400-007 Practice Exam Questions and Answers

Company XYZ needs advice in redesigning their legacy Layer 2 infrastructure. Which technology should be included in the design to minimize or avoid convergence delays due to STP or FHRP and provide a loop-free topology?

Identity and access management between multiple users and multiple applications has become a mandatory requirement for Company XYZ to fight against ever increasing cybersecurity threats. To achieve this, federated identity services have been deployed in the Company XYZ network to provide single sign-on and Multi-Factor Authentication for the applications and services. Which protocol can be used by Company XYZ to provide authentication and authorization services?

Which statement about hot-potato routing architecture design is true?

Refer to the exhibit.

As part of a redesign project, you must predict multicast behavior What happens to the multicast traffic received on the shared tree (*,G), if it is received on the LHR interface indicated*?

What best describes the difference between Automation and Orchestration?

Which two benefits can software defined networks provide to businesses? (Choose two.)

The Company XYZ network is experiencing attacks against their router. Which type of Control Plane Protection must be used on the router to protect all control plane IP traffic that is destined directly for one of the router interfaces?

Refer to the table.

A customer investigates connectivity options for a DCI between two production data centers to aid a large-scale migration project. The migration is estimated to take 20 months to complete but might extend an additional 10 months if issues arise. All connectivity options meet the requirements to migrate workloads. Which transport technology provides the best ROI based on cost and flexibility?

Which protocol does an SD-Access wireless Access Point use for its fabric data plane?

In a redundant hub and spoke "wheel" design, all spokes are connected to the hub, and spokes are connected to other spokes as well. During failure on one spoke link, the traffic from that site can be sent to a neighboring site for it to be forwarded to the hub site. But during peak hours, a link is overloaded and traffic is re-routed to a neighbor, which subsequently becomes overloaded. This overload results in network traffic oscillation as the load varies at each spoke site. This design provides more redundancy but not more resiliency because the routing protocol must process many alternate paths to determine the lowest cost path. Which two design

changes help to improve resilience in this case? (Choose two.)

Which two advantages of using DWDM over traditional optical networks are true? (Choose two.)

Which three elements help network designers to construct secure systems that protect information and resources (such as devices, communication, and data) from unauthorized access, modification, inspection, or destruction? (Choose three.)

Company XYZ must design a strategy to protect their routers from DoS attacks, such as traffic destined to the router's own route processor, using separate control plane categories. Which two capabilities can be used to achieve this requirement? (Choose two.)

How can EIGRP topologies be designed to converge as fast as possible in the event of a point-to-point link failure?

An MPLS service provider is offering a standard EoMPLS-based VPLS service to Customer

A.  

Retef to the exhibit.

This network is running OSPF and EIGRP as the routing protocols Mutual redistribution of the routing protocols has been contoured on the appropriate ASBRs The OSPF network must be designed so that flapping routes m EIGRP domains do not affect the SPF runs within OSPF The design solution must not affect the way EIGRP routes are propagated into the EIGRP domains Which technique accomplishes the requirement?

Which purpose of a dynamically created tunnel interface on the design of IPv6 multicast services Is true?

SDN is still maturing Throughout the evolution of SDN which two things will play a key role in enabling a successful deployment and avoiding performance visibility gaps in the infrastructure? (Choose two.)

Which DCI technology utilizes a “flood and learn” technique to populate the Layer2 forwarding table?

An enterprise organization currently provides WAN connectivity to their branch sites using MPLS technology, and the enterprise network team is considering rolling out SD-WAN services for all sites.

With regards to the deployment planning, drag and drop the actions from the left onto the corresponding steps on the right.

Agile and Waterfall are two popular methods for organizing projects. What describes any Agile network design development process?

Company XYZ wants to redesign the Layer 2 part of their network and wants to use all available uplinks for increased performance. They also want to have end host reachability supporting conversational learning. However, due to design constraints, they cannot implement port-channel on the uplinks. Which other technique can be used to make sure the uplinks are in active/active state?

Which development model is closely associated with traditional project management?

A healthcare provider discovers that protected health information of patients was altered without patient consent. The healthcare provider is subject to HIPAA compliance and is required to protect PHI data. Which type of security safeguard should be implemented to resolve this issue?

Which feature is supported by NETCONF but is not supported by SNMP?

A network hacker is trying to interrupt the transport packet on IPSE

C.  

Which network management framework can be used to develop a network architecture that contains business requirements analysis, gap analysis, and network diagrams as artifacts to be used for design and implementation later?

A business wants to centralize services via VDI technology and to replace remote WAN desktop PCs with thin client-type machines to reduce operating costs Which consideration supports the new business requirement?

Drag and drop the design use cases from the left onto the correct uRPF techniques used to prevent spoofing attacks Not all options are used.

Which two aspects are considered when designing a dual hub dual DMVPN cloud topology? (Choose two )

Drag and drop the multicast protocols from the left onto the current design situation on the right.

A multinational enterprise integrates a cloud solution with these objectives

• Achieve seamless connectivity across different countries and regions

• Extend data center and private clouds into public clouds and provider-hosted clouds

What are two outcomes of deploying data centers and fabrics that interconnect different cloud networks? (Choose two.)

A financial company requires that a custom TCP-based stock-trading application be prioritized over all other traffic for the business due to the associated revenue. The company also requires that VoIP be prioritized for manual trades. Which directive should be followed when a QoS strategy is developed for the business?

You have been tasked with designing a data center interconnect as part of business continuity You want to use FCoE over this DCI to support synchronous replication. Which two technologies allow for FCoE via lossless Ethernet or data center bridging? (Choose two.)

Company XYZ has 30 sites running a legacy private WAN architecture that connects to the Internet via multiple high- speed connections The company is now redesigning their network and must comply with these design requirements :

• Use a private WAN strategy that allows the sites to connect to each other directly and caters for future expansion.
• Use the Internet as the underlay for the private WAN.
• Securely transfer the corporate data over the private WAN.

Which two technologies should be Incorporated into the design of this network? (Choose two.)

Refer to the exhibit.

Traffic was equally balanced between Layer 3 links on core switches SW1 and SW2 before an introduction of the new video server in the network. This video server uses multicast to send video streams to hosts and now one of the links between core switches is over utilized Which design solution solves this issue?

Which two actions must merchants do to be compliant with the Payment Card Industry Data Security Standard? (Choose two.)

You are designing a large-scale DMVPN network with more than 500 spokes using EIGRP as the IGP protocol Which design option eliminates potential tunnel down events on the spoke routers due to the holding time expiration?

Two enterprise networks must be connected together. Both networks are using the same private IP addresses.

The client requests from both sides should be translated using hide NAT (dynamic NAT) with the overload

feature to save IF addresses from the NAT pools. Which design addresses this requirement using only one

Cisco I OS NAT router for both directions?

How many fully established neighbour relationships exist on an Ethernet with five routers running OSPF as network type broadcast?

A software-defined network can be defined as a network with an API that allows applications to understand and react to the state of the network in near real time. A vendor is building an SDN solution that exposes an API to the RIB and potentially the forwarding engine directly. The solution provides off-box processes with the capability to interact with the routing table in the same way as a distributed routing process. Which SDN framework model does the solution use?

What is an architectural framework created by ETSI that defines standards to decouple network functions from proprietary hardware-based appliances and have them run in software on standard x86 servers?

Router R1 is a BGP speaker with one peering neighbor over link "A". When the R1 link/interface "A" fails, routing announcements are terminated, which results in the tearing down of the state for all BGP routes at each end of the link. What is this a good example of?

As a network designer you need to support an enterprise with hundreds of remote sites connected over a single WAN network that carries different types of traffic, including VoIP, video, and data applications which of following design considerations will not impact design decision?

Which two statements describe network automation and network orchestration? (Choose two.)

A business requirement is supplied to an architect from a car manufacturer stating their business model is changing to just-in-time manufacturing and a new network is required, the manufacturer does not produce all of the specific components m-house. which area should the architect focus on initially?

Refer to the exhibit.

This network is running OSPF as the routing protocol. The internal networks are being advertised in OSPF London and Rome are using the direct link to reach each other although the transfer rates are better via Barcelona Which OSPF design change allows OSPF to calculate the proper costs?

What is a web-based model in which a third-party provider hosts applications that are available to customers over the Internet?

Which design benefit of bridge assurance is true?

Company XYZ wants to deploy OSP

F.  

Which two foundational aspects of loT are still evolving and being worked on by the industry at large? (Choose two)

Which two protocols are used bv SDN controllers to communicate with switches and routers? (Choose two )

Which two characteristics apply to firewall transparent mode operations in a firewall solution design? (Choose two.)

A customer migrates from a traditional Layer 2 data center network into a new SDN-based spine-and-leaf VXLAN EVPN data center within the same location The networks are joined to enable host migration at Layer 2 What is the final migration step after hosts have physically migrated to have traffic flowing through the new network without changing any host configuration?

Which two points must network designers consider when designing a new network design or when evaluating an existing network design to help them understand the high-level design direction with regards to the security aspects? (Choose two)

A key to maintaining a highly available network is building in the appropriate redundancy to protect against failure. This redundancy is carefully balanced with the inherent complexity of redundant systems. Which design consideration is relevant for enterprise WAN use cases when it comes to resiliency?

What is a disadvantage of the traditional three-tier architecture model when east west traffic between different pods must go through the distribution and core layers?

Which three items do you recommend for control plane hardening of an infrastructure device? (Choose three.)

Which three Cisco products are used in conjunction with Red Hat to provide an NFVi solution? (Choose three.)

Which two statements about MLD snooping are true? (Choose two)

Which methodology is the leading lifecycle approach to network design and implementation?

Which solution component helps to achieve rapid migration to the cloud for SaaS and public cloud leveraging SD-WAN capabilities?

In search of a system capable of hosting, monitoring compiling. and testing code in an automated way, what can be recommended to the organization?

Which component of the SDN architecture automatically ensures that application traffic is routed according to policies established by network administrators?

A large enterprise customer has a single router that uses two active/active 10-Mbps internet links in one of its

offices. Each link currently handles approximately 7 Mbps of traffic, which is close to the full link capacity.

When a link fails, the failure leads to significantly degraded performance of all applications. Static routing is

used. The current ISP cannot deliver additional bandwidth capacity on the existing links. The customer needs

a network design that is resistant to failure, but does not increase CAPEX. Which solution should be proposed

to the customer?

The network designer needs to use GLOP IP address in order make them unique within their ASN, which

multicast address range will be considered?

An enterprise plans to evolve from a traditional WAN network to a software-defined WAN network. The existing devices have limited capability when it comes to virtualization. As the migration is carried out, enterprise applications and services must not experience any traffic impact. Which implementation plan can be used to accommodate this during the migration phase?

Which two data plane hardening techniques are true? (Choose two)

Refer to the exhibit A service provider has a requirement to use Ethernet OAM to detect end-to-end connectivity failures between SP-SW1 and SP- SW2 Which two ways to design this solution are true? (Choose two)

Organizations that embrace Zero Trust initiatives ranging from business policies to technology infrastructure can reap business and security benefits. Which two domains should be covered under Zero Trust initiatives? (Choose two)

What advantage of placing the IS-IS layer 2 flooding domain boundary at the core Layer in a three-layer hierarchical network is true?

Customer XYZ network consists of an MPLS core. IS-IS running as IGP a pair of BGP route reflectors for route propagation, and a few dozens of MPLS-TE tunnels for specific tactical traffic engineering requirements. The customer's engineering department has some questions about the use of the Overload Bit in the IS-IS networks and how it could be used to improve their current network design. Which two concepts about the Overload Bit are true? (Choose two.)

A network attacker exploits application flaws to compromise critical systems in the organization with these objectives:

• Obtain sensitive data and export the data out of the network.

• Compromise developer and administrator credentials to potentially

What is the next step after application discovery is completed in Zero Trust networkings

Refer to the exhibit.

Your company designed a network to allow server VLANs to span all access switches in a data center In the design, Layer 3 VLAN interfaces and HSRP are configured on the aggregation switches Which two features improve STP stability within the network design? (Choose two.)

Refer to the exhibit.

The network 10.10.0 .0/16 has been redistributed to OSPF processes and the best path to the destination from R1 has been chosen as R1-R2-R3 A failure occurred on the link between R2 and R3 and the path was changed to R1-R4-R5-R3 What happens when the link between R2 and R3 is restored'?

In the case of outsourced IT services, the RTO is defined within the SL

A.  

A network security team observes phishing attacks on a user machine from a remote location. The organization has a policy of saving confidential data on two different systems using different types of authentication. What is the next step to control such events after the security team verifies all users in Zero Trust modeling?

While designing a switched topology, in which two options is UplinkFast recommended? (Choose two )

Company XYZ was not satisfied with the reconvergence time OSPF is taking. BFD was implemented to try to reduce the reconvergence time, but the network is still experiencing delays when having to reconverge. Which technology will improve the design?

Drag and drop the FCAPS network management reference models from the left onto the correct definitions on the right.

Company XYZ wants to secure the data plane of their network. Which two technologies can be included in the security design? (Choose two)

An engineer is designing the QoS strategy for Company XYZ. Based on initial analysis, a lot of scavenger type of traffic is traversing the network's 20Mb Internet link toward the service provider. The new design must use a QoS technique that limits scavenger traffic to 2 Mbps, which helps avoid oversubscription of the link during times of congestion. Which QoS technique can be used to facilitate this requirement?

An IT service provider is upgrading network infrastructure to comply with PCI security standards. The network team finds that 802.1X and VPN authentication based on locally-significant certificates are not available on some legacy phones.

Which workaround solution meets the requirement?

Company XYZ wants to improve the security design of their network to include protection from reconnaissance and DoS attacks on their sub interfaces destined toward next hop routers. Which technology can be used to prevent these types of attacks?

Company XYZ is planning to deploy primary and secondary (disaster recovery) data center sites. Each of these sites will have redundant SAN fabrics and data protection is expected between the data center sites. The sites are 100 miles (160 km) apart and target RPO/RTO are 3 hrs and 24 hrs, respectively. Which two considerations must Company XYZ bear in mind when deploying replication in their scenario? (Choose two.)

VPLS is implemented in a Layer 2 network with 2000 VLANs. What is the primary concern to ensure successful deployment of VPLS?

Which architecture does not require an explicit multicast signaling protocol, such as PIM or P2MP, to signal the multicast state hop-by-hop, but instead uses a link state protocol to advertise the multicast forwarding state?

A service provider hires you to design its new managed CE offering to meet these requirements

• The CEs cannot run a routing protocol with the PE

• Provide the ability for equal or unequal ingress load balancing in dual-homed CE scenarios.

• Provide support for IPv6 customer routes

• Scale up to 250.000 CE devices per customer.

• Provide low operational management to scale customer growth.

• Utilize low-end (inexpensive) routing platforms for CE functionality.

Which tunneling technology do you recommend?

SDWAN networks capitalize the usage of broadband Internet links over traditional MPLS links to offer more cost benefits to enterprise customers. However, due to the insecure nature of the public Internet, it is mandatory to use encryption of traffic between any two SDWAN edge devices installed behind NAT gateways. Which overlay method can provide optimal transport over unreliable underlay networks that are behind NAT gateways?

The Layer 3 control plane is the intelligence over the network that steers traffic toward its intended destination. Which two techniques can be used in service provider-style networks to offer a more dynamic, flexible, controlled, and secure control plane design? (Choose two.)

Which effect of using ingress filtering to prevent spoofed addresses on a network design is true?

An international media provider is an early adopter of Docker and micro services and is using an open-source homegrown container orchestration system. A few years ago, they migrated from on-premises data centers to the cloud Now they are faced with challenges related to management of the deployed services with their current homegrown orchestration system.

Which platform is well-suited as a state-aware orchestration system?

You are using iSCSI to transfer files between a 10 Gigabit Ethernet storage system and a 1 Gigabit Ethernet server The performance is only approximately 700 Mbps and output drops are occurring on the server switch port. Which action will improve performance in a cost-effective manner?

The network designer needs to use GLOP IP addresses in order to make them unique within their ASN Which multicast address range should be used?

You are designing a network running both IPv4 and IPv6 to deploy QoS Which consideration is correct about the QoS for IPv4 and IPv6?

An engineer is designing a DMVPN network where OSPF has been chosen as the routing protocol A spoke-to-spoke 'J

A business invests in SDN and develops its own SDN controller that, due to budget constraints, runs on a single controller. The controller actively places an exclusive lock on the configuration of the devices to ensure it is the only source of changes to the environment. What is the result if the controller fails?

Which two statements describe the usage of the IS-IS overload bit technique? (Choose two )