★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/400-101-dumps.html


Exambible provide the Cisco Cisco exam questions along with answers which together with highest standards involving accuracy. Our certified subject matter experts are focused to the development with the Cisco 400-101 exam dumps. We make certain you will achieve the Cisco 400-101 exam through using our Cisco Cisco practice questions and answers. In case our Cisco certification exam demos dont prove virtually any help for the Cisco exam preparation, you can acquire advantage of your money-back policy.

2021 Dec ccie written exam:

Q471. Refer to the exhibit. 

Which two statements are true? (Choose two.) 

A. This router is not 4-byte autonomous system aware. 

B. This router is 4-byte autonomous system aware. 

C. The prefix 10.100.1.1/32 was learned through an autonomous system number with a length of 4 bytes, and this router is 4-byte autonomous system aware. 

D. The prefix 10.100.1.1/32 was learned through an autonomous system number with a length of 4 bytes, and this router is not 4-byte autonomous system aware. 

E. The prefix 10.100.1.1/32 was originated from a 4-byte autonomous system. 

Answer: A,D 

Explanation: 

Prior to January 2009, BGP autonomous system (AS) numbers that were allocated to companies were 2-octet numbers in the range from 1 to 65535 as described in RFC 4271, A Border Gateway Protocol 4 (BGP-4). Due to increased demand for AS numbers, the Internet Assigned Number Authority (IANA) started to allocate four-octet AS numbers in the range from 65536 to 4294967295. RFC 5396, Textual Representation of Autonomous System (AS) Numbers, documents three methods of representing AS numbers. Cisco has implemented the following two methods: 

. Asplain — Decimal value notation where both 2-byte and 4-byte AS numbers are represented by their decimal value. For example, 65526 is a 2-byte AS number and 234567 is a 4-byte AS number. 

. Asdot — Autonomous system dot notation where 2-byte AS numbers are represented by their decimal value and 4-byte AS numbers are represented by a dot notation. For example, 65526 is a 2-byte AS number and 1.169031 is a 4-byte AS number (this is dot notation for the 234567 decimal number). 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-4byte-asn.html 


Q472. Which statement about VRRP is true? 

A. It supports load balancing. 

B. It can be configured with HSRP on a switch or switch stack. 

C. It supports IPv4 and IPv6. 

D. It supports encrypted authentication. 

Answer:

Explanation: 

VRRP Limitations 

. You can configure both HSRP and VRRP on a switch or switch stack. However, you cannot add a switch model that supports only one protocol to a stack that is configured for both protocols. 

. The VRRP implementation on the switch does not support the MIB specified in RFC 2787. 

. The VRRP implementation on the switch supports only text -based authentication. 

. The switch supports VRRP only for IPv4. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/1 2-2_58_se/configuration/guide/3750xscg/swhsrp.html#pgfId-1107127 


Q473. Which two improvements do SIA-Query and SIA-Reply messages add to EIGRP? (Choose two.) 

A. Stuck-in-active conditions are solved faster. 

B. They prevent a route from going into the stuck-in-active state. 

C. They help in the localization of the real failure in the network. 

D. The EIGRP adjacency between two neighbors never goes down. 

Answer: A,C 


Q474. A configuration includes the line ip route 10.0.0.0 255.0.0.0 172.16.10.10 permanent. 

Which option is a benefit of configuring this static route as permanent? 

A. It allows the route to be redistributed into the network even if the outgoing interface is down. 

B. It allows the route to be saved in the running configuration of the device. 

C. It places a hidden tag on the route that can be matched on other devices. 

D. It allows the route to have a tracking status even if no tracking object is configured. 

Answer:


Q475. You are configuring Wireshark on a Cisco Catalyst 4500E Switch with a Supervisor 8. Which three actions can you take to prevent the capture from overloading the CPU? (Choose three.) 

A. Attach the specific ports that are part of the data path. 

B. Use an in-line filter. 

C. Use an appropriate ACL. 

D. Add memory to the Supervisor. 

E. Reconfigure the buffers to accommodate the additional traffic. 

F. Configure a policy map, class map, and an access list to express the match conditions. 

Answer: A,B,C 

Explanation: 

Because packet forwarding typically occurs in hardware, packets are not copied to the CPU for software processing. For Wireshark packet capture, packets are copied and delivered to the CPU, which causes an increase in CPU usage. To avoid high CPU, do the following: 

. Attach only relevant ports. 

. Use a class map, and secondarily, an access list to express match conditions. If neither is viable, use an explicit, in-line filter. 

. Adhere closely to the filter rules. Restrict the traffic type (such as, IPv4 only) with a restrictive, rather than relaxed ACL, which elicits unwanted traffic. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-2/XE_340/configuration/guide/config/wireshrk.pdf 


Renew ccie pdf download:

Q476. With AutoInstall, which mechanism allows for automatic addressing of the serial interface using HDLC? 

A. ARP 

B. BOOTP 

C. DHCP 

D. SLARP 

Answer:


Q477. Which three options must be configured when deploying OSPFv3 for authentication? (Choose three.) 

A. security parameter index 

B. crypto map 

C. authentication method 

D. IPsec peer 

E. encryption algorithm 

F. encryption key 

G. IPsec transform-set 

H. authentication key 

Answer: A,C,H 


Q478. Which three condition types can be monitored by crypto conditional debug? (Choose three.) 

A. Peer hostname 

B. SSL 

C. ISAKMP 

D. Flow ID 

E. IPsec 

F. Connection ID 

Answer: A,D,F 

Explanation: 

Supported Condition Types 

The new crypto conditional debug CLIs--debug crypto condition, debug crypto condition unmatched, and show crypto debug-condition--allow you to specify conditions (filter values) in which to generate and display debug messages related only to the specified conditions. The table below lists the supported condition types. 

Table 1 Supported Condition Types for Crypto Debug CLI 

Condition Type (Keyword) 

Description 

connid 1 

An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the connection ID to interface with the crypto engine. 

flowid 1 

An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the flow-ID to interface with the crypto engine. 

FVRF 

The name string of a virtual private network (VPN) routing and forwarding (VRF) instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its front-door VRF (FVRF). 

IVRF 

The name string of a VRF instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its inside VRF (IVRF). 

peer group 

A Unity group-name string. Relevant debug messages will be shown if the peer is using this group name as its identity. 

peer hostname 

A fully qualified domain name (FQDN) string. Relevant debug messages will be shown if the peer is using this string as its identity; for example, if the peer is enabling IKE Xauth with this FQDN string. 

peeripaddress 

A single IP address. Relevant debug messages will be shown if the current IPSec operation is related to the IP address of this peer. 

peer subnet 

A subnet and a subnet mask that specify a range of peer IP addresses. Relevant debug messages will be shown if the IP address of the current IPSec peer falls into the specified subnet range. 

peer username 

A username string. Relevant debug messages will be shown if the peer is using this username as its identity; for example, if the peer is enabling IKE Extended Authentication (Xauth) with this username. 

SPI 1 

A 32-bit unsigned integer. Relevant debug messages will be shown if the current IPSec operation uses this value as the SPI. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-crypto-debug-sup.html 


Q479. Which two statements about a network running MPLS VPN with IS-IS IGP are true? (Choose two.) 

A. IS-IS traffic engineering uses wide metric TLV type 135 with an up/down bit to define a leaked route. 

B. IS-IS traffic engineering uses wide metric TLV type 128 with an internal/external bit and an up/down bit to define a leaked route. 

C. IS-IS traffic engineering uses wide metric TLV type 130 with an internal/external bit and an up/down bit to define a leaked route. 

D. If the IS-IS up/down bit is set to 1, the leaked route originated in the L1 area. 

E. The MPLS VPN IS-IS core is inherently protected against IP-based attacks. 

Answer: A,E 


Q480. Which two statements about TCP are true? (Choose two.) 

A. TCP option must be divisible by 32. 

B. It has a 16-bit window size. 

C. Its maximum data offset is fifteen 32-bit words. 

D. It has a 32-bit window size. 

E. Its maximum data offset is ten 32-bit words. 

F. It has a 32-bit checksum field. 

Answer: B,C