Cisco Updated 400-007 Exam Questions and Answers by noura

EIGRP may be valid for initial deployment, but its scalability limitations — including proprietary nature, limited support over non-broadcast multipoint VPNs, and suboptimal convergence for large WAN overlays — make it most restrictive for future expansion.

BGP is typically the most scalable choice for large-scale VPN WAN deployments.

Why other options are incorrect:

B: IS-IS is not commonly deployed over Internet VPNs.

C: OSPF has better scalability than EIGRP for multi-area design but still limited over VPN overlays.

D: BGP is the preferred protocol for large-scale IPsec VPN WANs.

—

--------------------------------------------------------------------------------------------

—

The question describes a network that requires virtualization at both control and data plane levels using VLANs and VRFs. This architecture aligns with:

Path isolation (A): Achieved using VRFs and VLANs, ensuring traffic separation at Layer 2 and Layer 3 across the entire network.

Group virtualization (C): Refers to grouping users or resources (such as departments or tenants) into isolated segments that remain logically separated throughout the campus fabric.

Other options explained:

B (Session isolation): More aligned with application or session-layer security, not data/control plane virtualization.

D (Services virtualization): Typically related to virtualizing network services (firewalls, load balancers).

E (Edge isolation): Not a standard design term in CCDE.

—