It is more faster and easier to pass the Cisco 400-101 exam by using Simulation Cisco CCIE Routing and Switching (v5.0) questuins and answers. Immediate access to the Refresh 400-101 Exam and find the same core area 400-101 questions with professionally verified answers, then PASS your exam with a high score now.

2021 Mar 400-101 practice test

Q111. For which three routing protocols can Cisco PfR provide direct route control? (Choose three.) 

A. OSPF 

B. IS-IS 

C. BGP 

D. EIGRP 

E. static routing 

F. ODR 

Answer: C,D,E 

Explanation: 

Q. Can you elaborate more on the Parent Route and why it's so important to PfR? 

A. Yes. For any route that PfR modifies or controls (BGP, Static, PIRO, EIGRP, PBR), having a Parent prefix in the routing table eliminates the possibility of a routing loop occurring. This is naturally a good thing to prevent in routed networks. 

Reference: http://docwiki.cisco.com/wiki/Performance_Routing_FAQs#Route_Control 


Q112. Which two statements about the function of the stub feature in EIGRP are true? (Choose two.) 

A. It stops the stub router from sending queries to peers. 

B. It stops the hub router from sending queries to the stub router. 

C. It stops the stub router from propagating dynamically learned EIGRP prefixes to the hub routers. 

D. It stops the hub router from propagating dynamically learned EIGRP prefixes to the stub routers. 

Answer: B,C 

Explanation: 

When using the EIGRP Stub Routing feature, you need to configure the distribution and remote routers to use EIGRP, and to configure only the remote router as a stub. Only specified routes are propagated from the remote (stub) router. The router responds to queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message "inaccessible." A router that is configured as a stub will send a special peer information packet to all neighboring routers to report its status as a stub router. Without the stub feature, even after the routes that are sent from the distribution router to the remote router have been filtered or summarized, a problem might occur. If a route is lost somewhere in the corporate network, EIGRP could send a query to the distribution router, which in turn will send a query to the remote router even if routes are being summarized. If there is a problem communicating over the WAN link between the distribution router and the remote router, an EIGRP stuck in active (SIA) condition could occur and cause instability elsewhere in the network. The EIGRP Stub Routing feature allows a network administrator to prevent queries from being sent to the remote router. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/eigrpstb.html 


Q113. Which two discovery mechanism does LDP support? (Choose two.) 

A. strict 

B. extended 

C. loose 

D. targeted 

E. basic 

Answer: B,E 


Q114. Which option is the Cisco recommended method to secure access to the console port? 

A. Configure the activation-character command. 

B. Configure a very short timeout (less than 100 milliseconds) for the port. 

C. Set the privilege level to a value less than 15.

D. Configure an ACL. 

Answer:

Explanation: 

The activation-character command defines a session activation character. Entering this character at a vacant terminal begins a terminal session. The default activation character is the Return key 

To secure the console port, you should change this character to a different one as most people simply hit the enter key when trying to access the console. 


Q115. Refer to the exhibit. 

Which statement about configuring the switch to manage traffic is true? 

A. The switchport priority extend cos command on interface FastEthernet0/0 prevents traffic to and from the PC from taking advantage of the high-priority data queue that is assigned to the IP phone. 

B. The switchport priority extend cos command on interface FastEthernet0/0 enables traffic to and from the PC to use the high priority data queue that is assigned to the IP phone. 

C. When the switch is configured to trust the CoS label of incoming traffic, the trusted boundary feature is disabled automatically. 

D. The mls qos cos override command on interface FastEthernet0/0 configures the port to trust the CoS label of traffic to and from the PC. 

Answer:

Explanation: 

In some situations, you can prevent a PC connected to the Cisco IP Phone from taking advantage of a high-priority data queue. You can use the switchport priority extend cos interface configuration command to configure the telephone through the switch CLI to override the priority of the traffic received from the PC. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_22_ea2/configuration/guide/2950scg/swqos.html 


Most up-to-date 400-101 dumps:

Q116. Which statement about UDLD is true? 

A. The udld reset command resets ports that have been error-disabled by both UDLD and Fast UDLD. 

B. Fast UDLD is configured in aggressive mode. 

C. Only bidirectional link failures can be detected in normal mode. 

D. Each switch in a UDLD topology can send and receive packets to and from its neighbors. 

Answer:


Q117. Which option is true about output policing for the control plane? 

A. It improves router performance by limiting traffic sent to the control plane. 

B. It improves router performance by limiting traffic sent from the control plane. 

C. It improves router performance by limiting traffic sent to and from the control plane. 

D. It controls traffic originated from the router. 

Answer:


Q118. By default, how does a GET VPN group member router handle traffic when it is unable to register to a key server? 

A. All traffic is queued until registration is successful or the queue is full. 

B. All traffic is forwarded through the router unencrypted. 

C. All traffic is forwarded through the router encrypted. 

D. All traffic through the router is dropped. 

Answer:

Explanation: 

In the basic GETVPN configuration, the traffic passing through group members will be sent in clear until it registers with the Key Server. This is because the crypto ACL is configured on the KS and GM will get that information only after the registration is successful. This means for a short period of time the traffic can go out unencrypted after a GM is booted up or the existing GETVPN session is cleared manually. This mode is called “fail open” and it is the default behavior. This behavior can be turned off by configuring “Fail Close” mode on the GMs. 

Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/deployment_guide_c07_554713.html 


Q119. In the DiffServ model, which class represents the highest priority with the highest drop probability? 

A. AF11 

B. AF13 

C. AF41 

D. AF43 

Answer:

Explanation: 

AF43 — Assured forwarding, high drop probability, Class 4 DSCP, and Flash-override precedence. 

Table of AF Classes and Drop Priority 

Drop Precedence 

Class 1 

Class 2 

Class 3 

Class 4 

Low drop 

AF11 

DSCP 10 

001010 

AF21 

DSCP 18 

010010 

AF31 

DSCP 26 

011010 

AF41 

DSCP 34 

100010 

Medium drop 

AF12 

DSCP 12 

001100 

AF22 

DSCP 20 

010100 

AF32 

DSCP 28 

011100 

AF42 

DSCP 36 

100100 

High drop 

AF13 

DSCP 14 

001110 

AF23 

DSCP 22 

010110 

AF33 

DSCP 30 

011110 

AF43 

DSCP 38 

100110 

Reference: 

https://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=56 


Q120. Which two statements about the ipv6 ospf authentication command are true? (Choose two.) 

A. The command is required if you implement the IPsec AH header. 

B. The command configures an SPI. 

C. The command is required if you implement the IPsec TLV. 

D. The command can be used in conjunction with the SPI authentication algorithm. 

E. The command must be configured under the OSPFv3 process. 

Answer: A,B 

Explanation: 

OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP extension headers can be used to provide authentication and confidentiality to OSPFv3. To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be applied alone or in combination with the AH, and when ESP is used, both encryption and authentication are provided. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html