Our pass rate is high to 98.9% and the similarity percentage between our 400 101 dumps study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Cisco ccie 400 101 dumps exam in just one try? I am currently studying for the Cisco 400 101 ccie exam. Latest Cisco 400 101 dumps Test exam practice questions and answers, Try Cisco cisco 400 101 Brain Dumps First.
Q221. Refer to the exhibit.
Which configuration is missing that would enable SSH access on a router that is running Cisco IOS XE Software?
A. int Gig0/0/0
B. class-map ssh-class
match access-group protect-ssh
police 80000 conform transmit exceed drop
service-policy input control-plane-in
C. control-plane host
management-interface GigabitEthernet0/0/0 allow ssh
D. interface Gig0/0/0
ip access-group protect-ssh in
The feature Management Plane Protection (MPP) allows an administrator to restrict on which interfaces management traffic can be received by a device. This allows the administrator additional control over a device and how the device is accessed. This example shows how to enable the MPP in order to only allow SSH and HTTPS on the GigabitEthernet0/1 interface:
management-interface GigabitEthernet 0/1 allow ssh https
Q222. Which two options are requirements for Control-Plane Policing? (Choose two.)
A. Cisco Express Forwarding must be enabled globally.
B. Cisco Discovery Protocol must be disabled in the control plane.
C. A crypto policy must be installed.
D. A loopback address must be configured for device access.
E. A class map must be configured to identify traffic.
Q223. Refer to the exhibit.
Which prefixes will appear in the EIGRP topology table?
A. 10.0.0.0/8, 172.16.1.0/24, 192.168.0.0/16
B. 10.1.1.0/24, 10.1.2.0/24, 172.16.1.0/26, 192.168.1.0/26, 192.168.2.0/26
C. 10.1.1.0/24, 10.1.2.0/24, 172.16.1.0/26, 172.16.2.0/26, 192.168.1.0/26, 192.168.2.0/26
D. 10.1.1.1/24, 10.1.2.1/24, 172.16.1.1/26, 172, 192.168.1.1/26, 192.168.2.1/26
Q224. Refer to the exhibit.
R1 and R2 both advertise 10.50.1.0/24 to R3 and R4 as shown. R1 is the primary path. Which path does traffic take from the R4 data center to the file server?
A. All traffic travels from R4 to R2 to the file server.
B. All traffic travels from R4 to R3 to R1 to the file server.
C. Traffic is load-balanced from R4 to R2 and R3. Traffic that is directed to R3 then continues to R1 to the file server. Traffic that is directed to R2 continues to the file server.
D. All traffic travels from R4 to R2 to R1 to the file server.
Q225. Which two statements about SNMP are true? (Choose two.)
A. SNMPv3 provides privacy and access control.
B. All SNMP versions use get, getNext, and getBulk operations.
C. SNMPv3 uses encrypted community strings.
D. SNMPv1 and SNMPv2c use plaintext community strings.
E. All SNMP versions support bulk retrieval and detailed error messages.
Q226. Refer to the exhibit.
Which two possible network conditions can you infer from this configuration? (Choose two.)
A. The authentication parameters on R1 and R2 are mismatched.
B. R1 is using the default NTP source configuration.
C. R1 and R2 have established an NTP session.
D. R2 is configured as the NTP master with a stratum of 7.
Answer A. The NTP associations are not synced, it is only listed as a candidate because it was configured. Routing is not the issue, so it must be mismatched authentication parameters.
Answer B. NTP sets the source IP address for all NTP packets based on the address of the interface through which the NTP packets are sent. You can configure NTP to use a specific source IP address.
Q227. What is the preferred method to improve neighbor loss detection in EIGRP?
A. EIGRP natively detects neighbor down immediately, and no additional feature or configuration is required.
B. BFD should be used on interfaces that support it for rapid neighbor loss detection.
C. Fast hellos (subsecond) are preferred for EIGRP, so that it learns rapidly through its own mechanisms.
D. Fast hellos (one-second hellos) are preferred for EIGRP, so that it learns rapidly through its own mechanisms.
Bi-directional Forwarding Detection (BFD) provides rapid failure detection times between forwarding engines, while maintaining low overhead. It also provides a single, standardized method of link/device/protocol failure detection at any protocol layer and over any media.
Reference: “Bidirectional Forwarding Detection for EIGRP”
Q228. Which three statements about RIP timers are true? (Choose three.)
A. The default update timer is 30 seconds.
B. The default invalid timer is 180 seconds.
C. The default holddown timer is 180 seconds.
D. The default flush timer is 60 seconds.
E. The default scan timer is 60 seconds.
F. The default hello timer is 5 seconds.
The routing information protocol uses the following timers as part of its operation:
The update timer controls the interval between two gratuitous Response Message. By default the value is 30 seconds. The response message is broadcast to all its RIP enabled interface.
The invalid timer specifies how long a routing entry can be in the routing table without being updated. This is also called as expiration Timer. By default, the value is 180 seconds. After the timer expires the hop count of the routing entry will be set to 16, marking the destination as unreachable.
The flush timer controls the time between the route is invalidated or marked as unreachable and removal of entry from the routing table. By default the value is 240 seconds. This is 60 seconds longer than Invalid timer. So for 60 seconds the router will be advertising about this unreachable route to all its neighbors. This timer must be set to a higher value than the invalid timer.
The hold-down timer is started per route entry, when the hop count is changing from lower value to higher value. This allows the route to get stabilized. During this time no update can be done to that routing entry. This is not part of the RFC 1058. This is Cisco's implementation. The default value of this timer is 180 seconds.
Q229. Which action does route poisoning take that serves as a loop-prevention method?
A. It immediately sends routing updates with an unreachable metric to all devices.
B. It immediately sends routing updates with a metric of 255 to all devices.
C. It prohibits a router from advertising back onto the interface from which it was learned.
D. It advertises a route with an unreachable metric back onto the interface from which it was learned.
E. It poisons the route by tagging it uniquely within the network.
With route poisoning, when a router detects that one of its connected routes has failed, the router will poison the route by assigning an infinite metric to it and advertising it to neighbors.
Q230. Which two statements about private VLANs are true? (Choose two.)
A. Only one isolated VLAN can be mapped to a primary VLAN.
B. Only one community VLAN can be mapped to a primary VLAN.
C. Multiple isolated VLANs can be mapped to a primary VLAN.
D. Multiple community VLANs can be mapped to a primary VLAN.
An isolated VLAN is a secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports. You can configure only one isolated VLAN in a PVLAN domain. An isolated VLAN can have several isolated ports. The traffic from each isolated port also remains completely separate. Only one isolated VLAN can be mapped under a given primary VLAN. A community VLAN is a secondary VLAN that carries upstream traffic from the community ports to the promiscuous port and to other host ports in the same community. You can configure multiple community VLANs in a PVLAN domain. The ports within one community can communicate, but these ports cannot communicate with ports in any other community or isolated VLAN in the private VLAN.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus6000/sw/layer2/6x/b_6k_L ayer2_Config_6x/b_6k_Layer2_Config_602N12_chapter_011.html
To know more about the 400-101, click here.