♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 400-101 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
2021 Apr 400-101 exam question
Q51. Refer to the exhibit.
Which statement is true?
A. IS-IS has been enabled on R4 for IPv6, single-topology.
B. IS-IS has been enabled on R4 for IPv6, multitopology.
C. IS-IS has been enabled on R4 for IPv6, single-topology and multitopology.
D. R4 advertises IPv6 prefixes, but it does not forward IPv6 traffic, because the protocol has not been enabled under router IS-IS.
When working with IPv6 prefixes in IS-IS, you can configure IS-IS to be in a single topology for both IPv4 and IPv6 or to run different topologies for IPv4 and IPv6. By default, IS-IS works in single-topology mode when activating IPv4 and IPv6. This means that the IS-IS topology will be built based on IS Reachability TLVs. When the base topology is built, then IPv4 prefixes (IP Reachability TLV) and IPv6 prefixes (IPv6 Reachability TLV) are added to each node as leaves, without checking if there is IPv6 connectivity between nodes.
Q52. Which three components comprise the structure of a pseudowire FEC element? (Choose three.)
A. pseudowire ID
B. pseudowire type
C. control word
D. Layer 3 PDU
E. header checksum
F. type of service
The Pseudowire ID FEC element has the following components:
. Pseudowire ID FEC — The first octet has a value of 128 that identifies it as a Pseudowire ID FEC element.
. Control Word Bit (C-Bit) — The C-bit indicates whether the advertising PE expects the control word to be present for pseudowire packets. A control word is an optional 4-byte field located between the MPLS label stack and the Layer 2 payload in the pseudowire packet. The control word carries generic and Layer 2 payload-specific information. If the C-bit is set to 1, the advertising PE expects the control word to be present in every pseudowire packet on the pseudowire that is being signaled. If the C-bit is set to 0, no control word is expected to be present.
. Pseudowire Type — PW Type is a 15-bit field that represents the type of pseudowire. Examples of pseudowire types are shown in Table 6-1.
. Pseudowire Information Length — Pseudowire Information Length is the length of the Pseudowire ID field and the interface parameters in octets. When the length is set to 0, this FEC element stands for all pseudowires using the specified Group ID. The Pseudowire ID and Interface Parameters fields are not present.
. Group ID — The Group ID field is a 32-bit arbitrary value that is assigned to a group of pseudowires.
. Pseudowire ID — The Pseudowire ID, also known as VC ID, is a non-zero, 32-bit identifier that distinguishes one pseudowire from another. To connect two attachment circuits through a pseudowire, you need to associate each one with the same Pseudowire ID.
. Interface Parameters — The variable-length Interface Parameters field provides attachment circuit-specific information, such as interface MTU, maximum number of concatenated ATM cells, interface description, and so on.
Q53. Which two statements about 802.1Q tunneling are true? (Choose two.)
A. It requires a system MTU of at least 1504 bytes.
B. The default configuration sends Cisco Discovery Protocol, STP, and VTP information.
C. Traffic that traverses the tunnel is encrypted.
D. It is supported on private VLAN ports.
E. MAC-based QoS and UDLD are supported on tunnel ports.
F. Its maximum allowable system MTU is 1546 bytes.
Q54. What are three required commands when you enable source-specific multicast for addresses in the range 22.214.171.124/8? (Choose three.)
A. ip multicast-routing
B. ip igmp version 3
C. ip pim ssm-range 126.96.36.199/8
D. ip igmp version 2
E. ip pim ssm-range default
F. set routing-options multicast ssm-groups 188.8.131.52/8
Q55. Refer to the exhibit.
Why is the router not accessible via Telnet on the GigabitEthernet0 management interface?
A. The wrong port is being used in the telnet-acl access list.
B. The subnet mask is incorrect in the telnet-acl access list.
C. The log keyword needs to be removed from the telnet-acl access list.
D. The access class needs to have the vrf-also keyword added.
The correct command should be “access-class telnet-acl in vrf-also”. If you do not specify the vrf-also keyword, incoming Telnet connections from interfaces that are part of a VRF are rejected.
Q56. Which three options are sources from which a SPAN session can copy traffic? (Choose three.)
E. primary IP addresses
F. secondary IP addresses
. SPAN Sources
The interfaces from which traffic can be monitored are called SPAN sources. Sources designate the traffic to monitor and whether to copy ingress, egress, or both directions of traffic. SPAN sources include the following:
. Ethernet ports
. Port channels
. The inband interface to the control plane CPU — You can monitor the inband interface only from the default VDC. Inband traffic from all VDCs is monitored.
. VLANs — When a VLAN is specified as a SPAN source, all supported interfaces in the VLAN are SPAN sources.
. Remote SPAN (RSPAN) VLANs
. Fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender .
Satellite ports and host interface port channels on the Cisco Nexus 2000 Series Fabric Extender
— These interfaces are supported in Layer 2 access mode, Layer 2 trunk mode, and Layer 3 mode.
Q57. DRAG DROP
Drag and drop the BGP attribute on the left to the correct category on the right.
Q58. Which two statements about the ipv6 ospf authentication command are true? (Choose two.)
A. The command is required if you implement the IPsec AH header.
B. The command configures an SPI.
C. The command is required if you implement the IPsec TLV.
D. The command can be used in conjunction with the SPI authentication algorithm.
E. The command must be configured under the OSPFv3 process.
OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP extension headers can be used to provide authentication and confidentiality to OSPFv3. To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be applied alone or in combination with the AH, and when ESP is used, both encryption and authentication are provided. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you.
Q59. Refer to the exhibit.
R2 is mutually redistributing between EIGRP and BGP.
Which configuration is necessary to enable R1 to see routes from R3?
A. The R3 configuration must include ebgp-multihop to the neighbor statement for R2.
B. The R2 BGP configuration must include bgp redistribute-internal.
C. R1 must be configured with next-hop-self for the neighbor going to R2.
D. The AS numbers configured on R1 and R2 must match.
Whenever you redistribute from BGP to something else, BGP will only advertise externally learned routes. To allow the redistribution of iBGP routes into an interior gateway protocol such as EIGRP or OSPF, use the bgp redistribute-internal command in router configuration mode.
Q60. On which three options can Cisco PfR base its traffic routing? (Choose three.)
A. Time of day
B. An access list with permit or deny statements
C. Load-balancing requirements
D. Network performance
E. User-defined link capacity thresholds
F. Router IOS version
Key Advantages of using PfR for Load balancing:
. Utilization based load-balancing: PfR takes real-time link utilization into account when load balancing the links. This will ensure that a link will not go beyond a certain percentage of its maximum capacity (75% by default).
. Application Performance based Load Balancing: PfR does not randomly forward traffic through one link or another. It takes application performance requirements into consideration and then forwards the traffic through a link which meets the performance policy requirements. PfR also load balances the link at the same time.
. Bi-directional Solution: PfR is a bi-directional load balancing solution which influences outbound as well as in-bound traffic.
. Consolidated Centralized View: PfR offers consolidated and centralized view of the state of all external links in the network. At any given time, the network administrator can see the current link utilization (in kbps and percentage of its capacity), maximum link threshold, and the policies applied to the links in the network.