It is impossible to pass Cisco 400-101 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed Cisco 400-101 practice questions. You will get a surprising result by our Abreast of the times CCIE Routing and Switching (v5.0) practice guides.

2021 Sep cisco 400-101:

Q361. Refer to the exhibit. 


Which three statements about the device with this configuration are true? (Choose three.) 

A. Multiple AFIs are configured on the device. 

B. The authentication on 172.16.129.7 is configured incorrectly. 

C. The device is configured to support MPLS VPNs. 

D. This device is configured with a single AFI. 

E. The authentication on 172.16.129.4 is configured incorrectly. 

F. The device is configured to support L2VPNs. 

Answer: A,B,C 


Q362. Refer to the exhibit. 


How can Router X in AS70000 peer with Router Y in AS65000, in case Router Y supports only 2-byte ASNs? 

A. Router X should be configured with a remove-private-as command, because this will establish the peering session with a random private 2-byte ASN. 

B. It is not possible. Router Y must be upgraded to an image that supports 4-byte ASN. 

C. Router Y should be configured with a 4-byte AS using the local-as command. 

D. Router X should be configured with a 2-byte AS using the local-as command. 

Answer: D 

Explanation: 

Since router Y does not support 4-byte ASN,s it will not understand any AS numbers larger than 65535, so router X should use the local-as command on the peering statement to router Y to so that it sends in a 2-byte ASN to router Y. 


Q363. Which two options are the two main phases of PPPoE? (Choose two.) 

A. Active Discovery Phase 

B. IKE Phase 

C. Main Mode Phase 

D. PPP Session Phase 

E. Aggressive Mode Phase 

F. Negotiation Phase 

Answer: A,D 

Explanation: 

PPPoE is composed of two main phases: 

Active Discovery Phase — In this phase, the PPPoE client locates a PPPoE server, called an access concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established. 

PPP Session Phase — In this phase, PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers. 

Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-pppoe.html 


Q364. In a PfR environment, which two statements best describe the difference between active mode monitoring and fast mode monitoring? (Choose two.) 

A. Active mode monitoring can monitor and measure actual traffic via NetFlow data collection. 

B. Fast mode monitoring can measure bursty traffic better than active mode. 

C. Active mode monitoring uses IP SLA probes for the purpose of obtaining performance characteristics of the current WAN exit link. 

D. Fast mode monitoring uses IP SLA probes via all valid exits continuously to quickly determine an alternate exit link. 

Answer: C,D 

Explanation: 

Active Monitoring 

PfR uses Cisco IOS IP Service Level Agreements (SLAs) to enable active monitoring. IP SLAs support is enabled by default. IP SLAs support allows PfR to be configured to send active probes to target IP addresses to measure the jitter and delay, determining if a prefix is out-of-policy and if the best exit is selected. The border router collects these performance statistics from the active probe and transmits this information to the master controller. 

Fast Failover Monitoring 

Fast failover monitoring enables passive and active monitoring and sets the active probes to continuously monitor all the exits (probe-all). Fast failover monitoring can be used with all types of active probes: Internet Control Message Protocol (ICMP) echo, jitter, TCP connection, and UDP echo. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pfr/command/pfr-cr-book/pfr-s1.html 


Q365. Refer to the exhibit. 


Which two statements about this configuration are true? (Choose two.) 

A. Spoke devices will be dynamically added to the NHRP mappings. 

B. The next-hop server address must be configured to 172.168.1.1 on all spokes. 

C. The next-hop server address must be configured to 192.168.1.1 on all spokes. 

D. R1 will create a static mapping for each spoke. 

Answer: A,C 

Explanation: 

NHRP is a client/server model protocol which is defined by RFC2332. The hub is considered to be the Next Hop Server (NHS) and the spokes are considered to be the Next Hop Client (NHC). The hub must be configured as the next-hop server. NHRP provides a mapping between the inside and outside address of a tunnel endpoint. These mappings can be static or dynamic. In a dynamic scenario, a next-hop server (NHS) is used to maintain a list of possible tunnel endpoints. Each endpoint using the NHS registers its own public and private mapping with the NHS. The local mapping of the NHS must always be static. It is important to note that the branch points to the inside or protected address of the NHS server. This scenario is an example of dynamic mappings. 

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG/DMV PN_2_Phase2.html 


400-101  exam cram

Avant-garde 400-101 ccie routing and switching pdf:

Q366. Which two statements about the ipv6 ospf authentication command are true? (Choose two.) 

A. The command is required if you implement the IPsec AH header. 

B. The command configures an SPI. 

C. The command is required if you implement the IPsec TLV. 

D. The command can be used in conjunction with the SPI authentication algorithm. 

E. The command must be configured under the OSPFv3 process. 

Answer: A,B 

Explanation: 

OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP extension headers can be used to provide authentication and confidentiality to OSPFv3. To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be applied alone or in combination with the AH, and when ESP is used, both encryption and authentication are provided. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html 


Q367. Which two statements about VPLS are true? (Choose two.) 

A. Split horizon is used on PE devices to prevent loops. 

B. Spanning tree is extended from CE to CE. 

C. IP is used to switch Ethernet frames between sites. 

D. PE routers dynamically associate to peers. 

E. VPLS extends a Layer 2 broadcast domain. 

Answer: A,E 


Q368. Which option is a correct match criterion for policy-based routing? 

A. length 

B. interface type 

C. interface 

D. cost 

Answer: A 


Q369. Which command enables L2 QoS support in all VLANs (including the native VLAN)? 

A. switchport priority extend cos 

B. mls qos trust dscp 

C. mls qos rewrite ip dscp 

D. switchport trunk native vlan tag 

Answer: D 

Explanation: 

You can enter the switchport trunk native vlan tag command to enable the tagging of native VLAN traffic on a per-port basis. When tagging is enabled, all the packets on the native VLAN are tagged and all incoming untagged data packets are dropped, but untagged control packets are accepted. When tagging is enabled, it will allow for L2 QoS support in all VLANs, including the native VLAN. 


Q370. Which two features are supported when Cisco HDLC is implemented? (Choose two.) 

A. error recovery 

B. error detection 

C. asynchronous links 

D. multiple protocols 

Answer: B,D 

Explanation: 

HDLC’s frame check sequence (FCS) is a 16-bit CRC-CCITT or a 32-bit CRC-32 computed over the Address, Control, and Information fields. It provides a means by which the receiver can detect errors that may have been induced during the transmission of the frame, such as lost bits, flipped bits, and extraneous bits. Cisco’s HDLC contains a proprietary field that is used to support multiple protocols. 

Reference: http://en.wikipedia.org/wiki/High-Level_Data_Link_Control