400-101 Guide

400-101 Exam Royal Pack (In Stock.)

  • Cisco
  • Exam Number/Code 400-101
  • Product Name CCIE Routing and Switching (v5.0)
  • Questions and Answers
  • 911 Q&As
  • Last Updated
  • Jun 18,2018
  • List Price
  • $128.99
  • Price
  • Today 49.99 USD

Free TrialVersion: demo Buy Now 50% OFF

Tactics to ccie 400 101

It is more faster and easier to pass the Cisco ccie 400 101 exam by using Practical Cisco CCIE Routing and Switching (v5.0) questuins and answers. Immediate access to the Rebirth 400 101 pdf Exam and find the same core area cisco 400 101 questions with professionally verified answers, then PASS your exam with a high score now.

Q321. Which three options are components of an EEM CLI policy? (Choose three.) 

A. Safe-Tcl 

B. applet name 

C. Fast Tcl 

D. event 

E. action 

F. Tcl bytecode 

Answer: B,D,E 


The Embedded Event Manager (EEM) monitors events that occur on your device and takes action to recover or troubleshoot these events, based on your configuration. 

EEM consists of three major components: 

Event statements — Events to monitor from another Cisco NX-OS component that might require some action, workaround, or notification. 

Action statements — An action that EEM can take, such as sending an e-mail, or disabling an interface, to recover from an event. 

Policies — An applet name paired with one or more actions to troubleshoot or recover from the event. 


http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/system_manage ment/6x/b_5500_System_Mgmt_Config_6x/b_5500_System_Mgmt_Config_6x_chapter_01 0011.html 

Q322. Which two statements about the default router settings for SSH connections are true? (Choose two.) 

A. The default timeout value for the SSH negotiation phase is 120 seconds. 

B. Data is exchanged in clear text by default unless AAA authentication is enabled on the console. 

C. The default number of authentication retries is 3. 

D. SSH is enabled by default when you configure the username command. 

Answer: A,C 


ip ssh {timeout seconds | authentication-retries number} 

Configures the SSH control parameters: 

. Specify the time-out value in seconds; the default is 120 seconds. The range is 0 to 120 seconds. This parameter applies to the SSH negotiation phase. After the connection is established, the Switch uses the default time-out values of the CLI-based sessions. By default, up to five simultaneous, encrypted SSH connections for multiple CLI-based sessions over the network are available (session 0 to session 4). After the execution shell starts, the CLI-based session time-out value returns to the default of 10 minutes. 

. Specify the number of times that a client can re-authenticate to the server. The default is 3; the range is 0 to 5. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/secur ity/configuration_guide/b_sec_3se_3850_cg/b_sec_3se_3850_cg_chapter_01000.html 

Q323. Refer to the exhibit. 

Which statement is true? 

A. R1 routes this pseudowire over MPLS TE tunnel 1 with transport label 20. 

B. The default route is available in the IPv4 routing table. 

C. R1 is using an MPLS TE tunnel for this pseudowire, because the IP path is not available. 

D. R1 has preferred-path configured for the pseudowire. 



Verifying the Configuration: Example In the following example, the show mpls l2transport vc command shows the following information (in bold) about the VCs: 

. VC 101 has been assigned a preferred path called Tunnel1. The default path is disabled because the preferred path specified that the default path should not be used if the preferred path fails. 

. VC 150 has been assigned an IP address of a loopback address on PE2. The default path can be used if the preferred path fails. 

Router# show mpls l2transport vc detail 

Local interface. Gi0/0/0.1 up, line protocol up, Eth VLAN 222 up 

Destination address:, VC ID. 101, VC status: up 

Preferred path: Tunnel1, active 

Default path: disabled

Tunnel label: 3, next hop point2point 

Output interfacE. Tu1, imposed label stack {17 16} 

Create timE. 00:27:31, last status change timE. 00:27:31 

Signaling protocol: LDP, peer up 

MPLS VC labels: local 25, remote 16 

Group ID. local 0, remote 6 

MTU: local 1500, remote 1500 

Remote interface description: 

Sequencing: receive disabled, send disabled 

VC statistics: 

packet totals: receive 10, send 10 

byte totals: receive 1260, send 1300 

packet drops: receive 0, send 0 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2sr/12_2sra/feature/guide/srtunsel.html#wp10 57815 

Q324. Which two loop-prevention mechanisms are implemented in BGP? (Choose two.) 

A. A route with its own AS in the AS_PATH is dropped automatically if the route reenters its own AS. 

B. A route with its own cluster ID in the CLUSTER_LIST is dropped automatically when the route reenters its own AS. 

C. The command bgp allowas-in enables a route with its own AS_PATH to be dropped when it reenters its own AS. 

D. The command bgp bestpath as-path ignore enables the strict checking of AS_PATH so that they drop routes with their own AS in the AS_PATH. 

E. The command bgp bestpath med missing-as-worst assigns the smallest possible MED, which directly prevents a loop. 

Answer: A,B 


When dealing with the possibility of routing updates making their way back into an AS, BGP relies on the information in the AS_path for loop detection. An update that tries to make its way back into the AS it was originated from will be dropped by the border router. With the introduction of route reflectors, there is a potential for having routing loops within an AS. A routing update that leaves a cluster might find its way back inside the cluster. Loops inside the AS cannot be detected by the traditional AS_path approach because the routing updates have not left the AS yet. BGP offers two extra measures for loop avoidance inside an AS when route reflectors are configured. 

Using an Originator ID 

The originator ID is a 4-byte, optional, nontransitive BGP attribute (type code 9) that is created by the route reflector. This attribute carries the router ID of the originator of the route in the local AS. If, because of poor configuration, the update comes back to the originator, the originator ignores it. 

Using a Cluster List 

The cluster list is an optional, nontransitive BGP attribute (type code 10). Each cluster is represented with a cluster ID. 

A cluster list is a sequence of cluster IDs that an update has traversed. When a route reflector sends a route from its clients to nonclients outside the cluster, it appends the local cluster ID to the cluster list. If the route reflector receives an update whose cluster list contains the local cluster ID, the update is ignored. This is basically the same concept as the AS_path list applied between the clusters inside the AS. 

Reference: http://borg.uu3.net/cisco/inter_arch/page11.html 

Q325. Which two statements about MAC ACLs are true? (Choose two.) 

A. They support only inbound filtering. 

B. They support both inbound and outbound filtering. 

C. They are configured with the command mac access-list standard. 

D. They can filter non-IP traffic on a VLAN and on a physical interface. 

Answer: A,D 


MAC ACL, also known as Ethernet ACL, can filter non-IP traffic on a VLAN and on a physical Layer 2 interface by using MAC addresses in a named MAC extended ACL. The steps to configure a MAC ACL are similar to those of extended named ACLs. MAC ACL supports only inbound traffic filtering. 

Reference: http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=4 

Q326. Which two statements about 6VPE are true? (Choose two.) 

A. It allows a service provider to use an existing MPLS network to provide VPN services to IPv6 customers. 

B. It uses MP-BGP as the carrier protocol to transport IPv6 connectivity. 

C. It provides IPv6 connectivity to MPLS-VPN customers when IPv6 overlay tunneling is also configured. 

D. It allows a service provider to use an existing MPLS network to provide global addressing to their IPv6 customers. 

E. It requires the configuration of a GRE tunnel tagged with a VLAN ID. 

F. It allows a service provider to use an existing L2TPv3 network to provide VPN services to IPv6 customers. 

Answer: A,B 


The IPv6 MPLS VPN service model is similar to that of IPv4 MPLS VPNs. Service providers who have already deployed MPLS IPv4 VPN services over an IPv4 backbone can deploy IPv6 MPLS VPN services over the same IPv4 backbone by upgrading the PE router IOS version and dual-stack configuration, without any change on the core routers. IPv4 services can be provided in parallel with IPv6 services. IPv6 VPN service is exactly the same as MPLS VPN for IPv4. 6VPE offers the same architectural features as MPLS VPN for IPv4. It offers IPv6 VPN and uses the same components, such as: . 

Multiprotocol BGP (MP-BGP) VPN address family . 

Route distinguishers . 

VPN Routing and Forwarding (VRF) instances . 

Site of Origin (SOO) . 

Extended community . 


Reference: http://www.cisco.com/c/en/us/td/docs/net_mgmt/ip_solution_center/5-2/mpls_vpn/user/guide/mpls52book/ipv6.html 

Q327. Which option is the default point of insertion for the BGP cost community? 

A. before best path calculation 

B. after best path calculation 

C. after the IGP metric comparison 

D. after the router ID comparison 


Q328. Which statement about the VLAN database is true? 

A. Manually deleting the vlan.dat file can cause inconsistency in the database. 

B. Private VLAN information is stored in the database. 

C. VLAN configurations 1 through 4096 are stored in the vlan.dat file. 

D. The VLAN database is used only if the VTP domain name in the VLAN database matches the VTP domain name in the startup-config file. 


Q329. Which two statements are true about AAA? (Choose two.) 

A. AAA can use RADIUS, TACACS+, or Windows AD to authenticate users. 

B. If RADIUS is the only method configured in AAA, and the server becomes unreachable, 

the user will be able to log in to the router using a local username and password. 

C. If the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail. 

D. AAA can be used to authenticate the enable password with a AAA server. 

Answer: C,D 


AAA can be used to authenticate user login and the enable passwords. 

Example 1: Same Exec Authentication Methods for All Users 

Once authenticated with: 

aaa authentication login default group radius local 

All users who want to log in to the access server have to be authorized using Radius (first method) or local database (second method). 

We configure: 

aaa authorization exec default group radius local 

Note. On the AAA server, Service-Type=1 (login) must be selected. 

Note. With this example, if the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail. 

Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html 


Drag and drop the BGP attribute on the left to the correct category on the right. 


To know more about the 400-101, click here.

Tagged as : Cisco 400-101 Dumps, Download 400-101 pdf, 400-101 VCE, 400-101 pass4sure, examcollection 400-101