Cause all that matters here is passing the Cisco 400-101 exam. Cause all that you need is a high score of 400-101 CCIE Routing and Switching (v5.0) exam. The only one thing you need to do is downloading Pass4sure 400-101 exam study guides now. We will not let you down with our money-back guarantee.

2021 Apr 400-101 download

Q281. Which three types of address-family configurations are supported in EIGRP named mode? (Choose three.) 

A. address-family ipv4 unicast 

B. address-family vpnv4 

C. address-family ipv6 unicast 

D. address-family ipv6 multicast 

E. address-family vpnv6 

F. address-family ipv4 multicast 

Answer: A,C,F 


Q282. DRAG DROP 

Answer: 


Q283. Which two are features of DMVPN? (Choose two.) 

A. It does not support spoke routers behind dynamic NAT. 

B. It requires IPsec encryption. 

C. It only supports remote peers with statically assigned addresses. 

D. It supports multicast traffic. 

E. It offers configuration reduction. 

Answer: D,E 

Explanation: 

DMVPN Hub-and-spoke deployment model: In this traditional topology, remote sites (spokes) are aggregated into a headend VPN device at the corporate headquarters (hub). Traffic from any remote site to other remote sites would need to pass through the headend device. Cisco DMVPN supports dynamic routing, QoS, and IP Multicast while significantly reducing the configuration effort. 

Reference: http://www.cisco.com/c/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/data_sheet_c78-468520.html 


Q284. What is the goal of Unicast Reverse Path Forwarding? 

A. to verify the reachability of the destination address in forwarded packets 

B. to help control network congestion 

C. to verify the reachability of the destination address in multicast packets 

D. to verify the reachability of the source address in forwarded packets 

Answer:

Explanation: 

Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the reachability of the source address in packets being forwarded. This capability can limit the appearance of spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. 

Reference: http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html 


Q285. Which two statements about a network running MPLS VPN with IS-IS IGP are true? (Choose two.) 

A. IS-IS traffic engineering uses wide metric TLV type 135 with an up/down bit to define a leaked route. 

B. IS-IS traffic engineering uses wide metric TLV type 128 with an internal/external bit and an up/down bit to define a leaked route. 

C. IS-IS traffic engineering uses wide metric TLV type 130 with an internal/external bit and an up/down bit to define a leaked route. 

D. If the IS-IS up/down bit is set to 1, the leaked route originated in the L1 area. 

E. The MPLS VPN IS-IS core is inherently protected against IP-based attacks. 

Answer: A,E 


Up to date 400-101 test questions:

Q286. What is a disadvantage of using aggressive mode instead of main mode for ISAKMP/IPsec establishment? 

A. It does not use Diffie-Hellman for secret exchange. 

B. It does not support dead peer detection. 

C. It does not support NAT traversal. 

D. It does not hide the identity of the peer. 

Answer:

Explanation: 

IKE phase 1's purpose is to establish a secure authenticated communication channel by using the Diffie–Hellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA). The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption.Phase 1 operates in either Main Mode or Aggressive Mode. Main Mode protects the identity of the peers; Aggressive Mode does not. 

Reference: http://en.wikipedia.org/wiki/Internet_Key_Exchange 


Q287. Which BGP aggregate address configuration advertises only the aggregate address, with attributes inherited from the more specific routes? 

A. summary-only as-set 

B. as-set 

C. summary 

D. summary-only 

Answer:

Explanation: 

Example: 

router bgp 300 

neighbor 2.2.2.2 remote-as 100 

neighbor 3.3.3.3 remote-as 200 

neighbor 4.4.4.4 remote-as 400 

aggregate-address 160.0.0.0 255.0.0.0 summary-only as-set 

!--- With the as-set configuration command, the aggregate 

!--- inherits the attributes of the more-specific routes. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5441-aggregation.html 


Q288. What is the function of an implicit-null label? 

A. It notifies the upstream LSR to remove the top label in the label stack and forward the packet. 

B. It notifies the upstream LSR to add a VPN label to the label stack. 

C. It is used to statically assign a label to an IGP route. 

D. It is used to identify the router ID. 

Answer:


Q289. Refer to the exhibit. 

Which two statements about the R1 configuration are true? (Choose two.) 

A. The IP TTL value is copied to the MPLS field during label imposition. 

B. The structure of the MLPS network is hidden in a traceroute. 

C. The LDP session interval and hold times are configured for directly connected neighbors. 

D. R1 protects the session for 86400 seconds. 

E. All locally assigned labels are discarded. 

Answer: B,D 


Q290. Which two statements about 802.1Q tunneling are true? (Choose two.) 

A. It requires a system MTU of at least 1504 bytes. 

B. The default configuration sends Cisco Discovery Protocol, STP, and VTP information. 

C. Traffic that traverses the tunnel is encrypted. 

D. It is supported on private VLAN ports. 

E. MAC-based QoS and UDLD are supported on tunnel ports. 

F. Its maximum allowable system MTU is 1546 bytes. 

Answer: A,E