400-101 Exam Questions - Online Test
400-101 Premium VCE File
150 Lectures, 20 Hours
Actualtests offers free demo for ccie 400 101 exam. "CCIE Routing and Switching (v5.0)", also known as 400 101 vce exam, is a Cisco Certification. This set of posts, Passing the Cisco 400 101 vce exam, will help you answer those questions. The 400 101 vce Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco cisco 400 101 exams and revised by experts!
Q301. Which two are features of DMVPN? (Choose two.)
A. It does not support spoke routers behind dynamic NAT.
B. It requires IPsec encryption.
C. It only supports remote peers with statically assigned addresses.
D. It supports multicast traffic.
E. It offers configuration reduction.
Answer: D,E
Explanation:
DMVPN Hub-and-spoke deployment model: In this traditional topology, remote sites (spokes) are aggregated into a headend VPN device at the corporate headquarters (hub). Traffic from any remote site to other remote sites would need to pass through the headend device. Cisco DMVPN supports dynamic routing, QoS, and IP Multicast while significantly reducing the configuration effort.
Reference: http://www.cisco.com/c/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/data_sheet_c78-468520.html
Q302. Which two values comprise the VPN ID for an MPLS VPN? (Choose two.)
A. an OUI
B. a VPN index
C. a route distinguisher
D. a 16-bit AS number
E. a 32-bit IP address
Answer: A,B
Explanation:
Each MPLS VPN ID defined by RFC 2685 consists of the following elements:
. An Organizational Unique Identifier (OUI), a three-octet hex number: The IEEE Registration Authority assigns OUIs to any company that manufactures
components under the ISO/IEC 8802 standard. The OUI is used to generate universal LAN MAC addresses and protocol identifiers for use in local and metropolitan area network applications. For example, an OUI for Cisco Systems is 00-03-6B (hex).
. A Virtual Private Network (VPN) index: a four-octet hex number, which identifies the VPN within the company.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/15-mt/mp-l3-vpns-15-mt-book/mp-assgn-id-vpn.html
Q303. Which three condition types can be monitored by crypto conditional debug? (Choose three.)
A. Peer hostname
B. SSL
C. ISAKMP
D. Flow ID
E. IPsec
F. Connection ID
Answer: A,D,F
Explanation:
Supported Condition Types
The new crypto conditional debug CLIs--debug crypto condition, debug crypto condition unmatched, and show crypto debug-condition--allow you to specify conditions (filter values) in which to generate and display debug messages related only to the specified conditions. The table below lists the supported condition types.
Table 1 Supported Condition Types for Crypto Debug CLI
Condition Type (Keyword)
Description
connid 1
An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the connection ID to interface with the crypto engine.
flowid 1
An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the flow-ID to interface with the crypto engine.
FVRF
The name string of a virtual private network (VPN) routing and forwarding (VRF) instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its front-door VRF (FVRF).
IVRF
The name string of a VRF instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its inside VRF (IVRF).
peer group
A Unity group-name string. Relevant debug messages will be shown if the peer is using this group name as its identity.
peer hostname
A fully qualified domain name (FQDN) string. Relevant debug messages will be shown if the peer is using this string as its identity; for example, if the peer is enabling IKE Xauth with this FQDN string.
peeripaddress
A single IP address. Relevant debug messages will be shown if the current IPSec operation is related to the IP address of this peer.
peer subnet
A subnet and a subnet mask that specify a range of peer IP addresses. Relevant debug messages will be shown if the IP address of the current IPSec peer falls into the specified subnet range.
peer username
A username string. Relevant debug messages will be shown if the peer is using this username as its identity; for example, if the peer is enabling IKE Extended Authentication (Xauth) with this username.
SPI 1
A 32-bit unsigned integer. Relevant debug messages will be shown if the current IPSec operation uses this value as the SPI.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-crypto-debug-sup.html
Q304. Which two options are the two main phases of PPPoE? (Choose two.)
A. Active Discovery Phase
B. IKE Phase
C. Main Mode Phase
D. PPP Session Phase
E. Aggressive Mode Phase
F. Negotiation Phase
Answer: A,D
Explanation:
PPPoE is composed of two main phases:
Active Discovery Phase — In this phase, the PPPoE client locates a PPPoE server, called an access concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established.
PPP Session Phase — In this phase, PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers.
Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-pppoe.html
Q305. Refer to the exhibit.
Which type of BGP peer is 192.168.1.1?
A. route reflector client
B. iBGP
C. confederation
D. VPNv4
Answer: C
Q306. A TCP/IP host is able to transmit small amounts of data (typically less than 1500 bytes), but attempts to transmit larger amounts of data hang and then time out. What is the cause of this problem?
A. A link is flapping between two intermediate devices.
B. The processor of an intermediate router is averaging 90 percent utilization.
C. A port on the switch that is connected to the TCP/IP host is duplicating traffic and sending it to a port that has a sniffer attached.
D. There is a PMTUD failure in the network path.
Answer: D
Explanation:
Sometimes, over some IP paths, a TCP/IP node can send small amounts of data (typically less than 1500 bytes) with no difficulty, but transmission attempts with larger amounts of data hang, then time out. Often this is observed as a unidirectional problem in that large data transfers succeed in one direction but fail in the other direction. This problem is likely caused by the TCP MSS value, PMTUD failure, different LAN media types, or defective links.
Reference: http://www.cisco.com/c/en/us/support/docs/additional-legacy-protocols/ms-windows-networking/13709-38.html
Q307. Which component of MPLS architecture uses protocols such as the label distribution protocol and tag distribution protocol to exchange labels?
A. control plane
B. data plane
C. forwarding plane
D. routing plane
Answer: A
Q308. What is a cause for unicast flooding?
A. Unicast flooding occurs when multicast traffic arrives on a Layer 2 switch that has directly connected multicast receivers.
B. When PIM snooping is not enabled, unicast flooding occurs on the switch that interconnects the PIM-enabled routers.
C. A man-in-the-middle attack can cause the ARP cache of an end host to have the wrong MAC address. Instead of having the MAC address of the default gateway, it has a MAC address of the man-in-the-middle. This causes all traffic to be unicast flooded through the man-in-the-middle, which can then sniff all packets.
D. Forwarding table overflow prevents new MAC addresses from being learned, and packets destined to those MAC addresses are flooded until space becomes available in the forwarding table.
Answer: D
Explanation:
Causes of Flooding The very cause of flooding is that destination MAC address of the packet is not in the L2 forwarding table of the switch. In this case the packet will be flooded out of all forwarding ports in its VLAN (except the port it was received on). Below case studies display most common reasons for destination MAC address not being known to the switch.
Cause 1: Asymmetric Routing
Large amounts of flooded traffic might saturate low-bandwidth links causing network performance issues or complete connectivity outage to devices connected across such low-bandwidth links
Cause 2: Spanning-Tree Protocol Topology Changes
Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology Change Notification (TCN). TCN is designed to correct forwarding tables after the forwarding topology has changed. This is necessary to avoid a connectivity outage, as after a topology change some destinations previously accessible via particular ports might become accessible via different ports. TCN operates by shortening the forwarding table aging time, such that if the address is not relearned, it will age out and flooding will occur
Cause 3: Forwarding Table Overflow
Another possible cause of flooding can be overflow of the switch forwarding table. In this case, new addresses cannot be learned and packets destined to such addresses are flooded until some space becomes available in the forwarding table. New addresses will then be learned. This is possible but rare, since most modern switches have large enough forwarding tables to accommodate MAC addresses for most designs.
Reference:
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/23563-143.html
Q309. Which two statements best describe the difference between active mode monitoring and passive mode monitoring? (Choose two.)
A. Passive mode monitoring uses IP SLA to generate probes for the purpose of obtaining information regarding the characteristics of the WAN links.
B. Active mode monitoring is the act of Cisco PfR gathering information on user packets assembled into flows by NetfFow.
C. Active mode monitoring uses IP SLA probes for obtaining performance characteristics of the current exit WAN link.
D. Passive mode monitoring uses NetFlow for obtaining performance characteristics of the exit WAN links.
Answer: C,D
Explanation:
. Passive and Active Monitoring
Passive monitoring is the act of OER gathering information on user packets assembled into flows by NetFlow. OER, when enabled, automatically enables NetFlow on the managed interfaces on the border routers. By aggregating this information on the border routers and periodically reporting the collected data to the master controller, the network prefixes and applications in use can automatically be learned. Additionally, attributes like throughput, reachability, loading, packet loss, and latency can be deduced from the collected flows. Active monitoring is the act of generating IP SLA probes to generate test traffic for the purpose of obtaining information regarding the characteristics of the WAN links. Active probes can either be implicitly generated by OER when passive monitoring has identified destination hosts, or explicitly configured by the network manager in the OER configuration.
Reference: http://products.mcisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/Transport_div ersity/Transport_Diversity_PfR.html#wp199209
Q310. Which two statements about the BGP community attribute are true? (Choose two.)
A. Routers send the community attribute to all BGP neighbors automatically.
B. A router can change a received community attribute before advertising it to peers.
C. It is a well-known, discretionary BGP attribute.
D. It is an optional transitive BGP attribute.
E. A prefix can support only one community attribute.
Answer: B,D
Explanation:
A community is a group of prefixes that share some common property and can be configured with the BGP community attribute. The BGP Community attribute is an optional transitive attribute of variable length. The attribute consists of a set of four octet values that specify a community. The community attribute values are encoded with an Autonomous System (AS) number in the first two octets, with the remaining two octets defined by the AS. A prefix can have more than one community attribute. A BGP speaker that sees multiple community attributes in a prefix can act based on one, some or all the attributes. A router has the option to add or modify a community attribute before the router passes the attribute on to other peers.
Reference:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/28784-bgp-community.html
- A Review Of Pinpoint 300-075 exam dumps
- What Virtual 300-415 Test Engine Is
- What Verified 400-051 braindumps Is?
- A Review Of 100% Correct 300-115 exam
- 10 Tips For Refresh 300-101 exam dumps
- Certified CCDP 300-320 pdf
- Down To Date 350-501 Test For Implementing And Operating Cisco Service Provider Network Core Technologies Certification
- Verified CCNP Security 300-208 exam dumps
- What Free 300-320 exam Is?
- 10 Tips For Far out 200-125 exam dumps