???? Comprehensive Explanation:
A: In hybrid WAN designs where routing domains are gradually migrating from OSPF to BGP, particularly with overlapping domains or redistribution points, loops can occur if the same routes are seen via multiple protocols (e.g., BGP and OSPF). Implementing route filtering on the OSPF backbone prevents it from learning and advertising spoke routes that it also receives via BGP—eliminating the loop scenario.
B: Advertising a low administrative distance (AD) for transit traffic does not prevent loops and may worsen convergence or cause routing inconsistency.
C: Summarizing OSPF routes may reduce the routing table size, but it does not solve the loop issue caused by dual protocol redistribution unless filtering is applied.
D: Redistributing EIGRP routes into BGP with a low cost might cause preference toward one path but does not address the loop risk between the hybrid segments (OSPF and BGP).
This is a classic use case for route filtering in dual-protocol or dual-backbone migrations, where ensuring consistent path selection and loop prevention is essential.
???? QUESTION NO: 356 [Network Architecture Principles]
A network becomes unintentionally segmented when remote sites connect to HQ only via the public Internet. Which option helps de-segment the network?
A. Build virtual networks that pass over the network
B. Mark traffic for special handling through quality of service
C. Configure little to no control data plane policy
D. Block specific sources from reaching specific destinations
Answer: A
???? Explanation:
A: Virtual networks (e.g., VPNs, tunnels) create secure, logical overlays across segmented physical infrastructure such as the public Internet, effectively re-integrating remote sites into the corporate network. This re-establishes end-to-end connectivity and consistent routing/security policies.
Other options:
B: QoS does not address segmentation or connectivity.
C: Lax control-plane policies do not restore logical network integration and may increase security risk.
D: Blocking traffic further limits connectivity and exacerbates segmentation.
==========
???? QUESTION NO: 357 [Protocol Design Implications]
You want to add 900 VLANs to an existing 90 in a data center. What are two spanning tree concerns to consider?
A. STP is increased by a factor of 10 convergence time
B. To add 990 VLANs to the switching hardware, reserved VLANs require using extended VLAN
C. The diameter of the STP topology is increased
D. The PVST+ increases CPU utilization
E. BPDU does not support 990 VLANs
Answer: B, D
???? Explanation:
B: Cisco switches reserve certain VLAN IDs. VLANs beyond 1005 are considered extended VLANs and may require special configuration (e.g., VTP transparent mode).
D: Each VLAN with PVST+ has its own instance of STP. Adding 900 more VLANs significantly increases the STP processing overhead on the switch’s control plane and CPU.
Other options:
A: STP convergence time is more dependent on topology than VLAN count.
C: STP diameter is unrelated to the number of VLANs—it's a function of hops in the topology.
E: BPDU handling is VLAN-aware under PVST+; there’s no direct per-BPDU VLAN limitation.
==========
???? QUESTION NO: 358 [Business-Driven Design Approaches]
Which strategic requirement pushes decision-makers toward IaaS over SaaS or PaaS?
A. Selling products and services globally 24/7
B. Integration with partner or vendor supply chains
C. Control over the underlying infrastructure
D. Speed-to-market is more important for an initiative
Answer: C
???? Explanation:
C: IaaS (Infrastructure as a Service) provides the greatest control over compute, storage, and network resources. Organizations that require fine-grained control (e.g., compliance, tuning, OS/hardware) will prefer IaaS over SaaS or PaaS.
Other options:
A and B: These may be satisfied by SaaS or PaaS depending on architecture.
D: PaaS and SaaS often offer faster time-to-market than IaaS.
==========
???? QUESTION NO: 359 [Security, Automation, and Policy Integration in Design]
To meet PCI-DSS requirements under Strong Access Control Measures, which two conditions must be met?
A. Assign a unique ID to each person with computer access
B. Restrict access to cardholder data on a need-to-know basis
C. Encrypt transmission of cardholder data across open or public networks
D. Each location must require validating PCI compliance if business has multiple locations
E. Protect stored cardholder data
Answer: A, B
???? Explanation:
A: PCI-DSS Requirement 8 mandates that each user have a unique ID to track and control access.
B: PCI-DSS Requirement 7 enforces least privilege—only users with a legitimate business need should access cardholder data.
Other options:
C: This relates to transmission security, not access control.
D: PCI compliance requirements may be managed centrally depending on structure.
E: Protecting stored data is critical but falls under data protection, not access control.
???? QUESTION NO: 360 [Business-Driven Design Approaches / Project Methodologies]
Which project management methodology is characterized by having low client involvement?
A. Traditional project management
B. LEAN project management
C. Kanban project management
D. Agile project management
Answer: A
???? Explanation:
A: Traditional project management (often referred to as the Waterfall model) involves a fixed sequence of phases—planning, design, execution, and delivery. Client involvement is typically high at the beginning (requirements gathering) and low during implementation.
Other options:
B, C, and D (LEAN, Kanban, Agile): These emphasize continuous feedback, flexibility, and frequent customer interaction throughout the project lifecycle. Agile in particular encourages constant client collaboration via sprints and reviews.
==========
???? QUESTION NO: 361 [Protocol Design Implications / High Availability]
Two routers (R1 and R2) run OSPF and have registered with BFD in asynchronous mode with the echo function enabled. Which two actions occur with the echo function? (Choose two)
A. BFD control packets are sent at a slower pace because the echo function is enabled
B. BFD echo packets are sent from forwarding engines along the Layer 2 path to perform detection
C. BFD control packets are sent at a higher pace because the echo function is enabled
D. Only BFD control packets are sent from forwarding engines along the Layer 2 path to perform detection
E. BFD sessions at either end actively participate in the forwarding of echo packets
Answer: B, E
???? Explanation:
B: BFD echo packets are looped back by the peer and sent through the data plane (forwarding engine) over the actual Layer 2 path. This ensures the link is not only up logically but physically functional.
E: Both ends of the BFD session (R1 and R2) participate in sending/receiving and forwarding echo packets, validating bidirectional liveliness.
Other options:
A: Echo packets are independent of control packets. Echo may offload failure detection to data plane but does not reduce control packet frequency.
C: Control packet rate is not increased by echo function.
D: Both control and echo packets play roles; it’s not "only control packets" or “only echo packets” used in detection.
