Having a Cisco 400-101 certification inside hand is an advantage regarding those who want to hunt for a great job inside IT discipline. Taking the particular Pass4sure Cisco 400-101 online training course and becoming the 400-101 certificate will enhance your occupation opportunity. Pass4sure.com provides 7/24 customer assistance. If you knowledge some issues during the research, please email to www.support@Pass4sure.org. We furthermore welcome your suggestions and suggestions. We will do our very best to serve anyone!

2021 Apr 400-101 free practice test

Q271. Refer to the exhibit. 

Which two configuration changes enable the user admin to log in to the device? (Choose two.) 

A. Configure the login authentication to be case-insensitive. 

B. Configure the user admin with a password and appropriate privileges. 

C. Configure the login authentication to be case-sensitive. 

D. Modify the configuration to use a named group. 

E. Configure additional login authentication under the terminal lines. 

Answer: A,B 


Usernames and passwords are case-sensitive. Users attempting to log in with an incorrectly cased username or password will be rejected. If users are unable to log into the router with their specific passwords, reconfigure the username and password on the router. 

Reference: http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-110/45843-configpasswords.html 

Q272. External EIGRP route exchange on routers R1 and R2 was failing because the routers had duplicate router IDs. You changed the eigrp router-id command on R1, but the problem persists. Which additional action must you take to enable the routers to exchange routes? 

A. Change the corresponding loopback address. 

B. Change the router ID on R2. 

C. Reset the EIGRP neighbor relationship. 

D. Clear the EIGRP process. 


Q273. What is the range of addresses that is used for IPv4-mapped IPv6 addresses? 

A. 2001. db9. . /32 

B. 2001. db8. . /32 

C. 2002. . /16 

D. . . ffff. /16 

E. . . ffff. 0. 0/96 



IPv4-Mapped Addresses FFFF:0:0/96 are the IPv4-mapped addresses [RFC4291]. Addresses within this block should not appear on the public Internet. 

Reference: https://tools.ietf.org/html/rfc5156 


Drag and drop each DHCP term on the left to the corresponding definition on the right. 


Q275. Refer to the exhibit. 

Which part of the joined group addresses list indicates that the interface has joined the EIGRP multicast group address? 

A. FF02::1 

B. FF02::1:FF00:200 

C. FF02::A 

D. FF02::2 



FF02::A is an IPv6 link-local scope multicast addresses. This address is for all devices on a wire that want to "talk" EIGRP with one another. 

Focusing specifically on FF02::A and how routers join it, we can see and say three things: 

. Local: FF02::A is local to the wire. 

. Join: Each device "joins" FF02::A by just "deciding to listen" to the IPv6 link-local scope multicast address FF02::A. Then, by extension, it listens to the corresponding MAC address for that multicast IPv6 address (33:33:00:00:00:0A). 

. Common interest: As we can see, these varying groups have something in common that they would all like to hear about. For FF02::A, the common interest --the "connection" among the devices joining that group – is that they all want to listen to or participate in EIGRP. 

Reference: http://www.networkcomputing.com/networking/understanding-ipv6-what-is-solicited-node-multicast/a/d-id/1315703 

Down to date 400-101 test:

Q276. Refer to the exhibit. 

Which OSPFv3 routes will be visible in the routing table of R2? 

A. 2001:12::1/128 

B. 2001:12::1/128, 2001:112::1/128 

C. 2001:12::2/128 

D. No OSPFv3 routes will be visible. 



The command “ipv6 unicast-routing” needs to be configured on both routers before any IPv6 routes will be seen. 


Drag and drop the PPPoE packet type on the left to the corresponding description on the right. 


Q278. Which three message types are used for prefix delegation in DHCPv6? (Choose three.) 

A. DHCP Discover 

B. Renew 

C. Solicit 

D. DHCP Offer 

E. Advertise 

F. DHCP Ack 

Answer: B,C,E 


DHCPv6 Message Types 

For a client to get an IPv6 address successfully from a DHCPv6 server, the Client-Server Conversation happens using the following messages. 

Client--->Server Messages 

Server--->Client Messages 

Solicit, Request, Confirm, Renew, Rebind, Release, Decline, Information-Request Advertise, Reply, Reconfigure 

Lets look at each message types in detail: 


This is the first step in DHCPv6, where a DHCPv6 client sends a Solicit message to locate DHCPv6 servers. 


Upon receiving a Solicit Message from the client, the DHCPv6 server sends an Advertise message to indicate that it is available for DHCP service, in response to a Solicit message received from a client. 


This message is sent by the DHCPv6 client.Client sends a Request message to request configuration parameters which includes IP addresses or delegated prefixes, from a specific server. 


Confirm message is sent by the client to any available server in the network to confirm that the client is still on the same link or it has to be removed. This message also confirms the IPv6 addresses that are assigned to the link are still valid. This could happen in case when a client detects a change in link-layer connectivity or if the device is powered on and it is found that one or more leases are still valid. Note that only the prefix portion of the addresses are validated and not the actual leases. 


A client sends a Renew message to the server when it wants to extend the lifetimes on the addresses and other configuration parameters assigned to the client and also to update other configuration parameters. 


In case of No response from the DHCPv6 Server for the Renew message, the client sends a Rebind message to any available server to extend the lifetimes on the address and to update other configuration parameters. 


A Reply message is sent by the DHCPv6 Server in response to a Solicit, Request, Renew, Rebind message received from a client. The reply message is sent by the server in response to a confirm message (either confirming or denying) that the addresses assigned to the client are appropriate.In short the server acknowledge receipt of a Release or Decline message by sending a REPLY message. 


Release message as the name implies, is sent by the client to the server that has assigned the addresses, to indicate that the client will no longer use the assigned addresses (one or more). 


Client sends a Decline message to the DHCPv6 server to tell that the one or more addresses assigned by the server is already in use 


The Reconfigure Message is sent by the DHCPv6 server to the client when the server has new or updated information of configuration parameters. It tells the client to initiate a information-request/reply message to the server so as to receive the updated information. 


Information-Request message is sent by the client to the server to update the configuration parameters 

Reference: https://supportforums.cisco.com/blog/153426/implementing-dhcpv6-introduction 

Q279. Refer to the exhibit. 

Which statement about the debug behavior of the device is true? 

A. The device debugs all IP events for 

B. The device sends all debugging information for 

C. The device sends only NTP debugging information to 

D. The device sends debugging information every five seconds. 



This is an example of a conditional debug, where there is a single condition specified of IP address So, all IP events for that address will be output in the debug. 

Q280. Which three features are considered part of the IPv6 first-hop security suite? (Choose three.) 

A. DNS guard 

B. destination guard 

C. DHCP guard 

D. ICMP guard 

E. RA guard 

F. DoS guard 

Answer: B,C,E 


Cisco IOS has (at least) these IPv6 first-hop security features: IPv6 RA Guard rejects fake RA messages coming from host (non-router) ports (not sure whether it handles all possible IPv6 header fragmentation attacks). Interestingly, it can also validate the contents of RA messages (configuration flags, list of prefixes) received through router-facing ports, potentially giving you a safeguard against an attack of fat fingers. DHCPv6 Guard blocks DHCPv6 messages coming from unauthorized DHCPv6 servers and relays. Like IPv6 RA Guard it also validates the DHCPv6 replies coming from authorized DHCPv6 servers, potentially providing protection against DHCPv6 server misconfiguration. IPv6 Snooping and device tracking builds a IPv6 First-Hop Security Binding Table (nicer name for ND table) by monitoring DHCPv6 and ND messages as well as regular IPv6 traffic. The binding table can be used to stop ND spoofing (in IPv4 world we’d call this feature DHCP Snooping and Dynamic ARP Inspection). IPv6 Source Guard uses the IPv6 First-Hop Security Binding Table to drop traffic from unknown sources or bogus IPv6 addresses not in the binding table. The switch also tries to recover from lost address information, querying DHCPv6 server or using IPv6 neighbor discovery to verify the source IPv6 address after dropping the offending packet(s). IPv6 Prefix Guard is denies illegal off-subnet traffic. It uses information gleaned from RA messages and IA_PD option of DHCPv6 replies (delegated prefixes) to build the table of valid prefixes. IPv6 Destination Guard drops IPv6 traffic sent to directly connected destination addresses not in IPv6 First-Hop Security Binding Table, effectively stopping ND exhaustion attacks. 

Reference: http://blog.ipspace.net/2013/07/first-hop-ipv6-security-features-in.html