[Vivid] 400-101 Cisco simulations 221-230 (Apr 2021)

Best Quality of 400-101 exam topics materials and torrent for Cisco certification for IT learners, Real Success Guaranteed with Updated 400-101 pdf dumps vce Materials. 100% PASS CCIE Routing and Switching (v5.0) exam Today!

The article at Testaimer.com going over http://www.testaimer.com/400-101-test is very comprehensive.

2021 Apr 400-101 download

Q221. Which three statements are functions that are performed by IKE phase 1? (Choose three.) 

A. It builds a secure tunnel to negotiate IKE phase 1 parameters. 

B. It establishes IPsec security associations. 

C. It authenticates the identities of the IPsec peers. 

D. It protects the IKE exchange by negotiating a matching IKE SA policy. 

E. It protects the identities of IPsec peers. 

F. It negotiates IPsec SA parameters. 

Answer: C,D,E 


The basic purpose of IKE phase 1 is to authenticate the IPSec peers and to set up a secure channel between the peers to enable IKE exchanges. IKE phase 1 performs the following functions: 

. Authenticates and protects the identities of the IPSec peers 

. Negotiates a matching IKE SA policy between peers to protect the IKE exchange 

. Performs an authenticated Diffie-Hellman exchange with the end result of having matching shared secret keys 

. Sets up a secure tunnel to negotiate IKE phase 2 parameters 

Reference: http://www.ciscopress.com/articles/article.asp?p=25474&seqNum=7

Q222. Which two mechanisms provide Cisco IOS XE Software with control plane and data plane separation? (Choose two.) 

A. Forwarding and Feature Manager 

B. Forwarding Engine Driver 

C. Forwarding Performance Management 

D. Forwarding Information Base 

Answer: A,B 


Control Plane and Data Plane Separation 

IOS XE introduces an opportunity to enable teams to now build drivers for new Data Plane ASICs outside the IOS instance and have them program to a set of standard APIs which in turn enforces Control Plane and Data Plane processing separation. IOS XE accomplishes Control Plane / Data Plane separation through the introduction of the Forwarding and Feature Manager (FFM) and its standard interface to the Forwarding Engine Driver (FED). FFM provides a set of APIs to Control Plane processes. In turn, the FFM programs the Data Plane via the FED and maintains forwarding state for the system. The FED is the instantiation of the hardware driver for the Data Plane and is provided by the platform. 

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-xe-3sg/QA_C67-622903.html 


Drag and drop each SNMP security model and level on the left to the corresponding mode of authentication on the right. 


Q224. Which two statements about MAC ACLs are true? (Choose two.) 

A. They support only inbound filtering. 

B. They support both inbound and outbound filtering. 

C. They are configured with the command mac access-list standard. 

D. They can filter non-IP traffic on a VLAN and on a physical interface. 

Answer: A,D 


MAC ACL, also known as Ethernet ACL, can filter non-IP traffic on a VLAN and on a physical Layer 2 interface by using MAC addresses in a named MAC extended ACL. The steps to configure a MAC ACL are similar to those of extended named ACLs. MAC ACL supports only inbound traffic filtering. 

Reference: http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=4 

Q225. Which two options about PIM-DM are true? (Choose two.) 

A. PIM-DM initally floods multicast traffic throughout the network. 

B. In a PIM-DM network, routers that have no upstream neighbors prune back unwanted traffic. 

C. PIM-DM supports only shared trees. 

D. PIM-DM uses a pull model to deliver multicast traffic. 

E. PIM-DM cannot be used to build a shared distribution tree. 

Answer: A,E 

Up to date 400-101 study guide:



Q227. Which standard feature can be exploited by an attacker to perform network reconnaissance? 

A. IP-directed broadcast 

B. maintenance operations protocol 

C. ICMP redirects 

D. source quench 


Q228. Refer to the exhibit. 

Which command can you enter to resolve this error message on a peer router? 

A. username <username> password <password> 

B. ppp chap <hostname> 

C. aaa authorization exec if-authenticated 

D. aaa authorization network if-authenticated 


Q229. Which configuration sets a minimum quality of service on a Layer 2 access switch? 

A. mls qos cos override 

mls qos cos 2 

B. mls qos cos 2 

C. mls qos trust cos 

mls qos cos 2 

D. mls qos trust cos 

E. mls qos trust dscp 



The mls qos cos override interface command must be used to ensure that untrusted CoS values are explicitly set 0 (default). 

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/Qo S-SRND-Book/QoSDesign.html 

Q230. Which two tunneling techniques determine the IPv4 destination address on a per-packet basis? (Choose two.) 

A. 6to4 tunneling 

B. ISATAP tunneling 

C. manual tunneling 

D. GRE tunneling 

Answer: A,B 

Explanation: Tunnel Configuration Parameters by Tunneling Type 

Tunneling Type 

Tunnel Configuration Parameter 

Tunnel Mode 

Tunnel Source 

Tunnel Destination 

Interface Prefix or Address 



An IPv4 address, or a reference to an interface on which IPv4 is configured. 

An IPv4 address. 

An IPv6 address. 


gre ip 

An IPv4 address. 

An IPv6 address. 


ipv6ip auto-tunnel 

Not required. These are all point-to-multipoint tunneling types. The IPv4 destination address is calculated, on a per-packet basis, from the IPv6 destination. 

Not required. The interface address is generated as ::tunnel-source/96. 


ipv6ip 6to4 

An IPv6 address. The prefix must embed the tunnel source IPv4 address 


ipv6ip isatap 

An IPv6 prefix in modified eui-64 format. The IPv6 address is generated from the prefix and the tunnel source IPv4 address. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/i p6-tunnel.html