The 400-101 exam is the first as well as necessary action to get your Cisco Cisco certification. The 400-101 genuine exam tests a candidate?¡¥s ability and skills in genuine implementation. You can acquire the Cisco 400-101 on the web course in order to prepare your Cisco exam. You can also take a quiz before buy your Cisco Cisco products. Nonetheless, its hard for you in order to choose any proper Cisco 400-101 training materials as a result of the numerous varieties of Cisco Cisco exam questions and answers in the market. We are proud from the passing ratio. Its each of our honor and duty in order to offer a person the best support. Customer support is on the web at anytime, please speak to us and express your current questions or advice and suggestions. Your satisfaction is each of our perpetual objective.

2021 Mar 400-101 answers

Q231. Refer to the exhibit. 

For which reason could a BGP-speaking device in autonomous system 65534 be prevented from installing the given route in its BGP table? 

A. The AS number of the BGP is specified in the given AS_PATH. 

B. The origin of the given route is unknown. 

C. BGP is designed only for publicly routed addresses. 

D. The AS_PATH for the specified prefix exceeds the maximum number of ASs allowed. 

E. BGP does not allow the AS number 65535. 

Answer:

Explanation: 

BGP is considered to be a 'Path Vector' routing protocol rather than a distance vector routing protocol since it utilises a list of AS numbers to describe the path that a packet should take. This list is called the AS_PATH. Loops are prevented because if a BGP speaking router sees it's own AS in the AS_PATH of a route it rejects the route. 


Q232. Which two statements about 6VPE are true? (Choose two.) 

A. It allows a service provider to use an existing MPLS network to provide VPN services to IPv6 customers. 

B. It uses MP-BGP as the carrier protocol to transport IPv6 connectivity. 

C. It provides IPv6 connectivity to MPLS-VPN customers when IPv6 overlay tunneling is also configured. 

D. It allows a service provider to use an existing MPLS network to provide global addressing to their IPv6 customers. 

E. It requires the configuration of a GRE tunnel tagged with a VLAN ID. 

F. It allows a service provider to use an existing L2TPv3 network to provide VPN services to IPv6 customers. 

Answer: A,B 

Explanation: 

The IPv6 MPLS VPN service model is similar to that of IPv4 MPLS VPNs. Service providers who have already deployed MPLS IPv4 VPN services over an IPv4 backbone can deploy IPv6 MPLS VPN services over the same IPv4 backbone by upgrading the PE router IOS version and dual-stack configuration, without any change on the core routers. IPv4 services can be provided in parallel with IPv6 services. IPv6 VPN service is exactly the same as MPLS VPN for IPv4. 6VPE offers the same architectural features as MPLS VPN for IPv4. It offers IPv6 VPN and uses the same components, such as: . 

Multiprotocol BGP (MP-BGP) VPN address family . 

Route distinguishers . 

VPN Routing and Forwarding (VRF) instances . 

Site of Origin (SOO) . 

Extended community . 

MP-BGP 

Reference: http://www.cisco.com/c/en/us/td/docs/net_mgmt/ip_solution_center/5-2/mpls_vpn/user/guide/mpls52book/ipv6.html 


Q233. Which component of the BGP ORF can you use to permit and deny routing updates? 

A. match 

B. action 

C. AFI 

D. SAFI 

E. ORF type 

Answer:


Q234. Which type of port would have root guard enabled on it? 

A. A root port 

B. An alternate port 

C. A blocked port 

D. A designated port 

Answer:

Explanation: 

The root guard feature provides a way to enforce the root bridge placement in the network. The root guard ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge. 

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10588-74.html 


Q235. How does MSTP provide backward compatibility with RSTP? 

A. It uses the hop count variable as a TTL counter. 

B. It transmits all spanning-tree information in one BPDU. 

C. It supports up to 128 MSTI messages. 

D. It encodes the MSTP-specific region information before the legacy RSTP BPDU. 

Answer:


Avant-garde 400-101 exam question:

Q236. Refer to the exhibit. 

A PE router is configured with a policy map that contains the policer shown. The policy map is configured in the inbound direction of an interface facing a CE router. If the PE router 

receives 12Mb/s of traffic with the CoS value set to 7 on a 100-Mb/s interface from the CE router, what value of MPLS EXP is set when this traffic goes through the policer shown? 

A. 0 

B. 6 

C. 7 

D. 8 

Answer:

Explanation: 

Here, the policer is set where the conforming traffic is set to 10 percent of the 100 Mbps interface, so anything more than 10 Mbps will be placed into the exceeding traffic class, the traffic EXP value will be changed from 7 to 6 per the configuration. 


Q237. Which option is the most effective action to avoid packet loss due to microbursts? 

A. Implement larger buffers. 

B. Install a faster CPU. 

C. Install a faster network interface. 

D. Configure a larger tx-ring size. 

Answer:

Explanation: 

You can't avoid or prevent them as such without modifying the sending host's application/network stack so it smoothes out the bursts. However, you can manage 

microbursts by tuning the size of receive buffers / rings to absorb occasional microbursts. 


Q238. Refer to the exhibit. 

Which two commands are required on R3 in order for MPLS to function? (Choose two.) 

A. mpls ip 

B. ip cef 

C. mpls label protocol tdp 

D. mpls ip propagate-ttl 

Answer: A,B 


Q239. What is the most secure way to store ISAKMP/IPSec preshared keys in Cisco IOS? 

A. Use the service password-encryption command. 

B. Encrypt the ISAKMP preshared key in secure type 5 format. 

C. Encrypt the ISAKMP preshared key in secure type 7 format. 

D. Encrypt the ISAKMP preshared key in secure type 6 format. 

Answer:

Explanation: 

Using the Encrypted Preshared Key feature, you can securely store plain text passwords in type 6 format in NVRAM using a command-line interface (CLI). Type 6 passwords are encrypted. Although the encrypted passwords can be seen or retrieved, it is difficult to decrypt them to find out the actual password. This is currently the most secure way to store keys. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ikevpn/configuration/xe-3s/asr1000/sec-ike-for-ipsec-vpns-xe-3s-asr1000-book/sec-encrypt-preshare.html 


Q240. Which OSPF feature supports LSA rate limiting in milliseconds to provide faster convergence? 

A. LSA throttling 

B. incremental SPF 

C. fast hello 

D. SPF tuning 

Answer:

Explanation: 

The OSPF Link-State Advertisement (LSA) Throttling feature provides a dynamic mechanism to slow down link-state advertisement (LSA) updates in OSPF during times of network instability. It also allows faster Open Shortest Path First (OSPF) convergence by providing LSA rate limiting in milliseconds. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fsolsath.html