Your success in Cisco 400 101 ccie is our sole target and we develop all our 400 101 vce braindumps in a way that facilitates the attainment of this target. Not only is our cisco 400 101 study material the best you can find, it is also the most detailed and the most updated. 400 101 pdf Practice Exams for Cisco CCIE Routing and Switching passleader 400 101 are written to the highest standards of technical accuracy.

Q281. Which standard feature can be exploited by an attacker to perform network reconnaissance? 

A. IP-directed broadcast 

B. maintenance operations protocol 

C. ICMP redirects 

D. source quench 

Answer:


Q282. Which three conditions can cause excessive unicast flooding? (Choose three.) 

A. Asymmetric routing 

B. Repeated TCNs 

C. The use of HSRP 

D. Frames sent to FFFF.FFFF.FFFF 

E. MAC forwarding table overflow 

F. The use of Unicast Reverse Path Forwarding 

Answer: A,B,E 

Explanation: 

Causes of Flooding 

The very cause of flooding is that destination MAC address of the packet is not in the L2 forwarding table of the switch. In this case the packet will be flooded out of all forwarding ports in its VLAN (except the port it was received on). Below case studies display most 

common reasons for destination MAC address not being known to the switch. 

Cause 1: Asymmetric Routing 

Large amounts of flooded traffic might saturate low-bandwidth links causing network performance issues or complete connectivity outage to devices connected across such low-bandwidth links. 

Cause 2: Spanning-Tree Protocol Topology Changes 

Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology Change Notification (TCN). TCN is designed to correct forwarding tables after the forwarding topology has changed. This is necessary to avoid a connectivity outage, as after a topology change some destinations previously accessible via particular ports might become accessible via different ports. TCN operates by shortening the forwarding table aging time, such that if the address is not relearned, it will age out and flooding will occur. TCNs are triggered by a port that is transitioning to or from the forwarding state. After the TCN, even if the particular destination MAC address has aged out, flooding should not happen for long in most cases since the address will be relearned. The issue might arise when TCNs are occurring repeatedly with short intervals. The switches will constantly be fast-aging their forwarding tables so flooding will be nearly constant. Normally, a TCN is rare in a well-configured network. When the port on a switch goes up or down, there is eventually a TCN once the STP state of the port is changing to or from forwarding. When the port is flapping, repetitive TCNs and flooding occurs. 

Cause 3: Forwarding Table Overflow 

Another possible cause of flooding can be overflow of the switch forwarding table. In this case, new addresses cannot be learned and packets destined to such addresses are flooded until some space becomes available in the forwarding table. New addresses will then be learned. This is possible but rare, since most modern switches have large enough forwarding tables to accommodate MAC addresses for most designs. Forwarding table exhaustion can also be caused by an attack on the network where one host starts generating frames each sourced with different MAC address. This will tie up all the forwarding table resources. Once the forwarding tables become saturated, other traffic will be flooded because new learning cannot occur. This kind of attack can be detected by examining the switch forwarding table. Most of the MAC addresses will point to the same port or group of ports. Such attacks can be prevented by limiting the number of MAC addresses learned on untrusted ports by using the port security feature. 

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/23563-143.html#causes 


Q283. Refer to the exhibit. 

R1 is performing mutual redistribution, but OSPF routes from R3 are unable to reach R2. Which three options are possible reasons for this behavior? (Choose three.) 

A. R1 requires a seed metric to redistribute RIP. 

B. The RIP version supports only classful subnet masks. 

C. R1 is filtering OSPF routes when redistributing into RIP. 

D. R3 and R1 have the same router ID. 

E. R1 and R3 have an MTU mismatch. 

F. R2 is configured to offset OSPF routes with a metric of 16. 

Answer: A,C,F 

Explanation: 

A. RIP requires a seed metric to be specified when redistributing routes into that protocol. A seed metric is a "starter metric" that gives the RIP process a metric it can work with. The OSPF metric of cost is incomprehensible to RIP, since RIP's sole metric is hop count. We've got to give RIP a metric it understands when redistributing routes into that protocol, so let's go back to R1 and do so. 

C. Filtering routes is another explanation, if the routes to R2 are boing filtered from being advertised to R1. 

F. If the metric is offset to 16, then the routes will have reached the maximum hop count when redistributed to RIP. The max hop count for RIP is 16. 


Q284. Refer to the exhibit. 

The customer wants to use IP SLA to create a failover to ISP2 when both Ethernet connections to ISP1 are down. The customer also requires that both connections to ISP1 are utilized during normal operations. 

Which IP route configuration accomplishes these requirements for the customer? 

A. ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 1 

ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 2 

ip route 0.0.0.0 0.0.0.0 192.168.2.1 track 3 

B. ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 1 

ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 2 

ip route 0.0.0.0 0.0.0.0 192.168.2.1 track 4.100 

C. ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 1 

ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 2 

ip route 0.0.0.0 0.0.0.0 192.168.2.1 track 3.100 

D. ip route 0.0.0.0 0.0.0.0 192.168.0.1 track 1 1 

ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 2 2 

ip route 0.0.0.0 0.0.0.0 192.168.2.1 track 3 3 

Answer:


Q285. Which statement is true regarding UDLD and STP timers? 

A. The UDLD message timer should be two times the STP forward delay to prevent loops. 

B. UDLD and STP are unrelated features, and there is no relation between the timers. 

C. The timers need to be synced by using the spanning-tree udld-sync command. 

D. The timers should be set in such a way that UDLD is detected before the STP forward delay expires. 

Answer:

Explanation: 

UDLD is designed to be a helper for STP. Therefore, UDLD should be able to detect an unidirectional link before STP would unblock the port due to missed BPDUs. Thus, when you configure UDLD timers, make sure your values are set so that unidirectional link is detected before “STP MaxAge + 2xForwardDelay” expires. 

Reference: http://blog.ine.com/tag/stp/ 


Q286. DRAG DROP 

Drag and drop the IGMPv2 timer on the left to its default value on the right. 

Answer: 


Q287. Refer to the exhibit. 

Which statement about this device configuration is true? 

A. The NMS needs a specific route configured to enable it to reach the Loopback0 interface of the device. 

B. The ifindex of the device could be different when the device is reloaded. 

C. The device will allow anyone to poll it via the public community. 

D. The device configuration requires the AuthNoPriv security level. 

Answer:

Explanation: 

One of the most commonly used identifiers in SNMP-based network management applications is the Interface Index (ifIndex) value. IfIndex is a unique identifying number associated with a physical or logical interface. For most software, the ifIndex is the name of the interface. Although relevant RFCs do not require that the correspondence between particular ifIndex values and their interfaces be maintained across reboots, applications such as device inventory, billing, and fault detection depend on this correspondence. Consider a situation where a simple monitoring software (like MRTG) is polling the interface statistics of the router specific serial interface going to the internet. 

As an example, you could have these conditions prior to re-initialization: 

physical port ifIndex 

ethernet port 

tokenring port 

serial port 

Therefore, the management application is polling the ifIndex 3, which corresponds to the serial port. 

After the router re-initialization (reboot, reload and so on) the conditions change to something similar to this: 

physical port 

ifIndex 

ethernet port 

tokenring port 

serial port 

The management application continues polling the ifIndex 3, which corresponds now to the ethernet port. Therefore, if the management application is not warned by a trap, for example, that the router has been rebooted, the statistics polled could be completely wrong. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/28420-ifIndex-Persistence.html 


Q288. When EIGRP is used as the IPv4 PE-CE protocol, which two requirements must be configured before the BGP IPv4 address family can be configured? (Choose two.) 

A. the route distinguisher 

B. the virtual routing and forwarding instance 

C. the loopback interface 

D. the router ID 

Answer: A,B 

Explanation: 

A VRF must be created, and a route distinguisher and route target must be configured in order for the PE routers in the BGP network to carry EIGRP routes to the EIGRP CE site. The VRF must also be associated with an interface in order for the PE router to send routing updates to the CE router. Prerequisites Before this feature can be configured, MPLS and CEF must be configured in the BGP network, and multiprotocol BGP and EIGRP must be configured on all PE routers that provide VPN services to CE routers. 

Reference: 

http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/seipecec.html#wp1083316 


Q289. Which IPv6 tunneling mechanism requires a service provider to use one of its own native IPv6 blocks to guarantee that its IPv6 hosts will be reachable? 

A. 6rd tunneling 

B. automatic 6to4 tunneling 

C. NAT-PT tunneling 

D. ISATAP tunneling 

E. manual ipv6ip tunneling 

F. automatic 4to6 tunneling 

Answer:


Q290. In a PfR environment, which two statements best describe the difference between active mode monitoring and fast mode monitoring? (Choose two.) 

A. Active mode monitoring can monitor and measure actual traffic via NetFlow data collection. 

B. Fast mode monitoring can measure bursty traffic better than active mode. 

C. Active mode monitoring uses IP SLA probes for the purpose of obtaining performance characteristics of the current WAN exit link. 

D. Fast mode monitoring uses IP SLA probes via all valid exits continuously to quickly determine an alternate exit link. 

Answer: C,D 

Explanation: 

Active Monitoring 

PfR uses Cisco IOS IP Service Level Agreements (SLAs) to enable active monitoring. IP SLAs support is enabled by default. IP SLAs support allows PfR to be configured to send active probes to target IP addresses to measure the jitter and delay, determining if a prefix is out-of-policy and if the best exit is selected. The border router collects these performance statistics from the active probe and transmits this information to the master controller. 

Fast Failover Monitoring 

Fast failover monitoring enables passive and active monitoring and sets the active probes to continuously monitor all the exits (probe-all). Fast failover monitoring can be used with all types of active probes: Internet Control Message Protocol (ICMP) echo, jitter, TCP connection, and UDP echo. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pfr/command/pfr-cr-book/pfr-s1.html