200-201 Question #385: Real Exam Question with Answer & Explanation

Question

A company plans to implement network segmentations and use IP address inventory management best practices. Servers and end-user devices are using the same VLANs and IP subnets with manual address assignment. What are the first two steps the engineers must take to meet these requirements? (Choose two.)

Options

• AConfigure packet captures to perform deep packet inspection for further traffic analysis and
• BImplement deep network traffic analysis using NetFlow v5 from routers and switches.
• CDeploy an Active Directory server and add all assets to the created domain for better visibility.
• DAssign separate hard-coded IP address spaces for critical assets, according to their role and
• ECreate IP address inventory database and deploy separate role-based IP subnetting for users

Explanation

To implement network segmentation and improve IP management, engineers must first establish an IP inventory and then create separate, role-based IP subnetting for critical assets and users.

Common mistakes.

• A. Configuring packet captures and deep packet inspection is for traffic analysis and troubleshooting, not a first step for implementing network segmentation or IP address management.
• B. Implementing deep network traffic analysis using NetFlow is for monitoring and understanding traffic patterns, which comes after segmentation is designed and implemented, not as a first step to achieve it.
• C. Deploying an Active Directory server and adding assets for better visibility is related to identity management and centralized authentication, which is not a direct first step for network segmentation or IP address inventory as described.

Concept tested. Network segmentation and IP management

Reference. https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/ip-addressing

No community discussion yet for this question.