400 101 pdf (421 to 430)

Ucertify offers free demo for passleader 400 101 exam. “CCIE Routing and Switching (v5.0)”, also known as cisco 400 101 exam, is a Cisco Certification. This set of posts, Passing the Cisco 400 101 ccie exam, will help you answer those questions. The ccie 400 101 dumps Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco passleader 400 101 exams and revised by experts!


Free VCE & PDF File for Cisco 400-101 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on:

Q421. Which technology can be used to secure the core of an STP domain? 

A. UplinkFast 

B. BPDU guard 

C. BPDU filter 

D. root guard 



Since STP does not implement any authentication or encryption to protect the exchange of BPDUs, it is vulnerable to unauthorized participation and attacks. Cisco IOS offers the STP Root Guard feature to enforce the placement of the root bridge and secure the core of the STP domain. 

STP root guard forces a port to become a designated port so that no switch on the other end of the link can become a root switch. If a port configured for root guard receives a superior BPDU, the port it is received on is blocked. In this way, STP root guard blocks other devices from trying to become the root bridge. 

STP root guard should be enabled on all ports that will never connect to a root bridge, for example, all end user ports. This ensures that a root bridge will never be negotiated on those ports. 

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/secur ebasebook/sec_chap7.html 

Q422. Refer to the exhibit. 

Which two statements about this egress queue are true? (Choose two.) 

A. The queue 3 buffer is allocated 20 percent, its drop threshold is 100 percent, and it is guaranteed 400 percent of memory. 

B. The queue 1 buffer is allocated 30 percent, its drop threshold is 25 percent, and it is guaranteed 100 percent of memory. 

C. The queue 1 buffer is allocated 30 percent, its drop threshold is 100 percent, and it is guaranteed 150 percent of memory. 

D. The queue 2 buffer is allocated 30 percent, its drop threshold is 200 percent, and it can use at maximum 400 percent of memory. 

E. The queue 3 buffer is allocated 30 percent, its drop threshold is 100 percent, and it can use at maximum 400 percent of memory. 

Answer: B,D 

Q423. Which two statements about Cisco Express Forwarding are true? (Choose two.) 

A. Cisco Express Forwarding tables contain reachability information and adjacency tables contain forwarding information. 

B. Cisco Express Forwarding tables contain forwarding information and adjacency tables contain reachability information. 

C. Changing MAC header rewrite strings requires cache validation. 

D. Adjacency tables and Cisco Express Forwarding tables can be built separately. 

E. Adjacency tables and Cisco Express Forwarding tables require packet process-switching. 

Answer: A,D 


Main Components of CEF 

Information conventionally stored in a route cache is stored in several data structures for Cisco Express Forwarding switching. The data structures provide optimized lookup for efficient packet forwarding. The two main components of Cisco Express Forwarding operation are the forwarding information base (FIB) and the adjacency tables. The FIB is conceptually similar to a routing table or information base. A router uses this lookup table to make destination-based switching decisions during Cisco Express Forwarding operation. The FIB is updated when changes occur in the network and contains all routes known at the time. Adjacency tables maintain Layer 2 next-hop addresses for all FIB entries. This separation of the reachability information (in the Cisco Express Forwarding table) and the forwarding information (in the adjacency table), provides a number of benefits: 

. The adjacency table can be built separately from the Cisco Express Forwarding table, allowing both to be built without any packets being process-switched. 

. The MAC header rewrite used to forward a packet is not stored in cache entries, so changes in a MAC header rewrite string do not require validation of cache entries. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipswitch_cef/configuration/15-mt/isw-cef-15-mt-book/isw-cef-overview.html 

Q424. Which two statements about BGP best-path selection are true? (Choose two.) 

A. The route with the highest local preference is preferred. 

B. The weight attribute is advertised to peers. 

C. The route with the lowest MED is preferred. 

D. A route that originates from iBGP peers is preferred. 

E. A route that originates from a router with a higher BGP router ID is preferred. 

F. The lowest weight advertised is preferred. 

Answer: A,C 

Q425. Refer to the exhibit. 

Which statement about configuring the switch to manage traffic is true? 

A. The switchport priority extend cos command on interface FastEthernet0/0 prevents traffic to and from the PC from taking advantage of the high-priority data queue that is assigned to the IP phone. 

B. The switchport priority extend cos command on interface FastEthernet0/0 enables traffic to and from the PC to use the high priority data queue that is assigned to the IP phone. 

C. When the switch is configured to trust the CoS label of incoming traffic, the trusted boundary feature is disabled automatically. 

D. The mls qos cos override command on interface FastEthernet0/0 configures the port to trust the CoS label of traffic to and from the PC. 



In some situations, you can prevent a PC connected to the Cisco IP Phone from taking advantage of a high-priority data queue. You can use the switchport priority extend cos interface configuration command to configure the telephone through the switch CLI to override the priority of the traffic received from the PC. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_22_ea2/configuration/guide/2950scg/swqos.html 

Q426. Which three statements about the differences between Cisco IOS and IOS-XE functionality are true? (Choose three.) 

A. Only IOS-XE Software can host applications outside of the IOS context. 

B. Only the IOS-XE Services Plane has multiple cores. 

C. Only the IOS-XE Data Plane has multiple cores. 

D. Only the IOS-XE Control Plane has multiple cores. 

E. Only IOS-XE module management integrates with packet processing. 

F. Only IOS-XE configuration and control is integrated with the kernel. 

Answer: A,B,C 

Q427. In a PfR environment, which two statements best describe the difference between active mode monitoring and fast mode monitoring? (Choose two.) 

A. Active mode monitoring can monitor and measure actual traffic via NetFlow data collection. 

B. Fast mode monitoring can measure bursty traffic better than active mode. 

C. Active mode monitoring uses IP SLA probes for the purpose of obtaining performance characteristics of the current WAN exit link. 

D. Fast mode monitoring uses IP SLA probes via all valid exits continuously to quickly determine an alternate exit link. 

Answer: C,D 


Active Monitoring 

PfR uses Cisco IOS IP Service Level Agreements (SLAs) to enable active monitoring. IP SLAs support is enabled by default. IP SLAs support allows PfR to be configured to send active probes to target IP addresses to measure the jitter and delay, determining if a prefix is out-of-policy and if the best exit is selected. The border router collects these performance statistics from the active probe and transmits this information to the master controller. 

Fast Failover Monitoring 

Fast failover monitoring enables passive and active monitoring and sets the active probes to continuously monitor all the exits (probe-all). Fast failover monitoring can be used with all types of active probes: Internet Control Message Protocol (ICMP) echo, jitter, TCP connection, and UDP echo. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pfr/command/pfr-cr-book/pfr-s1.html 

Q428. Refer to the exhibit. 

What password will be required to enter privileged EXEC mode on a device with the given configuration? 

A. ciscotest 

B. ciscocert 

C. cisco 

D. ciscors 

E. ciscoccie 


Q429. Refer to the exhibit. 

Assume that Cisco Discovery Protocol is supported and enabled only on switches A and C. 

Which information is returned when you issue the command show cdp neighbors on switch C? 

A. a limited amount of information about switch B 

B. neighbor details for switch A 

C. neighbor details for switch B 

D. neighbor details for switch C 


Q430. For which feature is the address family "rtfilter" used? 

A. Enhanced Route Refresh 

B. MPLS VPN filtering 

C. Route Target Constraint 

D. Unified MPLS 



With Multiprotocol Label Switching (MPLS) VPN, the internal Border Gateway Protocol (iBGP) peer or Route Reflector (RR) sends all VPN4 and/or VPN6 prefixes to the PE routers. The PE router drops the VPN4/6 prefixes for which there is no importing VPN routing and forwarding (VRF). This is a behavior where the RR sends VPN4/6 prefixes to the PE router, which it does not need. This is a waste of processing power on the RR and the PE and a waste of bandwidth. With Route Target Constraint (RTC), the RR sends only wanted VPN4/6 prefixes to the PE. 'Wanted' means that the PE has VRF importing the specific prefixes. RFC 4684 specifies Route Target Constraint (RTC). The support is through a new address family rtfilter for both VPNv4 and VPNv6. 

Reference: http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/116062-technologies-technote-restraint-00.html