♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 400-101 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/400-101-exam-dumps.html

Q431. Which statement about the overload bit in IS-IS is true? 

A. The IS-IS adjacencies on the links for which the overload bit is set are brought down. 

B. Routers running SPF ignore LSPs with the overload bit set and hence avoid blackholing traffic. 

C. A router setting the overload bit becomes unreachable to all other routers in the IS-IS area. 

D. The overload bit in IS-IS is used only for external prefixes. 

Answer:

Explanation: 

The OL bit is used to prevent unintentional blackholing of packets in BGP transit networks. Due to the nature of these protocols, IS-IS and OSPF converge must faster than BGP. Thus there is a possibility that while the IGP has converged, IBGP is still learning the routes. In that case if other IBGP routers start sending traffic towards this IBGP router that has not yet completely converged it will start dropping traffic. This is because it isnt yet aware of the complete BGP routes. OL bit comes handy in such situations. When a new IBGP neighbor is added or a router restarts, the IS-IS OL bit is set. Since directly connected (including loopbacks) addresses on an “overloaded” router are considered by other routers, IBGP can be bought up and can begin exchanging routes. Other routers will not use this router for transit traffic and will route the packets out through an alternate path. Once BGP has converged, the OL bit is cleared and this router can begin forwarding transit traffic. 

Reference: https://routingfreak.wordpress.com/category/ospf-vs-is-is/ 


Q432. Which statement describes the function of rekey messages? 

A. They prevent unencrypted traffic from passing through a group member before registration. 

B. They refresh IPsec SAs when the key is about to expire. 

C. They trigger a rekey from the server when configuring the rekey ACL. 

D. They authenticate traffic passing through a particular group member. 

Answer:

Explanation: 

Rekey messages are used to refresh IPsec SAs. When the IPsec SAs or the rekey SAs are about to expire, one single rekey message for a particular group is generated on the key server. No new IKE sessions are created for the rekey message distribution. The rekey messages are distributed by the key server over an existing IKE SA. Rekeying can use multicast or unicast messages. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-xe-3s-book/sec-get-vpn.html 


Q433. Which Cisco IOS XE process administers routing and forwarding? 

A. Forwarding manager 

B. Interface manager 

C. Cisco IOS 

D. Host manager 

Answer:

Explanation: 

Some of the processes are listed in the table below: 

Process 

Purpose 

Affected FRUs 

SubPackage Mapping 

Host Manager 

Provides an interface between the IOS process and many of the information-gathering functions of the underlying platform kernel and operating system. 

RP (one instance per RP) 

SIP (one instance per SIP) 

ESP (one instance per ESP) 

RPControl 

SIPBase 

ESPBase 

Interface Manager 

Provides an interface between the IOS process and the per-SPA interface processes on the SIP. 

RP (one instance per RP) 

SIP (one instance per SIP) 

RPControl 

SIPBase 

IOS 

The IOS process implements all forwarding and routing features for the router. 

RP (one per software redundancy instance per RP). Maximum of two instances per RP. 

RPIOS 

Forwarding Manager 

Manages the downloading of configuration to each of the ESPs and the communication of forwarding plane information, such as statistics, to the IOS process. 

RP (one per software redundancy instance per RP). Maximum of two instances per RP. 

ESP (one per ESP) 

RPControl 

ESPBase 

Reference: http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg /Software_Packaging_Architecture.html 


Q434. Which ICMP message type is used to assist path MTU discovery? 

A. destination unreachable 

B. redirect message 

C. source quench 

D. time exceeded 

Answer:


Q435. What is the range of addresses that is used for IPv4-mapped IPv6 addresses? 

A. 2001. db9. . /32 

B. 2001. db8. . /32 

C. 2002. . /16 

D. . . ffff. /16 

E. . . ffff. 0. 0/96 

Answer:

Explanation: 

IPv4-Mapped Addresses FFFF:0:0/96 are the IPv4-mapped addresses [RFC4291]. Addresses within this block should not appear on the public Internet. 

Reference: https://tools.ietf.org/html/rfc5156 


Q436. Which two statements about SNMP are true? (Choose two.) 

A. SNMPv3 provides privacy and access control. 

B. All SNMP versions use get, getNext, and getBulk operations. 

C. SNMPv3 uses encrypted community strings. 

D. SNMPv1 and SNMPv2c use plaintext community strings. 

E. All SNMP versions support bulk retrieval and detailed error messages. 

Answer: A,B 


Q437. Refer to the exhibit. 

Why is the prefix 1.1.1.1/32 not present in the routing table of R1? 

A. There is a duplicate router ID. 

B. There is a subnet mask mismatch on Ethernet0/0. 

C. The router LSA has an invalid checksum. 

D. There is an OSPF network type mismatch that causes the advertising router to be unreachable. 

Answer:

Explanation: 

A common problem when using Open Shortest Path First (OSPF) is routes in the database don't appear in the routing table. In most cases OSPF finds a discrepancy in the database so it doesn't install the route in the routing table. Often, you can see the Adv Router is not-reachable message (which means that the router advertising the LSA is not reachable through OSPF) on top of the link-state advertisement (LSA) in the database when this problem occurs. Here is an example: 

Adv Router is not-reachable 

LS agE. 418 

Options: (No TOS-capability, DC) 

LS TypE. Router 

Links Link State ID. 172.16.32.2 

Advertising Router: 172.16.32.2 

LS Seq Number: 80000002 

Checksum: 0xFA63 

Length: 60 

Number of Links: 3 

There are several reasons for this problem, most of which deal with mis-configuration or a broken topology. When the configuration is corrected the OSPF database discrepancy goes away and the routes appear in the routing table. 

Reason 1: Network Type Mismatch 

Let's use the following network diagram as an example: 

R4-4K 

R1-7010 

interface Loopback0 

ip address 172.16.33.1 255.255.255.255 

interface Serial2 

ip address 172.16.32.1 255.255.255.0 

ip ospf network broadcast 

router ospf 20 

network 172.16.0.0 0.0.255.255 area 0 

interface Loopback0 

ip address 172.16.30.1 255.255.255.255 

interface Serial1/0 

ip address 172.16.32.2 255.255.255.0 

clockrate 64000 

router ospf 20 

network 172.16.0.0 0.0.255.255 area 0 

R4-4K(4)# show ip ospf interface serial 2 

Serial2 is up, line protocol is up 

Internet Address 172.16.32.1/24, Area 0 

Process ID 20, Router ID 172.16.33.1, Network Type BROADCAST, Cost: 64 

Transmit Delay is 1 sec, State DR, Priority 1 

Designated Router (ID) 172.16.33.1, Interface address 172.16.32.1 

Backup Designated router (ID) 172.16.32.2, Interface address 172.16.32.2 

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 

Hello due in 00:00:08 

Neighbor Count is 1, Adjacent neighbor count is 1 

Adjacent with neighbor 172.16.32.2 (Backup Designated Router) 

Suppress hello for 0 neighbor(s) 

R1-7010(5)# show ip ospf interface serial 1/0 

Serial1/0 is up, line protocol is up 

Internet Address 172.16.32.2/24, Area 0 

Process ID 20, Router ID 172.16.32.2, Network Type POINT_TO_POINT, Cost: 64 

Transmit Delay is 1 sec, State POINT_TO_POINT, 

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 

Hello due in 00:00:02 

Neighbor Count is 1, Adjacent neighbor count is 1 

Adjacent with neighbor 172.16.33.1 

Suppress hello for 0 neighbor(s) 

As you can see above, Router R4-4K is configured for broadcast, and Router R1-7010 is configured for point-to-point. This kind of network type mismatch makes the advertising router unreachable. 

R4-4K(4)# show ip ospf database router 172.16.32.2 

Adv Router is not-reachable 

LS agE. 418 

Options: (No TOS-capability, DC) 

LS TypE. Router Links 

Link State ID. 172.16.32.2 

Advertising Router: 172.16.32.2 

LS Seq Number: 80000002 

Checksum: 0xFA63 

Length: 60 

Number of Links: 3 

Link connected to: another Router (point-to-point) 

(Link ID) Neighboring Router ID. 172.16.33.1 

(Link Data) Router Interface address: 172.16.32.2 

Number of TOS metrics: 0 

TOS 0 Metrics: 64 

Link connected to: a Stub Network 

(Link ID) Network/subnet number: 172.16.32.0 

(Link Data) Network Mask: 255.255.255.0 

Number of TOS metrics: 0 

TOS 0 Metrics: 64 

R1-7010(5)# show ip ospf database router 172.16.33.1 

Adv Router is not-reachable 

LS agE. 357 

Options: (No TOS-capability, DC) 

LS TypE. Router Links 

Link State ID. 172.16.33.1 

Advertising Router: 172.16.33.1 

LS Seq Number: 8000000A 

Checksum: 0xD4AA 

Length: 48 

Number of Links: 2 

Link connected to: a Transit Network 

(Link ID) Designated Router address: 172.16.32.1 

(Link Data) Router Interface address: 172.16.32.1 

Number of TOS metrics: 0 

TOS 0 Metrics: 64 

You can see that for subnet 172.16.32.0/24, Router R1-7010 is generating a point-to-point link and Router R4-4K is generating a transit link. This creates a discrepancy in the link-state database, which means no routes are installed in the routing table. 

R1-7010(5)# show ip route 

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks 

C 172.16.32.0/24 is directly connected, Serial1/0 

C 172.16.30.1/32 is directly connected, Loopback0 

Solution 

To solve this problem, configure both routers for the same network type. You can either change the network type of Router R1-7010 to broadcast, or change Router R4-4K's serial interface to point-to-point. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7112-26.html 


Q438. Refer to the exhibit. 

Which three statements about the output are true? (Choose three.) 

A. This switch is currently receiving a multicast data stream that is being forwarded out VLAN 150. 

B. A multicast receiver has requested to join one or more of the multicast groups. 

C. Group 224.0.1.40 is a reserved address, and it should not be used for multicast user data transfer. 

D. One or more multicast groups are operating in PIM dense mode. 

E. One or more of the multicast data streams will be forwarded out to neighbor 10.85.20.20. 

F. Group 239.192.1.1 is a reserved address, and it should not be used for multicast user data transfer. 

Answer: A,B,C 

Explanation: 

A. VLAN 150 shows up in the outgoing interface list so those specific multicast streams are being forwarded to this VLAN. 

B. A receiver has requested to receive the multicast stream associated with the multicast address of 239.192.1.1, that is why this stream appears in the mroute table. 

C. The 224.0.1.40 is a reserved multicast group for cisco's Rp descovery. All cisco routers are members of this grup by default and listen to this group for Cisco RP discovery messages advertised by mapping agent even if it is not configured 


Q439. In which two modes do IPv6-in-IPv4 tunnels operate? (Choose two.) 

A. tunnel mode 

B. transport mode 

C. 6to4 mode 

D. 4to6 mode 

E. ISATAP mode 

Answer: C,E 

Explanation: 

*There are 5 tunneling solution in IPv6:* 

*1. Using the “Tunnel mode ipv6ip”, in this case the tunnel source and destination are configured with IPv4 addressing and the tunnel interface is configured with IPv6. This will use protocol 41. This is used for IPv6/IPv4. 

R1(config)#int tunnel 1 

R1(config-if)#ipv6 address 12:1:12::1/64 

R1(config-if)#tunnel source 10.1.12.1 

R1(config-if)#tunnel destination 10.1.12.2 

R1(config-if)#*tunnel mode ipv6ip* 

*

2. Using the “Tunnel mode gre ipv6, in this case the tunnel source and destination are all configured with IPv6 addressing. This is used for IPv6/IPv6. 

BB1(config)#int tunnel 1 

BB1(config-if)#ipv6 address 121:1:121::111/64 

BB1(config-if)#tunnel source 10:1:111::111 

BB1(config-if)#tunnel destination 10:1:112::112 

BB1(config-if)#*tunnel mode gre ipv6* 

*3. 

In this case, the third type, the tunnel mode is NOT used at all, note that the tunnel interface is configured with IPv6 and the tunnel source and destination is configured with IPv4 but no mention of tunnel mode. This configuration will use protocol 47. This is used for IPv6/IPv4. 

R1(config)#int tunnel 13 

R1(config-if)#ipv6 address 13:1:13::1/64 

R1(config-if)#tunnel source 10.1.13.1 

R1(config-if)#tunnel destination 10.1.13.3 

*4. Note in this case a special addressing is assigned to the tunnel interface which is a concatenation of a reserved IPv6 address of 2002followed by the translated IPv4 address of a given interface on the router. In this configuration ONLY the tunnel source address is used and since the tunnel is automatic, the destination address is NOT configured. The tunnel mode is set to “Tunnel mode ipv6ip 6to4. Note the IPv4 address of 10.1.1.1 is translated to 0A.01.01.01 and once concatenated, it will be “2002:0A01:0101: or 2002:A01:101. This is used for IPv6/IPv4. 

R1(config)#interface Tunnel14 

R1(config-if)#ipv6 address 2002:A01:101::/128 

R1(config-if)#tunnel source 10.1.1.1 

R1(config-if)#*tunnel mode ipv6ip 6to4* 

*5. ISATAP, ISATAP works like 6to4 tunnels, with one major difference, it uses a special IPv6 address which is formed as follows: * 

*In this tunnel mode, the network portion can be any IPv6 address, whereas in 6to4 it had to start with 2002.* 

*Note when the IPv6 address is assigned to the tunnel interface, the “eui-64 is used, in this case the host portion of the IPv6 address starts with “0000.5EFE” and then the rest of the host portion is the translated IPv4 address of the tunnel’s source IPv4 address. This translation is performed automatically unlike 6to4. This is used for IPv6/IPv4.* 

R4(config)#int tunnel 46 

R4(config-if)#ipv6 address 46:1:46::/64 eui-64 

R4(config-if)#tunnel source 10.44.44.44 

R4(config-if)#*tunnel mode ipv6ip ISATAP* 


Q440. Refer to the exhibit. 

Which statement about the route target for 192.168.1.0/24 is true? 

A. Its route target is 64512:100010051. 

B. Its route targets are 64512:100010051, 64512:2002250, and 64512:3002300. 

C. Its route target is 64512:3002300. 

D. Its route targets are 64512:100010051 and 64512:3002300. 

E. Its route targets are 64512:2002250 and 64512:3002300. 

Answer:

Explanation: 

Here we are using route maps to change the route target for the 192.168.1.0/24 network from the default route target of 64512:100010051 to 64512:3002300.