Is the 400-007 practice exam free?

Yes. ExamCademy offers all 330 400-007 practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the 400-007 practice questions?

All 400-007 questions are community-created and reviewed by moderators to align with Cisco's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the 400-007 exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Cisco documentation and hands-on experience for best results.

400-007 Practice Exam — Free 330+ Questions

330Practice Questions

3Study Modes

FreeTo Get Started

Topic:Sort:

Question 1

Service Design

Question 2

Network Design

Question 3

Network Design

Question 4

Security Design

Question 5

Control, Data, Management Plane, and Operational Design

Question 6

Service Design

Question 7

Network Design

Question 8

Control, Data, Management Plane, and Operational Design

Question 9

Security Design

Question 10

Security Design

Question 11

Security Design

Question 12

Control, Data, Management Plane, and Operational Design

Question 13

Network Design

Question 14

Service Design

Question 15

Network Design

Question 16

Network Design

Question 17

Network Design

Question 18

Network Design

Question 19

Network Design

Question 20

Network Design

Question 21

Security Design

Question 22

Security Design

Question 23

Security Design

Question 24

Control, Data, Management Plane, and Operational Design

Question 25

Network Design

Page 1 of 14 • Questions 1-25 of 330

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

A European government passport agency considers upgrading its IT systems to increase performance and workload flexibility in response to constantly changing requirements. The budget manager wants to reduce capital expenses and IT staff and must adopt the lowest-cost technology. Which technology choice is suitable?

A public cloud
B hybrid cloud
C on premises
D private cloud

DRAG DROP -
Drag and drop the multicast protocols from the left onto the correct design situations on the right. Not all options are used.
Select and Place:

Question Image

Which relationship between iBGP and the underlying physical topology is true?

A iBGP full mesh requires an underlying fully meshed network topology.
B iBGP full mesh requirement does not dictate any specific network topology.
C iBGP does not work on a ring network topology even with an underlying IGP.
D iBGP can work only on a ring network topology with a link-state protocol like OSPF or IS-IS.

A European national bank considers migrating its on-premises systems to a private cloud offering in a non-European location to significantly reduce IT costs. What is a primary factor prior to migration?

A security
B cloud connectivity
C additional latency
D data governance

Company XYZ is planning to deploy primary and secondary (disaster recovery) data center sites. Each of these sites will have redundant SAN fabrics and data protection is expected between the data center sites. The sites are 100 miles (160 km) apart and target RPO/RTO are 3 hrs and 24 hrs, respectively. Which two considerations must Company XYZ bear in mind when deploying replication in their scenario? (Choose two.)

A Target RPO/RTO requirements cannot be met due to the one-way delay introduced by the distance between sites.
B VSANs must be extended from the primary to the secondary site to improve performance and availability.
C VSANs must be routed between sites to isolate fault domains and increase overall availability.
D Synchronous data replication must be used to meet the business requirements.
E Asynchronous data replication should be used in this scenario to avoid performance impact in the primary site.

A small organization of 20 employees is looking to deliver a network design service for modernizing customer networks to support advanced solutions.

Project scope and weekly progress should be visualized by the management.
Always consider feedback and make changes accordingly during the project.
Should consider flexibility to change scope at the point of time.
Which project methodology meets the requirements and have the least impact on the outcome?

A LEAN
B Six-Sigma
C Scrum
D Kanban

What is the most important operational driver in building a resilient and secure modular network design?

A Minimize app downtime
B Reduce the frequency of failures requiring human intervention
C Increase time spent on developing new features
D Dependencies on hardware or software that is difficult to scale

Which three items do you recommend for control plane hardening of an infrastructure device? (Choose three.)

A SNMPv3
B warning banners
C routing protocol authentication
D redundant AAA servers
E to enable unused services
F Control Plane Policing

What is a characteristic of a secure cloud architecture model?

A multi-factor authentication
B limited access to job function
C dedicated and restricted workstations
D software-defined network segmentation

Which two data plane hardening techniques are true? (Choose two.)

A routing protocol authentication
B infrastructure ACLs
C redundant AAA servers
D Control Plane Policing
E warning banners
F SNMPv3

Which two technologies enable multilayer segmentation? (Choose two.)

A firewalls
B data plane markings
C filter lists
D segment routing
E policy-based routing

IPFIX data collection via standalone IPFIX probes is an alternative to flow collection from routers and switches. Which use case is suitable for using IPFIX probes?

A security
B observation of critical links
C capacity planning
D performance monitoring

You want to mitigate failures that are caused by STP loops that occur before UDLD detects the failure or that are caused by a device that is no longer sending
BPDUs. Which mechanism do you use along with UDLD?

A BPDU guard
B root guard
C loop guard
D BPDU filtering

An architect receives a business requirement from a CTO that states the RTO and RPO for a new system should be as close as possible to zero. Which replication method and data center technology should be used?

A synchronous replication over geographically dispersed dual data centers via MPLS
B synchronous replication over dual data centers via Metro Ethernet
C asynchronous replication over geographically dispersed dual data centers via CWDM
D asynchronous replication over dual data centers via DWDM

A multicast network is using Bidirectional PIM. Which two combined actions achieve high availability so that two RPs within the same network can act in a redundant manner? (Choose two.)

A Advertise the two RP addresses in the routing protocol.
B Use two phantom RP addresses.
C Manipulate the multicast routing table by creating static mroutes to the two RPs.
D Control routing to the two RPs through a longest match prefix.
E Use Anycast RP based on MSDP peering between the two RPs.
F Manipulate the administrative distance of the unicast routes to the two RPs.

Question Image

Refer to the table. A customer investigates connectivity options for a DCI between two production data centers to aid a large-scale migration project. The solution must provide a single 10G connection between locations and be able to run its own varying QoS profiles without service provider interaction based on the migration stages. All connectivity methods are at 10 Gbps. Which transport technology costs the least if the connectivity is required for just one year?

A DWDM over dark fiber
B Metro Ethernet
C MPLS wires only
D CWDM over dark fiber

Which two features control multicast traffic in a VLAN environment? (Choose two.)

A RGMP
B PIM snooping
C MLD snooping
D pruning
E IGMP snooping

Which two mechanisms avoid suboptimal routing in a network with dynamic mutual redistribution between multiple OSPFv2 and EIGRP boundaries? (Choose two.)

A AD manipulation
B matching OSPF external routes
C route filtering
D matching EIGRP process ID
E route tagging

Question Image

Refer to the table. A customer investigates connectivity options for a DCI between two production data centers. The solution must provide dual 10G connections between locations with no single points of failure for Day 1 operations. It must also include an option to scale for up to 20 resilient connections in the second year to accommodate isolated SAN over IP and isolated dedicated replication IP circuits. All connectivity methods are duplex 10 Gbps. Which transport technology costs the least over two years in this scenario?

A CWDM
B DWDM
C MPLS
D Metro Ethernet

An enterprise requires MPLS connected branches to access cloud-based Microsoft 365 services over an SD-WAN solution. Internet access is available only at dual regional hub sites that are connected to the MPLS network. Which connectivity method provides an optimum access method to the cloud-based services if one ISP suffers loss or latency?

A Cloud onRamp SWG
B Cloud onRamp
C Cloud onRamp gateway site
D Cloud onRamp SaaS

A healthcare provider discovers that protected health information of patients was altered without patient consent. The healthcare provider is subject to HIPAA compliance and is required to protect PHI data. Which type of security safeguard should be implemented to resolve this issue?

A technical and physical access control
B physical device and media control
C administrative security management processes
D technical integrity and transmission security

Company XYZ wants to improve the security design of their network to include protection from reconnaissance and DoS attacks on their subinterfaces destined toward next hop routers. Which technology can be used to prevent these types of attacks?

A DPP
B CPPr
C CoPP
D MPP

Company XYZ is designing the network for IPv6 security and they have these design requirements:

A switch or router must deny access to traffic from sources with addresses that are correct, but are topologically incorrect.
Devices must block Neighbor Discovery Protocol resolutions for destination addresses that are not found in the binding table.
Which two IPv6 security features are recommended for this company? (Choose two.)

A IPv6 RA Guard
B IPv6 Destination Guard
C IPv6 Prefix Guard
D IPv6 Source Guard
E IPv6 DHCP Guard

DRAG DROP -
Drag and drop the multicast protocols from the left onto the correct design situations on the right.
Select and Place:

Question Image

What are two examples of business goals to be considered when a network design is built? (Choose two.)

A integrate endpoint posture
B ensure faster obsolescence
C minimize operational costs
D reduce complexity
E standardize resiliency

400-007Preview

About the 400-007 Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

400-007Preview

About the 400-007 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25