For the little while simply, purchase the full range of Cisco 400-101 examination investigation components, in addition to spend less 10% on your purchase. Reinvest that money inside you wining dance, when you finally become the following Cisco recognition out of passing a persons 400-101 examination. Even though you might are familiar with other 400-101 investigation components, simply Examcollection will give you a new 400-101 investigation components which could enable you to promptly grasp the working experience you have got to efficiently roll-out your job inside the The idea industry.

2021 Oct latest ccie r&s dumps:

Q61. Which two are features of DMVPN? (Choose two.) 

A. It does not support spoke routers behind dynamic NAT. 

B. It requires IPsec encryption. 

C. It only supports remote peers with statically assigned addresses. 

D. It supports multicast traffic. 

E. It offers configuration reduction. 

Answer: D,E 

Explanation: 

DMVPN Hub-and-spoke deployment model: In this traditional topology, remote sites (spokes) are aggregated into a headend VPN device at the corporate headquarters (hub). Traffic from any remote site to other remote sites would need to pass through the headend device. Cisco DMVPN supports dynamic routing, QoS, and IP Multicast while significantly reducing the configuration effort. 

Reference: http://www.cisco.com/c/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/data_sheet_c78-468520.html 


Q62. Which two statements about the C-bit and PW type are true? (Choose two.) 

A. The C-bit is 1 byte and the PW type is 15 bytes. 

B. The PW type indicates the type of pseudowire. 

C. The C-bit is 3 bits and the PW type is 10 bits. 

D. The C-bit set to 1 indicates a control word is present. 

E. The PW type indicates the encryption type. 

Answer: B,D 

Explanation: 

The control word carries generic and Layer 2 payload-specific information. If the C-bit is set to 1, the advertising PE expects the control word to be present in every pseudowire packet on the pseudowire that is being signaled. If the C-bit is set to 0, no control word is expected to be present. Pseudowire Type—PW Type is a 15-bit field that represents the type of pseudowire. 

Reference: http://www.ciscopress.com/articles/article.asp?p=386788&seqNum=2 


Q63. Which two statements about the BGP community attribute are true? (Choose two.) 

A. Routers send the community attribute to all BGP neighbors automatically. 

B. A router can change a received community attribute before advertising it to peers. 

C. It is a well-known, discretionary BGP attribute. 

D. It is an optional transitive BGP attribute. 

E. A prefix can support only one community attribute. 

Answer: B,D 

Explanation: 

A community is a group of prefixes that share some common property and can be configured with the BGP community attribute. The BGP Community attribute is an optional transitive attribute of variable length. The attribute consists of a set of four octet values that specify a community. The community attribute values are encoded with an Autonomous System (AS) number in the first two octets, with the remaining two octets defined by the AS. A prefix can have more than one community attribute. A BGP speaker that sees multiple community attributes in a prefix can act based on one, some or all the attributes. A router has the option to add or modify a community attribute before the router passes the attribute on to other peers. 

Reference: 

http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/28784-bgp-community.html 


Q64. Refer to the exhibit. 


If you change the Spanning Tree Protocol from pvst to rapid-pvst, what is the effect on the interface Fa0/1 port state? 

A. It transitions to the listening state, and then the forwarding state. 

B. It transitions to the learning state and then the forwarding state. 

C. It transitions to the blocking state, then the learning state, and then the forwarding state. 

D. It transitions to the blocking state and then the forwarding state. 

Answer: C 

Explanation: 

First, the port will transition to the blocking state, immediately upon the change, then it will transition to the new RSTP states of learning and forwarding. 

Port States 

There are only three port states left in RSTP that correspond to the three possible operational states. The 802.1D disabled, blocking, and listening states are merged into a unique 802.1w discarding state. 

STP (802.1D) Port State 

RSTP (802.1w) Port State 

Is Port Included in Active Topology? 

Is Port Learning MAC Addresses? 

Disabled 

Discarding 

No 

No 

Blocking 

Discarding 

No 

No 

Listening 

Discarding 

Yes 

No 

Learning 

Learning 

Yes 

Yes 

Forwarding 

Forwarding 

Yes 

Yes 


Q65. Under Cisco IOS Software, which two features are supported in RADIUS Change of Authorization requests? (Choose two.) 

A. session identification 

B. session reauthentication 

C. session termination 

D. host termination 

Answer: A,C 

Explanation: 

CoA requests, as described in RFC 5176, are used in a pushed model to allow for session identification, host reauthentication, and session termination. The model comprises one request (CoA-Request) and two possible response codes. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html 


Up to date 400-101 ccie written exam price:

Q66. Refer to the exhibit. 


Which two options are possible states for the interface configured with the given OSPFv3 

authentication? (Choose two.) 

A. GOING UP 

B. DOWN 

C. UNCONFIGURED 

D. GOING DOWN 

Answer: A,B 

Explanation: 

To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you. The secure socket API is used by applications to secure traffic. The API needs to allow the application to open, listen, and close secure sockets. The binding between the application and the secure socket layer also allows the secure socket layer to inform the application of changes to the socket, such as connection open and close events. The secure socket API is able to identify the socket; that is, it can identify the local and remote addresses, masks, ports, and protocol that carry the traffic requiring security. Each interface has a secure socket state, which can be one of the following: 

. NULL: Do not create a secure socket for the interface if authentication is configured for the area. 

. DOWN: IPsec has been configured for the interface (or the area that contains the interface), but OSPFv3 either has not requested IPsec to create a secure socket for this interface, or there is an error condition. 

. GOING UP: OSPFv3 has requested a secure socket from IPsec and is waiting for a CRYPTO_SS_SOCKET_UP message from IPsec. 

. UP: OSPFv3 has received a CRYPTO_SS_SOCKET_UP message from IPsec. 

. CLOSING: The secure socket for the interface has been closed. A new socket may be opened for the interface, in which case the current secure socket makes the transition to the DOWN state. Otherwise, the interface will become UNCONFIGURED. 

. UNCONFIGURED. Authentication is not configured on the interface. 

OSPFv3 will not send or accept packets while in the DOWN state. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html 


Q67. Which three options are three benefits of an MPLS VPN? (Choose three.) 

A. It allows IP address space overlap by maintaining customer routes in a private routing table. 

B. It offers additional security by preventing intrusions directly into the customer routing table. 

C. It offers a transparent virtual network in which all customer sites appear on one LAN. 

D. It offers additional security by allowing only dynamic routing protocols between CE and PE routers. 

E. It allows IP address space overlap by maintaining customer routes in the global routing table with unique BGP communities. 

F. Providers can send only a default route for Internet access into the customer VPN. 

Answer: A,B,C 


Q68. Refer to the exhibit. 


Which statement about the device routing table is true? 

A. Only networks 10.10.10.0/24 and smaller from host 192.168.168.1 are in the routing table. 

B. Only networks 10.10.10.0/24 and larger from host 192.168.168.1 are in the routing table. 

C. Only network 10.10.10.0/24 from host 192.168.168.1 is in the routing table. 

D. Networks 10.10.10.0/24 and smaller from any host are in the routing table. 

Answer: A 

Explanation: 

When you add the keywords “GE” and “LE” to the prefix-list, the “len” value changes its meaning. When using GE and LE, the len value specifies how many bits of the prefix you are checking, starting with the most significant bit. ip prefix-list LIST permit 1.2.3.0/24 le 32 

This means: Check the first 24 bits of the prefix 1.2.3.0 The subnet mask must be less than or equal to 32 

Reference: http://blog.ine.com/2007/12/26/how-do-prefix-lists-work/ 


Q69. DRAG DROP 

Drag and drop the OSPFv3 LSA type on the left to the functionality it provides on the right. 


Answer: 



Q70. How are the Cisco Express Forwarding table and the FIB related to each other? 

A. The FIB is used to populate the Cisco Express Forwarding table. 

B. The Cisco Express Forwarding table allows route lookups to be forwarded to the route processor for processing before they are 

C. There can be only one FIB but multiple Cisco Express Forwarding tables on IOS devices. 

D. Cisco Express Forwarding uses a FIB to make IP destination prefix-based switching decisions. 

Answer: D