400-007 Exam Questions Tutorials

VDI (Virtual Desktop Infrastructure) solutions are latency-sensitive and require:

Low-latency WAN connectivity

Sufficient and predictable bandwidth

Real-time response to user input and video rendering

The primary success factor for VDI is the performance and responsiveness of the remote session, which relies heavily on network characteristics. WAN resizing may also be needed to meet increased load from centralized sessions.

QoS prioritization (Option B) helps but is not sufficient if latency is too high. Placing VDI servers in branch VLANs or DMZs conflicts with the stated goal of centralization.

This aligns with CCDE principles on performance-driven design and service centralization strategies.

In IPv6, routers advertise prefixes via Router Advertisement (RA) messages. An attacker could inject rogue RAs to manipulate the IPv6 configuration of endpoints.

Router Advertisement Guard (RA Guard) blocks unauthorized RA messages from being received on access ports, preventing endpoints from receiving incorrect IPv6 prefixes from malicious or misconfigured devices.

This security feature is crucial when devices have IPv6 enabled but the network is IPv4-only.

Other options explained:

A: Source Guard and Prefix Guard enforce valid address and prefix assignment but do not prevent RA spoofing directly.

C: Prefix Guard focuses on controlling prefixes being assigned, not blocking RA messages.

D: Secure Neighbor Discovery (SEND) provides cryptographic protection but is rarely deployed due to complexity.

When Bidirectional Forwarding Detection (BFD) is not available, OSPF can still achieve subsecond convergence using the OSPF fast hello feature.

Fast hello allows the configuration of OSPF hello/dead intervals to subsecond values (e.g., hello = 100ms, dead = 300ms).

This accelerates OSPF’s ability to detect neighbor failures based on missed hello packets without relying on external mechanisms like BFD.

Why other options are incorrect:

A. STP (Spanning Tree Protocol) is unrelated to OSPF and is used at Layer 2.

C. LFA (Loop-Free Alternate) is a fast reroute technique but does not affect neighbor failure detection.

D. DPD (Dead Peer Detection) is used in VPN technologies (e.g., IPsec) and not applicable in OSPF.

Fast hello is fully aligned with CCDE v3.1 under “Protocol Design Implications” and is a commonly recommended method for improving IGP convergence performance when BFD is not an option.

==========

Bidirectional Forwarding Detection (BFD) provides fast failure detection independent of routing protocols. It can be integrated with multiple protocols to accelerate convergence:

A: IS-IS supports BFD for fast hello processing.

B: BFD can track static routes via routing tracking features.

D: EIGRP supports BFD for link failure detection.

E: BGP supports BFD for rapid session teardown.

Why option C is incorrect:

C: RIP does not natively support BFD integration.

—