400-101 Guide

400-101 Exam Royal Pack (In Stock.)

 
  • Cisco
  • Exam Number/Code 400-101
  • Product Name CCIE Routing and Switching (v5.0)
  • Questions and Answers
  • 911 Q&As
  • Last Updated
  • Jun 18,2018
  • List Price
  • $128.99
  • Price
  • Today 49.99 USD

Free TrialVersion: demo Buy Now 50% OFF

10 tips on 400 101 dumps

Your success in Cisco 400 101 vce is our sole target and we develop all our 400 101 pdf braindumps in a way that facilitates the attainment of this target. Not only is our ccie 400 101 dumps study material the best you can find, it is also the most detailed and the most updated. 400 101 pdf Practice Exams for Cisco CCIE Routing and Switching exam 400 101 are written to the highest standards of technical accuracy.

Q21. Which two statements about OSPFv3 are true? (Choose two.) 

A. It supports unicast address families for IPv4 and IPv6. 

B. It supports unicast address families for IPv6 only. 

C. It supports only one address family per instance. 

D. It supports the use of a cluster ID for loop prevention. 

E. It supports multicast address families for IPv4 and IPv6. 

F. It supports multicast address families for IPv6 only. 

Answer: A,C 


Q22. Refer to the exhibit. 

For which reason could a BGP-speaking device in autonomous system 65534 be prevented from installing the given route in its BGP table? 

A. The AS number of the BGP is specified in the given AS_PATH. 

B. The origin of the given route is unknown. 

C. BGP is designed only for publicly routed addresses. 

D. The AS_PATH for the specified prefix exceeds the maximum number of ASs allowed. 

E. BGP does not allow the AS number 65535. 

Answer:

Explanation: 

BGP is considered to be a 'Path Vector' routing protocol rather than a distance vector routing protocol since it utilises a list of AS numbers to describe the path that a packet should take. This list is called the AS_PATH. Loops are prevented because if a BGP speaking router sees it's own AS in the AS_PATH of a route it rejects the route. 


Q23. Refer to the exhibit. 

You are bringing a new MPLS router online and have configured only what is shown to bring LDP up. Assume that the peer has been configured in a similar manner. You verify the LDP peer state and see that there are no neighbors. What will the output of show mpls ldp discovery show? 

A. Interfaces: 

Ethernet0/0 (ldp): xmit 

B. Interfaces: 

Ethernet0/0 (ldp): xmit/recv 

LDP Id: 25.25.25.2:0; IP addr: 192.168.12.2 

C. Interfaces: 

Ethernet0/0 (ldp): xmit/recv 

LDP Id: 192.168.12.2:0; no route 

D. Interfaces: 

Ethernet0/0 (ldp): xmit/recv 

LDP Id: 25.25.25.2:0; no route 

Answer:


Q24. What is a disadvantage of using aggressive mode instead of main mode for ISAKMP/IPsec establishment? 

A. It does not use Diffie-Hellman for secret exchange. 

B. It does not support dead peer detection. 

C. It does not support NAT traversal. 

D. It does not hide the identity of the peer. 

Answer:

Explanation: 

IKE phase 1's purpose is to establish a secure authenticated communication channel by using the Diffie–Hellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA). The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption.Phase 1 operates in either Main Mode or Aggressive Mode. Main Mode protects the identity of the peers; Aggressive Mode does not. 

Reference: http://en.wikipedia.org/wiki/Internet_Key_Exchange 


Q25. Which two options are EIGRP route authentication encryption modes? (Choose two.) 

A. MD5 

B. HMAC-SHA-256bit 

C. ESP-AES 

D. HMAC-AES 

Answer: A,B 

Explanation: 

Packets exchanged between neighbors must be authenticated to ensure that a device accepts packets only from devices that have the same preshared authentication key. Enhanced Interior Gateway Routing Protocol (EIGRP) authentication is configurable on a per-interface basis; this means that packets exchanged between neighbors connected through an interface are authenticated. EIGRP supports message digest algorithm 5 (MD5) authentication to prevent the introduction of unauthorized information from unapproved sources. MD5 authentication is defined in RFC 1321. EIGRP also supports the Hashed Message Authentication Code-Secure Hash Algorithm-256 (HMAC-SHA-256) authentication method. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-xe-3s-book/ire-sha-256.html 


Q26. In GETVPN, which key is used to secure the control plane? 

A. Traffic Encryption Key (TEK) 

B. content encryption key (CEK) 

C. message encryption key (MEK) 

D. Key Encryption Key (KEK). 

Answer:

Explanation: 

GDOI introduces two different encryption keys. One key secures the GET VPN control plane; the other key secures the data traffic. The key used to secure the control plane is commonly called the Key Encryption Key (KEK), and the key used to encrypt data traffic is known as Traffic Encryption Key (TEK). 

Reference: Group Encrypted Transport VPN (Get VPN) Design and Implementation Guide PDF 


Q27. Which three statements about implementing a NAT application layer gateway in a network are true? (Choose three.) 

A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used. 

B. It maintains granular security over application-specific data. 

C. It allows synchronization between multiple streams of data between two hosts. 

D. Application layer gateway is used only in VoIP/SIP deployments. 

E. Client applications require additional configuration to use an application layer gateway. 

F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network. 

Answer: A,B,C 

Explanation: 

An application-level gateway (ALG), also known as an application-layer gateway, is an application that translates the IP address information inside the payload of an application packet. An ALG is used to interpret the application-layer protocol and perform firewall and Network Address Translation (NAT) actions. These actions can be one or more of the following depending on your configuration of the firewall and NAT: 

. Allow client applications to use dynamic TCP or UDP ports to communicate with the server application. 

. Recognize application-specific commands and offer granular security control over them. 

. Synchronize multiple streams or sessions of data between two hosts that are exchanging data. 

. Translate the network-layer address information that is available in the application payload 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/nat-xe-3s-asr1k-book/fw-msrpc-supp.html 


Q28. Which ICMP message type is used to assist path MTU discovery? 

A. destination unreachable 

B. redirect message 

C. source quench 

D. time exceeded 

Answer:


Q29. Which trunking configuration between two Cisco switches can cause a security risk? 

A. configuring different native VLANs on the switches 

B. configuring different trunk modes on the switches 

C. configuring mismatched VLANs on the trunk 

D. disabling DTP on the trunk ports 

E. configuring incorrect channel-groups on the switches 

Answer:


Q30. Refer to the exhibit. 

Router R2 is learning the 192.168.1.0/24 network from R1 via EIGRP and eBGP. R2 then redistributes EIGRP into OSPF as metric-type 2 with default metrics. Which metric of the route in the R3 routing table? 

A. 20 

B. 30 

C. 110 

D. The route is not present in the R3 routing table. 

Answer:


To know more about the 400-101, click here.

Tagged as : Cisco 400-101 Dumps, Download 400-101 pdf, 400-101 VCE, 400-101 pass4sure, examcollection 400-101