What to do with ccie 400 101 dumps

Cause all that matters here is passing the Cisco ccie 400 101 dumps exam. Cause all that you need is a high score of 400 101 pdf CCIE Routing and Switching (v5.0) exam. The only one thing you need to do is downloading Exambible 400 101 pdf exam study guides now. We will not let you down with our money-back guarantee.

Q491. Which option is the most effective action to avoid packet loss due to microbursts? 

A. Implement larger buffers. 

B. Install a faster CPU. 

C. Install a faster network interface. 

D. Configure a larger tx-ring size. 



You can't avoid or prevent them as such without modifying the sending host's application/network stack so it smoothes out the bursts. However, you can manage 

microbursts by tuning the size of receive buffers / rings to absorb occasional microbursts. 

Q492. Which data plane protocol does EIGRP Over the Top use? 




D. IP-in-IP 



The EIGRP Over the Top solution can be used to ensure connectivity between disparate Enhanced Interior Gateway Routing Protocol (EIGRP) sites. This feature uses EIGRP on the control plane and Locator ID Separation Protocol (LISP) encapsulation on the data plane to route traffic across the underlying WAN architecture. EIGRP is used to distribute routes between customer edge (CE) devices within the network, and the traffic forwarded across the WAN architecture is LISP encapsulated. Therefore, to connect disparate EIGRP sites, you must configure the neighbor command with LISP encapsulation on every CE in the network. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-xe-3s-book/ire-eigrp-over-the-top.html 


Drag each IPv6 extension header on the left to its corresponding description on the right. 


Q494. Refer to the exhibit. 

What is a possible reason for the IPSec tunnel not establishing? 

A. The peer is unreachable. 

B. The transform sets do not match. 

C. The proxy IDs are invalid. 

D. The access lists do not match. 



Proxy Identities Not Supported 

This message appears in debugs if the access list for IPsec traffic does not match. 

1d00h: IPSec(validate_transform_proposal): proxy identities not supported 

1d00h: ISAKMP: IPSec policy invalidated proposal 

1d00h: ISAKMP (0:2): SA not acceptable! 

The access lists on each peer needs to mirror each other (all entries need to be reversible). 

This example illustrates this point. 

Peer A 

access-list 150 permit ip 

access-list 150 permit ip host host 

Peer B 

access-list 150 permit ip 

access-list 150 permit ip host host 



Q495. When VRF-Lite is configured without BGP support,.which statement about the configuration of the route target and route distinguisher is true? 

A. The configuration of the route target and route distinguisher is required. 

B. The configuration of the route target and route distinguisher is not required. 

C. The configuration of the route target is required and the configuration of the route distinguisher is not required. 

D. The configuration of the route target is not required and the configuration of the route distinguisher is required. 


Q496. Which two statements are true about IS-IS? (Choose two.) 

A. IS-IS DIS election is nondeterministic. 

B. IS-IS SPF calculation is performed in three phases. 

C. IS-IS works over the data link layer, which does not provide for fragmentation and reassembly. 

D. IS-IS can never be routed beyond the immediate next hop. 

Answer: C,D 


IS-IS runs directly over the data link alongside IP. On Ethernet, IS-IS packets are always 802.3 frames, with LSAPs 0xFEFE while IP packets are either Ethernet II frames or SNAP frames identified with the protocol number 0x800. OSPF runs over IP as protocol number 89. 

IS-IS runs directly over layer 2 and hence: 

-cannot support virtual links unless some explicit tunneling is implemented 

-packets are kept small so that they don't require hop-by-hop fragmentation 

-uses ATM/SNAP encapsulation on ATM but there are hacks to make it use VcMux encapsulation 

-some operating systems that support IP networking have been implemented to differentiate Layer 3 packets in kernel. Such Oss require a lot of kernel modifications to support IS-IS for IP routing. 

-can never be routed beyond the immediate next hop and hence shielded from IP spoofing and similar Denial of Service attacks. 

Reference: https://tools.ietf.org/html/draft-bhatia-manral-diff-isis-ospf-00 

Q497. Which statement is true about VPLS? 

A. MPLS is not required for VPLS to work. 

B. VPLS carries packets as Layer 3 multicast. 

C. VPLS has been introduced to address some shortcomings of OTV. 

D. VPLS requires an MPLS network. 



VPLS uses MPLS labels so an MPLS network is required. VPLS MPLS packets have a two-label stack. The outer label is used for normal MPLS forwarding in the service provider's network. If BGP is used to establish the VPLS, the inner label is allocated by a PE as part of a label block. If LDP is used, the inner label is a virtual circuit ID assigned by LDP when it first established a mesh between the participating PEs. Every PE keeps track of assigned inner label, and associates these with the VPLS instance. 

Reference: http://en.wikipedia.org/wiki/Virtual_Private_LAN_Service 


Drag and drop the OSPF network type on the left to the correct traffic type category on the right. 


Q499. Which two statements about MAC Authentication Bypass are true? (Choose two.) 

A. Traffic from an endpoint is authorized to pass after MAB authenticates the MAC address of the endpoint. 

B. During the learning stage, the switch examines multiple packets from the endpoint to determine the MAC address of the endpoint. 

C. After the switch learns the MAC address of the endpoint, it uses TACACS+ to authenticate it. 

D. After learning a source MAC address, it sends the host a RADIUS Account-Request message to validate the address. 

E. The MAC address of a device serves as its user name and password to authenticate with a RADIUS server. 

Answer: A,E