Jul 2021 updated: 400 101 ccie

Testking ccie 400 101 dumps Questions are updated and all 400 101 ccie answers are verified by experts. Once you have completely prepared with our ccie 400 101 exam prep kits you will be ready for the real ccie 400 101 exam without a problem. We have Up to date Cisco ccie 400 101 dumps study guide. PASSED 400 101 pdf First attempt! Here What I Did.

Q391. Which two statements about DHCP snooping are true? (Choose two.) 

A. It is implemented on a per-VLAN basis. 

B. It filters invalid DHCP messages. 

C. The binding database logs trusted and untrusted hosts with leased IP addresses. 

D. Interfaces are trusted by default. 

E. It uses the LFIB to validate requests from untrusted hosts. 

Answer: A,B 

Q392. Where must the spanning-tree timers be configured if they are not using the default timers? 

A. They must be on the root bridge. 

B. They must be on any non-root bridge. 

C. Changing the default timers is not allowed. 

D. Timers must be modified manually on each switch. 


Q393. Which two options are two characteristics of the HSRPv6 protocol? (Choose two.) 

A. It uses virtual MAC addresses 0005.73a0.0000 through 0005.73a0.0fff. 

B. It uses UDP port number 2029. 

C. It uses virtual MAC addresses 0005.73a0.0000 through 0005.73a0.ffff. 

D. It uses UDP port number 2920. 

E. If a link local IPv6 address is used, it must have a prefix. 

Answer: A,B 


HSRP IPv6 Virtual MAC Address Range 

HSRP IPv6 uses a different virtual MAC address block than does HSRP for IP: 0005.73A0.0000 through 0005.73A0.0FFF (4096 addresses) 

HSRP IPv6 UDP Port Number 

Port number 2029 has been assigned to HSRP IPv6. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-sy/fhp-15-sy-book/HSRP-for-IPv6.html 

Q394. Which VPN technology requires the use of an external key server? 





E. IPsec F. L2TPv3 



A GETVPN deployment has primarily three components, Key Server (KS), Group Member (GM), and Group Domain of Interpretation (GDOI) protocol. GMs do encrypt/decrypt the traffic and KS distribute the encryption key to all the group members. The KS decides on one single data encryption key for a given life time. Since all GMs use the same key, any GM can decrypt the traffic encrypted by any other GM. GDOI protocol is used between the GM and KS for group key and group SA management. Minimum one KS is required for a GETVPN deployment. 

Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/deployment_guide_c07_554713.html 

Q395. Refer to the exhibit. 

Which statement describes the effect on the network if FastEthernet0/1 goes down temporarily? 

A. FastEthernet0/2 forwards traffic only until FastEthernet0/1 comes back up. 

B. FastEthernet0/2 stops forwarding traffic until FastEthernet0/1 comes back up. 

C. FastEthernet0/2 forwards traffic indefinitely. 

D. FastEthernet0/1 goes into standby. 



Use the switchport backup interface interface configuration command on a Layer 2 interface to configure Flex Links, a pair of interfaces that provide backup to each other. Use the no form of this command to remove the Flex Links configuration. With Flex Links configured, one link acts as the primary interface and forwards traffic, while the other interface is in standby mode, ready to begin forwarding traffic if the primary link shuts down. The interface being configured is referred to as the active link; the specified interface is identified as the backup link. The feature provides an alternative to the Spanning Tree Protocol (STP), allowing users to turn off STP and still retain basic link redundancy. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/command/reference/2960ComRef/cli3.html#wp3269214 

Q396. Refer to the exhibit. 

Switch DSW1 should share the same MST region with switch DSW2. Which statement is true? 

A. Configure DSW1 with the same version number, and VLAN-to-instance mapping as shown on DSW2. 

B. Configure DSW1 with the same region name, number, and VLAN-to-instance mapping as shown on DSW2. 

C. DSW2 uses the VTP server mode to automatically propagate the MST configuration to DSW1. 

D. DSW1 is in VTP client mode with a lower configuration revision number, therefore, it automatically inherits MST configuration from DSW2. 

E. DSW1 automatically inherits MST configuration from DSW2 because they have the same domain name. 


Q397. Refer to the exhibit. 

Which additional configuration is necessary for R1 and R2 to become OSPF neighbors? 

A. R1 

router ospf 1 

no passive-interface Fastethernet0/0 

B. R2 

router ospf 10 

no network area 0 

network area 1 

C. R1 

interface FastEthernet0/0 

ip ospf mtu-ignore 


interface FastEthernet0/1 

ip ospf mtu-ignore ! 

D. R1 

no router ospf 1 

router ospf 10 

network area 0 



Because the passive interface default command is used, by default all interfaces are passive and no neighbors will form on these interfaces. We need to disable passive interface on the link to R2 by using the “no passive-interface Fastethernet0/0” on R1 under OSPF. 

Q398. Which three TLVs does LLDP use to discover network devices? (Choose three.) 

A. Management address 

B. Port description 

C. Network policy 

D. System name 

E. Location information 

F. Power management 

Answer: A,B,D 


Basic Management TLV Set 

This set includes the following five TLVs used in LLDP: 

. Port description TLV: Provides a description of the port in an alpha-numeric format. The value equals the ifDescr object, if the LAN device supports RFC 2863. 

. System name TLV: Provides the system's assigned name in an alpha-numeric format. The value equals the sysName object, if the LAN device supports RFC 3418. 

. System description TLV: Provides a description of the network entity in an alpha-numeric format. This includes system's name and versions of hardware, operating system and networking software supported in the device. The value equals the sysDescr object, if the LAN device supports RFC 3418. 

. System capabilities TLV: Indicates the primary function(s) of the device and whether or not these functions are enabled in the device. The capabilities are indicated by two octects. Bits 0 through 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device and Station respectively. Bits 8 through 15 are reserved. 

. Management address TLV: Indicates the addresses of the local LLDP agent. Other remote managers can use this address to obtain information related to the local device. 

Reference: http://www.eetimes.com/document.asp?doc_id=1272069 

Q399. When EIGRP is used as the IPv4 PE-CE protocol, which two requirements must be configured before the BGP IPv4 address family can be configured? (Choose two.) 

A. the route distinguisher 

B. the virtual routing and forwarding instance 

C. the loopback interface 

D. the router ID 

Answer: A,B 


A VRF must be created, and a route distinguisher and route target must be configured in order for the PE routers in the BGP network to carry EIGRP routes to the EIGRP CE site. The VRF must also be associated with an interface in order for the PE router to send routing updates to the CE router. Prerequisites Before this feature can be configured, MPLS and CEF must be configured in the BGP network, and multiprotocol BGP and EIGRP must be configured on all PE routers that provide VPN services to CE routers. 



Q400. Refer to the exhibit. 

Which two statements about this configuration are true? (Choose two.) 

A. Pings from SW2 to SW1 fail because SW1 is pruning VLAN 10. 

B. VLANs 10 and 200 are added to the SW2 allowed list on interface fa0/22. 

C. Pings from SW2 to SW1 are successful. 

D. Only VLAN 200 is added to the SW1 allowed list on interface fa0/22. 

Answer: B,C