Cisco 400-101 ExamCCIE Routing and Switching (v5.0)

Total Question: 745 Last Updated: Sep 17,2018
  • Updated 400-101 Dumps
  • Based on Real 400-101 Exams Scenarios
  • Free 400-101 pdf Demo Available
  • Check out our 400-101 Dumps in a new PDF format
  • Instant 400-101 download
  • Guarantee 400-101 success in first attempt
Package Select:

Questions & Answers PDF

Practice Test Software

Practice Test + PDF 30% Discount

Price: $65.95 $29.99

Buy Now Free Trial

Facts about ccie 400 101

Q101. Which feature of Cisco IOS XE Software allows for platform-independent code abstraction? 

A. its security 

B. Common Management Enabling Technology 

C. the Linux-based environment 

D. its modularity 

Answer:


Q102. Which statement about the feasible distance in EIGRP is true? 

A. It is the maximum metric that should feasibly be considered for installation in the RIB. 

B. It is the minimum metric to reach the destination as stored in the topology table. 

C. It is the metric that is supplied by the best next hop toward the destination. 

D. It is the maximum metric possible based on the maximum hop count that is allowed. 

Answer:

Explanation: 

An EIGRP router advertises each destination it can reach as a route with an attached metric. This metric is called the route's reported distance (the term advertised distance has also been used in older documentation). A successor route for any given destination is chosen as having the lowest computed feasible distance; that is, the lowest sum of reported distance plus the cost to get to the advertising router. By default, an EIGRP router will store only the route with the best (lowest) feasible distance in the routing table (or, multiple routes with equivalent feasible distances). 

Reference: http://packetlife.net/blog/2010/aug/9/eigrp-feasible-successor-routes/ 


Q103. Refer to the exhibit. 

Which statement is true? 

A. IS-IS has been enabled on R4 for IPv6, single-topology. 

B. IS-IS has been enabled on R4 for IPv6, multitopology. 

C. IS-IS has been enabled on R4 for IPv6, single-topology and multitopology. 

D. R4 advertises IPv6 prefixes, but it does not forward IPv6 traffic, because the protocol has not been enabled under router IS-IS. 

Answer:

Explanation: 

When working with IPv6 prefixes in IS-IS, you can configure IS-IS to be in a single topology for both IPv4 and IPv6 or to run different topologies for IPv4 and IPv6. By default, IS-IS works in single-topology mode when activating IPv4 and IPv6. This means that the IS-IS topology will be built based on IS Reachability TLVs. When the base topology is built, then IPv4 prefixes (IP Reachability TLV) and IPv6 prefixes (IPv6 Reachability TLV) are added to each node as leaves, without checking if there is IPv6 connectivity between nodes. 

Reference: https://blog.initialdraft.com/archives/3381/ 


Q104. Which two statements about IOS and IOS XE are true? (Choose two.) 

A. IOS XE can upgrade and restart applications independently of IOS. 

B. Only IOS uses the FFM to provide separation between the control plane and the data plane. 

C. IOS XE provides improved functionality and an enhanced UI. 

D. Only IOS runs as a single daemon within the Linux OS. 

E. IOS XE provides additional system functions that run as multiple separate processes in the OS. 

Answer: A,E 


Q105. Refer to the exhibit. 

Which statement about the configuration is true? 

A. This configuration is incorrect because the dialer interface number must be the same as the dialer pool number. 

B. This configuration is missing an IP address on the dialer interface. 

C. This configuration is incorrect because the MTU must match the ppp-max-payload that is defined. 

D. This configuration represents a complete PPPoE client configuration on an Ethernet connection. 

Answer:


Q106. In IPv6 Path MTU Discovery, which ICMP message is sent by an intermediary router that requires a smaller MTU? 

A. Time Exceeded, with code 1 (fragment reassembly time exceeded) 

B. Packet Too Big 

C. Destination Unreachable, with code 4 (the datagram is too big) 

D. Multicast Termination Router 

Answer:


Q107. When EIGRP is used as the IPv4 PE-CE protocol, which two requirements must be configured before the BGP IPv4 address family can be configured? (Choose two.) 

A. the route distinguisher 

B. the virtual routing and forwarding instance 

C. the loopback interface 

D. the router ID 

Answer: A,B 

Explanation: 

A VRF must be created, and a route distinguisher and route target must be configured in order for the PE routers in the BGP network to carry EIGRP routes to the EIGRP CE site. The VRF must also be associated with an interface in order for the PE router to send routing updates to the CE router. Prerequisites Before this feature can be configured, MPLS and CEF must be configured in the BGP network, and multiprotocol BGP and EIGRP must be configured on all PE routers that provide VPN services to CE routers. 

Reference: 

http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/seipecec.html#wp1083316 


Q108. Refer to the exhibit. 

Which two statements about the R1 configuration are true? (Choose two.) 

A. The IP TTL value is copied to the MPLS field during label imposition. 

B. The structure of the MLPS network is hidden in a traceroute. 

C. The LDP session interval and hold times are configured for directly connected neighbors. 

D. R1 protects the session for 86400 seconds. 

E. All locally assigned labels are discarded. 

Answer: B,D 


Q109. Which statement describes the function of rekey messages? 

A. They prevent unencrypted traffic from passing through a group member before registration. 

B. They refresh IPsec SAs when the key is about to expire. 

C. They trigger a rekey from the server when configuring the rekey ACL. 

D. They authenticate traffic passing through a particular group member. 

Answer:

Explanation: 

Rekey messages are used to refresh IPsec SAs. When the IPsec SAs or the rekey SAs are about to expire, one single rekey message for a particular group is generated on the key server. No new IKE sessions are created for the rekey message distribution. The rekey messages are distributed by the key server over an existing IKE SA. Rekeying can use multicast or unicast messages. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-xe-3s-book/sec-get-vpn.html 


Q110. Which three condition types can be monitored by crypto conditional debug? (Choose three.) 

A. Peer hostname 

B. SSL 

C. ISAKMP 

D. Flow ID 

E. IPsec 

F. Connection ID 

Answer: A,D,F 

Explanation: 

Supported Condition Types 

The new crypto conditional debug CLIs--debug crypto condition, debug crypto condition unmatched, and show crypto debug-condition--allow you to specify conditions (filter values) in which to generate and display debug messages related only to the specified conditions. The table below lists the supported condition types. 

Table 1 Supported Condition Types for Crypto Debug CLI 

Condition Type (Keyword) 

Description 

connid 1 

An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the connection ID to interface with the crypto engine. 

flowid 1 

An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the flow-ID to interface with the crypto engine. 

FVRF 

The name string of a virtual private network (VPN) routing and forwarding (VRF) instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its front-door VRF (FVRF). 

IVRF 

The name string of a VRF instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its inside VRF (IVRF). 

peer group 

A Unity group-name string. Relevant debug messages will be shown if the peer is using this group name as its identity. 

peer hostname 

A fully qualified domain name (FQDN) string. Relevant debug messages will be shown if the peer is using this string as its identity; for example, if the peer is enabling IKE Xauth with this FQDN string. 

peeripaddress 

A single IP address. Relevant debug messages will be shown if the current IPSec operation is related to the IP address of this peer. 

peer subnet 

A subnet and a subnet mask that specify a range of peer IP addresses. Relevant debug messages will be shown if the IP address of the current IPSec peer falls into the specified subnet range. 

peer username 

A username string. Relevant debug messages will be shown if the peer is using this username as its identity; for example, if the peer is enabling IKE Extended Authentication (Xauth) with this username. 

SPI 1 

A 32-bit unsigned integer. Relevant debug messages will be shown if the current IPSec operation uses this value as the SPI. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-crypto-debug-sup.html 


Related 400-101 Articles