Act now and download your Cisco 400-101 test today! Do not waste time for the worthless Cisco 400-101 tutorials. Download Avant-garde Cisco CCIE Routing and Switching (v5.0) exam with real questions and answers and begin to learn Cisco 400-101 with a classic professional.

2021 Apr 400-101 real exam

Q91. Which three statements about GET VPN are true? (Choose three.) 

A. It encrypts WAN traffic to increase data security and provide transport authentication. 

B. It provides direct communication between sites, which reduces latency and jitter. 

C. It can secure IP multicast, unicast, and broadcast group traffic. 

D. It uses a centralized key server for membership control. 

E. It enables the router to configure tunnels. 

F. It maintains full-mesh connectivity for IP networks. 

Answer: A,B,D 

Explanation: 

Cisco GET VPN Features and Benefits 

Feature 

Description and Benefit 

Key Services 

Key Servers are responsible for ensuring that keys are granted to authenticated and authorized devices only. They maintain the freshness of the key material, pushing re-key messages as well as security policies on a regular basis. The chief characteristics include: 

. Key Servers can be located centrally, granting easy control over membership. 

. Key Servers are not in the "line of fire" - encrypted application traffic flows directly between VPN end points without a bottleneck or an additional point of failure. 

. Supports both local and global policies, applicable to all members in a group - such as "Permit any any", a policy to encrypt all traffic. 

. Supports IP Multicast to distribute and manage keys, for improved efficiency; Unicast is also supported where IP Multicast is not possible. 

Scalability and Throughput 

. The full mesh nature of the solution allows devices to communicate directly with each other, without requiring transport through a central hub; this minimizes extra encrypts and decrypts at the hub router; it also helps minimize latency and jitter. 

. Efficient handling of IP Multicast traffic by using the core network for replication can boost effective throughput further 

Security 

Provides data security and transport authentication, helping to meet security compliance and internal regulation by encrypting all WAN traffic 

Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/product_data_sheet0900aecd80582067.html 


Q92. The OSPF database of a router shows LSA types 1, 2, 3 and 7 only. Which type of area is this router connected to? 

A. backbone area 

B. totally stubby area 

C. stub area 

D. not-so-stubby area 

Answer:


Q93. Which three statements about OSPFv3 address families are true? (Choose three.) 

A. Each address family requires the same instance ID. 

B. Address families can perform route redistribution into any IPv4 routing protocol. 

C. An address family can have two device processes on each interface. 

D. IPv4 address family require an IPv4 address to be configured on the interface. 

E. Each address family uses a different shortest path tree. 

F. Different address families can share the same link state database. 

Answer: B,D,E 


Q94. Which two statements best describes the difference between active mode monitoring and passive mode monitoring? (Choose two.) 

A. Active mode monitoring is the act of Cisco PfR gathering information on user packets assembled into flows by NetFlow. 

B. Active mode monitoring uses IP SLA probes for obtaining performance characteristics of the current exit WAN link. 

C. Passive mode monitoring uses IP SLA to generate probes for the purpose of obtaining information regarding the characteristics of the WAN links. 

D. Passive mode monitoring uses NetFlow for obtaining performance characteristics of the exit WAN links. 

Answer: B,D 


Q95. Which authentication types does OSPF support? 

A. null and clear text 

B. MD5 only 

C. MD5 and clear text 

D. null, clear text, and MD5 

E. clear text only 

Answer:


Leading 400-101 exam price:

Q96. What are the three modes of Unicast Reverse Path Forwarding? 

A. strict mode, loose mode, and VRF mode 

B. strict mode, loose mode, and broadcast mode 

C. strict mode, broadcast mode, and VRF mode 

D. broadcast mode, loose mode, and VRF mode 

Answer:


Q97. Which two options are reasons to manipulate the delay metric instead of the bandwidth metric for EIGRP routing? (Choose two.) 

A. Because the delay metric provides better handling for bursty traffic 

B. Because manipulating the bandwidth metric can also affect QoS 

C. Because manipulating the bandwidth affects only a particular path 

D. Because changes to the delay metric are propagated to all neighbors on a segment 

Answer: B,D 

Explanation: 

Using the bandwidth to influence EIGRP paths is discouraged for two reasons: 

. Changing the bandwidth can have impact beyond affecting the EIGRP metrics. For example, quality of service (QoS) also looks at the bandwidth on an interface. 

. EIGRP throttles to use 50 percent of the configured bandwidth. Lowering the bandwidth can cause problems like staving EIGRP neighbors from getting hello packets because of the throttling back. 

Because changes to the delay metric are propagated to all downstream routers, changing the interface delay parameter is the preferred method of influencing path selection 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/13673-14.html 


Q98. Refer to the exhibit. 

If a port is configured as shown and receives an untagged frame, of which VLAN will the untagged frame be a member? 

A. VLAN 1 

B. VLAN 2 

C. VLAN 3 

D. VLAN 4 

Answer:

Explanation: 

When typing: Switch(config-if)#switchport mode? 

access Set trunking mode to ACCESS unconditionally 

dynamic Set trunking mode to dynamically negotiate access or trunk mode 

trunk Set trunking mode to TRUNK unconditionally 

and 

Switch(config-if)#switchport mode dynamic? 

auto Set trunking mode dynamic negotiation parameter to AUTO 

desirable Set trunking mode dynamic negotiation parameter to DESIRABLE 

So if we configure Fa0/1 as dynamic auto mode, it will not initiate any negotitation but waiting for the other end negotiate to be a trunk with DTP. If the other end does not ask it to become a trunk then it will become an access port. Therefore when using the “show interface fastEthernet0/1 switchport” command we will see two output lines “ Administrative Mode. dynamic auto” and “Operational Mode. static access” Note. To set this port to VLAN 2 as the output above just use one additional command. “switchport access vlan 2”. 

Now back to our question, from the output we see that Fa0/1 is operating as an access port on VLAN 2 so if it receive untagged frame it will suppose that frame is coming from VLAN 2. 


Q99. In the DiffServ model, which class represents the lowest priority with the highest drop probability? 

A. AF11 

B. AF13 

C. AF41 

D. AF43 

Answer:

Explanation: 

Assured Forwarding (AF) Behavior Group 

Class 1 

Class 2 

Class 3 

Class 4 

Low Drop 

AF11 (DSCP 10) 

AF21 (DSCP 18) 

AF31 (DSCP 26) 

AF41 (DSCP 34) 

Med Drop 

AF12 (DSCP 12) 

AF22 (DSCP 20) 

AF32 (DSCP 28) 

AF42 (DSCP 36) 

High Drop 

AF13 (DSCP 14) 

AF23 (DSCP 22) 

AF33 (DSCP 30) 

AF43 (DSCP 38) 

Reference: http://en.wikipedia.org/wiki/Differentiated_services 


Q100. Which two actions can you take to allow the greatest number of pertinent packets to be stored in the temporary buffer of Cisco IOS Embedded Packet Capture? (Choose two.) 

A. Specify the sampling interval. 

B. Specify the capture buffer type. 

C. Specify a reflexive ACL. 

D. Specify the minimum packet capture rate. 

E. Specify the packet size. 

F. Store the capture simultaneously onto an external memory card as the capture occurs. 

Answer: A,B 

Explanation: 

Embedded Packet Capture (EPC) provides an embedded systems management facility that helps in tracing and troubleshooting packets. This feature allows network administrators to capture data packets flowing through, to, and from a Cisco device. The network administrator may define the capture buffer size and type (circular, or linear) and the maximum number of bytes of each packet to capture. The packet capture rate can be throttled using further administrative controls. For example, options allow for filtering the packets to be captured using an Access Control List and, optionally, further defined by specifying a maximum packet capture rate or by specifying a sampling interval. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/configuration/xe-3s/asr1000/epc-xe-3s-asr1000-book/nm-packet-capture-xe.html