ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 400-007 All Questions

View all questions & answers for the 400-007 exam
Go to Exam

Exam 400-007 topic 1 question 256 discussion

Actual exam question from Cisco's 400-007
Question #: 256
Topic #: 1
[All 400-007 Questions]



Refer to the exhibit. Two data center sites, X and Y, are connected with a direct backdoor link under these conditions:

• Site-specific firewalls are deployed behind the Internet edge routers R1 and R2.
• Both sites are advertising the address pool 100.75.10.0/23 toward the Internet.

Site-X finds that Internet traffic returning from user PCs comes back on the Site-Y link. Which design resolves the issue?

  • A. Add a static route toward the Internet on Site-X.
    Change the DNS policy on Site-Y to block traffic.
  • B. Change the Site-Y firewall configuration to replicate the Site-X configuration.
    Advertise the low MED attribute on Site-X to the Internet.
  • C. Establish control plane peering between edge routers.
    Have Site-X advertise an IP pool with a longer prefix.
  • D. Use BGP MED to influence Site-X return traffic.
    Change the IP address scheme of both sites.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by blurain at Feb. 6, 2024, 3:44 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cisco_guy
Highly Voted 11 months, 2 weeks ago
Selected Answer: C
There's some assumptions and deductions to be made. I would Peer the firewalls together so they both see the same thing from a BGP perspective and from Site-X, I would advertise a longer match, this would solve the asymmetric routing being seen.
upvoted 6 times
...
sandccie
Most Recent 2 months ago
Selected Answer: D
I thought C was the right answer with longer prefix as the solution to resolve the asymmetric routing. However, by doing so the symptom would be shifted to Site-Y. The permanent solution is to have Site-X and Site-Y using unique IP Pools.
upvoted 1 times
...
i9t6
6 months, 2 weeks ago
C, longer prefix
upvoted 1 times
...
JCGO
7 months, 2 weeks ago
WTF. It's Internet connection. Supposedly to ISP. MED is not transitive attribute. As you know, we are using AS-Path/communities to make that stuff. All answers are literally wrong.
upvoted 2 times
JCGO
7 months, 2 weeks ago
I wold go for B. Ignoring MED text, the only thing, that is not working here (im not talking about wrong/right) is that returning traffic from site X is blocked by FW at site Y.
upvoted 2 times
...
...
Doobiedoo
8 months, 3 weeks ago
Selected Answer: D
Use BGP MED to influence Site-X return traffic: By assigning a lower MED (Metric) to the Site-X route, BGP will prefer using the Site-X link for return traffic, thus resolving the issue of traffic going back through Site-Y. Change the IP address scheme of both sites: This is a more permanent solution but involves more significant changes. Assigning different IP address ranges to each site ensures that return traffic is directed to the correct site without relying on BGP MED. Using BGP MED is the most efficient and effective way to correct the traffic routing in this scenario.
upvoted 3 times
...
Charles2024
1 year, 1 month ago
there is no mention of a firewall in the question
upvoted 1 times
cisco_guy
11 months, 2 weeks ago
First bullet point, site-specific firewalls.
upvoted 1 times
...
...
Charles2024
1 year, 1 month ago
Selected Answer: D
they need to split the IP addressing between site x and y.
upvoted 3 times
...
blurain
1 year, 3 months ago
Selected Answer: B
B might be the right answer. Replicating the firewall policy on both sites is a good practice should the primary site x fail. Also advertising low MED can influence return traffic. My worry is that MED is a non transitive attribute and also there is nothing said about MED config on site y. - no static route needed towards the internet on site x, we know the traffic leave correctly - longer prefix match won't help at it won't be installed in the routing table when comparing it to the shorter prefix - no need change the IP address schema, that might require many other updates: update firewall policies, prefix lists/route maps, wide ips, etc.
upvoted 3 times
a43b1bf
12 months ago
Replicating firewall policy cannot help because of the nature of the stateful inspection. We are dealing with the infamous assymetric routing issue. I would suggest D is the answer.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago