Actualtests 400 101 ccie Questions are updated and all cisco 400 101 answers are verified by experts. Once you have completely prepared with our 400 101 dumps exam prep kits you will be ready for the real 400 101 vce exam without a problem. We have Up to date Cisco 400 101 dumps dumps study guide. PASSED passleader 400 101 First attempt! Here What I Did.

Q21. Which statement describes the function of rekey messages? 

A. They prevent unencrypted traffic from passing through a group member before registration. 

B. They refresh IPsec SAs when the key is about to expire. 

C. They trigger a rekey from the server when configuring the rekey ACL. 

D. They authenticate traffic passing through a particular group member. 

Answer:

Explanation: 

Rekey messages are used to refresh IPsec SAs. When the IPsec SAs or the rekey SAs are about to expire, one single rekey message for a particular group is generated on the key server. No new IKE sessions are created for the rekey message distribution. The rekey messages are distributed by the key server over an existing IKE SA. Rekeying can use multicast or unicast messages. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-xe-3s-book/sec-get-vpn.html 


Q22. Which three parameters must match to establish OSPF neighbor adjacency? (Choose three.) 

A. the process ID 

B. the hello interval 

C. the subnet mask 

D. authentication 

E. the router ID 

F. the OSPF interface priority 

Answer: B,C,D 


Q23. Which authentication method does OSPFv3 use to secure communication between neighbors? 

A. plaintext 

B. MD5 HMAC 

C. PKI 

D. IPSec 

Answer:

Explanation: 

In order to ensure that OSPFv3 packets are not altered and re-sent to the device, causing the device to behave in a way not desired by its system administrators, OSPFv3 packets must be authenticated. OSPFv3 uses the IPsec secure socket API to add authentication to OSPFv3 packets. This API supports IPv6. OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html 


Q24. Which two actions can you take to recover an interface in a errdisable state? (Choose two.) 

A. Enable UDLD on the switch. 

B. Enable errdisable recovery on the switch. 

C. Execute the shutdown command on the interface, followed by the no shutdown command. 

D. Remove the related commands from the configuration and reenter them. 

E. Enable loop guard on the switch. 

Answer: B,C 


Q25. In which type of EIGRP configuration is EIGRP IPv6 VRF-Lite available? 

A. stub 

B. named mode 

C. classic mode 

D. passive 

Answer:

Explanation: 

The EIGRP IPv6 VRF Lite feature provides EIGRP IPv6 support for multiple VRFs. EIGRP for IPv6 can operate in the context of a VRF. The EIGRP IPv6 VRF Lite feature provides 

separation between routing and forwarding, providing an additional level of security because no communication between devices belonging to different VRFs is allowed unless it is explicitly configured. The EIGRP IPv6 VRF Lite feature simplifies the management and troubleshooting of traffic belonging to a specific VRF. The EIGRP IPv6 VRF Lite feature is available only in EIGRP named configurations. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2mt/ipv6-15-2mt-book/ip6-eigrp.html#GUID-92B4FF4F-2B68-41B0-93C8-AAA4F0EC1B1B 


Q26. What can PfR passive monitoring mode measure for TCP flows? 

A. only delay 

B. delay and packet loss 

C. delay and reachability 

D. delay, packet loss, and throughput 

E. delay, packet loss, throughput, and reachability 

Answer:

Explanation: 

Passive monitoring metrics include the following: 

. Delay: Cisco PfR measures the average delay of TCP flows for a given prefix or traffic class. Delay is the measurement of the round-trip response time (RTT) between the transmission of a TCP synchronization message and receipt of the TCP acknowledgement. 

. Packet loss: Cisco PfR measures packet loss by tracking TCP sequence numbers for each TCP flow; it tracks the highest TCP sequence number. If it receives a subsequent packet with a lower sequence number, PfR increments the packet-loss counter. Packet 

loss is measured in packets per million. 

. Reachability: Cisco PfR measures reachability by tracking TCP synchronization messages that have been sent repeatedly without receiving a TCP acknowledgement. 

. Throughput: Cisco PfR measures TCP throughput by measuring the total number of bytes and packets for each interesting traffic class or prefix for a given interval of time. 

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/performance-routing-pfr/product_data_sheet0900aecd806c4ee4.html 


Q27. Which statement describes the native VLAN concept in an ISL trunk? 

A. It is the VLAN ID that is assigned to untagged packets. 

B. It is the VLAN with highest priority. 

C. It is the default VLAN for a trunk. 

D. There is no native VLAN concept in an ISL trunk. 

Answer:

Explanation: 

ISL has no native VLAN concept because it places the entire Ethernet frame in the payload of an ISL frame. Native VLANs is an 802.1Q specific concept 


Q28. Refer to the exhibit. 

You discover that only 1.5 Mb/s of web traffic can pass during times of congestion on the given network. 

Which two options are possible reasons for this limitation? (Choose two.) 

A. The web traffic class has too little bandwidth reservation. 

B. Video traffic is using too much bandwidth. 

C. The service-policy is on the wrong interface. 

D. The service-policy is going in the wrong direction. 

E. The NAT policy is adding too much overhead. 

Answer: A,B 

Explanation: 

In this example, the web traffic will fall into the default class, which is only 15 percent of the 10Mbps Internet connection (1.5Mbps). Meanwhile, video traffic is allowed 50% of the 10 Mbps. 


Q29. DRAG DROP 

Drag and drop the method for refreshing BGP prefixes on the left to the corresponding description on the right. 

Answer: 


Q30. Which two options are disadvantages of a commingled dual-tier WAN rate-based Ethernet circuit? (Choose two.) 

A. It requires the maintenance of separate chassis. 

B. It has limited scalability. 

C. It requires additional CPU resources at the subscriber end. 

D. It is more difficult to secure. 

E. It can increase the likelihood of packet drops. 

Answer: A,E