We provide real passleader 400 101 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco passleader 400 101 Exam quickly & easily. The 400 101 pdf PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco passleader 400 101 dumps pdf and vce product and material, you can easily pass the ccie 400 101 exam.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 400-101 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/400-101-exam-dumps.html
Q241. Refer to the exhibit.
If EIGRP is configured between two routers as shown in this output, which statement about their EIGRP relationship is true?
A. The routers will establish an EIGRP relationship successfully.
B. The routers are using different authentication key-strings.
C. The reliability metric is enabled.
D. The delay metric is disabled.
Answer: C
Explanation:
The 5 K values used in EIGRP are:
K1 = Bandwidth modifier
K2 = Load modifier
K3 = Delay modifier
K4 = Reliability modifier
K5 = Additional Reliability modifier
However, by default, only K1 and K3 are used (bandwidth and delay). In this output we see that K1, K3, and K4 (Reliability) are all set.
Q242. Which two statements about SoO checking in EIGRP OTP deployments are true? (Choose two).
A. During the import process, the SoO value in BGP is checked against the SoO value of the site map.
B. During the reception of an EIGRP update, the SoO value in the EIGRP update is checked against the SoO value of the site map on the ingress interface.
C. At the ingress of the PE/CE link, the SoO in the EIGRP update is checked against the SoO within the PE/CE routing protocol.
D. At the egress of the PE/CE link, the SoO is checked against the SoO within the PE/CE routing protocol.
E. The SoO is checked at the ingress of the backdoor link.
F. The SoO is checked at the egress of the backdoor link.
Answer: A,B
Explanation:
. SoO checking:
– During the import process the SoO value in BGP update is checked against the SoO value of the site-map attached to VRF interface. The update is propagated to CE only if there is no match (this check is done regardless of protocol used on PE/CE link).
– At reception of EIGRP update, the SoO value in the EIGRP update is checked against the SoO value of site-map attached to the incoming interface. This update is accepted only if there is no match (this check can optionally be done on backdoor router).
Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ip-routing/whitepaper_C11-730404.html
Q243. Refer to the exhibit.
What is the PHB class on this flow?
A. EF
B. none
C. AF21
D. CS4
Answer: D
Explanation:
This command shows the TOS value in hex, which is 80 in this case. The following chart shows some common DSCP/PHB Class values:
Service
DSCP value
TOS value
Juniper Alias
TOS hexadecimal
DSCP - TOS Binary
Premium IP
46
184
ef
B8
101110 - 101110xx
LBE
8
32
cs1
20
001000 - 001000xx
DWS
32
128
cs4
80
100000 - 100000xx
Network control
48
192
cs6
c0
110000 - 110000xx
Network control 2
56
224
cs7
e0
111000 - 111000xx
Reference: http://www.tucny.com/Home/dscp-tos
Q244. Which three condition types can be monitored by crypto conditional debug? (Choose three.)
A. Peer hostname
B. SSL
C. ISAKMP
D. Flow ID
E. IPsec
F. Connection ID
Answer: A,D,F
Explanation:
Supported Condition Types
The new crypto conditional debug CLIs--debug crypto condition, debug crypto condition unmatched, and show crypto debug-condition--allow you to specify conditions (filter values) in which to generate and display debug messages related only to the specified conditions. The table below lists the supported condition types.
Table 1 Supported Condition Types for Crypto Debug CLI
Condition Type (Keyword)
Description
connid 1
An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the connection ID to interface with the crypto engine.
flowid 1
An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the flow-ID to interface with the crypto engine.
FVRF
The name string of a virtual private network (VPN) routing and forwarding (VRF) instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its front-door VRF (FVRF).
IVRF
The name string of a VRF instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its inside VRF (IVRF).
peer group
A Unity group-name string. Relevant debug messages will be shown if the peer is using this group name as its identity.
peer hostname
A fully qualified domain name (FQDN) string. Relevant debug messages will be shown if the peer is using this string as its identity; for example, if the peer is enabling IKE Xauth with this FQDN string.
peeripaddress
A single IP address. Relevant debug messages will be shown if the current IPSec operation is related to the IP address of this peer.
peer subnet
A subnet and a subnet mask that specify a range of peer IP addresses. Relevant debug messages will be shown if the IP address of the current IPSec peer falls into the specified subnet range.
peer username
A username string. Relevant debug messages will be shown if the peer is using this username as its identity; for example, if the peer is enabling IKE Extended Authentication (Xauth) with this username.
SPI 1
A 32-bit unsigned integer. Relevant debug messages will be shown if the current IPSec operation uses this value as the SPI.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-crypto-debug-sup.html
Q245. A company is multihomed to several Internet providers using EBGP. Which two measures guarantee that the network of the company does not become a transit AS for Internet traffic? (Choose two.)
A. Prepend three times the AS number of the company to the AS path list.
B. Add the community NO_EXPORT when sending updates to EBGP neighbors.
C. Write AS-path access-list which permits one AS long paths only and use it to filter updates sent to EBGP neighbors.
D. Add the community NO_EXPORT when receiving updates from EBGP neighbors.
Answer: C,D
Explanation:
By default BGP will advertise all prefixes to EBGP (External BGP) neighbors. This means that if you are multi-homed (connected to two or more ISPs) that you might become a transit AS. Let me show you an example:
R1 is connected to ISP1 and ISP2 and each router is in a different AS (Autonomous System). Since R1 is multi-homed it’s possible that the ISPs will use R1 to reach each other. In order to prevent this we’ll have to ensure that R1 only advertises prefixes from its own autonomous system. As far as I know there are 4 methods how you can prevent becoming a transit AS:
Filter-list with AS PATH access-list.
No-Export Community.
Prefix-list Filtering
Distribute-list Filtering
Reference: http://networklessons.com/bgp/bgp-prevent-transit-as/
Q246. DRAG DROP
Drag and drop the DSCP PHB on the left to the corresponding binary representation on the right.
Answer:
Q247. Which three statements about the default behaviour of eBGP sessions are true? (Choose three.)
A. eBGP sessions between sub-ASs in different confederations transmit the next hop unchanged.
B. The next hop in an eBGP peering is the IP address of the neighbor that announced the route.
C. When a route reflector reflects a route to a client, it transmits the next hop unchanged.
D. The next hop in an eBGP peering is the loopback address of the interface that originated the route.
E. The next hop in an eBGP peering is the loopback address of the neighbor that announced the route.
F. When a route reflector reflects a route to a client, it changes the next hop to its own address.
Answer: A,B,C
Q248. DRAG DROP
Drag each IPv6 extension header on the left to its corresponding description on the right.
Answer:
Q249. Refer to the exhibit.
Which additional information must you specify in this configuration to capture NetFlow traffic?
A. ingress or egress traffic
B. the number of cache entries
C. the flow cache active timeout
D. the flow cache inactive timeout
Answer: A
Explanation:
Configuring NetFlow
Perform the following task to enable NetFlow on an interface. SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip flow {ingress | egress}
5. exit
6. Repeat Steps 3 through 5 to enable NetFlow on other interfaces.
7. end
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable Enables privileged EXEC mode. .
Enter your password if prompted.
Step 2
configure terminal Example:
........
Example:
Router(config)# interface ethernet 0/0
Specifies the interface that you want to enable NetFlow on and enters interface configuration mode.
Step 4
ip flow {ingress | egress}
Example:
Router(config-if)# ip flow ingress
Enables NetFlow on the interface.
. ingress—Captures traffic that is being received by the interface
. egress—Captures traffic that is being transmitted by the interface
Step 5
exit
Example:
Router(config-if)# exit
(Optional) Exits interface configuration mode and enters global configuration mode.
Note
You need to use this command only if you want to enable NetFlow on another interface.
Step 6
Repeat Steps 3 through 5 to enable NetFlow on other interfaces.
This step is optional.
Step 7
end
Example:
Router(config-if)# end Exits the current configuration mode and returns to privileged EXEC mod
Reference: http://www.cisco.com/c/en/us/td/docs/ios/netflow/configuration/guide/12_2sr/nf_12_2sr_boo k/cfg_nflow_data_expt.html
Q250. Refer to the exhibit.
Why is the router not accessible via Telnet on the GigabitEthernet0 management interface?
A. The wrong port is being used in the telnet-acl access list.
B. The subnet mask is incorrect in the telnet-acl access list.
C. The log keyword needs to be removed from the telnet-acl access list.
D. The access class needs to have the vrf-also keyword added.
Answer: D
Explanation:
The correct command should be “access-class telnet-acl in vrf-also”. If you do not specify the vrf-also keyword, incoming Telnet connections from interfaces that are part of a VRF are rejected.
