★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/400-101-dumps.html


It is impossible to pass Cisco 400-101 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Cisco 400-101 practice questions. You will get a surprising result by our Down to date CCIE Routing and Switching (v5.0) practice guides.

2021 Mar 400-101 practice test

Q41. Refer to the exhibit. 

Which two issues can cause the interface VLAN10 to be down/down? (Choose two.) 

A. The VLAN is inactive or has been removed from the VLAN database. 

B. STP is in a forwarding state on the port. 

C. A Layer 2 access port is configured with VLAN10, but is in a down/down state. 

D. The autostate exclude feature was used on interface VLAN10. 

Answer: A,C 


Q42. Which technology can be used to secure the core of an STP domain? 

A. UplinkFast 

B. BPDU guard 

C. BPDU filter 

D. root guard 

Answer:

Explanation: 

Since STP does not implement any authentication or encryption to protect the exchange of BPDUs, it is vulnerable to unauthorized participation and attacks. Cisco IOS offers the STP Root Guard feature to enforce the placement of the root bridge and secure the core of the STP domain. 

STP root guard forces a port to become a designated port so that no switch on the other end of the link can become a root switch. If a port configured for root guard receives a superior BPDU, the port it is received on is blocked. In this way, STP root guard blocks other devices from trying to become the root bridge. 

STP root guard should be enabled on all ports that will never connect to a root bridge, for example, all end user ports. This ensures that a root bridge will never be negotiated on those ports. 

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/secur ebasebook/sec_chap7.html 


Q43. Refer to the exhibit. 

If a port is configured as shown and receives an untagged frame, of which VLAN will the untagged frame be a member? 

A. VLAN 1 

B. VLAN 2 

C. VLAN 3 

D. VLAN 4 

Answer:

Explanation: 

When typing: Switch(config-if)#switchport mode? 

access Set trunking mode to ACCESS unconditionally 

dynamic Set trunking mode to dynamically negotiate access or trunk mode 

trunk Set trunking mode to TRUNK unconditionally 

and 

Switch(config-if)#switchport mode dynamic? 

auto Set trunking mode dynamic negotiation parameter to AUTO 

desirable Set trunking mode dynamic negotiation parameter to DESIRABLE 

So if we configure Fa0/1 as dynamic auto mode, it will not initiate any negotitation but waiting for the other end negotiate to be a trunk with DTP. If the other end does not ask it to become a trunk then it will become an access port. Therefore when using the “show interface fastEthernet0/1 switchport” command we will see two output lines “ Administrative Mode. dynamic auto” and “Operational Mode. static access” Note. To set this port to VLAN 2 as the output above just use one additional command. “switchport access vlan 2”. 

Now back to our question, from the output we see that Fa0/1 is operating as an access port on VLAN 2 so if it receive untagged frame it will suppose that frame is coming from VLAN 2. 


Q44. Which three statements are functions that are performed by IKE phase 1? (Choose three.) 

A. It builds a secure tunnel to negotiate IKE phase 1 parameters. 

B. It establishes IPsec security associations. 

C. It authenticates the identities of the IPsec peers. 

D. It protects the IKE exchange by negotiating a matching IKE SA policy. 

E. It protects the identities of IPsec peers. 

F. It negotiates IPsec SA parameters. 

Answer: C,D,E 

Explanation: 

The basic purpose of IKE phase 1 is to authenticate the IPSec peers and to set up a secure channel between the peers to enable IKE exchanges. IKE phase 1 performs the following functions: 

. Authenticates and protects the identities of the IPSec peers 

. Negotiates a matching IKE SA policy between peers to protect the IKE exchange 

. Performs an authenticated Diffie-Hellman exchange with the end result of having matching shared secret keys 

. Sets up a secure tunnel to negotiate IKE phase 2 parameters 

Reference: http://www.ciscopress.com/articles/article.asp?p=25474&seqNum=7


Q45. Which two statements about BGP best-path selection are true? (Choose two.) 

A. The route with the highest local preference is preferred. 

B. The weight attribute is advertised to peers. 

C. The route with the lowest MED is preferred. 

D. A route that originates from iBGP peers is preferred. 

E. A route that originates from a router with a higher BGP router ID is preferred. 

F. The lowest weight advertised is preferred. 

Answer: A,C 


Up to the minute 400-101 simulations:

Q46. Refer to the exhibit. 

If OSPF is implemented on the network, which additional configuration is needed to allow traffic from host 10.4.1.15/24 to host 10.1.2.20/24? 

A. A virtual link between router 2 and router 4 

B. A virtual link between router 3 and router 4 

C. A virtual link between router 2 and router 3 

D. The current design allows traffic between the two hosts. 

Answer:

Explanation: 

This specific traffic from 10.4.1.0/24 to 10.1.2.0/24 would work because this traffic crosses only over the single OSPF area of 0.0.0.1. 

However, traffic from hosts on R4 to R1 would indeed need a virtual link, since area 0.0.0.2 is not connected to the backbone area of 0.0.0.0. 


Q47. Which three statements about EIGRP wide metrics are true? (Choose three.) 

A. The maximum metric is 65536. 

B. The default delay is 1,000,000 picoseconds. 

C. They allow up to 100 hops. 

D. They allow up to 256 hops. 

E. The default delay is 1,000,000 milliseconds. 

F. The maximum metric is 51200. 

Answer: A,B,C 


Q48. Which two options are ways in which an OSPFv3 router handles hello packets with a clear address-family bit? (Choose two.) 

A. IPv4 unicast packets are discarded. 

B. IPv6 unicast packets are discarded. 

C. IPv4 unicast packets are forwarded. 

D. IPv6 unicast packets are forwarded. 

Answer: A,D 

Explanation: 

A typical distance vector protocol saves the following information when computing the best path to a destination: the distance (total metric or distance, such as hop count) and the vector (the next hop). For instance, all the routers in the network in Figure 1 are running Routing Information Protocol (RIP). Router Two chooses the path to Network A by examining the hop count through each available path. 

Since the path through Router Three is three hops, and the path through Router One is two hops, Router Two chooses the path through One and discards the information it learned through Three. If the path between Router One and Network A goes down, Router Two loses all connectivity with this destination until it times out the route of its routing table (three update periods, or 90 seconds), and Router Three re-advertises the route (which occurs every 30 seconds in RIP). Not including any hold-down time, it will take between 90 and 120 seconds for Router Two to switch the path from Router One to Router Three. EIGRP, instead of counting on full periodic updates to re-converge, builds a topology table from each of its neighbor's advertisements (rather than discarding the data), and converges by either looking for a likely loop-free route in the topology table, or, if it knows of no other route, by querying its neighbors. Router Two saves the information it received from both Routers One and Three. It chooses the path through One as its best path (the successor) and the path through Three as a loop-free path (a feasible successor). When the path through Router One becomes unavailable, Router Two examines its topology table and, finding a feasible successor, begins using the path through Three immediately. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/16406-eigrp-toc.html 


Q49. Refer to the exhibit. 

While troubleshooting high CPU utilization of a Cisco Catalyst 4500 Series Switch, you notice the error message that is shown in the exhibit in the log file. 

What can be the cause of this issue, and how can it be prevented? 

A. The hardware routing table is full. Redistribute from BGP into IGP. 

B. The software routing table is full. Redistribute from BGP into IGP. 

C. The hardware routing table is full. Reduce the number of routes in the routing table. 

D. The software routing table is full. Reduce the number of routes in the routing table. 

Answer:

Explanation: 

L3HWFORWADING-2 

Error MessageC4K_L3HWFORWARDING-2-FWDCAMFULL:L3 routing table is full. 

Switching to software forwarding. 

The hardware routing table is full; forwarding takes place in the software instead. The switch performance might be degraded. 

Recommended Action: Reduce the size of the routing table. Enter the ip cef command to return to hardware forwarding. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/system/message/message/emsg.html 


Q50. Refer to the exhibit. 

Notice that debug ip bgp updates have been enabled. What can you conclude from the debug output? 

A. This is the result of the clear ip bgp 10.1.3.4 in command. 

B. This is the result of the clear ip bgp 10.1.3.4 out command. 

C. BGP neighbor 10.1.3.4 performed a graceful restart. 

D. BGP neighbor 10.1.3.4 established a new BGP session. 

Answer:

Explanation: 

If you enter the clear ip bgp out command for a BGP peer, that router resends its BGP prefixes to that peer. This does not cause a change in the best path on the receiving BGP peer. Hence, there is no change in the Table Version on that peer. 

When you run the debug ip bgp updates on the receiving router, you see: 

BGP(0): 10.1.3.4 rcvd UPDATE w/ attr: nexthop 10.1.3.4, origin i, metric 0, merged path 4, AS_PATH 

BGP(0): 10.1.3.4 rcvd 10.100.1.1/32...duplicate ignored 

The received update is recognized as a duplicate, so it is ignored and no best path change occurs. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116511-technote-tableversion-00.html