400 101 ccie : Jun 2021 Edition

400-101

Want to know Actualtests 400 101 dumps Exam practice test features? Want to lear more about Cisco CCIE Routing and Switching (v5.0) certification experience? Study Tested Cisco passleader 400 101 answers to Updated cisco 400 101 questions at Actualtests. Gat a success with an absolute guarantee to pass Cisco 400 101 ccie (CCIE Routing and Switching (v5.0)) test on your first attempt.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 400-101 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/400-101-exam-dumps.html

Q231. Which protocol uses a proprietary 2-byte Type field for multiple protocol support? 

A. HDLC 

B. PPP 

C. CHAP 

D. PAP 

Answer:


Q232. Refer to the exhibit. 

Which two corrective actions could you take if EIGRP routes from R2 fail to reach R1? (Choose two.) 

A. Configure R2 to use a VRF to send routes to R1. 

B. Configure the autonomous system in the EIGRP configuration of R1. 

C. Correct the network statement on R2. 

D. Add the interface on R1 that is connected to R2 into a VRF. 

Answer: B,D 

Explanation: 

In this question we are running VRF Lite on R1. VRF Lite is also knows as “VRF without 

running MPLS”. This is an example of how to configure VRF Lite with EIGRP: 

ip vrf FIRST 

rd 1:1 

ip vrf SECOND 

rd 1:2 

router eigrp 1 

no auto-summary 

address-family ipv4 vrf FIRST 

network 10.1.1.1 0.0.0.0 

no auto-summary 

autonomous-system 200 

exit-address-family 

address-family ipv4 vrf SECOND 

network 10.1.2.1 0.0.0.0 

no auto-summary 

autonomous-system 100 

exit-address-family 

interface FastEthernet0/0 

ip vrf forwarding FIRST 

ip address 10.1.1.1 255.255.255.0 

interface FastEthernet0/1 

ip vrf forwarding SECOND 

ip address 10.1.2.1 255.255.255.0 

The above example creates two VRFs (named “FIRST” and “SECOND”). VRF “FIRST” runs on EIGRP AS 200 while VRF “SECOND” runs on EIGRP AS 100. After that we have to add interfaces to the appropriate VRFs. From this example, back to our question we can see that R1 is missing the “autonomous-system …” command under “address-family ipv4 vrf R2. And R1 needs an interface configured under that VRF. 

Note. R2 does not run VRF at all! Usually R2 resides on customer side. 


Q233. Which regular expression will only allow prefixes that originated from AS 65000 and that are learned through AS 65001? 

A. ^65000_65001$ 

B. 65000_65001$ 

C. ^65000_65001 

D. ^65001_65000$ 

Answer:

Explanation: 

The following table lists the regular expressions and their meanings: 

+------------------------------------------------------+ 

| CHAR | USAGE | 

+------------------------------------------------------| 

| ^ | Start of string | 

|------|-----------------------------------------------| 

| $ | End of string | 

|------|-----------------------------------------------| 

| [] | Range of characters | 

|------|-----------------------------------------------| 

| - | Used to specify range ( i.e. [0-9] ) | 

|------|-----------------------------------------------| 

| ( ) | Logical grouping | 

|------|-----------------------------------------------| 

| . | Any single character | 

|------|-----------------------------------------------| 

| * | Zero or more instances | 

|------|-----------------------------------------------| 

| + | One or more instance | 

|------|-----------------------------------------------| 

| ? | Zero or one instance | 

|------|-----------------------------------------------| 

| _ | Comma, open or close brace, open or close | 

| | parentheses, start or end of string, or space | 

+------------------------------------------------------+ 

Some commonly used regular expressions include: 

+-------------+---------------------------+ 

| Expression | Meaning | 

|-------------+---------------------------| 

| .* | Anything | 

|-------------+---------------------------| 

| ^$ | Locally originated routes | 

|-------------+---------------------------| 

| ^100_ | Learned from AS 100 | 

|-------------+---------------------------| 

| _100$ | Originated in AS 100 | 

|-------------+---------------------------| 

| _100_ | Any instance of AS 100 | 

|-------------+---------------------------| 

| ^[0-9]+$ | Directly connected ASes | 

+-------------+---------------------------+ 

Reference: http://blog.ine.com/2008/01/06/understanding-bgp-regular-expressions/ 


Q234. Which two fields reside in the initial CHAP challenge packet? (Choose two.) 

A. the authentication name of the challenger 

B. a random hash value generated by the device 

C. the hashed packet type ID 

D. the packet type ID in clear text 

Answer: A,D 

Explanation: 

When a caller A dials in to an access server B, The Access server sends across the link an initial Type 1 authentication packet called a Challenge. This Challenge packet contains a randomly generated number, an ID sequence number to identify the challenge (sent in clear text) and the authentication name of the challenger. 

Reference: http://www.rhyshaden.com/ppp.htm 


Q235. Which three roles does a key server perform when used with GETVPN? (Choose three.) 

A. It authenticates group members. 

B. It manages security policies. 

C. It creates group keys. 

D. It distributes multicast replication policies. 

E. It distributes multicast replication keys. 

F. It configures and routes the GDOI protocol. 

Answer: A,B,C 

Explanation: 

Key server is responsible for maintaining security policies, authenticating the Group Members and providing the session key for encrypting traffic. KS authenticates the individual GMs at the time of registration. Only after successful registration the GMs can participate in group SA. 

Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/deployment_guide_c07_554713.html 


Q236. Which two statements about logging are true? (Choose two.) 

A. Log messages are sent to the console port by default. 

B. Log messages are displayed in a Telnet session by default. 

C. Interface status changes are logged at the Notification level. 

D. Interface status changes are logged at the Informational level. 

E. System restart messages are logged at the Critical level. 

F. Reload requests are logged at the Notification level. 

Answer: A,C 

Explanation: 

By default, switches send the output from system messages and debug privileged EXEC commands to a logging process. The logging process controls the distribution of logging messages to various destinations, such as the logging buffer, terminal lines, or a UNIX syslog server, depending on your configuration. The process also sends messages to the console. 

Table 29-3 Message Logging Level Keywords 

Level Keyword 

Level 

Description 

Syslog Definition 

emergencies 

System unstable 

LOG_EMERG 

alerts 

Immediate action needed 

LOG_ALERT 

critical 

Critical conditions 

LOG_CRIT 

errors 

Error conditions

LOG_ERR 

warnings 

Warning conditions 

LOG_WARNING 

notifications 

Normal but significant condition 

LOG_NOTICE 

informational 

Informational messages only 

LOG_INFO 

debugging 

Debugging messages 

LOG_DEBUG 

The software generates four other categories of messages: 

. Error messages about software or hardware malfunctions, displayed at levels warnings through emergencies. These types of messages mean that the functionality of the switch is affected. For information on how to recover from these malfunctions, see the system message guide for this release. 

. Output from the debug commands, displayed at the debugging level. Debug commands are typically used only by the Technical Assistance Center. 

Interface up or down transitions and system restart messages, displayed at the notifications level. This message is only for information; switch functionality is not affected. 

. Reload requests and low-process stack messages, displayed at the informational level. This message is only for information; switch functionality is not affected. 

References: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-

1_9_ea1/configuration/guide/scg/swlog.html

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swlog.html 


Q237. DRAG DROP 

Drag and drop the method for refreshing BGP prefixes on the left to the corresponding description on the right. 

Answer: 


Q238. Which two statements about the command distance bgp 90 60 120 are true? (Choose two.) 

A. Implementing the command is a Cisco best practice. 

B. The external distance it sets is preferred over the internal distance. 

C. The internal distance it sets is preferred over the external distance. 

D. The local distance it sets may conflict with the EIGRP administrative distance. 

E. The internal distance it sets may conflict with the EIGRP administrative distance. 

F. The local distance it sets may conflict with the RIP administrative distance. 

Answer: C,F 

Explanation: 

To allow the use of external, internal, and local administrative distances that could be a better route than other external, internal, or local routes to a node, use the distance bgp command in address family or router configuration mode. To return to the default values, use the no form of this command. distance bgp external-distance internal-distance local-distance no distance bgp 

. Syntax Description 

external-distance 

Administrative distance for BGP external routes. External routes are routes for which the best path is learned from a neighbor external to the autonomous system. Accept table values are from 1 to 255. The default is 20. Routes with a distance of 255 are not installed in the routing table. 

internal-distance 

Administrative distance for BGP internal routes. Internal routes are those routes that are learned from another BGP entity within the same autonomous system. Accept table values are from 1 to 255. The default is 200. Routes with a distance of 255 are not installed in the routing table. 

local-distance 

Administrative distance for BGP local routes. Local routes are those networks listed with a network router configuration command, often as back doors, for that router or for networks that are being redistributed from another process. Accept table values are from 1 to 255. The default is 200. Routes with a distance of 255 are not installed in the routing table. 

Defaults 

external-distance: 20 

internal-distance: 200 

local-distance: 200 

In this case, the internal distance is 60 and the external is 90, and the local distance is 120 (same as RIP). 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfbgp1. html#wp1113874 


Q239. In a nonbackbone OSPF area, all traffic that is destined to the Internet is routed by using a default route that is originated by the ABR. Which change in the configuration of the OSPF area type causes traffic from that area that is destined to the Internet to be dropped? 

A. The OSPF area changes from NSSA to totally stubby area. 

B. The OSPF area changes from NSSA to regular area. 

C. The OSPF area changes from stub area to totally stubby area. 

D. The OSPF area changes from stub area to NSSA. 

Answer:

Explanation: 

The ABR for the NSSA generates the default route, but not by default. To force the ABR to generate the default route, use the area <area id> nssa default-information originate command. The ABR generates a Type 7 LSA with the link-state ID 0.0.0.0 and is advertised inside the NSSA. This default route will be propagated inside the NSSA as Type 7 LSA 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13692-21.html#nssas 


Q240. Which three options are best practices for implementing a DMVPN? (Choose three.) 

A. Use IPsec in tunnel mode. 

B. Implement Dead Peer Detection to detect communication loss. 

C. Configure AES for encryption of transported data. 

D. Configure SHA-1 for encryption of transported data. 

E. Deploy IPsec hardware acceleration to minimize router memory overhead. 

F. Configure QoS services only on the head-end router. 

Answer: A,B,C 

Explanation: 

Best Practices Summary for Hub-and-Spoke Deployment Model 

This section describes the best practices for a dual DMVPN cloud topology with the hub-and-spoke deployment, supporting IP multicast (IPmc) traffic including routing protocols. 

The following are general best practices: 

. Use IPsec in transport mode 

. Configure Triple DES (3DES) or AES for encryption of transported data (exports of encryption algorithms to certain countries may be prohibited by law). 

Implement Dead Peer Detection (DPD) on the spokes to detect loss of communication between peers. 

. Deploy hardware-acceleration of IPsec to minimize router CPU overhead, to support traffic with low latency and jitter requirements, and for the highest performance for cost. 

. Keep IPsec packet fragmentation to a minimum on the customer network by setting MTU size or using Path MTU Discovery (PMTUD). 

. Use Digital Certificates/Public Key Infrastructure (PKI) for scalable tunnel authentication. 

. Configure a routing protocol (for example, EIGRP, BGP or OSPF) with route summarization help alleviate interface congestion issues and to attempt to keep higher priority traffic from being dropped during times of congestion. 

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG/DMV PN_1.html 


Related 400-101 posts:

  1. Resources to passleader 400 101
  2. Facts about ccie 400 101
  3. [Actual] 400-101 Cisco free practice exam 61-70 (Apr 2021)
  4. Shortcuts To 400-101(261 to 270)
  5. Key benefits of 400 101 ccie