★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/400-101-dumps.html


Q391. Which two statements about NetFlow are true? (Choose two.) 

A. It must be configured on each router in a network. 

B. It supports ATM LAN emulation. 

C. The existing network is unaware that NetFlow is running. 

D. It uses SIP to establish sessions between neighbors. 

E. It provides resource utilization accounting. 

Answer: C,E 

Explanation: 

NetFlow identifies packet flows for both ingress and egress IP packets. It does not involve any connection-setup protocol, either between routers or to any other networking device or end station. NetFlow does not require any change externally--either to the packets themselves or to any networking device. NetFlow is completely transparent to the existing network, including end stations and application software and network devices like LAN switches. Also, NetFlow capture and export are performed independently on each internetworking device; NetFlow need not be operational on each router in the network. NetFlow data provides fine-grained metering for highly flexible and detailed resource utilization accounting. For example, flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service, and application ports. Service providers might utilize the information for billing based on time-of-day, bandwidth usage, application usage, or quality of service. Enterprise customers might utilize the information for departmental chargeback or cost allocation for resource utilization. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/12-4t/nf-12-4t-book/ios-netflow-ov.html 


Q392. Refer to the exhibit. 

Which two statements about the VPN solution are true? (Choose two.) 

A. Customer A and customer B will exchange routes with each other. 

B. R3 will advertise routes received from R1 to R2. 

C. Customer C will communicate with customer A and B. 

D. Communication between sites in VPN1 and VPN2 will be blocked. 

E. R1 and R2 will receive VPN routes advertised by R3. 

Answer: C,E 

Explanation: 

+ VPN1 exports 10:1 while VPN3 imports 10:1 so VPN3 can learn routes of VPN1. 

+ VNP1 imports 10:1 while VNP3 export 10:1 so VNP1 can learn routes of VPN3. 

-> Customer A can communicate with Customer C 

+ VPN2 exports 20:1 while VPN3 imports 20:1 so VPN3 can learn routes of VPN2. 

+ VPN2 imports 20:1 while VPN3 exports 20:1 so VPN2 can learn routes of VPN3. 

-> Customer B can communicate with Customer C 

Therefore answer C is correct. 

Also answer E is correct because R1 & R2 import R3 routes. 

Answer A is not correct because Customer A & Customer B do not import routes which are exported by other router. Customer A & B can only see Customer C. 

Answer B is not correct because a router never exports what it has learned through importation. It only exports its own routes. 

Answer D is correct because two VPN1 and VPN2 cannot see each other. Maybe in this question there are three correct answers. 


Q393. Refer to the exhibit. 

The spokes of the DMVPN with the given configuration are having QoS issues. 

Which two actions can you take to resolve the problem? (Choose two.) 

A. Configure qos pre-classify on the tunnel interface. 

B. Configure an NHRP group on the tunnel interface and associate it to a QoS policy. 

C. Modify the configuration of the IPsec policy to accept QoS policies. 

D. Manually configure a QoS policy on the serial interface. 

E. Configure the bandwidth statement on the tunnel interface. 

F. Configure the bandwidth statement on the serial interface. 

Answer: A,B 

Explanation: 

It is possible to classify based on information that is encrypted, which is needed in this example. You can use an access-list, configured to match the private subnet behind the remote spoke. The qos pre-classify command is used on the tunnel interface, and is required because the traffic is classified by a parameter that is encrypted as the traffic leaves the physical outbound interface. L4 information from the IP data packet can also classify traffic destined to the same private subnet. The “nhrp map group group-name service-policy output parent-policy-name” command adds the NHRP group to the QoS policy map on the hub. 


Q394. Which three values can you use to configure an ERSPAN destination session? (Choose three.) 

A. VLAN ID 

B. source IP address 

C. destination IP address 

D. ID number 

E. VRF 

F. session name 

Answer: B,D,E 


Q395. Which two options are the two main phases of PPPoE? (Choose two.) 

A. Active Discovery Phase 

B. IKE Phase 

C. Main Mode Phase 

D. PPP Session Phase 

E. Aggressive Mode Phase 

F. Negotiation Phase 

Answer: A,D 

Explanation: 

PPPoE is composed of two main phases: 

Active Discovery Phase — In this phase, the PPPoE client locates a PPPoE server, called an access concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established. 

PPP Session Phase — In this phase, PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers. 

Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-pppoe.html 


Q396. You are configuring a DMVPN hub to perform CBWFQ on a per-spoke basis. Which information is used to identify the spoke? 

A. the NHRP network ID 

B. the spoke tunnel source IP 

C. the spoke tunnel interface IP address 

D. the NHRP group 

Answer:


Q397. Which statement about MSS is true? 

A. It is negotiated between sender and receiver. 

B. It is sent in all TCP packets. 

C. It is 20 bytes lower than MTU by default. 

D. It is sent in SYN packets. 

E. It is 28 bytes lower than MTU by default. 

Answer:

Explanation: 

The maximum segment size (MSS) is a parameter of the Options field of the TCP header that specifies the largest amount of data, specified in octets, that a computer or communications device can receive in a single TCP segment. It does not count the TCP header or the IP header. The IP datagram containing a TCP segment may be self-contained within a single packet, or it may be reconstructed from several fragmented pieces; either way, the MSS limit applies to the total amount of data contained in the final, reconstructed TCP segment. The default TCP Maximum Segment Size is 536. Where a host wishes to set the maximum segment size to a value other than the default, the maximum segment size is specified as a TCP option, initially in the TCP SYN packet during the TCP handshake. The value cannot be changed after the connection is established. 

Reference: http://en.wikipedia.org/wiki/Maximum_segment_size 


Q398. Which statement describes the difference between a stub area and a totally stub area? 

A. The ABR advertises a default route to a totally stub area and not to a stub area. 

B. Stub areas do not allow LSA types 4 and 5, while totally stub areas do not allow LSA types 3, 4, and 5. 

C. Totally stub areas allow limited external routes in the area via a special type 7 LSA, while stub areas do not. 

D. Stub areas do not allow external LSAs, ASBR summary LSAs, or summary LSAs with the exception of a default route originated by the ABR via a summary LSA. 

Answer:

Explanation: 

. Standard areas can contain LSAs of type 1, 2, 3, 4, and 5, and may contain an ASBR. The backbone is considered a standard area. 

. Stub areas can contain type 1, 2, and 3 LSAs. A default route is substituted for external routes. 

. Totally stubby areas can only contain type 1 and 2 LSAs, and a single type 3 LSA. The type 3 LSA describes a default route, substituted for all external and inter-area routes. 

. Not-so-stubby areas implement stub or totally stubby functionality yet contain an ASBR. Type 7 LSAs generated by the ASBR are converted to type 5 by ABRs to be flooded to the rest of the OSPF domain. 

Reference: http://packetlife.net/blog/2008/jun/24/ospf-area-types/ 


Q399. Which authentication method does OSPFv3 use to secure communication between neighbors? 

A. plaintext 

B. MD5 HMAC 

C. PKI 

D. IPSec 

Answer:

Explanation: 

In order to ensure that OSPFv3 packets are not altered and re-sent to the device, causing the device to behave in a way not desired by its system administrators, OSPFv3 packets must be authenticated. OSPFv3 uses the IPsec secure socket API to add authentication to OSPFv3 packets. This API supports IPv6. OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html 


Q400. Which three options are three of the default EIGRP administrative distances? (Choose three.) 

A. Internal, 90 

B. External, 170 

C. Summary, 5 

D. Outside Local, 100 

E. Inside Local, 180 

F. Inside Global, 1 

Answer: A,B,C 

Explanation: 

The following table lists the default administrative distances for various routing protocols used on Cisco routers. 

Routing Protocol 

Administrative distance 

Directly connected interface 

Static route out an interface 

Static route to next-hop address 

DMNR - Dynamic Mobile Network Routing 

EIGRP summary route 

External BGP 

20 

Internal EIGRP 

90 

IGRP 

100 

OSPF 

110 

IS-IS 

115 

Routing Information Protocol (RIP) 

120 

Exterior Gateway Protocol (EGP) 

140 

On Demand Routing (ODR) 

160 

External EIGRP 

170 

Internal BGP 

200 

Floating Static Route (ex. DHCP-learned) 

254 

Unknown 

255 

Reference: http://en.wikipedia.org/wiki/Administrative_distance