Cisco CCDE 400-007 Questions & Answers

• Question 51:

  Refer to the exhibit.

  

  Company XYZ is currently running IPv4 but has decided to start the transition into IPv6. The initial objective is to allow communication based on IPv6 wherever possible, and there should still be support in place for devices that only support IPv4. These devices must be able to communicate to IPv6 devices as well. Which solution must be part of the design?

  A. address family translation

  B. dual stack

  C. host-to-host tunneling

  D. 6rd tunneling

  Correct Answer: A

  Dual stack should be fine for this: The initial objective is to allow communication based on IPv6 wherever possible and there should still be support in place for devices that only support IPv4. IPv4 <=> IPv6 need NAT: These devices must be able to communicate to IPv6 devices as well.

• Question 52:

  An international media provider is an early adopter of Docker and micro services and is using an open-source homegrown container orchestration system. A few years ago, they migrated from on-premises data centers to the cloud Now they are faced with challenges related to management of the deployed services with their current homegrown orchestration system.

  Which platform is well-suited as a state-aware orchestration system?

  A. Puppet

  B. Kubemetes

  C. Ansible

  D. Terraform

  Correct Answer: B

• Question 53:

  An IT service provider is upgrading network infrastructure to comply with PCI security standards. The network team finds that 802.1X and VPN authentication based on locally- significant certificates are not available on some legacy phones.

  Which workaround solution meets the requirement?

  A. Replace legacy phones with new phones because the legacy phones will lose trust if the certificate is renewed.

  B. Enable phone VPN authentication based on end-user username and password.

  C. Temporarily allow fallback to TLS 1.0 when using certificates and then upgrade the software on legacy phones.

  D. Use authentication-based clear text password with no EAP-MD5 on the legacy phones.

  Correct Answer: B

• Question 54:

  A business customer deploys workloads in the public cloud. Now the customer network faces governance issues with the flow of IT traffic and must ensure the security of data and intellectual property. Which action helps to identify the issue for further resolution?

  A. Set up a secure tunnel from customer routers to ensure that traffic is protected as it travels to the cloud service providers.

  B. Send IPFIX telemetry data from customer routers to a centralized collector to identify traffic to cloud service providers

  C. Build a zone-based firewall policy on Internet edge firewalls that collects statistics on traffic sent to cloud service providers

  D. Apply workload policies that dictate the security requirements to the workloads that are placed in the cloud.

  Correct Answer: B

• Question 55:

  A network security team observes phishing attacks on a user machine from a remote location. The organization has a policy of saving confidential data on two different systems using different types of authentication. What is the next step to control such events after the security team verifies all users in Zero Trust modeling?

  A. Enforce risk-based and adaptive access policies.

  B. Assess real-time security health of devices.

  C. Apply a context-based network access control policy for users.

  D. Ensure trustworthiness of devices.

  Correct Answer: A

  By enforcing risk-based and adaptive access policies, the organization can ensure that users are granted access to only the resources they need based on their roles and responsibilities, and the context of their access request. This can help prevent unauthorized access to confidential data, even if a user's credentials have been compromised.

• Question 56:

  What are two key design principles when using a hierarchical core-distribution-access network model? (Choose two )

  A. A hierarchical network design model aids fault isolation

  B. The core layer is designed first, followed by the distribution layer and then the access layer

  C. The core layer provides server access in a small campus.

  D. A hierarchical network design facilitates changes

  E. The core layer controls access to resources for security

  Correct Answer: AD

• Question 57:

  Which mechanism provides Layer 2 fault isolation between data centers?

  A. fabric path

  B. OTL

  C. advanced VPLS

  D. LISP

  E. TRILL

  Correct Answer: D

• Question 58:

  SDN emerged as a technology trend that attracted many industries to move from traditional networks to SDN. Which challenge is solved by SDN for cloud service providers?

  A. need for intelligent traffic monitoring

  B. exponential growth of resource-intensive application

  C. complex and distributed management flow

  D. higher operating expense and capital expenditure

  Correct Answer: B

  https://www.ciena.com/insights/what-is/What-Is-SDN.html#:~:text=By%20opening%20up%20traditionally%20closed%20network%20platforms%20and,may%20be%20made%20up%20of%20complex%20technology%20parts.

  By opening up traditionally closed network platforms and implementing a common SDN control layer, operators can manage the entire network and its devices consistently, regardless of the complexity of the underlying network technology.

• Question 59:

  Which three Cisco products are used in conjunction with Red Hat to provide an NFVi solution? (Choose three.)

  A. Cisco Prime Service Catalog

  B. Cisco Open Virtual Switch

  C. Cisco Nexus switches

  D. Cisco UCS

  E. Cisco Open Container Platform

  F. Cisco Virtual Network Function

  Correct Answer: CDF

• Question 60:

  Which three items do you recommend for control plane hardening of an infrastructure device? (Choose three.)

  A. redundant AAA servers

  B. Control Plane Policing

  C. warning banners

  D. to enable unused .services

  E. SNMPv3

  F. routing protocol authentication

  Correct Answer: BEF