★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/400-101-dumps.html


Act now and download your Cisco 400-101 test today! Do not waste time for the worthless Cisco 400-101 tutorials. Download Up to the minute Cisco CCIE Routing and Switching (v5.0) exam with real questions and answers and begin to learn Cisco 400-101 with a classic professional.

2021 Apr 400-101 test preparation

Q231. A packet capture log indicates that several router solicitation messages were sent from a local host on the IPv6 segment. What is the expected acknowledgment and its usage? 

A. Router acknowledgment messages will be forwarded upstream, where the DHCP server will allocate addresses to the local host. 

B. Routers on the IPv6 segment will respond with an advertisement that provides an external path from the local subnet, as well as certain data, such as prefix discovery. 

C. Duplicate Address Detection will determine if any other local host is using the same IPv6 address for communication with the IPv6 routers on the segment. 

D. All local host traffic will be redirected to the router with the lowest ICMPv6 signature, which is statically defined by the network administrator. 

Answer:


Q232. Which two statements about the default SNMP configuration are true? (Choose two.) 

A. The SNMP agent is enabled. 

B. The SNMP trap receiver is configured. 

C. All SNMP notification types are sent. 

D. SNMPv1 is the default version. 

E. SNMPv3 is the default version. 

Answer: C,D 

Explanation: 

Default SNMP Configuration 

Feature 

Default Setting 

SNMP agent 

Enabled SNMP community strings 

Read-Only: Public 

Read-WritE. Private 

Read-Write-all: Secret 

SNMP trap receiver 

None configured 

SNMP traps 

None enabled 

SNMP version 

If no version keyword is present, the default is version 1. 

SNMPv3 authentication 

If no keyword is entered, the default is the noauth (noAuthNoPriv) security level. 

SNMP notification type 

If no type is specified, all notifications are sent. 

Reference: 

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_19_ea1/configuration/guide/2950scg/swsnmp.html 


Q233. DRAG DROP 

Drag and drop the IPv6 address on the left to the correct IPv6 address type on the right. 

Answer: 


Q234. Which multicast protocol uses source trees and RPF? 

A. DVMRP 

B. PIM sparse mode 

C. CBT 

D. mOSPF 

Answer:

Explanation: 

DVMRP builds a parent-child database using a constrained multicast model to build a forwarding tree rooted at the source of the multicast packets. Multicast packets are initially flooded down this source tree. If redundant paths are on the source tree, packets are not forwarded along those paths. Forwarding occurs until prune messages are received on those parent-child links, which further constrains the broadcast of multicast packets. 

Reference: DVMRP and dense-mode PIM use only source trees and use RPF as previously described. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swmcast.html 


Q235. What is the VLAN ID range of VLANs that are eligible for pruning? 

A. 2 through 1001 

B. 1 through 1005 

C. 1 through 4096 

D. 2 through 1005 

Answer:


Refresh 400-101 practice test:

Q236. Refer to the exhibit. 

What is a possible reason for the IPSec tunnel not establishing? 

A. The peer is unreachable. 

B. The transform sets do not match. 

C. The proxy IDs are invalid. 

D. The access lists do not match. 

Answer:

Explanation: 

Proxy Identities Not Supported 

This message appears in debugs if the access list for IPsec traffic does not match. 

1d00h: IPSec(validate_transform_proposal): proxy identities not supported 

1d00h: ISAKMP: IPSec policy invalidated proposal 

1d00h: ISAKMP (0:2): SA not acceptable! 

The access lists on each peer needs to mirror each other (all entries need to be reversible). 

This example illustrates this point. 

Peer A 

access-list 150 permit ip 172.21.113.0 0.0.0.255 172.21.114.0 0.0.0.255 

access-list 150 permit ip host 15.15.15.1 host 172.21.114.123 

Peer B 

access-list 150 permit ip 172.21.114.0 0.0.0.255 172.21.113.0 0.0.0.255 

access-list 150 permit ip host 172.21.114.123 host 15.15.15.1 

Reference: 

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#proxy 


Q237. Which three modes are valid for forming an EtherChannel between the ports of two switches? (Choose three.) 

A. Active/active 

B. Active/passive 

C. Passive/passive 

D. Auto/auto 

E. Auto/desirable 

F. Desirable/on 

Answer: A,B,E 

Explanation: 

To configure an EtherChannel using LACP negotiation, each side must be set to either active or passive; only interfaces configured in active mode will attempt to negotiate an EtherChannel. Passive interfaces merely respond to LACP requests. PAgP behaves the same, but its two modes are refered to as desirable and auto. 

Reference: http://packetlife.net/blog/2010/jan/18/etherchannel-considerations/ 


Q238. Which technology is not necessary to set up a basic MPLS domain? 

A. IP addressing 

B. an IGP 

C. LDP or TDP 

D. CEF 

E. a VRF 

Answer:

Explanation: 

The simplest form of VRF implementation is VRF Lite. In this implementation, each router within the network participates in the virtual routing environment in a peer-based fashion. While simple to deploy and appropriate for small to medium enterprises and shared data centres, VRF Lite does not scale to the size required by global enterprises or large carriers, as there is the need to implement each VRF instance on every router, including intermediate routers. VRFs were initially introduced in combination with MPLS, but VRF proved to be so useful that it eventually evolved to live independent of MPLS. This is the historical explanation of the term VRF Lite. Usage of VRFs without MPLS. 

Reference: http://en.wikipedia.org/wiki/Virtual_routing_and_forwarding 


Q239. Which statement describes the BGP add-path feature? 

A. It allows for installing multiple IBGP and EBGP routes in the routing table. 

B. It allows a network engineer to override the selected BGP path with an additional path created in the config. 

C. It allows BGP to provide backup paths to the routing table for quicker convergence. 

D. It allows multiple paths for the same prefix to be advertised. 

Answer:

Explanation: 

BGP routers and route reflectors (RRs) propagate only their best path over their sessions. The advertisement of a prefix replaces the previous announcement of that prefix (this behavior is known as an implicit withdraw). The implicit withdraw can achieve better scaling, but at the cost of path diversity. Path hiding can prevent efficient use of BGP multipath, prevent hitless planned maintenance, and can lead to MED oscillations and suboptimal hot-potato routing. Upon nexthop failures, path hiding also inhibits fast and local recovery because the network has to wait for BGP control plane convergence to restore traffic. The BGP Additional Paths feature provides a generic way of offering path diversity; the Best External or Best Internal features offer path diversity only in limited scenarios. The BGP Additional Paths feature provides a way for multiple paths for the same prefix to be advertised without the new paths implicitly replacing the previous paths. Thus, path diversity is achieved instead of path hiding. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-additional-paths.html 


Q240. Which VPN technology requires the use of an external key server? 

A. GETVPN 

B. GDOI 

C. SSL 

D. DMVPN 

E. IPsec F. L2TPv3 

Answer:

Explanation: 

A GETVPN deployment has primarily three components, Key Server (KS), Group Member (GM), and Group Domain of Interpretation (GDOI) protocol. GMs do encrypt/decrypt the traffic and KS distribute the encryption key to all the group members. The KS decides on one single data encryption key for a given life time. Since all GMs use the same key, any GM can decrypt the traffic encrypted by any other GM. GDOI protocol is used between the GM and KS for group key and group SA management. Minimum one KS is required for a GETVPN deployment. 

Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/deployment_guide_c07_554713.html