Beginners Guide: 400 101 ccie


♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 400-101 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 400-101 Exam Dumps (PDF & VCE):
Available on: http://www.certleader.com/400-101-dumps.html


400-101 Product Description:
Exam Number/Code: 400-101 vce
Exam name: CCIE Routing and Switching (v5.0)
n questions with full explanations
Certification: Cisco Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: Cisco 400-101 CCIE Routing and Switching (v5.0)

400-101 examcollection

we provide Validated Cisco 400 101 pdf exam which are the best for clearing 400 101 vce test, and to get certified by Cisco CCIE Routing and Switching (v5.0). The 400 101 ccie Questions & Answers covers all the knowledge points of the real ccie 400 101 exam. Crack your Cisco passleader 400 101 Exam with latest dumps, guaranteed!

Q151. According to RFC 4577, OSPF for BGP/MPLS IP VPNs, when must the down bit be set? 

A. when an OSPF route is distributed from the PE to the CE, for Type 3 LSAs 

B. when an OSPF route is distributed from the PE to the CE, for Type 5 LSAs 

C. when an OSPF route is distributed from the PE to the CE, for Type 3 and Type 5 LSAs 

D. when an OSPF route is distributed from the PE to the CE, for all types of LSAs 

Answer:

Explanation: 

If an OSPF route is advertised from a PE router into an OSPF area, the Down bit (DN) is set. Another PE router in the same area does not redistribute this route into iBGP of the MPLS VPN network if down is set. 

RFC 4577 says: 

“When a type 3 LSA is sent from a PE router to a CE router, the DN bit in the LSA Options field MUST be set. This is used to ensure that if any CE router sends this type 3 LSA to a PE router, the PE router will not redistribute it further. When a PE router needs to distribute to a CE router a route that comes from a site outside the latter’s OSPF domain, the PE router presents itself as an ASBR (Autonomous System Border Router), and distributes the route in a type 5 LSA. The DN bit [OSPF-DN] MUST be set in these LSAs to ensure that they will be ignored by any other PE routers that receive them.” 

For more information about Down bit according to RFC 4577 please read more herE. http://tools.ietf.org/html/rfc4577#section-4.2.5.1. 


Q152. Refer to the exhibit. 

Notice that debug ip bgp updates have been enabled. What can you conclude from the debug output? 

A. This is the result of the clear ip bgp 10.1.3.4 in command. 

B. This is the result of the clear ip bgp 10.1.3.4 out command. 

C. BGP neighbor 10.1.3.4 performed a graceful restart. 

D. BGP neighbor 10.1.3.4 established a new BGP session. 

Answer:

Explanation: 

If you enter the clear ip bgp out command for a BGP peer, that router resends its BGP prefixes to that peer. This does not cause a change in the best path on the receiving BGP peer. Hence, there is no change in the Table Version on that peer. 

When you run the debug ip bgp updates on the receiving router, you see: 

BGP(0): 10.1.3.4 rcvd UPDATE w/ attr: nexthop 10.1.3.4, origin i, metric 0, merged path 4, AS_PATH 

BGP(0): 10.1.3.4 rcvd 10.100.1.1/32...duplicate ignored 

The received update is recognized as a duplicate, so it is ignored and no best path change occurs. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116511-technote-tableversion-00.html 


Q153. Which authentication method does OSPFv3 use to secure communication between neighbors? 

A. plaintext 

B. MD5 HMAC 

C. PKI 

D. IPSec 

Answer:

Explanation: 

In order to ensure that OSPFv3 packets are not altered and re-sent to the device, causing the device to behave in a way not desired by its system administrators, OSPFv3 packets must be authenticated. OSPFv3 uses the IPsec secure socket API to add authentication to OSPFv3 packets. This API supports IPv6. OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html 


Q154. Which statement about SSHv2 is true? 

A. Routers acting as SSH clients can operate without RSA keys. 

B. SSHv2 supports port forwarding and compression. 

C. The RSA key pair size must be at least 512. 

D. You must configure a default gateway before you enable SSHv2. 

Answer:


Q155. A configuration includes the line ip nbar port-map SSH tcp 22 23 443 8080. Which option describes the effect of this configuration line? 

A. It configures NBAR to search for SSH using ports 22, 23, 443, and 8080. 

B. It configures NBAR to allow SSH connections only on ports 22, 23, 443, and 8080. 

C. It enables NBAR to inspect for SSH connections. 

D. It creates a custom NBAR port-map named SSH and associates TCP ports 22, 23, 443, and 8080 to itself. 

Answer:

Explanation: 

The ip nbar-port-map command configures NBAR to search for a protocol or protocol name using a port number other than the well-known port. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/command/reference/fqos_r/qrfcmd10.pd f 


Q156. Refer to the exhibit. 

Which statement is true about a valid IPv6 address that can be configured on tunnel interface0? 

A. There is not enough information to calculate the IPv6 address. 

B. 6to4 tunneling allows you to use any IPv6 address. 

C. 2001:7DCB:5901::/128 is a valid IPv6 address. 

D. 2002:7DCB:5901::/128 is a valid IPv6 address. 

Answer:

Explanation: 

Most IPv6 networks use autoconfiguration, which requires the last 64 bits for the host. The first 64 bits are the IPv6 prefix. The first 16 bits of the prefix are always 2002:, the next 32 bits are the IPv4 address, and the last 16 bits of the prefix are available for addressing multiple IPv6 subnets behind the same 6to4 router. Since the IPv6 hosts using autoconfiguration already have determined the unique 64 bit host portion of their address, they must simply wait for a Router Advertisement indicating the first 64 bits of prefix to have a complete IPv6 address. A 6to4 router will know to send an encapsulated packet directly over IPv4 if the first 16 bits are 2002, using the next 32 as the destination, or otherwise send the packet to a well-known relay server, which has access to native IPv6. 

Reference: http://en.wikipedia.org/wiki/6to4 


Q157. DRAG DROP 

Drag and drop each EIGRP element on the left to the corresponding definition on the right. 

Answer: 


Q158. DRAG DROP 

Drag and drop the IPv6 multicast feature or protocol on the left to the correct address space on the right. 

Answer: 


Q159. What are two reasons to use the ip ospf database filter all out command? (Choose two.) 

A. to maintain a centralized OSPF database on a single master device 

B. to avoid flooding LSAs on low-speed links 

C. to ensure a consistent OSPF database across the network 

D. to selectively filter OSPF routes without disrupting the SPF algorithm 

E. to filter only type 7 LSAs from an OSPF area 

F. to enable OSPF to send triggered updates 

Answer: A,B 


Q160. Which two options describe two functions of a neighbor solicitation message? (Choose two.) 

A. It requests the link-layer address of the target. 

B. It provides its own link-layer address to the target. 

C. It requests the site-local address of the target. 

D. It provides its own site-local address to the target. 

E. It requests the admin-local address of the target. 

F. It provides its own admin-local address to the target. 

Answer: A,B 

Explanation: 

Neighbor solicitation messages are sent on the local link when a node wants to determine the link-layer address of another node on the same local link (see the figure below). When a node wants to determine the link-layer address of another node, the source address in a neighbor solicitation message is the IPv6 address of the node sending the neighbor solicitation message. The destination address in the neighbor solicitation message is the solicited-node multicast address that corresponds to the IPv6 address of the destination node. The neighbor solicitation message also includes the link-layer address of the source node. 

Figure 1. IPv6 Neighbor Discovery: Neighbor Solicitation Message 

After receiving the neighbor solicitation message, the destination node replies by sending a neighbor advertisement message, which has a value of 136 in the Type field of the ICMP packet header, on the local link. The source address in the neighbor advertisement message is the IPv6 address of the node (more specifically, the IPv6 address of the node interface) sending the neighbor advertisement message. The destination address in the neighbor advertisement message is the IPv6 address of the node that sent the neighbor solicitation message. The data portion of the neighbor advertisement message includes the link-layer address of the node sending the neighbor advertisement message. After the source node receives the neighbor advertisement, the source node and destination node can communicate. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/xe-3s/ip6b-xe-3s-book/ip6-neighb-disc-xe.html 



To know more about the CCIE Routing and Switching (v5.0), click here.