Promise to provide the high-quality Cisco exam dumps, Examcollection provides the top high quality Cisco Cisco certification products with best questions and also answers. You will make the most fresh and precise 400-101 preparation components which promise your accomplishment at 1st attempt. Take measures now and also download your Cisco 400-101 exam dumps today!

♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 400-101 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on:

2021 Apr 400-101 training

Q411. Which cache aggregation scheme is supported by NetFlow ToS-based router aggregation? 

A. prefix-port 

B. AS 

C. protocol port 

D. destination prefix 


Q412. In a PfR environment, which two statements best describe the difference between active mode monitoring and fast mode monitoring? (Choose two.) 

A. Active mode monitoring can monitor and measure actual traffic via NetFlow data collection. 

B. Fast mode monitoring can measure bursty traffic better than active mode. 

C. Active mode monitoring uses IP SLA probes for the purpose of obtaining performance characteristics of the current WAN exit link. 

D. Fast mode monitoring uses IP SLA probes via all valid exits continuously to quickly determine an alternate exit link. 

Answer: C,D 


Active Monitoring 

PfR uses Cisco IOS IP Service Level Agreements (SLAs) to enable active monitoring. IP SLAs support is enabled by default. IP SLAs support allows PfR to be configured to send active probes to target IP addresses to measure the jitter and delay, determining if a prefix is out-of-policy and if the best exit is selected. The border router collects these performance statistics from the active probe and transmits this information to the master controller. 

Fast Failover Monitoring 

Fast failover monitoring enables passive and active monitoring and sets the active probes to continuously monitor all the exits (probe-all). Fast failover monitoring can be used with all types of active probes: Internet Control Message Protocol (ICMP) echo, jitter, TCP connection, and UDP echo. 


Q413. Which trunking configuration between two Cisco switches can cause a security risk? 

A. configuring different native VLANs on the switches 

B. configuring different trunk modes on the switches 

C. configuring mismatched VLANs on the trunk 

D. disabling DTP on the trunk ports 

E. configuring incorrect channel-groups on the switches 


Q414. Refer to the exhibit. 

The device with this configuration is unable to reach network The next hop router has been verified to have full connectivity to the network. Which two actions can you take to establish connectivity to the network? (Choose two.) 

A. Create a static route to using the address of the next hop router. 

B. Create a default route to the link address of the next hop router. 

C. Create a static route to the loopback address of the next hop router. 

D. Create a default route to 

E. Modify the existing static route so that the next hop is 

F. Replace the ip default-network command with the ip default-gateway command. 

Answer: A,B 


Unlike the ip default-gateway command, you can use ip default-network when ip routing is enabled on the Cisco router. When you configure ip default-network the router considers routes to that network for installation as the gateway of last resort on the router. 

For every network configured with ip default-network, if a router has a route to that network, that route is flagged as a candidate default route. However, in this case if the router does not a route to the drfault network of, then you would need to ensure that this route exisits by creating a static route to using the address of the next hop router, or simply create a default route using the address of the next hop router. 

Q415. Which standard feature can be exploited by an attacker to perform network reconnaissance? 

A. IP-directed broadcast 

B. maintenance operations protocol 

C. ICMP redirects 

D. source quench 


Renewal 400-101 latest exam:

Q416. Which two mechanisms can be used to eliminate Cisco Express Forwarding polarization? (Choose two.) 

A. alternating cost links 

B. the unique-ID/universal-ID algorithm 

C. Cisco Express Forwarding antipolarization 

D. different hashing inputs at each layer of the network 

Answer: B,D 


This document describes how Cisco Express Forwarding (CEF) polarization can cause suboptimal use of redundant paths to a destination network. CEF polarization is the effect when a hash algorithm chooses a particular path and the redundant paths remain completely unused. 

How to Avoid CEF Polarization 

. Alternate between default (SIP and DIP) and full (SIP + DIP + Layer4 ports) hashing inputs configuration at each layer of the network. 

. Alternate between an even and odd number of ECMP links at each layer of the network.The CEF load-balancing does not depend on how the protocol routes are inserted in the routing table. Therefore, the OSPF routes exhibit the same behavior as EIGRP. In a hierarchical network where there are several routers that perform load-sharing in a row, they all use same algorithm to load-share. 

The hash algorithm load-balances this way by default: 

1: 1 

2: 7-8 

3: 1-1-1 

4: 1-1-1-2 

5: 1-1-1-1-1 

6: 1-2-2-2-2-2 

7: 1-1-1-1-1-1-1 

8: 1-1-1-2-2-2-2-2 

The number before the colon represents the number of equal-cost paths. The number after the colon represents the proportion of traffic which is forwarded per path. 

This means that: 

For two equal cost paths, load-sharing is 46.666%-53.333%, not 50%-50%. 

For three equal cost paths, load-sharing is 33.33%-33.33%-33.33% (as expected). 

For four equal cost paths, load-sharing is 20%-20%-20%-40% and not 25%-25%-25%-25%. 

This illustrates that, when there is even number of ECMP links, the traffic is not load-balanced. 

.Cisco IOS introduced a concept called unique-ID/universal-ID which helps avoid CEF polarization. This algorithm, called the universal algorithm (the default in current Cisco IOS versions), adds a 32-bit router-specific value to the hash function (called the universal ID - this is a randomly generated value at the time of the switch boot up that can can be manually controlled). This seeds the hash function on each router with a unique ID, which ensures that the same source/destination pair hash into a different value on different routers along the path. This process provides a better network-wide load-sharing and circumvents the polarization issue. This unique -ID concept does not work for an even number of equal-cost paths due to a hardware limitation, but it works perfectly for an odd number of equal-cost paths. In order to overcome this problem, Cisco IOS adds one link to the hardware adjacency table when there is an even number of equal-cost paths in order to make the system believe that there is an odd number of equal-cost links. 


Q417. Which two Cisco Express Forwarding tables are located in the data plane? (Choose two.) 

A. the forwarding information base 

B. the label forwarding information base 

C. the IP routing table 

D. the label information table 

E. the adjacency table 

Answer: A,B 


The control plane runs protocols such as OSPF, BGP, STP, LDP. These protocols are needed so that routers and switches know how to forward packets and frames. 

The data plane is where the actual forwarding takes place. The data plane is populated based on the protocols running in the control plane. The Forwarding Information Base (FIB) is used for IP traffic and the Label FIB is used for MPLS. 

Q418. Refer to the exhibit. 

Which two statements about this configuration are true? (Choose two.) 

A. Spoke devices will be dynamically added to the NHRP mappings. 

B. The next-hop server address must be configured to on all spokes. 

C. The next-hop server address must be configured to on all spokes. 

D. R1 will create a static mapping for each spoke. 

Answer: A,C 


NHRP is a client/server model protocol which is defined by RFC2332. The hub is considered to be the Next Hop Server (NHS) and the spokes are considered to be the Next Hop Client (NHC). The hub must be configured as the next-hop server. NHRP provides a mapping between the inside and outside address of a tunnel endpoint. These mappings can be static or dynamic. In a dynamic scenario, a next-hop server (NHS) is used to maintain a list of possible tunnel endpoints. Each endpoint using the NHS registers its own public and private mapping with the NHS. The local mapping of the NHS must always be static. It is important to note that the branch points to the inside or protected address of the NHS server. This scenario is an example of dynamic mappings. 

Reference: PN_2_Phase2.html 

Q419. Refer to the exhibit. 

A tunnel is configured between R3 to R4 sourced with their loopback interfaces. The ip pim sparse-dense mode command is configured on the tunnel interfaces and multicast-routing is enabled on R3 and R4. The IP backbone is not configured for multicast routing. 

The RPF check has failed toward the multicast source. 

Which two conditions could have caused the failure? (Choose two.) 

A. The route back to the RP is through a different interface than tunnel 0. 

B. The backbone devices can only route unicast traffic. 

C. The route back to the RP is through the same tunnel interface. 

D. A static route that points the RP to GigabitEthernet1/0 is configured. 

Answer: A,D 


.For a successful RPF verification of multicast traffic flowing over the shared tree (*,G) from RP, an ip mroute rp-address nexthop command needs to be configured for the RP address, that points to the tunnel interface. 

A very similar scenario can be found at the reference link below: 


Q420. Refer to the exhibit. 

Which option explains why the forwarding address is set to instead of 

A. The interface Ethernet0/1 is in down state. 

B. The next-hop ip address is not directly attached to the redistributing router. 

C. The next-hop interface (Ethernet0/1) is specified as part of the static route command; therefore, the forwarding address is always set to 

D. OSPF is not enabled on the interface Ethernet0/1. 



From the output of the “show ip ospf database” command (although this command is not shown) we can conclude this is an ASBR (with Advertising Router is itself) and E0/1 is the ASBR’s next hop interface for other routers to reach network 

The Forwarding Address is determined by these conditions: 

* The forwarding address is set to if the ASBR redistributes routes and OSPF is not enabled on the next hop interface for those routes. 

* These conditions set the forwarding address field to a non-zero address: 

+ OSPF is enabled on the ASBR’s next hop interface AND 

+ ASBR’s next hop interface is non-passive under OSPF AND 

+ ASBR’s next hop interface is not point-to-point AND 

+ ASBR’s next hop interface is not point-to-multipoint AND 

+ ASBR’s next hop interface address falls under the network range specified in the router ospf command. 

* Any other conditions besides these set the forwarding address to 

-> We can see E0/1 interface is not running OSPF because it does not belong to network which is declared under OSPF process -> F.A address is set to