Foolproof ccie 400 101 tips

400-101

♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 400-101 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/400-101-exam-dumps.html

Q71. DRAG DROP 

Drag and drop the argument of the ip cef load-sharing algorithm command on the left to the function it performs on the right. 

Answer: 


Q72. Which authentication method does OSPFv3 use to secure communication between neighbors? 

A. plaintext 

B. MD5 HMAC 

C. PKI 

D. IPSec 

Answer:

Explanation: 

In order to ensure that OSPFv3 packets are not altered and re-sent to the device, causing the device to behave in a way not desired by its system administrators, OSPFv3 packets must be authenticated. OSPFv3 uses the IPsec secure socket API to add authentication to OSPFv3 packets. This API supports IPv6. OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html 


Q73. Which two statements are true about RSTP? (Choose two.) 

A. By default, RTSP uses a separate TCN BPDU when interoperating with 802.1D switches. 

B. By default, RTSP does not use a separate TCN BPDU when interoperating with 802.1D switches. 

C. If a designated port receives an inferior BPDU, it immediately triggers a reconfiguration. 

D. By default, RTSP uses the topology change TC flag. 

E. If a port receives a superior BPDU, it immediately replies with its own information, and no reconfiguration is triggered. 

Answer: B,D 

Explanation: 

The RSTP does not have a separate topology change notification (TCN) BPDU. It uses the topology change (TC) flag to show the topology changes. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_9_ea1/configuration/guide/scg/swmstp.html 


Q74. If two OSPF type 3 prefixes have the same metric, and are within the same process, which prefix(es) are installed into the routing table? 

A. The route whose originator has the lower router ID. 

B. Both routes are installed. 

C. The route whose originator has the higher router ID. 

D. The first route that is learned. 

Answer:

Explanation: 

OSPF allows multiple equal-cost paths to the same destination. Since all link-state information is flooded and used in the SPF calculation, multiple equal cost paths can be computed and used for routing, and each route will be installed in the routing table. 


Q75. What are two benefits of Per-Tunnel QoS for DMVPN? (Choose two.) 

A. The administrator can configure criteria that, when matched, can automatically set up QoS for each spoke as it comes online. 

B. Traffic from each spoke to the hub can be regulated individually. 

C. When traffic exceeds a configurable threshold, the spokes can automatically set up QoS with the hub. 

D. The hub can send large packets to a spoke during allotted timeframes. 

E. The hub can be regulated to prevent overloading small spokes. 

Answer: A,E 


Q76. Which two statements about BGP loop prevention are true? (Choose two.) 

A. Advertisements from PE routers with per-neighbor SOO configured include a Site of Origin value that is equal to the configured value of the BGP peering. 

B. If the configured Site of Origin value of a BGP peering is equal to the Site of Origin value on a route it receives, route advertisement is blocked to prevent a route loop. 

C. AS-override aids BGP loop prevention, but alternate loop prevention mechanisms are also necessary. 

D. Advertisements from the neighbors a BGP peering include a Site of Origin value that is separate from the configured value of the BGP peering. 

E. If the configured Site of Origin value of a BGP peering is greater than the Site of Origin value on a route it receives, route advertisement is blocked to prevent a route loop. 

F. If the configured Site of Origin value of a BGP peering is equal to the Site of Origin value on a route it receives, route advertisement is permitted. 

Answer: A,B 


Q77. Which two OSPF LSA types are flooded within the originating area? (Choose two.) 

A. type 1, Router LSA 

B. type 2, Network LSA 

C. type 3, Network Summary LSA 

D. type 4, ASBR Summary LSA 

E. type 6, Group Membership LSA 

F. type 9, Opaque LSA 

Answer: A,B 

Explanation: 

OSPF relies on several types of Link State Advertisements (LSAs) to communicate link state information between neighbors. A brief review of the most applicable LSA types: 

. Type 1 - Represents a router 

. Type 2 - Represents the pseudonode (designated router) for a multiaccess link 

. Type 3 - A network link summary (internal route) 

. Type 4 - Represents an ASBR 

. Type 5 - A route external to the OSPF domain 

. Type 7 - Used in stub areas in place of a type 5 LSA LSA types 1 and 2 are found in all areas, and are never flooded outside of an area. They are only flooded within the area that they originated from. 

Reference: http://packetlife.net/blog/2008/jun/24/ospf-area-types/ 


Q78. Refer to the exhibit. 

What password will be required to enter privileged EXEC mode on a device with the given configuration? 

A. ciscotest 

B. ciscocert 

C. cisco 

D. ciscors 

E. ciscoccie 

Answer:


Q79. Refer to the exhibit. 

A spoke site that is connected to Router-A cannot reach a spoke site that is connected to Router-B, but both spoke sites can reach the hub. What is the likely cause of this issue? 

A. There is a router doing PAT at site B. 

B. There is a router doing PAT at site A. 

C. NHRP is learning the IP address of the remote spoke site as a /32 address rather than a /24 address. 

D. There is a routing issue, as NHRP registration is working. 

Answer:

Explanation: 

If one spoke is behind one NAT device and another different spoke is behind another NAT device, and Peer Address Translation (PAT) is the type of NAT used on both NAT devices, then a session initiated between the two spokes cannot be established. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/sec_secure_connectivity/configuration/gui de/convert/sec_dmvpn_xe_3s_book/sec_dmvpn_dt_spokes_b_nat_xe.html 


Q80. EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy rollover from an old key to a new key. Which two statements are true regarding the usage of multiple authentication keys? (Choose two.) 

A. Received packets are authenticated by the key with the smallest key ID. 

B. Sent packets are authenticated by all valid keys, which means that each packet is replicated as many times as the number of existing valid keys. 

C. Received packets are authenticated by any valid key that is chosen. 

D. Sent packets are authenticated by the key with the smallest key ID. 

Answer: C,D 

Explanation: 

Suppose two routers are connected with each other via Fa0/0 interfaces and they are configured to authenticate via MD5. Below is a simple configuration on both routers so that they will work: 

Router1(config)#key chain KeyChainR1 

Router1(config-keychain)#key 1 

Router1(config-keychain-key)#key-string FirstKey 

Router1(config-keychain-key)#key 2 

Router1(config-keychain-key)#key-string SecondKey 

Router2(config)#key chain KeyChainR2 

Router2(config-keychain)#key 1 

Router2(config-keychain-key)#key-string FirstKey 

Router2(config-keychain-key)#key 2 

Router2(config-keychain-key)#key-string SecondKey 

Apply these key chains to R1 & R2: 

Router1(config)#interface fastEthernet 0/0 

Router1(config-if)#ip authentication mode eigrp 1 md5 

Router1(config-if)#ip authentication key-chain eigrp 1 KeyChainR1 

Router2(config)#interface fastEthernet 0/0 

Router2(config-if)#ip authentication mode eigrp 1 md5 

Router2(config-if)#ip authentication key-chain eigrp 1 KeyChainR2 

There are some rules to configure MD5 authentication with EIGRP: 

+ The key chain names on two routers do not have to match (in this case the name “KeyChainR1 & “KeyChainR2 do not match) 

+ The key number and key-string on the two potential neighbors must match (for example “key 1 & “key-string FirstKey” must match on “key 1” & “key-string FirstKey” of neighboring router) Also some facts about MD5 authentication with EIGRP 

+ When sending EIGRP messages the lowest valid key number is used -> D is correct. 

+ When receving EIGRP messages all currently configured valid keys are verified but the lowest valid one will be used -> Although answer C does not totally mention like that but it is the most suitable answer because A and B are totally wrong. Answer A is not correct because we need valid key to authenticate. As mentioned above, although answer C is not totally correct but it puts some light on why 

answer B is not correct: each packet is NOT “replicated as many times as the number of existing valid keys”. All currently configured valid keys are verified but the lowest valid one will be used. 


Related 400-101 posts:

  1. Renew 400-101 pdf exam Guide
  2. Foolproof cisco 400 101 tips
  3. What Does 400-101 exam topics Mean?
  4. 400-101 testing material(181 to 190) for IT specialist: Mar 2021 Edition
  5. Amazing passleader 400 101 To Try