Examples of cisco 400 101

It is more faster and easier to pass the Cisco passleader 400 101 exam by using Approved Cisco CCIE Routing and Switching (v5.0) questuins and answers. Immediate access to the Up to the minute 400 101 dumps Exam and find the same core area 400 101 dumps questions with professionally verified answers, then PASS your exam with a high score now.

2018 NEW RECOMMEND

Free VCE & PDF File for Cisco 400-101 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/400-101-dumps.html

Q131. Refer to the exhibit. 

Which two statements are true about the displayed STP state? (Choose two.) 

A. The STP version configured on the switch is IEEE 802.1w. 

B. Port-channel 1 is flapping and the last flap occurred 1 minute and 17 seconds ago. 

C. The switch does not have PortFast configured on Gi0/15. 

D. BPDUs with the TCN bit set are transmitted over port channel 1. 

Answer: C,D 

Explanation: 

A port enabled with portfast will not send topology changes when a port goes up or down, but here we see that 296 TCN’s were sent so we know that Gi 0/15 does not have portfast enabled. 

TCN’s are sent using BPDU’s over the root port, which we see is port channel 1. 

Q132. Which two statements about VPLS are true? (Choose two.) 

A. Split horizon is used on PE devices to prevent loops. 

B. Spanning tree is extended from CE to CE. 

C. IP is used to switch Ethernet frames between sites. 

D. PE routers dynamically associate to peers. 

E. VPLS extends a Layer 2 broadcast domain. 

Answer: A,E 

Q133. Which statement is true comparing L2TPv3 to EoMPLS? 

A. L2TPv3 requires OSPF routing, whereas EoMPLS does not. 

B. EoMPLS requires BGP routing, whereas L2TPv3 does not. 

C. L2TPv3 carries L2 frames inside MPLS tagged packets, whereas EoMPLS carries L2 frames inside IPv4 packets. 

D. L2TPv3 carries L2 frames inside IPv4 packets, whereas EoMPLS carries L2 frames inside MPLS packets. 

Answer:

Explanation: 

Ethernet-over-MPLS (EoMPLS) provides a tunneling mechanism for Ethernet traffic through an MPLS-enabled L3 core and encapsulates Ethernet protocol data units (PDUs) inside MPLS packets (using label stacking) to forward them across the MPLS network. Another technology that more or less achieves the result of AToM is L2TPV3. In the case of L2TPV3 Layer 2 frames are encapsulated into an IP packet instead of a labelled MPLS packet. 

Reference: http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-3/lxvpn/configuration/guide/lesc43xbook/lesc43p2ps.html 

Q134. Which address is a MAC address that is mapped from an IPv6 address (RFC 2464)? 

A. 3333.FF17.FC0F 

B. FFFE. FF17.FC0F 

C. FF34.3333.FF17 

D. FF7E.FF17.FC0F 

Answer:

Explanation: 

An IPv6 packet with a multicast destination address DST, consisting of the sixteen octets DST through DST, is transmitted to the Ethernet multicast address whose first two octets are the value 3333 hexadecimal and whose last four octets are the last four octets of DST. 

Reference: https://tools.ietf.org/html/rfc2464 

Q135. Which three condition types can be monitored by crypto conditional debug? (Choose three.) 

A. Peer hostname 

B. SSL 

C. ISAKMP 

D. Flow ID 

E. IPsec 

F. Connection ID 

Answer: A,D,F 

Explanation: 

Supported Condition Types 

The new crypto conditional debug CLIs–debug crypto condition, debug crypto condition unmatched, and show crypto debug-condition–allow you to specify conditions (filter values) in which to generate and display debug messages related only to the specified conditions. The table below lists the supported condition types. 

Table 1 Supported Condition Types for Crypto Debug CLI 

Condition Type (Keyword) 

Description 

connid 1 

An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the connection ID to interface with the crypto engine. 

flowid 1 

An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the flow-ID to interface with the crypto engine. 

FVRF 

The name string of a virtual private network (VPN) routing and forwarding (VRF) instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its front-door VRF (FVRF). 

IVRF 

The name string of a VRF instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its inside VRF (IVRF). 

peer group 

A Unity group-name string. Relevant debug messages will be shown if the peer is using this group name as its identity. 

peer hostname 

A fully qualified domain name (FQDN) string. Relevant debug messages will be shown if the peer is using this string as its identity; for example, if the peer is enabling IKE Xauth with this FQDN string. 

peeripaddress 

A single IP address. Relevant debug messages will be shown if the current IPSec operation is related to the IP address of this peer. 

peer subnet 

A subnet and a subnet mask that specify a range of peer IP addresses. Relevant debug messages will be shown if the IP address of the current IPSec peer falls into the specified subnet range. 

peer username 

A username string. Relevant debug messages will be shown if the peer is using this username as its identity; for example, if the peer is enabling IKE Extended Authentication (Xauth) with this username. 

SPI 1 

A 32-bit unsigned integer. Relevant debug messages will be shown if the current IPSec operation uses this value as the SPI. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-crypto-debug-sup.html 

Q136. EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy rollover from an old key to a new key. Which two statements are true regarding the usage of multiple authentication keys? (Choose two.) 

A. Received packets are authenticated by the key with the smallest key ID. 

B. Sent packets are authenticated by all valid keys, which means that each packet is replicated as many times as the number of existing valid keys. 

C. Received packets are authenticated by any valid key that is chosen. 

D. Sent packets are authenticated by the key with the smallest key ID. 

Answer: C,D 

Explanation: 

Suppose two routers are connected with each other via Fa0/0 interfaces and they are configured to authenticate via MD5. Below is a simple configuration on both routers so that they will work: 

Router1(config)#key chain KeyChainR1 

Router1(config-keychain)#key 1 

Router1(config-keychain-key)#key-string FirstKey 

Router1(config-keychain-key)#key 2 

Router1(config-keychain-key)#key-string SecondKey 

Router2(config)#key chain KeyChainR2 

Router2(config-keychain)#key 1 

Router2(config-keychain-key)#key-string FirstKey 

Router2(config-keychain-key)#key 2 

Router2(config-keychain-key)#key-string SecondKey 

Apply these key chains to R1 & R2: 

Router1(config)#interface fastEthernet 0/0 

Router1(config-if)#ip authentication mode eigrp 1 md5 

Router1(config-if)#ip authentication key-chain eigrp 1 KeyChainR1 

Router2(config)#interface fastEthernet 0/0 

Router2(config-if)#ip authentication mode eigrp 1 md5 

Router2(config-if)#ip authentication key-chain eigrp 1 KeyChainR2 

There are some rules to configure MD5 authentication with EIGRP: 

+ The key chain names on two routers do not have to match (in this case the name “KeyChainR1 & “KeyChainR2 do not match) 

+ The key number and key-string on the two potential neighbors must match (for example “key 1 & “key-string FirstKey” must match on “key 1” & “key-string FirstKey” of neighboring router) Also some facts about MD5 authentication with EIGRP 

+ When sending EIGRP messages the lowest valid key number is used -> D is correct. 

+ When receving EIGRP messages all currently configured valid keys are verified but the lowest valid one will be used -> Although answer C does not totally mention like that but it is the most suitable answer because A and B are totally wrong. Answer A is not correct because we need valid key to authenticate. As mentioned above, although answer C is not totally correct but it puts some light on why 

answer B is not correct: each packet is NOT “replicated as many times as the number of existing valid keys”. All currently configured valid keys are verified but the lowest valid one will be used. 

Q137. Which two statements about the passive-interface command are true? (Choose two.) 

A. A RIP router listens to multicast updates from its neighbor but stops sending multicast updates on the passive interface. 

B. In OSPF, configuring passive-interface at the interface level suppresses hello packets for the interface and all sub interfaces. 

C. An EIGRP router can form neighbor relationship on the passive interface, but incoming and outgoing multicast updates are disabled on the interface. 

D. A RIP router disables all incoming and outgoing multicast updates in the passive interface. 

E. In EIGRP, the passive interface stops sending hello packets. 

F. In OSPF, the passive interface can receive incoming routing updates and update the device routing table. 

Answer: A,E 

Q138. Refer to the exhibit. 

Which statement about the debug behavior of the device is true? 

A. The device debugs all IP events for 172.16.129.4. 

B. The device sends all debugging information for 172.16.129.4. 

C. The device sends only NTP debugging information to 172.16.129.4. 

D. The device sends debugging information every five seconds. 

Answer:

Explanation: 

This is an example of a conditional debug, where there is a single condition specified of IP address 172.16.129.4. So, all IP events for that address will be output in the debug. 

Q139. Which two statements about reverse ARP are true? (Choose two.) 

A. Its servers require static mappings. 

B. It works with AutoInstall to configure new devices. 

C. It provides IP addresses for subnet masks. 

D. It provides IP addresses for default gateways. 

E. It requires less maintenance than DHCP. 

Answer: A,B 

Q140. An IP SLA fails to generate statistics. How can you fix the problem? 

A. Add the verify-data command to the router configuration. 

B. Reload the router configuration. 

C. Remove the ip sla schedule statement from the router configuration and re-enter it. 

D. Add the debug ip sla error command to the router configuration. 

E. Add the debug ip sla trace command to the router configuration. 

Answer: