Amazing 400 101 pdf secrets

♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 400-101 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/400-101-exam-dumps.html

Q131. DRAG DROP 

Drag each MPLS term on the left to the matching statement on the right. 

Answer: 

Q132. Which two statements about SoO checking in EIGRP OTP deployments are true? (Choose two). 

A. During the import process, the SoO value in BGP is checked against the SoO value of the site map. 

B. During the reception of an EIGRP update, the SoO value in the EIGRP update is checked against the SoO value of the site map on the ingress interface. 

C. At the ingress of the PE/CE link, the SoO in the EIGRP update is checked against the SoO within the PE/CE routing protocol. 

D. At the egress of the PE/CE link, the SoO is checked against the SoO within the PE/CE routing protocol. 

E. The SoO is checked at the ingress of the backdoor link. 

F. The SoO is checked at the egress of the backdoor link. 

Answer: A,B 

Explanation: 

. SoO checking: 

– During the import process the SoO value in BGP update is checked against the SoO value of the site-map attached to VRF interface. The update is propagated to CE only if there is no match (this check is done regardless of protocol used on PE/CE link). 

– At reception of EIGRP update, the SoO value in the EIGRP update is checked against the SoO value of site-map attached to the incoming interface. This update is accepted only if there is no match (this check can optionally be done on backdoor router). 

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ip-routing/whitepaper_C11-730404.html 

Q133. Which two features does the show ipv6 snooping features command show information about? (Choose two.) 

A. RA guard 

B. DHCP guard 

C. ND inspection 

D. source guard 

Answer: A,C 

Explanation: 

The show ipv6 snooping features command displays the first-hop features that are configured on the router. Examples 

The following example shows that both IPv6 NDP inspection and IPv6 RA guard are configured on the router: 

Router# show ipv6 snooping features 

Feature name priority state 

RA guard 100 READY 

NDP inspection 20 READY 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-s5.html 

Q134. Which option is the origin code when a route is redistributed into BGP? 

A. IGP 

B. EGP 

C. external 

D. incomplete 

E. unknown 

Answer: D 

Q135. Which statement is true about conditional advertisements? 

A. Conditional advertisements create routes when a predefined condition is met. 

B. Conditional advertisements create routes when a predefined condition is not met. 

C. Conditional advertisements delete routes when a predefined condition is met. 

D. Conditional advertisements create routes and withhold them until a predefined condition is met. 

E. Conditional advertisements do not create routes, they only withhold them until a predefined condition is met. 

Answer: E 

Explanation: 

The Border Gateway Protocol (BGP) conditional advertisement feature provides additional control of route advertisement, depending on the existence of other prefixes in the BGP table. Normally, routes are propagated regardless of the existence of a different path. The BGP conditional advertisement feature uses the non-exist-map and the advertise-map keywords of the neighbor advertise-map command in order to track routes by the route prefix. If a route prefix is not present in output of the non-exist-map command, then the route specified by the advertise-map command is announced. This feature is useful for multihomed networks, in which some prefixes are advertised to one of the providers only if information from the other provider is not present (this indicates a failure in the peering session or partial reachability). 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/16137-cond-adv.html 

Q136. DRAG DROP 

Drag and drop each MLPPP command on the left to the function it performs on the right. 

Answer: 

Q137. Which three types of traffic are allowed by IEEE 802.1X access control prior to getting authenticated? (Choose three.) 

A. EAPOL 

B. VTP 

C. STP 

D. ARP 

E. CDP 

F. HTTP 

Answer: A,C,E 

Explanation: 

Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication, normal traffic passes through the port. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se/configuration/guide/scg3750/sw8021x.pdf 

Q138. Refer to the exhibit. 

Why is the host unable to obtain an IP address? 

A. IP source guard is configured on the switch port. 

B. The DHCP server pool addresses are configured incorrectly. 

C. DHCP requests are being blocked. 

D. DHCP option 150 is disabled. 

Answer: A 

Q139. Refer to the exhibit. 

Which two statements about the R1 configuration are true? (Choose two.) 

A. The IP TTL value is copied to the MPLS field during label imposition. 

B. The structure of the MLPS network is hidden in a traceroute. 

C. The LDP session interval and hold times are configured for directly connected neighbors. 

D. R1 protects the session for 86400 seconds. 

E. All locally assigned labels are discarded. 

Answer: B,D 

Q140. Which three statements about GET VPN are true? (Choose three.) 

A. It encrypts WAN traffic to increase data security and provide transport authentication. 

B. It provides direct communication between sites, which reduces latency and jitter. 

C. It can secure IP multicast, unicast, and broadcast group traffic. 

D. It uses a centralized key server for membership control. 

E. It enables the router to configure tunnels. 

F. It maintains full-mesh connectivity for IP networks. 

Answer: A,B,D 

Explanation: 

Cisco GET VPN Features and Benefits 

Feature 

Description and Benefit 

Key Services 

Key Servers are responsible for ensuring that keys are granted to authenticated and authorized devices only. They maintain the freshness of the key material, pushing re-key messages as well as security policies on a regular basis. The chief characteristics include: 

. Key Servers can be located centrally, granting easy control over membership. 

. Key Servers are not in the "line of fire" - encrypted application traffic flows directly between VPN end points without a bottleneck or an additional point of failure. 

. Supports both local and global policies, applicable to all members in a group - such as "Permit any any", a policy to encrypt all traffic. 

. Supports IP Multicast to distribute and manage keys, for improved efficiency; Unicast is also supported where IP Multicast is not possible. 

Scalability and Throughput 

. The full mesh nature of the solution allows devices to communicate directly with each other, without requiring transport through a central hub; this minimizes extra encrypts and decrypts at the hub router; it also helps minimize latency and jitter. 

. Efficient handling of IP Multicast traffic by using the core network for replication can boost effective throughput further 

Security 

Provides data security and transport authentication, helping to meet security compliance and internal regulation by encrypting all WAN traffic 

Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/product_data_sheet0900aecd80582067.html