Cause all that matters here is passing the Cisco 400-101 exam. Cause all that you need is a high score of 400-101 CCIE Routing and Switching (v5.0) exam. The only one thing you need to do is downloading Pass4sure 400-101 exam study guides now. We will not let you down with our money-back guarantee.

2021 Nov 400-101 cisco ccie written:

Q251. Refer to the exhibit. 

If a Layer 3 switch running OSPF in a VRF-lite configuration reports this error, which action can you take to correct the problem? 

A. Set mls cef maximum-routes in the global configuration. 

B. Add the vrf-lite capability to the OSPF configuration. 

C. Upgrade the Layer 3 switch to a model that can support more routes. 

D. Configure the control plane with a larger memory allocation to support the Cisco Express Forwarding Information Base. 

Answer:


Q252. DRAG DROP 

Drag and drop the StackWise stack master election rule on the left into the correct priority order on the right. 

Answer: 


Q253. Which three statements are functions that are performed by IKE phase 1? (Choose three.) 

A. It builds a secure tunnel to negotiate IKE phase 1 parameters. 

B. It establishes IPsec security associations. 

C. It authenticates the identities of the IPsec peers. 

D. It protects the IKE exchange by negotiating a matching IKE SA policy. 

E. It protects the identities of IPsec peers. 

F. It negotiates IPsec SA parameters. 

Answer: C,D,E 

Explanation: 

The basic purpose of IKE phase 1 is to authenticate the IPSec peers and to set up a secure channel between the peers to enable IKE exchanges. IKE phase 1 performs the following functions: 

. Authenticates and protects the identities of the IPSec peers 

. Negotiates a matching IKE SA policy between peers to protect the IKE exchange 

. Performs an authenticated Diffie-Hellman exchange with the end result of having matching shared secret keys 

. Sets up a secure tunnel to negotiate IKE phase 2 parameters 

Reference: http://www.ciscopress.com/articles/article.asp?p=25474&seqNum=7


Q254. Which two statements about PIM-DM are true? (Choose two.) 

A. It forwards multicast packets on a source tree. 

B. It requires an RP. 

C. It forwards multicast packets on a shared distribution tree. 

D. It floods multicast packets to neighbors that have requested the data. 

E. It floods multicast packets throughout the network. 

F. It forwards multicast packets to neighbors that have requested the data. 

Answer: A,E 


Q255. What are three benefits of deploying NAT with ALG? (Choose three.) 

A. the use of dynamic ephemeral ports through a firewall 

B. the synchronization of translations between multiple streams of data 

C. the use of deep packet inspection 

D. the use of static ephemeral ports through a firewall 

E. the conversion of session layer addresses from the application payload to outside global addresses 

F. NAT traversal to support asymmetric data sessions 

Answer: A,B,C 


Up to date cisco 400-101:

Q256. Refer to the exhibit. 

Which BGP feature allows R1 to instruct R2 which prefixes it is allowed to advertise to R1? 

A. route refresh 

B. Prefix-Based Outbound Route Filtering 

C. distribute lists 

D. prefix lists 

Answer:


Q257. Which problem can result when private AS numbers are included in advertisements that are sent to the global Internet BGP table? 

A. The prefixes sent with private AS numbers are always discarded on the Internet. 

B. The prefixes sent with private AS numbers are always tagged as invalid on the Internet. 

C. The prefixes sent with private AS numbers lack uniqueness, which can lead to a loss of connectivity. 

D. The prefixes sent with private AS numbers are sometimes tagged as invalid on the Internet. 

Answer:

Explanation: 

Private AS numbers are not meant to be used for global Internet BGP routing, as they are assigned locally and can be used by any organization. They are meant to enable BGP within a enterprise or VPN, but since these numbers can be used by any organization they are not unique and could cause connectivity loss if leaked to the Internet. 


Q258. What is the purpose of Route Target Constraint? 

A. to avoid using route reflectors in MPLS VPN networks 

B. to avoid using multiple route distinguishers per VPN in MPLS VPN networks 

C. to be able to implement VPLS with BGP signaling 

D. to avoid sending unnecessary BGP VPNv4 or VPNv6 updates to the PE router 

E. to avoid BGP having to perform route refreshes 

Answer:

Explanation: 

Some service providers have a very large number of routing updates being sent from RRs to PEs, using considerable resources. A PE does not need routing updates for VRFs that are not on the PE; therefore, the PE determines that many routing updates it receives are “unwanted.” The PE can filter out the unwanted updates using Route Target Constraint. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/iproute_bgp/configuration/guide/2_xe/irg_x e_book/irg_rt_filter_xe.html. 


Q259. Refer to the exhibit. 

R1 is able to reach only some of the subnets that R2 is advertising. Which two configuration changes can you make to ensure that R1 can reach all routes from R2? (Choose two.) 

A. Add an additional permit statement to the LOOPBACKS route map. 

B. Modify the LOOPBACKS access list to include all loopback subnets. 

C. Add an additional statement in the LOOPBACKS route map to match both Level 1 and Level 2 circuits. 

D. Add an additional statement in the LOOPBACKS route map to match the R1 CLNS address. 

E. Configure the interfaces between R1 and R2 with a Level 1 IS-IS circuit. 

F. Configure the interfaces between R1 and R2 with a Level 2 IS-IS circuit. 

Answer: A,B 

Explanation: 

In this example, the access list is using a 0.0.3.255 wildcard mask, so only the loopback IP’s of 172.16.0.0 – 172.16.3.255 will be included. We need to add another statement to allow loopback 4 to be advertised, or modify the wildcard mask to include them all. 


Q260. For which kind of MPLS deployment is the next-hop-self all keyword used on a BGP neighbor command? 

A. 6VPE 

B. MPLS Carrier's carrier 

C. inter-AS MPLS VPN option D 

D. inter-AS MPLS VPN option C 

E. Unified MPLS 

Answer:

Explanation: 

Since the core and aggregation parts of the network are integrated and end-to-end LSPs are provided, the Unified MPLS solution is also referred to as "Seamless MPLS." New technologies or protocols are not used here, only MPLS, Label Distribution Protocol (LDP), IGP, and BGP. Since you do not want to distribute the loopback prefixes of the PE routers from one part of the network into another part, you need to carry the prefixes in BGP. The Internal Border Gateway Protocol (iBGP) is used in one network, so the next hop address of the prefixes is the loopback prefixes of the PE routers, which is not known by the IGP in the other parts of the network. This means that the next hop address cannot be used to recurse to an IGP prefix. The trick is to make the ABR routers Route Reflectors (RR) and set the next hop to self, even for the reflected iBGP prefixes. In order for this to work, a new knob is needed. Only the RRs need newer software to support this architecture. Since the RRs advertise the BGP prefixes with the next hop set to themselves, they assign a local MPLS label to the BGP prefixes. This means that in the data plane, the packets forwarded on these end-to-end LSPs have an extra MPLS label in the label stack. The RRs are in the forwarding path. There are two possible scenarios: 

. The ABR does not set the next hop to self for the prefixes advertised (reflected by BGP) by the ABR into the aggregation part of the network. Because of this, the ABR needs to redistribute the loopback prefixes of the ABRs from the core IGP into the aggregation IGP. If this is done, there is still scalability. Only the ABR loopback prefixes (from the core) need to be advertised into the aggregation part, not the loopback prefixes from the PE routers from the remote aggregation parts. 

. The ABR sets the next hop to self for the prefixes advertised (reflected by BGP) by the ABR into the aggregation part. Because of this, the ABR does not need to redistribute the loopback prefixes of the ABRs from the core IGP into the aggregation IGP. 

In both scenarios, the ABR sets the next hop to self for the prefixes advertised (reflected by BGP) by the ABR from the aggregation part of the network into the core part. If this is not done, the ABR needs to redistribute the loopback prefixes of the PEs from the aggregation IGP into the core IGP. If this is done, there is no scalability. In order to set the next hop to self for reflected iBGP routes, you must configure the neighbor x.x.x.x next-hop-self all command. 

Reference: http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/116127-configure-technology-00.html