Practice Free 400-007 Exam Online Questions
Which two data plane hardening techniques are true? (Choose two)
- A . warning banners
- B . redundant AAA servers
- C . Control Plane Policing
- D . SNMPv3
- E . infrastructure ACLs
- F . disable unused services
- G . routing protocol authentication
Refer to the exhibit.
This network is running OSPF as the routing protocol. The internal networks are being advertised in OSPF London and Rome are using the direct link to reach each other although the transfer rates are better via Barcelona.
Which OSPF design change allows OSPF to calculate the proper costs?
- A . Change the OSPF reference bandwidth to accommodate faster links.
- B . Filter the routes on the link between London and Rome
- C . Change the interface bandwidth on all the links.
- D . Implement OSPF summarisation to fix the issue
Cost effectiveness: The proposed solution must be economically viable, adhering to any budget constraints, which currently prohibits CapEx spending, but just recently, new edge routers were added to the data centers, so it is safe to assume they can support any of the options.
Which recommendation can be given?
- A . Propose a hybrid approach where the company retains critical data and applications on-premises and utilizes the cloud for additional computing resources during peak periods.
- B . Advise building a private cloud infrastructure within the company’s data centers to ensure more control over data and compliance requirements.
- C . Recommend upgrading the existing on-premises network infrastructure by adding more servers, storage, and networking equipment to meet the increased demand.
- D . Suggest migrating all business-critical operations and data to a public cloud platform, leveraging the cloud provider’s infrastructure and services.
Which compliance risk management process is designed to ensure that an organization is operating in a manner consistent with its values, mission and risk tolerance?
- A . transformation
- B . governance
- C . framework
- D . environmental
Refer to the exhibit.
ACME Mining has four data centers in Santiago. Cape Town. Mumbai, and Beijing, full-mesh connected via a 400 Mb/s EVP-LAN.
They want to deploy a new mission-critical application with these requirements:
✑ cluster heartbeat 2 Mb/s continuous (250 KB/s)
✑ cluster heartbeat one-way maximum latency 100 ms
These are the current ping tests results between the four data centers:
Which hosting data center pair can host the new application?
- A . Mumbai and Beijing
- B . Santiago and Cape Town
- C . Santiago and Mumbai
- D . Cape Town and Mumbai
- E . Cape Town and Beijing
- F . Santiago and Beijing
DRAG DROP
When a detection system for protecting a network from threats sourced from the Internet is designed there are two common deployment methods, where the system is placed differently relative to the perimeter firewall
• An unfiltered detection system examines the raw Internet data streams before it reaches the firewall
• A screened detection solution which monitors traffic that is allowed through the firewall Both have
its advantages and disadvantages drag and drop the characteristics on the left to the corresponding category on the right in no particular order.
Refer to the exhibit in the topology, each router has a BGP session to each firewall in a hub-and-spoke BGP design.
The peering LAN implements an Ethernet Virtual Private LAN service from a service provider that offers carrier Ethernet services from its MPLS-enabled network Each router has an IP address in the 10.192 255.0/24 subnet. Spoke BGP routers must communicate with each other directly without traffic passing through the firewall AS PATH is used for policy enforcement.
How can BGP sessions be established between the routers and the firewalls?
- A . eBGP sessions
- B . iBGP sessions
- C . firewalls as route reflectors
- D . firewalls as route servers
As part of workspace digitization, a large enterprise has migrated all their users to Desktop as a Sen/ice (DaaS), by hosting the backend system in their on-premises data center. Some of the branches have started to experience disconnections to the DaaS at periodic intervals, however, local users in the data center and head office do not experience this behavior.
Which technology can be used to mitigate this issue?
- A . tail drop
- B . traffic shaping
- C . WRED
- D . traffic policing
During initial preparations to deploy 802 1x for wired access to their network, a company must ensure that the solution complies with existing internal security policies These policies mandate that every Auth C/Auth Z request must be protected by a tunnel which authenticates both server and clients using their PKI AI the same time, the user authentication phase must be independent of the tunnel.
Which scheme meets the requirements?
- A . EAP-MDS
- B . EAP-Fast
- C . EAP-MSCHAPv2
- D . PEAP
A comprehensive business continuity plan creates a clear recovery pathway for your systems and acts as an operational blueprint.
Which two elements are crucial to know before creating a business continuity plan? (Choose two.)
- A . recovery blueprint
- B . notification matrix
- C . critical activities
- D . communication plan
- E . threat scenarios