPTP

Answer: BC

NEW QUESTION 26
Company XYZ wants to improve the security design of their network to include protection from reconnaissance and DoS attacks on their sub interfaces destined
toward next hop routers.
Which technology can be used to prevent these types of attacks?

A. MPP
B. CPPr
C. CoPP
D. DPP

Answer: B

NEW QUESTION 31

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy 400-007 dumps
https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

Your company wants to deploy a new data center infrastructure.

Based on the requirements you have chosen VXLAN as encapsulation technology.
The customer is concerned about miss-configuration of Layer 2 devices and DC wide outages caused by Layer 2 loops.
What do you answer?

A. VXLAN offers native loop avoidance mechanism

B. Storm Control should be enabled on all ports
C. VPC+ could prevent L2 loop on access ports
D. BPDU Guard should be enabled on all VTEP access ports

Answer: D

NEW QUESTION 36
Refer to the exhibit. Your company designed a network to allow server VLANs to span all access switches in a data center.
In the design, Layer 3 VLAN interfaces and HSRP are configured on the aggregation switches.
Which two features improve STP stability within the network design? (Choose two.)

A. BPDU guard on access ports

B. BPDU guard on the aggregation switch downlinks toward access switches
C. root guard on the aggregation switch downlinks toward access switches
D. root guard on access ports
E. edge port on access ports
F. access switch pairs explicitly determined to be root and backup root bridges

Answer: AE

NEW QUESTION 39
You have been tasked with designing a data center interconnect to provide business continuity.
You want to encrypt the traffic over the DCI using IEEE 802.1AE MACsec to prevent the deployment of any firewall or IPS.
Which two interconnect technologies support MACsec? (Choose two.)

A. EoMPLS
B. MPLS Layer 3 VPN
C. DMVPN
D. GET VPN
E. KVPLS

Answer: AE

NEW QUESTION 40
While reviewing an existing network design, you are discussing the characteristics of different STP versions.
Which protocol minimizes unicast flooding during a Topology Change Notification in a Layer 2 switched network with many VLANs?

A. PVRSTP
B. MST
C. STP
D. PVSTP+

Answer: A

NEW QUESTION 44
A network design includes a long signaling delay in notifying the Layer 3 control plane that an interface has failed.
Which two of these actions would reduce that delay? (Choose two.)

A. Increase network stability.

B. Reduce the time for the network to reconverge.
C. Increase the notification of interface flaps.
D. Enable lower data link layer recovery systems to have an opportunity to restore the interface

Answer: BD

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy 400-007 dumps
https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

NEW QUESTION 48
You are designing an Out of Band Cisco Network Admission Control. Layer 3 Real-IP Gateway deployment for a customer.
Which VLAN must be trunked back to the Clean Access Server from the access switch?

A. authentication VLAN
B. user VLAN
C. untrusted VLAN
D. management VLAN

Answer: D

NEW QUESTION 52
A service provider hires you to design its new managed CE offering to meet these requirements:
- The CEs cannot run a routing protocol with the PE
- Provide the ability for equal or unequal ingress load balancing in dual-homed CE scenarios.
- Provide support for IPv6 customer routes
- Scale up to 250.000 CE devices per customer.
- Provide low operational management to scale customer growth.
- Utilize low-end (inexpensive) routing platforms for CE functionality.
Which tunneling technology do you recommend?

A. FlexVPN
B. point-to-point GRE
C. DMVPN
D. LISP

Answer: D

NEW QUESTION 55
When designing a WAN that will be carrying real-time traffic, what are two important reasons to consider serialization delay? (Choose two )

A. Serialization delays are invariable because they depend only on the line rate of the interface
B. Serialization delays are variable because they depend on the line rate of the interface and on thetype of the packet being serialized.
C. Serialization delay is the time required to transmit the packet on the physical media.
D. Serialization delays are variable because they depend only on the size of the packet beingserialized
E. Serialization delay depends not only on the line rate of the interface but also on the size of thepacket

Answer: BD

NEW QUESTION 57
Your network operations team is deploying Access Control Lists (ACLs) across your Internet gateways.
They wish to place an ACL inbound on the Internet gateway interface facing the core network (the "trusted" interface).
Which IP address would the ACL need for traffic sourced from the inside interface, to match the source address of the traffic?

A. inside global
B. outside global
C. inside local
D. outside local

Answer: C

NEW QUESTION 61
A senior network designer suggests that you should improve network convergence times by reducing BGP timers between your CE router and the PE router of the
service provider.
Which two factors should you consider to adjust the timer values? (Choose two.)

A. service provider agreement to support tuned timers

B. manual updates to the peer groups
C. service provider scheduling of changes to the PE
D. number of routes on the CE router
E. number of VRFs on the PE router

Answer: AD

NEW QUESTION 66
You were tasked to enhance the security of a network with these characteristics:
- A pool of servers is accessed by numerous data centers and remote sites
- The servers are accessed via a cluster of firewalls
- The firewalls are configured properly and are not dropping traffic
- The firewalls occasionally cause asymmetric routing of traffic within the server data center.
Which technology should you recommend to enhance security by limiting traffic that could originate from a hacker compromising a workstation and redirecting
flows at the servers?

A. Poison certain subnets by adding static routes to Null0 on the core switches connected to thepool of servers.
B. Deploy uRPF strict mode.
C. Limit sources of traffic that exit the server-facing interface of the firewall cluster with ACLs.
D. Deploy uRPF loose mode

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy 400-007 dumps
https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

Answer: C

NEW QUESTION 71
A network architect must redesign a service provider edge, where multiservice and multitenant PEs are currently present.
Which design feature should be minimized in the new design to achieve reliability?

A. bridging
B. fate sharing
C. redundancy
D. unicast overlay routing

Answer: B

NEW QUESTION 73
You are designing a network running both IPv4 and IPv6 to deploy QoS.
Which consideration is correct about the QoS for IPv4 and IPv6?

A. IPv4 and IPv6 traffic types can use use queuing mechanisms such as LLQ, PQ and CQ.
B. IPv6 packet classification is only available with process switching, whereas IPv4 packetclassification is available with both process switching and CEF.
C. IPv6 and IB/4 traffic types can use a single QoS policy to match both protocols
D. Different congestion management mechanisms need to be used for IPv4 and IPv6 traffic types

Answer: C

NEW QUESTION 74
A Tier-3 Service Provider is evolving into a Tier-2 Service Provider due to the amount of Enterprise business it is receiving.
The network engineers are re-evaluating their IP/MPLS design considerations in order to support duplicate/overlapping IP addressing from their Enterprise
customers within each Layer3 VPN.
Which concept would need to be reviewed to ensure stability in their network?

A. Assigning unique Route Distinguishers

B. Assigning unique Route Target ID'S
C. Assigning unique IP address space for the Enterprise NAT/Firewalls
D. Assigning unique VRF ID's to each L3VPN

Answer: A

NEW QUESTION 75
A Service Provider is designing a solution for a managed CE service to a number of local customers using a single CE platform and wants to have logical
separation on the CE platform using Virtual Routing and Forwarding (VRF) based on IP address ranges or packet length.
Which is the most scalable solution to provide this type of VRF Selection process on the CE edge device?

A. Static Routes for Route Leaking

B. Policy Based Routing
C. OSPF per VRF Instance
D. Multi-Protocol BGP

Answer: B

NEW QUESTION 79
An MPLS service provider is offering a standard EoMPLS-based VPLS service to CustomerA providing Layer 2 connectivity between a central site and
approximately 100 remote sites.
CustomerA wants to use the VPLS network to carry its internal multicast video feeds which are sourced at the central site and consist of 20 groups at Mbps each.
Which service provider recommendation offers the most scalability?

A. EoMPLS-based VPLS can carry multicast traffic in a scalable manner

B. Use a mesh of GRE tunnels to carry the streams between sites
C. Enable snooping mechanisms on the provider PE routers.
D. Replace VPLS with a Layer 3 MVPN solution to carry the streams between sites

Answer: D

NEW QUESTION 81
What best describes the difference between Automation and Orchestration?

A. Automation refers to an automatic process for completing a single task and Orchestration refersto assembling and coordinating a set of tasks and conditions.
B. Automation describes a hands-off configuration process while Orchestration refers to sets ofautomation tasks that require the network administrator to
coordinate
C. Automation refers to an automatic process for completing multiple tasks with conditions andOrchestration refers to executing tasks in parallel.
D. Automation refers to scripting languages (Pytho
E. Ansible etc.) and Orchestration refers tocommercial products that control configuration deployment

Answer: A

NEW QUESTION 83

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy 400-007 dumps
https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

A customer asks you to perform a high level review of their upcoming WAN refresh for remote sites.
The review is specially focused on their retail store operations consisting of 500+ locations connected via mutlipoint IPsec VPN solution.
Which routing protocol would be valid but would also be the most restrictive for the expansion of this deployment model?

A. EIGRP
B. IS-IS
C. OSPF
D. BGP

Answer: B

NEW QUESTION 88
As part of a new network design documentation, you are required to explain the reason for choosing cisco FabricPath for Layer 2 loop avoidance.
Which two elements help Cisco FabricPath mitigate Layer 2 loops if they happen in the Layer 2 MP network? (Choose two)

A. MAC tunneling
B. IS-IS multipath
C. RPF check
D. TTL header

Answer: CD

NEW QUESTION 89
Which design benefit of PortF ast is true?

A. PortFast does not generate a spanning tree topology change hen a station on a port is connectedor disconnected
B. PortFast disables spanning tree on the port, which puts the port into the forwarding stateimmediately after it is connected
C. PortFast allows small, unmanaged switches to be plugged into ports of access switches withoutrisking switch loops
D. PortFast detects one-way communications on the physical port, which prevents switch loops
E. PortFast prevents switch loops that are caused by a unidirectional point to point link condition onRapid PVST+ and MST
F. PortFast prevents switched traffic from traversing suboptimal paths on the network

Answer: A

NEW QUESTION 93
Refer to the exhibit. AJI links are P2P Layer 3. A high availability application is synchronizing data between host A and host B.

To increase chance of delivery the same data is sent twice from host A on two different NICs toward the two NICs on host B.
Which solution must be deployed in the network to ensure that any failure in the network does not trigger data loss on host B?

A. EIGRP with feasible successors

B. BFD
C. IP Fast Reroute
D. Static routes

Answer: C

NEW QUESTION 94
Which encoding format does cisco ios XE software support for NETCONF?

A. It supports HTML encoding for NETCONF

B. It supports YAML encoding for NETCONF
C. It supports XML encoding for NETCONF
D. It supports JSON encoding for NETCONF

Answer: C

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy 400-007 dumps
https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

NEW QUESTION 95
Refer to the exhibit. A new high availability DB sever cluster is installed in the network.

These two servers require high bandwidth and low latency Layer 2 connectivity for database replication.
Which solution supports these requirements?

A. Add two new links between SW1 and SW2 configured as LACP trunk with STP
B. Add secondary links to REP segments 1 and 2
C. Add two new links between SW1 and SW2 configured as REP segment 3
D. Add two new links between SW1 and SW2 configured as REP segments 1 and 2 respectively

Answer: C

NEW QUESTION 96
VPLS is implemented in a Layer 2 network with 2000 VLANs.
What is the primary concern to ensure successful deployment of VPLS?

A. Flooding is necessary to propagate MAC address reachability information

B. PE scalability
C. The underlying transport mechanism
D. VLAN scalability

Answer: B

NEW QUESTION 98
Which option is a fate-sharing characteristic in regards to network design?

A. A failure of a single element causes the entire service to fail

B. It protects the network against failures in the distribution layer
C. It acts as a stateful forwarding device
D. It provides data sequencing and acknowledgment mechanisms

Answer: A

NEW QUESTION 101

Drag and Drop Question
Drag and drop the FCAPS network management reference models from the left onto the correct definitions on the right.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy 400-007 dumps
https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

NEW QUESTION 104

How many fully established neighbour relationships exist on an Ethernet with five routers running OSPF as network
type broadcast?

A. 5
B. 6
C. 7
D. 10
E. 20

Answer: C

NEW QUESTION 107

Which statement about hot-potato routing architecture design is true?

A. Hot-potato routing is the preferred architecture when connecting to content providers

B. Hop-potato keeps traffic under the control of the network administrator for longer
C. OSPF uses hot-potato routing if all ASBRs use the same value for the external metric
D. Hot-potato routing is prone to misconfiguration as well as poor coordination between twonetworks

Answer: A

NEW QUESTION 109

Which two design option are available to dynamically discover the RP in an IPv6 multicast network? (Choose two)

A. embedded RP
B. MSDP
C. BSR
D. Auto-RP
E. MLD

Answer: AC

NEW QUESTION 110

Company A has a hub-and spoke topology over an SP-managed infrastructure. To measure traffic performance metrics. IP SLA senders on all spoke CE routers
and an IP SLA responder on the hub CE router.
What must they monitor to have visibility on the potential performance impact due to the constantly increasing number of spoke sites?

A. memory usage on the hub router

B. interface buffers on the hub and spoke routers
C. CPU and memory usage on the spoke routers
D. CPU usage on the hub router

Answer: D

NEW QUESTION 115

Which two descriptions of CWDM are true? (Choose two)

A. typically used over long distances, but requires optical amplification

B. uses the 850nm band
C. allows up to 32 optical earners to be multiplexed onto a single fiber
D. shares the same transmission window as DWDM
E. Passive CWDM devices require no electrical power

Answer: DE

NEW QUESTION 118

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy 400-007 dumps
https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

Company XYZ is running OSPF in their network. They have merged with another company that is running EIGRP as the routing protocol. Company XYZ now
needs the two domains to talk to each other with redundancy, while maintaining a loop free environment.
The solution must scale when new networks are added into the network in the near future.
Which technology can be used to meet these requirements?

A. multipoint route-redistribution with route filtering using ACLs

B. DUMP multipoint route-redistribution with route filtering using route tags
C. DUMPS single point route-redistribution with route filtering using route tags
D. DUMPS single point route-redistribution with route filtering using ACLs

Answer: B

NEW QUESTION 120

The network designer needs to use GLOP IP address in order make them unique within their ASN, which multicast address range will be considered?

A. 239.0.0.0 to 239.255.255.255
B. 224.0.0.0 to 224.0.0.255
C. 233.0.0.0 to 233.255.255.255
D. 232.0.0.0 to 232.255.255.255

Answer: C

NEW QUESTION 122

Drag and Drop Question
Drag and drop the multicast protocols from the left onto the current design situation on the right.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 124

......

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

 Welcome to download the Newest 2passeasy 400-007 dumps
https://www.2passeasy.com/dumps/400-007/ (158 New Questions)

THANKS FOR TRYING THE DEMO OF OUR PRODUCT

Visit Our Site to Purchase the Full Set of Actual 400-007 Exam Questions With Answers.

We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
400-007 Product From:

https://www.2passeasy.com/dumps/400-007/

Money Back Guarantee

400-007 Practice Exam Features:

* 400-007 Questions and Answers Updated Frequently

* 400-007 Practice Questions Verified by Expert Senior Certified Staff

* 400-007 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* 400-007 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Powered by TCPDF (www.tcpdf.org)