352-001 Exam - CCDE Written Exam

certleader.com

Q1. You have been hired by Acme Corporation to evaluate their existing network and determine if the current network design is secure enough to prevent man-in-the-middle attacks. When evaluating the network, which switch security option should you investigate to ensure that authorized ARP responses take place according to known IP-to-MAC address mapping? 

A. ARP rate limiting 

B. DHCP snooping 

C. Dynamic ARP Inspections 

D. IP Source Guard 

Answer:

Q2. A network designer has provisioned a router to use IPsec to encrypt the traffic over a GRE tunnel going to a web server at a remote location. From the router, the network designer can ping the web server, although the users in the office comment that they are unable to reach it. (Note: The DF bit is not set.) Which aspect should be changed in the design of the virtual connection? 

A. IP addresses of the GRE tunnel endpoints 

B. IPsec configuration 

C. MTU size on the GRE tunnel 

D. encapsulation of the GRE tunnel 

Answer:

Q3. Tesla Radio GmbH is going to build a new research lab network based on a set of switches that would connect to their existing enterprise network. They are considering a design that would guarantee loop-free behavior within the set of switches. The design would also allow the group of switches to seem like a single switch to the enterprise network, because it is owned by a separate administrative group. Which Spanning Tree Protocol should be used to support the design requirements? 

A. IEEE 802.1w 

B. IEEE 802.1D 

C. IEEE 802.1s 

D. IEEE 802.1p 

Answer:

Q4. Which two features can be used to extend VRFs across a campus? (Choose two.) 

A. 802.1q trunks 

B. LDP 

C. MPLS TE 

D. GRE 

E. port channels 

Answer: AD 

Q5. You are the lead IP/MPLS network designer of a service provider called XYZ. You are leading a design discussion regarding IPv6 implementation in the XYZ MPLS network, using MPLS 6PE/6VPE techniques. Currently, XYZ provides IPv4 multicast services over an MPLS network by using MVPN, and would like to provide parallel IPv6 multicast services. Which three multicast solutions should be enabled? (Choose three.) 

A. native IPv6, only for multicast services 

B. MPLS 6PE/6VPE, because it provides IPv6 multicast support by default 

C. an overlay model using Layer 2 MPLS tunnels 

D. PIM-DM to enable IPv6 multicast in conjunction with MPLS 6PE/6VPE 

E. MVPN for IPv6 multicast service 

Answer: ACE 

Q6. Which three methods allow storage access across an IP network? (Choose three.) 

A. FCIP 

B. Fiber Channel over GRE 

C. Fiber Channel over L2TPv3 

D. iSCSI 

E. NFS 

Answer: ADE 

Q7. A planned EBGP network will use OSPF to reach the EBGP peer addresses. Which of these conditions should be avoided in the design that could otherwise cause the peers to flap continuously? 

A. An ACL blocks TCP port 179 in one direction. 

B. IP addresses used to peer are also being sent via EBGP. 

C. The OSPF area used for peering is nonbackbone (not area 0). 

D. The routers are peered by using a default route sent by OSPF. 

Answer:

Q8. In which two ways is a network design improved by the inclusion of IP Event Dampening? (Choose two.) 

A. reduces processing load 

B. provides sub-second convergence 

C. improves network stability 

D. prevents routing loops 

E. quickly detects network failures 

Answer: AC 

Q9. You are designing an IPv4 any source multicast redundancy solution. Which technology ensures the quickest RP convergence? 

A. Auto-RP 

B. Embedded RP 

C. bootstrap router 

D. MSDP anycast RP 

Answer:

Q10. When designing a network, which two security features should be added to the design to protect hosts from potential IPv6 neighbor discovery denial of service attacks at the access layer? (Choose two.) 

A. SEND 

B. RA Guard 

C. IKEv2 

D. IPsec 

E. DMVPNv6 

Answer: AB