Cisco CCDE 400-007 Questions & Answers

• Question 131:

  You are designing a network running both IPv4 and IPv6 to deploy QoS.

  Which consideration is correct about the QoS for IPv4 and IPv6?

  A. IPv4 and IPv6 traffic types can use use queuing mechanisms such as LLQ, PQ and CQ.

  B. IPv6 packet classification is only available with process switching, whereas IPv4 packet classification is available with both process switching and CEF.

  C. IPv6 and IB/4 traffic types can use a single QoS policy to match both protocols

  D. Different congestion management mechanisms need to be used for IPv4 and IPv6 traffic types

  Correct Answer: C

• Question 132:

  Which two control plane policer designs must be considered to achieve high availability? (Choose two.)

  A. Control plane policers are enforced in hardware to protect the software path, but they are hardware platform dependent in terms of classification ability.

  B. Control plane policers are really needed only on externally facing devices.

  C. Control plane policers can cause the network management systems to create false alarms.

  D. Control plane policers must be processed before a forwarding decision is made.

  E. Control plane policers require that adequate protocols overhead are factored in to allow protocol convergence.

  Correct Answer: AD

  When a packet arrives at a Cisco device, it is first checked against the CoPP policies to determine whether it should be allowed to reach the control plane. If the packet is not permitted by the CoPP policies, it is either dropped or forwarded to a different location, depending on the configuration.

  After the packet has passed through the CoPP policies, the device makes a forwarding decision based on the routing table and other forwarding information. This decision determines where the packet should be sent next.

  By applying CoPP before the forwarding decision is made, Cisco devices can help prevent DoS attacks and other security threats that target the control plane of the device. CoPP is an important security feature for protecting the control plane and ensuring the stability and reliability of the network.

• Question 133:

  The Layer 3 control plane is the intelligence over the network that steers traffic toward its intended destination. Which two techniques can be used in service provider-style networks to offer a more dynamic, flexible, controlled, and secure control plane design? (Choose two.)

  A. access control lists

  B. firewalls

  C. QoS policy propagation with BGP

  D. remote black-holing trigger

  E. prefix lists

  Correct Answer: DE

• Question 134:

  Which BGP feature provides fast convergence?

  A. BGP PIC

  B. BGP-EVPN

  C. BGP FlowSpec

  D. BGP-LS

  Correct Answer: A

  Reference:

  https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/asr903/17-1-1/b-irg-xe-17-1-asr903/b-irg-xe-17-1- asr903_chapter_01.pdf

• Question 135:

  Which two features control multicast traffic in a VLAN environment? (Choose two)

  A. IGMP snooping

  B. MLD snooping

  C. RGMP

  D. PIM snooping

  E. pruning

  Correct Answer: AB

• Question 136:

  What advantage of placing the IS-IS layer 2 flooding domain boundary at the core Layer in a three-layer hierarchical network is true?

  A. The Layer 1 and Layer 2 domains can easily overlap

  B. It reduces the complexity of the Layer 1 domains

  C. It can be applied to any kind of topology

  D. The Layer 2 domain is contained and more stable

  Correct Answer: D

• Question 137:

  Company ABC wants to minimize the risk of users plugging unauthorized switches and hubs into the network. Which two features can be used on the LAN access ports to support this design requirement? (Choose two.)

  A. Loop Guard

  B. PortFast

  C. DTF

  D. Root Guard

  E. BPDU Guard

  Correct Answer: BE

• Question 138:

  You have been asked to design a remote access VPN solution to support up to 2000 devices. You must ensure that only corporate assets are allowed to connect to the VPN, and users must authenticate to gain access of their based on their user role. Users must use a password that they are already using to access existing applications . A user may not always use the same device to access the VPN. Which two options combined meet the requirements? (Choose two)

  A. Use local usernames and passwords on the VPN device

  B. Deploy a central authentication directory that users can be authenticated and authorized against

  C. Deploy certificates that are unique to each user

  D. Deploy an IPsec VPN solution

  E. Deploy certificates that are unique to each device

  F. Deploy a SSL VPN solution

  Correct Answer: BF

• Question 139:

  Which design solution reduces the amount of IGMP state in the network?

  A. IGMP filtering

  B. IGMPv3 with PIM-SSM

  C. multiple multicast domains

  D. one multicast group address thorough network regardless of IGMP version

  Correct Answer: B

  An IGMPv3 Report message can carry multiple groups, whereas an IGMPv1 or IGMPv2 Report message can carry only one group. IGMPv3 greatly reduces the number of messages transmitted on a network.

• Question 140:

  Which three elements help network designers to construct secure systems that protect information and resources (such as devices, communication, and data) from unauthorized access, modification, inspection, or destruction? (Choose three.)

  A. confidential

  B. serviceability

  C. reliability

  D. availability

  E. integrity

  F. scalability

  Correct Answer: ADE