★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/400-101-dumps.html
Are you planning to take the Cisco Cisco exam? Do you may need some preparatory components to help you pass the Cisco 400-101 exam? Maybe youve got purchased some practice materials via other resource. But the majority of the Cisco Cisco exam demos tend to be worthless for that real exam preparation. These people just squander your time and income in the approach that present you with the fake training materials.
2021 Dec ccie written exam:
Q321. DRAG DROP
Drag each spanning-tree feature on the left to the matching statement on the right.
Answer:
Q322. Which technology can be affected when switches are used that do not support jumbo frames?
A. 802.1x
B. BFD
C. OSPFv3
D. 802.1q
Answer: D
Explanation:
The 802.1Q tag is 4 bytes. Therefore, the resulting Ethernet frame can be as large as 1522 bytes. If jumbo frames are not supported, then typically the MTU on an Ethernet link needs to be lowered to 1496 to support this extra 802.1Q tag.
Q323. Refer to the exhibit.
You have just created a new VRF on PE3. You have enabled debug ip bgp vpnv4 unicast updates on PE1, and you can see the route in the debug, but not in the BGP VPNv4 table.
Which two statements are true? (Choose two.)
A. VPNv4 is not configured between PE1 and PE3.
B. address-family ipv4 vrf is not configured on PE3.
C. After you configure route-target import 999:999 for a VRF on PE3, the route will be accepted.
D. PE1 will reject the route due to automatic route filtering.
E. After you configure route-target import 999:999 for a VRF on PE1, the route will be accepted.
Answer: D,E
Explanation:
The route target extended community for VPLS auto-discovery defines the import and export policies that a VPLS instance uses. The export route target sets an extended community attribute number that is appended to all routes that are exported from the VPLS instance. The import route target value sets a filter that determines the routes that are accepted into the VPLS instance. Any route with a value in its import route target contained in its extended attributes field matching the value in the VPLS instance’s import route target are accepted. Otherwise the route is rejected.
Q324. Which two options are the two underlying protocols on which a DMVPN relies? (Choose two.)
A. IPsec
B. NHRP
C. GDOI
D. ISAKMP
E. SSL
F. NLRI
Answer: A,B
Q325. Refer to the exhibit.
While troubleshooting high CPU utilization of a Cisco Catalyst 4500 Series Switch, you notice the error message that is shown in the exhibit in the log file.
What can be the cause of this issue, and how can it be prevented?
A. The hardware routing table is full. Redistribute from BGP into IGP.
B. The software routing table is full. Redistribute from BGP into IGP.
C. The hardware routing table is full. Reduce the number of routes in the routing table.
D. The software routing table is full. Reduce the number of routes in the routing table.
Answer: C
Explanation:
L3HWFORWADING-2
Error MessageC4K_L3HWFORWARDING-2-FWDCAMFULL:L3 routing table is full.
Switching to software forwarding.
The hardware routing table is full; forwarding takes place in the software instead. The switch performance might be degraded.
Recommended Action: Reduce the size of the routing table. Enter the ip cef command to return to hardware forwarding.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/system/message/message/emsg.html
Improve ccie written dumps 400-101:
Q326. Refer to the exhibit.
Which statement describes what the authoritative flag indicates?
A. Authentication was used for the mapping.
B. R1 learned about the NHRP mapping from a registration request.
C. Duplicate mapping in the NHRP cache is prevented.
D. The registration request had the same flag set.
Answer: B
Explanation:
Show NHRP: Examples
The following is sample output from the show ip nhrp command:
Router# show ip nhrp
10.0.0.2 255.255.255.255, tunnel 100 created 0:00:43 expire 1:59:16
TypE. dynamic Flags: authoritative
NBMA address: 10.1111.1111.1111.1111.1111.1111.1111.1111.1111.11
10.0.0.1 255.255.255.255, Tunnel0 created 0:10:03 expire 1:49:56
TypE. static Flags: authoritative
The fields in the sample display are as follows:
Flags:
authoritative—Indicates that the NHRP information was obtained from the Next Hop Server or router that maintains the NBMA-to-IP address mapping for a particular destination.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html
Q327. Which configuration sets a minimum quality of service on a Layer 2 access switch?
A. mls qos cos override
mls qos cos 2
B. mls qos cos 2
C. mls qos trust cos
mls qos cos 2
D. mls qos trust cos
E. mls qos trust dscp
Answer: A
Explanation:
The mls qos cos override interface command must be used to ensure that untrusted CoS values are explicitly set 0 (default).
Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/Qo S-SRND-Book/QoSDesign.html
Q328. Refer to the exhibit.
Which statement about authentication on Router A is true?
A. The router will attempt to authenticate users against TACACS+ only.
B. The router will attempt to authenticate users against the local database only.
C. The router will attempt to authenticate users against the local database first, and fall back to TACACS+ if the local database authentication fails.
D. The router will authenticate users against the default database only.
E. The router will attempt to authenticate users against TACACS+ first, and fall back to the local database if the TACACS+ authentication fails.
Answer: E
Q329. Which three statements about bridge assurance are true? (Choose three.)
A. Bridge assurance must be enabled on both ends of a link.
B. Bridge assurance can be enabled on one end of a link or on both ends.
C. Bridge assurance is enabled on STP point-to-point links only.
D. Bridge assurance is enabled on STP multipoint links only.
E. If a bridge assurance port fails to receive a BPDU after a timeout, the port is put into a blocking state.
F. If a bridge assurance port fails to receive a BPDU after a timeout, the port is put into an error disabled state.
Answer: A,C,E
Explanation:
Bridge Assurance is enabled by default and can only be disabled globally. Also, Bridge Assurance can be enabled only on spanning tree network ports that are point-to-point links.
Finally, both ends of the link must have Bridge Assurance enabled.
With Bridge Assurance enabled, BPDUs are sent out on all operational network ports, including alternate and backup ports, for each hello time period. If the port does not receive a BPDU for a specified period, the port moves into the blocking state and is not used in the root port calculation. Once that port receives a BPDU, it resumes the normal spanning tree transitions.
Reference:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guid e/cli/CLIConfigurationGuide/SpanningEnhanced.html
Q330. Refer to the exhibit.
Which statement is true about a VPNv4 prefix that is present in the routing table of vrf one and is advertised from this router?
A. The prefix is advertised only with route target 100:1.
B. The prefix is advertised with route targets 100:1 and 100:2.
C. The prefix is advertised only with route target 100:3.
D. The prefix is not advertised.
E. The prefix is advertised with route targets 100:1, 100:2, and 100:3.
Answer: A
Explanation:
The route target used for prefix advertisements to other routers is defined on the route-target export command, which shows 100:1 in this case for VPNv4 routes.