Categories
400-101 Dumps

400-101 Real Exam Dumps Questions and answers 81-90

Get Full Version of the Exam
http://www.EnsurePass.com/400-101.html

Question No.81

Refer to the exhibit. A spoke site that is connected to Router-A cannot reach a spoke site that is connected to Router-B, but both spoke sites can reach the hub. What is the likely cause of this issue?

image

A.

There is a router doing PAT at site B.

B.

There is a router doing PAT at site A.

C.

NHRP is learning the IP address of the remote spoke site as a /32 address rather than a /24 address.

D.

There is a routing issue, as NHRP registration is working.

Correct Answer: B

Explanation:

If one spoke is behind one NAT device and another different spoke is behind another NAT device, and Peer Address Translation (PAT) is the type of NAT used on both NAT devices, then a session initiated between the two spokes cannot be established.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/sec_secure_connectivity/configuration/guide/con vert/sec_dmvpn_xe_3s_book/sec_dmvpn_dt_spokes_b_nat_xe.html

Question No.82

Refer to the exhibit. For which reason could a BGP-speaking device in autonomous system 65534 be prevented from installing the given route in its BGP table?

image

A.

The AS number of the BGP is specified in the given AS_PATH.

B.

The origin of the given route is unknown.

C.

BGP is designed only for publicly routed addresses.

D.

The AS_PATH for the specified prefix exceeds the maximum number of ASs allowed.

E.

BGP does not allow the AS number 65535.

Correct Answer: A

Explanation:

BGP is considered to be a #39;Path Vector#39; routing protocol rather than a distance vector routing protocol since it utilises a list of AS numbers to describe the path that a packet should take. This list is called the AS_PATH. Loops are prevented because if a BGP speaking router sees it#39;s own AS in the AS_PATH of a route it rejects the route.

Question No.83

Refer to the exhibit. Which statement is true?

image

A.

IS-IS has been enabled on R4 for IPv6, single-topology.

B.

IS-IS has been enabled on R4 for IPv6, multitopology.

C.

IS-IS has been enabled on R4 for IPv6, single-topology and multitopology.

D.

R4 advertises IPv6 prefixes, but it does not forward IPv6 traffic, because the protocol has not been enabled under router IS-IS.

Correct Answer: A

Explanation:

When working with IPv6 prefixes in IS-IS, you can configure IS-IS to be in a single topology for both IPv4 and IPv6 or to run different topologies for IPv4 and IPv6. By default, IS-IS works in single-topology mode when activating IPv4 and IPv6. This means that the IS-IS topology will be built based on IS Reachability TLVs. When the base topology is built, then IPv4 prefixes (IP Reachability TLV) and IPv6 prefixes (IPv6 Reachability TLV) are added to each node as leaves, without checking if there is IPv6 connectivity between nodes.

Reference: https://blog.initialdraft.com/archives/3381/

Question No.84

Refer to the exhibit. While troubleshooting high CPU utilization of a Cisco Catalyst 4500 Series Switch, you notice the error message that is shown in the exhibit in the log file. What can be the cause of this issue, and how can it be prevented?

image

A.

The hardware routing table is full. Redistribute from BGP into IGP.

B.

The software routing table is full. Redistribute from BGP into IGP.

C.

The hardware routing table is full. Reduce the number of routes in the routing table.

D.

The software routing table is full. Reduce the number of routes in the routing table.

Correct Answer: C Explanation: L3HWFORWADING-2

Error Message C4K_L3HWFORWARDING-2-FWDCAMFULL:L3 routing table is full. Switching to software forwarding.

The hardware routing table is full; forwarding takes place in the software instead. The switch performance might be degraded.

Recommended Action Reduce the size of the routing table. Enter the ip cef command to return to hardware forwarding.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12- 2/31sg/system/message/message/emsg.html

Question No.85

Refer to the exhibit. Which option explains why the forwarding address is set to 0.0.0.0 instead of 110.100.1.1?

image

A.

The interface Ethernet0/1 is in down state.

B.

The next-hop ip address 110.100.1.1 is not directly attached to the redistributing router.

C.

The next-hop interface (Ethernet0/1) is specified as part of the static route command; therefore, the forwarding address is always set to 0.0.0.0.

D.

OSPF is not enabled on the interface Ethernet0/1.

Correct Answer: D

Explanation:

From the output of the quot;show ip ospf databasequot; command (although this command is not shown) we can conclude this is an ASBR (with Advertising Router is itself) and E0/1 is the ASBR#39;s next hop interface for other routers to reach network 192.168.10.0.

The Forwarding Address is determined by these conditions:

Question No.86

Which three conditions can cause excessive unicast flooding? (Choose three.)

A.

Asymmetric routing

B.

Repeated TCNs

C.

The use of HSRP

D.

Frames sent to FFFF.FFFF.FFFF

E.

MAC forwarding table overflow

F.

The use of Unicast Reverse Path Forwarding

Correct Answer: ABE

Explanation:

Causes of Flooding

The very cause of flooding is that destination MAC address of the packet is not in the L2 forwarding table of the switch. In this case the packet will be flooded out of all forwarding ports in its VLAN (except the port it was received on). Below case studies display most common reasons for destination MAC address not being known to the switch.

Cause 1: Asymmetric Routing

Large amounts of flooded traffic might saturate low-bandwidth links causing network performance issues or complete connectivity outage to devices connected across such low-bandwidth links.

Cause 2: Spanning-Tree Protocol Topology Changes

Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology Change Notification (TCN). TCN is designed to correct forwarding tables after the forwarding topology has changed. This is necessary to avoid a connectivity outage, as after a topology change some destinations previously accessible via particular ports might become accessible via different ports. TCN operates by shortening the forwarding table aging time, such that if the address is not relearned, it will age out and flooding will occur.

TCNs are triggered by a port that is transitioning to or from the forwarding state. After the TCN, even if the particular destination MAC address has aged out, flooding should not happen for long in most cases since the address will be relearned. The issue might arise when TCNs are occurring repeatedly with short intervals. The switches will constantly be fast-aging their forwarding tables so flooding will be nearly constant.

Normally, a TCN is rare in a well-configured network. When the port on a switch goes up or down, there is eventually a TCN once the STP state of the port is changing to or from forwarding. When the port is flapping, repetitive TCNs and flooding occurs.

Cause 3: Forwarding Table Overflow

Another possible cause of flooding can be overflow of the switch forwarding table. In this case, new addresses cannot be learned and packets destined to such addresses are flooded until some space becomes available in the forwarding table. New addresses will then be learned. This is possible but rare, since most modern switches have large enough forwarding tables to accommodate MAC addresses for most designs.

Forwarding table exhaustion can also be caused by an attack on the network where one host starts generating frames each sourced with different MAC address. This will tie up all the forwarding table resources. Once the forwarding tables become saturated, other traffic will be flooded because new learning cannot occur. This kind of attack can be detected by examining the switch forwarding table. Most of the MAC addresses will point to the same port or group of ports. Such attacks can be prevented by limiting the number of MAC addresses learned on untrusted ports by using the port security feature.

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series- switches/23563-143.html#causes

Question No.87

Which statement describes the BGP add-path feature?

A.

It allows for installing multiple IBGP and EBGP routes in the routing table.

B.

It allows a network engineer to override the selected BGP path with an additional path created in the config.

C.

It allows BGP to provide backup paths to the routing table for quicker convergence.

D.

It allows multiple paths for the same prefix to be advertised.

Correct Answer: D

Explanation:

BGP routers and route reflectors (RRs) propagate only their best path over their sessions. The advertisement of a prefix replaces the previous announcement of that prefix (this behavior is known as an implicit withdraw). The implicit withdraw can achieve better scaling, but at the cost of path diversity.

Path hiding can prevent efficient use of BGP multipath, prevent hitless planned maintenance, and can lead to MED oscillations and suboptimal hot-potato routing. Upon nexthop failures, path hiding also inhibits fast and local recovery because the network has to wait for BGP control plane convergence to restore traffic. The BGP Additional Paths feature provides a generic way of offering path diversity; the Best External or Best Internal features offer path diversity only in limited scenarios.

The BGP Additional Paths feature provides a way for multiple paths for the same prefix to be advertised without the new paths implicitly replacing the previous paths. Thus, path diversity is achieved instead of path hiding.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg- xe-3s-book/irg-additional-paths.html

Question No.88

In the DiffServ model, which class represents the highest priority with the highest drop probability?

A.

AF11

B.

AF13

C.

AF41

D.

AF43

Correct Answer: D

Explanation:

AF43 Assured forwarding, high drop probability, Class 4 DSCP, and Flash-override precedence. Table of AF Classes and Drop Priority

Drop Precedence Class 1

Class 2

Class 3

Class 4 Low drop AF11 DSCP 10

001010

AF21 DSCP 18

010010

AF31 DSCP 26

011010

AF41 DSCP 34

100010

Medium drop AF12

DSCP 12

001100

AF22 DSCP 20

010100

AF32 DSCP 28

011100

AF42 DSCP 36

100100

High drop AF13 DSCP 14

001110

AF23 DSCP 22

010110

AF33 DSCP 30

011110

AF43 DSCP 38

100110

Reference: https://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_IIamp;seqNum=56

Question No.89

Refer to the exhibit. NHRP registration is failing; what might be the problem?

image

A.

invalid IP addressing

B.

fragmentation

C.

incorrect NHRP mapping

D.

incorrect NHRP authentication

Correct Answer: D

Explanation:

Configuring an authentication string ensures that only routers configured with the same string can communicate using NHRP. Therefore, if the authentication scheme is to be used, the same string must be configured in all devices configured for NHRP on a fabric.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html#wp1055 4

Question No.90

Refer to the exhibit. Which technology does the use of bi-directional BPDUs on all ports in the topology support?

image

A.

RSTP

B.

MST

C.

Bridge Assurance

D.

Loop Guard

E.

Root Guard

F.

UDLD

image

Correct Answer: C

Explanation:

Spanning Tree Bridge Assurance Turns STP into a bidirectional protocol

Ensures spanning tree fails 鈥渃losed鈥?rather than 鈥渙pen鈥?If port type is 鈥渘etwork鈥?send BPDU regardless of state

If network port stops receiving BPDU it鈥檚 put in BA-inconsistent state

image

Bridge Assurance (BA) can help protect against bridging loops where a port becomesdesignated because it has stopped receiving BPDUs. This is similar to the functionof loop guard.

Reference: http://lostintransit.se/tag/convergence/

Get Full Version of 400-101 Dumps

Categories
400-101 Dumps

400-101 Real Exam Dumps Questions and answers 91-100

Get Full Version of the Exam
http://www.EnsurePass.com/400-101.html

Question No.91

Refer to the exhibit. What is the meaning of the asterisk (*) in the output?

image

A.

PIM neighbor 10.1.5.6 is the RPF neighbor for the group 232.1.1.1 for the shared tree.

B.

PIM neighbor 10.1.5.6 is the one that is seen as the RPF neighbor when performing the command show ip rpf 10.1.4.7.

C.

PIM neighbor 10.1.5.6 is the winner of an assert mechanism.

D.

The RPF neighbor 10.1.5.6 is invalid.

image

Correct Answer: C

Explanation:

show ip mroute Field Descriptions Field

Description

RPF neighbor or RPF nbr

IP address of the upstream router to the source. Tunneling indicates that this router is sending data to the RP encapsulated in register packets. The hexadecimal number in parentheses indicates to which RP it is registering. Each bit indicates a different RP if multiple RPs per group are used. If an asterisk (*) appears after the IP address in this field, the RPF neighbor has been learned through an assert.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/ipmulti/command/reference/fiprmc_r/1rfmult3.html

Question No.92

Which two options are causes of out-of-order packets? (Choose two.)

A.

a routing loop

B.

a router in the packet flow path that is intermittently dropping packets

C.

high latency

D.

packets in a flow traversing multiple paths through the network

E.

some packets in a flow being process-switched and others being interrupt-switched on a transit router

Correct Answer: DE

Explanation:

In traditional packet forwarding systems, using different paths have varying latencies that cause out of order packets, eventually resulting in far lower performance for the network application. Also, if some packets are process switched quickly by the routing engine of the router while others are interrupt switched (which takes more time) then it could result in out of order packets. The other options would cause packet drops or latency, but not out of order packets.

Question No.93

What are two reasons to define static peers in EIGRP? (Choose two.)

A.

Security requirements do not allow dynamic learning of neighbors.

B.

The link between peers requires multicast packets.

C.

Back-level peers require static definition for successful connection.

D.

The link between peers requires unicast packets.

Correct Answer: AD

Explanation:

There are two ways we can create EIGRP neighbor relationship:

Use quot;network quot; command. this is the more popular way to create EIGRP neighbor relationship. That router will check which interfaces whose IP addresses belong to the and turn EIGRP on that interface. EIGRP messages are sent via multicast packets.

Use quot;neighborquot; command. The interface(s) that have this command applied no longer send or receive EIGRP multicast packets. EIGRP messages are sent via unicast. The router only accepts EIGRP packets from peers that are explicitly configured with a neighbor statement.

Consequently, any messages coming from routers without a corresponding neighbor statement are discarded. This helps prevent the insertion of unauthorized routing peers -gt; A and D are correct.

Question No.94

Refer to the exhibit. Which statement about the output is true?

image

A.

The flow is an HTTPS connection to the router, which is initiated by 144.254.10.206.

B.

The flow is an HTTP connection to the router, which is initiated by 144.254.10.206.

C.

The flow is an HTTPS connection that is initiated by the router and that goes to 144.254.10.206.

D.

The flow is an HTTP connection that is initiated by the router and that goes to 144.254.10.206.

Correct Answer: A

Explanation:

We can see that the connection is initiated by the Source IP address shown as 144.254.10.206. We also see that the destination protocol (DstP) shows 01BB, which is in hex and translates to 443 in decimal. SSL/HTTPS uses port 443.

Question No.95

Like OSPFv2, OSPFv3 supports virtual links. Which two statements are true about the IPv6 address of a virtual neighbor? (Choose two.)

A.

It is the link-local address, and it is discovered by examining the hello packets received from the virtual neighbor.

B.

It is the link-local address, and it is discovered by examining link LSA received by the virtual neighbor.

C.

It is the global scope address, and it is discovered by examining the router LSAs received by the virtual neighbor.

D.

Only prefixes with the LA-bit not set can be used as a virtual neighbor address.

E.

It is the global scope address, and it is discovered by examining the intra-area-prefix-LSAs received by the virtual neighbor.

F.

Only prefixes with the LA-bit set can be used as a virtual neighbor address.

Correct Answer: EF

Explanation:

OSPF for IPv6 assumes that each router has been assigned link-local unicast addresses on each of the router#39;s attached physical links. On all OSPF interfaces except virtual links, OSPF packets are sent using the interface#39;s associated link-local unicast address as the source address. A router learns the link-local addresses of all other routers attached to its links and uses these addresses as next-hop information during packet forwarding.

On virtual links, a global scope IPv6 address MUST be used as the source address for OSPF protocol packets.

The collection of intra-area-prefix-LSAs originated by the virtual neighbor is examined, with the virtual neighbor#39;s IP address being set to the first prefix encountered with the LA-bit set.

Reference: https://tools.ietf.org/html/rfc5340

Question No.96

Refer to the exhibit. Which statement is true?

image

A.

It is impossible for the destination interface to equal the source interface.

B.

NAT on a stick is performed on interface Et0/0.

C.

There is a potential routing loop.

D.

This output represents a UDP flow or a TCP flow.

Correct Answer: C

Explanation:

In this example we see that the source interface and destination interface are the same (Et0/0). Typically this is seen when there is a routing loop for the destination IP address.

Question No.97

Which two statements describe characteristics of HDLC on Cisco routers? (Choose two.)

A.

It supports multiple Layer 3 protocols.

B.

It supports multiplexing.

C.

It supports only synchronous interfaces.

D.

It supports authentication.

Correct Answer: AC

Explanation:

Cisco High-Level Data Link Controller (HDLC) is the Cisco proprietary protocol for sending data over synchronous serial links using HDLC. Cisco HDLC also provides a simple control protocol called Serial Line Address Resolution Protocol (SLARP) to maintain serial link keepalives. Cisco HDLC is the default for data encapsulation at Layer 2 (data link) of the Open System Interconnection (OSI) stack for efficient packet delineation and error control. The absence of a protocol type field in the HDLC header posed a problem for links that carried traffic from more than one Layer 3 protocol. Cisco, therefore, added an extra Type field to the HDLC header, creating a Cisco-specific version of HDLC. Cisco routers can support multiple network layer protocols on the same HDLC link. For example an HDLC link between two Cisco routers can forward both IPv4 and IPv6 packets because the Type field can identify which type of packet is carried inside each HDLC frame.

Reference: http://www.cisco.com/c/en/us/td/docs/routers/access/800/819/software/configuration/Guide/819_ SCG/6ser_conf.html#pgfId-1073734

Question No.98

Refer to the exhibit. What is the role of this multicast router?

image

A.

a first-hop PIM router

B.

a last-hop PIM router

C.

a PIM rendezvous point

D.

a PIM inter-AS router

Correct Answer: C

Explanation:

The following is sample output from the show ip pim tunnel taken from an RP. The output is used to verify the PIM Encap and Decap Tunnel on the RP:

Switch# show ip pim tunnel

Tunnel0

Type : PIM Encap RP : 70.70.70.1* Source. 70.70.70.1

Tunnel1*

Type : PIM Decap RP : 70.70.70.1*

Source. -R2#

The asterisk (*) indicates that the router is the RP. The RP will always have a PIM Encap and Decap Tunnel interface.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3se/multicast/co mmand_reference/b_mc_3se_3650_cr/b_mc_3se_3650_cr_chapter_010.html#wp1286920037

Question No.99

Which is the way to enable the control word in an L2 VPN dynamic pseudowire connection on router R1?

A.

R1(config)# pseudowire-class cw-enable R1(config-pw-class)# encapsulation mpls R1(config-pw-class)# set control-word

B.

R1(config)# pseudowire-class cw-enable R1(config-pw-class)# encapsulation mpls R1(config-pw-class)# enable control-word

C.

R1(config)# pseudowire-class cw-enable

R1(config-pw-class)# encapsulation mpls R1(config-pw-class)# default control-word

D.

R1(config)# pseudowire-class cw-enable R1(config-pw-class)# encapsulation mpls R1(config-pw-class)# control-word

image

Correct Answer: D

Explanation:

The following example shows how to enable the control word in an AToM dynamic pseudowire connection:

Device(config)# pseudowire-class cw-enable Device(config-pw-class)# encapsulation mpls Device(config-pw-class)# control-word Device(config-pw-class)# exit

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mpls/command/mp-cr-book/mp- a1.html

Question No.100

The session status for an IPsec tunnel with IPv6-in-IPv4 is down with the error message IKE message from 10.10.1.1 failed its sanity check or is malformed. Which statement describes a possible cause of this error?

A.

There is a verification failure on the IPsec packet.

B.

The SA has expired or has been cleared.

C.

The pre-shared keys on the peers are mismatched.

D.

There is a failure due to a transform set mismatch.

E.

An incorrect packet was sent by an IPsec peer.

Correct Answer: C

Explanation:

IKE Message from X.X.X.X Failed its Sanity Check or is Malformed

This debug error appears if the pre-shared keys on the peers do not match. In order to fix this issue, check the pre-shared keys on both sides.

1d00H:%CRPTO-4-IKMP_BAD_MESSAGE. IKE message from 150.150.150.1 failed its sanity check or is malformed

Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike- protocols/5409-ipsec-debug-00.html#ike

Get Full Version of 400-101 Dumps

Categories
400-101 Dumps

400-101 Real Exam Dumps Questions and answers 51-60

Get Full Version of the Exam
http://www.EnsurePass.com/400-101.html

Question No.51

Which three steps are required to enable SSH access on a Cisco routers? (Choose three.)

A.

generating an RSA or DSA cryptographic key

B.

configuring the version of SSH

C.

configuring a domain name

D.

configuring VTY lines for use with SSH

E.

configuring the port for SSH to listen for connections

F.

generating an AES or SHA cryptographic key

Correct Answer: ACD

Explanation:

Here are the steps:1. Configure a hostname for the router using these commands. yourname#configure terminalEnter configuration commands, one per line. End with CNTL/Z. yourname (config)#hostname LabRouter

LabRouter(config)#

  1. Configure a domain name with the ip domain-name command followed by whatever you would like your domain name to be. I used CiscoLab.com.

    LabRouter(config)#ip domain-name CiscoLab.com

  2. We generate a certificate that will be used to encrypt the SSH packets using the crypto key generate rsa command.

    Take note of the message that is displayed right after we enter this command. quot;The name for the keys will be. LabRouter.CiscoLab.comquot; it combines the hostname of the router along with the domain name we configured to get the name of the encryption key generated; this is why it was important for us to, first of all, configure a hostname then a domain name before we generated the keys.

    Notice also that it asks us to choose a size of modulus for the key we#39;re about to generate. The higher the modulus, the stronger the encryption of the key. For our example, we#39;ll use a modulus of 1024.

    image

  3. Now that we#39;ve generated the key, our next step would be to configure our vty lines for SSH access and specify which database we are going to use to provide authentication to the device. The local database on the router will do just fine for this example.

    LabRouter(config)#line vty 0 4 LabRouter(config-line)#login local LabRouter(config-line)#transport input ssh

  4. You will need to create an account on the local router#39;s database to be used for authenticating to the device. This can be accomplished with these commands.

LabRouter(config)#username XXXX privilege 15 secret XXXX

Reference: http://blog.pluralsight.com/configure-secure-shell-ssh-on-cisco-router

Question No.52

Refer to the exhibit. Which two statements about how the configuration processes Telnet traffic are true? (Choose two.)

image

A.

Telnet traffic from 10.1.1.9 to 10.10.10.1 is dropped.

B.

All Telnet traffic is dropped.

C.

Telnet traffic from 10.10.10.1 to 10.1.1.9 is permitted.

D.

Telnet traffic from 10.1.1.9 to 10.10.10.1 is permitted.

E.

Telnet traffic is permitted to all IP addresses.

Correct Answer: AC

Explanation:

The ACL applied to the COPP policy matches only telnet traffic from 10.1.1.9 to 10.10.10.1, all other telnet traffic is not matched and therefore not used in the COPP policy, which means this traffic will be handled normally (accepted). For telnet traffic from 10.1.1.9 to 10.10.10.1, the COPP policy has defined this traffic as an exceed, and dropped.

Question No.53

Refer to the exhibit. Service provider SP 1 is running the MPLS-VPN service. The MPLS core network has MP- BGP configured with RR-1 as route reflector. What will be the effect on traffic between PE1 and PE2 if router P1 goes down?

image

A.

No effect, because all traffic between PE1 and PE2 will be rerouted through P2.

B.

No effect, because P1 was not the only P router in the forwarding path of traffic.

C.

No effect, because RR-1 will find an alternative path for MP-BGP sessions to PE-1 and PE-2.

D.

All traffic will be lost because RR-1 will lose the MP-BGP sessions to PE-1 and PE-2.

Correct Answer: D

Explanation:

If the connection to the route reflector goes down, then routes from PE-1 will not get advertised to PE2, and vice versa. Route reflectors are critical in an MPLS VPN such as the one shown, which is why it is a best practice to have multiple route reflectors in this kind of network.

Question No.54

Refer to the exhibit. Router A and router B are physically connected over an Ethernet interface, and ISIS is configured as shown. Which option explains why the ISIS neighborship is not getting formed between router A and router B?

image

A.

same area ID

B.

same N selector

C.

same domain ID

D.

same system ID

Correct Answer: D

Explanation:

With IS-IS, the LSP identifier is derived from the system ID (along with the pseudonode ID and LSP number). Each IS is usually configured with one NET and in one area; each system ID within an area must be unique.

The big difference between NSAP style addressing and IP style addressing is that, in general, there will be a single NSAP address for the entire router, whereas with IP there will be one IP address per interface. All ISs and ESs in a routing domain must have system IDs of the same length. All routers in an area must have the same area address. All Level 2 routers must have a unique system ID domain-wide, and all Level 1 routers must have a unique system ID area-wide. Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a3e6f.shtml

Question No.55

Which two statements are true about VPLS? (Choose two.)

A.

It can work over any transport that can forward IP packets.

B.

It provides integrated mechanisms to maintain First Hop Resiliency Protocols such as HSRP, VRRP, or GLBP.

C.

It includes automatic detection of multihoming.

D.

It relies on flooding to propagate MAC address reachability information.

E.

It can carry a single VLAN per VPLS instance.

Correct Answer: DE

Explanation:

VPLS relies on flooding to propagate MAC address reachability information. Therefore, flooding cannot be prevented.

VPLS can carry a single VLAN per VPLS instance. To multiplex multiple VLANs on a single instance, VPLS uses IEEE QinQ.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series- switches/white_paper_c11-574984.html

Question No.56

Refer to the exhibit. Which statement describes the effect on the network if FastEthernet0/1 goes down temporarily?

image

A.

FastEthernet0/2 forwards traffic only until FastEthernet0/1 comes back up.

B.

FastEthernet0/2 stops forwarding traffic until FastEthernet0/1 comes back up.

C.

FastEthernet0/2 forwards traffic indefinitely.

D.

FastEthernet0/1 goes into standby.

Correct Answer: C

Explanation:

Use the switchport backup interface interface configuration command on a Layer 2 interface to configure Flex Links, a pair of interfaces that provide backup to each other. Use the no form of this command to remove the Flex Links configuration.

With Flex Links configured, one link acts as the primary interface and forwards traffic, while the other interface is in standby mode, ready to begin forwarding traffic if the primary link shuts down. The interface being configured is referred to as the active link; the specified interface is identified as the backup link. The feature provides an alternative to the Spanning Tree Protocol (STP), allowing users to turn off STP and still retain basic link redundancy.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12- 2_53_se/command/reference/2960ComRef/cli3.html#wp3269214

Question No.57

Which three statements about the designated router election in IS-IS are true? (Choose three.)

A.

If the IS-IS DR fails, a new DR is elected.

B.

The IS-IS DR will preempt. If a new router with better priority is added, it just becomes active in the network.

C.

If there is a tie in DR priority, the router with a higher IP address wins.

D.

If there is a tie in DR priority, the router with a higher MAC address wins.

E.

If the DR fails, the BDR is promoted as the DR.

F.

The DR is optional in a point-to-point network.

Correct Answer: ABD

Explanation:

DR/DIS election highest priority (0-127) highest mac address

Setting priority to 0 doesn#39;t disable DIS election; use point-to-point to disable it. There can be separate DRs for L1 and L2 adjacencies.

There is no backup DR. If the primary DR fails, a new DR is elected. DR preemption is enabled by default.

Reference: http://ccie-in-2-months.blogspot.com/2013/12/is-is-hints.html

Question No.58

Refer to the exhibit. Routers R1, R2, and R3 are configured as shown, and traffic from R2 fails to reach 172.29.168.3. Which action can you take to correct the problem?

image

A.

Correct the static route on R1.

B.

Correct the default route on R2.

C.

Edit the EIGRP configuration of R3 to enable auto-summary.

D.

Correct the network statement for 172.29.168.3 on R3.

Correct Answer: A

Explanation:

On R1 we see there is a wrongly configured static route: ip route 172.29.168.3 255.255.255.255 172.17.17.2. It should be ip route 172.29.168.3 255.255.255.255 10.17.12.3.

Question No.59

Refer to the exhibit. Which action will solve the error state of this interface when connecting a host behind a Cisco IP phone?

image

A.

Configure dot1x-port control auto on this interface

B.

Enable errdisable recovery for security violation errors

C.

Enable port security on this interface

D.

Configure multidomain authentication on this interface

Correct Answer: D

Explanation:

In single-host mode, a security violation is triggered when more than one device are detected on the data vlan. In multidomain authentication mode, a security violation is triggered when more than one device are detected on the data or voice VLAN. Here we see that single host mode is being used, not multidomain mode.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12- 2/50sg/configuration/guide/Wrapper-46SG/dot1x.html#wp1309041

Question No.60

What is the goal of Unicast Reverse Path Forwarding?

A.

to verify the reachability of the destination address in forwarded packets

B.

to help control network congestion

C.

to verify the reachability of the destination address in multicast packets

D.

to verify the reachability of the source address in forwarded packets

Correct Answer: D

Explanation:

Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the reachability of the source address in packets being forwarded. This capability can limit the appearance of spoofed addresses on a network. If the source IP address is not valid, the packet is discarded.

Reference: http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html

Get Full Version of 400-101 Dumps

Categories
400-101 Dumps

400-101 Real Exam Dumps Questions and answers 61-70

Get Full Version of the Exam
http://www.EnsurePass.com/400-101.html

Question No.61

Which statement about shaped round robin queuing is true?

A.

Queues with higher configured weights are serviced first.

B.

The device waits a period of time, set by the configured weight, before servicing the next queue.

C.

The device services a single queue completely before moving on to the next queue.

D.

Shaped mode is available on both the ingress and egress queues.

Correct Answer: A

Explanation:

SRR is scheduling service for specifying the rate at which packets are dequeued. With SRR there

are two modes, shaped and shared. Shaped mode is only available on the egress queues SRR differs from typical WRR. With WRR queues are serviced based on the weight. Q1 is serviced for weight 1 period of time, Q2 is served for weight 2 period of time, and so forth. The servicing mechanism works by moving from queue to queue and services them for the weighted amount of time. With SRR weights are still followed; however, SRR services Q1, moves to Q2, then Q3 and Q4 in a different way. It does not wait at and service each queue for a weighted amount of time before moving on to the next queue. Instead, SRR makes several rapid passes at the queues; in each pass, each queue might or might not be serviced. For each given pass, the more highly weighted queues are more likely to be serviced than the lower priority queues.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3560-e-series- switches/prod_qas0900aecd805bacc7.html

Question No.62

A GRE tunnel is down with the error message %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error. Which two options describe possible causes of the error? (Choose two.)

A.

Incorrect destination IP addresses are configured on the tunnel.

B.

There is link flapping on the tunnel.

C.

There is instability in the network due to route flapping.

D.

The tunnel mode and tunnel IP address are misconfigured.

E.

The tunnel destination is being routed out of the tunnel interface.

Correct Answer: CE

Explanation:

The %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error message means that the generic routing encapsulation (GRE) tunnel router has discovered a recursive routing problem. This condition is usually due to one of these causes:

A misconfiguration that causes the router to try to route to the tunnel destination address using the tunnel interface itself (recursive routing)

A temporary instability caused by route flapping elsewhere in the network

Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing- protocol-eigrp/22327-gre-flap.html

Question No.63

In which type of EIGRP configuration is EIGRP IPv6 VRF-Lite available?

A.

stub

B.

named mode

C.

classic mode

D.

passive

Correct Answer: B

Explanation:

The EIGRP IPv6 VRF Lite feature provides EIGRP IPv6 support for multiple VRFs. EIGRP for IPv6 can operate in the context of a VRF. The EIGRP IPv6 VRF Lite feature provides separation between routing and forwarding, providing an additional level of security because no communication between devices belonging to different VRFs is allowed unless it is explicitly configured. The EIGRP IPv6 VRF Lite feature simplifies the management and troubleshooting of traffic belonging to a specific VRF.

The EIGRP IPv6 VRF Lite feature is available only in EIGRP named configurations.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2mt/ipv6-15- 2mt-book/ip6-eigrp.html#GUID-92B4FF4F-2B68-41B0-93C8-AAA4F0EC1B1B

Question No.64

Refer to the exhibit. If you change the Spanning Tree Protocol from pvst to rapid-pvst, what is the effect on the interface Fa0/1 port state?

image

A.

It transitions to the listening state, and then the forwarding state.

B.

It transitions to the learning state and then the forwarding state.

C.

It transitions to the blocking state, then the learning state, and then the forwarding state.

D.

It transitions to the blocking state and then the forwarding state.

Correct Answer: C

Explanation:

First, the port will transition to the blocking state, immediately upon the change, then it will transition to the new RSTP states of learning and forwarding.

Port States

There are only three port states left in RSTP that correspond to the three possible operational states. The 802.1D disabled, blocking, and listening states are merged into a unique 802.1w discarding state.

STP (802.1D) Port State RSTP (802.1w) Port State

Is Port Included in Active Topology? Is Port Learning MAC Addresses? Disabled

Discarding No

No Blocking Discarding No

No

Listening Discarding Yes

No Learning Learning Yes

Yes Forwarding Forwarding Yes

Yes

Question No.65

With which ISs will an IS-IS Level 1 IS exchange routing information?

A.

Level 1 ISs

B.

Level 1 ISs in the same area

C.

Level 1 and Level 2 ISs

D.

Level 2 ISs

Correct Answer: B

Explanation:

IS-IS differs from OSPF in the way that quot;areasquot; are defined and routed between. IS-IS routers are designated as being: Level 1 (intra-area); Level 2 (inter area); or Level 1-2 (both). Level 2 routers are inter area routers that can only form relationships with other Level 2 routers. Routing information is exchanged between Level 1 routers and other Level 1 routers, and Level 2 routers only exchange information with other Level 2 routers. Level 1-2 routers exchange information with both levels and are used to connect the inter area routers with the intra area routers.

Reference: http://en.wikipedia.org/wiki/IS-IS

Question No.66

Refer to the exhibit. What is a possible reason for the IPSEC tunnel not establishing?

image

A.

The peer is unreachable.

B.

The transform sets do not match.

C.

The proxy IDs are invalid.

D.

The access lists do not match.

Correct Answer: D

Explanation:

Proxy Identities Not Supported

This message appears in debugs if the access list for IPsec traffic does not match. 1d00h: IPSec(validate_transform_proposal): proxy identities not supported

1d00h: ISAKMP: IPSec policy invalidated proposal 1d00h: ISAKMP (0:2): SA not acceptable!

The access lists on each peer needs to mirror each other (all entries need to be reversible). This example illustrates this point.

Peer A

access-list 150 permit ip 172.21.113.0 0.0.0.255 172.21.114.0 0.0.0.255

access-list 150 permit ip host 15.15.15.1 host 172.21.114.123 Peer B

access-list 150 permit ip 172.21.114.0 0.0.0.255 172.21.113.0 0.0.0.255

access-list 150 permit ip host 172.21.114.123 host 15.15.15.1

Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike- protocols/5409-ipsec-debug-00.html#proxy

Question No.67

Refer to the exhibit. Which statement is true?

image

A.

BGP peer 10.1.2.3 is performing inbound filtering.

B.

BGP peer 10.1.2.3 is a route reflector.

C.

R1 is a route reflector, but BGP peer 10.1.2.3 is not a route reflector client.

D.

R1 still needs to send an update to the BGP peer 10.1.2.3.

Correct Answer: D

Explanation:

On R1 the routing table version (Tbl Ver) for 10.1.2.3 is 1, other routers have version 2, so it needs to send an update to the 10.1.2.3 peer.

Question No.68

Refer to the exhibit. What is wrong with the configuration of the tunnel interface of this DMVPN Phase II spoke router?

image

A.

The interface MTU is too high.

B.

The tunnel destination is missing.

C.

The NHRP NHS IP address is wrong.

D.

The tunnel mode is wrong.

image

Correct Answer: D

Explanation:

By default, tunnel interfaces use GRE as the tunnel mode, but a DMVPN router needs to be configured for GRE multipoint by using the quot;tunnel mode gre multipointquot; interface command.

Question No.69

Refer to the exhibit. The interface FastEthernet0/1 of both routers R4 and R5 is connected to the same Ethernet segment with a multicast receiver. Which two statements are true? (Choose two)

image

A.

Multicast traffic that is destined to a receiver with IP address 192.168.2.6 will flow through router R4.

B.

Both routers R4 and R5 will send PIM join messages to the RP.

C.

Only router R5 will send a multicast join message to the RP.

D.

Multicast traffic that is destined to a receiver with IP address 192.168.2.6 will flow through router R5.

Correct Answer: CD

Explanation:

Even though R4 is the active HSRP router, traffic will flow through R5 and only R5 will send the join messages. The Multicast DR is elected by the higher IP address or priority. R5 has 192.168.2.2 and R4 has 192.168.2.1. R5 is the DR which send all packets to the RP.

Question No.70

Which two features does the show ipv6 snooping features command show information about? (Choose two.)

A.

RA guard

B.

DHCP guard

C.

ND inspection

D.

source guard

image

Correct Answer: AC

Explanation:

The show ipv6 snooping features command displays the first-hop features that are configured on the router.

Example:

The following example shows that both IPv6 NDP inspection and IPv6 RA guard are configured on the router:

Router# show ipv6 snooping features Feature name priority state

RA guard 100 READY NDP inspection 20 READY

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6- s5.html

Get Full Version of 400-101 Dumps

Categories
400-101 Dumps

400-101 Real Exam Dumps Questions and answers 71-80

Get Full Version of the Exam
http://www.EnsurePass.com/400-101.html

Question No.71

Refer to the exhibit. ICMP Echo requests from host A are not reaching the intended destination on host B. What is the problem?

image

A.

The ICMP payload is malformed.

B.

The ICMP Identifier (BE) is invalid.

C.

The negotiation of the connection failed.

D.

The packet is dropped at the next hop.

E.

The link is congested.

Correct Answer: D

Explanation:

Here we see that the Time to Live (TTL) value of the packet is one, so it will be forwarded to the next hop router, but then dropped because the TTL value will be 0 at the next hop.

Question No.72

Refer to the exhibit. Which statement about this device configuration is true?

image

A.

The NMS needs a specific route configured to enable it to reach the Loopback0 interface of the device.

B.

The ifindex of the device could be different when the device is reloaded.

C.

The device will allow anyone to poll it via the public community.

D.

The device configuration requires the AuthNoPriv security level.

Correct Answer: B

Explanation:

One of the most commonly used identifiers in SNMP-based network management applications is the Interface Index (ifIndex) value. IfIndex is a unique identifying number associated with a physical or logical interface. For most software, the ifIndex is the name of the interface. Although relevant RFCs do not require that the correspondence between particular ifIndex values and their interfaces be maintained across reboots, applications such as device inventory, billing, and fault detection depend on this correspondence.

Consider a situation where a simple monitoring software (like MRTG) is polling the interface statistics of the router specific serial interface going to the internet.

As an example, you could have these conditions prior to re-initialization: physical port

ifIndex ethernet port 1

tokenring port 2

serial port 3

Therefore, the management application is polling the ifIndex 3, which corresponds to the serial port.

After the router re-initialization (reboot, reload and so on) the conditions change to something similar to this:

physical port ifIndex ethernet port 3

tokenring port 1

serial port 2

The management application continues polling the ifIndex 3, which corresponds now to the ethernet port. Therefore, if the management application is not warned by a trap, for example, that

the router has been rebooted, the statistics polled could be completely wrong.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol- snmp/28420-ifIndex-Persistence.html

Question No.73

Refer to the exhibit. Which statement is true about a VPNv4 prefix that is present in the routing table of vrf one and is advertised from this router?

image

A.

The prefix is advertised only with route target 100:1.

B.

The prefix is advertised with route targets 100:1 and 100:2.

C.

The prefix is advertised only with route target 100:3.

D.

The prefix is not advertised.

E.

The prefix is advertised with route targets 100:1, 100:2, and 100:3.

Correct Answer: A

Explanation:

The route target used for prefix advertisements to other routers is defined on the route-target export command, which shows 100:1 in this case for VPNv4 routes.

Question No.74

Which statement is true comparing L2TPv3 to EoMPLS?

A.

L2TPv3 requires OSPF routing, whereas EoMPLS does not.

B.

EoMPLS requires BGP routing, whereas L2TPv3 does not.

C.

L2TPv3 carries L2 frames inside MPLS tagged packets, whereas EoMPLS carries L2 frames inside IPv4 packets.

D.

L2TPv3 carries L2 frames inside IPv4 packets, whereas EoMPLS carries L2 frames inside MPLS packets.

Correct Answer: D

Explanation:

Ethernet-over-MPLS (EoMPLS) provides a tunneling mechanism for Ethernet traffic through an MPLS-enabled L3 core and encapsulates Ethernet protocol data units (PDUs) inside MPLS packets (using label stacking) to forward them across the MPLS network. Another technology that more or less achieves the result of AToM is L2TPV3. In the case of L2TPV3 Layer 2 frames are encapsulated into an IP packet instead of a labelled MPLS packet.

Reference: http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4- 3/lxvpn/configuration/guide/lesc43xbook/lesc43p2ps.html

Question No.75

Refer to the exhibit. R3 prefers the path through R1 to reach host 10.1.1.1. Which option describes the reason for this behavior?

image

A.

The OSPF reference bandwidth is too small to account for the higher speed links through R2.

B.

The default OSPF cost through R1 is less than the cost through R2.

C.

The default OSPF cost through R1 is more than the cost through R2.

D.

The link between R2 and R1 is congested.

Correct Answer: A

Explanation:

The default formula to calculate OSPF bandwidth is BW = Bandwidth Reference / interface bandwidth [bps] = 10^8 / / interface bandwidth [bps]

BW of the R1-R3 link = 10^8 / 100Mbps = 10^8 / 10^8 = 1

BW of the R2-R3 link = 10^8 / 1Gbps = 10^8 / 10^9 = 1 (round up)

Therefore OSPF considers the two above links have the same Bandwidth -gt; R3 will go to

10.1.1.1 via the R1-R3 link. The solution here is to increase the Bandwidth Reference to a higher value using the quot;auto-cost reference-bandwidthquot; command under OSPF router mode. For example:

Router(config)#router ospf 1

Router(config-router)#auto-cost reference-bandwidth 10000

This will increase the reference bandwidth to 10000 Mbps which increases the BW of the R2-R3 link to 10^10 / 10^8 = 100.

Question No.76

Refer to the exhibit. AS #1 and AS #2 have multiple EBGP connections with each other. AS #1 wants all return traffic that is destined to the prefix 10.10.10.1/32 to enter through the router R1 from AS #2. In order to achieve this routing policy, the AS 1 advertises a lower MED from R1, compared to a higher MED from R3, to their respective BGP neighbor for the prefix 10.10.10.0/24. Will this measure guarantee that the routing policy is always in effect?

image

A.

Yes, because MED plays a deterministic role in return traffic engineering in BGP.

B.

Yes, because a lower MED forces BGP best-path route selection in AS #2 to choose R1 as the best path for 10.10.10.0/24.

C.

Yes, because a lower MED in AS #2 is the highest BGP attribute in BGP best-path route selection.

D.

No, AS #2 can choose to alter the weight attribute in R2 for BGP neighbor R1, and this weight value is cascaded across AS #2 for BGP best-path route selection.

E.

No, AS #2 can choose to alter the local preference attribute to overwrite the best-path route selection over the lower MED advertisement from AS #1. This local preference attribute is cascaded across AS #2 for the BGP best-path route selection.

Correct Answer: E

Explanation:

MED and AS path prepending can both be used to influence the way incoming traffic from other Autonomous Systems get sent to the local AS, but they provide no guarantee as the other AS ultimately has the final word in how they send traffic. Since local preference is preferred over MED in the BGP decision process, the other AS can configure local preference to override the MED settings you have configured.

Question No.77

Refer to the exhibit. Why is the neighbor relationship between R2 and R4 shown as ES-IS?

image

A.

because there is an MTU mismatch between R2 and R4

B.

because interface S3/0 of R4 is configured as L1/L2

C.

because interface S3/0 of R2 is configured as L1

D.

because there is a hello interval mismatch between R2 and R4

Correct Answer: C

Question No.78

Which two statements are true about an EPL? (Choose two.)

A.

It is a point-to-point Ethernet connection between a pair of NNIs.

B.

It allows for service multiplexing.

C.

It has a high degree of transparency.

D.

The EPL service is also referred to as E-line.

Correct Answer: CD

Explanation:

Ethernet private line (EPL) and Ethernet virtual private line (EVPL) are carrier Ethernet data services defined by the Metro Ethernet Forum. EPL provides a point-to-point Ethernet virtual connection (EVC) between a pair of dedicated user-network interfaces (UNIs), with a high degree of transparency. EVPL provides a point-to-point or point-to-multipoint connection between a pair of UNIs.

The services are categorized as an E-Line service type, with an expectation of low frame delay, frame delay variation and frame loss ratio. EPL is implemented using a point-to-point (EVC) with no Service Multiplexing at each UNI (physical interface), i.e., all service frames at the UNI are mapped to a single EVC (a.k.a. all-to-one bundling).

Reference: http://en.wikipedia.org/wiki/Ethernet_Private_Line

Question No.79

According to RFC 4577, OSPF for BGP/MPLS IP VPNs, when must the down bit be set?

A.

when an OSPF route is distributed from the PE to the CE, for Type 3 LSAs

B.

when an OSPF route is distributed from the PE to the CE, for Type 5 LSAs

C.

when an OSPF route is distributed from the PE to the CE, for Type 3 and Type 5 LSAs

D.

when an OSPF route is distributed from the PE to the CE, for all types of LSAs

Correct Answer: C

Explanation:

If an OSPF route is advertised from a PE router into an OSPF area, the Down bit (DN) is set. Another PE router in the same area does not redistribute this route into iBGP of the MPLS VPN network if down is set.

RFC 4577 says:

quot;When a type 3 LSA is sent from a PE router to a CE router, the DN bit in the LSA Options field MUST be set. This is used to ensure that if any CE router sends this type 3 LSA to a PE router, the PE router will not redistribute it further. When a PE router needs to distribute to a CE router a route that comes from a site outside the latter#39;s OSPF domain, the PE router presents itself as an ASBR (Autonomous System Border Router), and distributes the route in a type 5 LSA. The DN bit [OSPF-DN] MUST be set in these LSAs to ensure that they will be ignored by any other PE routers that receive them.quot;

For more information about Down bit according to RFC 4577 please read more here. http://tools.ietf.org/html/rfc4577#section-4.2.5.1.

Question No.80

Which two DHCP messages are always sent as broadcast? (Choose two.)

A.

DHCPOFFER

B.

DHCPDECLINE

C.

DHCPRELEASE

D.

DHCPREQUEST

E.

DHCPDISCOVER

Correct Answer: DE

Explanation:

DHCP discovery

The client broadcasts messages DHCPDISCOVER on the network subnet using the destination address 255.255.255.255 or the specific subnet broadcast address.

DHCP request

In response to the DHCP offer, the client replies with a DHCP request, broadcast to the server, requesting the offered address. A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer.

Reference: http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol

Get Full Version of 400-101 Dumps

Categories
400-101 Dumps

400-101 Real Exam Dumps Questions and answers 21-30

Get Full Version of the Exam
http://www.EnsurePass.com/400-101.html

Question No.21

Refer to the exhibit. Why is the router not accessible via Telnet on the GigabitEthernet0 management interface?

image

A.

The wrong port is being used in the telnet-acl access list.

B.

The subnet mask is incorrect in the telnet-acl access list.

C.

The log keyword needs to be removed from the telnet-acl access list..

D.

The access class needs to have the vrf-also keyword added.

Correct Answer: D

Explanation:

The correct command should be quot;access-class telnet-acl in vrf-alsoquot;. If you do not specify the vrf- also keyword, incoming Telnet connections from interfaces that are part of a VRF are rejected.

Question No.22

Refer to the exhibit. This is the configuration of the ASBR of area 110.Which option explains why the remote ABR should not translate the type 7 LSA for the prefix 192.168.0.0/16 into a type 5 LSA?

image

A.

The remote ABR translates all type 7 LSA into type 5 LSA, regardless of any option configured in the ASBR.

B.

The ASBR sets the forwarding address to 0.0.0.0 which instructs the ABR not to translate the LSA into a type 5 LSA.

C.

The ASBR originates a type 7 LSA with age equal to MAXAGE 3600.

D.

The ABR clears the P bit in the header of the type 7 LSA for 192.168.0.0/16.

image

Correct Answer: D

Explanation:

When external routing information is imported into an NSSA, LSA Type 7 is generated by the ASBR and it is flooded within that area only. To further distribute the external information, type 7 LSA is translated into type 5 LSA at the NSSA border. The P-bit in LSA Type 7 field indicates whether the type 7 LSA should be translated. This P-bit is automatically set by the NSSA ABR (also the Forwarding Address (FA) is copied from Type 7 LSA). The P-bit is not set only when the NSSA ASBR and NSSA ABR are the same router for the area . If bit P = 0, then the NSSA ABR must not translate this LSA into Type 5.

he nssa-only keyword instructs the device to instigate Type-7 LSA with cleared P-bit, thereby, preventing LSA translation to Type 5 on NSSA ABR device. NotE. If a router is attached to another AS and is also an NSSA ABR, it may originate a both a type-5 and a type-7 LSA for the same network. The type-5 LSA will be flooded to the backbone and the type-7 will be flooded into the NSSA. If this is the case, the P-bit must be reset (P=0) in the type-7 LSA so the type-7 LSA isn#39;t again translated into a type-5 LSA by another NSSA ABR.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-e/iro- 15-e-book/iro-ospfv3-nssa-cfg.html

Question No.23

Which two functions are performed by the DR in OSPF? (Choose two.)

A.

The DR originates the network LSA on behalf of the network.

B.

The DR is responsible for the flooding throughout one OSPF area.

C.

The DR forms adjacencies with all other OSPF routers on the network, in order to synchronize the LSDB across the adjacencies.

D.

The DR is responsible for originating the type 4 LSAs into one area.

Correct Answer: AC

Explanation:

The DR originates the network LSA (LSA Type 2) which lists all the routers on the segment it is adjacent to -gt; A is correct.

Types 2 are ooded within its area only; does not cross ABR -gt; B is incorrect.

The broadcast and non-broadcast network types elect a DR/BDR. They form adjacencies to all other OSPF routers on the network and help synchronize the Link State Database (LSDB) across the adjacencies -gt; C is correct.

LSAs Type 4 are originated by the ABR to describe an ASBR to routers in other areas so that routers in other areas know how to get to external routes through that ASBR -gt; D is incorrect.

Question No.24

Which field is specific to the OPSFv3 packet header, as opposed to the OSPFv2 packet header?

A.

checksum

B.

router ID

C.

AuType

D.

instance ID

Correct Answer: D

Explanation:

In OSPFv3, Instance ID is a new field that is used to have multiple OSPF process#39; instance per

image

link. By default it is 0 and for any additional instance it is increased, instance ID has local link significance only. OSPFv3 routers will only become neighbors if the instanceIDs match. It is thus possible to have multiple routers on a broadcast domain and all run Ospfv3 but not all of them becoming neighbors.

Reference: https://supportforums.cisco.com/document/97766/comparing-ospfv3-ospfv2-routing- protocol

Question No.25

Refer to the exhibit. Why is the neighbor relationship between R1 amp; R2 and R1 amp; R3 an L2-type neighborship?

image

A.

because the area ID on R1 is different as compared to the area ID of R2 and R3

B.

because the circuit type on those three routers is L1/L2

C.

because the network type between R1, R2, and R3 is point-to-point

D.

because the hello interval is not the same on those three routers

Correct Answer: A

Explanation:

With IS-IS, an individual router is in only one area, and the border between areas is on the link that connects two routers that are in different areas. A Level 2 router may have neighbors in the same or in different areas, and it has a Level 2 link-state database with all information for inter- area routing. Level 2 routers know about other areas but will not have Level 1 information from its own area.

Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a3e6f.shtml

Question No.26

What is the cause of ignores and overruns on an interface, when the overall traffic rate of the interface is low?

A.

a hardware failure of the interface

B.

a software bug

C.

a bad cable

D.

microbursts of traffic

Correct Answer: D

Explanation:

Micro-bursting is a phenomenon where rapid bursts of data packets are sent in quick succession, leading to periods of full line-rate transmission that can overflow packet buffers of the network stack, both in network endpoints and routers and switches inside the network. Symptoms of micro bursts will manifest in the form of ignores and/ or overruns (also shown as accumulated in quot;input errorquot; counter within show interface output). This is indicative of receive ring and corresponding packet buffer being overwhelmed due to data bursts coming in over extremely short period of time (microseconds). You will never see a sustained data traffic within show interface#39;s quot;input ratequot; counter as they are averaging bits per second (bps) over 5 minutes by default (way too long to account for microbursts). You can understand microbursts from a scenario where a 3-lane highway merging into a single lane at rush hour – the capacity burst cannot exceed the total available bandwidth (i.e. single lane), but it can saturate it for a period of time.

Reference: http://ccieordie.com/?tag=micro-burst

Question No.27

Refer to the exhibit. If a port is configured as shown and receives an untagged frame, of which VLAN will the untagged frame be a member?

image

A.

VLAN 1

B.

VLAN 2

C.

VLAN 3

D.

VLAN 4

image

Correct Answer: B Explanation: When typing:

Switch(config-if)#switchport mode ?

access Set trunking mode to ACCESS unconditionally

dynamic Set trunking mode to dynamically negotiate access or trunk mode trunk Set trunking mode to TRUNK unconditionally

and

Switch(config-if)#switchport mode dynamic ?

auto Set trunking mode dynamic negotiation parameter to AUTO

desirable Set trunking mode dynamic negotiation parameter to DESIRABLE So if we configure Fa0/1 as dynamic auto mode, it will not initiate any negotitation but waiting for the other end negotiate to be a trunk with DTP. If the other end does not ask it to become a trunk then it will become an access port. Therefore when using the quot;show interface fastEthernet0/1 switchportquot; command we will see two output lines quot;Administrative Mode. dynamic autoquot; and quot;Operational Mode. static accessquot;

Note. To set this port to VLAN 2 as the output above just use one additional command. switchport access vlan 2.

Now back to our question, from the output we see that Fa0/1 is operating as an access port on VLAN 2 so if it receive untagged frame it will suppose that frame is coming from VLAN 2.

Question No.28

Which two statements about the function of the stub feature in EIGRP are true? (Choose two.)

A.

It stops the stub router from sending queries to peers.

B.

It stops the hub router from sending queries to the stub router.

C.

It stops the stub router from propagating dynamically learned EIGRP prefixes to the hub routers.

D.

It stops the hub router from propagating dynamically learned EIGRP prefixes to the stub routers.

Correct Answer: BC

Explanation:

When using the EIGRP Stub Routing feature, you need to configure the distribution and remote routers to use EIGRP, and to configure only the remote router as a stub. Only specified routes are propagated from the remote (stub) router. The router responds to queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message quot;inaccessible.quot; A router that is configured as a stub will send a special peer information packet to all neighboring routers to report its status as a stub router. Without the stub feature, even after the routes that are sent from the distribution router to the remote router have been filtered or summarized, a problem might occur. If a route is lost somewhere in the corporate network, EIGRP could send a query to the distribution router, which in turn will send a query to the remote router even if routes are being summarized. If there is a problem communicating over the WAN link between the distribution router and the remote router, an EIGRP stuck in active (SIA) condition could occur and cause instability elsewhere in the network. The EIGRP Stub Routing feature allows a network administrator to prevent queries from being sent to the remote router.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/eigrpstb.html

image

Question No.29

Refer to the exhibit. You discover that only 1.5 Mb/s of web traffic can pass during times of congestion on the given network. Which two options are possible reasons for this limitation? (Choose two.)

image

A.

The web traffic class has too little bandwidth reservation.

B.

Video traffic is using too much bandwidth.

C.

The service-policy is on the wrong interface.

D.

The service-policy is going in the wrong direction.

E.

The NAT policy is adding too much overhead.

Correct Answer: AB

Explanation:

In this example, the web traffic will fall into the default class, which is only 15 percent of the 10Mbps Internet connection (1.5Mbps). Meanwhile, video traffic is allowed 50% of the 10 Mbps.

Question No.30

In GETVPN, which key is used to secure the control plane?

A.

Traffic Encryption Key (TEK)

B.

content encryption key (CEK)

C.

message encryption key (MEK)

D.

Key Encryption Key (KEK).

image

Correct Answer: D

Explanation:

GDOI introduces two different encryption keys. One key secures the GET VPN control plane; the other key secures the data traffic. The key used to secure the control plane is commonly called the Key Encryption Key (KEK), and the key used to encrypt data traffic is known as Traffic Encryption Key (TEK).

Reference: Group Encrypted Transport VPN (Get VPN) Design and Implementation Guide PDF

Get Full Version of 400-101 Dumps

Categories
400-101 Dumps

400-101 Real Exam Dumps Questions and answers 31-40

Get Full Version of the Exam
http://www.EnsurePass.com/400-101.html

Question No.31

Refer to the exhibit. Which statement is true?

image

A.

There is no issue with forwarding IPv6 traffic from this router.

B.

IPv6 traffic can be forwarded from this router, but only on Ethernet1/0.

C.

IPv6 unicast routing is not enabled on this router.

D.

Some IPv6 traffic will be blackholed from this router.

Correct Answer: D

Explanation:

Here we see that the IPV6 default route shows two different paths to take, one via Ethernet 1/0 and one via Ethernet 0/0. However, only Eth 1/0 shows a next hop IPV6 address (the link local IPV6 address). There is no link local next hop addressed known on Eth 0/0. Therefore, traffic to all destinations will be load balanced over the two paths, but only half of the IPv6 traffic will be sent to the correct upsteam router.

Question No.32

Which type of port would have root guard enabled on it?

A.

A root port

B.

An alternate port

C.

A blocked port

D.

A designated port

Correct Answer: D

Explanation:

The root guard feature provides a way to enforce the root bridge placement in the network. The root guard ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root- inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-

image

protocol/10588-74.html

Question No.33

Which three statements describe the characteristics of a VPLS architecture? (Choose three.)

A.

It forwards Ethernet frames.

B.

It maps MAC address destinations to IP next hops.

C.

It supports MAC address aging.

D.

It replicates broadcast and multicast frames to multiple ports.

E.

It conveys MAC address reachability information in a separate control protocol.

F.

It can suppress the flooding of traffic.

Correct Answer: ACD

Explanation:

As a VPLS forwards Ethernet frames at Layer 2, the operation of VPLS is exactly the same as that found within IEEE 802.1 bridges in that VPLS will self learn source MAC address to port associations, and frames are forwarded based upon the destination MAC address. Like other

802.1 bridges, MAC address aging is supported. Reference:

http://www.cisco.com/en/US/products/hw/routers/ps368/products_white_paper09186a00801f608 4.shtml

Question No.34

Which statement about the feasibility condition in EIGRP is true?

A.

The prefix is reachable via an EIGRP peer that is in the routing domain of the router.

B.

The EIGRP peer that advertises the prefix to the router has multiple paths to the destination.

C.

The EIGRP peer that advertises the prefix to the router is closer to the destination than the router.

D.

The EIGRP peer that advertises the prefix cannot be used as a next hop to reach the destination.

Correct Answer: C

Explanation:

The advertised metric from an EIGRP neighbor (peer) to the local router is called Advertised Distance (or reported distance) while the metric from the local router to that network is called Feasible Distance. For example, R1 advertises network 10.10.10.0/24 with a metric of 20 to R2. For R2, this is the advertised distance. R2 calculates the feasible distance by adding the metric from the advertised router (R1) to itself. So in this case the feasible distance to network 10.10.10.0/24 is 20 50 = 70.

image

Before a router can be considered a feasible successor, it must pass the feasibility condition rule. In short, the feasibility condition says that if we learn about a prefix from a neighbor, the

advertised distance from that neighbor to the destination must be lower than our feasible distance to that same destination.

Therefore we see the Advertised Distance always smaller than the Feasible Distance to satisfy the feasibility condition.

Question No.35

Where is multicast traffic sent, when it is originated from a spoke site in a DMVPN phase 2 cloud?

A.

spoke-spoke

B.

nowhere, because multicast does not work over DMVPN

C.

spoke-spoke and spoke-hub

D.

spoke-hub

Correct Answer: D

Explanation:

Spokes map multicasts to the static NBMA IP address of the hub, but hub maps multicast packets to the quot;dynamicquot; mappings – that is, the hub replicates multicast packets to all spokes registered via NHRP, so multicast traffic is sent to the hub from a spoke instead of to the other spokes directly.

Question No.36

Refer to the exhibit. Which statement is true?

image

A.

The Cisco PfR state is UP; however, the external interface Et0/1 of border router 10.1.1.1 has exceeded the maximum available bandwidth threshold.

B.

The Cisco PfR state is UP; however, an issue is preventing the border router from establishing a TCP session to the master controller.

C.

The Cisco PfR state is UP and is able to monitor traffic flows; however, MD5 authentication has not been successful between the master controller and the border routers.

D.

The Cisco PfR State is UP; however, the receive capacity was not configured for inbound traffic.

E.

The Cisco PfR state is UP, and the link utilization out-of-policy threshold is set to 90 percent for traffic exiting the external links.

Correct Answer: E

Explanation:

All three interfaces show as UP, and the capacity is set to 500 kbps, with the max threshold set to 450 kbps (90% of 500kbps).

Question No.37

Refer to the exhibit. Which statement about the debug behavior of the device is true?

image

A.

The device debugs all IP events for 172.16.129.4.

B.

The device sends all debugging information for 172.16.129.4.

C.

The device sends only NTP debugging information to 172.16.129.4.

D.

The device sends debugging information every five seconds.

Correct Answer: A

Explanation:

This is an example of a conditional debug, where there is a single condition specified of IP address 172.16.129.4. So all IP events for that address will be output in the debug.

Question No.38

Refer to the exhibit. Which two are causes of output queue drops on FastEthernet0/0? (Choose two.)

image

A.

an oversubscribed input service policy on FastEthernet0/0

B.

a duplex mismatch on FastEthernet0/0

C.

a bad cable connected to FastEthernet0/0

D.

an oversubscribed output service policy on FastEthernet0/0

E.

The router trying to send more than 100 Mb/s out of FastEthernet0/0

image

Correct Answer: DE

Explanation:

Output drops are caused by a congested interface. For example, the traffic rate on the outgoing interface cannot accept all packets that should be sent out, or a service policy is applied that is oversubscribed. The ultimate solution to resolve the problem is to increase the line speed.

However, there are ways to prevent, decrease, or control output drops when you do not want to increase the line speed. You can prevent output drops only if output drops are a consequence of short bursts of data. If output drops are caused by a constant high-rate flow, you cannot prevent the drops. However, you can control them.

Reference: http://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/6343-queue- drops.html

Question No.39

Which three statements about implementing a NAT application layer gateway in a network are true? (Choose three.)

A.

It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used.

B.

It maintains granular security over application-specific data.

C.

It allows synchronization between multiple streams of data between two hosts.

D.

Application layer gateway is used only in VoIP/SIP deployments.

E.

Client applications require additional configuration to use an application layer gateway.

F.

An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network.

Correct Answer: ABC

Explanation:

An application-level gateway (ALG), also known as an application-layer gateway, is an application that translates the IP address information inside the payload of an application packet. An ALG is used to interpret the application-layer protocol and perform firewall and Network Address Translation (NAT) actions. These actions can be one or more of the following depending on your configuration of the firewall and NAT:

Allow client applications to use dynamic TCP or UDP ports to communicate with the server application.

Recognize application-specific commands and offer granular security control over them. Synchronize multiple streams or sessions of data between two hosts that are exchanging data. Translate the network-layer address information that is available in the application payload.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe- 3s/asr1000/nat-xe-3s-asr1k-book/fw-msrpc-supp.html

Question No.40

Which three actions are required when configuring NAT-PT? (Choose three.)

A.

Enable NAT-PT globally.

B.

Specify an IPv4-to-IPv6 translation.

C.

Specify an IPv6-to-IPv4 translation.

D.

Specify a ::/96 prefix that will map to an IPv4 address.

E.

Specify a ::/48 prefix that will map to a MAC address.

F.

Specify a ::/32 prefix that will map to an IPv6 address.

image

Correct Answer: BCD

Explanation:

The detailed steps on configuring NAY-PT is found at the reference link below: Reference:

http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/ip6- nat_trnsln.html

Get Full Version of 400-101 Dumps

Categories
400-101 Dumps

400-101 Real Exam Dumps Questions and answers 41-50

Get Full Version of the Exam
http://www.EnsurePass.com/400-101.html

Question No.41

What is the purpose of EIGRP summary leaking?

A.

to allow a summary to be advertised conditionally on specific criteria

B.

to allow a component of a summary to be advertised in addition to the summary

C.

to allow overlapping summaries to exist on a single interface

D.

to modify the metric of the summary based on which components of the summary are operational

Correct Answer: B

Explanation:

When you do manual summarization, and still you want to advertise some specific routes to the neighbor, you can do that using leak-map. Please read more about leaking routes here. http://www.cisco.com/c/en/us/td/docs/ios/iproute_eigrp/command/reference/ire_book/ire_i1.html# w p1037685.

Question No.42

What is the function of an EIGRP sequence TLV packet?

A.

to acknowledge a set of sequence numbers during the startup update process

B.

to list the peers that should listen to the next multicast packet during the reliable multicast process

C.

to list the peers that should not listen to the next multicast packet during the reliable multicast process

D.

to define the initial sequence number when bringing up a new peer

Correct Answer: C

Explanation:

EIGRP sends updates and other information between routers using multicast packets to 224.0.0.10. For example in the topology below, R1 made a change in the topology and it needs to send updates to R2 amp; R3. It sends multicast packets to EIGRP multicast address 224.0.0.10.

Both R2 amp; R3 can receive the updates and acknowledge back to R1 using unicast. Simple, right? But what if R1 sends out updates, only R2 replies but R3 never does? In the case a router sends out a multicast packet that must be reliable delivered (like in this case), an EIGRP process will wait until the RTO (retransmission timeout) period has passed before beginning a recovery action. This period is calculated from the SRTT (smooth round-trip time). After R1 sends out updates it will wait for this period to expire. Then it makes a list of all the neighbors from which it did not receive an Acknowledgement (ACK). Next it sends out a packet telling these routers stop listening to multicast until they are been notified that it is safe again. Finally the router will begin sending unicast packets with the information to the routers that didn#39;t answer, continuing until they are caught up. In our example the process will be like this:

  1. R1 sends out updates to 224.0.0.10

    image

  2. R2 responds but R3 does not

  3. R1 waits for the RTO period to expire

  4. R1 then sends out an unreliable-multicast packet, called a sequence TLV (Type-Length-Value) packet, which tells R3 not to listen to multicast packets any more

  5. R1 continues sending any other muticast traffic it has and delivering all traffic, using unicast to R3, until it acknowledges all the packets

  6. Once R3 has caught up, R1 will send another sequence TLV, telling R3 to begin listening to multicast again.

The sequence TLV packet contains a list of the nodes that should not listen to multicast packets while the recovery takes place. But notice that the TLV packet in step 6 does not contain any nodes in the list.

Note: In the case R3 still does not reply in step 4, R1 will attempt to retransmit the unicast 16 times or continue to retransmit until the hold time for the neighbor in question expires. After this time, R1 will declare a retransmission limit exceeded error and will reset the neighbor. (Reference: EIGRP for IP: Basic Operation and Configuration)

Question No.43

Refer to the exhibit. What does quot;(received-only)quot; mean?

image

A.

The prefix 10.1.1.1 can not be advertised to any eBGP neighbor.

B.

The prefix 10.1.1.1 can not be advertised to any iBGP neighbor.

C.

BGP soft reconfiguration outbound is applied.

D.

BGP soft reconfiguration inbound is applied.

Correct Answer: D

Explanation:

When you configure bgp soft-configuration-inbound, all the updates received from the neighbor will be stored unmodified, regardless of the inbound policy, and these routes appear as quot;(received-only).quot;

Question No.44

Refer to the exhibit. At which location will the benefit of this configuration be observed?

image

A.

on Router A and its upstream routers

B.

on Router A and its downstream routers

C.

on Router A only

D.

on Router A and all of its ARP neighbors

Correct Answer: B

Explanation:

The following example shows how to configure the router (and downstream routers) to drop all options packets that enter the network:

Router(config)# ip options drop

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/sel_drop.html

Question No.45

Refer to the exhibit. Which three statements about the output are true? (Choose three.)

image

A.

An mrouter port can be learned by receiving a PIM hello packet from a multicast router.

B.

This switch is configured as a multicast router.

C.

Gi2/0/1 is a trunk link that connects to a multicast router.

D.

An mrouter port is learned when a multicast data stream is received on that port from a multicast router.

E.

This switch is not configured as a multicast router. It is configured only for IGMP snooping.

F.

IGMP reports are received only on Gi2/0/1 and are never transmitted out Gi2/0/1 for VLANs 10 and 20.

Correct Answer: ABC

Explanation:

In this example, the switch has been configured as a multicast router since IGMP snooping has been enabled. All mrouters can learn about other mrouters by receiving a PIM hello packet from another multicast router. Also, since two different VLANs are being used by the same port of gi 2/0/1, it must be a trunk link that connects to another multicast router.

Question No.46

Refer to the exhibit. Which configuration is missing that would enable SSH access on a router that is running Cisco IOS XE Software?

image

A.

int Gig0/0/0 management-interface

B.

class-map ssh-class

match access-group protect-ssh policy-map control-plane-in class ssh-class

police 80000 conform transmit exceed drop control-plane

service-policy input control-plane-in

C.

control-plane host

management-interface GigabitEthernet0/0/0 allow ssh

D.

interface Gig0/0/0

ip access-group protect-ssh in

Correct Answer: C

Explanation:

The feature Management Plane Protection (MPP) allows an administrator to restrict on which interfaces management traffic can be received by a device. This allows the administrator additional control over a device and how the device is accessed. This example shows how to enable the MPP in order to only allow SSH and HTTPS on the GigabitEthernet0/1 interface:

!

control-plane host

management-interface GigabitEthernet 0/1 allow ssh https

!

Reference: http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

Question No.47

Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency is not forming. Which two options are possible reasons that prevent OSPFv3 to form between these two routers? (Choose two.)

A.

mismatch of subnet masks

B.

mismatch of network types

C.

mismatch of authentication types

D.

mismatch of instance IDs

E.

mismatch of area types

image

Correct Answer: DE

Explanation:

An OSPFv3 interface must have a compatible configuration with a remote interface before the two can be considered neighbors. The two OSPFv3 interfaces must match the following criteria:

image

image

image

Hello interval Dead interval Area ID

image

Optional capabilities

The OSPFv3 header includes an instance ID field to identify that OSPFv3 packet for a particular OSPFv3 instance. You can assign the OSPFv3 instance. The interface drops all OSPFv3 packets that do not have a matching OSPFv3 instance ID in the packet header.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx- os/unicast/configuration/guide/l3_cli_nxos/l3_ospfv3.html

Question No.48

Refer to the exhibit. Which statement about this COS-DSCP mapping is true?

image

A.

The expedited forwarding DSCP is mapped to COS 3..

B.

COS 16 is mapped to DSCP 2.

C.

The default COS is mapped to DSCP 32.

D.

This mapping is the default COS-DSCP mapping on Cisco switches.

Correct Answer: A

Explanation:

Here we see that COS 3 is mapped to DSCP 46, which is the Expedited forwarding class:

The Expedited Forwarding (EF) model is used to provide resources to latency (delay) sensitive real-time, interactive traffic. The EF model uses one marking DSCP 46.

Question No.49

Which statement is true about VPLS?

A.

MPLS is not required for VPLS to work.

B.

VPLS carries packets as Layer 3 multicast.

C.

VPLS has been introduced to address some shortcomings of OTV.

D.

VPLS requires an MPLS network.

Correct Answer: D

Explanation:

VPLS uses MPLS labels so an MPLS network is required. VPLS MPLS packets have a two-label

image

stack. The outer label is used for normal MPLS forwarding in the service provider#39;s network. If BGP is used to establish the VPLS, the inner label is allocated by a PE as part of a label block. If LDP is used, the inner label is a virtual circuit ID assigned by LDP when it first established a mesh between the participating PEs. Every PE keeps track of assigned inner label, and associates these with the VPLS instance.

Reference: http://en.wikipedia.org/wiki/Virtual_Private_LAN_Service

Question No.50

Refer to the exhibit. While troubleshooting high CPU utilization on one of your Cisco Catalyst switches, you find that the issue is due to excessive flooding that is caused by STP. What can you do to prevent this issue from happening again?

image

A.

Disable STP completely on the switch.

B.

Change the STP version to RSTP.

C.

Configure PortFast on port-channel 1.

D.

Configure UplinkFast on the switch.

E.

Configure PortFast on interface Gi0/15.

Correct Answer: E

Explanation:

Topology Changes (TC) should be a rare event in a well-configured network. When a link on a switch port goes up or down, there is eventually a TC, once the STP state of the port is changing to or from forwarding. When the port is flapping, this would cause repetitive TCs and flooding.

Ports with the STP portfast feature enabled will not cause TCs when going to or from the forwarding state. The configuration of portfast on all end-device ports (such as printers, PCs, and servers) should limit TCs to a low amount and is highly recommended.

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree- protocol/28943-170.html

Get Full Version of 400-101 Dumps

Categories
400-101 Dumps

400-101 Real Exam Dumps Questions and answers 1-10

Get Full Version of the Exam
http://www.EnsurePass.com/400-101.html

Question No.1

Which two options are reasons for TCP starvation? (Choose two.)

A.

The use of tail drop

B.

The use of WRED

C.

Mixing TCP and UDP traffic in the same traffic class

D.

The use of TCP congestion control

Correct Answer: CD

Explanation:

It is a general best practice to not mix TCP-based traffic with UDP-based traffic (especially Streaming-Video) within a single service-provider class because of the behaviors of these protocols during periods of congestion. Specifically, TCP transmitters throttle back flows when drops are detected. Although some UDP applications have application-level windowing, flow control, and retransmission capabilities, most UDP transmitters are completely oblivious to drops and, thus, never lower transmission rates because of dropping. When TCP flows are combined with UDP flows within a single service-provider class and the class experiences congestion, TCP flows continually lower their transmission rates, potentially giving up their bandwidth to UDP flows that are oblivious to drops. This effect is called TCP starvation/UDP dominance.

TCP starvation/UDP dominance likely occurs if (TCP-based) Mission-Critical Data is assigned to the same service-provider class as (UDP-based) Streaming-Video and the class experiences sustained congestion. Even if WRED or other TCP congestion control mechanisms are enabled on the service-provider class, the same behavior would be observed because WRED (for the most part) manages congestion only on TCP-based flows.

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS- SRND-Book/VPNQoS.html

Question No.2

Which regular expression will only allow prefixes that originated from AS 65000 and that are learned through AS 65001?

A.

^65000_65001$

B.

65000_65001$

C.

^65000_65001

D.

^65001_65000$

Correct Answer: D

Explanation:

The following table lists the regular expressions and their meanings:

| CHAR | USAGE |

|

| ^ | Start of string |

||-|

| $ | End of string |

||-|

| [] | Range of characters |

||-|

| – | Used to specify range ( i.e. [0-9] ) |

||-|

| ( ) | Logical grouping |

||-|

| . | Any single character |

||-|

| * | Zero or more instances |

||-|

| | One or more instance |

||-|

| ? | Zero or one instance |

||-|

| _ | Comma, open or close brace, open or close |

| | parentheses, start or end of string, or space |

Some commonly used regular expressions include:

– –

| Expression | Meaning |

|- -|

| .* | Anything |

|- -|

| ^$ | Locally originated routes |

|- -|

| ^100_ | Learned from AS 100 |

|- -|

| _100$ | Originated in AS 100 |

|- -|

| _100_ | Any instance of AS 100 |

|- -|

| ^[0-9] $ | Directly connected ASes |

– –

Reference: http://blog.ine.com/2008/01/06/understanding-bgp-regular-expressions/

Question No.3

A TCP/IP host is able to transmit small amounts of data (typically less than 1500 bytes), but attempts to transmit larger amounts of data hang and then time out. What is the cause of this problem?

A.

A link is flapping between two intermediate devices.

B.

The processor of an intermediate router is averaging 90 percent utilization.

C.

A port on the switch that is connected to the TCP/IP host is duplicating traffic and sending it to a port that has a sniffer attached.

D.

There is a PMTUD failure in the network path.

Correct Answer: D

Explanation:

Sometimes, over some IP paths, a TCP/IP node can send small amounts of data (typically less than 1500 bytes) with no difficulty, but transmission attempts with larger amounts of data hang, then time out. Often this is observed as a unidirectional problem in that large data transfers succeed in one direction but fail in the other direction. This problem is likely caused by the TCP MSS value, PMTUD failure, different LAN media types, or defective links.

Reference: http://www.cisco.com/c/en/us/support/docs/additional-legacy-protocols/ms-windows- networking/13709-38.html

Question No.4

Refer to the exhibit. You have just created a new VRF on PE3. You have enabled debug ip bgp vpnv4 unicast updates on PE1, and you can see the route in the debug, but not in the BGP VPNv4 table. Which two statements are true? (Choose two.)

image

A.

VPNv4 is not configured between PE1 and PE3.

B.

address-family ipv4 vrf is not configured on PE3.

C.

After you configure route-target import 999:999 for a VRF on PE3, the route will be accepted.

D.

PE1 will reject the route due to automatic route filtering.

E.

After you configure route-target import 999:999 for a VRF on PE1, the route will be accepted.

Correct Answer: DE

Explanation:

The route target extended community for VPLS auto-discovery defines the import and export policies that a VPLS instance uses. The export route target sets an extended community attribute number that is appended to all routes that are exported from the VPLS instance. The import route target value sets a filter that determines the routes that are accepted into the VPLS instance. Any route with a value in its import route target contained in its extended attributes field matching the value in the VPLS instance#39;s import route target are accepted. Otherwise the route is rejected.

Question No.5

Which mechanism can be used on Layer 2 switches so that only multicast packets with downstream receivers are sent on the multicast router-connected ports?

A.

IGMP snooping

B.

Router Guard

C.

PIM snooping

D.

multicast filtering

Correct Answer: C

Explanation:

Ideally, the Layer 2 device should forward the multicast transmission only out ports to which receivers are connected and also out any ports that are connected to downstream multicast routers. This configuration requires a Layer 2 device to be able to determine the ports on which multicast routers and receivers for each separate (S,G) or (*,G) multicast group are located. To facilitate intelligent forwarding of multicast traffic on the LAN, Cisco Catalyst switches support two mechanisms:

IGMP snooping – The switch listens in or quot;snoopsquot; IGMP communications between receivers and multicast routers. This snooping enables the switch to determine which ports are connected to receivers for each multicast group and which ports are connected to multicast routers.

Cisco Group Management Protocol (CGMP) – The switch communicates with multicasts routers, with multicast routers relaying group membership information to switches.

Reference: https://www.informit.com/library/content.aspx?b=CCNP_Studies_Switchingamp;seqNum=59

Question No.6

Which congestion-avoidance or congestion-management technique can cause global synchronization?

A.

Tail drop

B.

Random early detection

C.

Weighted random early detection

D.

Weighted fair queuing

Correct Answer: A

Explanation:

Tail Drop

Tail drop treats all traffic equally and does not differentiate between classes of service. Queues fill during periods of congestion. When the output queue is full and tail drop is in effect, packets are dropped until the congestion is eliminated and the queue is no longer full.

Weighted Random Early Detection

WRED avoids the globalization problems that occur when tail drop is used as the congestion avoidance mechanism on the router. Global synchronization occurs as waves of congestion crest only to be followed by troughs during which the transmission link is not fully utilized. Global synchronization of TCP hosts, for example, can occur because packets are dropped all at once. Global synchronization manifests when multiple TCP hosts reduce their transmission rates in response to packet dropping, then increase their transmission rates once again when the congestion is reduced.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfconav.html#wp1 002048

Question No.7

Refer to the exhibit. R2 is mutually redistributing between EIGRP and BGP. Which configuration is necessary to enable R1 to see routes from R3?

image

A.

The R3 configuration must include ebgp-multihop to the neighbor statement for R2.

B.

The R2 BGP configuration must include bgp redistribute-internal.

C.

R1 must be configured with next-hop-self for the neighbor going to R2.

D.

The AS numbers configured on R1 and R2 must match.

image

Correct Answer: B

Explanation:

Whenever you redistribute from BGP to something else, BGP will only advertise externally learned routes. To allow the redistribution of iBGP routes into an interior gateway protocol such as EIGRP or OSPF, use the bgp redistribute-internal command in router configuration mode.

Question No.8

Refer to the exhibit. You have configured two routing protocols across this point-to-point link. How many BFD sessions will be established across this link?

image

A.

three per interface

B.

one per multicast address

C.

one per routing protocol

D.

one per interface

Correct Answer: D

Explanation:

Cisco devices will use one Bidirectional Forwarding Detection (BFD) session for multiple client protocols in the Cisco implementation of BFD for Cisco IOS Releases 12.2(18)SXE, 12.0(31)S, and 12.4(4)T. For example, if a network is running OSPF and EIGRP across the same link to the same peer, only one BFD session will be established, and BFD will share session information with both routing protocols.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html#wp1053749

Question No.9

Which three elements compose a network entity title? (Choose three.)

A.

area ID

B.

domain ID

C.

system ID

D.

NSAP selector

E.

MAC address

F.

IP address

Correct Answer: ACD

Explanation:

An IS (Intermediate system) is identified by an address known as a network access point (NASAP). The NSAP is divided up into three parts as specified by ISO/AI 10589:

Area addressThis field is of variable length, composed of high order octets, and it excludes the System ID and N-selector (NSEL) fields. This area address is associated wit a single area within

image

the routing domain.

System IDThis field is 6 octets long and should be set to a unique value with Level 1 and Level The system IS defines an end system (ES) or an IS in an area. You configure the area address and the system ID with the NET command. You can display the system ID with the show isis topology command.

NSELThis field is called the N-selector, also referred to as the NSAP, and it specifies the upper- layer protocol. The NSEL is the last byte of the NSAP and identifies a network service user. A network service user is a transport entity or the IS network entity itself. When the N-selector is set to zero, the entire NSAP is called a network entity title (NET).

A NET is an NSAP where the last byte is always the n-selector and is always zero. A NET can be from 8 to 20 bytes in length.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/iproute_isis/command/reference/irs_book/irs_is2.html

Question No.10

Which three statements are true about PPP CHAP authentication? (Choose three.)

A.

PPP encapsulation must be enabled globally.

B.

The LCP phase must be complete and in closed state.

C.

The hostname used by a router for CHAP authentication cannot be changed.

D.

PPP encapsulation must be enabled on the interface.

E.

The LCP phase must be complete and in open state.

F.

By default, the router uses its hostname to identify itself to the peer.

Correct Answer: DEF

Explanation:

Point-to-Point Protocol (PPP) authentication issues are one of the most common causes for dialup link failures. This document provides some troubleshooting procedures for PPP authentication issues.

Prerequisites

Enable PPP encapsulation

The PPP authentication phase does not begin until the Link Control Protocol (LCP) phase is complete and is in the open state. If debug ppp negotiation does not indicate that LCP is open, troubleshoot this issue before proceeding.

Note: By default, the router uses its hostname to identify itself to the peer. However, this CHAP username can be changed through the ppp chap hostname command.

Reference: http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/25647- understanding-ppp-chap.html

Get Full Version of 400-101 Dumps