Ensurepass
2017 May Cisco Official New Released 400-101 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/400-101.html

CCIE Routing and Switching Written Exam v5.1

QUESTION 301

DRAG DROP

clip_image002

 

Correct Answer:

clip_image004

 

 

QUESTION 302

Refer to the exhibit. Which LISP component do routers in the public IP network use to forward traffic between the two networks?

 

clip_image006

 

A.

EID

B.

RLOC

C.

map server

D.

map resolver

 

Correct Answer: B

Explanation:

Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:

Endpoint identifiers (EIDs)-assigned to end hosts.

Routing locators (RLOCs)-assigned to devices (primarily routers) that make up the global routing system. The public networks use the RLOC to forward traffic between networks.

 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/15-mt/irl-15-mt-book/irl-overview.html

 

 

QUESTION 303

By default, how does a GET VPN group member router handle traffic when it is unable to register to a key server?

 

A.

All traffic is queued until registration is successful or the queue is full.

B.

All traffic is forwarded through the router unencrypted.

C.

All traffic is forwarded through the router encrypted.

D.

All traffic through the router is dropped.

 

Correct Answer: B

Explanation:

In the basic GETVPN configuration, the traffic passing through group members will be sent in clear until it registers with the Key Server. This is because the crypto ACL is configured on the KS and GM will get that information only after the registration is successful. This means for a short period of time the traffic can go out unencrypted after a GM is booted up or the existing GETVPN session is cleared manually. This mode is called “fail open” and it is the default behavior. This behavior can be turned off by configuring “Fail Close” mode on the GMs.

Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/deployment_guide_c07_554713.html

 

 

QUESTION 304

Which action does route poisoning take that serves as a loop-prevention method?

 

A.

It immediately sends routing updates with an unreachable metric to all devices.

B.

It immediately sends routing updates with a metric of 255 to all devices.

C.

It prohibits a router from advertising back onto the interface from which it was learned.

D.

It advertises a route with an unreachable metric back onto the interface from which it was learned.

E.

It poisons the route by tagging it uniquely within the network.

 

Correct Answer: A

Explanation:

With route poisoning, when a router detects that one of its connected routes has failed, the router will poison the route by assigning an infinite metric to it and advertising it to neighbors.

 

 

QUESTION 305

DRAG DROP

clip_image008

 

Correct Answer:

clip_image010

 

 

 

 

QUESTION 306

Refer to the exhibit. How can the EIGRP hello and hold time for Gig0/0 be changed to 5 and 15?

 

clip_image011

 

A.

No action is required, since Gig0/0 is not listed with a nondefault hello and hold time.

B.

Add the commands ip hello-interval eigrp 1 5 and ip hold-time eigrp 1 15 under interface Gig0/0.

C.

Add the commands hello-interval 5 and hold-time 15 under “af-interface Gig0/0” under the address family.

D.

Add the commands default hello-interval and default hold-time under the af-interface Gig0/0 statement under the address family.

 

Correct Answer: C

Explanation:

To configure the hello interval for an interface, use the hello-interval command in interface configuration mode.

To configure the hold time for an interface, use the hold-time command in interface configuration mode.

Reference: http://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-1/routing/command/reference/b_routing_cr41crs/b_routing_cr41crs_chapter_010.html#wp232306

 

 

QUESTION 307

Which two options are the two main phases of PPPoE? (Choose two.)

 

A.

Active Discovery Phase

B.

IKE Phase

C.

Main Mode Phase

D.

PPP Session Phase

E.

Aggressive Mode Phase

F.

Negotiation Phase

 

Correct Answer: AD

Explanation:

PPPoE is composed of two main phases:

Active Discovery Phase–In this phase, the PPPoE client locates a PPPoE server, called an access concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established.

PPP Session Phase–In this phase, PPP options are negotiated and authentication is performed.

Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers.

Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-pppoe.html

 

 

QUESTION 308

Refer to the exhibit. R1 is able to reach only some of the subnets that R2 is advertising. Which two configuration changes can you make to ensure that R1 can reach all routes from R2? (Choose two.)

 

clip_image012

 

A.

Add an additional permit statement to the LOOPBACKS route map.

B.

Modify the LOOPBACKS access list to include all loopback subnets.

C.

Add an additional statement in the LOOPBACKS route map to match both Level 1 and Level 2 circuits.

D.

Add an additional statement in the LOOPBACKS route map to match the R1 CLNS address.

E.

Configure the interfaces between R1 and R2 with a Level 1 IS-IS circuit.

F.

Configure the interfaces between R1 and R2 with a Level 2 IS-IS circuit.

 

Correct Answer: AB

Explanation:

In this example, the access list is using a 0.0.3.255 wildcard mask, so only the loopback IP’s of 172.16.0.0 – 172.16.3.255 will be included. We need to add another statement to allow loopback 4 to be advertised, or modify the wildcard mask to include them all.

 

 

QUESTION 309

For which feature is the address family “rtfilter” used?

 

A.

Enhanced Route Refresh

B.

MPLS VPN filtering

C.

Route Target Constraint

D.

Unified MPLS

 

Correct Answer: C

Explanation:

With Multiprotocol Label Switching (MPLS) VPN, the internal Border Gateway Protocol (iBGP) peer or Route Reflector (RR) sends all VPN4 and/or VPN6 prefixes to the PE routers. The PE router drops the VPN4/6 prefixes for which there is no importing VPN routing and forwarding (VRF). This is a behavior where the RR sends VPN4/6 prefixes to the PE router, which it does not need. This is a waste of processing power on the RR and the PE and a waste of bandwidth. With Route Target Constraint (RTC), the RR sends only wanted VPN4/6 prefixes to the PE. ‘Wanted’ means that the PE has VRF importing the specific prefixes. RFC 4684 specifies Route Target Constraint (RTC). The support is through a new address family rtfilter for both VPNv4 and VPNv6.

Reference: http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/116062-technologies-technote-restraint-00.html

 

 

QUESTION 310

When you configure the ip pmtu command under an L2TPv3 pseudowire class, which two things can happen when a packet exceeds the L2TP path MTU? (Choose two.)

 

A.

The router drops the packet.

B.

The router always fragments the packet after L2TP/IP encapsulation.

C.

The router drops the packet and sends an ICMP unreachable message back to the sender only if the DF bit is set to 1.

D.

The router always fragments the packet before L2TP/IP encapsulation.

E.

The router fragments the packet after L2TP/IP encapsulation only if the DF bit is set to 0.

F.

The router fragments the packet before L2TP/IP encapsulation only if the DF bit is set to 0.

 

Correct Answer: CF

Explanation:

If you enable the ip pmtu command in the pseudowire class, the L2TPv3 control channel participates in the path MTU discovery. When you enable this feature, the following processing is performed:

 

ICMP unreachable messages sent back to the L2TPv3 router are deciphered and the tunnel MTU is updated accordingly. In order to receive ICMP unreachable messages for fragmentation errors, the DF bit in the tunnel header is set according to the DF bit value received from the CE, or statically if the ip dfbit set option is enabled. The tunnel MTU is periodically reset to the default value based on a periodic timer.

 

ICMP unreachable messages are sent back to the clients on the CE side. ICMP unreachable messages are sent to the CE whenever IP packets arrive on the CE-PE interface and have a packet size greater than the tunnel MTU. A Layer 2 header calculation is performed before the ICMP unreachable message is sent to the CE.

 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/l2tpv325.html

100% Free Download!
—Download Free Demo:400-101 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 400-101 Full Exam PDF and VCE Q&As:1273
—Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.05.01-2017.05.31]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE