300-420 Exam Details
-
Exam Code
:300-420 -
Exam Name
:Designing Cisco Enterprise Networks (ENSLD) -
Certification
:CCNP Enterprise -
Vendor
:Cisco -
Total Questions
:395 Q&As -
Last Updated
:May 29, 2026
Cisco 300-420 Online Questions & Answers
-
Question 191:
An architect must design a topology for a WAN network that satisfies these requirements:
1.Devices must be able to make informed decisions.
2.Suboptimal paths are allowed only in case of a failure.
3.Backup paths must always be available. Which topology must the architect select?
A. full mesh
B. Clos
C. partial mesh
D. hub and spoke -
Question 192:
Which two best practices must be followed when designing an out-of-band management network? (Choose two.)
A. Enforce access control
B. Facilitate network integration
C. Back up data using the management network
D. Ensure that the management network is a backup to the data network
E. Ensure network isolation -
Question 193:
Which two statements regarding Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure? (Choose two.)
A. Only authorized controllers are allowed to communicate back to the vEdge router after the vEdge router establishes connections with the controllers.
B. By default, integrated IDS'IPS on inside and (WAN) side interfaces.
C. The vEdge routers run on hardened Linux operating systems.
D. In case of direct Internet access, the only traffic allowed back is the traffic matching the state table entries on the vEdge router.
E. Open Certificate Authority and automated enrollment feature. -
Question 194:
An architect must address sustained congestion on the access and distribution uplink of network. QoS has already been implemented and optimized, but it is no longer effective in ensuring optimal network performance. Which two solutions should the architect use to improver network performance? (Choose two)
A. Reconfigure QoS based on the IntServ model
B. Utilize random early detection to manage queues
C. Implement higher-speed uplink interfaces
D. Bundle additional uplinks into logical EtherChannels
E. Configure selective packet discard to drop noncritical network traffic. -
Question 195:
An engineer must design a routing solution for a company that is single-homed to an ISP.
The company's goal is to run BGP between theCEand the PE devices. To support running BGP, the company obtained a public AS number and IP subnet from ARIN. Which solution must the engineer select?
A. The customer announces the public IP subnet to the ISP The ISP announces the default route to the customer
B. The customer announces the public IP subnet to the ISP The ISP announces the BGP table to the customer
C. The ISP announces the customer public IP subnet The ISP announces the partial BGP table to the customer
D. The customer announces the default route to the ISP The ISP announces the default route to the customer -
Question 196:
DRAG DROP
Drag and drop the characteristics from the left onto the YANG modules they describe on the right. Not all options are used.
Select and Place:
-
Question 197:
A company's security policy requires that all connections between sites be encrypted in a manner that does not require maintenance of permanent tunnels. The sites are connected through a private MPLS-based service that uses a dynamically changing key and spoke-to-spoke communication. Which type of transport encryption must be used in this environment?
A. GETVPN
B. DMVPN
C. GRE VPN
D. standard IPsec VPN -
Question 198:
Refer to the exhibit.
An architect is designing a Layer 2 network for a customer. The network will use the spanning-tree protocol. During a link failure between SW1 and SW2, the fastest possible convergence time is desired. Which solution must the architect select?
A. UplinkFast
B. PortFast
C. BackboneFast
D. Loop Guard -
Question 199:
An engineermustdesign a management network for a customer's enterprise network. The design must:
1.provide the ability to grant and revoke access privileges
2.allow only protocols SSH, NTP, FTP, and SNMP
3.restrict access to management Interfaces
Which solution must the engineer choose to meet the requirements?
A. in-band
B. enterprise internal private
C. out-of-band
D. mGRE -
Question 200:
Refer to the exhibit.
The failover time of ISP-2 is significantly shorter than ISP-1 when an interface on the ISP router toward the campus network fails. Which solution minimizes the downtime to the sub-second?
A. Aggressive timers
B. Next-hop address tracking
C. Graceful-restart
D. BFD
Related Exams:
-
300-410
Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) -
300-415
Implementing Cisco SD-WAN Solutions (ENSDWI) -
300-420
Designing Cisco Enterprise Networks (ENSLD) -
300-425
Designing Cisco Enterprise Wireless Networks (ENWLSD) -
300-430
Implementing Cisco Enterprise Wireless Networks (ENWLSI) -
300-435
Automating and Programming Cisco Enterprise Solutions (ENAUTO) -
300-440
Designing and Implementing Cloud Connectivity (ENCC) -
350-401
Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR)
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-420 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.