CertsTopics Logo

Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Cisco CCDE 400-007 New Questions

Page: 9 / 30
Total 396 questions
Get 400-007 Full Access Download 400-007 PDF

Cisco Certified Design Expert (CCDE v3.1) Questions and Answers

Question 33

A private cloud is accessed over the private IT network infrastructure that is potentially vulnerable to violations, data leaks, and man-in- the-middle attacks. The security team is evaluating the following solutions to address the challenges:

•Encrypt data at rest and in transition.

•Use strong identity and access management (IAM) capabilities.

•Communicate the inherent data security risks to your customers and end-users.

Assuming that adoption of a hybrid cloud model is likely to occur within the next 12 months, which two solutions can also help provide protection in a hybrid cloud environment? (Choose two.)

Options:

A.

Avoid automating the scanning and remediation of security controls using open-source tooling

B.

Practice SSH network protocols for data communication between unsecured network connections

C.

Implement a common protective methodology for the same information at rest or motion at different points of time

D.

Provide distributed management and visibility across the infrastructure instead of centralized management

E.

Apply cryptographic protocols to secure data transmission over the network

Question 34

Which function is performed at the access layer of the three-layer hierarchical network design model?

Options:

A.

fault isolation

B.

QoS classification and marking boundary

C.

reliability -

D.

fast transport

E.

redundancy and load balancing

Question 35

Which three characteristics of the Single Tier and the Dual Tier Headend Architectures for DMVPN designs are true? (Choose three.)

Options:

A.

A Dual Tier Headend Architecture is required when using dual cloud topologies with spoke-to-spoke connectivity

B.

In a Single Tier Headend Architecture there is a single headend router per DMVPN cloud topology

C.

A Single Tier Headend Architecture is required when using dual cloud topologies with spoke-to-spoke connectivity

D.

In a Dual Tier Headend Architecture, there are two different headend routers per DMVPN cloud for high availability purposes

E.

In a Single Tier Headend Architecture, the GRE tunnel endpoint and encryption endpoint functionalities are on the same router

F.

In a Dual Tier Headend Architecture, the GRE tunnel endpoint and encryption endpoint functionalities are on different routers

Question 36

You were tasked to enhance the security of a network with these characteristics:

• A pool of servers is accessed by numerous data centers and remote sites

• The servers are accessed via a cluster of firewalls

• The firewalls are configured properly and are not dropping traffic

• The firewalls occasionally cause asymmetric routing of traffic within the server data center.

Which technology should you recommend to enhance security by limiting traffic that could originate from a hacker compromising a workstation and redirecting flows at the servers?

Options:

A.

Poison certain subnets by adding static routes to Null0 on the core switches connected to the pool of servers.

B.

Deploy uRPF strict mode.

C.

Limit sources of traffic that exit the server-facing interface of the firewall cluster with ACLs.

D.

Deploy uRPF loose mode

Page: 9 / 30
Total 396 questions
Get 400-007 Full Access Download 400-007 PDF