★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/400-101-dumps.html


Exam Code: 400-101 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Routing and Switching (v5.0)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 400-101 Exam.

2021 Nov ccie written dumps 400-101:

Q241. Which two statements best describe the difference between active mode monitoring and passive mode monitoring? (Choose two.) 

A. Passive mode monitoring uses IP SLA to generate probes for the purpose of obtaining information regarding the characteristics of the WAN links. 

B. Active mode monitoring is the act of Cisco PfR gathering information on user packets assembled into flows by NetfFow. 

C. Active mode monitoring uses IP SLA probes for obtaining performance characteristics of the current exit WAN link. 

D. Passive mode monitoring uses NetFlow for obtaining performance characteristics of the exit WAN links. 

Answer: C,D 

Explanation: 

. Passive and Active Monitoring 

Passive monitoring is the act of OER gathering information on user packets assembled into flows by NetFlow. OER, when enabled, automatically enables NetFlow on the managed interfaces on the border routers. By aggregating this information on the border routers and periodically reporting the collected data to the master controller, the network prefixes and applications in use can automatically be learned. Additionally, attributes like throughput, reachability, loading, packet loss, and latency can be deduced from the collected flows. Active monitoring is the act of generating IP SLA probes to generate test traffic for the purpose of obtaining information regarding the characteristics of the WAN links. Active probes can either be implicitly generated by OER when passive monitoring has identified destination hosts, or explicitly configured by the network manager in the OER configuration. 

Reference: http://products.mcisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/Transport_div ersity/Transport_Diversity_PfR.html#wp199209 


Q242. What is the hop limit for an MLD message? 

A. 1 

B. 2 

C. 15 

D. 255 

Answer:

Explanation: 

MLD uses the Internet Control Message Protocol (ICMP) to carry its messages. All MLD messages are link-local with a hop limit of 1, and they all have the alert option set. The alert option implies an implementation of the hop-by-hop option header. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_lsm/configuration/xe-3s/imc-lsm-xe-3s-book/ipv6-mcast-mld-xe.html 


Q243. Which attribute is not part of the BGP extended community when a PE creates a VPN-IPv4 route while running OSPF between PE-CE? 

A. OSPF domain identifier 

B. OSPF route type 

C. OSPF router ID 

D. MED 

E. OSPF network type 

Answer:

Explanation: 

By process of elimination, from RFC 4577: 

For every address prefix that was installed in the VRF by one of its associated OSPF instances, the PE must create a VPN-IPv4 route in BGP. Each such route will have some of the following Extended Communities attributes: 

– The OSPF Domain Identifier Extended Communities attribute. If the OSPF instance that installed the route has a non-NULL primary Domain Identifier, this MUST be present; if that OSPF instance has only a NULL Domain Identifier, it MAY be omitted. 

– OSPF Route Type Extended Communities Attribute. This attribute MUST be present. It is encoded with a two-byte type field, and its type is 0306. 

– OSPF Router ID Extended Communities Attribute. This OPTIONAL attribute specifies the OSPF Router ID of the system that is identified in the BGP Next Hop attribute. More precisely, it specifies the OSPF Router Id of the PE in the OSPF instance that installed the route into the VRF from which this route was exported. 

– MED (Multi_EXIT_DISC attribute). By default, this SHOULD be set to the value of the OSPF distance associated with the route, plus 1. 

Reference: https://tools.ietf.org/html/rfc4577 


Q244. DRAG DROP 

Drag and drop the router preference on the left to the correct routing sequence (from most preferred to least preferred) on the right. 

Answer: 


Q245. Which statement about WAN Ethernet Services is true? 

A. Rate-limiting can be configured per EVC. 

B. Point-to-point processing and encapsulation are performed on the customer network. 

C. Ethernet multipoint services function as a multipoint-to-multipoint VLAN-based connection. 

D. UNIs can perform service multiplexing and all-in-one bundling. 

Answer:

Explanation: 

The MEF has defined a set of bandwidth profiles that can be applied at the UNI or to an EVC. A bandwidth profile is a limit on the rate at which Ethernet frames can traverse the UNI or the EVC. 

Reference: http://www.ciscopress.com/articles/article.asp?p=101367&seqNum=2 


Down to date ccie dumps 400-101:

Q246. What is a key advantage of Cisco GET VPN over DMVPN? 

A. Cisco GET VPN provides zero-touch deployment of IPSEC VPNs. 

B. Cisco GET VPN supports certificate authentication for tunnel establishment. 

C. Cisco GET VPN has a better anti-replay mechanism. 

D. Cisco GET VPN does not require a secondary overlay routing infrastructure. 

Answer:

Explanation: 

DMVPN requires overlaying a secondary routing infrastructure through the tunnels, which results in suboptimal routing while the dynamic tunnels are built. The overlay routing topology also reduces the inherent scalability of the underlying IP VPN network topology. Traditional point-to-point IPsec tunneling solutions suffer from multicast replication issues because multicast replication must be performed before tunnel encapsulation and encryption at the IPsec CE (customer edge) router closest to the multicast source. Multicast replication cannot be performed in the provider network because encapsulated multicasts appear to the core network as unicast data. Cisco’s Group Encrypted Transport VPN (GET VPN) introduces the concept of a trusted group to eliminate point-to-point tunnels and their associated overlay routing. All group members (GMs) share a common security association (SA), also known as a group SA. This enables GMs to decrypt traffic that was encrypted by any other GM. (Note that IPsec CE acts as a GM.) In GET VPN networks, there is no need to negotiate point-to- point IPsec tunnels between the members of a group, because GET VPN is “tunnel-less.” 

Reference: Group Encrypted Transport VPN (Get VPN) Design and Implementation Guide PDF 


Q247. Which switching technology can be used to solve reliability problems in a switched network? 

A. fragment-free mode 

B. cut-through mode 

C. check mode 

D. store-and-forward mode 

Answer:

Explanation: 

Characteristics of Store-and-Forward Ethernet Switching 

This section provides an overview of the functions and features of store-and-forward Ethernet switches. 

Error Checking 

Figure 1 shows a store-and-forward switch receiving an Ethernet frame in its entirety. At the end of that frame, the switch will compare the last field of the datagram against its own frame-check-sequence (FCS) calculations, to help ensure that the packet is free of physical and data-link errors. The switch then performs the forwarding process. Whereas a store-and-forward switch solves reliability issues by dropping invalid packets, cut-through devices forward them because they do not get a chance to evaluate the FCS before transmitting the packet. 

Figure 1. Ethernet Frame Entering a Store-and-Forward Bridge or Switch (from Left to Right) 

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5020-switch/white_paper_c11-465436.html 


Q248. Which two statements about BGP loop prevention are true? (Choose two.) 

A. Advertisements from PE routers with per-neighbor SOO configured include a Site of Origin value that is equal to the configured value of the BGP peering. 

B. If the configured Site of Origin value of a BGP peering is equal to the Site of Origin value on a route it receives, route advertisement is blocked to prevent a route loop. 

C. AS-override aids BGP loop prevention, but alternate loop prevention mechanisms are also necessary. 

D. Advertisements from the neighbors a BGP peering include a Site of Origin value that is separate from the configured value of the BGP peering. 

E. If the configured Site of Origin value of a BGP peering is greater than the Site of Origin value on a route it receives, route advertisement is blocked to prevent a route loop. 

F. If the configured Site of Origin value of a BGP peering is equal to the Site of Origin value on a route it receives, route advertisement is permitted. 

Answer: A,B 


Q249. In the DiffServ model, which class represents the lowest priority with the lowest drop probability? 

A. AF11 

B. AF13 

C. AF41 

D. AF43 

Answer:

Explanation: 

Assured Forwarding (AF) Behavior Group 

Class 1 

Class 2 

Class 3 

Class 4 

Low Drop 

AF11 (DSCP 10) 

AF21 (DSCP 18) 

AF31 (DSCP 26) 

AF41 (DSCP 34) 

Med Drop 

AF12 (DSCP 12) 

AF22 (DSCP 20) 

AF32 (DSCP 28) 

AF42 (DSCP 36) 

High Drop 

AF13 (DSCP 14) 

AF23 (DSCP 22) 

AF33 (DSCP 30) 

AF43 (DSCP 38) 

Reference: http://en.wikipedia.org/wiki/Differentiated_services 


Q250. Which two hashing algorithms can be used when configuring SNMPv3? (Choose two.) 

A. MD5 

B. SHA-1 

C. Blowfish 

D. DES 

E. AES 

F. SSL 

Answer: A,B 

Explanation: 

Note that SNMPv3 does not send passwords in clear-text and uses hash-based authentication with either MD5 or SHA1 functions (HMAC authentication – the packet conted is hashed along with authentication key to produce the authentication string). 

Reference: http://blog.ine.com/2008/07/19/snmpv3-tutorial/