♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 400-101 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/400-101-exam-dumps.html
Q361. Which statement describes the function of rekey messages?
A. They prevent unencrypted traffic from passing through a group member before registration.
B. They refresh IPsec SAs when the key is about to expire.
C. They trigger a rekey from the server when configuring the rekey ACL.
D. They authenticate traffic passing through a particular group member.
Answer: B
Explanation:
Rekey messages are used to refresh IPsec SAs. When the IPsec SAs or the rekey SAs are about to expire, one single rekey message for a particular group is generated on the key server. No new IKE sessions are created for the rekey message distribution. The rekey messages are distributed by the key server over an existing IKE SA. Rekeying can use multicast or unicast messages.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-xe-3s-book/sec-get-vpn.html
Q362. Refer to the exhibit.
If OSPF is implemented on the network, which additional configuration is needed to allow traffic from host 10.4.1.15/24 to host 10.1.2.20/24?
A. A virtual link between router 2 and router 4
B. A virtual link between router 3 and router 4
C. A virtual link between router 2 and router 3
D. The current design allows traffic between the two hosts.
Answer: D
Explanation:
This specific traffic from 10.4.1.0/24 to 10.1.2.0/24 would work because this traffic crosses only over the single OSPF area of 0.0.0.1.
However, traffic from hosts on R4 to R1 would indeed need a virtual link, since area 0.0.0.2 is not connected to the backbone area of 0.0.0.0.
Q363. Which two statements about Layer 2 Frame Prioritization bits are true? (Choose two.)
A. 802.1Q frame headers carry the CoS value in the three most-significant bits of the 2-byte Tag Control Information field.
B. ISL frame headers carry an IEEE 802.1P CoS value in the three least-significant bits of the 2-byte User field.
C. ISL frame headers carry an IEEE 802.1P CoS value in the three most-significant bits of the 1-byte User field.
D. On 802.1Q trunks, traffic in the native VLAN is carried in 802.1Q frames.
E. Only 802.1Q and ISL frame types can carry CoS information.
F. On 802.1Q trunks, traffic in the native VLAN is carried in 802.1P frames.
Answer: A,E
Q364. Refer to the exhibit.
Which two corrective actions could you take if EIGRP routes from R2 fail to reach R1? (Choose two.)
A. Configure R2 to use a VRF to send routes to R1.
B. Configure the autonomous system in the EIGRP configuration of R1.
C. Correct the network statement on R2.
D. Add the interface on R1 that is connected to R2 into a VRF.
Answer: B,D
Explanation:
In this question we are running VRF Lite on R1. VRF Lite is also knows as “VRF without
running MPLS”. This is an example of how to configure VRF Lite with EIGRP:
ip vrf FIRST
rd 1:1
!
ip vrf SECOND
rd 1:2
!
router eigrp 1
no auto-summary
!
address-family ipv4 vrf FIRST
network 10.1.1.1 0.0.0.0
no auto-summary
autonomous-system 200
exit-address-family
!
address-family ipv4 vrf SECOND
network 10.1.2.1 0.0.0.0
no auto-summary
autonomous-system 100
exit-address-family
!
interface FastEthernet0/0
ip vrf forwarding FIRST
ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet0/1
ip vrf forwarding SECOND
ip address 10.1.2.1 255.255.255.0
The above example creates two VRFs (named “FIRST” and “SECOND”). VRF “FIRST” runs on EIGRP AS 200 while VRF “SECOND” runs on EIGRP AS 100. After that we have to add interfaces to the appropriate VRFs. From this example, back to our question we can see that R1 is missing the “autonomous-system …” command under “address-family ipv4 vrf R2. And R1 needs an interface configured under that VRF.
Note. R2 does not run VRF at all! Usually R2 resides on customer side.
Q365. In an STP domain, which two statements are true for a nonroot switch, when it receives a configuration BPDU from the root bridge with the TC bit set? (Choose two.)
A. It sets the MAC table aging time to max_age time.
B. It sets the MAC table aging time to forward_delay time.
C. It recalculates the STP topology upon receiving topology change notification from the root switch.
D. It does not recalculate the STP topology upon receiving topology change notification from the root switch.
Answer: B,D
Q366. DRAG DROP
Drag and drop the argument of the ip cef load-sharing algorithm command on the left to the function it performs on the right.
Answer:
Q367. Which two statements about Cisco Express Forwarding are true? (Choose two.)
A. Cisco Express Forwarding tables contain reachability information and adjacency tables contain forwarding information.
B. Cisco Express Forwarding tables contain forwarding information and adjacency tables contain reachability information.
C. Changing MAC header rewrite strings requires cache validation.
D. Adjacency tables and Cisco Express Forwarding tables can be built separately.
E. Adjacency tables and Cisco Express Forwarding tables require packet process-switching.
Answer: A,D
Explanation:
Main Components of CEF
Information conventionally stored in a route cache is stored in several data structures for Cisco Express Forwarding switching. The data structures provide optimized lookup for efficient packet forwarding. The two main components of Cisco Express Forwarding operation are the forwarding information base (FIB) and the adjacency tables. The FIB is conceptually similar to a routing table or information base. A router uses this lookup table to make destination-based switching decisions during Cisco Express Forwarding operation. The FIB is updated when changes occur in the network and contains all routes known at the time. Adjacency tables maintain Layer 2 next-hop addresses for all FIB entries. This separation of the reachability information (in the Cisco Express Forwarding table) and the forwarding information (in the adjacency table), provides a number of benefits:
. The adjacency table can be built separately from the Cisco Express Forwarding table, allowing both to be built without any packets being process-switched.
. The MAC header rewrite used to forward a packet is not stored in cache entries, so changes in a MAC header rewrite string do not require validation of cache entries.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipswitch_cef/configuration/15-mt/isw-cef-15-mt-book/isw-cef-overview.html
Q368. Refer to the exhibit.
What is the role of this multicast router?
A. a first-hop PIM router
B. a last-hop PIM router
C. a PIM rendezvous point
D. a PIM inter-AS router
Answer: C
Explanation:
The following is sample output from the show ip pim tunnel taken from an RP. The output is used to verify the PIM Encap and Decap Tunnel on the RP:
Switch# show ip pim tunnel
Tunnel0
Type : PIM Encap
RP : 70.70.70.1*
SourcE. 70.70.70.1
Tunnel1*
Type : PIM Decap
RP : 70.70.70.1*
SourcE. -R2#
The asterisk (*) indicates that the router is the RP. The RP will always have a PIM Encap and Decap Tunnel interface.
Reference:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3se/multic ast/command_reference/b_mc_3se_3650_cr/b_mc_3se_3650_cr_chapter_010.html#wp12 86920037
Q369. Refer to the exhibit.
Which VLANs are permitted to send frames out port FastEthernet0/1?
A. 100 - 200
B. 4 - 100
C. 1 and 4 - 100
D. 3 and 4 - 100
Answer: D
Explanation:
Traffic on the native vlan does not get tagged as it crosses a trunk, so there is no dot1q tag in the first place to be filtered. And you don’t need to allow the native vlan. But if we force to tag the native vlan (with the “switchport trunk native vlan tag” command) then if the native vlan is not in the “allowed vlan” list it will be dropped.
Q370. What are the three variants of NTPv4? (Choose three.)
A. client/server
B. broadcast
C. symmetric
D. multicast
E. asymmetric
F. unicast
Answer: A,B,C