Pass4sure cisoc ccde 352-001
Visited 1333 times, 1 so far today
Testking > Cisco > CCDE > Exam 352-001 ADVDESIGN : 352-001 ExamQuestions and Answers : 240 Q&As Updated: November 13th , 2008 Price: $199.99 $125.99 Product DescriptionExam Number/Code: 352-001
Exam Name: ADVDESIGN
Cisco Certified Design Expert
Expert Level Network Design and Architecture Experience
CCDE Assesses advanced Network Infrastructure Design Principles and Fundamentals for large networks. A CCDE can demonstrate an ability to develop solutions which address planning, design, integration, optimization, operations, security and ongoing support focused at the infrastructure level for customer networks.
Prerequisites for CCDE
There are no formal prerequisites for CCDE certification. Other professional certifications or training courses are not required.
Recommended Training and Experience
It is expected that the candidate will have an in-depth understanding of the topics in the exam blueprints, a minimum of seven years job experience, and a thorough understanding of networking infrastructure principles. Please view the written exam information page for more details.
Step One: CCDE Written Exam
You must pass the two-hour, written qualification exam which covers advanced networking infrastructure design principles and concepts. Once you pass the qualification exam, you are then eligible to schedule the practical exam.
Written Exam Information
Written exams are scheduled and taken at Pearson Vue, Cisco’s authorized testing vendor. Please visit the link below for more details and to schedule exams. Be sure to use the same candidate ID number for every exam that you take. If you use a different ID number, you will create a different record in the CCIE database and you will need to contact CCIE support for help in merging the records.
Schedule and Pay for Written Exam
Step Two: CCDE Practical Exam
The CCDE Practical exam is a design-scenario exam that tests your ability to perform design analysis, justify design requirements, and develop a design implementation based on best practices. The exam will assess your ability to apply your specific body of knowledge into current business problems of technical network design.
The topics covered in the Practical exam are located within the exam blueprint. The exam scenarios will change each instance the exam is delivered, however, the topics will remain the same.
Practical Exam Release for CCDE Certification
Cisco is now formally announcing the availability of the CCDE practical exam. The exam is currently scheduled on February 11, 2009 in Chicago and London.
PassGuide offers free demo for Certification Exams You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products. Download links:http://demo.passguide.com/downloadCCDE is Cisco Certified Design Expert released by Cisco. The certification applies to high-level IT professionals designing and building company network. To obtain a CCDE certificate, you need to begin with the exam 352-001, which is the first step on the path to CCDE certification. With our well-prepared study-guides, you will succeed in this first step easily and obtain your CCDE soon. CCDE is different from CCIE, which provides professional standards on routing, switching, security, voice, as well as other areas, while CCDE offers none of these. You have to understand voice and security, which are issues of deep-rooted level. As a designer, you have to stand outside to think how everything is operating orderly as a whole. While CCIE focus on hands-on operation and troubleshooting, CCDE focus on structure planning and designing by using such scenario and simulation. This will be a ‘wonderful multimedia experience’.
Free Demo DownloadTestking offers free demo for 352-001 exam (ADVDESIGN). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.
Testking Engine FeaturesQuality and Value for the 352-001 ExamTestking Practice Exams for Cisco CCDE 352-001 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 352-001 ExamIf you do not pass the CCDE 352-001 exam (ADVDESIGN) on your first attempt using our Testking testing engine, we will give you a FULL REFUND of your purchasing fee.
Downloadable, Interactive 352-001 Testing enginesOur ADVDESIGN Exam Preparation Material provides you everything you will need to take a CCDE certification examination. Details are researched and produced by Cisco Certification Experts who are constantly using industry experience to produce precise, and logical.
Comprehensive questions with high quality about 352-001 exam 352-001 exam questions accompanied by exhibits Verified Answers Researched by Industry Experts and almost 100% correct 352-001 exam questions updated on regular basis Same type as the certification exams, 352-001 exam preparation is in multiple-choice questions (MCQs). Tested by multiple times before publishing Try free 352-001 exam demo before you decide to buy it in Testking.name
Free down:pass4sure 352-001
Free down:Testking 352-001
Dowload PassGuide Practice Test Questions
8 Comments on “Pass4sure cisoc ccde 352-001”
I did not attend Cisco Live, but someone has posted the presentation Russ White gave on the CCDE here.
A few comments on the information in this presentation.
Under the “why are we doing this” section they note that a lot of L3 design issues are coming up, despite being “easy”. Expect a lot of L3 issues on the CCDE.
Business problems are the primary driver of the CCDE test questions.
The skill set tested should be timeless.
Is generally vendor neutral.
The practical will be computer-based – no lab environment.
You’ll be presented with a bunch of information, from which you generate requirements. After answering some questions through a variety of means, you’ll gain access to additional information
Topic 5 : Security is not fleshed out as far as the other four topics, so I thought I would tackle it first.
Explain the impact of security availability design in the characteristics of a network.What does this mean? Let’s dig into the subtopics and see if we can find an explanation.
OOB Access – out-of-band access to devices. If your network goes down or if a device is unreachable, you may need some way of remotely logging into the device. A good example would be a modem connected to the AUX port on a router.
Decoupling – This probably refers to the separation of control/data planes in routed networks.
Paul Baran Model – according to Wikipedia, Paul was one of the thought leaders in distributed networking as an answer to reliability. Building networks that could withstand nuclear attack, etc.. This shows some mathematical rigor for communications networks.
Compartmentalization – this probably relates to Schneier’s book Beyond Fear where he states that:
All systems have a weakest link, and there are several general strategies for securing systems despite their vulnerabilities. Defense in depth ensures that no single vulnerability can compromise security. Compartmentalization ensures that a single vulnerability cannot compromise security entirely. And choke points reduce the number of potential vulnerabilities by allowing the defender to concentrate his defenses. In general, tried and true countermeasures are preferable to innovations, and simpler overlapping countermeasures are preferable to highly complex stand-alone systems. However, because attackers inevitably develop new attacks, reassessment and innovation must be ongoing.
I’m a huge fan of Bruce Schneier. I highly recommend crypto-gram and Beyond Fear.
Another issue Schneier talks about is ‘brittleness’:
Brittleness refers to the way a system fails. Microsoft Windows is a brittle system. A small insecurity breaks the entire system, and often the entire network. The credit-card system is resilient. It can tolerate all sorts of insecurities and still work profitably.
Use available tools in a network security design to address identity, monitoring and correlation aspects.
SNMP: This falls under the ‘monitoring’ requirement. Keep in mind that SNMP is by default not very secure, and you should be using SNMPv3 if at all possible.
NetFlow: You can use records generated by NetFlow to look for all sorts of security events in your network. Normally the data generated is too much and you’ll have to use a third party tool to analyze it. NetFlow uses port 9996/udp by default so designing a system that can accept all of the NetFlow records without dropping is essential if you’re to use it for auditing.
Syslog: Obviously, syslog is something you should have enabled in your network. It runs on udp as well, so all the usual udp rules apply. It’s also unencrypted by default.
RMON: I’ve not used much RMON in the past, but this falls under application classification/utilization. Third-party tools are best for RMON probes and analysis.
DNS: DNS can help to correlate – if for example all of your routers and switches are in DNS and you source records like Syslog and NetFlow, if you have everything defined to do so the IP addresses will resolve in your logs/reports.
Radius/AAA: Authentication/Authorization/Accounting is a requirement for any large-scale network. You’ll have to audit the logs for events in this as well.
Full Packet Classifiers: They probably refer to NBAR (network based application recognition). It is a tool built in to the routers and switches that will classify your application based on its behavior. It can, for example, classify P2P applications. It does increase the load on your infrastructure, so be careful when implementing it. NBAR can be used to classify and then police/shape applications like P2P, etc.
Explain the impact of control plane design decisions on the security of a network; implement security mechanisms to protect the control plane.
Use and impact of addressing: This may refer to the concept of infrastructure hiding, where you assign addresses to your devices that are unreachable from outside your network. You could assign all RFC1918 addresses to your loopbacks and refuse to NAT/advertise these networks. This does not automatically hide the infrastructure addresses from your internal users and devices, so you would have to apply inbound filters to prevent access. You can use control-plane policing for this (COPP)
Use and impact of area (flooding domain/summary points) placement.
Route/Topology/Link Hiding
Adjacency Protection (MD5, GTSM, etc.): you should be using MD5 to authenticate links between adjacent neighbors. All of the major dynamic routing protocols support MD5. GTSM stands for Generic TTL Security Mechanism. Defined in RFC3682, it outlines the use of the TTL as a way to ensure your updates are coming from directly-attached neighbors. If you receive an update with a TTL <>
Route Validation: probably a manual process, anyone have any ideas?
Route Filtering: filter updates from your neighbors that you don’t want. Or just allow those that you do want.
Routing Plan: You need to know where your packets will route in steady state.
Other routing techniques: unsure of what they mean here.
Explain the impact of data plane design decisions on the security of a network; implement security mechanisms to protect the data plane.
Infrastructure Protection: Think COPP
Policy Enforcement (QoS, BCP38): Probably just want to read BCP38
Prepare and explain security incident preparation and response strategies in a network.
Reaction Tools (Identification and Classification): IDS/IPS
Traceback Tools: not Cisco tracebacks, look here.
Remotely-Triggered Black Holes (RTBH) (destination, source, rate limit, etc.): good whitepaper here.
Sink Holes: paper here.
Reactive ACLs: this may refer to installation of ACLs by a third-party IDS/IPS tool.
CCDE
Written Exam
ADVDESIGN is the qualifying exam for the Cisco Certified Design Expert CCDE certification. The ADVDESIGN exam will test a candidate’s combined knowledge of routing protocols, internetworking theory and design principles .The exam assesses a candidate’s understanding of network design in the areas of routing, tunneling, Quality of Service, Management, Cost, Capacity, and Security. This exam combines in-depth technical concepts with Network Design principles and is intended for a Network Professional with at least 5 years of experience in Network Engineering or Advanced Network Design.
120 minutes
Available globally at Pearson VUE
Written Exam Blue Print
The following blueprint provides general guidelines for the content to be included on the ADVDESIGN beta exam.
Topic
IP Routing
Explain route aggregation concepts and techniques.
Purpose of route aggregation
Scalability and fault isolation
How to Aggregate
Explain the theory and application of network topology abstraction and layering.
Layers and their purpose
Core, aggregation, distribution, access
Purpose of Link State Topology Summarization
What is the purpose of LS topology summarization (not how it works)
Use of Link State Topology Summarization
Where and how to build a flooding domain border
Explain the impact of fault isolation and resiliency on network design.
What is the impact of fault isolation on network reliability
Separating rapid and/or massive changes from the remainder of the network, how to create fault isolation
What is fate sharing, and what is it’s impact
What is the impact of redundancy on convergence times
Explain metric based traffic flow and modification.
How to engineer metrics to modify traffic flow
“MPLS vs. IGP Traffic Engineering
Modifying IGP Metrics to Engineer Traffic Flow”
Understanding Traffic Flow & Metrics
Third Party Next Hop
Impact on redistribution design
Explain fast convergence techniques and mechanisms.
Layer 2 Down Detection
For all media types
Fast hello timers
OSPF, EIGRP, IS-IS, BGP
Fast SPF Timers
OSPF, IS-IS
Recursion and Convergence
Impact of Third Party Next Hop & BGP recursion
Explain routing protocol operation.
Neighbor Relationships
OSPF, EIGRP, IS-IS, BGP
Determining Loop Free Paths
OSPF, EIGRP, IS-IS, BGP, MPLS Constrained SPF
General Operation
OSPF, EIGRP, IS-IS, BGP; How each protocol operates
Flooding Domains and Stubs
OSPF/IS-IS flooding domains, EIGRP stubs
iBGP Mesh
Next hop mechanisms in BGP, RR’s, etc.
Select lower operational costs and complexity.
Route Filters
Simple vs. complex
General
Redistribution
Simple designs, tags, route filters, etc.
Explain transport mechanisms and interaction with routing protocols.
Link Characteristics
Point-to-point, point-to-multipoint, broadcast, etc.
RP Implementation on Various Links
OSPF on each link type
IS-IS on each link type
EIGRP considerations for point-to-multipoint
Topology Characteristics
Full mesh, partial mesh, ring, etc.
RP Implementation on Various Topologies
OSPF/IS-IS flood blocking, etc.
Explain generic routing and addressing concepts.
Policy Based Routing
IPv6 Basics
Explain multicast routing concepts.
General Multicast concepts
Tunneling
Explain how tunneling affects end service applications.
Identify and select tunneling technologies appropriate to meet network design objectives.
Identify where and when tunneling parameters must be tuned to optimize the operation of end user applications.
Knowledge of issues related to Layer 2 tunneling: i.e. packet ordering, MTU, etc.
What technologies support Layer 2 and Layer 3 tunneling: L2TPv3, GRE, ATOM, IPsec, etc.
How to implement tunneling given a specific situation: i.e. tunneling Novel IPX over a Layer 3 service provider core, etc.
Understanding of issues related to tunneling L3(IP) in L2(ATM, MPLS)
Explain, recognize, and select tunneling techniques appropriate to the size and scale of the network requirements.
What is the impact of different tunneling technologies on scalability (Selection of a tunneling technology with scalability as a criteria)
How scalability is affected based on type of tunnels (point-to-point, point-to-multipoint)
Explain how L3 routing is affected by tunneling technologies and select L3 routing protocols appropriate to implement tunneling and as passenger traffic in tunnels
How L3 routing is overlaid on a given tunneling technologies
What L3 Routing Protocol would suit a given tunneling technology, topology and scalability
Explain, recognize, and select logical and physical topologies required to meet network design requirements.
What are the best points/nodes in network to initiate and terminate tunnels
Which model would fulfill the requirements (full mesh, partial mesh, hierarchical)
Explain, recognize, and select methods for interconnecting tunneling environments across one or more service provider networks.
Describe different inter-provider tunneling models (i.e. 2547, GRE, IPsec, etc.
Explain, recognize, and select methods for steering traffic with tunnels and into tunnels.
Class Based Tunnel Selection
Traffic Engineering
Explain, recognize, and select methods for providing network failover and redundancy to meet network availability requirements.
Restoration vs. Protection (IGP Fast Convergence, FRR)
Non-stop Forwarding vs. Restoration (at the IP routing layer)
Explain, recognize, and select methods for interconnecting different types of attachment media on tunnel endpoints. Recognize and explain the differences in mapping different L2 technologies onto an L3 tunneling environment.
Interworking
Mapping Layer 2 service onto Layer 3 at the edge
Explain, recognize, and select methods to manage the size and scale of broadcast domains in tunneled L2VPN environments.
VPLS scaling issues
Spanning Tree issues
Broadcast issues across various topologies
3) QoS
Measure and interpret different QoS performance metrics.
Correlate performance metrics to application performance.
Knowledge of the different QoS performance metrics: one-way delay, round-trip delay, jitter, etc.
How to measure and interpret QoS performance metrics
How QoS performance metrics relate to user applications: i.e. impact of QoS metrics on application performance, etc.
Determine why, where and how to implement traffic classification, traffic conditioning and PHB.
Explain how DiffServ QoS tools work.
What DiffServ Terminology means (DS codepoint, Meter, DS ingress/egress node, Remark, DS domain, etc.)
Where to do Traffic Classification (edge and core of DS Domain)
What is Traffic Conditioning and where is it applied? (metering, marking, shaping and policing)
What are traffic profiles and meaning of in/out of profile (Token bucket)
What is the difference between micro-flow and DS behavior aggregate (PHB)
What is the impact on non-DS-compliant nodes within a DS domain on SLAs
What is the issue with MF Classifier and Fragmentation
What is the issue with re-marking and OoO packets
What is the purpose of shapers and droppers
What are different PHB models (e.g. x% minimal resources and proportional remaining link capacity)
What are issues with Different number/type of PHBs in different part of the network
What are the benefits of MF classification on edge and DS classification in the core
Understanding Classification/conditioning/PHB on a per customer basis or few number of templates
What are ways of DS Field Mapping to PHB: 1->1 or N->1 or both
What are tools for PHB Queue management and bounding delay, jitter, packet loss (e.g. TS, WRED, WFQ,etc.)
Understanding QoS provide differentiated services only when there is contention for resources
Explain operations of RSVP.
How RSVP Application does CAC and resource reservation
Explain generic QoS requirements for common application (VoIP, Video, TCP, UDP, control plane traffic).
Explain QoS requirements for control plane traffic.
What are generic VoIP Requirements
What are generic Video Requirements
What are generic TCP Requirements
What are generic UDP Requirements
Understanding of differentiation of control traffic vs data traffic
Where and how to define marking/conditioning of Control Traffic
Explain the techniques to avoid Class starvation when multiple classes are used (EF and non-EF).
How EF with a policer and MDRR/Priority Queue solves the problem
How minimum BW assignment per class or proportional BW assignment among all classes solves the problem
What is the impact of applications’ traffic within a given queue with same DS or different DS codepoint
What is the impact of applications’ traffic riding on the same node/link in case of failure
Explain the interaction of IP DSCP with other marking schemes (IP Prec, .1P, MPLS EXP, ATM, Frame Relay).
Interaction b/w DSCP and other technologies (understanding/issues/concerns)
Ethernet
ATM
Frame Relay
MPLS
RPR
IP Prec
In case of tunneling layers of marking : Differentiation between tunnel marking and data packet marking
Explain QoS based routing (PBR).
Situations where one has to pick one or two of the following to solve a problem (and understanding of the following)
BGP QoS Propagation
MTR
OER
PBR
CBTS
Management
Analyze network conditions and behavior to determine potential degradation or failure conditions.
Recognize conditions from SHOW output for data plane, control plane, hardware, etc.
Recognize conditions from DEBUG output for data plane, control plane, hardware, etc.
Recognize conditions from network behaviors for data plane, control plane, hardware, etc.
Recognize conditions from external monitoring and reporting systems.
Explain the operation and advantages of different management access mechanisms.
How to implement out of band access to all devices in a network
What should be considered when defining secure access to routers
Recognize when and where a design will result in failure.
Explain the operation and use of network management protocols.
Differences between the versions of SNMP.
Knowledge of puts, gets, operations (read, write)
Use of SNMP in SLA management
Identify when use of CMIP is appropriate
Identify when use of TMN is appropriate
Identify network management tools and their uses.
Recognize tools used for SLA management
Identify use of Generic On-Line Diagnostics (GOLD)
Identify and Classify tools for Event Management
State rules for use of Syslog
Knowledge of where to place Netflow Collectors
Identify Services required for flow collection
Recognize Port number for Netflow
Identify services required for event correlation
Identify auditable factors in a network.
Identify auditable factors in a network
Explain traffic management concepts and actions based on traffic statistics.
What is a traffic matrix
When to upgrade a link or re-route traffic
Interpretation of historical data to predict future growth and needs
Recognize configuration management tools and best practices.
Recognize uses of templating tools
Identify best practices for configuration management (i.e. logging config changes, auditing “as running” vs “as configured,” consistent feature application, etc.)
Describe role-based configuration access.
Security
Explain the impact of security availability design in the characteristics of a network.
OOB Access
Decoupling
Paul Baran Model
Compartmentalization
Use available tools in a network security design to address identity, monitoring and correlation aspects.
SNMP
Netflow
Syslog
RMON
DNS
Radius/AAA
Full Packet Classifiers
Explain the impact of control plane design decisions on the security of a network; implement security mechanisms to protect the control plane.
Use and impact of addressing.
Use and impact of area (flooding domain/summary points) placement.
Route/Topology/Link Hiding
Adjacency Protection (MD5, GTSM, etc.)
Route Validation
Route Filtering
Routing Plan
Other routing techniques.
Explain the impact of data plane design decisions on the security of a network; implement security mechanisms to protect the data plane.
Infrastructure Protection
Policy Enforcement (QoS, BCP38)
Prepare and explain security incident preparation and response strategies in a network.
Reaction Tools (Identification and Classification)
Traceback Tools
Remotely-Triggered Black Holes (RTBH) (destination, source, rate limit, etc.)
Sink Holes
Reactive ACLs
David
ADVDESIGN (CCDE): 352-001 Exam
Vendor: Cisco
Exam Code: 352-001
Exam Name: ADVDESIGN (CCDE)
Exam Products
Exam Description
Interactive Testing Engine Included!
240 Questions
Updated : 11/23/2008
Price : $131.99 $119.99
Cisco 352-001 Exam
When we first started offering the 352-001 exam questions and answers and exam simulator, we never dreamed we would be making the claims that we do now in the form of our unbelievable guarantee. TestKing.com GUARANTEES that you will pass your 352-001 exam on your first attempt after using one of our 352-001 training products. That’s right, with the 100% pass rate, the exam tools that we have created for you are so good – we can’t help but guarantee your results.
Known also as the Cisco ADVDESIGN (CCDE) (352-001), this exam plays an integral role in obtaining your certification. All Cisco certification exams are extremely detailed and cover many different technological areas. We designed the 352-001 questions and answers for this very purpose, to prepare you for the unexpected. Beyond the testing center, the skills you learn and the knowledge you confirm using the 352-001 practice exams and exam simulators will translate directly into your daily work environment.
When available, take advantage of the TestKing 352-001 Value Pack and save time and money while developing your skills to pass your ‘ADVDESIGN (CCDE) Exam’ and grab that Cisco certification. Let us help you climb that ladder of success and pass your 352-001 now!