Foolproof cisco 400 101 tips

Pass4sure 400 101 dumps Questions are updated and all 400 101 vce answers are verified by experts. Once you have completely prepared with our 400 101 ccie exam prep kits you will be ready for the real ccie 400 101 exam without a problem. We have Renewal Cisco ccie 400 101 dumps study guide. PASSED passleader 400 101 First attempt! Here What I Did.

Q401. Which IPv6 tunneling type establishes a permanent link between IPv6 domains over IPv4? 

A. IPv4-compatible tunneling 

B. ISATAP tunneling 

C. 6to4 tunneling 

D. manual tunneling 

Answer: D 

Explanation: 

A manually configured tunnel is equivalent to a permanent link between two IPv6 domains over an IPv4 backbone. The primary use is for stable connections that require regular secure communication between two edge routers or between an end system and an edge router, or for connection to remote IPv6 networks. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/i p6-tunnel.html 

Q402. Which two statements about the ipv6 ospf authentication command are true? (Choose two.) 

A. The command is required if you implement the IPsec AH header. 

B. The command configures an SPI. 

C. The command is required if you implement the IPsec TLV. 

D. The command can be used in conjunction with the SPI authentication algorithm. 

E. The command must be configured under the OSPFv3 process. 

Answer: A,B 

Explanation: 

OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP extension headers can be used to provide authentication and confidentiality to OSPFv3. To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be applied alone or in combination with the AH, and when ESP is used, both encryption and authentication are provided. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html 

Q403. Which two options are benefits of EIGRP OTP? (Choose two.) 

A. It allows EIGRP routers to peer across a service provider without the service provider involvement. 

B. It allows the customer EIGRP domain to remain contiguous. 

C. It requires only minimal support from the service provider. 

D. It allows EIGRP neighbors to be discovered dynamically. 

E. It fully supports multicast traffic. 

F. It allows the administrator to use different autonomous system numbers per EIGRP domain. 

Answer: A,B 

Explanation: 

EIGRP Over the Top (OTP) allows EIGRP routers to peer across a service provider infrastructure without the SP’s involvement. In fact with OTP, the provider won’t see customer routes at all. EIGRP OTP acts as a provider-independent overlay that transports customer data between the customer’s routers. To the customer, the EIGRP domain is contiguous. A customer’s EIGRP router sits at the edge of the provider cloud, and peers with another EIGRP router a different location across the cloud. Learned routes feature a next hop of the customer router — not the provider. Good news for service providers is that customers can deploy EIGRP OTP with their involvement 

Reference: http://ethancbanks.com/2013/08/01/an-overview-of-eigrp-over-the-top-otp/ 

Q404. In the DiffServ model, which class represents the lowest priority with the highest drop probability? 

A. AF11 

B. AF13 

C. AF41 

D. AF43 

Answer: B 

Explanation: 

Assured Forwarding (AF) Behavior Group 

Class 1 

Class 2 

Class 3 

Class 4 

Low Drop 

AF11 (DSCP 10) 

AF21 (DSCP 18) 

AF31 (DSCP 26) 

AF41 (DSCP 34) 

Med Drop 

AF12 (DSCP 12) 

AF22 (DSCP 20) 

AF32 (DSCP 28) 

AF42 (DSCP 36) 

High Drop 

AF13 (DSCP 14) 

AF23 (DSCP 22) 

AF33 (DSCP 30) 

AF43 (DSCP 38) 

Reference: http://en.wikipedia.org/wiki/Differentiated_services 

Q405. Which two statements about BGP prefix-based outbound filtering are true? (Choose two.) 

A. It must be configured per address family. 

B. It can use prefix lists and route maps for filtering. 

C. It can be configured under the global BGP routing process. 

D. It can be configured for external peering sessions only. 

E. It can increase the processing load on the router. 

F. It supports IP multicast routes. 

Answer: A,D 

Q406. Like OSPFv2, OSPFv3 supports virtual links. Which two statements are true about the IPv6 address of a virtual neighbor? (Choose two.) 

A. It is the link-local address, and it is discovered by examining the hello packets received from the virtual neighbor. 

B. It is the link-local address, and it is discovered by examining link LSA received by the virtual neighbor. 

C. It is the global scope address, and it is discovered by examining the router LSAs received by the virtual neighbor. 

D. Only prefixes with the LA-bit not set can be used as a virtual neighbor address. 

E. It is the global scope address, and it is discovered by examining the intra-area-prefix-LSAs received by the virtual neighbor. 

F. Only prefixes with the LA-bit set can be used as a virtual neighbor address. 

Answer: E,F 

Explanation: 

OSPF for IPv6 assumes that each router has been assigned link-local unicast addresses on each of the router's attached physical links. On all OSPF interfaces except virtual links, OSPF packets are sent using the interface's associated link-local unicast address as the source address. A router learns the link-local addresses of all other routers attached to its links and uses these addresses as next-hop information during packet forwarding. On virtual links, a global scope IPv6 address MUST be used as the source address for OSPF protocol packets. The collection of intra-area-prefix-LSAs originated by the virtual neighbor is examined, with the virtual neighbor's IP address being set to the first prefix encountered with the LA-bit set. 

Reference: https://tools.ietf.org/html/rfc5340 

Q407. Refer to the exhibit. 

Which two are causes of output queue drops on FastEthernet0/0? (Choose two.) 

A. an oversubscribed input service policy on FastEthernet0/0 

B. a duplex mismatch on FastEthernet0/0 

C. a bad cable connected to FastEthernet0/0 

D. an oversubscribed output service policy on FastEthernet0/0 

E. The router trying to send more than 100 Mb/s out of FastEthernet0/0 

Answer: D,E 

Explanation: 

Output drops are caused by a congested interface. For example, the traffic rate on the outgoing interface cannot accept all packets that should be sent out, or a service policy is applied that is oversubscribed. The ultimate solution to resolve the problem is to increase the line speed. However, there are ways to prevent, decrease, or control output drops when you do not want to increase the line speed. You can prevent output drops only if output drops are a consequence of short bursts of data. If output drops are caused by a constant high-rate flow, you cannot prevent the drops. However, you can control them. 

Reference: http://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/6343-queue-drops.html 

Q408. DRAG DROP 

Drag and drop the multicast protocol definition on the left to the correct default time interval on the right. 

Answer: 

Q409. Refer to the exhibit. 

All switches have default bridge priorities, and originate BPDUs with MAC addresses as indicated. The numbers shown are STP link metrics. 

After STP converges, you discover that traffic from switch SWG toward switch SWD takes a less optimal path. What can you do to optimize the STP tree in this switched network? 

A. Change the priority of switch SWA to a lower value than the default value. 

B. Change the priority of switch SWB to a higher value than the default value. 

C. Change the priority of switch SWG to a higher value than the default value. 

D. Change the priority of switch SWD to a lower value than the default value. 

Answer: D 

Explanation: 

In this topology, we see that all port paths and priorities are the same, so the lowest MAC address will be used to determine the best STP path. From SWG, SWE will be chosen as the next switch in the path because it has a lower MAC address than SWF. From SWE, traffic will go to SWC because it has a lower MAC address, and then to SWD, instead of going from SWE directly to SWD. If we lower the priority of SWD (lower means better with STP) then traffic will be sent directly to SWD. 

Q410. DRAG DROP 

Drag each MPLS term on the left to the matching statement on the right. 

Answer: