Cause all that matters here is passing the Cisco 400-101 exam. Cause all that you need is a high score of 400-101 CCIE Routing and Switching (v5.0) exam. The only one thing you need to do is downloading Exambible 400-101 exam study guides now. We will not let you down with our money-back guarantee.

2021 Jul ccie 400-101 dump:

Q281. Which three EIGRP packet types are valid? (Choose three.) 

A. open 

B. notification 

C. keep-alive 

D. hello 

E. query 

F. reply 

Answer: D,E,F 

Explanation: 

EIGRP uses the following packet types: hello and acknowledgment, update, and query and reply. 

Hello packets are multicast for neighbor discovery/recovery and do not require acknowledgment. An acknowledgment packet is a hello packet that has no data. Acknowledgment packets contain a nonzero acknowledgment number and always are sent by using a unicast address. 

Update packets are used to convey reachability of destinations. When a new neighbor is discovered, unicast update packets are sent so that the neighbor can build up its topology table. In other cases, such as a link-cost change, updates are multicast. Updates always are transmitted reliably. 

Query and reply packets are sent when a destination has no feasible successors. Query packets are always multicast. Reply packets are sent in response to query packets to instruct the originator not to recompute the route because feasible successors exist. Reply packets are unicast to the originator of the query. Both query and reply packets are transmitted reliably. 

Reference: http://docwiki.cisco.com/wiki/Enhanced_Interior_Gateway_Routing_Protocol 


Q282. Which two statements about RSTP and MSTP BPDUs are true? (Choose two.) 

A. MSTP switches can detect boundary ports when they receive RSTP version 2 BPDUs. 

B. MSTP switches can detect boundary ports when they receive RSTP version 1 BPDUs. 

C. RSTP switches can process MSTP version 3 BPDUs. 

D. When all boundary switches are running RSTP, MST sends only version 0 configuration BPDUs. 

Answer: A,C 

Explanation: 

A switch running both MSTP and RSTP supports a built-in protocol migration mechanism that enables it to interoperate with legacy 802.1D switches. If this switch receives a legacy 802.1D configuration BPDU (a BPDU with the protocol version set to 0), it sends only 802.1D BPDUs on that port. An MST switch can also detect that a port is at the boundary of a region when it receives a legacy BPDU, an MST BPDU (version 3) associated with a different region, or an RST BPDU (version 2). 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_9_ea1/configuration/guide/scg/swmstp.html 


Q283. Refer to the exhibit. 


A tunnel is configured between R3 to R4 sourced with their loopback interfaces. The ip pim sparse-dense mode command is configured on the tunnel interfaces and multicast-routing is enabled on R3 and R4. The IP backbone is not configured for multicast routing. 

The RPF check has failed toward the multicast source. 

Which two conditions could have caused the failure? (Choose two.) 

A. The route back to the RP is through a different interface than tunnel 0. 

B. The backbone devices can only route unicast traffic. 

C. The route back to the RP is through the same tunnel interface. 

D. A static route that points the RP to GigabitEthernet1/0 is configured. 

Answer: A,D 

Explanation: 

.For a successful RPF verification of multicast traffic flowing over the shared tree (*,G) from RP, an ip mroute rp-address nexthop command needs to be configured for the RP address, that points to the tunnel interface. 

A very similar scenario can be found at the reference link below: 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/ip-multicast/43584-mcast-over-gre.html 


Q284. EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy rollover from an old key to a new key. Which two statements are true regarding the usage of multiple authentication keys? (Choose two.) 

A. Received packets are authenticated by the key with the smallest key ID. 

B. Sent packets are authenticated by all valid keys, which means that each packet is replicated as many times as the number of existing valid keys. 

C. Received packets are authenticated by any valid key that is chosen. 

D. Sent packets are authenticated by the key with the smallest key ID. 

Answer: C,D 

Explanation: 

Suppose two routers are connected with each other via Fa0/0 interfaces and they are configured to authenticate via MD5. Below is a simple configuration on both routers so that they will work: 

Router1(config)#key chain KeyChainR1 

Router1(config-keychain)#key 1 

Router1(config-keychain-key)#key-string FirstKey 

Router1(config-keychain-key)#key 2 

Router1(config-keychain-key)#key-string SecondKey 

Router2(config)#key chain KeyChainR2 

Router2(config-keychain)#key 1 

Router2(config-keychain-key)#key-string FirstKey 

Router2(config-keychain-key)#key 2 

Router2(config-keychain-key)#key-string SecondKey 

Apply these key chains to R1 & R2: 

Router1(config)#interface fastEthernet 0/0 

Router1(config-if)#ip authentication mode eigrp 1 md5 

Router1(config-if)#ip authentication key-chain eigrp 1 KeyChainR1 

Router2(config)#interface fastEthernet 0/0 

Router2(config-if)#ip authentication mode eigrp 1 md5 

Router2(config-if)#ip authentication key-chain eigrp 1 KeyChainR2 

There are some rules to configure MD5 authentication with EIGRP: 

+ The key chain names on two routers do not have to match (in this case the name “KeyChainR1 & “KeyChainR2 do not match) 

+ The key number and key-string on the two potential neighbors must match (for example “key 1 & “key-string FirstKey” must match on “key 1” & “key-string FirstKey” of neighboring router) Also some facts about MD5 authentication with EIGRP 

+ When sending EIGRP messages the lowest valid key number is used -> D is correct. 

+ When receving EIGRP messages all currently configured valid keys are verified but the lowest valid one will be used -> Although answer C does not totally mention like that but it is the most suitable answer because A and B are totally wrong. Answer A is not correct because we need valid key to authenticate. As mentioned above, although answer C is not totally correct but it puts some light on why 

answer B is not correct: each packet is NOT “replicated as many times as the number of existing valid keys”. All currently configured valid keys are verified but the lowest valid one will be used. 


Q285. Which two 802.1D port states are expected in a stable Layer 2 network? (Choose two.) 

A. forwarding 

B. learning 

C. listening 

D. blocking 

E. disabled 

Answer: A,D 


2passeasy.com

Most up-to-date lpi 101-400:

Q286. Which two statements best describes the difference between active mode monitoring and passive mode monitoring? (Choose two.) 

A. Active mode monitoring is the act of Cisco PfR gathering information on user packets assembled into flows by NetFlow. 

B. Active mode monitoring uses IP SLA probes for obtaining performance characteristics of the current exit WAN link. 

C. Passive mode monitoring uses IP SLA to generate probes for the purpose of obtaining information regarding the characteristics of the WAN links. 

D. Passive mode monitoring uses NetFlow for obtaining performance characteristics of the exit WAN links. 

Answer: B,D 


Q287. Which two options are differences between TACACS+ and RADIUS using AAA? (Choose two.) 

A. Only TACACS+ limits the protocols that are supported. 

B. Only RADIUS combines accounting and authentication. 

C. Only TACACS+ uses TCP. 

D. Only RADIUS combines authorization and accounting. 

E. Only RADIUS encrypts the password in packets from the client to the server. But leaves the body of the message unencrypted. 

Answer: C,E 


Q288. Which two features does the show ipv6 snooping features command show information about? (Choose two.) 

A. RA guard 

B. DHCP guard 

C. ND inspection 

D. source guard 

Answer: A,C 

Explanation: 

The show ipv6 snooping features command displays the first-hop features that are configured on the router. Examples 

The following example shows that both IPv6 NDP inspection and IPv6 RA guard are configured on the router: 

Router# show ipv6 snooping features 

Feature name priority state 

RA guard 100 READY 

NDP inspection 20 READY 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-s5.html 


Q289. Refer to the exhibit. 


Which statement is true? 

A. BGP peer 10.1.2.3 is performing inbound filtering. 

B. BGP peer 10.1.2.3 is a route reflector. 

C. R1 is a route reflector, but BGP peer 10.1.2.3 is not a route reflector client. 

D. R1 still needs to send an update to the BGP peer 10.1.2.3. 

Answer: D 

Explanation: 

On R1 the routing table version (Tbl Ver) for 10.1.2.3 is 1, other routers have version 2, so it needs to send an update to the 10.1.2.3 peer. 


Q290. Refer to the exhibit. 


Which option explains why the forwarding address is set to 0.0.0.0 instead of 110.100.1.1? 

A. The interface Ethernet0/1 is in down state. 

B. The next-hop ip address 110.100.1.1 is not directly attached to the redistributing router. 

C. The next-hop interface (Ethernet0/1) is specified as part of the static route command; therefore, the forwarding address is always set to 0.0.0.0. 

D. OSPF is not enabled on the interface Ethernet0/1. 

Answer: D 

Explanation: 

From the output of the “show ip ospf database” command (although this command is not shown) we can conclude this is an ASBR (with Advertising Router is itself) and E0/1 is the ASBR’s next hop interface for other routers to reach network 192.168.10.0. 

The Forwarding Address is determined by these conditions: 

* The forwarding address is set to 0.0.0.0 if the ASBR redistributes routes and OSPF is not enabled on the next hop interface for those routes. 

* These conditions set the forwarding address field to a non-zero address: 

+ OSPF is enabled on the ASBR’s next hop interface AND 

+ ASBR’s next hop interface is non-passive under OSPF AND 

+ ASBR’s next hop interface is not point-to-point AND 

+ ASBR’s next hop interface is not point-to-multipoint AND 

+ ASBR’s next hop interface address falls under the network range specified in the router ospf command. 

* Any other conditions besides these set the forwarding address to 0.0.0.0. 

-> We can see E0/1 interface is not running OSPF because it does not belong to network 110.110.0.0 0.0.255.255 which is declared under OSPF process -> F.A address is set to 0.0.0.0. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13682-10.html