Cisco 400-101 ExamCCIE Routing and Switching (v5.0)

Total Question: 745 Last Updated: Sep 17,2018
  • Updated 400-101 Dumps
  • Based on Real 400-101 Exams Scenarios
  • Free 400-101 pdf Demo Available
  • Check out our 400-101 Dumps in a new PDF format
  • Instant 400-101 download
  • Guarantee 400-101 success in first attempt
Package Select:

Questions & Answers PDF

Practice Test Software

Practice Test + PDF 30% Discount

Price: $65.95 $29.99

Buy Now Free Trial

400-101 pdf (271 to 280)

Verified of 400-101 real exam materials and preparation for Cisco certification for customers, Real Success Guaranteed with Updated 400-101 pdf dumps vce Materials. 100% PASS CCIE Routing and Switching (v5.0) exam Today!

2016 May 400-101 Study Guide Questions:

Q271. DRAG DROP 

Drag and drop the extended ping command field on the left to its usage on the right. 


Answer: 



Q272. For which three routing protocols can Cisco PfR provide direct route control? (Choose three.) 

A. OSPF 

B. IS-IS 

C. BGP 

D. EIGRP 

E. static routing 

F. ODR 

Answer: C,D,E 

Explanation: 

Q. Can you elaborate more on the Parent Route and why it's so important to PfR? 

A. Yes. For any route that PfR modifies or controls (BGP, Static, PIRO, EIGRP, PBR), having a Parent prefix in the routing table eliminates the possibility of a routing loop occurring. This is naturally a good thing to prevent in routed networks. 

Reference: http://docwiki.cisco.com/wiki/Performance_Routing_FAQs#Route_Control 


Q273. Now that we’ve generated the key, our next step would be to configure our vty lines for SSH access and specify which database we are going to use to provide authentication to the device. The local database on the router will do just fine for this example. 

LabRouter(config)#line vty 0 4 

LabRouter(config-line)#login local 

LabRouter(config-line)#transport input ssh 

5. You will need to create an account on the local router’s database to be used for authenticating to the device. This can be accomplished with these commands. LabRouter(config)#username XXXX privilege 15 secret XXXX 

Reference: http://blog.pluralsight.com/configure-secure-shell-ssh-on-cisco-router 


400-101 exam answers

Latest ccie 400-101 dump:

Q274. Which two features does the show ipv6 snooping features command show information about? (Choose two.) 

A. RA guard 

B. DHCP guard 

C. ND inspection 

D. source guard 

Answer: A,C 

Explanation: 

The show ipv6 snooping features command displays the first-hop features that are configured on the router. Examples 

The following example shows that both IPv6 NDP inspection and IPv6 RA guard are configured on the router: 

Router# show ipv6 snooping features 

Feature name priority state 

RA guard 100 READY 

NDP inspection 20 READY 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-s5.html 


Q275. Refer to the exhibit. 


Which configuration can you implement on PE-1 to allow CE-1 to receive delegated IPv6 prefixes? 

A) 

B) 

C) 

D) 

E) 

A. Exhibit A 

B. Exhibit B 

C. Exhibit C 

D. Exhibit D 

E. Exhibit E 

Answer: A 


Q276. Which two options are causes of out-of-order packets? (Choose two.) 

A. a routing loop 

B. a router in the packet flow path that is intermittently dropping packets 

C. high latency 

D. packets in a flow traversing multiple paths through the network 

E. some packets in a flow being process-switched and others being interrupt-switched on a transit router 

Answer: D,E 

Explanation: 

In traditional packet forwarding systems, using different paths have varying latencies that cause out of order packets, eventually resulting in far lower performance for the network application. Also, if some packets are process switched quickly by the routing engine of the router while others are interrupt switched (which takes more time) then it could result in out of order packets. The other options would cause packet drops or latency, but not out of order packets. 


400-101 free draindumps

Exact ccie 400-101 book:

Q277. DRAG DROP 

Drag and drop the path-selection criteria on the left into the correct route-selection order on the right, that a router will use when having multiple routes toward the same destination. 


Answer: 



Q278. What is a key advantage of Cisco GET VPN over DMVPN? 

A. Cisco GET VPN provides zero-touch deployment of IPSEC VPNs. 

B. Cisco GET VPN supports certificate authentication for tunnel establishment. 

C. Cisco GET VPN has a better anti-replay mechanism. 

D. Cisco GET VPN does not require a secondary overlay routing infrastructure. 

Answer: D 

Explanation: 

DMVPN requires overlaying a secondary routing infrastructure through the tunnels, which results in suboptimal routing while the dynamic tunnels are built. The overlay routing topology also reduces the inherent scalability of the underlying IP VPN network topology. Traditional point-to-point IPsec tunneling solutions suffer from multicast replication issues because multicast replication must be performed before tunnel encapsulation and encryption at the IPsec CE (customer edge) router closest to the multicast source. Multicast replication cannot be performed in the provider network because encapsulated multicasts appear to the core network as unicast data. Cisco’s Group Encrypted Transport VPN (GET VPN) introduces the concept of a trusted group to eliminate point-to-point tunnels and their associated overlay routing. All group members (GMs) share a common security association (SA), also known as a group SA. This enables GMs to decrypt traffic that was encrypted by any other GM. (Note that IPsec CE acts as a GM.) In GET VPN networks, there is no need to negotiate point-to- point IPsec tunnels between the members of a group, because GET VPN is “tunnel-less.” 

Reference: Group Encrypted Transport VPN (Get VPN) Design and Implementation Guide PDF 


Q279. When EIGRP is used as the IPv4 PE-CE protocol, which two requirements must be configured before the BGP IPv4 address family can be configured? (Choose two.) 

A. the route distinguisher 

B. the virtual routing and forwarding instance 

C. the loopback interface 

D. the router ID 

Answer: A,B 

Explanation: 

A VRF must be created, and a route distinguisher and route target must be configured in order for the PE routers in the BGP network to carry EIGRP routes to the EIGRP CE site. The VRF must also be associated with an interface in order for the PE router to send routing updates to the CE router. Prerequisites Before this feature can be configured, MPLS and CEF must be configured in the BGP network, and multiprotocol BGP and EIGRP must be configured on all PE routers that provide VPN services to CE routers. 

Reference: 

http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/seipecec.html#wp1083316 


Q280. Which three roles does a key server perform when used with GETVPN? (Choose three.) 

A. It authenticates group members. 

B. It manages security policies. 

C. It creates group keys. 

D. It distributes multicast replication policies. 

E. It distributes multicast replication keys. 

F. It configures and routes the GDOI protocol. 

Answer: A,B,C 

Explanation: 

Key server is responsible for maintaining security policies, authenticating the Group Members and providing the session key for encrypting traffic. KS authenticates the individual GMs at the time of registration. Only after successful registration the GMs can participate in group SA. 

Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/deployment_guide_c07_554713.html 


Related 400-101 Articles