Which three items do you recommend for control plane hardening of an infrastructure device? (Choose three.)
Answer(s): A,C,F
A: SNMPv3: SNMPv3 is the latest version of the Simple Network Management Protocol (SNMP) and provides secure authentication and encryption for monitoring and managing network devices. It is recommended to use SNMPv3 for control plane security.C: Routing protocol authentication: Implementing authentication mechanisms, such as MD5 or SHA, for routing protocols helps ensure that only trusted devices can participate in the routing process. This helps prevent unauthorized devices from injecting false or malicious routing information.F: Control Plane Policing (CoPP): CoPP is a mechanism that allows you to control and prioritize traffic destined for the control plane of a network device. By applying policies to limit the rate and types of traffic allowed to reach the control plane, CoPP helps protect the control plane from resource exhaustion and denial-of-service (DoS) attacks.
https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html#anc54
What is a characteristic of a secure cloud architecture model?
Answer(s): D
Software-defined network segmentation (SDNS) is a technique that can be used to segment a cloud environment into smaller, more isolated networks. This can help to improve security by reducing the attack surface and by making it more difficult for attackers to move laterally within the cloud environment.The other options are also important for securing a cloud architecture, but they are not as specific to SDNS. Multi-factor authentication (MFA) is a security measure that requires users to provide two or more pieces of identification to gain access to a system. Limited access to job function is a security measure that restricts users' access to only the resources that they need to do their jobs. Dedicated and restricted workstations are workstations that are physically isolated from other workstations and that have limited access to the network.
https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/scloud-aws-design-guide.pdf page 9
DRAG DROP (Drag and Drop is not supported)Drag and drop the design characteristics from the left onto the correct network filter techniques on the right. Not all options are used.
Answer(s): A
Which two data plane hardening techniques are true? (Choose two.)
Answer(s): B,G
B: Infrastructure ACLs: Infrastructure Access Control Lists (ACLs) are used to filter and control traffic at the network infrastructure level. By implementing ACLs, organizations can define and enforce granular access control policies for incoming and outgoing traffic, thereby protecting the data plane from unauthorized or malicious traffic.G: Disable unused services: Disabling unused services helps reduce the attack surface of the network and minimizes potential vulnerabilities. By disabling unnecessary services, organizations can prevent unauthorized access and potential exploitation of unused or unnecessary functionalities.
Post your Comments and Discuss Cisco® 400-007 exam with other Community members:
RLCCIRCUIT Commented on January 31, 2025 I passed the exam with 848 on 12th July. This dump covers most of the questions, I only met 4 new ones. Thanks very much. I will get other exam dumps here. UNITED STATES
Mohammed Commented on November 28, 2024 Its mention 330 question but the pdf has only 280 questions please update Anonymous
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the 400-007 content, but please register or login to continue.