Cause all that matters here is passing the Cisco 400-101 exam. Cause all that you need is a high score of 400-101 CCIE Routing and Switching (v5.0) exam. The only one thing you need to do is downloading Ucertify 400-101 exam study guides now. We will not let you down with our money-back guarantee.

2021 Aug ccie written exam:

Q541. Refer to the exhibit. 

Routers R1, R2, and R3 are configured as shown, and traffic from R2 fails to reach 

Which action can you take to correct the problem? 

A. Correct the static route on R1. 

B. Correct the default route on R2. 

C. Edit the EIGRP configuration of R3 to enable auto-summary. 

D. Correct the network statement for on R3. 

Answer: A 


On R1 we see there is a wrongly configured static route: ip route It should be ip route 

Q542. Refer to the exhibit. 

If the remaining configuration uses default values, what is the expected output of the show mls qos queue-set command? 





A. Exhibit A 

B. Exhibit B 

C. Exhibit C 

D. Exhibit D 

Answer: A 


mls qos queue-set output qset-idthreshold queue-id drop-threshold1 drop-threshold2 reserved-threshold maximum-threshold 

Configure the WTD thresholds, guarantee the availability of buffers, and configure the maximum memory allocation for the queue-set (four egress queues per port). 

By default, the WTD thresholds for queues 1, 3, and 4 are set to 100 percent. The thresholds for queue 2 are set to 200 percent. The reserved thresholds for queues 1, 2, 3, 

and 4 are set to 50 percent. The maximum thresholds for all queues are set to 400 percent. 

. For qset-id , enter the ID of the queue-set specified in Step 2. The range is 1 to 2. 

. For queue-id , enter the specific queue in the queue-set on which the command is performed. The range is 1 to 4. 

. For drop-threshold1 drop-threshold2 , specify the two WTD thresholds expressed as a percentage of the queue’s allocated memory. Th e range is 1 to 3200 percent. 

. For reserved-threshold , enter the amount of memory to be guaranteed (reserved) for the queue expressed as a percentage of the allocated memory. The range is 1 to 100 percent. 

. For maximum-threshold , enable a queue in the full condition to obtain more buffers than are reserved for it. This is the maximum memory the queue can have before the packets are dropped if the common pool is not empty. The range is 1 to 3200 percent 

Reference: 2-2_55_se/configuration/guide/3750xscg/swqos.html 


Drag each IS-IS command on the left to its effect on the right. 


Q544. Which three statements about GET VPN are true? (Choose three.) 

A. It encrypts WAN traffic to increase data security and provide transport authentication. 

B. It provides direct communication between sites, which reduces latency and jitter. 

C. It can secure IP multicast, unicast, and broadcast group traffic. 

D. It uses a centralized key server for membership control. 

E. It enables the router to configure tunnels. 

F. It maintains full-mesh connectivity for IP networks. 

Answer: A,B,D 


Cisco GET VPN Features and Benefits 


Description and Benefit 

Key Services 

Key Servers are responsible for ensuring that keys are granted to authenticated and authorized devices only. They maintain the freshness of the key material, pushing re-key messages as well as security policies on a regular basis. The chief characteristics include: 

. Key Servers can be located centrally, granting easy control over membership. 

. Key Servers are not in the "line of fire" - encrypted application traffic flows directly between VPN end points without a bottleneck or an additional point of failure. 

. Supports both local and global policies, applicable to all members in a group - such as "Permit any any", a policy to encrypt all traffic. 

. Supports IP Multicast to distribute and manage keys, for improved efficiency; Unicast is also supported where IP Multicast is not possible. 

Scalability and Throughput 

. The full mesh nature of the solution allows devices to communicate directly with each other, without requiring transport through a central hub; this minimizes extra encrypts and decrypts at the hub router; it also helps minimize latency and jitter. 

. Efficient handling of IP Multicast traffic by using the core network for replication can boost effective throughput further 


Provides data security and transport authentication, helping to meet security compliance and internal regulation by encrypting all WAN traffic 


Q545. In IPv6 Path MTU Discovery, which ICMP message is sent by an intermediary router that requires a smaller MTU? 

A. Time Exceeded, with code 1 (fragment reassembly time exceeded) 

B. Packet Too Big 

C. Destination Unreachable, with code 4 (the datagram is too big) 

D. Multicast Termination Router 

Answer: B

Improve ccie written dumps 400-101:

Q546. Refer to the exhibit. 

You are configuring the S1 switch for the switch port that connects to the client computer. Which configuration blocks users on the port from using more than 6 Mbps of traffic and marks the traffic for a class of service of 1? 





A. Exhibit A 

B. Exhibit B 

C. Exhibit C 

D. Exhibit D 

Answer: A 


Only option A specified that the exceed and violate actions are set to drop for traffic over the CIR of 6 Mbps, and is also configured to set all traffic with a COS of 1 using the “set cos1” command. 

Q547. Refer to the exhibit. 

You have just created a new VRF on PE3. You have enabled debug ip bgp vpnv4 unicast updates on PE1, and you can see the route in the debug, but not in the BGP VPNv4 table. 

Which two statements are true? (Choose two.) 

A. VPNv4 is not configured between PE1 and PE3. 

B. address-family ipv4 vrf is not configured on PE3. 

C. After you configure route-target import 999:999 for a VRF on PE3, the route will be accepted. 

D. PE1 will reject the route due to automatic route filtering. 

E. After you configure route-target import 999:999 for a VRF on PE1, the route will be accepted. 

Answer: D,E 


The route target extended community for VPLS auto-discovery defines the import and export policies that a VPLS instance uses. The export route target sets an extended community attribute number that is appended to all routes that are exported from the VPLS instance. The import route target value sets a filter that determines the routes that are accepted into the VPLS instance. Any route with a value in its import route target contained in its extended attributes field matching the value in the VPLS instance’s import route target are accepted. Otherwise the route is rejected. 

Q548. Which two functions are performed by the DR in OSPF? (Choose two.) 

A. The DR originates the network LSA on behalf of the network. 

B. The DR is responsible for the flooding throughout one OSPF area. 

C. The DR forms adjacencies with all other OSPF routers on the network, in order to synchronize the LSDB across the adjacencies. 

D. The DR is responsible for originating the type 4 LSAs into one area. 

Answer: A,C 


The DR originates the network LSA (LSA Type 2) which lists all the routers on the segment it is adjacent to -> A is correct. Types 2 are ooded within its area only; does not cross ABR -> B is incorrect. The broadcast and non-broadcast network types elect a DR/BDR. They form adjacencies to all other OSPF routers on the network and help synchronize the Link State Database (LSDB) across the adjacencies -> C is correct. LSAs Type 4 are originated by the ABR to describe an ASBR to routers in other areas so that routers in other areas know how to get to external routes through that ASBR -> D is incorrect. 

Q549. Which three features are considered part of the IPv6 first-hop security suite? (Choose three.) 

A. DNS guard 

B. destination guard 

C. DHCP guard 

D. ICMP guard 

E. RA guard 

F. DoS guard 

Answer: B,C,E 


Cisco IOS has (at least) these IPv6 first-hop security features: IPv6 RA Guard rejects fake RA messages coming from host (non-router) ports (not sure whether it handles all possible IPv6 header fragmentation attacks). Interestingly, it can also validate the contents of RA messages (configuration flags, list of prefixes) received through router-facing ports, potentially giving you a safeguard against an attack of fat fingers. DHCPv6 Guard blocks DHCPv6 messages coming from unauthorized DHCPv6 servers and relays. Like IPv6 RA Guard it also validates the DHCPv6 replies coming from authorized DHCPv6 servers, potentially providing protection against DHCPv6 server misconfiguration. IPv6 Snooping and device tracking builds a IPv6 First-Hop Security Binding Table (nicer name for ND table) by monitoring DHCPv6 and ND messages as well as regular IPv6 traffic. The binding table can be used to stop ND spoofing (in IPv4 world we’d call this feature DHCP Snooping and Dynamic ARP Inspection). IPv6 Source Guard uses the IPv6 First-Hop Security Binding Table to drop traffic from unknown sources or bogus IPv6 addresses not in the binding table. The switch also tries to recover from lost address information, querying DHCPv6 server or using IPv6 neighbor discovery to verify the source IPv6 address after dropping the offending packet(s). IPv6 Prefix Guard is denies illegal off-subnet traffic. It uses information gleaned from RA messages and IA_PD option of DHCPv6 replies (delegated prefixes) to build the table of valid prefixes. IPv6 Destination Guard drops IPv6 traffic sent to directly connected destination addresses not in IPv6 First-Hop Security Binding Table, effectively stopping ND exhaustion attacks. 


Q550. Which BGP feature enables you to install a backup path in the forwarding table? 

A. soft reconfiguration 

B. prefix independent convergence 

C. route refresh 

D. synchronization 

Answer: B 


To install a backup path into the forwarding table and provide prefix independent convergence (PIC) in case of a PE-CE link failure, use the additional-paths install backup command in an appropriate address family configuration mode. To prevent installing the backup path, use the no form of this command. To disable prefix independent convergence, use the disable keyword.