Cisco Cisco exam can be handed with a large score under the help associated with Actualtestss 400-101 exam dumps. Our specialists are sure to make you effective in the Cisco 400-101 actual exam. On Actualtestss residence page you will find the newest 400-101 400-101 exam questions and exact answers. Our Cisco 400-101 exam dumps profit you a great deal in the preparation in the Cisco exam.
2021 Mar 400-101 sample question
Q1. Which two Cisco IOS AAA features are available with the local database? (Choose two.)
A. command authorization
B. network access authorization
C. network accounting
D. network access authentication
Answer: A,D
Explanation:
Configuring the Local Database
This section describes how to manage users in the local database. You can use the local database for CLI access authentication, privileged mode authentication, command authorization, network access authentication, and VPN authentication and authorization. You cannot use the local database for network access authorization. The local database does not support accounting.
Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/aaa.h tml
Q2. Refer to the exhibit.
R1 is configured as shown. R1 is able to establish a neighbor adjacency only with R2. Which addition must you make to the R1 configuration to allow it to establish an adjacency with R3?
A. interface gigabitethernet 0/1
ip address 10.1.0.1 255.255.255.0
ip ospf network point-to-point
B. interface gigabitethernet 0/1
ip address 10.1.0.1 255.255.255.0
ip ospf 1 area 0
C. router ospf 1
network 10.1.0.0 0.0.0.255 area 1
D. router ospf 1
area 0 stub
Answer: C
Explanation:
To enable interfaces and networks with OSPF, the networks need to be specified in the network statement. In the configuration shown, only 10.0.0.0/24 has been enabled, we are missing the network connecting to R3 (10.1.0.0/24).
Q3. DRAG DROP
Drag and drop each policy command on the left to the function it performs on the right.
Answer:
Q4. Which statement about passive interfaces is true?
A. The interface with the OSPF passive interface configuration appears as a not-so-stubby network.
B. The interface with the EIGRP passive interface configuration ignores routes after the exchange of hello packets.
C. The interface with the IS-IS passive interface configuration sends the IP address of that interface in the link-state protocol data units.
D. Passive interface can be configured on the interface for IS-IS.
Answer: C
Explanation:
With IS-IS, passive interfaces are used to prevent unnecessary LSA packets out that interface, but the IP address of passive interfaces are still included in updates going out the other interfaces. This behavior is what enables the best practice of configuring loopback interfaces as passive, but still having the loopback be reachable.
Q5. Which two options are EIGRP route authentication encryption modes? (Choose two.)
A. MD5
B. HMAC-SHA-256bit
C. ESP-AES
D. HMAC-AES
Answer: A,B
Explanation:
Packets exchanged between neighbors must be authenticated to ensure that a device accepts packets only from devices that have the same preshared authentication key. Enhanced Interior Gateway Routing Protocol (EIGRP) authentication is configurable on a per-interface basis; this means that packets exchanged between neighbors connected through an interface are authenticated. EIGRP supports message digest algorithm 5 (MD5) authentication to prevent the introduction of unauthorized information from unapproved sources. MD5 authentication is defined in RFC 1321. EIGRP also supports the Hashed Message Authentication Code-Secure Hash Algorithm-256 (HMAC-SHA-256) authentication method.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-xe-3s-book/ire-sha-256.html
Renew 400-101 actual exam:
Q6. Which three condition types can be monitored by crypto conditional debug? (Choose three.)
A. Peer hostname
B. SSL
C. ISAKMP
D. Flow ID
E. IPsec
F. Connection ID
Answer: A,D,F
Explanation:
Supported Condition Types
The new crypto conditional debug CLIs--debug crypto condition, debug crypto condition unmatched, and show crypto debug-condition--allow you to specify conditions (filter values) in which to generate and display debug messages related only to the specified conditions. The table below lists the supported condition types.
Table 1 Supported Condition Types for Crypto Debug CLI
Condition Type (Keyword)
Description
connid 1
An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the connection ID to interface with the crypto engine.
flowid 1
An integer between 1-32766. Relevant debug messages will be shown if the current IPSec operation uses this value as the flow-ID to interface with the crypto engine.
FVRF
The name string of a virtual private network (VPN) routing and forwarding (VRF) instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its front-door VRF (FVRF).
IVRF
The name string of a VRF instance. Relevant debug messages will be shown if the current IPSec operation uses this VRF instance as its inside VRF (IVRF).
peer group
A Unity group-name string. Relevant debug messages will be shown if the peer is using this group name as its identity.
peer hostname
A fully qualified domain name (FQDN) string. Relevant debug messages will be shown if the peer is using this string as its identity; for example, if the peer is enabling IKE Xauth with this FQDN string.
peeripaddress
A single IP address. Relevant debug messages will be shown if the current IPSec operation is related to the IP address of this peer.
peer subnet
A subnet and a subnet mask that specify a range of peer IP addresses. Relevant debug messages will be shown if the IP address of the current IPSec peer falls into the specified subnet range.
peer username
A username string. Relevant debug messages will be shown if the peer is using this username as its identity; for example, if the peer is enabling IKE Extended Authentication (Xauth) with this username.
SPI 1
A 32-bit unsigned integer. Relevant debug messages will be shown if the current IPSec operation uses this value as the SPI.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-crypto-debug-sup.html
Q7. Which three options are sub-subfields of the IPv4 Option Type subfield? (Choose three.)
A. Option Class
B. GET
C. Copied
D. PUSH
E. Option Number
F. TTL
Answer: A,C,E
Explanation:
Each IP option has its own subfield format, generally structured as shown below. For most options, all three subfields are used. Option Type, Option Length and Option Data.
Reference: http://www.tcpipguide.com/free/t_IPDatagramOptionsandOptionFormat.htm
Q8. Refer to the exhibit.
Which type of BGP peer is 192.168.1.1?
A. route reflector client
B. iBGP
C. confederation
D. VPNv4
Answer: C
Q9. Refer to the exhibit.
Which prefixes will appear in the EIGRP topology table?
A. 10.0.0.0/8, 172.16.1.0/24, 192.168.0.0/16
B. 10.1.1.0/24, 10.1.2.0/24, 172.16.1.0/26, 192.168.1.0/26, 192.168.2.0/26
C. 10.1.1.0/24, 10.1.2.0/24, 172.16.1.0/26, 172.16.2.0/26, 192.168.1.0/26, 192.168.2.0/26
D. 10.1.1.1/24, 10.1.2.1/24, 172.16.1.1/26, 172, 192.168.1.1/26, 192.168.2.1/26
Answer: B
Q10. Which two Cisco Express Forwarding tables are located in the data plane? (Choose two.)
A. the forwarding information base
B. the label forwarding information base
C. the IP routing table
D. the label information table
E. the adjacency table
Answer: A,B
Explanation:
The control plane runs protocols such as OSPF, BGP, STP, LDP. These protocols are needed so that routers and switches know how to forward packets and frames.
The data plane is where the actual forwarding takes place. The data plane is populated based on the protocols running in the control plane. The Forwarding Information Base (FIB) is used for IP traffic and the Label FIB is used for MPLS.