Take advantage of Examcollection 400-101 test out inquiries to accessibility the item Top quality. You do not resist purchasing the 400-101 Review Problems or 400-101 seeing that it?¡¥s the supreme on line 400-101 Research Fabric. A huge number of an online success 400-101 applicants have got handed their very own genuine 400-101 Review, and thus do you want! Examcollection 400-101 Teaching retains that it is unique as you become greater than precisely the visitor working experience, instead while in the worldwide arena you should have possibility to put it to use many ways.

2021 Dec ccie written exam:

Q571. Which option describes the purpose of the PPP endpoint discriminator? 

A. It identifies the maximum payload packet. 

B. It notifies the peer that it prefers 12-bit sequence numbers. 

C. It identifies the system attached to the link. 

D. It determines whether a loopback is on the link. 

Answer:

Explanation: 

In situations in which many clients use the same username to initiate an MP connection, or when interoperating with non-Cisco routers, you need to control the order in which the bundle name is created. It is necessary to configure the access server to create a bundle name based on the endpoint discriminator first, the username second, or both. The endpoint discriminator identifies the system transmitting the packet and advises the network access server (NAS) that the peer on this link could be the same as the peer on another existing link. Because every client has a unique endpoint discriminator, only multiple links from the same client are bundled into a single unique MP connection. For example, consider when two PC clients initiate a multilink connection to an access server using the same username. If the multilink bundle name is established based on the endpoint discriminator first, then on the username or on both, the NAS can accurately bundle the links from each client using the endpoint discriminator as a bundle name. This bundle name is unique to the peer system transmitting the packet. 

Reference: http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/10238-mppp-bundle-name.html 


Q572. DRAG DROP 

Drag and drop the IS-IS component on the left to the function that it performs on the right. 

Answer: 


Q573. Which two packet types does an RTP session consist of? (Choose two.) 

A. TCP 

B. RTCP 

C. RTP 

D. ICMP 

E. BOOTP 

F. ARP 

Answer: B,C 

Explanation: 

An RTP session is established for each multimedia stream. A session consists of an IP address with a pair of ports for RTP and RTCP. For example, audio and video streams use separate RTP sessions, enabling a receiver to deselect a particular stream. The ports which form a session are negotiated using other protocols such as RTSP (using SDP in the setup method) and SIP. According to the specification, an RTP port should be even and the RTCP port is the next higher odd port number. 

Reference: http://en.wikipedia.org/wiki/Real-time_Transport_Protocol 


Q574. Which BGP feature allows a router to maintain its current BGP configuration while it advertises a different AS number to new connections? 

A. local-AS 

B. next-hop-self 

C. allow-AS in 

D. soft reset 

Answer:

Explanation: 

The local-AS feature allows a router to appear to be a member of a second autonomous system (AS), in addition to its real AS. This feature can only be used for true eBGP peers. The local-AS feature is useful if ISP-A purchases ISP-B, but ISP-B's customers do not want to modify any peering arrangements or configurations. The local-AS feature allows routers in ISP-B to become members of ISP-A's AS. At the same time, these routers appear to their customers to retain their ISP-B AS number. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13761-39.html 


Q575. What is a key advantage of Cisco GET VPN over DMVPN? 

A. Cisco GET VPN provides zero-touch deployment of IPSEC VPNs. 

B. Cisco GET VPN supports certificate authentication for tunnel establishment. 

C. Cisco GET VPN has a better anti-replay mechanism. 

D. Cisco GET VPN does not require a secondary overlay routing infrastructure. 

Answer:

Explanation: 

DMVPN requires overlaying a secondary routing infrastructure through the tunnels, which results in suboptimal routing while the dynamic tunnels are built. The overlay routing topology also reduces the inherent scalability of the underlying IP VPN network topology. Traditional point-to-point IPsec tunneling solutions suffer from multicast replication issues because multicast replication must be performed before tunnel encapsulation and encryption at the IPsec CE (customer edge) router closest to the multicast source. Multicast replication cannot be performed in the provider network because encapsulated multicasts appear to the core network as unicast data. Cisco’s Group Encrypted Transport VPN (GET VPN) introduces the concept of a trusted group to eliminate point-to-point tunnels and their associated overlay routing. All group members (GMs) share a common security association (SA), also known as a group SA. This enables GMs to decrypt traffic that was encrypted by any other GM. (Note that IPsec CE acts as a GM.) In GET VPN networks, there is no need to negotiate point-to- point IPsec tunnels between the members of a group, because GET VPN is “tunnel-less.” 

Reference: Group Encrypted Transport VPN (Get VPN) Design and Implementation Guide PDF 


Far out ccie pdf download:

Q576. Which attribute is not part of the BGP extended community when a PE creates a VPN-IPv4 route while running OSPF between PE-CE? 

A. OSPF domain identifier 

B. OSPF route type 

C. OSPF router ID 

D. MED 

E. OSPF network type 

Answer:

Explanation: 

By process of elimination, from RFC 4577: 

For every address prefix that was installed in the VRF by one of its associated OSPF instances, the PE must create a VPN-IPv4 route in BGP. Each such route will have some of the following Extended Communities attributes: 

– The OSPF Domain Identifier Extended Communities attribute. If the OSPF instance that installed the route has a non-NULL primary Domain Identifier, this MUST be present; if that OSPF instance has only a NULL Domain Identifier, it MAY be omitted. 

– OSPF Route Type Extended Communities Attribute. This attribute MUST be present. It is encoded with a two-byte type field, and its type is 0306. 

– OSPF Router ID Extended Communities Attribute. This OPTIONAL attribute specifies the OSPF Router ID of the system that is identified in the BGP Next Hop attribute. More precisely, it specifies the OSPF Router Id of the PE in the OSPF instance that installed the route into the VRF from which this route was exported. 

– MED (Multi_EXIT_DISC attribute). By default, this SHOULD be set to the value of the OSPF distance associated with the route, plus 1. 

Reference: https://tools.ietf.org/html/rfc4577 


Q577. When you migrate a network from PVST+ to rapid-PVST+, which two features become inactive? (Choose two.) 

A. Root guard 

B. Loop guard 

C. UplinkFast 

D. UDLD 

E. BackboneFast 

F. Bridge Assurance 

Answer: C,E 

Explanation: 

It is good to know the UplinkFast and BackboneFast behavior before you start the migration process. 

Here, the Access1 switch runs Cisco IOS. This output is taken before migration to the rapid-PVST+ mode: 

Access1#show spanning-tree vlan 10 

VLAN0010 

Spanning tree enabled protocol ieee 

Root ID Priority 24586 

Address 0015.63f6.b700 

Cost 3019 

Port 107 (FastEthernet3/0/1) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 49162 (priority 49152 sys-id-ext 10) 

Address 000f.f794.3d00 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 300 

Uplinkfast enabled 

Interface Role Sts Cost Prio.Nbr Type 

Fa3/0/1 Root FWD 3019 128.107 P2p 

Fa3/0/2 Altn BLK 3019 128.108 P2p 

Access1#show spanning-tree summary 

Switch is in pvst mode 

Root bridge for: none 

Extended system ID is enabled 

Portfast Default is disabled 

PortFast BPDU Guard Default is enabled 

Portfast BPDU Filter Default is disabled 

Loopguard Default is disabled 

EtherChannel misconfig guard is enabled 

UplinkFast is enabled 

BackboneFast is enabled 

Configured Pathcost method used is short 

Name Blocking Listening Learning Forwarding STP Active 

VLAN0010 1 0 0 1 2 

VLAN0020 1 0 0 1 2 

2 vlans 2 0 0 2 4 

This output is taken after the mode is changed to rapid-PVST+: 

Access1#show spanning-tree vlan 10 

VLAN0010 

Spanning tree enabled protocol rstp 

Root ID Priority 24586 

Address 0015.63f6.b700 

Cost 3019 

Port 107 (FastEthernet3/0/1) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 49162 (priority 49152 sys-id-ext 10) 

Address 000f.f794.3d00 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 300 

UplinkFast enabled but inactive in rapid-pvst mode 

Interface Role Sts Cost Prio.Nbr Type 

Fa3/0/1 Root FWD 3019 128.107 P2p 

Fa3/0/2 Altn BLK 3019 128.108 P2p 

Access1#show spanning-tree summary 

Switch is in rapid-pvst mode 

Root bridge for: none 

Extended system ID is enabled 

Portfast Default is disabled 

PortFast BPDU Guard Default is enabled 

Portfast BPDU Filter Default is disabled 

Loopguard Default is disabled 

EtherChannel misconfig guard is enabled 

UplinkFast is enabled but inactive in rapid-pvst mode 

BackboneFast is enabled but inactive in rapid-pvst mode 

Configured Pathcost method used is short 

Name Blocking Listening Learning Forwarding STP Active 

VLAN0010 1 0 0 1 2 

VLAN0020 1 0 0 1 2 

2 vlans 2 0 0 2 4 

You can see in the show spanning-tree summary command output that UplinkFast and BackboneFast are enabled, but are inactive in rapid-PVST mode. 

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/72836-rapidpvst-mig-config.html#upback1 


Q578. Which two statements about path selection are true? (Choose two.) 

A. If there are multiple equal matches between OSPF processes, the path with the lowest OSPF PID is chosen. 

B. If the backdoor command is configured on a BGP network, the route is advertised with an AD of 20. 

C. If an OSPF E2 route has an AS of 90, that path is preferred over an OSPF IA route with an AD of 110. 

D. If there are multiple equal matches between the same protocols on an EIGRP network, the preferred path will be EIGRP with the highest AS. 

E. If IS-IS has multiple routes with the same prefix-length, it will prefer Level 1 routes over Level 2 routes. 

Answer: A,E 


Q579. In which 802.1D port state are the root bridge, the root port, and the designated port(s) elected? 

A. Listening 

B. learning 

C. forwarding 

D. blocking 

E. disabled 

Answer:

Explanation: 

STP switch port states: 

. Blocking – A port that would cause a switching loop if it were active. No user data is sent or received over a blocking port, but it may go into forwarding mode if the other links in use fail and the spanning tree algorithm determines the port may transition to the forwarding state. BPDU data is still received in blocking state. Prevents the use of looped paths. 

. Listening – The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state. It does not populate the MAC address table and it does not forward frames. In this state the root bridge, the root port, and the designated port(s) are elected. 

. Learning – While the port does not yet forward frames it does learn source addresses from frames received and adds them to the filtering database (switching database). It populates the MAC Address table, but does not forward frames. 

. Forwarding – A port receiving and sending data, normal operation. STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop. 

. Disabled – Not strictly part of STP, a network administrator can manually disable a port. 

Reference: http://en.wikipedia.org/wiki/Spanning_Tree_Protocol 


Q580. Refer to the exhibit. 

While configuring AAA with a local database, users can log in via Telnet, but receive the message "error in authentication" when they try to go into enable mode. Which action can solve this problem? 

A. Configure authorization to allow the enable command. 

B. Use aaa authentication login default enable to allow authentication when using the enable command. 

C. Verify whether an enable password has been configured. 

D. Use aaa authentication enable default enable to allow authentication when using the enable command. 

Answer:

Explanation: 

If a different enable password is configured, it will override the privilege level 15 of that user and force the existing password to be used for enable access.