Master the 400 101 dumps CCIE Routing and Switching (v5.0) content and be ready for exam day success quickly with this Pass4sure ccie 400 101 pdf exam. We guarantee it!We make it a reality and give you real cisco 400 101 questions in our Cisco ccie 400 101 braindumps.Latest 100% VALID Cisco cisco 400 101 Exam Questions Dumps at below page. You can use our Cisco cisco 400 101 braindumps and pass your exam.
Q411. DRAG DROP
Drag and drop the multicast protocol or feature on the left to the correct address space on the right.
Q412. Which attribute is transported over an MPLS VPN as a BGP extended community?
A. route target
B. route distinguisher
E. local preference
Q413. Which two statements about VRRP are true? (Choose two.)
A. It is assigned multicast address 126.96.36.199.
B. The TTL for VRRP packets must be 255.
C. It is assigned multicast address 188.8.131.52.
D. Its IP protocol number is 115.
E. Three versions of the VRRP protocol have been defined.
F. It supports both MD5 and SHA1 authentication.
Q414. Which three statements about EIGRP and BFD are true? (Choose three.)
A. BFD is independent of the routing protocol, so it can be used as a generic failure detection mechanism for EIGRP.
B. Some parts of BFD can be distributed to the data plane, so it can be less CPU-intensive than reduced timers, which exist wholly at the control plane.
C. Reduced EIGRP timers have an absolute minimum detection timer of 1-2 seconds; BFD can provide sub-second failure detection.
D. BFD is tied to specific routing protocols and can be used for generic fault detection for the OSPF, EIGRP, and BGP routing protocols.
E. BFD is dependent on the EIGRP routing protocol, so it can be used as a specific failure detection mechanism.
F. BFD resides on the control plane, so it is less CPU-intensive than if it resided on the data plane.
There are several advantages to implementing BFD over reduced timer mechanisms for routing protocols:
. Although reducing the EIGRP, IS-IS, and OSPF timers can result in minimum detection timer of one to two seconds, BFD can provide failure detection in less than one second.
. Because BFD is not tied to any particular routing protocol, it can be used as a generic and consistent failure detection mechanism for EIGRP, IS-IS, and OSPF.
. Because some parts of BFD can be distributed to the data plane, it can be less CPU-intensive than the reduced EIGRP, IS-IS, and OSPF timers, which exist wholly at the control plane.
Q415. Refer to the exhibit.
If the route to 10.1.1.1 is removed from the R2 routing table, which server becomes the master NTP server?
B. the NTP server at 10.3.3.3
C. the NTP server at 10.4.4.4
D. the NTP server with the lowest stratum number
NTP uses a concept called “stratum” that defines how many NTP hops away a device is from an authoritative time source. For example, a device with stratum 1 is a very accurate device and might have an atomic clock attached to it. Another NTP server that is using this stratum 1 server to sync its own time would be a stratum 2 device because it’s one NTP hop further away from the source. When you configure multiple NTP servers, the client will prefer the NTP server with the lowest stratum value.
Q416. Which two options are requirements for Control-Plane Policing? (Choose two.)
A. Cisco Express Forwarding must be enabled globally.
B. Cisco Discovery Protocol must be disabled in the control plane.
C. A crypto policy must be installed.
D. A loopback address must be configured for device access.
E. A class map must be configured to identify traffic.
Q417. Which two statements about the ipv6 ospf authentication command are true? (Choose two.)
A. The command is required if you implement the IPsec AH header.
B. The command configures an SPI.
C. The command is required if you implement the IPsec TLV.
D. The command can be used in conjunction with the SPI authentication algorithm.
E. The command must be configured under the OSPFv3 process.
OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP extension headers can be used to provide authentication and confidentiality to OSPFv3. To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be applied alone or in combination with the AH, and when ESP is used, both encryption and authentication are provided. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you.
Q418. Refer to the exhibit.
You are bringing a new MPLS router online and have configured only what is shown to bring LDP up. Assume that the peer has been configured in a similar manner. You verify the LDP peer state and see that there are no neighbors. What will the output of show mpls ldp discovery show?
Ethernet0/0 (ldp): xmit
Ethernet0/0 (ldp): xmit/recv
LDP Id: 184.108.40.206:0; IP addr: 192.168.12.2
Ethernet0/0 (ldp): xmit/recv
LDP Id: 192.168.12.2:0; no route
Ethernet0/0 (ldp): xmit/recv
LDP Id: 220.127.116.11:0; no route
Q419. DRAG DROP
Drag and drop the method for refreshing BGP prefixes on the left to the corresponding description on the right.
Q420. Refer to the exhibit.
What is a reason for the RIB-failure?
A. CEF is not enabled on this router.
B. The route 10.100.1.1/32 is in the routing table, but not as a BGP route.
C. The routing table has yet to be updated with the BGP route.
D. The BGP route is filtered inbound and hence is not installed in the routing table.
A rib-failure occurs when BGP tries to install the bestpath prefix into the RIB, but the RIB rejects the BGP route because a route with better administrative distance already exists in the routing table. An inactive Border Gateway Protocol (BGP) route is a route that is not installed in the RIB, but is installed in the BGP table as rib-failure. Example Topology Router 1 (R1) and router 2 (R2) have two parallel links; one links runs BGP AS 65535 and the other link runs Enhanced Interior Gateway Routing Protocol (EIGRP) AS 1. Both BGP and EIGRP are advertising the network 10.1.1.1/32 on R1.
R2 learns about the 18.104.22.168/32 route through both EIGRP and BGP, but installs only the EIGRP route in the routing table because of the lower administrative distance. Since the BGP route is not installed in the R2 routing table, the route appears as a rib-failure in the R2 BGP table.