We provide real 400 101 dumps exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco cisco 400 101 Exam quickly & easily. The 400 101 vce PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco 400 101 dumps dumps pdf and vce product and material, you can easily pass the ccie 400 101 dumps exam.
Q101. Which two statements about a network running MPLS VPN with IS-IS IGP are true? (Choose two.)
A. IS-IS traffic engineering uses wide metric TLV type 135 with an up/down bit to define a leaked route.
B. IS-IS traffic engineering uses wide metric TLV type 128 with an internal/external bit and an up/down bit to define a leaked route.
C. IS-IS traffic engineering uses wide metric TLV type 130 with an internal/external bit and an up/down bit to define a leaked route.
D. If the IS-IS up/down bit is set to 1, the leaked route originated in the L1 area.
E. The MPLS VPN IS-IS core is inherently protected against IP-based attacks.
Q102. Which two are features of DMVPN? (Choose two.)
A. It does not support spoke routers behind dynamic NAT.
B. It requires IPsec encryption.
C. It only supports remote peers with statically assigned addresses.
D. It supports multicast traffic.
E. It offers configuration reduction.
DMVPN Hub-and-spoke deployment model: In this traditional topology, remote sites (spokes) are aggregated into a headend VPN device at the corporate headquarters (hub). Traffic from any remote site to other remote sites would need to pass through the headend device. Cisco DMVPN supports dynamic routing, QoS, and IP Multicast while significantly reducing the configuration effort.
Q103. How does EIGRP derive the metric for manual summary routes?
A. It uses the best composite metric of any component route in the topology table.
B. It uses the worst composite metric of any component route in the topology table.
C. It uses the best metric vectors of all component routes in the topology table.
D. It uses the worst metric vectors of all component routes in the topology table.
For example if your router has a routing table like this:
D 192.168.8.0/24 [90/2632528] via 192.168.0.1, 00:00:12, Serial0/0
D 192.168.9.0/24 [90/2323456] via 192.168.0.1, 00:00:12, Serial0/0
D 192.168.10.0/24 [90/2195456] via 192.168.0.1, 00:00:12, Serial0/0
D 192.168.11.0/24 [90/2323456] via 192.168.0.1, 00:00:12, Serial0/0
Now suppose you want to manually summarize all the routes above, you can use this command (on the router that advertised these routes to our router):
Router(config-if)#ip summary-address eigrp 1 192.168.8.0 255.255.248.0
After that the routing table of your router will look like this:
D 192.168.8.0/21 [90/2195456] via 192.168.0.1, 00:01:42, Serial0/0
And we can see the manual summary route takes the smallest metric of the specific routes.
Q104. Which two statements about PBR route maps are true? (Choose two.)
A. They can use extended ACLs to identify traffic.
B. They can route unicast traffic without interface-level classification.
C. They can be applied to both ingress and egress traffic.
D. They can classify traffic based on prefix-lists.
E. They can set the metric and IP precedence bits.
Q105. Which authentication method does OSPFv3 use to secure communication between neighbors?
B. MD5 HMAC
In order to ensure that OSPFv3 packets are not altered and re-sent to the device, causing the device to behave in a way not desired by its system administrators, OSPFv3 packets must be authenticated. OSPFv3 uses the IPsec secure socket API to add authentication to OSPFv3 packets. This API supports IPv6. OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3.
Q106. With AutoInstall, which mechanism allows for automatic addressing of the serial interface using HDLC?
Q107. Which two statements about the function of the stub feature in EIGRP are true? (Choose two.)
A. It stops the stub router from sending queries to peers.
B. It stops the hub router from sending queries to the stub router.
C. It stops the stub router from propagating dynamically learned EIGRP prefixes to the hub routers.
D. It stops the hub router from propagating dynamically learned EIGRP prefixes to the stub routers.
When using the EIGRP Stub Routing feature, you need to configure the distribution and remote routers to use EIGRP, and to configure only the remote router as a stub. Only specified routes are propagated from the remote (stub) router. The router responds to queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message "inaccessible." A router that is configured as a stub will send a special peer information packet to all neighboring routers to report its status as a stub router. Without the stub feature, even after the routes that are sent from the distribution router to the remote router have been filtered or summarized, a problem might occur. If a route is lost somewhere in the corporate network, EIGRP could send a query to the distribution router, which in turn will send a query to the remote router even if routes are being summarized. If there is a problem communicating over the WAN link between the distribution router and the remote router, an EIGRP stuck in active (SIA) condition could occur and cause instability elsewhere in the network. The EIGRP Stub Routing feature allows a network administrator to prevent queries from being sent to the remote router.
Q108. Which two protocols are not protected in an edge router by using control plane policing? (Choose two.)
A CoPP policy can limit a number of different packet types that are forwarded to the control plane. Traffic destined for the switch CPU includes:
. Address Resolution Protocol (ARP)
. First-hop redundancy protocol packets
. Layer 2 control packets
. Management packets (telnet, Secure Shell [SSH] Protocol, Simple Network Management Protocol [SNMP]) <--- C and D are not correct.
. Multicast control packets
. Routing protocol packets
. Packets with IP options
. Packets with time to live (TTL) set to 1
. Packets that require ACL logging
. Packets that require an initial lookup (first packet in a flow: FIB miss)
. Packets that have don't support hardware switching/routing
Q109. Refer to the exhibit.
Which statement about this COS-DSCP mapping is true?
A. The expedited forwarding DSCP is mapped to COS 3.
B. COS 16 is mapped to DSCP 2.
C. The default COS is mapped to DSCP 32.
D. This mapping is the default COS-DSCP mapping on Cisco switches.
Here we see that COS 3 is mapped to DSCP 46, which is the Expedited forwarding class: The Expedited Forwarding (EF) model is used to provide resources to latency (delay) sensitive real-time, interactive traffic. The EF model uses one marking -- DSCP 46.
Q110. Which three statements about implementing a NAT application layer gateway in a network are true? (Choose three.)
A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used.
B. It maintains granular security over application-specific data.
C. It allows synchronization between multiple streams of data between two hosts.
D. Application layer gateway is used only in VoIP/SIP deployments.
E. Client applications require additional configuration to use an application layer gateway.
F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network.
An application-level gateway (ALG), also known as an application-layer gateway, is an application that translates the IP address information inside the payload of an application packet. An ALG is used to interpret the application-layer protocol and perform firewall and Network Address Translation (NAT) actions. These actions can be one or more of the following depending on your configuration of the firewall and NAT:
. Allow client applications to use dynamic TCP or UDP ports to communicate with the server application.
. Recognize application-specific commands and offer granular security control over them.
. Synchronize multiple streams or sessions of data between two hosts that are exchanging data.
. Translate the network-layer address information that is available in the application payload
To know more about the 400-101, click here.