Cisco 400-101 ExamCCIE Routing and Switching (v5.0)

Total Question: 745 Last Updated: Aug 16,2018
  • Updated 400-101 Dumps
  • Based on Real 400-101 Exams Scenarios
  • Free 400-101 pdf Demo Available
  • Check out our 400-101 Dumps in a new PDF format
  • Instant 400-101 download
  • Guarantee 400-101 success in first attempt
Package Select:

Questions & Answers PDF

Practice Test Software

Practice Test + PDF 30% Discount

Price: $65.95 $29.99

Buy Now Free Trial

Get Smart with 400 101 dumps

Q251. Which two statements about packet fragmentation on an IPv6 network are true? (Choose two.) 

A. The fragment header is 64 bits long. 

B. The identification field is 32 bits long. 

C. The fragment header is 32 bits long. 

D. The identification field is 64 bits long. 

E. The MTU must be a minimum of 1280 bytes. 

F. The fragment header is 48 bits long. 

Answer: A,B 

Explanation: 

The fragment header is shown below, being 64 bits total with a 32 bit identification field: 

Reference: http://www.openwall.com/presentations/IPv6/img24.html 


Q252. Which technology can be used to secure the core of an STP domain? 

A. UplinkFast 

B. BPDU guard 

C. BPDU filter 

D. root guard 

Answer:

Explanation: 

Since STP does not implement any authentication or encryption to protect the exchange of BPDUs, it is vulnerable to unauthorized participation and attacks. Cisco IOS offers the STP Root Guard feature to enforce the placement of the root bridge and secure the core of the STP domain. 

STP root guard forces a port to become a designated port so that no switch on the other end of the link can become a root switch. If a port configured for root guard receives a superior BPDU, the port it is received on is blocked. In this way, STP root guard blocks other devices from trying to become the root bridge. 

STP root guard should be enabled on all ports that will never connect to a root bridge, for example, all end user ports. This ensures that a root bridge will never be negotiated on those ports. 

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/secur ebasebook/sec_chap7.html 


Q253. Which statement about the BGP originator ID is true? 

A. The route reflector always sets the originator ID to its own router ID. 

B. The route reflector sets the originator ID to the router ID of the route reflector client that injects the route into the AS. 

C. The route reflector client that injects the route into the AS sets the originator ID to its own router ID. 

D. The originator ID is set to match the cluster ID. 

Answer:

Explanation: 

An RR reflecting the route received from a RR-Client adds: 

. Originator ID- a 4-byte BGP attribute that is created by the RR. This attribute carries the Router ID of the originator of the route in the local AS. If the update comes back to the originator, it ignores the update. 

. Cluster List- A Cluster List is a list of Cluster IDs that an update has traversed. When a route reflector sends a route received from a client to a non-client, it appends the local Cluster ID. If a route reflector receives a route whose Cluster List contains the local Cluster ID, it ignores the update. 

Reference: https://sites.google.com/site/amitsciscozone/home/bgp/bgp-route-reflectors 


Q254. RIPv2 is enabled on a router interface. The "neighbor" command is also configured with a specific IP address. Which statement describes the effect of this configuration? 

A. RIP stops sending multicast packets on that interface. 

B. RIP starts sending only unicast packets on that interface. 

C. RIP starts ignoring multicast packets on that interface. 

D. RIP starts sending unicast packets to the specified neighbor, in addition to multicast packets. 

Answer:


Q255. Refer to the exhibit. 

Which statement is true? 

A. There is an MPLS network that is running 6PE, and the ingress PE router has no mpls ip propagate-ttl. 

B. There is an MPLS network that is running 6VPE, and the ingress PE router has no mpls ip propagate-ttl. 

C. There is an MPLS network that is running 6PE or 6VPE, and the ingress PE router has mpls ip propagate-ttl. 

D. There is an MPLS network that is running 6PE, and the ingress PE router has mpls ip propagate-ttl. 

E. There is an MPLS network that is running 6VPE, and the ingress PE router has mpls ip propagate-ttl. 

Answer:

Explanation: 

The second hop shows and IPV6 address over MPLS, so we know that there is an MPLS network running 6PE or 6VPE. And because the second and third hops show up in the traceroute. Then TTL is being propagated because if the “no ip propagate-ttl” command was used these devices would be hidden in the traceroute. 


Q256. Refer to the exhibit. 

Which configuration is missing that would enable SSH access on a router that is running Cisco IOS XE Software? 

A. int Gig0/0/0 

management-interface 

B. class-map ssh-class 

match access-group protect-ssh 

policy-map control-plane-in 

class ssh-class 

police 80000 conform transmit exceed drop 

control-plane 

service-policy input control-plane-in 

C. control-plane host 

management-interface GigabitEthernet0/0/0 allow ssh 

D. interface Gig0/0/0 

ip access-group protect-ssh in 

Answer:

Explanation: 

The feature Management Plane Protection (MPP) allows an administrator to restrict on which interfaces management traffic can be received by a device. This allows the administrator additional control over a device and how the device is accessed. This example shows how to enable the MPP in order to only allow SSH and HTTPS on the GigabitEthernet0/1 interface: 

control-plane host 

management-interface GigabitEthernet 0/1 allow ssh https 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html 


Q257. Which two OSPF LSA types are flooded within the originating area? (Choose two.) 

A. type 1, Router LSA 

B. type 2, Network LSA 

C. type 3, Network Summary LSA 

D. type 4, ASBR Summary LSA 

E. type 6, Group Membership LSA 

F. type 9, Opaque LSA 

Answer: A,B 

Explanation: 

OSPF relies on several types of Link State Advertisements (LSAs) to communicate link state information between neighbors. A brief review of the most applicable LSA types: 

. Type 1 - Represents a router 

. Type 2 - Represents the pseudonode (designated router) for a multiaccess link 

. Type 3 - A network link summary (internal route) 

. Type 4 - Represents an ASBR 

. Type 5 - A route external to the OSPF domain 

. Type 7 - Used in stub areas in place of a type 5 LSA LSA types 1 and 2 are found in all areas, and are never flooded outside of an area. They are only flooded within the area that they originated from. 

Reference: http://packetlife.net/blog/2008/jun/24/ospf-area-types/ 


Q258. Refer to the exhibit. 

Which statement is true? 

A. The Cisco PfR state is UP; however, the external interface Et0/1 of border router 10.1.1.1 has exceeded the maximum available bandwidth threshold. 

B. The Cisco PfR state is UP; however, an issue is preventing the border router from establishing a TCP session to the master controller. 

C. The Cisco PfR state is UP and is able to monitor traffic flows; however, MD5 authentication has not been successful between the master controller and the border routers. 

D. The Cisco PfR State is UP; however, the receive capacity was not configured for inbound traffic. 

E. The Cisco PfR state is UP, and the link utilization out-of-policy threshold is set to 90 percent for traffic exiting the external links. 

Answer:

Explanation: 

All three interfaces show as UP, and the capacity is set to 500 kbps, with the max threshold set to 450 kbps (90% of 500kbps). 


Q259. Under which condition does UDP dominance occur? 

A. when TCP traffic is in the same class as UDP 

B. when UDP flows are assigned a lower priority queue 

C. when WRED is enabled 

D. when ACLs are in place to block TCP traffic 

Answer:


Q260. DRAG DROP 

Drag and drop the multicast protocol or feature on the left to the correct address space on the right. 

Answer: 


Related 400-101 Articles