Exam Code: 400 101 dumps (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CCIE Routing and Switching (v5.0)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass ccie 400 101 dumps Exam.

Q171. The session status for an IPsec tunnel with IPv6-in-IPv4 is down with the error message IKE message from failed its sanity check or is malformed. 

Which statement describes a possible cause of this error? 

A. There is a verification failure on the IPsec packet. 

B. The SA has expired or has been cleared. 

C. The pre-shared keys on the peers are mismatched. 

D. There is a failure due to a transform set mismatch. 

E. An incorrect packet was sent by an IPsec peer. 



IKE Message from X.X.X.X Failed its Sanity Check or is Malformed This debug error appears if the pre-shared keys on the peers do not match. In order to fix this issue, check the pre-shared keys on both sides. 1d00H:%CRPTO-4-IKMP_BAD_MESSAGE. IKE message from failed its sanity check or is malformed. 

Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#ike 

Q172. Refer to the exhibit. 

Your organization has two offices, Site 1 and Site 2, which are connected by a provider 

backbone, as shown. Where must you configure an attachment circuit to allow the two sites to connect over a Layer 2 network using L2TPv3? 

A. PE Site 1 Fa1/0 and PE Site 2 Fa0/0 

B. CE Site 1 Fa0/0 and CE Site 2 Fa0/0 

C. PE Site 1 Se0/0 and PE Site 2 Se0/0 

D. CE Site 1 Fa0/0 and PE Site 2 Se0/0 



Drag and drop each DHCP term on the left to the corresponding definition on the right. 


Q174. Which mechanism does Cisco recommend for CE router interfaces that face the service provider for an EVPL circuit with multiple EVCs and multiple traffic classes? 



C. tail drop 




In a simple handoff, packets may be discarded in the service provider network, either because of congestion on a link without an appropriate QoS policy or because of a policer QoS configuration on the service provider network that serves to rate limit traffic accessing the WAN core. To address these issues, QoS on the CE device is applied at a per-port level. A QoS service policy is configured on the outside Ethernet interface, and this parent policy includes a shaper that then references a second or subordinate (child) policy that enables queueing within the shaped rate. This is called a hierarchical CBWFQ (HCBWFQ) configuration. 

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/Ethernet_Acces s_for_NG_MAN_WAN_V3-1_external.html 

Q175. What is the cause of ignores and overruns on an interface, when the overall traffic rate of the interface is low? 

A. a hardware failure of the interface 

B. a software bug 

C. a bad cable 

D. microbursts of traffic 



Micro-bursting is a phenomenon where rapid bursts of data packets are sent in quick succession, leading to periods of full line-rate transmission that can overflow packet buffers of the network stack, both in network endpoints and routers and switches inside the network. Symptoms of micro bursts will manifest in the form of ignores and/ or overruns (also shown as accumulated in “input error” counter within show interface output). This is indicative of receive ring and corresponding packet buffer being overwhelmed due to data bursts coming in over extremely short period of time (microseconds). You will never see a sustained data traffic within show interface’s “input rate” counter as they are averaging bits per second (bps) over 5 minutes by default (way too long to account for microbursts). You can understand microbursts from a scenario where a 3-lane highway merging into a single lane at rush hour – the capacity burst cannot exceed the total available bandwidth (i.e. single lane), but it can saturate it for a period of time. 

Reference: http://ccieordie.com/?tag=micro-burst 

Q176. Refer to the exhibit. 

Which AS paths are matched by this access list? 

A. the origin AS 64496 only 

B. the origin AS 64496 and any ASs after AS 64496 

C. the directly attached AS 64496 and any ASs directly attached to AS 64496 

D. the directly attached AS 64496 and any longer AS paths 



If you want AS 1 to get networks originated from AS 4 and all directly attached ASs of AS 4, apply the following inbound filter on Router 1. ip as-path access-list 1 permit ^4_[0-9]*$ router bgp 1 neighbor remote-as 4 neighbor route-map foo in route-map foo permit 10 match as-path 1 In the ip as-path access-list command, the carat (^) starts the input string and designates "AS". The underscore (_) means there is a a null string in the string that follows "AS 4". The [0-9]* specifies that any connected AS with a valid AS number can pass the filter. The advantage of using the [0-9]* syntax is that it gives you the flexibility to add any number of ASs without modifying this command string. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13754-26.html 

Q177. What is the maximum number of secondary IP addresses that can be configured on a router interface? 

A. 1 

B. 2 

C. 4 

D. 1024 

E. 65535 

F. no limit to the number of addresses 



From “IP Routing Frequently Asked Questions” 

Q. What are the maximum number of secondary IP addesses that can be configured on a router interface? 

.A. There are no limits on configuring secondary IP addresses on a router interface. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/28745-44.html#q21 

Q178. Which three responses can a remote RADIUS server return to a client? (Choose three.) 

A. Reject-Challenge 

B. Access-Reject 

C. Accept-Confirmed 

D. Access-Accept 

E. Access-Challenge 

F. Reject-Access 

Answer: B,D,E 

Q179. Refer to the exhibit. 

Which log levels are enabled for the console? 

A. informational only 

B. informational and debugging 

C. informational, debugging, notifications, warnings, errors, critical, alerts, and emergencies 

D. informational, notifications, warnings, errors, critical, alerts, and emergencies 


Q180. When EIGRP is used as the IPv4 PE-CE protocol, which two requirements must be configured before the BGP IPv4 address family can be configured? (Choose two.) 

A. the route distinguisher 

B. the virtual routing and forwarding instance 

C. the loopback interface 

D. the router ID 

Answer: A,B 


A VRF must be created, and a route distinguisher and route target must be configured in order for the PE routers in the BGP network to carry EIGRP routes to the EIGRP CE site. The VRF must also be associated with an interface in order for the PE router to send routing updates to the CE router. Prerequisites Before this feature can be configured, MPLS and CEF must be configured in the BGP network, and multiprotocol BGP and EIGRP must be configured on all PE routers that provide VPN services to CE routers.