Cisco 400-101 ExamCCIE Routing and Switching (v5.0)

Total Question: 427 Last Updated: Oct 11,2018
  • Updated 400-101 Dumps
  • Based on Real 400-101 Exams Scenarios
  • Free 400-101 pdf Demo Available
  • Check out our 400-101 Dumps in a new PDF format
  • Instant 400-101 download
  • Guarantee 400-101 success in first attempt
Package Select:

Questions & Answers PDF

Practice Test Software

Practice Test + PDF 30% Discount

Price: $65.95 $29.99

Buy Now Free Trial

Getting Smart with: exam 400 101

Want to know Exambible 400 101 pdf Exam practice test features? Want to lear more about Cisco CCIE Routing and Switching (v5.0) certification experience? Study Downloadable Cisco ccie 400 101 answers to Improved 400 101 vce questions at Exambible. Gat a success with an absolute guarantee to pass Cisco exam 400 101 (CCIE Routing and Switching (v5.0)) test on your first attempt.

Q451. Refer to the exhibit. 

Which IP packets will be accepted from EBGP neighbor 

A. IP packets with a TTL count in the header that is equal to or greater than 253 

B. IP packets with a TTL count in the header that is equal to 253 

C. IP packets with a TTL count in the header that is equal to or greater than 2 

D. IP packets with a TTL count in the header that is equal to 2 



neighbor ip-address ttl-security hops hop-count 


Router(config-router)# neighbor ttl-security hops 2 

Configures the maximum number of hops that separate two peers. 

. The hop-count argument is set to number of hops that separate the local and remote peer. 

If the expected TTL value in the IP packet header is 254, then the number 1 should be configured for the hop-count argument. The range of values is a number from 1 to 254. 

. When this feature is enabled, BGP will accept incoming IP packets with a TTL value that is 

equal to or greater than the expected TTL value. Packets that are not accepted are silently discarded. 

. The example configuration sets the expected incoming TTL value to at least 253, which is 255 minus the TTL value of 2, and this is the minimum TTL value expected from the BGP peer. The local router will accept the peering session from the neighbor only if it is 1 or 2 hops away. 


Q452. Which two tunneling techniques determine the IPv4 destination address on a per-packet basis? (Choose two.) 

A. 6to4 tunneling 

B. ISATAP tunneling 

C. manual tunneling 

D. GRE tunneling 

Answer: A,B 

Explanation: Tunnel Configuration Parameters by Tunneling Type 

Tunneling Type 

Tunnel Configuration Parameter 

Tunnel Mode 

Tunnel Source 

Tunnel Destination 

Interface Prefix or Address 



An IPv4 address, or a reference to an interface on which IPv4 is configured. 

An IPv4 address. 

An IPv6 address. 


gre ip 

An IPv4 address. 

An IPv6 address. 


ipv6ip auto-tunnel 

Not required. These are all point-to-multipoint tunneling types. The IPv4 destination address is calculated, on a per-packet basis, from the IPv6 destination. 

Not required. The interface address is generated as ::tunnel-source/96. 


ipv6ip 6to4 

An IPv6 address. The prefix must embed the tunnel source IPv4 address 


ipv6ip isatap 

An IPv6 prefix in modified eui-64 format. The IPv6 address is generated from the prefix and the tunnel source IPv4 address. 

Reference: p6-tunnel.html 

Q453. You are configuring a DMVPN spoke to use IPsec over a physical interface that is located within a VRF. For which three configuration sections must you specify the VRF name? (Choose three.) 

A. the ISAKMP profile 

B. the crypto keyring 

C. the IPsec profile 

D. the IPsec transform set 

E. the tunnel interface 

F. the physical interface 

Answer: B,E,F 


ip vrf forwardingvrf-name 


Router(config-if)# ip vrf forwarding green 

Associates a virtual private network (VPN) routing and forwarding (VRF) instance with an interface or subinterface. 

. vrf-name is the name assigned to a VRF. 

Router(config-if)# tunnel vrfvrf-name 


Router(config-if)# tunnel vrf finance1 

Associates a VPN routing and forwarding (VRF) instance with a specific tunnel destination. vrf-name is the name assigned to a VRF. 

Router(config)# crypto keyringkeyring-name [vrf fvrf-name] 

Defines a crypto keyring to be used during IKE authentication and enters keyring configuration mode. 

. keyring-name—Name of the crypto keyring. 

. fvrf-name—(Optional) Front door virtual routing and forwarding (FVRF) name to which the keyring will be referenced. fvrf-name must match the FVRF name that was defined during virtual routing and forwarding (VRF) configuration 

Q454. Which two discovery mechanism does LDP support? (Choose two.) 

A. strict 

B. extended 

C. loose 

D. targeted 

E. basic 

Answer: B,E 


Drag and drop the NetFlow Export feature on the left to the NetFlow version that first supported it on the right. 


Q456. Which two statements about VRRP are true? (Choose two.) 

A. It is assigned multicast address 

B. The TTL for VRRP packets must be 255. 

C. It is assigned multicast address 

D. Its IP protocol number is 115. 

E. Three versions of the VRRP protocol have been defined. 

F. It supports both MD5 and SHA1 authentication. 

Answer: A,B 


Drag and drop the path-selection criteria on the left into the correct route-selection order on the right, that a router will use when having multiple routes toward the same destination. 


Q458. Which three modes are valid for forming an EtherChannel between the ports of two switches? (Choose three.) 

A. Active/active 

B. Active/passive 

C. Passive/passive 

D. Auto/auto 

E. Auto/desirable 

F. Desirable/on 

Answer: A,B,E 


To configure an EtherChannel using LACP negotiation, each side must be set to either active or passive; only interfaces configured in active mode will attempt to negotiate an EtherChannel. Passive interfaces merely respond to LACP requests. PAgP behaves the same, but its two modes are refered to as desirable and auto. 


Q459. Refer to the exhibit. 

Which action will solve the error state of this interface when connecting a host behind a Cisco IP phone? 

A. Configure dot1x-port control auto on this interface 

B. Enable errdisable recovery for security violation errors 

C. Enable port security on this interface 

D. Configure multidomain authentication on this interface 



In single-host mode, a security violation is triggered when more than one device are detected on the data vlan. In multidomain authentication mode, a security violation is triggered when more than one device are detected on the data or voice VLAN. Here we see that single host mode is being used, not multidomain mode. 



Drag each GETVPN component on the left to its function on the right. 


Related 400-101 Articles