Exam Code: 400-101 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Routing and Switching (v5.0)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 400-101 Exam.

2021 Jun 400-101 Study Guide Questions:

Q191. Which two statements about GLBP are true? (Choose two.) 

A. Packets are forwarded by multiple routers that share one virtual IP address. 

B. The active router forwards packets received on one virtual IP and MAC address. 

C. The standby router forwards packets when the active router fails. 

D. Hosts on the network are configured with multiple gateways for load balancing. 

E. Routers in a GLBP group can share multiple virtual MAC addresses. 

Answer: A,E 

Q192. Which multicast protocol uses source trees and RPF? 


B. PIM sparse mode 



Answer: A 


DVMRP builds a parent-child database using a constrained multicast model to build a forwarding tree rooted at the source of the multicast packets. Multicast packets are initially flooded down this source tree. If redundant paths are on the source tree, packets are not forwarded along those paths. Forwarding occurs until prune messages are received on those parent-child links, which further constrains the broadcast of multicast packets. 

Reference: DVMRP and dense-mode PIM use only source trees and use RPF as previously described. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swmcast.html 

Q193. Which three steps are necessary to enable SSH? (Choose three.) 

A. generating an RSA or DSA cryptographic key 

B. configuring the version of SSH 

C. configuring a domain name 

D. configuring VTY lines for use with SSH 

E. configuring the port for SSH to listen for connections 

F. generating an AES or SHA cryptographic key 

Answer: A,C,D 


Here are the steps: 

1. Configure a hostname for the router using these commands. 

yourname#configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

yourname (config)#hostname LabRouter 


2. Configure a domain name with the ip domain-name command followed by whatever you would like your domain name to be. I used CiscoLab.com. 

LabRouter(config)#ip domain-name CiscoLab.com 

3. We generate a certificate that will be used to encrypt the SSH packets using the crypto key generate rsa command. 

Take note of the message that is displayed right after we enter this command. “The name for the keys will bE. LabRouter.CiscoLab.com” — it combines the hostname of the router along with the domain name we configured to get the name of the encryption key generated; this is why it was important for us to, first of all, configure a hostname then a domain name before we generated the keys. 

Notice also that it asks us to choose a size of modulus for the key we’re about to generate. 

The higher the modulus, the stronger the encryption of the key. For our example, we’ll use a modulus of 1024. 


Most recent lpi 101-400:

Q194. Which object tracking function tracks the combined states of multiple objects? 

A. application 

B. interface 

C. stub-object 

D. list 

Answer: D 

Q195. Refer to the exhibit. 

What does the return code 3 represent in this output? 

A. The mapping of the replying router for the FEC is different. 

B. The packet is label-switched at stack depth. 

C. The return code is reserved. 

D. The upstream index is unknown. 

E. The replying router was the proper egress for the FEC. 

Answer: E 


Return Codes The Return Code is set to zero by the sender. The receiver can set it to one of the values listed below. The notation <RSC> refers to the Return Subcode. This field is filled in with the stack-depth for those codes that specify that. For all other codes, the Return Subcode MUST be set to zero. 

Value Meaning 

0 No return code 

1 Malformed echo request received 

2 One or more of the TLVs was not understood 

3 Replying router is an egress for the FEC at stack-depth <RSC> 

4 Replying router has no mapping for the FEC at stack-depth <RSC> 

Reference: https://www.ietf.org/rfc/rfc4379.txt 

Q196. The OSPF database of a router shows LSA types 1, 2, 3 and 7 only. Which type of area is this router connected to? 

A. backbone area 

B. totally stubby area 

C. stub area 

D. not-so-stubby area 

Answer: D 


Tested lpi 101-400:


Drag and drop each GET VPN feature on the left to the corresponding function it performs on the right. 


Q198. You are backing up a server with a 1 Gbps link and a latency of 2 ms. Which two statements about the backup are true? (Choose two.) 

A. The bandwidth delay product is 2 Mb. 

B. The default TCP send window size is the limiting factor. 

C. The default TCP receive window size is the limiting factor. 

D. The bandwidth delay product is 500 Mb. 

E. The bandwidth delay product is 50 Mb. 

Answer: A,C 


1 Gbps is the same as 1000 Mbps, and 1000Mb x .0002 = 2 Mbps. With TCP based data transfers, the receive window is always the limiting factor, as the sender is generally able to send traffic at line rate, but then must wait for the acknowledgements to send more data. 

Q199. Refer to the exhibit. 

This is the configuration of the ASBR of area 110.Which option explains why the remote ABR should not translate the type 7 LSA for the prefix into a type 5 LSA? 

A. The remote ABR translates all type 7 LSA into type 5 LSA, regardless of any option configured in the ASBR. 

B. The ASBR sets the forwarding address to which instructs the ABR not to translate the LSA into a type 5 LSA. 

C. The ASBR originates a type 7 LSA with age equal to MAXAGE 3600. 

D. The ABR clears the P bit in the header of the type 7 LSA for 

Answer: D 


When external routing information is imported into an NSSA, LSA Type 7 is generated by the ASBR and it is flooded within that area only. To further distribute the external information, type 7 LSA is translated into type 5 LSA at the NSSA border. The P-bit in LSA Type 7 field indicates whether the type 7 LSA should be translated. This P-bit is automatically set by the NSSA ABR (also the Forwarding Address (FA) is copied from Type 7 LSA). The P-bit is not set only when the NSSA ASBR and NSSA ABR are the same router for the area. If bit P = 0, then the NSSA ABR must not translate this LSA into Type 5. 

The nssa-only keyword instructs the device to instigate Type-7 LSA with cleared P-bit, thereby, preventing LSA translation to Type 5 on NSSA ABR device. 

Note. If a router is attached to another AS and is also an NSSA ABR, it may originate a both a type-5 and a type-7 LSA for the same network. The type-5 LSA will be flooded to the backbone and the type-7 will be flooded into the NSSA. If this is the case, the P-bit must be reset (P=0) in the type-7 LSA so the type-7 LSA isn’t again translated into a type-5 LSA by another NSSA ABR. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-e/iro-15-e-book/iro-ospfv3-nssa-cfg.html 

Q200. Which two statements about SoO checking in EIGRP OTP deployments are true? (Choose two). 

A. During the import process, the SoO value in BGP is checked against the SoO value of the site map. 

B. During the reception of an EIGRP update, the SoO value in the EIGRP update is checked against the SoO value of the site map on the ingress interface. 

C. At the ingress of the PE/CE link, the SoO in the EIGRP update is checked against the SoO within the PE/CE routing protocol. 

D. At the egress of the PE/CE link, the SoO is checked against the SoO within the PE/CE routing protocol. 

E. The SoO is checked at the ingress of the backdoor link. 

F. The SoO is checked at the egress of the backdoor link. 

Answer: A,B 


. SoO checking: 

– During the import process the SoO value in BGP update is checked against the SoO value of the site-map attached to VRF interface. The update is propagated to CE only if there is no match (this check is done regardless of protocol used on PE/CE link). 

– At reception of EIGRP update, the SoO value in the EIGRP update is checked against the SoO value of site-map attached to the incoming interface. This update is accepted only if there is no match (this check can optionally be done on backdoor router). 

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ip-routing/whitepaper_C11-730404.html