New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Cisco
  3. CCDE
  4. 352-011
  5. Cisco Certified Design Expert Practical Exam Questions and Answers

Pass the Cisco CCDE 352-011 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 7 out of 8 pages
Viewing questions 61-70 out of questions
Questions # 61:

Which three reasons to deploy an IDS sensor in promiscuous mode when you design a security solution are true? (Choose three.)

Options:
A.

Solution should be resistant to sensor failure.

B.

Solution should allow for stream normalization.

C.

Solution should not impact jitter and latency for voice traffic.

D.

Solution should allow for signature-based pattern matching.

E.

Solution should allow to deny packets inline.

Expert Solution
Questions # 62:

How must queue sizes be designed to ensure that an application functions correctly?

Options:
A.

The default queue sizes are good for any deployment

B.

Each individual device queuing delay in chain must be less than or equal to the application required delay

C.

The queuing delay on every device in chain must be exactly the same

D.

The sum of the queuing delay of all devices in chain must be less than or equal to the application required delay

Expert Solution
Questions # 63:

Refer to the exhibit.

Question # 63

A customer interconnected hundreds of branch offices into a single DMVPN network, with the HUB in the main data center. Due to security policies, the customer requires that the default route for all Internet traffic from the users at the branches must go through the tunnel and the only connections that are allowed to and from the branch router over the local internet circuit are the DMVPN tunnels. Which two combined actions must you take on the branch router to address these security requirements and keep the solution scalable? (Choose two)

Options:
A.

Place the WAN interface in a front-door VRF, leaving the tunnel interface in the default routing instance

B.

Protect the WAN interface by an inbound ACL that permits only IPsec-related traffic

C.

Implement a zone-based firewall that allows only IPsec-related traffic from zone UNTRUSTED to zone TRUSTED

D.

Add a host route for the public IP address of each remote branch and HUB routers that points directly to the local ISP, and add a default route that points to the tunnel

E.

Use a floating default route with the preferred path over the tunnel and a backup path over the Internet natively

Expert Solution
Questions # 64:

When is it required to leak routes into an IS-IS level 1 area?

Options:
A.

When MPLS L3VPN PE devices are configured in the level 1 areas

B.

When unequal cost load balancing is required between the backbone and nonbackbone areas

C.

When a multicast RP is configured in the nonbackbone area

D.

When equal cost load balancing is required between the backbone and nonbackbone areas

Expert Solution
Questions # 65:

Which option describes a design benefit of root guard?

Options:
A.

It prevents switch loops caused by unidirectional point-to-point link condition on Rapid PVST+ and MST.

B.

It prevents switch loops by detecting on one-way communications on the physical port.

C.

It allows small, unmanaged switches to be plugged into ports of access switches without the risk of switch loops.

D.

It makes the port go immediately into the forwarding state after being connected.

E.

It prevents switched traffic from traversing suboptimal paths on the network.

F.

It does not generate a spanning-tree topology change upon connecting and disconnecting a station on a port.

Expert Solution
Questions # 66:

A large enterprise network has two data centers and a WLAN edge with a large hub-and spoke network. The complete network is configured as a single OSPF area, and spoke routers are connected to unreliable WAN links. Which two changes should you make to deploy LSA on the spoke routers? (Choose two)

Options:
A.

Place spoke routers in stub areas

B.

Make the hub routers ABR

C.

Make the hub routers ASBR

D.

Place spoke routers in totally stubby areas

E.

Keep the spoke routers in normal areas

Expert Solution
Questions # 67:

You are designing the QoS features for a large enterprise network that includes DMVPN. In which situation should you use the QoS pre-classify feature?

Options:
A.

When you are marking packets with the ToS bits

B.

When the QoS policy cannot be based on DSCP bits

C.

When you are marking packets with the DSCP bits

D.

When your service provider requires the DSCP bits be set

Expert Solution
Questions # 68:

Refer to the exhibit.

Question # 68

How should you redesign this network running BGP to improve availability of the routers 1A and 1B at the core site?

Options:
A.

Deploy BGP PIC

B.

Use link bundles over multiple slots

C.

Enable graceful restart

D.

Create a multichassis system with the two routers

Expert Solution
Questions # 69:

As a part of a network design, you should tighten security to prevent man-in-the-middle. Which two security options ensure that authorized ARP responses take place according to know IP-to-MAC address mapping? (Choose two)

Options:
A.

DHCP snooping

B.

ARP spoofing

C.

ARP rate limiting

D.

Dynamic ARP Inspection

E.

Port security

Expert Solution
Questions # 70:

Refer to the exhibit.

Question # 70

In a link failure scenario, what is a benefit of adding APS protected link to the design solution?

Options:
A.

APS switches traffic to a backup fiber automatically and sends notifications

B.

APS detects failure and sends notifications

C.

APS detects failure on transmission infrastructure based on copper.

D.

APS applies QoS policies in case Of link failure

Expert Solution
Viewing page 7 out of 8 pages
Viewing questions 61-70 out of questions