Our pass rate is high to 98.9% and the similarity percentage between our ccie 400 101 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Cisco 400 101 pdf exam in just one try? I am currently studying for the Cisco 400 101 pdf exam. Latest Cisco ccie 400 101 dumps Test exam practice questions and answers, Try Cisco cisco 400 101 Brain Dumps First.

Q161. Which data plane protocol does EIGRP Over the Top use? 

A. MPLS 

B. GRE 

C. LISP 

D. IP-in-IP 

Answer:

Explanation: 

The EIGRP Over the Top solution can be used to ensure connectivity between disparate Enhanced Interior Gateway Routing Protocol (EIGRP) sites. This feature uses EIGRP on the control plane and Locator ID Separation Protocol (LISP) encapsulation on the data plane to route traffic across the underlying WAN architecture. EIGRP is used to distribute routes between customer edge (CE) devices within the network, and the traffic forwarded across the WAN architecture is LISP encapsulated. Therefore, to connect disparate EIGRP sites, you must configure the neighbor command with LISP encapsulation on every CE in the network. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-xe-3s-book/ire-eigrp-over-the-top.html 


Q162. Refer to the exhibit. 

R1 is performing mutual redistribution, but OSPF routes from R3 are unable to reach R2. Which three options are possible reasons for this behavior? (Choose three.) 

A. R1 requires a seed metric to redistribute RIP. 

B. The RIP version supports only classful subnet masks. 

C. R1 is filtering OSPF routes when redistributing into RIP. 

D. R3 and R1 have the same router ID. 

E. R1 and R3 have an MTU mismatch. 

F. R2 is configured to offset OSPF routes with a metric of 16. 

Answer: A,C,F 

Explanation: 

A. RIP requires a seed metric to be specified when redistributing routes into that protocol. A seed metric is a "starter metric" that gives the RIP process a metric it can work with. The OSPF metric of cost is incomprehensible to RIP, since RIP's sole metric is hop count. We've got to give RIP a metric it understands when redistributing routes into that protocol, so let's go back to R1 and do so. 

C. Filtering routes is another explanation, if the routes to R2 are boing filtered from being advertised to R1. 

F. If the metric is offset to 16, then the routes will have reached the maximum hop count when redistributed to RIP. The max hop count for RIP is 16. 


Q163. A company has just opened two remote branch offices that need to be connected to the corporate network. Which interface configuration output can be applied to the corporate router to allow communication to the remote sites? 

A. interface Tunnel0 

bandwidth 1536 

ip address 209.165.200.230 255.255.255.224 

tunnel source Serial0/0 

tunnel mode gre multipoint 

B. interface fa0/0 

bandwidth 1536 

ip address 209.165.200.230 255.255.255.224 

tunnel mode gre multipoint 

C. interface Tunnel0 

bandwidth 1536 

ip address 209.165.200.231 255.255.255.224 

tunnel source 209.165.201.1 

tunnel-mode dynamic 

D. interface fa 0/0 

bandwidth 1536 

ip address 209.165.200.231 255.255.255.224 

tunnel source 192.168.161.2 

tunnel destination 209.165.201.1 

tunnel-mode dynamic 

Answer:


Q164. Which two modes of operation does BFD support? (Choose two.) 

A. synchronous mode 

B. asynchronous mode 

C. demand mode 

D. echo mode 

E. aggressive mode 

F. passive mode 

Answer: B,C 

Explanation: 

A session may operate in one of two modes: asynchronous mode and demand mode. In 

asynchronous mode, both endpoints periodically send Hello packets to each other. If a number of those packets are not received, the session is considered down. In demand mode, no Hello packets are exchanged after the session is established; it is assumed that the endpoints have another way to verify connectivity to each other, perhaps on the underlying physical layer. However, either host may still send Hello packets if needed. 

Reference: http://en.wikipedia.org/wiki/Bidirectional_Forwarding_Detection 


Q165. Which option describes the purpose of the PPP endpoint discriminator? 

A. It identifies the maximum payload packet. 

B. It notifies the peer that it prefers 12-bit sequence numbers. 

C. It identifies the system attached to the link. 

D. It determines whether a loopback is on the link. 

Answer:

Explanation: 

In situations in which many clients use the same username to initiate an MP connection, or when interoperating with non-Cisco routers, you need to control the order in which the bundle name is created. It is necessary to configure the access server to create a bundle name based on the endpoint discriminator first, the username second, or both. The endpoint discriminator identifies the system transmitting the packet and advises the network access server (NAS) that the peer on this link could be the same as the peer on another existing link. Because every client has a unique endpoint discriminator, only multiple links from the same client are bundled into a single unique MP connection. For example, consider when two PC clients initiate a multilink connection to an access server using the same username. If the multilink bundle name is established based on the endpoint discriminator first, then on the username or on both, the NAS can accurately bundle the links from each client using the endpoint discriminator as a bundle name. This bundle name is unique to the peer system transmitting the packet. 

Reference: http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/10238-mppp-bundle-name.html 


Q166. Which three options are best practices for implementing a DMVPN? (Choose three.) 

A. Use IPsec in tunnel mode. 

B. Implement Dead Peer Detection to detect communication loss. 

C. Configure AES for encryption of transported data. 

D. Configure SHA-1 for encryption of transported data. 

E. Deploy IPsec hardware acceleration to minimize router memory overhead. 

F. Configure QoS services only on the head-end router. 

Answer: A,B,C 

Explanation: 

Best Practices Summary for Hub-and-Spoke Deployment Model 

This section describes the best practices for a dual DMVPN cloud topology with the hub-and-spoke deployment, supporting IP multicast (IPmc) traffic including routing protocols. 

The following are general best practices: 

. Use IPsec in transport mode 

. Configure Triple DES (3DES) or AES for encryption of transported data (exports of encryption algorithms to certain countries may be prohibited by law). 

Implement Dead Peer Detection (DPD) on the spokes to detect loss of communication between peers. 

. Deploy hardware-acceleration of IPsec to minimize router CPU overhead, to support traffic with low latency and jitter requirements, and for the highest performance for cost. 

. Keep IPsec packet fragmentation to a minimum on the customer network by setting MTU size or using Path MTU Discovery (PMTUD). 

. Use Digital Certificates/Public Key Infrastructure (PKI) for scalable tunnel authentication. 

. Configure a routing protocol (for example, EIGRP, BGP or OSPF) with route summarization help alleviate interface congestion issues and to attempt to keep higher priority traffic from being dropped during times of congestion. 

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG/DMV PN_1.html 


Q167. Which two statements about redistribution are true? (Choose two.) 

A. EIGRP requires the route to have a default metric defined. 

B. EIGRP and OSPF use their router IDs to prevent loops. 

C. When OSPF is redistributed into IS-IS, the default metric must be configured under the IS-IS process. 

D. When traffic is redistributed into OSPF, the subnets command is needed to redistribute classful subnets. 

E. The default seed metric for OSPF redistributed routes is 30. 

Answer: A,B 


Q168. Refer to the exhibit. 

Which configuration reduces CPU utilization on R2 while still advertising the connected routes of R2 to R1? 

A. Configure eigrp stub connected on R2. 

B. Configure eigrp stub receive-only on R1. 

C. Configure eigrp stub static on R2. 

D. Configure eigrp stub summary on R1. 

Answer:


Q169. Which two are features of DMVPN? (Choose two.) 

A. It does not support spoke routers behind dynamic NAT. 

B. It requires IPsec encryption. 

C. It only supports remote peers with statically assigned addresses. 

D. It supports multicast traffic. 

E. It offers configuration reduction. 

Answer: D,E 

Explanation: 

DMVPN Hub-and-spoke deployment model: In this traditional topology, remote sites (spokes) are aggregated into a headend VPN device at the corporate headquarters (hub). Traffic from any remote site to other remote sites would need to pass through the headend device. Cisco DMVPN supports dynamic routing, QoS, and IP Multicast while significantly reducing the configuration effort. 

Reference: http://www.cisco.com/c/en/us/products/collateral/security/dynamic-multipoint-vpn-dmvpn/data_sheet_c78-468520.html 


Q170. Which statement describes the function of rekey messages? 

A. They prevent unencrypted traffic from passing through a group member before registration. 

B. They refresh IPsec SAs when the key is about to expire. 

C. They trigger a rekey from the server when configuring the rekey ACL. 

D. They authenticate traffic passing through a particular group member. 

Answer:

Explanation: 

Rekey messages are used to refresh IPsec SAs. When the IPsec SAs or the rekey SAs are about to expire, one single rekey message for a particular group is generated on the key server. No new IKE sessions are created for the rekey message distribution. The rekey messages are distributed by the key server over an existing IKE SA. Rekeying can use multicast or unicast messages. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-xe-3s-book/sec-get-vpn.html