Category: CCDE

High quality Cisco CCDE 352-001 Practice Exam Questions: 352-001 CCDE

Certadept share 50 High quality Cisco CCDE 352-001 exam questions and answers increase your pass rate, 352-001 PDF online Download, first attempt to pass the 352-001 exam: (Q&As:640)

[PDF] Free Cisco CCDE 352-001 pdf dumps download from Google Drive:

[PDF] Free Full Cisco pdf dumps download from Google Drive:

352-001 CCDE – Cisco:

Latest effective Cisco CCDE 352-001 Exam Practice Tests

A multinational enterprise company has many branches in the Americas, Europe, and Asia Pacific with
headquarters in London. Branch offices use Ethernet (bandwidth range from 1 Mb/s to 10 Mb/s) as access
technology to connect to the headquarters and the regional hubs. The company is currently implementing
VolP and QoS in all their locations, and they are worried about jitter between their branches and the
headquarters. Which option reduces the effect of jitter?
A. buffering at endpoints
B. Call Admission Control
C. increase the bandwidth of the links
Correct Answer: A


Which option described a difference between Ansible and Puppet?
A. Ansible is client-server based and puppet is not
B. Ansible requires an agent and puppet does not
C. Ansible is python and puppet is ruby based
D. Ansible automates repetetive tasks and puppet allow you to run plain ssh commands
Correct Answer: A


In a Cisco ACI environment, which option best describes “contracts”?
A. a set of interaction rules between endpoint groups
B. a Layer 3 forwarding domain
C. to determine endpoint group membership status
D. named groups of related endpoints
Correct Answer: C


You are designing a network solution to connect a primary data center to a disaster recovery site. The
applications hosted on the site will be mainly web and email servers that are provided through a virtualized
environment. A third data center facility may also be added in the next sixth months. for this Which
connectivity type is appropriate design?
A. point-to-point GRE tunnels
B. L2TPv3
Correct Answer: A


Which workflow-based software solution provides automation and orchestration processes for compute,
network, and storage with support for these features? single-pane infrastructure management, support for
multiple hypervisors, storage provisioning with EMC and NetApp, abstraction of hardware and software
elements into more than 1000 programmable workflows, self-provisioning of virtual machines using
A. OpenStack
B. AnsibleC. Cisco Intelligent Automation for Cloud
D. Cisco UCS Director
Correct Answer: D


A company wants to prioritize voice traffic at their network edge and ensure that it has reserved some
minimum bandwidth and treated with priority in the core. QoS is not currently implemented in the core, but
MPLS with RSVP as the signaling protocol is already enabled. Which three actions do you recommend to
optimize the voice traffic in the core with minimal changes? (Choose 3)
A. Configure PHB queueing policies on every core node based on the DSCP value.
B. Create GRE tunnels through the core and configure PBR to forward the voice traffic into those tunnels.
C. Create RSVP tunnels through the core, reserving a minimum bandwidth for voice traffic.
D. Perform class-based tunnel selection to forward voice packets through MPLS tunnels in the core based
on DSCP value.
E. Enable LDP throughout the core and configure PHB queueing policies based on the MPLS EXP field.
F. Mark the voice traffic at the network edge with a specific DSCP value.
Correct Answer: CDF


Which two functions are performed at the core layer of the three-layer hierarchical network design model?
(Choose 2)
A. QoS classification and marking boundary
B. fast transport
C. reliability
D. fault isolation
E. load balancing
Correct Answer: BC


You are assisting in convergence optimization for an MPLS network. Which option should you recommend
to prevent microloops in the core backbone of the service provider?
D. prefix suppression
Correct Answer: C


As the new network designer for a manufacturing company, you are designing this resilient Ethernet ring
for the plant Ethernet network that is connected to the core, which does not use STP. Both edge ports are
on the same switch in a ring segment. There is connectivity between the edge ports throughout the
segment, so you can create a redundant connection between any two switches in the ring. Which three
options are characteristics of this design? (Choose 3)
A. If a link fails, then the alternate ports quickly unblock. When the failed link comes back up, a logically
blocked port per VLAN is selected with minimal disruption to the network.
B. If all ports in the segment are operational, then two ports are in the blocked state for each VLAN.
C. If VLAN load balancing is configured, then one port in the segment controls the blocked state of
D. If all ports in the segment are operational, then one port is in the blocked state for each VLAN.
E. If one or more ports in a segment are not operational, thereby causing a link failure, then all portsforward traffic on all VLANs to ensure connectivity.
F. If a link fails, then the alternate ports quickly unblock. When the failed link comes back up, a physically
blocked port per VLAN is selected with minimal disruption to the network.
Correct Answer: ADE


Which are two general SDN characteristics? (Choose 2)
A. OVSDB is an application database management protocol.
B. Northbound interfaces are open interfaces used between the control plane and the data plane.
C. OpenFlow is considered one of the first Northbound APIs used by SDN controllers.
D. Southbound interface are interfaces used between the control plane and the data plane.
E. The separation of the control plane from the data plane.
Correct Answer: DE


Which two benefits can be obtained by protecting the control plane of a network device? (Choose two.)
A. Maintains remote management access to the router
B. Preserves the confidentiality of traffic encrypted by IPsec
C. Prevents the delivery of packets from spoof sources
D. Maintains routing protocol adjacencies with local neighbors
Correct Answer: AD


The service provider that you work for wants to offer IPv6 internet service to its customers without
upgrading all of its access equipment to support IPv6. Which transition technology do you recommend?
B. NAT64
C. dual-stack CPE
D. 6RD
Correct Answer: B


How should you compensate for jitter on an IP network so it carries real-time VolP traffic with acceptable
voice transmission quality?
A. Set up VAD to replace gaps on speech with comfort noise.
B. Set up a playout buffer to play back the voice stream.
C. Deploy RSVP for dynamic VolP packet classification.
D. Change CODEC from G.729 to G.711.
Correct Answer: B


Which three of the following security controls would you take into consideration when implementing IoT
A. Layered security approach
B. Place security above functionality
C. Define lifecycle controls for IoT devices
D. Privacy impact AssessmentE. Change passwords every 90 days
F. Implement intrusion detection systems on IoT Devices
Correct Answer: ACD


You must design this network for IP Fast Reroute by enabling the OSPF Loop-Free Alternates feature (not
Remote Loop-Free Alternates). Which two options are concerns about the proposed solution? (Choose 2)
A. OSPF Loop-Free Alternates is not supported on ring topologies.
B. OSPF Loop-Free Alternates on ring topologies are prone to routing loops.
C. Fast Reroute requires MPLS TE.
D. The solution is prone to microloops in case of congestion
E. OSPF Loop-Free Alternates is transport dependent.
Correct Answer: AD


You are asked to design an RSVP-TE LSP protection solution for a large service provider network. Which
traffic protection mechanism is highly scalable and ensures that multiple LSPs always terminate at the
same merge point?
A. detour LSPs
B. 1:1 protection
C. 1:N protection
D. shared-explicit reservation style
Correct Answer: C


In Layer 2 access campus design, which mechanism should be enabled on access ports to protect the
campus network from undesired access switches and looped ports?
A. root guard
B. EtherChannel guard
C. BPDU guard
D. loop guard
Correct Answer: C


Which option describes a design benefit of root guard?
A. It makes the port go immediately into the forwarding state after being connected.
B. It does not generate a spanning-tree topology change upon connecting and disconnecting a station on
a port.
C. It allows small, unmanaged switches to be plugged into ports of access switches without the risk of
switch loops.
D. It prevents switch loops by detecting one-way communications on the physical port.
E. It prevents switch loops caused by unidirectional point-to-point link condition on Rapid PVST+ and
F. It prevents switched traffic from traversing suboptimal paths on the network.
Correct Answer: F


A network is designed to use OSPF to reach eBGP peers. Which condition should be avoided so that the
eBGP peers do not flap continuously in case of link failure?A. Advertise via a non-backbone OSPF area IP addresses used on eBGP peer statements.
B. Advertise via eBGP IP addresses used on eBGP peer statements.
C. Disable BGP synchronization.
D. Use an ACL to block BGP in one direction.
Correct Answer: B


Which two IEEE standards are commonly used at the data link layer for an access network, in an loT
environment? (Choose 2)
A. 802.11
B. 802.16
C. 802.15.4
D. 1901.2 NB-PLC
E. 802.22
Correct Answer: AC


Which two steps can be taken by the sinkhole technique? (Choose two.)
A. Delay an attack from reaching its target
B. Redirect an attack away from its target
C. Monitor attack noise, scans, and other activity
D. Reverse the direction of an attack
Correct Answer: BC


What is a correct design consideration of IPv6 MLD snooping?
A. MLD snooping requires IGMP snooping to be implemented.
B. MLD snooping conserves CPU by sharing IPv4 and IPv6 multicast topology.
C. MLD snooping is used to filter all MLD queries.
D. MLD snooping conserves bandwidth on switches.
Correct Answer: D


The Middle East-based cloud service provider, CSP, is planning to launch five data centers in Egypt,
United Arab Emirates, Saudi Arabia, Qatar, and Turkey. CSP is looking for VLAN extension and DCIs
between these five data centers to allow for software replication, where original and backup VMs must be
on the same subnet. Which tunneling technology must they use?
B. L2TPv3
C. IPsec VPN
Correct Answer: D


A service provider wants to use a controller to automate the provisioning of service function chaining.
Which two overlay technologies can be used with EVPN MP-BGP to create the service chains in the data
center? (Choose 2)A. MPLS L2VPN
B. 802.1Q
E. Provider Backbone Bridging EVPN
Correct Answer: DE


In secure IP multicast, which protocol handles group key management?
A. IPsec
C. MD5
D. SHA-256
Correct Answer: B


What is a characteristic of DMVPN as related to IP multicast?
A. The RP should be placed either in the core network or on the DMVPN headend.
B. When the multicast source is at a spoke, the data flows directly towards the spokes that want to
receive the traffic.
C. Multicast on DMVPN is similar in behavior to the broadcast multi-access network.
D. The RP is typically placed at the spoke router.
Correct Answer: A


Your company requires two diverse multihop eBGP peerings to a partner network. Which two methods
should you use to improve lost peer detection? (Choose 2)
A. Use Fast Peering Session Deactivation for the peers.
B. Use sub-second keepalives for the peers.
C. Use sub-second hold timers for the peers.
D. Use sub-second minimum route advertisement Interval timers for the peers.
E. Use Selective Address Tracking and match the peers.
Correct Answer: AE


Which two Layer 2 features should be applied to the network location identified by a circle? (Choose two)
B. PortFast
C. PortFast trunk
D. BPDU filter
E. loop guard
F. BPDU guard
Correct Answer: BF


When data center 2 has a spanning-tree convergence event, data center 1 also sees high CPU utilization
on its switches. Which mechanism can reduce high CPU issue in this situation?A. Enable BPDU guard between switches A and D.
B. Enable BPDU filter between the routers B and C.
C. Enable BPDU filter between the switches A and D.
D. Enable BPDU guard between routers B and C.
Correct Answer: C


When designing a network that consists of multiple IPv6 multicast servers on a Layer 2 VLAN, which
option should you consider regarding IPv6 multicast traffic forwarding?
A. The RP IP address is embedded in IPv6 multicast address.
B. IPv6 multicast addresses are assigned based on network prefix.
C. IPv6 multicast addresses are assigned by IANA.
D. IPv6 multicast flooding optimization requires Layer 2 switches support of MLD snooping.
Correct Answer: D


You are designing a network virtualization solution across an enterprise campus. The design requirements
include the ability to virtualize the data plane and control plane using VLANs and VRFs while maintaining
end-to-end logical path transport separation across the network, with access to grouped resources
available at the access edge. Your network virtualization design can be categorized as which three primary
models? (Choose 3)
A. group virtualization
B. services virtualization
C. edge isolation
D. session isolation
E. path isolation
F. device virtualization
Correct Answer: BEF


Which openstack component implements role-based access control?
A. Horizon
B. Nova
C. Neutron
D. Keystone
Correct Answer: A


You are designing an OSPF network with multiple areas of for a large client. Due to the size of the routing
domain, all areas except the backbone area are configured as stub areas. A new requirement is to connect
a WAN link to a partner organization with a static route to one of the stub areas, area 100. What should
you do to redesign area 100, if anything, in order to support this WAN link while minimizing the size of the
link state database?
A. Convert area 100 into an NSSA.
B. Redistribute the static route as OSPF type E1.
C. Convert area 100 into a normal area.
D. No configuration changes to area 100 are needed.
Correct Answer: A


Which statement describes the main difference between the Layer 2 loop-free inverted U design and the
Layer 2 loop-free U design?
A. A loop-free U design has all uplinks active, but a loop-free inverted U design does not.
B. A loop-free inverted U design has all uplinks active, but a loop-free U design does not.
C. A loop-free U design extends VLANs between access switches, but a loop-free inverted U design does
D. A loop-free U design extends VLANs between distribution switches, but a loop-free inverted U design
does not.
Correct Answer: C


Which statement about DHCPv6 Guard features design is true?
A. A certificate must be installed on the DHCPv6 server and relay agent.
B. DHCPv6 client requests can be rate-limited to protect the control plane.
C. Rogue DHCPv6 servers cannot assign IPv6 addresses to clients.
D. DHCPv6 client requests can be filtered to protect the data plane.
Correct Answer: C


You are the consultant network designer for a large GET VPN deployment for a large bank with national
coverage. Between 1800 and 2000 remote locations connect to the central location through four hubs
using an MPLS backbone and using two key servers. The bank is concerned with security and replay
attacks. Which two actions should you use to tune GET VPN to meet the bank requirements? (Choose 2)
A. Replace unicast rekey with multicast rekey.
B. Increase the cryptographic key size.
C. Reduce the SAR clock interval duration.
D. Reduce the Dead Peer Detection periodic timer.
E. Increase the TEK and KEK lifetime.
Correct Answer: BC


Which two disadvantages are of using proxy servers as compared to stateful firewalls? (Choose two)
A. Proxy servers expose the source addresses of traffic flows.
B. Proxy servers must be explicitly set to support new applications and protocols.
C. Proxy servers typically perform more slowly.
D. Proxy servers use network address translation as their primary security mechanism.
Correct Answer: BC


A mobile service provider wants to design and deploy an Ethernet service with similar physical link failover/
failback characteristics on the active/backup links as APS/MSP SONET. Which Layer 2 service addresses
this design requirement?
A. Ethernet Pseudowires
B. FlexLink
D. Port-Channel
Correct Answer: B


You are developing the routing design for two merging companies that have overlapping IP address
space. What must you consider when developing the routing and NAT design?
A. Global to local NAT translation is done before routing.
B. Local to global NAT translation is done after routing.
C. Global to local NAT translation is done after policy-based routing.
D. Local to global NAT translation is done before policy-based routing.
Correct Answer: D


Which two components are the responsibility of the customers in a Platform as a Service offering?
(Choose 2)
A. data
C. hardware
D. applications
E. infrastructure connectivity
Correct Answer: AD


You are designing a FabricPath network that connects to a spine-and-leaf topology using layer 2 IS-IS as
the IGP. The solution should be able to detect changes in the network topology and calculate loop-free
paths to other nodes in the network that are being used as top-of-rack switches. Which four options are
characteristics of this FabricPath design solution? (Choose 4)
A. The FabricPath domain should be replaced because it does not run STP.
B. The switch operating system uses multiple equal-cost, parallel links that provide ECMP.
C. To use the basic FabricPath functionality, you must configure IS-IS on every interface between the
leaf-and-spine switches.
D. FabricPath Layer 2 IS-IS uses the standard IS-IS functionality to populate up to 16 routes for a given
destination switch.
E. This path is used for forwarding unicast Fabricpath frames.
F. Each switch computes its shortest path to every other switch in the network using the SPF algorithm.
G. The interfaces in a FabricPath network run only the FabricPath Layer 2 IS-IS protocol with FTags
Correct Answer: BDEF


Which is a requirement for performing attack detection by use of anomaly detection technologies?
A. Baseline data
B. Packet captures
C. Syslog data
D. Exploit signatures
Correct Answer: A


Which load balancing option for iP-only traffic is the least efficient in terms of Layer 2 EtherChnnel physical
links utilization?
A. on a per port number basisB. on a per destination MAC address basis
C. on a per destination IP address basis
D. on a per source IP address basis
Correct Answer: B


Which option forces traffic to take an explicit route across a backbone network?
A. IGP cost
B. TE metric
C. TE affinity
D. multiple IGPs
Correct Answer: B


Which two are loT sensor-specific constraints? (Choose 2)
A. the amount of devices
B. processing power
C. memory
D. cooling
E. standard transport protocols
Correct Answer: BC


Company ABC is using an Ethernet virtual circuit as its provider’s DCI solution. A goal is to reduce the time
to detect the link failure. Which protocol accomplishes this goal?
A. link aggregation group
B. Ethernet OAM
D. spanning-tree bridge assurance
Correct Answer: B


A company decided to replace IEEE 802.1s on the campus and you must propose a Layer 2 open
standard technology that is highly scalable, ensures a resilient loop-free switched domain, and allows for
utilizing all links in the Layer 2 domain.
Which Layer 2 technology meets these requirements?
D. FabricPath
Correct Answer: A


You are designing a WAN network solution with EIGRP based on VPLS. The interface speed is 10 Mb/s,
but the access rate of the WAN connection is 256 Kb/s. What should you include in the network design, in
order to avoid potential issues with EIGRP?A. Tag outbound EIGRP traffic and have the WAN provider add it to the priority queue.
B. Set the interface bandwidth to match the access rate.
C. Limit traffic to the access rate with interface traffic shaping.
D. Limit EIGRP traffic to the access rate with a policer.
Correct Answer: B


You are reviewing the Layer 2 VPN service offering of a service provider. A top priority is meeting SLAs for
its customers. Which OAM standard should you recommend to monitor customer VPLS connectivity?
A. OAM for MPLS Networks
B. Connectivity Fault Management
C. Ethernet in the First Mile
D. Ethernet Local Management Interface
Correct Answer: A


A hosted service provider is designing an IPS solution to protect its DMZ segment. The goal is to detect
and prevent anomalous activities and, at the same time, give the security operations team visibility into any
attempted attacks against the organization. Which IPS solution should you deploy in the Internet perimeter
to accomplish this goal?
A. Deploy IPS as inline mode between the firewall and the servers
B. Deploy IPS as promiscuous mode between the firewall and the servers
C. Deploy IPS as inline mode between the firewall and the internet gateway
D. Deploy IPS as promiscuous mode between the firewall and the internet gateway
Correct Answer: A

We offer more ways to make it easier for everyone to learn, and YouTube is the best tool in the video.
Follow channels: get more useful exam content.

Latest Cisco CCDE 352-001 YouTube videos:

50 Cisco CCDE 352-001 Exam Practice tests boost your skills and get more
Cisco 352-001 Exam dump options: (q&as:640)

[PDF] Free Cisco CCDE 352-001 pdf dumps download from Google Drive:

[PDF] Free Full Cisco pdf dumps download from Google Drive:

Pass4itsure Promo Code 15% Off

Pass4itsure 352-001 coupon