CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 400-007

Free 400-007 Exam Braindumps (page: 34)

Page 33 of 74
PDF with 382 Questions

A customer has a functional requirement that states HR systems within a data center should be segmented from other systems that reside in the same data center and same VLAN. The systems run legacy applications by using hard-coded IP addresses with all HR systems dedicated to .129 to .254 of the 10.20.20.0/24 prefix. Which segmentation method is optimal for the customer?

  1. data center perimeter firewalling
  2. routed firewalls
  3. VACLs on data center switches
  4. ACLs on data center switches

Answer(s): C

Explanation:

VACLs (Virtual Access Control Lists) are a type of ACL that can be used to segment traffic within a data center. VACLs are configured on the switches in the data center, and they can be used to restrict traffic between different VLANs.

In this case, the customer has a requirement to segment HR systems from other systems in the same data center and VLAN. VACLs can be used to achieve this by creating a VACL that allows traffic between the HR systems and the rest of the network.

The other options are not as optimal for this scenario.

-Data center perimeter firewalling: Data center perimeter firewalling is used to protect the data center from external threats. It would not be effective for segmenting traffic within the data center.
-Routed firewalls: Routed firewalls are used to route traffic between different networks. They would not be effective for segmenting traffic within a single VLAN.
-ACLs on data center switches: ACLs are a type of firewall that can be used to restrict traffic on a network. However, they are not as granular as VACLs, and they can be more difficult to manage.





Refer to the exhibit. An architect must design an enterprise WAN that connects the headquarters with 22 branch offices. The number of remote sites is expected to triple in the next three years. The final solution must comply with these requirements:

•Only the loopback address of each of the enterprise CE X and Y routers must be advertised to the interconnecting service provider cloud network.
•The transport layer must carry the VPNv4 label and VPN payload over the MP-BGP control plane.
•The transport layer must not be under service provider control.

Which enterprise WAN transport virtualization technique meets the requirements?

  1. EIGRP Over the Top
  2. MPLS over BGP over multipoint GRE
  3. DMVPN per VRF
  4. point-to-point GRE per VRF

Answer(s): B



Router R1 is a BGP speaker with one peering neighbor over link "A". When the R1 link/interface "A" fails, routing announcements are terminated, which results in the tearing down of the state for all BGP routes at each end of the link. What is this a good example of?

  1. fault isolation
  2. resiliency
  3. redundancy
  4. fate sharing

Answer(s): A

Explanation:

Fault isolation is the ability to isolate a failure to a specific component or area of the network, so that the rest of the network can continue to function. In this case, the failure of link "A" has isolated the failure to Router R1, and the rest of the network is not affected.

The other options are not as accurate descriptions of this scenario.

-Resiliency: Resiliency is the ability of a network to withstand failures and continue to function. This is achieved through a combination of fault isolation, redundancy, and other techniques.
-Redundancy: Redundancy is the duplication of components or resources in a network, so that if one component fails, the other component can take over. This is a way to achieve resiliency.
-Fate sharing: Fate sharing is the concept that the failure of one component or resource will cause the failure of other components or resources. This is not the case in this scenario, as the failure of link "A" has not caused the failure of any other components or resources in the network.



An architect receives a functional requirement for a NAC system from a customer security policy stating that if a corporate Wi-Fi device does not meet current AV definitions, then it cannot access the corporate network until the definitions are updated. Which component should be built into the NAC design?

  1. posture assessment with remediation VLAN
  2. quarantine SGTs
  3. dACLs with SGTs
  4. quarantine VLAN

Answer(s): A






Post your Comments and Discuss Cisco® 400-007 exam with other Community members:

400-007 Exam Discussions & Posts