★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/400-101-dumps.html


It is more faster and easier to pass the Cisco 400-101 exam by using Downloadable Cisco CCIE Routing and Switching (v5.0) questuins and answers. Immediate access to the Up to the minute 400-101 Exam and find the same core area 400-101 questions with professionally verified answers, then PASS your exam with a high score now.

2021 Mar 400-101 practice

Q91. What are two advantages to using Asynchronous mode instead of Demand mode for BFD? (Choose two.) 

A. Asynchronous mode requires half as many packets as Demand mode for failure detection. 

B. Asynchronous mode can be used in place of the echo function. 

C. Asynchronous mode supports a larger number of BFD sessions. 

D. Asynchronous mode requires one fourth as many packets as Demand mode for failure detection. 

E. Asynchronous mode’s round-trip jitter is less than that of Demand mode. 

Answer: A,B 

Explanation: 

Pure Asynchronous mode is advantageous in that it requires half as many packets to achieve a particular Detection Time as does the Echo function. It is also used when the Echo function cannot be supported for some reason. 

Reference: https://tools.ietf.org/html/rfc5880 


Q92. Refer to the exhibit. 

Which two options are effects of the given configuration? (Choose two.) 

A. It sets the data export destination to 209.165.200.227 on UDP port 49152. 

B. It enables Cisco Express Forwarding on interface FastEthernet0/0. 

C. It configures the export process to include the BGP peer AS of the router gathering the data. 

D. It enables NetFlow switching on interface FastEthernet0/0. 

E. It sets the data export destination to 209.165.200.227 on TCP port 49152. 

Answer: A,D 

Explanation: 

The “ip flow-export destination 209.165.200.227 49152” command specifies that the data export destination server is 209.165.200.227 using UDP port 49152. 

The “ip route-cache flow” command under the fastethernet 0/0 interface enable netflow switching on that interface. 


Q93. Which statement about NAT64 is true? 

A. NAT64 provides address family translation and translates IPv4 to IPv6 and IPv6 to IPv4. 

B. NAT64 provides address family translation and can translate only IPv6 to IPv4. 

C. NAT64 should be considered as a permanent solution. 

D. NAT64 requires the use of DNS64. 

Answer:


Q94. Refer to the exhibit. 

Which statement is true about a valid IPv6 address that can be configured on tunnel interface0? 

A. There is not enough information to calculate the IPv6 address. 

B. 6to4 tunneling allows you to use any IPv6 address. 

C. 2001:7DCB:5901::/128 is a valid IPv6 address. 

D. 2002:7DCB:5901::/128 is a valid IPv6 address. 

Answer:

Explanation: 

Most IPv6 networks use autoconfiguration, which requires the last 64 bits for the host. The first 64 bits are the IPv6 prefix. The first 16 bits of the prefix are always 2002:, the next 32 bits are the IPv4 address, and the last 16 bits of the prefix are available for addressing multiple IPv6 subnets behind the same 6to4 router. Since the IPv6 hosts using autoconfiguration already have determined the unique 64 bit host portion of their address, they must simply wait for a Router Advertisement indicating the first 64 bits of prefix to have a complete IPv6 address. A 6to4 router will know to send an encapsulated packet directly over IPv4 if the first 16 bits are 2002, using the next 32 as the destination, or otherwise send the packet to a well-known relay server, which has access to native IPv6. 

Reference: http://en.wikipedia.org/wiki/6to4 


Q95. Which two statements about the default router settings for SSH connections are true? (Choose two.) 

A. The default timeout value for the SSH negotiation phase is 120 seconds. 

B. Data is exchanged in clear text by default unless AAA authentication is enabled on the console. 

C. The default number of authentication retries is 3. 

D. SSH is enabled by default when you configure the username command. 

Answer: A,C 

Explanation: 

ip ssh {timeout seconds | authentication-retries number} 

Configures the SSH control parameters: 

. Specify the time-out value in seconds; the default is 120 seconds. The range is 0 to 120 seconds. This parameter applies to the SSH negotiation phase. After the connection is established, the Switch uses the default time-out values of the CLI-based sessions. By default, up to five simultaneous, encrypted SSH connections for multiple CLI-based sessions over the network are available (session 0 to session 4). After the execution shell starts, the CLI-based session time-out value returns to the default of 10 minutes. 

. Specify the number of times that a client can re-authenticate to the server. The default is 3; the range is 0 to 5. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/secur ity/configuration_guide/b_sec_3se_3850_cg/b_sec_3se_3850_cg_chapter_01000.html 


Update 400-101 free download:

Q96. Refer to the exhibit. 

Switch DSW1 should share the same MST region with switch DSW2. Which statement is true? 

A. Configure DSW1 with the same version number, and VLAN-to-instance mapping as shown on DSW2. 

B. Configure DSW1 with the same region name, number, and VLAN-to-instance mapping as shown on DSW2. 

C. DSW2 uses the VTP server mode to automatically propagate the MST configuration to DSW1. 

D. DSW1 is in VTP client mode with a lower configuration revision number, therefore, it automatically inherits MST configuration from DSW2. 

E. DSW1 automatically inherits MST configuration from DSW2 because they have the same domain name. 

Answer:


Q97. Which feature of Cisco IOS XE Software allows for platform-independent code abstraction? 

A. its security 

B. Common Management Enabling Technology 

C. the Linux-based environment 

D. its modularity 

Answer:


Q98. Which two options are BGP attributes that are updated when router sends an update to its eBGP peer? (Choose two.) 

A. weight 

B. local preference 

C. AS_path 

D. next-hop 

Answer: C,D 

Explanation: 

AS_Path describes the inter-AS path taken to reach a destination. It gives a list of AS Numbers traversed when reaching to a destination. Every BGP speaker when advertising a route to a peer will include its own AS number in the NLRI. The subsequent BGP speakers who advertise this route will add their own AS number to the AS_Path, the subsequent AS numbers get prepended to the list. The end result is the AS_Path attribute is able to describe all the autonomous systems it has traversed, beginning with the most recent AS and ending with the originating AS. 

NEXT_HOP Attribute specifies the next hop IP address to reach the destination advertised in the NLRI. NEXT_HOP is a well-known mandatory attribute that is included in every eBGP update. 

Reference: http://netcerts.net/bgp-path-attributes-and-the-decision-process/ 


Q99. Which statement about OSPF multiaccess segments is true? 

A. The designated router is elected first. 

B. The designated and backup designated routers are elected at the same time. 

C. The router that sent the first hello message is elected first. 

D. The backup designated router is elected first. 

Answer:

Explanation: 

According to the RFC, the BDR is actually elected first, followed by the DR. The RFC explains why: “The reason behind the election algorithm’s complexity is the desire for an orderly transition from Backup Designated Router to Designated Router, when the current Designated Router fails. This orderly transition is ensured through the introduction of hysteresis: no new Backup Designated Router can be chosen until the old Backup accepts its new Designated Router responsibilities. The above procedure may elect the same router to be both Designated Router and Backup Designated Router, although that router will never be the calculating router (Router X) itself.” 

Reference: http://www.ietf.org/rfc/rfc2328.txt – Page 76 


Q100. Which two statements about the ipv6 ospf authentication command are true? (Choose two.) 

A. The command is required if you implement the IPsec AH header. 

B. The command configures an SPI. 

C. The command is required if you implement the IPsec TLV. 

D. The command can be used in conjunction with the SPI authentication algorithm. 

E. The command must be configured under the OSPFv3 process. 

Answer: A,B 

Explanation: 

OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP extension headers can be used to provide authentication and confidentiality to OSPFv3. To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be applied alone or in combination with the AH, and when ESP is used, both encryption and authentication are provided. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html