Q301. Which statement is true when using a VLAN ID from the extended VLAN range (1006–4094)?
A. VLANs in the extended VLAN range can be used with VTPv2 in either client or server mode.
B. VLANs in the extended VLAN range can only be used as private VLANs.
C. STP is disabled by default on extended-range VLANs.
D. VLANs in the extended VLAN range cannot be pruned.
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that device only (not on all switches in the VTP domain). VTP pruning takes effect several seconds after you enable it. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs higher than 1005) are also pruning-ineligible.
Q302. Refer to the exhibit.
Which statement about configuring the switch to manage traffic is true?
A. The switchport priority extend cos command on interface FastEthernet0/0 prevents traffic to and from the PC from taking advantage of the high-priority data queue that is assigned to the IP phone.
B. The switchport priority extend cos command on interface FastEthernet0/0 enables traffic to and from the PC to use the high priority data queue that is assigned to the IP phone.
C. When the switch is configured to trust the CoS label of incoming traffic, the trusted boundary feature is disabled automatically.
D. The mls qos cos override command on interface FastEthernet0/0 configures the port to trust the CoS label of traffic to and from the PC.
In some situations, you can prevent a PC connected to the Cisco IP Phone from taking advantage of a high-priority data queue. You can use the switchport priority extend cos interface configuration command to configure the telephone through the switch CLI to override the priority of the traffic received from the PC.
Q303. Which two statements about packet fragmentation on an IPv6 network are true? (Choose two.)
A. The fragment header is 64 bits long.
B. The identification field is 32 bits long.
C. The fragment header is 32 bits long.
D. The identification field is 64 bits long.
E. The MTU must be a minimum of 1280 bytes.
F. The fragment header is 48 bits long.
The fragment header is shown below, being 64 bits total with a 32 bit identification field:
Q304. You are configuring a DHCPv6 client for a DHCPv6 server with the prefix delegation feature. Which option is a result of the interface configuration when you enter the command ipv6 address autoconfig default?
A. a static IPv6 default route pointing to the upstream DHCP server
B. a static IPv6 default route pointing to the upstream DHCP relay
C. a static IPv6 default route pointing to the upstream router
D. a temporary stateless address, formed from the EUI-64 bit address and the prefix from the route advertisement of the upstream router
Q305. Which two methods can you use to limit the range for EIGRP queries? (Choose two.)
A. Use an access list to deny the multicast address 126.96.36.199 outbound from select EIGRP neighbor and permit everything else.
B. Configure route tagging for all EIGRP routes.
C. Summarize routes at the boundary routers of the EIGRP domain.
D. Configure unicast EIGRP on all routers in the EIGRP domain.
E. Configure stub routers in the EIGRP domain.
F. Use an access list to deny the multicast address 188.8.131.52 outbound from select EIGRP neighbors and permit everything else.
Q306. Packets from a router with policy-based routing configured are failing to reach the next hop.
Which two additions can you make to the router configuration to enable the packets to flow correctly? (Choose two.)
A. Enable ip proxy-arp on the exiting interface.
B. Specify the next hop as an address.
C. Specify the next hop as an interface.
D. Add a match-any permit statement to the route map.
Here is an example:
Router(config)#route-map Engineers permit 20
Router(config-route-map)#match ip address 2
Router(config-route-map)#set interface Ethernet1
Here, instead of specifying a next-hop, it specifies that any packets matching this rule will be forwarded directly out the interface Ethernet1. This means that either the destination device must be on this segment, or there must be a router configured with Proxy ARP that can forward the packet to the ultimate destination.
Q307. Which three statements about GET VPN are true? (Choose three.)
A. It encrypts WAN traffic to increase data security and provide transport authentication.
B. It provides direct communication between sites, which reduces latency and jitter.
C. It can secure IP multicast, unicast, and broadcast group traffic.
D. It uses a centralized key server for membership control.
E. It enables the router to configure tunnels.
F. It maintains full-mesh connectivity for IP networks.
Cisco GET VPN Features and Benefits
Description and Benefit
Key Servers are responsible for ensuring that keys are granted to authenticated and authorized devices only. They maintain the freshness of the key material, pushing re-key messages as well as security policies on a regular basis. The chief characteristics include:
. Key Servers can be located centrally, granting easy control over membership.
. Key Servers are not in the "line of fire" - encrypted application traffic flows directly between VPN end points without a bottleneck or an additional point of failure.
. Supports both local and global policies, applicable to all members in a group - such as "Permit any any", a policy to encrypt all traffic.
. Supports IP Multicast to distribute and manage keys, for improved efficiency; Unicast is also supported where IP Multicast is not possible.
Scalability and Throughput
. The full mesh nature of the solution allows devices to communicate directly with each other, without requiring transport through a central hub; this minimizes extra encrypts and decrypts at the hub router; it also helps minimize latency and jitter.
. Efficient handling of IP Multicast traffic by using the core network for replication can boost effective throughput further
Provides data security and transport authentication, helping to meet security compliance and internal regulation by encrypting all WAN traffic
Q308. You are configuring a DMVPN spoke to use IPsec over a physical interface that is located within a VRF. For which three configuration sections must you specify the VRF name? (Choose three.)
A. the ISAKMP profile
B. the crypto keyring
C. the IPsec profile
D. the IPsec transform set
E. the tunnel interface
F. the physical interface
ip vrf forwardingvrf-name
Router(config-if)# ip vrf forwarding green
Associates a virtual private network (VPN) routing and forwarding (VRF) instance with an interface or subinterface.
. vrf-name is the name assigned to a VRF.
Router(config-if)# tunnel vrfvrf-name
Router(config-if)# tunnel vrf finance1
Associates a VPN routing and forwarding (VRF) instance with a specific tunnel destination. vrf-name is the name assigned to a VRF.
Router(config)# crypto keyringkeyring-name [vrf fvrf-name]
Defines a crypto keyring to be used during IKE authentication and enters keyring configuration mode.
. keyring-name—Name of the crypto keyring.
. fvrf-name—(Optional) Front door virtual routing and forwarding (FVRF) name to which the keyring will be referenced. fvrf-name must match the FVRF name that was defined during virtual routing and forwarding (VRF) configuration
Q309. A service provider is deploying L2VPN LAN services in its MPLS cloud. Which statement is true regarding LDP signaling and autodiscovery?
A. LDP signaling requires that each PE is identified, and that an LDP session is active with its P neighbor for autodiscovery to take place.
B. LDP signaling requires that each P is identified, and that a targeted LDP session is active for autodiscovery to take place.
C. LDP signaling requires that each PE is identified, and that a targeted LDP session with a BGP route reflector is active for autodiscovery to take place.
D. LDP signaling requires that each PE is identified, and that a targeted LDP session is active for autodiscovery to take place.
LDP signaling requires that each PE is identified and a targeted LDP session is active for autodiscovery to take place. Although the configuration can be automated using NMS/OSS the overall scalability of the solution is poor as a PE must be associated with all other PEs for LDP discovery to work, which can lead to a large number of targeted LDP sessions (n2), which may be largely unused as not all VPLS will be associated with every PE. The security attributes of LDP are reasonably good, although additional configuration is required to prevent unauthorized sessions being set up. Although LDP can signal additional attributes, it requires additional configuration either from an NMS/OSS or static configuration.
Reference: http://www.cisco.com/en/US/products/hw/routers/ps368/products_white_paper09186a0080 1f6084.shtml
Q310. Which statement describes the BGP add-path feature?
A. It allows for installing multiple IBGP and EBGP routes in the routing table.
B. It allows a network engineer to override the selected BGP path with an additional path created in the config.
C. It allows BGP to provide backup paths to the routing table for quicker convergence.
D. It allows multiple paths for the same prefix to be advertised.
BGP routers and route reflectors (RRs) propagate only their best path over their sessions. The advertisement of a prefix replaces the previous announcement of that prefix (this behavior is known as an implicit withdraw). The implicit withdraw can achieve better scaling, but at the cost of path diversity. Path hiding can prevent efficient use of BGP multipath, prevent hitless planned maintenance, and can lead to MED oscillations and suboptimal hot-potato routing. Upon nexthop failures, path hiding also inhibits fast and local recovery because the network has to wait for BGP control plane convergence to restore traffic. The BGP Additional Paths feature provides a generic way of offering path diversity; the Best External or Best Internal features offer path diversity only in limited scenarios. The BGP Additional Paths feature provides a way for multiple paths for the same prefix to be advertised without the new paths implicitly replacing the previous paths. Thus, path diversity is achieved instead of path hiding.
To know more about the 400-101, click here.