400-101 audit will be Cisco CCIE Routing and Switching (v5.0) established value. we professionals amassed [productnum] questions and the answers intended for candidates planning. During the 400-101 audit solutions, job hopefuls covers each and every subject and class within Cisco qualifications making an effort to available job hopefuls to get a prosperous Cisco Recognition.
2021 Mar 400-101 brain dumps
Q411. DRAG DROP
Drag and drop the multicast protocol definition on the left to the correct default time interval on the right.
Answer:
Q412. DRAG DROP
Drag and drop each PHB on the left to the functionality it performs on the right.
Answer:
Q413. Which two statements about 802.1Q tunneling are true? (Choose two.)
A. It requires a system MTU of at least 1504 bytes.
B. The default configuration sends Cisco Discovery Protocol, STP, and VTP information.
C. Traffic that traverses the tunnel is encrypted.
D. It is supported on private VLAN ports.
E. MAC-based QoS and UDLD are supported on tunnel ports.
F. Its maximum allowable system MTU is 1546 bytes.
Answer: A,E
Q414. DRAG DROP
What is the correct order of the VSS initialization process? Drag the actions on the left to the correct initialization step on the right.
Answer:
Q415. Which three options are best practices for implementing a DMVPN? (Choose three.)
A. Use IPsec in tunnel mode.
B. Implement Dead Peer Detection to detect communication loss.
C. Configure AES for encryption of transported data.
D. Configure SHA-1 for encryption of transported data.
E. Deploy IPsec hardware acceleration to minimize router memory overhead.
F. Configure QoS services only on the head-end router.
Answer: A,B,C
Explanation:
Best Practices Summary for Hub-and-Spoke Deployment Model
This section describes the best practices for a dual DMVPN cloud topology with the hub-and-spoke deployment, supporting IP multicast (IPmc) traffic including routing protocols.
The following are general best practices:
. Use IPsec in transport mode
. Configure Triple DES (3DES) or AES for encryption of transported data (exports of encryption algorithms to certain countries may be prohibited by law).
Implement Dead Peer Detection (DPD) on the spokes to detect loss of communication between peers.
. Deploy hardware-acceleration of IPsec to minimize router CPU overhead, to support traffic with low latency and jitter requirements, and for the highest performance for cost.
. Keep IPsec packet fragmentation to a minimum on the customer network by setting MTU size or using Path MTU Discovery (PMTUD).
. Use Digital Certificates/Public Key Infrastructure (PKI) for scalable tunnel authentication.
. Configure a routing protocol (for example, EIGRP, BGP or OSPF) with route summarization help alleviate interface congestion issues and to attempt to keep higher priority traffic from being dropped during times of congestion.
Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG/DMV PN_1.html
Leading 400-101 practice question:
Q416. Which two tunneling techniques determine the IPv4 destination address on a per-packet basis? (Choose two.)
A. 6to4 tunneling
B. ISATAP tunneling
C. manual tunneling
D. GRE tunneling
Answer: A,B
Explanation: Tunnel Configuration Parameters by Tunneling Type
Tunneling Type
Tunnel Configuration Parameter
Tunnel Mode
Tunnel Source
Tunnel Destination
Interface Prefix or Address
Manual
ipv6ip
An IPv4 address, or a reference to an interface on which IPv4 is configured.
An IPv4 address.
An IPv6 address.
GRE/IPv4
gre ip
An IPv4 address.
An IPv6 address.
IPv4-compatible
ipv6ip auto-tunnel
Not required. These are all point-to-multipoint tunneling types. The IPv4 destination address is calculated, on a per-packet basis, from the IPv6 destination.
Not required. The interface address is generated as ::tunnel-source/96.
6to4
ipv6ip 6to4
An IPv6 address. The prefix must embed the tunnel source IPv4 address
ISATAP
ipv6ip isatap
An IPv6 prefix in modified eui-64 format. The IPv6 address is generated from the prefix and the tunnel source IPv4 address.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/i p6-tunnel.html
Q417. Which Layer 2 tunneling technique eliminates the need for pseudowires?
A. OTV
B. L2TPv3
C. AToM
D. VPLS
Answer: A
Q418. What two values are required to implement an EIGRP named configuration? (Choose two.)
A. virtual-instance-name
B. address-family
C. router-id
D. subnet-mask
E. process-id
Answer: A,B
Q419. Which two technologies are supported by EIGRP? (Choose two.)
A. clear-text authentication
B. MD5 authentication
C. stub routing
D. multiple areas
Answer: B,C
Explanation:
The IP Enhanced IGRP Route Authentication feature provides MD5 authentication of routing updates from the EIGRP routing protocol. The MD5 keyed digest in each EIGRP packet prevents the introduction of unauthorized or false routing messages from unapproved sources. The EIGRP stub routing feature improves network stability, reduces resource utilization, and simplifies the stub device configuration. Stub routing is commonly used in hub-and-spoke network topologies. In a hub-and-spoke network, one or more end (stub) networks are connected to a remote device (the spoke) that is connected to one or more distribution devices (the hub). The remote device is adjacent to one or more distribution devices. The only route for IP traffic to reach the remote device is through a distribution device.
References: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-s/ire-15-s-book/ire-rte-auth.html http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-s/ire-15-s-book/ire-eigrp-stub-rtg.html
Q420. Refer to the exhibit.
Which two statements about the VPN solution are true? (Choose two.)
A. Customer A and customer B will exchange routes with each other.
B. R3 will advertise routes received from R1 to R2.
C. Customer C will communicate with customer A and B.
D. Communication between sites in VPN1 and VPN2 will be blocked.
E. R1 and R2 will receive VPN routes advertised by R3.
Answer: C,E
Explanation:
+ VPN1 exports 10:1 while VPN3 imports 10:1 so VPN3 can learn routes of VPN1.
+ VNP1 imports 10:1 while VNP3 export 10:1 so VNP1 can learn routes of VPN3.
-> Customer A can communicate with Customer C
+ VPN2 exports 20:1 while VPN3 imports 20:1 so VPN3 can learn routes of VPN2.
+ VPN2 imports 20:1 while VPN3 exports 20:1 so VPN2 can learn routes of VPN3.
-> Customer B can communicate with Customer C
Therefore answer C is correct.
Also answer E is correct because R1 & R2 import R3 routes.
Answer A is not correct because Customer A & Customer B do not import routes which are exported by other router. Customer A & B can only see Customer C.
Answer B is not correct because a router never exports what it has learned through importation. It only exports its own routes.
Answer D is correct because two VPN1 and VPN2 cannot see each other. Maybe in this question there are three correct answers.