It is impossible to pass Cisco 400-101 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed Cisco 400-101 practice questions. You will get a surprising result by our Up to the immediate present CCIE Routing and Switching (v5.0) practice guides.

2021 Apr 400-101 dumps

Q71. In which way does the Bridge Assurance mechanism modify the default spanning-tree behavior in an effort to prevent bridging loops? 

A. Received BPDUs are looped back toward the sender to ensure that the link is bidirectional. 

B. If BPDUs are no longer received on a port, the switch immediately sends out a TCN BPDU. 

C. Extended topology information is encoded into all BPDUs. 

D. BPDUs are sent bidirectional on all active network ports, including blocked and alternate ports. 

Answer:


Q72. Which two statements are true about AAA? (Choose two.) 

A. AAA can use RADIUS, TACACS+, or Windows AD to authenticate users. 

B. If RADIUS is the only method configured in AAA, and the server becomes unreachable, 

the user will be able to log in to the router using a local username and password. 

C. If the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail. 

D. AAA can be used to authenticate the enable password with a AAA server. 

Answer: C,D 

Explanation: 

AAA can be used to authenticate user login and the enable passwords. 

Example 1: Same Exec Authentication Methods for All Users 

Once authenticated with: 

aaa authentication login default group radius local 

All users who want to log in to the access server have to be authorized using Radius (first method) or local database (second method). 

We configure: 

aaa authorization exec default group radius local 

Note. On the AAA server, Service-Type=1 (login) must be selected. 

Note. With this example, if the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail. 

Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html 


Q73. Which two statements about private VLANs are true? (Choose two.) 

A. Only one isolated VLAN can be mapped to a primary VLAN. 

B. Only one community VLAN can be mapped to a primary VLAN. 

C. Multiple isolated VLANs can be mapped to a primary VLAN. 

D. Multiple community VLANs can be mapped to a primary VLAN. 

Answer: A,D 

Explanation: 

An isolated VLAN is a secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports. You can configure only one isolated VLAN in a PVLAN domain. An isolated VLAN can have several isolated ports. The traffic from each isolated port also remains completely separate. Only one isolated VLAN can be mapped under a given primary VLAN. A community VLAN is a secondary VLAN that carries upstream traffic from the community ports to the promiscuous port and to other host ports in the same community. You can configure multiple community VLANs in a PVLAN domain. The ports within one community can communicate, but these ports cannot communicate with ports in any other community or isolated VLAN in the private VLAN. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus6000/sw/layer2/6x/b_6k_L ayer2_Config_6x/b_6k_Layer2_Config_602N12_chapter_011.html 


Q74. Which two options are requirements to implement 6VPE? (Choose two.) 

A. MPLS between PEs 

B. 6-in-4 tunnels between PEs 

C. MP-BGP VPNv6 exchange 

D. MP-BGP IPv6+label exchange 

E. Any Transport over MPLS 

F. IPv4/IPv6 dual-stack in core 

Answer: A,C 


Q75. Which technology can be used to prevent flooding of IPv6 multicast traffic on a switch? 

A. IGMP snooping 

B. IGMP filtering 

C. MLD snooping 

D. MLD filtering 

Answer:

Explanation: 

MLD snooping allows the switch to examine MLD packets and make forwarding decisions based on their content. You can configure the switch to use MLD snooping in subnets that receive MLD queries from either MLD or the MLD snooping querier. MLD snooping constrains IPv6 multicast traffic at Layer 2 by configuring Layer 2 LAN ports dynamically to forward IPv6 multicast traffic only to those ports that want to receive it. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoopmld.html 


Latest 400-101 real exam:

Q76. Which topology allows the split-horizon rule to be safely disabled when using EIGRP? 

A. full mesh 

B. partial mesh 

C. hub and spoke 

D. ring 

Answer:


Q77. Which statement is true about trunking? 

A. Cisco switches that run PVST+ do not transmit BPDUs on nonnative VLANs when using a dot1q trunk. 

B. When removing VLAN 1 from a trunk, management traffic such as CDP is no longer passed in that VLAN. 

C. DTP only supports autonegotiation on 802.1q and does not support autonegotiation for ISL. 

D. DTP is a point-to-point protocol. 

Answer:

Explanation: 

Ethernet trunk interfaces support different trunking modes. You can set an interface as trunking or nontrunking or to negotiate trunking with the neighboring interface. To autonegotiate trunking, the interfaces must be in the same VTP domain. Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which is a Point-to-Point Protocol. However, some internetworking devices might forward DTP frames improperly, which could cause misconfigurations. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swvlan.html 


Q78. Which three statements about SPAN traffic monitoring are true? (Choose three.) 

A. Traffic from a non-source VLAN is discarded when it arrives on a source VLAN. 

B. Multiple sessions can send traffic to an individual destination port. 

C. It supports up to 32 SPAN ports per switch. 

D. The destination port acts as a normal switchport. 

E. It supports up to 64 SPAN ports per switch. 

F. Only one session can send traffic to an individual destination port. 

Answer: A,E,F 

Explanation: 

You can create up to a total of 64 SPAN and ERSPAN sessions to define sources and destinations on the local device.You can also create a SPAN session to monitor multiple VLAN sources and choose only VLANs of interest to transmit on multiple destination ports. 

For example, you can configure SPAN on a trunk port and monitor traffic from different VLANs on different destination ports. 

You can configure a particular destination port in only one SPAN session. 

Traffic from a non-source VLAN is discarded when it arrives on a source VLAN. 

Reference: 

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_0/troubleshooti 

ng/configuration/guide/n1000v_troubleshooting/trouble_15span.html 


Q79. Refer to the exhibit. 

You have just created a new VRF on PE3. You have enabled debug ip bgp vpnv4 unicast updates on PE1, and you can see the route in the debug, but not in the BGP VPNv4 table. 

Which two statements are true? (Choose two.) 

A. VPNv4 is not configured between PE1 and PE3. 

B. address-family ipv4 vrf is not configured on PE3. 

C. After you configure route-target import 999:999 for a VRF on PE3, the route will be accepted. 

D. PE1 will reject the route due to automatic route filtering. 

E. After you configure route-target import 999:999 for a VRF on PE1, the route will be accepted. 

Answer: D,E 

Explanation: 

The route target extended community for VPLS auto-discovery defines the import and export policies that a VPLS instance uses. The export route target sets an extended community attribute number that is appended to all routes that are exported from the VPLS instance. The import route target value sets a filter that determines the routes that are accepted into the VPLS instance. Any route with a value in its import route target contained in its extended attributes field matching the value in the VPLS instance’s import route target are accepted. Otherwise the route is rejected. 


Q80. Which two configuration changes should be made on the OTP interface of an EIGRP OTP route reflector? (Choose two.) 

A. passive-interface 

B. no split-horizon 

C. no next-hop-self 

D. hello-interval 60, hold-time 180 

Answer: B,C 

Explanation: 

The EIGRP Over the Top feature enables a single end-to-end Enhanced Interior Gateway Routing Protocol (EIGRP) routing domain that is transparent to the underlying public or private WAN transport that is used for connecting disparate EIGRP customer sites. When an enterprise extends its connectivity across multiple sites through a private or a public WAN connection, the service provider mandates that the enterprise use an additional routing protocol, typically the Border Gateway Protocol (BGP), over the WAN links to ensure end-to-end routing. The use of an additional protocol causes additional complexities for the enterprise, such as additional routing processes and sustained interaction between EIGRP and the routing protocol to ensure connectivity, for the enterprise. With the EIGRP Over the Top feature, routing is consolidated into a single protocol (EIGRP) across the WAN. 

Perform this task to configure a customer edge (CE) device in a network to function as an EIGRP Route Reflector: 

1. enable 

2. configure terminal 

3. router eigrp virtual-name 

4. address-family ipv4 unicast autonomous-system as-number 

5. af-interface interface-type interface-number 

6. no next-hop-self 

7. no split-horizon 

8. exit 

9. remote-neighbors source interface-type interface-number unicast-listen lisp-encap 

10. network ip-address 

11. end 

Note. Use no next-hop-self to instruct EIGRP to use the received next hop and not the local outbound interface address as the next hop to be advertised to neighboring devices. If no next-hop-self is not configured, the data traffic will flow through the EIGRP Route Reflector. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-xe-3s-book/ire-eigrp-over-the-top.html