Cisco 400-101 Questions & Answers

Cisco 400-101 Questions & Answers
CCIE R&S
Version: 1.0
Cisco 400-101 Exam
QUESTION NO: 1
Which of the following does RED and WRED address? (Select the best answer.)
A.
tail drop
B.
bandwidth starvation
C.
bandwidth guarantees
D.
strict-priority queuing
Answer: A
Explanation:
Random early detection (RED) and weighted RED (WRED) are congestion avoidance
mechanisms that address tail drop, which occurs when new incoming packets are dropped
because a router's queues are too full to accept them. Tail drop particularly affects Transmission
Control Protocol (TCP) traffic, because when TCP packets are dropped, the sources of the traffic
must retransmit the lost TCP packets. Additionally, the TCP traffic sources will detect the
congestion and will correspondingly slow down the rate at which they send data until the
congestion clears. When the congestion clears, the TCP sources speed up data transmission,
which again causes congestion; this ebb and flow of traffic is called global TCP synchronization.
RED mitigates the problems caused by global TCP synchronization by randomly dropping packets
as congestion increases and before the queue becomes full. As the average size of the queue
increases, RED will randomly drop packets at an increasingly faster rate. WRED improves upon
RED by employing different tail drop thresholds for each IP precedence or Differentiated Services
Code Point (DSCP) value, whereby lower-priority traffic is more likely to be dropped than higher-
priority traffic.
RED and WRED do not address bandwidth starvation. Queuing methods, such as weighted fair
queuing (WFQ), classbased WFQ (CBWFQ), or low latency queuing (LLQ), mitigate bandwidth
starvation. Bandwidth starvation occurs when higher-priority queues monopolize an interface's
bandwidth so that traffic from lower-priority queues is never sent.
RED and WRED do not address bandwidth guarantees. CBWFQ and LLQ provide bandwidth
guarantees by allowing the creation of up to 64 custom traffic classes, each with a guaranteed
minimum bandwidth. Bandwidth can be allocated as a value in Kbps, as a percentage of
bandwidth, or as a percentage of the remaining bandwidth.
RED and WRED do not address strictpriority queuing. LLQ improves upon CBWFQ through the
support of strictpriority queues that can be used for delaysensitive traffic. The strictpriority queues
can use as much bandwidth as possible but can use only the guaranteed minimum bandwidth
when other queues have traffic to send, thereby avoiding bandwidth starvation for the lowerpriority
"Everything is under control" - www.pass4sure.com 2
Cisco 400-101 Exam
queues.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfconav.html
QUESTION NO: 2 DRAG DROP
To complete this question, click Select and Place and follow the instructions.
Drag the BGP attributes on the left to appropriate column on the right.
Answer:
Explanation:

Cisco 400-101 Exam
Internet Engineering Task Force (IETF)standard Border Gateway Protocol (BGP) path attributes
can be broken down into the following categories:
- well-known, mandatory
- well-known, discretionary
- optional, transitive
- optional, nontransitive
The A-Spath, origin, and next hop attributes are supported by all BGP implementations and must
be included in every BGP update because all three attributes are well-known, mandatory BGP
attributes. Well-known BGP attributes must be supported by all BGP implementations. Mandatory
attributes must be included in every BGP update.
Well-known, discretionary BGP attributes are supported by all BGP implementations but are not
required to be sent in every BGP update. Atomic aggregate and local preference are both well-
known, discretionary BGP attributes.
Optional, transitive BGP attributes are silently forwarded if they are not supported by a particular
BGP implementation. Optional attributes need not be supported by any BGP implementation.
Transitive attributes are forwarded even if they are not supported. Aggregator and community are
both optional, transitive BGP attributes.
Optional, nontransitive BGP attributes are discarded if they are not supported by a particular BGP
implementation. Multiexit discriminator (MED) is an optional, nontransitive BGP attribute. Other
optional, nontransitive BGP attributes include originator ID and cluster list.

Cisco 400-101 Exam
Weight is a Ciscoproprietary BGP path attribute. The value assigned to the weight attribute is not
passed to BGP peers. The route that has been assigned the highest BGP weight value is
considered the best route.
Reference:
IETF: RFC 4271: A Border Gateway Protocol 4 (BGP4): 5. Path Attributes
CCIE Routing and Switching v5.0 Certification Guide, Volume 2, Chapter 2, Generic Terms and
Characteristics of BGP PAs, pp. 93-95
QUESTION NO: 3
Which of the following IPv6 prefixes is used for link-local unicast addresses? (Select the best
answer.)
A.
2000::/3
B.
FC00::/8
C.
FD00::/8
D.
FE80::/10
E.
FF00::/8
F.
::FFFF:0:0/96
Answer: D
Explanation:
The IPv6 prefix FE80::/10 is used for link-local unicast addresses. IPv6 addresses in the FE80::/10
range begin with the characters FE80 through FEBF. Unicast packets are used for one-to-one
communication. Linklocal addresses are unique only on the local segment. Therefore, linklocal
addresses are not routable. An IPv6capable host typically creates a linklocal unicast address
automatically at startup. Linklocal unicast addresses are used for neighbor discovery and for
environments in which no router is present to provide a routable IPv6 prefix.
The IPv6 prefix 2000::/3 is used for global aggregatable unicast addresses. IPv6 addresses in the
Cisco 400-101 Exam
2000::/3 range begin with the characters 2000 through 3FFF. Global aggregatable unicast address
prefixes are distributed by the Internet Assigned Numbers Authority (IANA) and are globally
routable over the Internet.
The IPv6 prefixes FC00::/8 and FD00::/8 are used for uniquelocal unicast addresses? together,
these prefixes can be summarized as FC00::/7. IPv6 addresses in these ranges begin with the
characters FC00 through FDFF. Uniquelocal addresses are not globally routable, but they are
routable within an organization.
The IPv6 prefix FF00::/8 is used for multicast addresses, which are used for onetomany
communication. IPv6 addresses in the FF00::/8 range begin with the characters FF00 through
FFFF. However, certain address ranges are used to indicate the scope of the multicast address.
The following IPv6 multicast scopes are defined:
- FF01::/16 - nodelocal
- FF02::/16 - linklocal
- FF05::/16 - sitelocal
- FF08::/16 - organizationlocal
-FF0E::/16 - global
IPv6 hosts use the multicasting capabilities of the Neighbor Discovery (ND) protocol to discover
the link layer addresses of neighbor hosts. The Hop Limit field is typically set to 255 in ND packets
that are sent to neighbors. Routers decrement the Hop Limit value as a packet is forwarded from
hop to hop. Therefore, a router that receives an ND packet with a Hop Limit value of 255 considers
the source of the ND packet to be a neighbor. If a router receives an ND packet with a Hop Limit
that is less than 255, the packet is ignored, thereby protecting the router from threats that could
result from the ND protocol's lack of neighbor authentication.
The IPv6 prefix ::FFFF:0:0/96 is used for IPv4mapped IPv6 addresses. IPv6 addresses in this
range are typically used for IPv6 over Multiprotocol Label Switching (MPLS). The last 32 bits are
used for the IPv4 address and are sometimes written in dotteddecimal notation. For example, the
IPv4 address 192.168.1.1 would be mapped to the IPv6 address ::FFFF:192.168.1.1.
Reference:
https://www.cisco.com/c/en/us/products/collateral/physical-security/video-surveillance-
manager/prod_white_paper0900aecd8073c232.html
QUESTION NO: 4

Cisco 400-101 Exam
You administer the partial network shown above. All of the routers run EIGRP. RouterA has the
following FD and AD values for the 10.1.2.0/24 network, which is connected to RouterE:
The variance is set to the default value on RouterA.
Which of the following statements is correct? (Select the best answer.)
A.
The route through RouterB is the only feasible successor.
B.
The route through RouterC is the only feasible successor.
C.
The route through RouterD is the only feasible successor.
D.
The routes through RouterB and RouterC are feasible successors.
E.
The routes through RouterB and RouterD are feasible successors.
F.
The routes through RouterC and RouterD are feasible successors.
G.
None of the routes qualifies as a feasible successor.

Cisco 400-101 Exam
Answer: C
Explanation:
The route through RouterD is the only feasible successor. A feasible successor is a backup route
to a destination. To qualify as a feasible successor, the advertising router must be closer to the
destination than the router to which the route is advertised. To ensure that the advertising router
meets this feasibility condition, the router must have an advertised distance (AD) that is less than
the feasible distance (FD) of the successor? the successor is the router with the lowest FD. The
AD, sometimes called the reported distance (RD), is the cost that the nexthop router has
calculated for the route, and the FD is the total distance to the destination network through that
nexthop router. If the AD of a route is lower than the FD of the successor, it is a feasible
successor.
The route through RouterC is not a feasible successor? it is the successor because it has the
lowest FD, 5362821. The AD of the route through RouterD is 3907449. Because the AD of
RouterD is less than the FD of RouterC, the route through RouterD is a feasible successor.
The route through RouterB is not a feasible successor, because the AD of RouterB, 5470303, is
higher than the FD of RouterC, 5362821. If the AD of RouterB were lower than the FD of RouterC,
the routes through RouterB and RouterD would both be feasible successors.
In some situations, a destination route might have no feasible successors. For example, there
would be no feasible successors if there were no alternate routes to a destination or if there were
no routes with an AD lower than the FD of the successor. Finally, there would be no feasible
successors if all of the routes qualified as successors. Enhanced Interior Gateway Routing
Protocol (EIGRP) can load balance over equalcost paths, and EIGRP can proportionally load
balance over unequalcost paths if the variance value is changed from its default value of 1.
Reference:
Cisco: Introduction to EIGRP
QUESTION NO: 5

Cisco 400-101 Exam
You administer the OSPF network shown in the diagram above. All interface and OSPF
parameters retain their default values.
Which of the following statements is true regarding the path that packets from RouterA will follow
to reach RouterC? (Select the best answer.)
A.
All packets will flow from RouterA to RouterB to RouterC.
B.
All packets will flow from RouterA to RouterD to RouterC.
C.
All packets will flow from RouterA to RouterE to RouterC.
D.
All packets will flow from RouterA to RouterB to RouterE to RouterC.
E.
Equalcost load balancing will distribute packets evenly between the following two paths:
- RouterA to RouterE to RouterC • RouterA to RouterB to RouterC
F.
Equalcost load balancing will distribute packets evenly between the following two paths:
- RouterA to RouterE to RouterC
- RouterA to RouterD to RouterC
G.
Cisco 400-101 Exam
Equalcost load balancing will distribute packets evenly among the following three paths:
- RouterA to RouterB to RouterC
H.
Unequalcost load balancing will distribute packets unevenly based on bandwidth among all
possiblepaths.
Answer: G
Explanation:
In this scenario, equalcost load balancing will distribute packets evenly among the following three
paths:
- RouterA to RouterB to RouterC
An Open Shortest Path First (OSPF) routing process uses a cost metric that is based on the
bandwidth of an interface relative to a reference bandwidth. The formula to determine the cost of
an interface is as follows:
cost = reference bandwidth / interface bandwidth
The default reference bandwidth is 100 Mbps. If a bandwidth has not been configured on an
interface, the OSPF process will use the default value for the interface type. The minimum
supported cost for an OSPF interface is 1, and any values that calculate to less than 1 are
rounded up to 1. Therefore, any link with an interface bandwidth greater than or equal to 100 Mbps
will result in a cost of 1 by default. As a result, the 100Mbps FastEthernet links and the 1Gbps
GigabitEthernet links in this scenario will all have a cost of 1.
An OSPF process uses cost values to generate its shortest path first (SPF) tree and then to
determine the optimal routes to all known networks. Because the minimum cost value is 1, the
reference bandwidth should be a value greater than or equal to the bandwidth of the fastest routed
link in the administrative domain. If the reference bandwidth is less than the fastest routed link on
the network, a situation can arise where the cost of two interfaces is the same even though their
link speeds are different. For example, in this scenario, the cost of every link has a value of 1.
Because all links appear to have the same cost, the OSPF routing process cannot distinguish
between the FastEthernet and GigabitEthernet links in the network. When an OSPF routing
process is presented with multiple routes of the same cost, equalcost load balancing is used to

Cisco 400-101 Exam
distribute packets evenly among the available paths. This distribution will cause some packets in
this scenario to take suboptimal routes to their destinations.
You can issue the autocost command from router configuration mode to change the reference
bandwidth for an OSPF routing process. The syntax for the autocost command is autocost
referencebandwidth refbw, where refbw is an integer between 1 and 4294967 and is expressed as
a value in megabits per second. Alternatively, you can manually configure a cost at the interface
level with the ip ospf cost command.
OSPF supports only equalcost load balancing; it does not support unequalcost load balancing.
Enhanced Interior Gateway Routing Protocol (EIGRP) supports both equalcost and unequalcost
load balancing.
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7039-1.html#t6
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book/ospf-
a1.html#wp3271966058
a1.html#wp4045850100
Drag each STP technology from the left, and place it on the appropriate description on the right.
Answer:

Cisco 400-101 Exam
Explanation:
Root guard is used to prevent newly introduced switches from being elected the new root. This
allows administrators to maintain control over which switch is the root. When root guard is applied
to a port, the port is permanently configured as a designated port. Normally, a port that receives a
superior bridge protocol data unit (BPDU) will become the root port. However, if a designated port
configured with root guard receives a superior BPDU, the port transitions to the rootinconsistent
state and no data will flow through that port until it stops receiving superior BPDUs. This prevents
other switches from propagating superior BPDUs throughout the network and becoming the root
bridge. Root guard is applied on a perport basis with the spanningtree guard root command.
Loop guard places inconsistent ports into the blocking state. It also prevents a switch port from
transitioning to the forwarding state when it stops receiving BPDUs? this prevents switching loops
from occurring. A port configured with loop guard that stops receiving BPDUs will be put into the
loopinconsistent state. After the port starts receiving BPDUs again, loop guard enables the port to
transition through the normal Spanning Tree Protocol (STP) states. To enable loop guard, issue
the spanningtree guard loop command from interface configuration mode.
PortFast reduces convergence time by immediately placing edge ports into the forwarding state.
PortFast is recommended only for host ports, which are ports that connect to IP phones, client

Cisco 400-101 Exam
workstations, or servers. Host ports that are not enabled for PortFast can cause a high number of
STP topology changes to flood throughout the network, thereby causing high CPU utilization on
network switches. However, care should be taken to ensure that PortFast is not enabled on a port
that is connected to a switch or other networking device. If you enable PortFast on such a port,
you risk creating switching loops because the port is permanently in the STP forwarding state. To
enable PortFast on a port, issue the spanningtree portfast command from interface configuration
mode.
BPDU guard disables ports that erroneously receive BPDUs. BPDU guard is applied to host ports
that have PortFast enabled. Because PortFast automatically places ports into a forwarding state, a
switch that has been connected to a PortFastenabled port could cause switching loops. However,
when BPDU guard is applied, the receipt of a BPDU on a port with BPDU guard enabled will result
in the port being placed into a disabled state, which prevents loops from occurring. To enable
BPDU guard, issue the spanningtree bpduguard enable command from interface configuration
mode.
Reference:
https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10596-
84.html#loop_guard_description
https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/10553-
12.html#sptree
74.html#diff
QUESTION NO: 7
Which of the following switches will be selected as the root bridge? (Select the best answer.)
A.
the switch with the lowest configured IP address
B.
the switch with the highest configured IP address
C.
the switch with the lowest MAC address
D.
the switch with the highest MAC address
E.
the switch with the lowest path cost

Cisco 400-101 Exam
F.
the switch with the highest path cost
G.
the switch with the lowest priority
H.
the switch with the highest priority
Answer: G
Explanation:
The switch with the lowest priority will be selected as the root bridge. The bridge priority can be set
by issuing the spanningtree priority value command, where value is a number from 0 through
65535; the default priority is 32768.
If multiple switches are configured with the same priority value, the switch with the lowest Media
Access Control (MAC) address is selected as the root bridge. MAC addresses are physical
addresses that are written in hexadecimal format and are hardcoded into the switch. With MAC
addresses, numbers are lower than letters and the hexadecimal value A is lower than the
hexadecimal value F.
It can also be said that the switch with the lowest bridge ID is selected as the root bridge. The
bridge ID consists of the 2byte bridge priority and the 6byte MAC address. Because the bridge
priority is the first part of the bridge ID, a switch with the lowest bridge priority will also have the
lowest bridge ID. For example, a switch with a bridge priority of 32768 and a MAC address of
1234.5678.9abc would have a bridge ID of 32768.1234.5678.9abc. If another switch had a lower
priority value, it would become the root bridge, but if the priority values of the two switches were
the same, the switch with the lower MAC address would become the root bridge.
Neither IP addresses nor path costs are used in the selection of the root bridge. The path cost,
which is based on the bandwidth of a link, is used to determine the best path to the root bridge.
The higher the bandwidth, the lower the cost. Spanning Tree Protocol (STP) uses the following
path costs by default:

Cisco 400-101 Exam
Reference:
Cisco: Configuring STP: SpanningTree Topology and BPDUs
Cisco: Spanning Tree Protocol Root Guard Enhancement
QUESTION NO: 8
Which of the following statements are true regarding TACACS+? (Select 2 choices.)
A.
TACACS+ is a standard protocol created by IETF.
B.
TACACS+ separates the authentication, authorization, and accounting functions of
AAA.
C.
TACACS+ encrypts only the password in AccessRequest packets.
D.
TACACS+ enables administrators to control access to configuration commands.
E.
TACACS+ uses UDP for packet delivery.
Answer: B,D

Cisco 400-101 Exam
Explanation:
Explanation/Reference:
Of the choices available, Terminal Access Controller Access Control System Plus (TACACS+)
separates the authentication, authorization, and accounting functions of Authentication,
Authorization, and Accounting (AAA) and enables administrators to control access to configuration
commands. TACACS+ is a Ciscoproprietary protocol used during AAA operations. Unlike other
AAA protocols, such as Remote Authentication DialIn User Service (RADIUS), TACACS+ provides
more granular and flexible control over user access privileges. For example, the AAA operations
are separated by TACACS+, whereas RADIUS combines the authentication and authorization
services into a single function. Because TACACS+ separates these functions, administrators have
more control over access to configuration commands. Additionally, TACACS+ encrypts the entire
contents of packets, thus providing additional security. TACACS + uses Transmission Control
Protocol (TCP) port 49 for transport.
RADIUS, not TACACS+, is a standard AAA protocol created by the Internet Engineering Task
Force (IETF). Compared to TACACS+, RADIUS has several limitations. For example, RADIUS
encrypts only the password in AccessRequest packets? it does not encrypt the entire contents of
the packet like TACACS+ does. RADIUS, not TACACS+, uses User Datagram Protocol (UDP) for
packet delivery.
Reference:
Cisco: TACACS+ and RADIUS Comparison: Compare TACACS+ and RADIUS
QUESTION NO: 9
Which switching method always checks for CRC errors before forwarding the frame? (Select the
best answer.)
A.
storeandforward
B.
cutthrough
C.
adaptive cutthrough
D.
FragmentFree
Answer: A

Cisco 400-101 Exam
Explanation:
The store-and-forward switching method always checks for cyclic redundancy check (CRC) errors
before forwarding the frame, thereby ensuring reliability. When the store-and-forward switching
method is used, the switch receives the entire frame before forwarding the frame. By receiving the
entire frame, the switch can verify that no CRC errors are present in the frame; this helps prevent
the forwarding of frames with errors. If a CRC error is detected, the frame is discarded. Similarly,
the frame is discarded if it contains fewer than 64 bytes; a frame containing fewer than 64 bytes is
referred to as a runt. Because the entire frame must be received before it can be forwarded, the
store-and-forward switching method has a higher latency than other switching methods. Multilayer
switches must use the store-and-forward switching method, because the switch must receive the
entire frame before Network layer operations can be performed.
In contrast to the store-and-forward switching method, the cutthrough switching method begins
forwarding a frame as soon as the frame's destination address is received. Thus the switch begins
forwarding the frame before the frame is fully received, which helps reduce latency. However, with
the cutthrough method, the frame is not checked for errors prior to being forwarded.
The adaptive cutthrough switching method provides a balance between store-and-forward

switching and cutthrough switching. When adaptive cutthrough switching is used, an error
threshold can be configured that enables the switch to take advantage of the low latency provided
by cutthrough switching until the configured error threshold is reached? at that point, the switch
begins using the higher latency store-and-forward switching method. When the error rate falls
below the configured threshold, the switch reverts to using the cutthrough switching method.
The FragmentFree switching method is similar to cutthrough switching in that the switch does not
have to receive the entire frame before it begins forwarding the frame. However, unlike cutthrough
switching, FragmentFree switching waits until at least 64 bytes of the frame have been received
before deciding whether to forward the frame. This allows the switch to check for collision
fragments, which should be detectable within the first 64 bytes of the frame. If the frame is not a
collision fragment, the switch begins forwarding the frame toward the destination.
Reference:
Cisco: LAN Switching and VLANs: LAN Switching ForwardingCisco: Configuring Switching Modes
QUESTION NO: 10
Which of the following best describes the function of unicast RPF? (Select the best answer.)
A.
Unicast RPF scans a packet to determine whether the packet contains malware.
Cisco 400-101 Exam
B.
Unicast RPF verifies the reachability of the source IP address of a packet.
C.
Unicast RPF ensures that priority traffic is transmitted in a timely fashion.
D.
Unicast RPF encapsulates packets and sends them through a tunnel interface.
E.
Unicast RPF prevents packet loss in asymmetric routing configurations.
Answer: B
Explanation:
Unicast Reverse Path Forwarding (uRPF) verifies the reachability of the source IP address of a
packet to determine whether an inbound packet arrived on the best path back to the source based
on routing table information. If the uRPF check passes, the packet is transmitted? if the uRPF
check fails, the packet is dropped. Preferably, you should implement uRPF on a gateway router on
the untrusted interface so that inbound packets can be inspected. Inbound packet inspection by
uRPF can mitigate spoofing attacks, such as Denial of Service (DoS), smurf, and Tribal Flood
Network (TFN) attacks. In order for uRPF to function, Cisco Express Forwarding (CEF) must be
enabled.
uRPF does not scan a packet to determine whether the packet contains malware. However, uRPF
can prevent spoofing attacks. If the IP address information for a packet is spoofed, the uRPF
check will fail and the packet will be dropped. To protect a network from malware, you should
implement an inline Intrusion Prevention System (IPS).
uRPF does not ensure that priority traffic is transmitted in a timely fashion? this is the function of
Quality of Service (QoS). QoS provides priority service to traffic to ensure reliable delivery of the
packets. Without QoS, delaysensitive traffic, such as voice traffic, might not receive a constant,
predictable flow throughout the network. Because voice traffic is delaysensitive, uneven delays in
the delivery of the voice packets can cause noticeable gaps in the audible transmission that the
receiver hears. To help prevent delays, which could degrade the quality of the call, QoS marks the
voice traffic with a higher priority than most data traffic, ensuring a smooth and predictable
delivery.
uRPF does not encapsulate packets and send them through a tunnel interface. In fact, uRPF
cannot inspect traffic that is encapsulated in a Generic Routing Encapsulation (GRE), Layer 2
Tunneling Protocol (L2TP), or PointtoPoint Tunneling Protocol (PPTP) tunnel. You should
implement uRPF so that packets are checked after they are decapsulated and decrypted.
uRPF does not prevent packet loss in asymmetric routing configurations. In fact, uRPF can cause
legitimate traffic to be dropped in asymmetric routing configurations when uRPF is implemented in
strict mode. In uRPF strict mode, a packet is dropped if it did not arrive from the best path. In
uRPF loose mode, a packet is dropped only if there is no valid route to the source network in the
router's unicast routing table.

Cisco 400-101 Exam
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrpf.html#
wp1000928
QUESTION NO: 11
Which of the following commands enables IP source guard with source IP and MAC address
filtering on an interface? (Select the best answer.)
A.
ip dhcp snooping
B.
ip verify unicast source reachablevia
C.
ip verify source portsecurity
D.
ip source binding
E.
switchport portsecurity
Answer: C
Explanation:
The ip verify source portsecurity command enables IP source guard with source IP and Media
Access Control (MAC) address filtering on an interface; the ip verify sourcecommand enables IP
source guard with only source IP address filtering. IP source guard prevents all IP traffic except
the following packets:
- Dynamic Host Configuration Protocol (DHCP) packets allowed by DHCP snooping
- Traffic that matches entries in the IP source binding table
The IP source binding table is populated by static bindings or by DHCP snooping. If you enable IP
source guard on a switch port but do not configure static IP bindings or DHCP snooping, all IP
traffic will be dropped by the switch.
The ip dhcp snooping command does not enable IP source guard? it enables DHCP snooping.
Enabling DHCP snooping with IP source guard helps to mitigate DHCP spoofing attacks. In a
DHCP spoofing attack, an attacker installs a rogue DHCP server on the network in an attempt to
Cisco 400-101 Exam
intercept DHCP requests. The rogue DHCP server can then respond to the DHCP requests with
its own IP address as the default gateway address? hence all traffic is routed through the rogue
DHCP server. As a result, a host that has obtained an IP address from a rogue DHCP server
could become the victim of a maninthemiddle attack in which a malicious individual eavesdrops on
a network conversation between two hosts.
The ip verify unicast source reachablevia command does not enable IP source guard? it enables
unicast Reverse Path Forwarding (uRPF). Like IP source guard, uRPF can mitigate spoofing
attacks. uRPF checks the source IP address of a packet to determine whether the packet arrived
on the best path back to the source based on routing table information. If the IP address
information is spoofed, the uRPF check will fail and the packet will be dropped. Cisco Express
Forwarding (CEF) must be enabled in order for uRPF to work.
The ip source binding command does not enable IP source guard? it configures a static IP
binding. The IP source binding table is populated by static IP bindings or by DHCP snooping. To
configure a static IP binding, you should issue the ip source binding macaddress vlan vlanid
ipaddress interface interfaceid command. The switchport portsecurity command does not enable
IP source guard; it enables port security on a switch port. By default, the switchport portsecurity
command authorizes a maximum of one MAC address to send traffic into the port.
Reference:
www.cisco.com/c/en/us/td/docs/switches/blades/3120/software/release/12-
2_40_ex/configuration/guide/3120scg/swdhcp82.pdf
QUESTION NO: 12
Which of the following are true of both OSPFv2 and OSPFv3? (Select 2 choices.)
A.
Both support IPv4.
B.
Both support IPv6.
C.
Both elect the BDR before electing the DR.
D.
Both use MD5 for secure communications.
E.
Both allow multiple OSPF instances to run on a link.

Cisco 400-101 Exam
Answer: A,C
Explanation:
Open Shortest Path First version 2 (OSPFv2) and OSPFv3 both support IPv4, and both elect the
backup designated router (BDR) before electing the designated router (DR). OSPFv3, which is
described in Request for Comments (RFC) 2740, was developed as an enhancement to OSPFv2,
which supports only IPv4. An OSPFv3 instance can support either IPv4 or IPv6, but it cannot
support both. However, you can run multiple OSPFv3 instances on a single link. You can issue the
ospfv3 processid area areaid {ipv4 | ipv6} [instance instanceid] command to enable OSPFv3 on an
interface for a particular address family.
The DR and BDR election process for OSPFv3 multiaccess segments is handled the same way as
it is handled in OSPFv2: the BDR is elected first, and then the DR is elected. The router with the
highest priority, as long as it has not already declared itself as the DR, becomes the BDR. Of
those routers that have declared themselves as the DR, the router with the highest priority is
elected to become the DR. If priority values are equal, the router with the highest router ID is
elected. To change the OSPF priority of a router, you should issue the ip ospf priority value
command, where value is an integer from 0 through 255. The default OSPF priority is 1, and a
router with an OSPF priority of 0 will never be elected the DR or BDR.
Unlike OSPFv2, OSPFv3 allows multiple OSPF instances to run on a link. To keep track of each
instance, OSPFv3 includes an instance ID field in the packet header. If no instance ID is specified
on a link, the default value of 0 is used. When a router receives an OSPFv3 packet, it checks the
instance ID in the packet header. If the instance ID in the header does not match the instance ID
on the receiving interface, the router discards the packet even if the packet has a matching area
ID.
OSPFv2 uses Message Digest 5 (MD5) for secure communications. OSPFv3 cannot use MD5;
instead, OSPFv3 uses IP Security (IPSec) for secure communications.
Reference:
Cisco: Implementing OSPF for IPv6
IETF: RFC 2328: OSPF Version 2
IETF: RFC 2740: OSPF for IPv6Cisco: OSPFv3 IPSec ESP Encryption and Authentication
QUESTION NO: 13
You issue the show ipv6 interface fa0/0 command and receive the following partial output:
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, linklocal address is FE80::11AA:22BB:33CC:44DD

Cisco 400-101 Exam
No Virtual linklocal address(es):
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::2
FF02::A
Which of the following routing protocols is most likely running on the network? (Select the best
answer.)
A.
EIGRPv6
B.
IS-IS for IPv6
C.
OSPFv3
D.
RIPv6
Answer: A
Explanation:
Enhanced Interior Gateway Routing Protocol version 6 (EIGRPv6) is most likely running on the
network. All EIGRPv6 routers receive packets from the IPv6 multicast address FF02::A, which is
similar to the EIGRP IPv4 allrouters address 224.0.0.10. This address is used to exchange hello
packets and routing updates among EIGRP routers.
All IPv6 nodes on a segment receive packets destined for FF02::1, which is similar to the IPv4
allhosts multicast address 224.0.0.1. Traffic sent to FF02::1 is received by all hosts on the local
segment. IPv6 nodes automatically join the FF02::1 multicast group at startup.
All IPv6 routers on a segment receive packets destined for FF02::2, which is similar to the IPv4
allrouters multicast address 224.0.0.2. Traffic sent to FF02::1 is received by all routers on the local
segment. IPv6 routers automatically join the FF02::2 multicast group at startup.
Open Shortest Path First version 3 (OSPFv3) is not running on the network. All OSPFv3 routers
receive packets destined for FF02::5, which is similar to the OSPFv2 allrouters multicast address
224.0.0.5. OSPFv3 designated routers (DRs) and backup designated routers (BDRs) receive
packets destined for FF02::6, which is similar to the OSPFv2 allDR/BDR multicast address
224.0.0.6. These multicast addresses are used to exchange hello messages and linkstate

Cisco 400-101 Exam
advertisements (LSAs) among OSPF routers. If OSPFv3 were running on the network, the output
would indicate that the router has joined the FF02::5 and FF02::6 multicast groups.
Intermediate SystemtoIntermediate System (ISIS) for IPv6 is not running on the network. All ISIS
routers receive packets destined for FF02::8, which is similar to the ISIS for IPv4 multicast
addresses 224.0.0.19 through 224.0.0.21. Level 1 (L1) routers receive packets destined for
224.0.0.19, Level 2 (L2) routers receive packets destined for 224.0.0.20, and all ISIS routers
receive packets destined for 224.0.0.21.
Routing Information Protocol version 6 (RIPv6) is not running on the network. All RIPv6 routers
receive packets destined for FF02::9, which is similar to the RIPv2 allrouters multicast address
224.0.0.9. This address is used to exchange hello packets and routing updates among RIP
routers.
Reference:
Cisco: Advances in EIGRP (PDF)
QUESTION NO: 14
RouterMain is configured to use EIGRP. You issue the show ip route command on RouterMain
and receive the following partial output:
By default, what will EIGRP use as the metric value of a summarized 10.0.0.0 network? (Select
the best answer.)
A.
2195456
B.
2297856
C.
2496256
D.
2681856
E.
Cisco 400-101 Exam
2809856
Answer: A
Explanation:
By default, Enhanced Interior Gateway Routing Protocol (EIGRP) will use a metric value of
2195456 for a summarized 10.0.0.0 network. The numbers inside the brackets in the output of the
show ip route command indicate the administrative distance (AD) and the metric of the route. The
first number is the AD, which is used to determine the routing protocol that should be preferred
when multiple routes to a destination network exist. The second number is the composite metric.
The best route to a destination network is the route with the lowest composite metric value.
When an EIGRP route is summarized, EIGRP finds the component route with the best metric,
which is the route with the lowest composite metric value, and uses that metric for the summarized
route. Every time a component route within the summary changes, EIGRP must recalculate
whether the summarized metric has changed. If the topology changes often, processor overhead
can increase significantly. You can set a static metric for a summarized route by issuing the
summarymetric command. The syntax for the summarymetric command is summarymetric
networkaddress subnetmask[bandwidth delay reliability load mtu] [distance
administrativedistance].
EIGRP will not use a metric value of 2297856, 2681856, or 2809856 for the summarized network,
because these composite metric values are all higher than 2195456. Additionally, EIGRP will not
use the average composite metric value of 2496256 for the summarized network.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/iproute_eigrp/command/reference/ire_book/ire_s1.html#
wp1059226
QUESTION NO: 15
You have configured RouterA as an IS-IS node with the NET 49.1741.c867.5309.af89.00.
Nodes with which of the following NETs would be able to establish an ISIS adjacency with
RouterA? (Select 3 choices.)
A.
48.1741.c867.5309.af89.00
B.
49.1741.c867.5309.af89.00
C.

Cisco 400-101 Exam
49.1741.3867.5309.af89.00
D.
49.1741.c867.5309.7f89.00
E.
49.1741.c867.6309.af89.00
F.
49.2741.c867.5309.af89.00
Answer: C,D,E
Explanation:
Nodes with the following network entity titles (NETs) would be able to establish an Intermediate
SystemtoIntermediate System (ISIS) adjacency with RouterA:
- 49.1741.3867.5309.af89.00
- 49.1741.c867.5309.7f89.00
- 49.1741.c867.6309.af89.00
A NET is a hexadecimal address that consists of the following three parts:
- The area ID
- The system ID
- The network service access point (NSAP) selector, or NSEL
The NET has a minimum length of 8 bytes and a maximum length of 20 bytes. Each byte consists
of two hexadecimal characters. The NSEL is the last byte in the address and is typically set to 00.
The system ID is always 6 bytes long and precedes the NSEL. Level 1 (L1) routers must have a
system ID that is unique within the area, and Level 2 (L2) routers must have a system ID that is
unique within the domain. ISIS will not establish an adjacency between two routers with the same
system ID.
The area ID is of variable length and precedes the system ID. The first byte, which is part of the
area ID, is called the authority and format identifier (AFI) and is typically set to a value of 49 on
privately addressed networks. Routers that share the same area address can form an adjacency.
In this scenario, RouterA is configured with area ID 49.1741, system ID c867.5309.af89, and
NSEL 00. Nodes with the following NETs would be able to establish an adjacency with RouterA
because their system IDs are different:
- 49.1741.3867.5309.af89.00
Cisco 400-101 Exam
- 49.1741.c867.5309.7f89.00
- 49.1741.c867.6309.af89.00
Nodes with the following NETs would not be able to establish an adjacency with RouterA, because
their system IDs are the same as RouterA's system ID:
- 48.1741.c867.5309.af89.00
- 49.1741.c867.5309.af89.00
-49.2741.c867.5309.af89.00
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/apollo/configuration/guide/fapolo_c/3cfclns.html#w
p1012582
https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfisis.html#w
p1018178
QUESTION NO: 16
Which of the following statements are true regarding round robin queuing? (Select 2 choices.)
A.
Shared round-robin settings override shaped round robin settings unless the weight of the shared
queue is 0.
B.
Shared round-robin queuing guarantees bandwidth to queues but does not rate limit a queue if
other queues are empty.
C.
Shared round-robin queuing is available only on egress queues.
D.
Shaped round-robin queuing is available only on egress queues.
E.
Shaped round-robin queuing does not service any other queues until the first queue is empty.
Answer: B,D

Cisco 400-101 Exam
Explanation:
Shaped round-robin queuing is available only on egress queues; shared round-robin queuing is
available on ingress and egress queues. Shared round robin is a Quality of Service (QoS) queuing
method that guarantees a percentage of bandwidth to each queue but does not rate-limit a queue
if other queues are empty. Shaped round robin, on the other hand, guarantees a percentage of
bandwidth to each queue and rate-limits each queue to that percentage, even if other queues are
empty. Queues are handled based on their configured weight values.
Round-robin queuing methods do not wait until the first queue is empty before servicing other
queues.
Shared round-robin and shaped round-robin service queues are based on each queue's
configured weight. By contrast, strict-priority queues are given priority over every other queue and
are always emptied first.
Shared round-robin settings do not override shaped round-robin settings. Rather, shaped round-
robin settings override shared round-robin settings unless the weight of the shaped round-robin
queue is 0. Strict-priority queuing overrides round-robin settings on the first queue, which is the
priority queue.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-
2_58_se/configuration/guide/2960scg/swqos.html#pgfId-1200681
QUESTION NO: 17
Which of the following decimal values corresponds to the DSCP value EF? (Select the best
answer.)
A.
0
B.
14
C.
28
D.
46
Answer: D

Cisco 400-101 Exam
Explanation:
The decimal value 46 corresponds to the Differentiated Services Code Point (DSCP) value EF.
DSCP values are 6bit header values that identify the Quality of Service (QoS) traffic class that is
assigned to the packet? converting the decimal value 46 to binary yields the 6bit binary value
101110. The Expedited Forwarding (EF) perhop behavior (PHB), which is defined in Request for
Comments (RFC) 2598, indicates a highpriority packet that should be given queuing priority over
other packets but should not be allowed to completely monopolize the interface. Voice over IP
(VoIP) traffic is often assigned a DSCP value of EF.
The decimal value 0 corresponds to the default DSCP value CS0. DSCP values beginning with CS
are called Class Selector (CS) PHBs, which are defined in RFC 2475. CS values are backward
compatible with 3bit IP precedence values? the first three bits of the DSCP value correspond to
the IP precedence value, and the last three bits of the DSCP value are set to 0. Packets with
higher CS values are given queuing priority over packets with lower CS values. The following table
displays the CS values with their binary values, decimal values, and IP precedence category
names:
The decimal value 14 corresponds to the DSCP value AF13, and the decimal value 28
corresponds to the DSCP value AF32. DSCP values beginning with AF are called Assured
Forwarding (AF) PHBs, which are defined in RFC 2597. AF separates packets into four queue
classes and three drop probabilities. The AF values are specified in the format AFxy, where x is
the queue class and y is the drop probability. The following table displays the AF values with their
queue classes and drop rates:
The first three DSCP bits correspond to the queue class, the fourth and fifth DSCP bits correspond
to the drop probability, and the sixth bit is always set to 0. To quickly convert AF values to decimal
values, you should use the formula 8x + 2y. For example, AF13 converts to a decimal value of 14,
because (8 x 1) + (2 x 3) = 8 + 6 = 14. The DSCP value AF32 converts to a decimal value of 28,
because (8 x 3) + (2 x 2) = 24 + 4 = 28.
Packets with higher AF values are not necessarily given preference over packets with lower AF
values. Packets with a higher queue class value are given queuing priority over packets with a
Cisco 400-101 Exam
lower queue class, but packets with a higher drop rate value are dropped more often than packets
with a lower drop rate value.
Reference:
Cisco: Implementing Quality of Service Policies with DSCP: Expedited Forwarding
Drag the steps from the left, and place them on the right in order they would occur in a successful
DHCP lease process.
Answer:

Cisco 400-101 Exam
Explanation:
The following graphic displays the steps in a successful Dynamic Host Configuration Protocol
(DHCP) lease process:
The first step in a successful DHCP lease process occurs when a DHCP client sends a
DHCPDISCOVER broadcast. A DHCPDISCOVER packet is used to locate a DHCP server. If no
DHCP server is available, the DHCP client will not be able to dynamically receive IP configuration
Cisco 400-101 Exam
information and, thus, will not be able to communicate on the network.
The second step in a successful DHCP lease process occurs when one or more DHCP servers
send a DHCPOFFER unicast to the DHCP client. A DHCPOFFER packet contains IP
configuration information, such as the IP address, subnet mask, default gateway, and Domain
Name System (DNS) server addresses that a client should use.
The third step in a successful DHCP lease process occurs when the DHCP client sends a
DHCPREQUEST broadcast. A DHCPREQUEST packet formally requests the IP address from the
DHCP server. The DHCPREQUEST packet is broadcast to the entire network rather than unicast
to the specific DHCP server so that the other DHCP servers can reallocate the IP addresses they
offered to the DHCP client.
The fourth step in a successful DHCP lease process occurs when the DHCP server sends a
DHCPACK unicast to the DHCP client. A DHCPACK packet confirms that the IP address has been
officially assigned to the client for the duration of the lease.
Some packets are sent only during an unsuccessful DHCP lease process. A DHCPDECLINE
packet is the opposite of a DHCPREQUEST packet. A DHCPDECLINE packet is a broadcast
packet that a DHCP client sends to formally reject a DHCPOFFER from a DHCP server. A DHCP
client usually sends this kind of packet when the IP configuration is not valid for the client.
A DHCPNAK packet is the opposite of a DHCPACK packet. A DHCPNAK packet is a broadcast

packet sent by a DHCP server to inform a DHCP client that the IP address in the DHCPREQUEST
is no longer valid for the client to use. A DHCP server usually sends this kind of packet when the
DHCP client is slow to respond to the DHCP server.
Reference:
Cisco: Configuring DHCP
IETF: RFC 2131: Dynamic Host Configuration Protocol
QUESTION NO: 19
What prefix length must you use when assigning a global NAT-PT prefix? (Select the best
answer.)
A.
::/32

Cisco 400-101 Exam
B.
::/48
C.
::/64
D.
::/96
E.
::/120
Answer: D
Explanation:
You must use a ::/96 prefix length when assigning a global Network Address TranslationProtocol
Translation (NATPT) prefix. NATPT is used to enable communication between IPv4only hosts and
IPv6only hosts by translating IPv4 packets to IPv6 packets and IPv6 packets to IPv4 packets.
To enable NATPT, you must assign a global NATPT prefix, enable NATPT on the incoming and
outgoing interfaces, and create IPv4toIPv6 and IPv6toIPv4 address mappings. To assign a global
NATPT prefix, you should issue the ipv6 nat prefix ipv6prefix/prefixlength command from global
configuration mode, where prefixlength is always 96. All other prefix lengths are invalid. To enable
NATPT on an interface, you should issue the ipv6 nat command from interface configuration mode
on the incoming and outgoing interfaces.
A NATPT router must contain IPv6toIPv4 and IPv4toIPv6 address mappings so that the router
knows how to correctly translate IPv4 and IPv6 addresses. There are four methods for using
NATPT:
- IPv4mapped NATPT
- Static NATPT
- Dynamic NATPT
- Port Address Translation (PAT)
IPv4mapped NATPT enables IPv6 traffic to be sent to an IPv4 network without requiring that IPv6
destination address mapping be configured. To configure IPv4mapped NATPT, you should issue
the ipv6 nat prefix ipv6prefix v4mapped {accesslistname | ipv6prefix} command from global
configuration mode or interface configuration mode.
Static NATPT creates static IPv6toIPv4 or IPv4toIPv6 address mappings. To create a static
IPv6toIPv4 address mapping, you should issue the ipv6 nat v6v4 source ipv6address ipv4address
command. To create a static IPv4toIPv6 mapping, you should issue the ipv6 nat v4v6 source
ipv6address ipv4address command.
Cisco 400-101 Exam
Dynamic NATPT allocates IPv6toIPv4 or IPv4toIPv6 address mappings from a pool. When a
session is established, a onetoone mapping is created; the mapping is then removed when the
session is finished. To configure dynamic IPv6toIPv4 address mapping, you should issue the ipv6
nat v6v4 source {list accesslistname | routemapmapname} pool poolname command. You should
then create the address pool by issuing the ipv6 nat v6v4 pool poolname startipv4 endipv4
prefixlength prefixlengthcommand. To configure dynamic IPv4toIPv6 address mapping, you should
issue the ipv6 nat v4v6 source list {accesslistnumber | accesslistname} pool poolname command.
You should then create the address pool by issuing the ipv6 nat v4v6 pool poolname startipv6
endipv6 prefixlength prefixlength command.
PAT allows multiple IPv6 addresses to be mapped to one or more IPv4 addresses. To use PAT
with a single IPv4 address, you should issue the ipv6 nat v6v4 source {list accesslistname |
routemap mapname} interface interfacename overload command. To use PAT with a pool of IPv4
addresses, you should issue the ipv6 nat v6v4 source {listaccesslistname | routemap mapname}
pool poolname overload command. You should then create the address pool by issuing the ipv6
nat v6v4 pool poolname startipv4 endipv4 prefixlength prefixlength command.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/xe-3s/ipv6-xe-36s-book/ip6-
nat-trnsln.html
QUESTION NO: 20
Which of the following cannot be exchanged between spoke sites in a DMVPN design? (Select 2
choices.)
A.
unicast traffic
B.
multicast traffic
C.
VoIP traffic
D.
dynamic routing traffic
Answer: B,D
Explanation:
Multicast traffic and dynamic routing traffic cannot be exchanged between spoke sites in a
Dynamic Multipoint virtual private network (DMVPN) design. Multicast traffic and dynamic routing
Cisco 400-101 Exam
traffic must be sent from spoke to hub.
DMVPN enables an administrator to easily configure scalable IP Security (IPSec) virtual private
networks (VPNs) using a hubandspoke design. The hub router or routers are typically assigned a
static IP address? the spoke routers can be dynamically addressed. DMVPN requires Generic
Routing Encapsulation (GRE), Next Hop Resolution Protocol (NHRP), and a dynamic routing
protocol such as Enhanced Interior Gateway Routing Protocol (EIGRP) or Open Shortest Path
First (OSPF). A multipoint GRE (mGRE) tunnel is used to carry multiple IPSec or GRE tunnels.
NHRP is used to create a database of tunnel addresstoreal address mappings.
Unicast traffic and Voice over IP (VoIP) traffic can be exchanged between spoke sites. However,
only limited Quality of Service (QoS) mechanisms can be provided between spokes, thereby
preventing VoIP and video traffic from being properly prioritized.
Reference:
Cisco: Multicast over IPSec VPN Design Guide: Overview
Cisco: Dynamic Multipoint VPN (DMVPN) Design Guide (Version 1.1): Known Limitations
Summary for SpoketoSpoke Deployment Model (PDF)
QUESTION NO: 21
RouterA and RouterB are connected routers.
You issue the show clns neighbors command on RouterA and receive the following output:
System Id Interface SNPA State Holdtime ….. Type Protocol
RouterB Et0/0 0000.0000.000b Up 23 L1 IS-IS
Which of the following statements must be true? (Select the best answer.)
A.
RouterA and RouterB are in the same area.
B.
RouterA and RouterB are in different areas.
C.
RouterB is configured for L1 routing only.
D.
RouterB is configured for L1/L2 routing.

Cisco 400-101 Exam
E.
RouterA is a backbone router.
Answer: A
Explanation:
RouterA and RouterB are in the same area. Routers running the Intermediate
SystemtoIntermediate System (IS-IS) routing protocol are placed into administrative domains
called areas. Each ISIS router resides in only one area. The collection of all areas managed by a
single organization is called a routing domain.
Each ISIS router is configured with a routing level. Level 1 (L1) routers are capable of intraarea
routing, which delivers data within a single area. The output of the show clns neighbors command
indicates that RouterB has established an L1 adjacency with RouterA; therefore, both routers must
be in the same area.
Level 2 (L2) routers are capable of interarea routing, which delivers data between areas. If
RouterA and RouterB were in separate areas and both routers were configured for L2 routing, you
would have received the following output from the show clns neighbors command:
System Id Interface SNPA State Holdtime Type Protocol
RouterB Et0/0 0000.0000.000b Up 23 L2 IS-IS
Level 1/Level 2 (L1/L2) routers are capable of both intraarea and interarea routing and maintain a
separate linkstate database for each. If RouterA and RouterB were in the same area and both
routers were configured for L1/L2 routing, you would have received the following output from the
show clns neighbors command:
RouterB Et0/0 0000.0000.000b Up 23 L1L2 IS-IS
You can configure the routing level for an ISIS process by issuing the istype {level1 | level12 |
level2only} command, and you can configure the routing level for an ISIS interface by issuing the
isis circuittype {level1 | level12 | level2only} command. By default, all ISIS routing processes and
interfaces are configured for L1/ L2 routing.
RouterB is configured for either L1 routing or L1/L2 routing. However, the output of the show clns
neighbors command in this scenario does not indicate which routing level RouterB is configured to
use. If either router was configured for L1 routing only, the Typefield of the show clns neighbors
command would show L1, even if the other router were an L1/L2 router.
The output of the show clns neighbors command in this scenario does not indicate whether
RouterA is a backbone router. ISIS requires that all Level 2 (L2) and L1/L2 routers be connected

Cisco 400-101 Exam
to form a backbone through the routing domain. If RouterA were configured for L1/L2 routing,
RouterA would be a backbone router.
When an ISIS routing level mismatch, authentication mismatch, or maximum transmission unit
(MTU) mismatch occurs, an ISIS adjacency will not form, but the output of the show clns
neighbors command might instead show an End SystemtoIntermediate System (ESIS) adjacency.
ESIS is used to discover end systems. If RouterA and RouterB were in different areas and if either
router was configured for L1 routing only, you might see the following output after issuing the show
clns neighbors command on RouterA:
RouterB Et0/0 0000.0000.000b Up 23 IS ES-IS
Reference:
Cisco: Cisco IOS ISO CLNS Command Reference: show clns neighbors
QUESTION NO: 22
Which of the following partial output from the show ip cache flow command would you expect to
see for an HTTP connection sent from 10.1.1.36? (Select the best answer.)
A.
SrcIF SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Et0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 0050 1
B.
SrcIF SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Et0/0 10.1.1.36
Et1/0 10.2.1.74 06 C486 0080 1
C.
Et1/0 10.2.1.74 06 C486 01BB 1
D.
Et1/0 10.2.1.74 06 C486 0443 1
E.

Cisco 400-101 Exam
Et1/0 10.2.1.74 80 C486 C486 1
F.
Et1/0 10.2.1.74 443 C486 C486 1
Answer: A
Explanation:
You would expect to see the following partial output from the show ip cache flow command for a
Hypertext Transfer Protocol (HTTP) connection sent from 10.1.1.36:
Et0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 0050 1
The show ip cache flow command is used to display a summary of NetFlow statistics. The DstP
field indicates the destination port field and is displayed in hexadecimal. HTTP sends information
over Transmission Control Protocol (TCP) port 80. The decimal value 80 converts to the
hexadecimal value 50. Therefore, an HTTP connection would be displayed in the output of the
show ip cache flow command as destination port 0050.
The destination port field would display a value of 0080 if the connection were using TCP port 128;
the hexadecimal value 80 converts to the decimal value 128. Therefore, you would not expect to
see the following partial output from the show ip cache flowcommand for an HTTP connection sent
from 10.1.1.36:
Et0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 0080 1
The destination port field would display a value of 01BB if the connection were using TCP port
443; the hexadecimal value 1BB converts to the decimal value 443. HTTP Secure (HTTPS) sends
information over TCP port 443. Therefore, you would expect to see the following output from the
show ip cache flow command for an HTTPS connection sent from 10.1.1.36:
Et0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 01BB 1
The destination port field would display a value of 0443 if the connection were using TCP port
1091; the hexadecimal value 443 converts to the decimal value 1091. Therefore, you would not
expect to see the following partial output from the show ip cache flowcommand for an HTTP

Cisco 400-101 Exam
connection sent from 10.1.1.36:
Et0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 0443 1
The Pr field is used to indicate the IP protocol number and is displayed in hexadecimal. The Pr
field is set to a hexadecimal value of 06 for all TCP connections. You would not expect to see a
value of 80 or 443 in the protocol field in the output of the show ip cache flowcommand for an
HTTP connection sent from 10.1.1.36.
Reference:
https://www.cisco.com/en/US/docs/ios/12_3t/netflow/command/reference/nfl_a1gt_ps5207_TSD_
Products_Command_Reference_Chapter.html#wp1187159
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-
netflow/prod_white_paper0900aecd80406232.html
QUESTION NO: 23
Which of the following is accomplished by implementing MPP on a router? (Select the best
answer.)
A.
Only hosts on a particular subnet will be able to remotely manage the router.
B.
Only hosts that are connected to a particular interface will be able to remotely manage the router.
C.
Only hosts that perform 802.1X authentication will be able to remotely manage the router.
D.
Only hosts that use SSH will be able to remotely manage the router.
Answer: B
Explanation:
Only hosts that are connected to a particular interface will be able to remotely manage the router.
Implementing Management Plane Protection (MPP) does not restrict remote management
capability only to hosts on a particular subnet or only to hosts that perform 802.1X authentication.

Cisco 400-101 Exam
MPP is a feature that restricts the interfaces and protocols over which remote administration can
be performed. When MPP is configured, only traffic that enters the management interface can be
used to remotely manage the device. Any management traffic from protocols that are not allowed
by MPP will be dropped. If any other interface receives management traffic that is destined for the
device, that traffic will also be dropped.
To enable MPP on a device, you should first issue the controlplane host command in global
configuration mode. Issuing the controlplane host command will place the router in
controlplanehost configuration mode, where you should issue the management-interface
command. The syntax of the managementinterface command is management interface interface
allow protocols. The following protocols can be used with MPP:
- Blocks Extensible Exchange Protocol (BEEP)
- File Transfer Protocol (FTP) - Hypertext Transfer Protocol (HTTP)
- Secure HTTP (HTTPS)
- Simple Network Management Protocol (SNMP)
- Secure Shell (SSH) v1 and v2
- Telnet
-Trivial FTP (TFTP)
Multiple protocols can be specified in the management-interface command? each protocol should
be separated by a space. For example, the following command set allows SSH and SNMP on
FastEthernet0/1:
Router1(config)#controlplane host
Router1(configcphost)#managementinterface FastEthernet0/1 allow ssh snmp
If you issue the management-interface command for an interface that is already configured with
the managementinterface command, the specified management protocols will be added to those
that are already configured for that interface. If you issue the management-interface command
twice, each time specifying a different interface, you can perform remote management over either
of those interfaces.
MPP configures an interface as an inband management interface, which is also called a shared
management interface. An inband management interface accepts both management packets and
normal data packets. An outofband management interface accepts only management traffic. The
MPP feature on IOS devices can only be configured for inband management. The MPP feature on
IOS XR highend routers can be configured for inband or outofband management.
Reference:

Cisco 400-101 Exam
https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htsecmpp.html
QUESTION NO: 24
You administer several switches on a network. The switches are configured with the default MLD
snooping settings. Several VLANs are configured on each switch.
Which of the following statements is most accurate? (Select the best answer.)
A.
The switches will not forward IPv6 multicast traffic.
B.
The switches will forward IPv6 multicast traffic to every port.
C.
The switches will forward IPv6 multicast traffic only to ports on the default VLAN.
D.
The switches will forward IPv6 multicast traffic only to ports from which an MLD INCLUDE
message has been received.
E.
The switches will forward IPv6 multicast traffic to all ports except those from which an MLD
EXCLUDE message has been received.
Answer: D
Explanation:
The switches will forward IPv6 multicast traffic only to ports from which a Multicast Listener
Discovery (MLD) INCLUDE message has been received. MLD snooping enables switches to listen
to MLD traffic. When an MLD INCLUDE message is received on a port, the switch adds the port
number to the list of ports that should receive traffic for that IPv6 multicast group. If no MLD traffic
is detected on a port for 60 seconds, or if an MLD EXCLUDE message is received on a port, the
switch sends a general query to determine whether there are any other hosts on that port that are
interested in receiving traffic for the specified IPv6 multicast group. If no control packet is received
on the port for five minutes, the multicast router information is aged out. MLD messages are sent
with a timetolive (TTL) value of 1, which means that an MLD message is sent only to the next hop.
By default, MLD snooping is enabled for all virtual LANs (VLANs), not just the default VLAN. You
can globally disable MLD snooping on a switch by issuing the no ipv6 mld snoopingcommand from
global configuration mode. Alternatively, you can disable MLD snooping on a particular VLAN by
issuing the no ipv6 mld snooping command from interface configuration mode for that VLAN.
When MLD snooping is disabled, switches will flood IPv6 multicast traffic to every port in every
VLAN. To reenable MLD snooping, you should issue the ipv6 mld snooping command from global
Cisco 400-101 Exam
configuration mode or from interface configuration mode.
Reference:
Cisco: MLD Snooping for IPv6 Multicast Traffic
Drag the features on the left to the corresponding IGMP versions on the right. Features can be
used multiple times, and some features will not be used. Some fields on the right will remain
unfilled.
Answer:
Explanation:

Cisco 400-101 Exam
Internet Group Management Protocol version 1 (IGMPv1) and IGMPv2 support membership report
suppression, which prevents the sending of a membership report if a similar report is detected
from another host on the network. IGMPv3 removed support for host membership report
suppression.
IGMPv2 and IGMPv3 support groupspecific queries. IGMPv1 queries are general queries sent to
the 224.0.0.1 allhosts multicast address. IGMPv2 and IGMPv3 queries are either general queries,
which are sent to 224.0.0.1, or groupspecific queries, which are sent only to members of a
particular multicast group.
IGMPv2 and IGMPv3 support querier elections. The router with the lowest IP address on the
subnet is elected as the querier. The querier is responsible for periodically sending out
membership query messages to determine whether any hosts want to receive multicast packets
for the multicast group. If at least one host responds with a membership report message, the
querier will continue to send those multicast packets on that network segment.
Although the Request for Comments (RFC) standard for IGMP query messages is 125 seconds,
Cisco uses a default query interval of 60 seconds for all IGMP versions. The query interval
determines how often the querier sends out membership query messages. If no member has
responded to the query message within three times the query interval, the interface is pruned.
Cisco uses a default querier timeout of two times the query interval, or 120 seconds, for IGMPv2
and IGMPv3; IGMPv1 does not support querier elections. The querier timeout is used to trigger
querier elections. If an IGMP device has not received a query message from the querier within the
querier timeout period, a querier election is triggered and a new querier is elected.
IGMPv2 and IGMPv3 support leave group messages. In IGMPv1, a host leaves a multicast group
silently. In IGMPv2 and IGMPv3, a host sends an IGMP leave message when it wants to leave a
multicast group. IGMP routers maintain the IP address of the last reporter, which is the last host
that sent a membership report message for that multicast group. If the last reporter leaves a
multicast group, the IGMP router immediately sends a membership query message to determine
whether any interested hosts remain.
IGMPv3 introduced support for Source Specific Multicast (SSM); IGMPv1 and IGMPv2 do not
support SSM. SSM enables IGMPv3 hosts to specify the source addresses from which they will
accept multicast traffic. To enable SSM, you should issue the ip pim ssmcommand from global
Cisco 400-101 Exam
configuration mode, the ip pim {sparsemode | sparsedensemode} command from interface
configuration mode, and the ip igmp version 3command from interface configuration mode.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfmulti.html#wp1066
001
https://www.ietf.org/rfc/rfc3376.txt
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-
book/imc_i1.html#wp4034771958
QUESTION NO: 26
Which of the following statements regarding BFD are correct? (Select 2 choices.)
A.
BFD is supported by OSPF, EIGRP, BGP, and IS-IS.
B.
BFD detects link failures in less than one second.
C.
BFD can bypass a failed peer without relying on a routing protocol.
D.
BFD creates one session per routing protocol per interface.
E.
BFD is supported only on physical interfaces.
F.
BFD consumes more CPU resources than routing protocol timers do.
Answer: A,B
Explanation:
Bidirectional Forwarding Detection (BFD) detects link failures in less than one second and is
supported by Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol
(EIGRP), Border Gateway Protocol (BGP), and Intermediate SystemtoIntermediate System (ISIS).
BFD is a detection protocol that is designed to detect forwarding path failures at a consistent rate,
Cisco 400-101 Exam
thereby providing network administrators with predictable reconvergence times. Additionally, BFD
is designed to work regardless of media type, encapsulation, or routing protocol, providing network
administrators with a uniform forwarding failure detection method across a network.
The detection of a forwarding path failure causes BFD to notify the routing protocol that a link has
failed, which causes the routing protocol to recalculate the routing table. BFD works by sending
control packets between two adjacent routers to create BFD neighbor sessions? BFD must be
enabled on both routers. Once the neighbor relationship is established, the two adjacent routers
send control packets to each other to maintain the neighbor relationship, similarly to how routing
protocols maintain neighbor relationships. However, BFD sends packets at a much faster rate than
routing protocols do.
BFD creates one session per address family per interface regardless of how many routing
protocols are running on the interface. Therefore, if OSPF, EIGRP, BGP, and ISIS are running on
an interface, only one BFD session will be created for that interface. However, if IPv4 and IPv6 are
both used on an interface, two BFD sessions will be created. Physical interfaces, subinterfaces,
virtual LAN (VLAN) interfaces, and port channels are supported by BFD.
BFD cannot bypass a failed peer without relying on a routing protocol. BFD is only responsible for
detecting forwarding failures? it must use a routing protocol to bypass failures when they are
detected.
BFD does not consume more CPU resources than routing protocol timers do. Unlike routing
protocol timers, which reside entirely on the control plane, BFD can distribute some functions to
the data plane, thereby reducing the CPU resources required by BFD.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html#wp1053332
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-
os/interfaces/configuration/guide/if_cli/if_bfd.html
QUESTION NO: 27
Which of the following commands can you issue to enable RSTP? (Select 2 choices.)
A.
spanning-tree mode mst
B.
spanning-tree mode pvst
C.
spanning-tree mode rapid-pvst

Cisco 400-101 Exam
D.
no spanning-tree mode
Answer: A,C
Explanation:
You can issue the spanning-tree mode mst command or the spanning-tree mode rapid-pvst
command to enable Rapid Spanning Tree Protocol (RSTP). RSTP, which is defined in the Institute
of Electrical and Electronics Engineers (IEEE) 802.1w standard, is used to improve the slow
transition of a Spanning Tree Protocol (STP) port to the forwarding state, thereby increasing
convergence speed. A switch port will pass through the following RSTP states:
- Discarding
- Learning
- Forwarding
When RSTP is enabled on a switch port, the port first enters the discarding state, in which a port
receives bridge protocol data units (BPDUs) and directs them to the system module? however, the
port neither sends BPDUs nor forwards any frames. The switch port then transitions to the
learning state, in which it begins to transmit BPDUs and learn addressing information. Finally, a
switch port transitions to the forwarding state, in which the switch port forwards frames. If a switch
port determines at any time during the RSTP state process that a switching loop would be caused
by entering the forwarding state, the switch port again enters the discarding state, in which the
switch receives BPDUs and directs them to the system module but does not send BPDUs or
forward frames.
The spanning-tree mode mst command enables Multiple Spanning Tree (MST), which uses RSTP.
MST, which is defined in the IEEE 802.1s standard, is used to enable multiple spanning trees for
groups of one or more virtual LANs (VLANs).
The spanning-tree mode pvst command enables PerVLAN Spanning Tree Plus (PVST+), which
uses STP, not RSTP. PVST+, which is defined in the IEEE 802.1D standard, creates a separate
spanning tree instance for each VLAN and can be used with 802.1Q encapsulation. By contrast,
PVST can only be used with InterSwitch Link (ISL).
The spanning-tree mode rapid-pvst command enables RapidPVST+, which uses RSTP.
RapidPVST+, which is defined in the IEEE 802.1w standard, combines the rapid transition of ports
by RSTP with the creation of spanning trees for each VLAN by PVST+.
The no spanning-tree mode command is not used to enable RSTP. Rather, it is used to configure
a switch with the default switch mode, PVST+.
Reference:

Cisco 400-101 Exam
2_25_see/command/reference/cr/cli3.html#wp1946050
147.html#mst_config_region
QUESTION NO: 28
You issue the ip as-path access-list 1 permit ^7_23$ command on a BGP router.
Which of the following paths are allowed by the AS path filter? (Select the best answer.)
A.
paths that originate from AS 7 or AS 23
B.
paths that pass through AS 7 or AS 23
C.
paths that originate from AS 7 and are learned from AS 23
D.
paths that are learned from AS 7 and originate from AS 23
Answer: D
Explanation:
Paths that are learned from Border Gateway Protocol (BGP) autonomous system (AS) 7 and
originate from AS 23 are allowed by the AS path filter. Regular expressions are used to locate
character strings that match a particular pattern.
The caret (^) character indicates that the subsequent characters should match the start of the
string. Each router in the path prepends its AS number to the beginning of the AS path; therefore,
the first AS number in the AS path is the AS from which the path is learned. Therefore, the ip
aspath accesslist 1 permit ^7_23$ command allows paths that are learned from AS 7.
The dollar sign ($) character indicates that the preceding characters should match the end of the
string. The originating router will insert its AS number into the AS path, and subsequent routers will
prepend their AS numbers to the beginning of the AS path string. The last AS number in the AS
path is the originating AS; therefore, the ip aspath accesslist 1 permit ^7_23$ command allows
paths that originate from AS 23.
The underscore (_) character is used to indicate a comma, a brace, the start or end of an input
string, or a space. When used between two AS path numbers, the _ character indicates that the
ASes are directly connected. Therefore, the ip aspath accesslist 1 permit ^7_23$ command
Cisco 400-101 Exam
indicates that AS 7 is directly connected to AS 23.
The ip aspath accesslist 1 permit ^7_23$ command does not permit paths that originate from AS 7
and are learned from AS 23. To configure an AS path filter that permits paths that originate from
AS 7 and are learned from AS 23, you could issue the ip aspath accesslist 1 permit ^23_7$
command.
The ip aspath accesslist 1 permit ^7_23$ command does not permit paths that originate from AS 7
or AS 23; it only permits paths that originate from AS 23. To configure an AS path filter that
permits paths that originate from AS 7 or AS 23, you could issue the following command set:
ip aspath accesslist 1 permit _7$
ip aspath accesslist 1 permit _23$
The ip aspath accesslist 1 permit ^7_23$ command does not permit paths that pass through AS 7
or AS 23. To configure an AS path filter that permits paths that pass through AS 7 or AS 23, you
could issue the following command set:
ip aspath accesslist 1 permit _7_
ip aspath accesslist 1 permit _23_
Reference:
Cisco: Using Regular Expressions in BGP
Cisco: Regular Expressions
Cisco: BGP Regular Expression AS Path Filter
QUESTION NO: 29
Switch1 and Switch2 are configured as a VSS. Switch1 has a higher priority. Switch2 has a higher
switch ID. Both switches are started simultaneously. Which of the following will occur if RRP
discovers an incompatibility between the switches? (Select the best answer.)
A.
Both switches will come up in RPR mode.
B.
Both switches will come up in NSF/SSO mode.

Cisco 400-101 Exam
C.
Switch1 will come up in NSF/SSO mode, and Switch2 will come up in RPR mode.
D.
Switch2 will come up in NSF/SSO mode, and Switch1 will come up in RPR mode.
Answer: C
Explanation:
Switch1 will come up in Nonstop Forwarding/Stateful Switchover (NSF/SSO) mode, and Switch2
will come up in routeprocessor redundancy (RPR) mode. Virtual Switching System (VSS)
combines two physical Cisco Catalyst switches into a single virtual switch with a unified control
plane, which can result in greater network efficiency and bandwidth capacity. One switch chassis
becomes the active virtual switch, and the other switch becomes the standby virtual switch. The
switch chassis are connected together by a virtual switch link (VSL), which is implemented as an
EtherChannel of up to eight physical interfaces. The standby chassis will monitor the VSL to
ensure that the active chassis remains functional.
Configuration, monitoring, and troubleshooting must be performed on the active virtual switch?
console access is disabled on the standby virtual switch. The active virtual switch is responsible
for all control plane functions, such as Simple Network Management Protocol (SNMP), Telnet,
Secure Shell (SSH), Spanning Tree Protocol (STP), Link Aggregation Control Protocol (LACP),
and Layer 3 routing. The data plane is active on both switches.
Virtual Switch Link Protocol (VSLP) is responsible for establishing the VSS. VSLP has two
component protocols: Link Management Protocol (LMP) and Role Resolution Protocol (RRP). The
VSS initialization process consists of the following steps:
1. The configuration file is pre-parsed for VSL configuration commands.
2. The VSL member interfaces are brought online.
3. LMP verifies link integrity, rejects unidirectional links, and establishes bidirectional
communication between switch chassis.
4. LMP exchanges switch IDs in order to detect duplicate IDs.
5. RRP checks hardware versions, software versions, and VSL configurations for compatibility.
6. RRP assigns the active virtual and standby virtual switch roles.
7. Switches come up in NSF/SSO mode or RPR mode.
8. Switches continue the normal boot process.
The switch chassis that is started first will always become the active virtual switch unless
preemption is configured. If both chassis are started simultaneously, the switch with the highest
priority will become the active virtual switch. By default, the priority is set to a value of 100. If
Cisco 400-101 Exam
priorities are equal, the switch with the lower switch ID will become the active virtual switch. In this
scenario, Switch1 has a higher priority and a lower switch ID; therefore, Switch1 will become the
active virtual switch and Switch2 will become the standby virtual switch. If the active chassis fails
and subsequently recovers, it will assume the role of standby chassis unless preemption is
configured.
If RRP determines that both switches are compatible, both chassis will come up in NSF/SSO
mode, in which all modules are powered up and can forward traffic. If RRP determines that an
incompatibility exists, the standby virtual switch will come up in RPR mode, in which all modules
are powered down. In this scenario, Switch1 will come up in NSF/SSO mode and Switch2 will
come up in RPR mode.
Reference:
https://www.cisco.com/c/dam/en/us/products/collateral/interfaces-modules/network-
modules/white_paper_c11_429338.pdf
To complete this question, click Select and Place and follow the instructions.
Select a description from a column on the left, and drag it to the corresponding OSPF area type on
the right. Some descriptions may be used more than once; not all descriptions will be used.
Answer:

Cisco 400-101 Exam
Explanation:
A totally stubby area does not accept Open Shortest Path First (OSPF) Type 3, 4, and 5 summary
linkstate advertisements (LSAs), which advertise routes outside the area. These LSAs are
replaced by a default route at the area border router (ABR). As a result, routing tables are kept
small within the totally stubby area. To create a totally stubby area, you should issue the area are
aid stub nosummary command in router configuration mode.
The backbone area, Area 0, accepts all OSPF LSAs. All OSPF areas must directly connect to the
backbone area or must traverse a virtual link to the backbone area. To configure a router to be
part of the backbone area, you should issue the area 0 command in router configuration mode.
An ordinary area, which is also called a standard area, accepts all OSPF LSAs. Every router in an
ordinary area contains the same OSPF routing database. To configure an ordinary area, you
should issue the area area-id command in router configuration mode.
A stub area accepts all OSPF LSAs except Type 5 LSAs, which advertise external summary
routes.

Cisco 400-101 Exam
Routers inside the stub area will send all packets destined for another area to the ABR. To
configure a stub area, you should issue the area area-id stub command in router configuration
mode.
A notsostubby area (NSSA) is basically a stub area that contains one or more autonomous system
boundary routers (ASBRs). Like stub areas, NSSAs accept all OSPF LSAs except Type 5 LSAs.
External routes from the ASBR are converted to Type 7 LSAs and tunneled through the NSSA to
the ABR, where they are converted back to Type 5 LSAs. To configure an NSSA, you should issue
the area area-id nssa command in router configuration mode. To configure a totally NSSA, which
does not accept summary routes, you should issue the area area-id nssa nosummary command in
router configuration mode.
Reference:
Cisco: What Are OSPF Areas and Virtual Links?
QUESTION NO: 31
Which of the following statements are true regarding Cisco PfR? (Select 2 choices.)
A.
Active mode generates probes for all exit paths.
B.
Passive mode generates probes for all exit paths.
C.
Active mode monitors delay, packet loss, throughput, and reachability.
D.
Both active mode and passive mode monitor reachability and delay.
E.
Active mode uses NetFlow to monitor performance metrics.
F.
Passive mode uses NetFlow to monitor performance metrics.
Answer: D,F
Explanation:
Passive mode uses NetFlow to monitor performance metrics, and both active mode and passive
mode monitor reachability and delay. Cisco Performance Routing (PfR) enhances traditional
routing methods by dynamically selecting the best path for applications based on network

Cisco 400-101 Exam
performance. The path selection procedure can be influenced by several factors, including delay,
packet loss, reachability, throughput, jitter, and mean opinion score (MOS). The following three
monitoring modes are used by PfR:
- Passive mode
- Active mode
- Fast mode
Passive mode relies on NetFlow to capture performance metrics, including delay, packet loss,
reachability, and throughput. Throughput can be measured for all traffic flows. Delay, packet loss,
and reachability can be measured only for Transmission Control Protocol (TCP) flows. Passive
mode does not use IP Service Level Agreement (SLA) probes to monitor exit paths.
Active mode does not use NetFlow to monitor performance metrics. Instead, active mode relies on
IP SLA probes that generate traffic to capture performance metrics. Metrics used by active mode
include delay, jitter, MOS, and reachability. Short-term monitoring uses the last five probe results;
Long-term monitoring uses the last 60 probe results.
Fast mode is similar to active mode. Active mode generates IP SLA probes only for the active exit
path. By contrast, fast mode continuously generates IP SLA probes for all possible exit paths, not
just the active exit path. Fast mode allows route changes to be made within three seconds.
However, the performance benefits of fast mode require significant processor overhead?
therefore, Cisco recommends that you use fast mode only for performance-sensitive traffic, such
as Voice over IP (VoIP) or video traffic.
Cisco: Cisco Performance Routing
Cisco: Performance Routing FAQs
QUESTION NO: 32
You are creating a policy map for VoIP packets. VoIP packets must receive 30 percent of the
bandwidth on the S0/0 interface. Jitter and delay should be minimized.
Which of the following commands should you issue from policy-map class configuration mode?
(Select the best answer.)
A.
priority 30
B.

Cisco 400-101 Exam
priority percent 30
C.
bandwidth 30
D.
bandwidth percent 30
Answer: B
Explanation:
You should issue the priority percent 30 command from policymap class configuration mode to
allocate 30 percent of the bandwidth of the S0/0 interface to Voice over IP (VoIP) packets. The
priority command creates a strict priority queue where packets are dequeued before packets from
other queues are dequeued, thereby minimizing jitter and delay. The syntax of the priority
command is priority {bandwidth | percent percentage} [burst], where bandwidth is specified in
Kbps and burst is specified in bytes. The presence of the priority command in the policy map
indicates that low latency queuing (LLQ) is used.
On voice networks, LLQ can be implemented to help reduce jitter. Additionally, you could
configure the voice class to a smaller queue size. Although a smaller queue size could result in
dropped packets, voice traffic is more tolerant of dropped packets than of delayed packets. A
small amount of packet loss is not noticeable to the human ear. Additionally, some codecs can
correct small amounts of packet loss. Therefore, a smaller queue size combined with the use of
LLQ could reduce delay and jitter.
You should not issue the priority 30 command from policymap class configuration mode. The
priority 30 command ensures that the traffic queue has 30 Kbps of guaranteed bandwidth during
periods of congestion, not 30 percent of the bandwidth on the interface.
You should not issue the bandwidth 30 command from policymap class configuration mode. The
syntax of the bandwidth command is bandwidth {bandwidth | percent percentage | remaining
percent percentage}, where bandwidth is specified in Kbps. Therefore, the bandwidth 30
command ensures that the traffic queue has 30 Kbps of guaranteed bandwidth, not 30 percent of
the bandwidth on the interface. If a policy map contains only bandwidth commands but no priority
commands, only classbased weighted fair queuing (CBWFQ) is used.
You should not issue the bandwidth percent 30 command from policymap class configuration
mode. Although the bandwidth percent 30 command ensures that packets receive 30 percent of
the bandwidth on the interface, it does not minimize jitter and delay.
Reference:
https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10100-
priorityvsbw.html

Cisco 400-101 Exam
QUESTION NO: 33
You administer the network shown above. RouterB and RouterC are running OSPF.
You issue the show ip ospf database external 192.168.1.0 command on RouterB and receive the
following output:
Which of the following statements is true about RouterB regarding the route to 192.168.1.0?
A.
The nexthop interface is running OSPF.
B.
The nexthop interface is passive.
C.
The nexthop interface is configured as a pointtopoint interface.
D.
RouterB is missing the network command for the 192.168.2.0 network.
Answer: A

Cisco 400-101 Exam
Explanation:
The nexthop interface on RouterB is running Open Shortest Path First (OSPF). The output from
the show ip ospf database external 192.168.1.0 command indicates that the forwarding address is
192.168.2.1. The forwarding address is a nonzero number only if the following five conditions are
met:
- OSPF is enabled on the nexthop interface.
- The nexthop interface is not passive.
- The nexthop interface is not pointtopoint.
- The nexthop interface is not pointtomultipoint.
- The nexthop interface address is a valid address within the subnet specified in the network
command.
Therefore, the nexthop address must be running OSPF. If the nexthop address were not running
OSPF or if any of the above conditions were not met, the forwarding address would be set to
0.0.0.0. This occurs because OSPF does not allow an external route to be used to reach another
external OSPF route.
RouterB is not missing the network command for the 192.168.2.0 network. If it were, OSPF would
not be enabled on the nexthop interface and the forwarding address would be set to 0.0.0.0.
The next-hop interface is not set for point-to-point or point-to-multipoint operation. If it were, the
forwarding address would be set to 0.0.0.0 and you would be required to issue a static route and
to redistribute static and connected subnets.
The next-hop interface on RouterB is not passive. Configuring an interface as a passive interface
prevents a router from sending or receiving OSPF routing information or hello packets on the
specified interface. To configure a router as a passive interface, you should issue the passive-
interface command in OSPF router configuration mode.
Reference:
Cisco: Common Routing Problem with OSPF Forwarding Address: Description of OSPF
Forwarding Address
QUESTION NO: 34
Which of the following is an IKE phase 1 mode that does not provide identity protection? (Select
the best answer.)
Cisco 400-101 Exam
A.
aggressive mode
B.
main mode
C.
quick mode
D.
transport mode
E.
tunnel mode
Answer: A
Explanation:
Aggressive mode is an Internet Key Exchange (IKE) phase 1 mode that does not provide identity
protection. There are two phases of IKE security negotiation. In phase 1, the IKE peers negotiate
an Internet Security Association and Key Management Protocol (ISAKMP) security association
(SA). An SA is a collection of security configuration parameters that each endpoint agrees to use,
thus enabling the construction of a secure channel of communication. The peers then establish a
key management tunnel and authenticate each other. The key management tunnel is used to
protect the SA negotiations that occur in the second phase.
IKE supports two methods of phase 1 security negotiations: main mode and aggressive mode.
Both modes negotiate an ISAKMP SA, establish a key management tunnel, and mutually
authenticate the IKE peers. However, aggressive mode requires three transactions to perform
these functions, whereas main mode requires six. Aggressive mode is faster than main mode, but
it is not as secure, because some authentication information is sent prior to the construction of the
key management tunnel.
Quick mode is not an IKE phase 1 mode? it is an IKE phase 2 mode. Quick mode negotiates
generalpurpose SAs using the existing tunnel that was established in phase 1. If Perfect Forward
Secrecy (PFS) is required, a peer router can request a DiffieHellman exchange through the
existing SA to exchange new keys. If PFS is not required, a peer router can use the existing
ISAKMP SAs and simply hash the existing session key.
Neither transport mode nor tunnel mode are IKE modes? they are IP Security (IPSec) encryption
modes. Transport mode encrypts only the data payload of an IP packet. Because the IP header
information is not encrypted, the source and destination addresses of the packets can be seen by
an attacker using a packet sniffer or network analyzer. Tunnel mode solves this problem by
encrypting the entire packet and then encapsulating the encrypted packet in a new IP header.
Although tunnel mode protects the source and destination addresses of a packet from network
analyzers, tunnel mode adds approximately 20 bytes to the size of each packet because of the
Cisco 400-101 Exam
additional IP header information.
Reference:
Cisco: Introduction to Cisco IPsec Technology: Internet Key Exchange Security (IKE)
ProtocolCisco: Introduction to Cisco IPsec Technology: Transport Mode and Tunnel Mode
QUESTION NO: 35
SwitchA and SwitchB are Layer 2 switches that are connected by a trunk link that forwards traffic
for all VLANs. Server1 uses RouterA as its default gateway. Server2 uses RouterB as its default
gateway. RouterA and RouterB are configured to perform interVLAN routing.
Which of the following statements is true? (Select the best answer.)
A.
Server1 and Server2 will be unable to communicate.
B.
Server1 and Server2 will be able to communicate without any problems.
C.
Server1 will be able to communicate with Server2, but Server2 will not be able to communicate
with Server1.
D.
Server2 will be able to communicate with Server1, but Server1 will not be able to communicate
with Server2.

Cisco 400-101 Exam
E.
Server1 and Server2 will be able to communicate, but excess unicast flooding will occur.
Answer: E
Explanation:
Server1 and Server2 will be able to communicate, but excess unicast flooding will occur because
of asymmetric routing. When Server1 wants to communicate with Server2, Server1 sends the
traffic through SwitchA to its default gateway, RouterA. RouterA routes the traffic through the
VLAN 20 subinterface to SwitchA. SwitchA does not know to which port Server2 is connected, so
it floods the traffic to all ports that belong to VLAN 20. SwitchB receives the flooded traffic and
forwards it directly to Server2.
When Server2 wants to respond to Server1, the same process happens in reverse. Server2 sends
the traffic through SwitchB to its default gateway, RouterB. RouterB routes the traffic through the
VLAN 10 subinterface to SwitchB. SwitchB does not know to which port Server1 is connected, so
it floods the traffic to all ports that belong to VLAN 10. SwitchA receives the flooded traffic and
forwards it directly to Server1.The behavior exhibited by the network topology in this scenario is
called asymmetric routing. The excess unicast flooding occurs because SwitchA does not see
traffic from the Media Access Control (MAC) address of Server2 and because SwitchB does not
see traffic from the MAC address of Server1. When a switch receives traffic for a destination that
is not listed in its forwarding table, it floods the traffic out all ports in that VLAN. If the servers in
this scenario send a lot of traffic to one another, other devices connected to the switches can be
adversely affected.
It is possible that one of the servers might send a broadcast Address Resolution Protocol (ARP)
request, which will cause both switches to learn the MAC address of the server. This will cause the
excess unicast flooding to stop. However, the server's MAC address will eventually age out of the
forwarding table, and the excess unicast flooding will resume.
Reference:
143.html#causes
QUESTION NO: 36

Cisco 400-101 Exam
You administer the network shown in the diagram. You want to configure a 6to4 tunnel between
RouterA and RouterB. You issue the show runningconfig command on RouterA and receive the
following partial output:
interface FastEthernet 0/0
ip address 192.168.1.1 255.255.255.0
Which of the following command sets should you issue on RouterA? (Select the best answer.)
A.
RouterA(config)#interface tunnel 0RouterA(configif)#ip address 192.168.1.1
RouterA(configif)#tunnel source FastEthernet 0/0
RouterA(configif)#tunnel mode ipv6ip 6to4
B.
RouterA(config)#interface tunnel 0RouterA(configif)#ip address 192.168.1.1
RouterA(configif)#tunnel source 2002:C0A8:0101::1/64
RouterA(configif)#tunnel mode 6to4
C.
Cisco 400-101 Exam
RouterA(config)#interface tunnel 0
RouterA(configif)#ipv6 address 2002:C0A8:0101::1/64
RouterA(configif)#exit
RouterA(config)#ipv6 route 2002::/16 tunnel 0
D.
Answer: C
Explanation:
You should issue the following commands on RouterA:
First, you should create the tunnel by issuing the interface tunnel tunnel number command.
Issuing the interface tunnel 0 command will create the Tunnel 0 interface and place the router in
interface configuration mode.
Next, you should assign an IPv6 address for the tunnel by issuing the ipv6 address ipv6 address
command. The IPv6 address for a 6to4 tunnel interface begins with 2002::/16, and the 32 bits
following the 2002::/16 prefix correspond to the IPv4 address of the tunnel source. To calculate the
IPv6 address prefix that should be used for the tunnel, you should convert the IPv4 address of the
tunnel source from dotted decimal to hexadecimal and append it to the 2002::/16 prefix. In this
Cisco 400-101 Exam
scenario, the tunnel source is the IPv4 address of the FastEthernet 0/0 interface, which is
192.168.1.1. The dotted decimal address 192.168.1.1 converts to the hexadecimal address
C0A8:0101. Therefore, the IPv6 address prefix 2002:C0A8:0101::/64 should be used for the
tunnel? the IPv6 address 2002:C0A8:0101::1/64 is a valid host address for this prefix.
Alternatively, you can have the tunnel use the IPv6 address that is configured for another router
interface by issuing the ipv6 unnumbered interface command. However, for a 6to4 tunnel, the
interface must be configured with an IPv6 address that corresponds to the IPv4 address of the
tunnel source.
Next, you should configure the tunnel source by issuing the tunnel source {ipv4address | interface}
command. In this scenario, you should issue either the tunnel source 192.168.1.1 command or the
tunnel source FastEthernet 0/0 command.
You should then configure the tunnel mode for 6to4 operation by issuing the tunnel mode ipv6ip
6to4 command. The following tunnel mode commands can be used for IPv6 overlay tunnel
creation:
- tunnel mode ipv6ip 6to4 - creates a 6to4 tunnel
- tunnel mode ipv6ip - creates a manual IPv6 tunnel
- tunnel mode gre ipv6 - creates a Generic Routing Encapsulation (GRE) tunnel
- tunnel mode ipv6ip autotunnel - creates an IPv4compatible tunnel
-tunnel mode ipv6ip isatap - creates an IntraSite Automatic Tunnel Addressing
Protocol (ISATAP) tunnel
The complete procedure for setting up an IPv6 tunnel differs for each of the tunnel types listed
above.
Finally, you should exit interface configuration mode and configure a static route to direct IPv6
traffic to the 6to4 tunnel by issuing the ipv6 route ipv6prefix/prefixlength tunnel tunnelnumber
command in global configuration mode. The prefix 2002::/16 must always be used for 6to4
tunnels.
After you have issued the commands to create the tunnel on RouterA, you should issue similar
commands on RouterB to create the other side of the tunnel.
The following command set is incorrect because an IPv6 address, not an IPv4 address, should be
configured for the tunnel:
RouterA(configif)#ip address 192.168.1.1

Cisco 400-101 Exam
Additionally, the ipv6 route 2002::/16 tunnel 0 command is missing.
The following command set is incorrect because an IPv6 address, not an IPv4 address, should be
configured for the tunnel:
RouterA(configif)#ip address 192.168.1.1
RouterA(configif)#tunnel source 2002:C0A8:0101::1/64
Additionally, the tunnel source should specify an IPv4 address or an IPv4enabled interface, not an
IPv6 address. Furthermore, the tunnel mode 6to4 command is not a valid Cisco command. Finally,
the ipv6 route 2002::/16 tunnel 0 command is missing.
The following command set is incorrect because the tunnel mode is incorrectly specified by the
tunnel mode 6to4 command:
RouterA(configif)#tunnel source 192.168.1.1
RouterA(config)#ip route 2002::/16 tunnel 0
Although the tunnel source 192.168.1.1 command in this command set is specified differently from
the tunnel source FastEthernet 0/0 command in the correct command set, both are valid methods
of specifying the tunnel source.
Reference:
Cisco: Implementing Tunneling for IPv6

Cisco 400-101 Exam
QUESTION NO: 37
Which of the following typically occurs during the Discovery stage of a PPPoE session? (Select
the best answer.)
A.
The MAC address of the peer is obtained.
B.
LCP negotiates configuration options.
C.
NCP configures Network layer protocols.
D.
PPP authenticates by using CHAP or PAP.
Answer: A
Explanation:
The Media Access Control (MAC) address of the peer is obtained during the Discovery stage of a
Pointto-
Point Protocol over Ethernet (PPPoE) session. The Discovery stage is also sometimes called the
Active Discovery stage. PPPoE sessions are divided into two distinct stages: the Discovery stage
and the Session stage. Because an Ethernet host must first establish a connection to the remote
peer before it can send data, the PPPoE Discovery stage must retrieve the MAC address of the
remote peer and establish a PointtoPoint Protocol (PPP) session ID before establishing a PPP
session.
Following the Discovery stage, the Session stage behaves mostly the same as a normal PPP
session over a WAN link or dialup connection behaves. Therefore, the Session stage is also
sometimes called the PPP Session stage. During the Session stage, PPP negotiates configuration
options by sending Link Control Protocol (LCP) frames. Next, PPP sends out Network Control
Protocol (NCP) frames to configure Network layer protocol information on the link and enable the
link for packet traversal. The Session stage is also the stage in which PPP authentication occurs
by using either Challenge Handshake Authentication Protocol (CHAP) or Password Authentication
Protocol (PAP).
Reference:
IETF: RFC 2516: A Method for Transmitting PPP Over Ethernet (PPPoE): 5. Discovery Stage

Cisco 400-101 Exam
QUESTION NO: 38
Which of the following is true regarding EIGRPv6? (Select the best answer.)
A.
EIGRPv6 establishes neighbor relationships by using link-local addresses.
B.
EIGRPv6 requires that neighbors be in the same subnet.
C.
EIGRPv6 uses the network command to specify the networks that should be advertised.
D.
EIGRPv6 supports automatic summarization.
E.
EIGRPv6 requires that a router ID be manually configured.
Answer: A
Explanation:
Like Open Shortest Path First version 3 (OSPFv3), Enhanced Interior Gateway Routing Protocol
version 6
(EIGRPv6) establishes neighbor relationships by using link-local addresses. EIGRPv6 is also

referred to as EIGRP for IPv6. To enable EIGRPv6 on a router, you should issue the ipv6 router
eigrp as-number command in global configuration mode, where as-number is the autonomous
system number (ASN), and then issue the no shutdown command in router configuration mode to
start the routing process.
EIGRPv6 does not require that a router ID be manually configured. The router ID is automatically
configured unless there are no IPv4 addresses configured on the router. If there are no IPv4
addresses configured on the router, you must issue the router-id id command in router
configuration mode to manually configure a router ID, where id is a 32bit value similar to an IPv4
address.
In order for a neighbor relationship to form between two routers running EIGRP for IPv4, the
primary IP address of each router must be on the same subnet? EIGRP will not form a neighbor
relationship over a secondary IP address. However, EIGRPv6 does not require that neighbors be
in the same subnet to form a neighbor relationship.
Unlike EIGRP for IPv4, EIGRPv6 does not use the network command to specify the networks that
should be advertised. Instead, EIGRPv6 is configured directly on each participating interface? the
networks associated with those interfaces are advertised. To enable EIGRPv6 on an interface, you
should issue the ipv6 eigrp as-number command in interface configuration mode. You need not
configure EIGRPv6 on any interfaces that are configured as passive interfaces.

Cisco 400-101 Exam
Unlike EIGRP for IPv4, EIGRPv6 does not support automatic summarization. IPv6 does not use
classful routing like IPv4 does, so automatic summarization is not possible with EIGRPv6.
Reference:
https://learningnetwork.cisco.com/docs/DOC-11783
https://learningnetwork.cisco.com/servlet/JiveServlet/downloadBody/8347-102-3-
41650/CCNP%2520Route.pdf
QUESTION NO: 39
What AD is assigned to EIGRP summary routes by default? (Select the best answer.)
A.
0
B.
1
C.
5
D.
90
E.
170
Answer: C
Explanation:
Enhanced Interior Gateway Routing Protocol (EIGRP) summary routes are assigned an
administrative distance (AD) of 5 by default. AD values are used to determine the routing protocol
that should be preferred when multiple routes to a destination network exist. A routing protocol
with a lower AD will be preferred over a route with a higher AD. The following list contains the
most commonly used ADs:

Cisco 400-101 Exam
To modify the AD of incoming routes, you should issue the distance command. The syntax of the
distance command is distance administrativedistance ipaddress wildcardmask [acl]. The ipaddress
and wildcardmask parameters define the source of the route. The optional acl parameter, which
can be specified by access control list (ACL) name or number, specifies the routes to which the
AD should be applied. If no ACL is specified in the distance command, then the AD is applied to all
routes received from the specified IP address or network.
Directly connected routes have an AD of 0. Therefore, directly connected routes are trusted over
routes from any other source.
Static routes have an AD of 1. Therefore, static routes are more trusted than routes from any
routing protocol. Static routes are optimal for routing networks that do not change often. To create
a static route, you should issue the ip route command.
Routes that are learned by EIGRP are called internal EIGRP routes and have an AD of 90. Routes
that are redistributed into EIGRP are called external EIGRP routes and have an AD of 170. To
modify the AD values used by EIGRP, you should issue the distance eigrp internal external
command, where internal is the AD used for internal EIGRP routes and external is the AD used for
external EIGRP routes.
Reference:
Cisco: What Is Administrative Distance?
QUESTION NO: 40

Cisco 400-101 Exam
You want to configure SNMPv3 to use encrypted authentication.
Which of the following security levels should you configure? (Select the best answer.)
A.
noAuthNoPriv
B.
authNoPriv
C.
authPriv
D.
authCommunity
Answer: C
Explanation:
You should configure the Simple Network Management Protocol version 3 (SNMPv3) authPriv
security level if you want to configure SNMPv3 to use encrypted authentication. For example, the
snmpserver host 192.168.51.50 traps version 3 priv BOSONcommand will configure a router to
send SNMP traps to the host at 192.168.51.50 by using SNMPv3. In addition, the priv keyword in
this command configures SNMPv3 to authenticate by using a hash of the user name BOSON over
an encrypted connection. The syntax of the snmpserver host command is snmpserver host
ipaddress [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}] communitystring [udpport port]
[notificationtype], where ipaddress is the IP address of the remote device that will receive SNMP
information, communitystring is a string value indicating the name of the SNMP community to
which the SNMP device belongs, port is an optional User Datagram Protocol (UDP) port value to
use, and notificationtype is a keyword that limits the types of notifications sent by SNMP.
There are three SNMPv3 security levels: noAuthNoPriv, authNoPriv, and authPriv. The authPriv
security level authenticates by matching a Message Digest 5 (MD5) or Secure Hash Algorithm
(SHA) hash of the user name. The authentication process is also encrypted by using either Data
Encryption Standard (DES), Triple DES (3DES), or Advanced Encryption Standard (AES).
You should not use the noAuthNoPriv security level, because that security level authenticates by
matching the user name in clear text. For example, the snmpserver host 192.168.51.50 traps
version 3 noauth BOSON command will configure a router to send SNMP traps to the host at
192.168.51.50 by using SNMPv3 and to authenticate the user name of BOSON that is sent as
clear text over an unencrypted connection. Authentication operates differently in SNMPv3 than it
does in SNMPv1 and SNMPv2C, both of which match a cleartext community string to
authenticate. For example, the snmpserver host 192.168.51.50 traps version 2c BOSON
command configures a router to send SNMP traps to the host at 192.168.51.50 by using
SNMPv2C and to authenticate by sending a cleartext community string of BOSON over an

Cisco 400-101 Exam
unencrypted connection.
You should not configure the authNoPriv security level, because that security level does not
encrypt the authentication process. Similar to the authPriv security level, the authNoPriv security
level matches an MD5 or SHA hash of the user name in order to authenticate. Although a hash of
the user name is matched instead of the cleartext user name itself, the authentication process is
not encrypted. Therefore, the hash that is to be matched is sent in clear text. For example, the
snmpserver host 192.168.51.50 traps version 3 auth BOSON command configures a router to
send SNMP traps to the host 192.168.51.50 by using SNMPv3 and to authenticate by sending a
hash of the user name BOSON over an unencrypted connection.
You cannot configure the authCommunity level, because there is no such security level. Although
SNMPv1 and SNMPv2C authenticate by using cleartext community strings, there is no security
level that enables you to configure SNMPv3 to authenticate by using community strings.
Reference:
Cisco: Configuring Simple Network Management Protocol: Prerequisites for SNMP
QUESTION NO: 41
You issue the defaultinformation originate command from RIP router configuration mode on
RouterA.
Which of the following will occur? (Select the best answer.)
A.
A default route will be generated into RIP.
B.
Default routes will be sent over passive interfaces.
C.
Only routes that originate on RouterA will be advertised.
D.
Routes will be advertised only when the routing database is updated.
Answer: A
Explanation:
A default route will be generated into Routing Information Protocol (RIP). Default routes are not
generated into RIP by default.
Cisco 400-101 Exam
The syntax of the RIP defaultinformation originate command is defaultinformation originate
[onpassive | routemap mapname]. Default routes are not sent over passive interfaces by default.
However, the defaultinformation originate onpassivecommand configures RIP to send default
routes on RIP passive interfaces. The defaultinformation originate routemap mapname command
configures RIP to generate a default route only if the route map condition is satisfied. For example,
you could configure a route map that matches a certain IP address range so that if an IP address
in that range is present, the default route is generated.
The defaultinformation originate command will not cause RouterA to advertise only routes that
originate on RouterA. All routes that are advertised by RIP to RouterA can be advertised by
RouterA.
By default, routes are advertised by RIP every 30 seconds, not just when the routing database is
updated. However, you can configure RIP to send triggered advertisements by issuing the ip rip
triggered command from interface configuration mode. The following events will trigger a partial or
full database update:
- When the router is first powered on, the full database is sent.
- When the router receives a specific request for a routing table update, the full database is sent.
- When the configured interface comes up or goes down, a partial database is sent.
- When information from another interface modifies the routing table, only the latest changes are
sent.
Reference:
Cisco: RIP Command Reference: defaultinformation originate (RIP)
QUESTION NO: 42
You issue the following commands on SwitchA:
SwitchA(config)#interface portchannel 1
SwitchA(configif)#ip address 192.168.1.1 255.255.255.0
SwitchA(configif)#lacp maxbundle 2
SwitchA(configif)#interface range gi 3/2 - 3
SwitchA(configifrange)#channelprotocol lacp
SwitchA(configifrange)#channelgroup 1 mode active

Cisco 400-101 Exam
You want to add interface Gi 3/1 to the channel group.
Which of the following commands should you issue to configure Gi 3/1 as a standby interface?
A.
lacp portpriority 22222
B.
lacp portpriority 44444
C.
lacp systempriority 22222
D.
lacp systempriority 44444
Answer: B
Explanation:
You should issue the lacp port-priority 44444 command. The lacp portp-riority valuecommand
configures a Link Aggregation Control Protocol (LACP) interface with a port priority, which is used
to determine which interfaces are active interfaces and which interfaces are standby interfaces.
The value parameter is a value from 1 through 65535? if no priority value is defined, the default
port priority value of 32768 is used. Ports with lower priority values are used as active interfaces
before ports with higher priority values. If multiple ports have the same priority value, ports with
lower port numbers are used before ports with higher port numbers.
The lacp max-bundle 2 command configures a maximum of two active ports on the LACP
EtherChannel. Any additional ports that are configured for the EtherChannel are placed in the
standby state based on port priority values. In this scenario, Gi 3/2 and Gi 3/3 are not assigned a
port priority value. Therefore, the default port priority value of 32768 is used. To configure Gi 3/1 to
be used as a standby interface, the port priority value of Gi 3/1 must be higher than 32768.
Therefore, you should issue the lacp port-priority
44444command.
The lacp port-priority 22222 command would configure interface Gi 3/1 with a lower port priority
value than that of Gi 3/2 and Gi 3/3. If you were to issue this command, interface Gi 3/1 would
become an active interface? interface Gi 3/3 would become a standby interface because Gi 3/2
and Gi 3/3 have the same priority value and Gi 3/3 is a higher port number than Gi 3/2.
The lacp system-priority command configures a switch with an LACP system priority. The system
priority value can be from 1 through 65535? if no priority value is defined, the default system
priority value of 32768 is used. The switch with the lowest system priority makes the decisions
regarding which ports are active on the EtherChannel. If two switches have the same priority, the
switch with the lowest Media Access Control (MAC) address makes the decisions regarding which

Cisco 400-101 Exam
ports are active on the EtherChannel. The lacp system-priority 22222 command configures a
switch with a system priority lower than the default value, and the lacp systempriority 44444
command configures a switch with a system priority higher than the default value. However,
neither lacp systempriority command can be used to configure an interface as a standby interface.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/gigeth.html
QUESTION NO: 43
Which of the following steps in the NAT order of operation typically occur after NAT
insidetooutside translation? (Select 3 choices.)
A.
decryption
B.
encryption
C.
redirect to web cache
D.
check inbound access list
E.
check outbound access list
F.
inspect CBAC
G.
policy routing
H.
IP routing
Answer: B,E,F
Explanation:
The following steps of the Network Address Translation (NAT) order of operation typically occur
after NAT insidetooutside translation:

Cisco 400-101 Exam
- Encryption
- Check outbound access list
- Inspect Contextbased Access Control (CBAC)
NAT enables a network to communicate with a separate network, such as the Internet, by
translating traffic from IP addresses on the local network to another set of IP addresses that can
communicate with the remote network. NAT insidetooutside translation, which is also known as
localtoglobal translation, occurs when the NAT router maps an inside network source IP address
to an outside network source IP address before forwarding the packet to the next hop. When a
NAT router performs NAT insidetooutside translation, the following operations occur in order:
1. If IP Security (IPSec) is implemented, check inbound access list
2. Decryption
3. Check inbound access list
4. Check inbound rate limits
5. Inbound accounting
6. Redirect to web cache
7. Policy routing
8. IP routing
9. NAT insidetooutside translation
10. Check crypto map and mark for encryption
11. Check outbound access list
12. Inspect CBAC
13. Transmission Control Protocol (TCP) intercept
14. Encryption
15. Queueing
Conversely, when a NAT router performs NAT outsidetoinside, or globaltolocal, translation, the
NAT outsidetoinside translation operation immediately follows the redirect to web cache operation.
Otherwise, the order of operation is the same:
1. If IPSec is implemented, check inbound access list
2. Decryption

Cisco 400-101 Exam
7. NAT outsidetoinside translation
8. Policy routing
9. IP routing
12. Inspect CBAC
13. TCP intercept
14. Encryption
15. Queueing
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/6209-5.html#topic1
QUESTION NO: 44
Which of the following are benefits of using VRRP? (Select 3 choices.)
A.
VRRP supports up to 1,024 virtual routers per physical router interface.
B.
VRRP provides one virtual IP address for a group of routers.
C.
VRRP can be used with routers from different vendors.
D.
VRRP allows load balancing across multiple WAN links.
E.
VRRP supports MD5 authentication.

Cisco 400-101 Exam
Answer: B,C,E
Explanation:
Virtual Router Redundancy Protocol (VRRP) provides one virtual IP address for a group of routers,
VRRP can be used with routers from different vendors, and VRRP supports Message Digest 5
(MD5) authentication. VRRP is a standardsbased protocol that enables a group of routers to form
a single virtual router. With VRRP, several routers are grouped to appear like a single default
gateway for the network. VRRP uses the IP address of a physical interface on the master virtual
router, which is the router in the group with the highest VRRP priority. The other routers in the
group are known as backup virtual routers. If the master virtual router fails, the backup virtual
router with the highest priority will assume the role of the master virtual router, thereby providing
uninterrupted service for the network. When the original master virtual router comes back online, it
reestablishes its role as the master virtual router.
Because VRRP is a standardsbased protocol, VRRP can be used with routers from many different
vendors. VRRP is defined in Request for Comments (RFC) 3768. By contrast, Hot Standby Router
Protocol (HSRP) and Gateway Load Balancing Protocol (GLBP) are both Ciscoproprietary
protocols. Therefore, HSRP and GLBP cannot be used with routers from multiple vendors.
VRRP supports plaintext and MD5 authentication. When a router receives a VRRP packet for its
VRRP group, it validates the authentication string. If the authentication string does not match the
string that is configured on the router, the VRRP packet is discarded. When plaintext
authentication is configured, the authentication string is sent unencrypted. When MD5
authentication is configured, each VRRP packet is sent with a keyed MD5 hash of that packet? if
the receiving device does not generate the same hash, the packet is ignored.
Because only the VRRP master virtual router can be the default gateway, VRRP does not allow
load balancing across multiple WAN links. By contrast, GLBP allows up to four primary active
virtual forwarders (AVFs) to load balance across multiple WAN links. The virtual router has its own
virtual IP address and up to four virtual Media Access Control (MAC) addresses, one for each of
the primary AVFs in the group. One of the routers in the GLBP group is elected the active virtual
gateway (AVG) and performs the administrative tasks for the standby group, such as responding
to Address Resolution Protocol (ARP) requests. When a client sends an ARP request for the IP
address of the default gateway, the AVG responds with one of the virtual MAC addresses in the
group. Because multiple routers in the GLBP group can actively forward traffic, GLBP provides
load balancing as well as local redundancy.GLBP, not VRRP, can support up to 1,024 virtual
routers per physical router interface. VRRP and HSRP both support up to 255 virtual routers per
physical router interface.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/12-4/fhp-12-4-
book/fhp-vrrp.html
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/command/fhp-cr-book/fhp-
v1.html#wp8990239320

Cisco 400-101 Exam
QUESTION NO: 45
You issue the ip sla schedule 10 command.
When will the IP SLA operation run? (Select the best answer.)
A.
immediately
B.
every 10 seconds
C.
in 10 seconds
D.
in 10 hours
E.
at 10 a.m.
F.
never
Answer: F
Explanation:
The IP Service Level Agreement (SLA) operation will never run because a start time has not been
configured. IP SLA operations are a suite of tools on Cisco devices that enable an administrator to
analyze and troubleshoot IP networks. For example, the following command set configures IP SLA
to regularly test and verify the reachability of IP address 10.10.10.2:
ip sla 1
type echo protocol ipIcmpEcho 10.10.10.2
timeout 1000
threshold 2
frequency 3
ip sla schedule 1 life forever starttime now
The syntax of the ip sla schedule command is ip sla schedule operationnumber [life{forever |

Cisco 400-101 Exam
seconds}] [starttime {hh:mm[:ss] [month day | day month] | pending | now | after hh:mm:ss |
random milliseconds}] [ageout seconds] [recurring]. The ip sla schedule command has replaced
the ip sla monitor schedule command, which you might see on older IOS versions.
The starttime keyword indicates when the IP SLA operation should start. If the starttime keyword is
not specified, the operation is placed in a pending state and will not run automatically? issuing the
starttime pending keywords also places the operation in a pending state. To configure an IP SLA
operation to begin immediately, you should issue the starttime now keywords. To configure an IP
SLA operation to begin in 10 seconds, you should issue the starttime after 00:00:10 keywords. To
configure an IP SLA operation to begin in 10 hours, you should issue the starttime after 10:00:00
keywords. To configure an IP SLA operation to begin at 10 a.m., you should issue the starttime
10:00command.
The life keyword specifies how long the operation should run. If the life keyword is not specified,
such as in the ip sla schedule 20 starttime 9:00:00 command, the operation will run for 3,600
seconds, or one hour. The life keyword is not specified in the ip sla schedule 20 starttime 9:00:00
command in this scenario? therefore, the operation will run for one hour.
The operationnumber variable indicates the number of the IP SLA operation that is to be
scheduled. The ip sla schedule 20 starttime 9:00:00 command in this scenario specifies that IP
SLA operation 20 is to be scheduled.
The ip sla schedule command does not influence how often an IP SLA operation is repeated. To
change how often an IP SLA operation is repeated, you can issue the frequency command from
an IP SLA configuration submode. If the frequency command is not configured, the IP SLA
operation will repeat every 60 seconds. The variable for the frequency command is specified in
seconds; therefore, to configure an IP SLA operation to repeat every 10 seconds, you should
issue the frequency 10 command. The frequency 60 command has the same effect as the default
frequency of 60 seconds.
Reference:
Cisco: Cisco IOS IP SLAs Command Reference: ip sla schedule
QUESTION NO: 46
You have installed a TACACS+ server on the network that you administer. You want to configure
AAA on a router so that the router uses the TACACS+ server for authentication when a user
attempts to log in to the router. However, if the server is unavailable, you want to ensure that the
router uses its local user database.
Which of the following commands should you issue? (Select the best answer.)
A.
aaa authentication login default local
Cisco 400-101 Exam
B.
aaa authentication login user
C.
aaa authentication login default group tacacs+ local
D.
aaa authentication login user group tacacs+
Answer: C
Explanation:
You should issue the aaa authentication login default group tacacs+ local command to ensure that
the router uses its local user database if the Terminal Access Controller Access Control System
Plus (TACACS +) server is unavailable. Authentication, Authorization, and Accounting (AAA) is
used to control access to a router or switch. When implementing AAA, you can configure a router
to authenticate users against a local database, against a Remote Authentication DialIn User
Service (RADIUS) server, or against a TACACS+ server. In order to use AAA authentication with
an authentication server, you must ensure that an authentication server is available on the
network. To prepare for the possibility that the authentication server might become unavailable,
you can configure a router so that it will use another method, such as the local user database or
the enable password, in the absence of the authentication server. To accomplish this, you should
issue the aaa authentication login default group tacacs+ local command or the aaa authentication
login default group tacacs+ enable command. The aaa authentication login command configures
AAA authentication on a router or a switch to limit login access to the router. The first parameter,
default, specifies that the command is the default authentication method used on the router. The
group tacacs+ keywords specify that the TACACS+ server should be used. The final keyword,
which should be localin this scenario, specifies that if the TACACS+ server is unavailable, the
local user database on the router should be used for authentication.
Issuing the aaa authentication login default local command would configure AAA authentication to
use the local database for authentication purposes. Issuing this command would not configure the
router to use the TACACS+ server for authentication as specified in the scenario.
The aaa authentication login user command is an incomplete command. Issuing this command
would create an authentication list named user, but it would not define any authentication methods
for the list. You must specify at least one authentication method when defining an authentication
list.
Issuing the aaa authentication login user group tacacs+ command would create an authentication
list named user that uses the TACACS+ server to authenticate users. However, because local is
not specified after group tacacs+, the local user database will not be used if the TACACS+ server
is unavailable.
Reference:
Cisco 400-101 Exam
Cisco: Cisco IOS Security Command Reference: aaa authentication login
QUESTION NO: 47
You issue the show runningconfig command on an NHRP hub router and receive the following
partial output:
interface Tunnel0
ip nhrp networkid 1
ip nhrp authentication Boson
ip nhrp map multicast dynamic
Which of the following commands must you issue on a corresponding spoke router in order for the
tunnel to establish? (Select the best answer.)
A.
interface tunnel 0
B.
ip nhrp networkid 1
C.
ip nhrp authentication Boson
D.
Answer: C
Explanation:
Of the choices provided, you must issue the ip nhrp authentication Boson command on a
corresponding spoke router in order for the tunnel to establish. The authentication key must match
on an NHRP hub router and an NHRP spoke router. If the authentication key does not match on
the hub and the spoke, the tunnel will not establish. To configure the authentication key, issue the
ip nhrp authentication key command in interface configuration mode for the tunnel interface. The
authentication key can be any value up to eight characters in length. The authentication key is
case-sensitive.
Although you do need to issue the interface tunnel command to configure the tunnel, you need not
specifically configure the Tunnel 0 interface by issuing the interface tunnel 0 command. The tunnel
interface ID need not match on the hub and spokes. The tunnel interface ID number is a locally
Cisco 400-101 Exam
significant value. As long as the tunnel is configured properly, the tunnel between the hub and the
spoke will establish regardless of the interface ID that is used for the tunnel.
Although you do need to issue the ip nhrp network-id command to enable NHRP on the tunnel
interface, you need not specifically configure the NHRP network ID to a value of 1 by issuing the ip
nhrp network-id 1 command. The NHRP network ID is used to identify the NHRP domain for an
interface when two or more NHRP domains are configured on the same device. The network ID is
a locally significant value and is not sent out in any NHRP packets. When NHRP packets arrive on
an interface, those packets are assigned to the network ID that is configured on that interface.
Although it is easier to keep track of NHRP domains if all of the devices in the NHRP domain are
configured with the same NHRP network ID, it is not required. To configure the network ID, issue
the ip nhrp networkid network-id command in interface configuration mode for the tunnel interface.
The network key can be any value from 1 through 4294967295.
You should issue the ip nhrp map multicast dynamic command on a hub router, but you should not
issue it on a spoke router. The ip nhrp map multicast dynamiccommand configures the hub router
to allow spoke routers to register with the hub as multicast receivers. Instead, spoke routers
should be configured with the ip nhrp map multicast ipaddress command, where ipaddress is the
physical IP address of the hub router.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html
QUESTION NO: 48
Issuing which of the following commands is most likely to ensure that a BGP router will prefer one
route over another when multiple paths exist to a destination? (Select the best answer.)
A.
defaultmetric 1
B.
defaultmetric 4294967295
C.
bgp default localpreference 0
D.
bgp default localpreference 4294967295
E.
neighbor ip-address weight 0

Cisco 400-101 Exam
F.
neighbor ip-address weight 65535
Answer: F
Explanation:
Issuing the neighbor ipaddress weight 65535 command is most likely to ensure that a Border
Gateway Protocol (BGP) router will prefer one route over another when multiple paths exist to a
destination. The syntax of the neighbor weight command is neighbor{ipaddress | peergroupname}
weight weightvalue, where ipaddress is the IP address of a neighbor router, peergroupname is the
name of a BGP peer group, and weightvalueis a locally significant weight value from 0 through
65535. By default, routes sourced by the local router are assigned a weight of 32768 and routes
learned from another BGP router are assigned a weight of 0.
The first attribute that BGP uses when determining the best path to a destination is the weight
attribute. The weight attribute is only significant on the router on which it is configured. The
neighbor ipaddress weight 65535 command configures the weight variable to the highest possible
value so that the route to the neighbor with the specified IP address will be preferred over all other
routes.
Issuing the neighbor ipaddress weight 0 command configures the weight variable to the lowest
possible value. Therefore, issuing this command would not ensure that a BGP router will prefer
one route over another.
When weight values are equal, the route with the highest local preference is preferred. The bgp
default localpreference command is used to configure the local preference value, which is
advertised to internal BGP (iBGP) neighbor routers to influence routing decisions. The syntax of
the bgp default localpreference command is bgp default localpreference number, where number is
a value from 0 through 4294967295. By default, a value of 100 is used for the local preference if
no local preference value is configured. Issuing the bgp default localpreference 4294967295
command would influence the routing decisions of a neighbor router more than issuing the bgp
default localpreference 0 command would. However, neither of these commands would be more
likely than the neighbor ipaddress weight 65535 command to ensure the selection of a route.
When weight values, local preference values, locally originated paths, autonomous system (AS)
path lengths, and origin codes are equal, the route with the lowest multiexit discriminator (MED)
value is preferred. The defaultmetric command is used to configure the MED value, which is
advertised to external BGP (eBGP) routers in order to specify a preferred path into an AS with
multiple entry points. The syntax of the defaultmetriccommand is defaultmetric number, where
number is a value from 1 through 4294967295. When this command is issued, routes redistributed
into BGP are assigned the MED value? redistributed connected routes are assigned a MED value
of 0 regardless of the defaultmetric setting. Issuing the defaultmetric 1 command would influence
the routing decisions of a neighbor router more than issuing the defaultmetric 4294967295
command would. However, neither of these commands would be more likely than the neighbor
ipaddress weight 65535 command to ensure the selection of a route.
Reference:
Cisco 400-101 Exam
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html
https://www.cisco.com/c/en/us/td/docs/ios/iproute_bgp/command/reference/irg_book/irg_bgp4.htm
l#wp1145180
QUESTION NO: 49
You issue the ipv6 flowset command on a Cisco router.
Which of the following is the smallest packet size that the router will track with flow labels? (Select
the best answer.)
A.
1,024 bytes
B.
1,280 bytes
C.
1,500 bytes
D.
2,048 bytes
Answer: B
Explanation:
The ipv6 flowset command configures a router to use flow labels for tracking destinations to which
it has sent packets that are at least 1,280 bytes in size, which is the default IPv6 maximum
transmission unit (MTU) size. IPv6 uses an MTU discovery process to ensure that packets created
by a host do not exceed the maximum packet size permitted on any particular link along the path
between the packet's source and destination.
Unlike IPv4, which enables intervening devices such as routers to fragment packets that exceed
the permitted size for a local link, IPv6 requires the traffic originator to ensure that each packet
sent is small enough to traverse the entire link without fragmentation. Each host maintains an MTU
cache that is populated by the MTU values from Internet Control Message Protocol version 6
(ICMPv6) Packet Too Big messages corresponding to each destination to which the host has
forwarded packets. If an attacker can corrupt this MTU cache by sending arbitrarily small MTU
values in spoofed ICMPv6 Packet Too Big messages, the target host could spend a significant
amount of its resources fragmenting packets destined to the corrupted destinations.
The ipv6 flowset command configures a Cisco router to use flowlabel marking to keep track of

Cisco 400-101 Exam
destinations to which it has sent packets that are greater than or equal to the default IPv6 MTU of
1,280 bytes. Each flow label is random, unique, and periodically updated. If an ICMPv6 Packet
Too Big message is received without the appropriate, corresponding flow label, the message is
discarded.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2s/ipv6-15-2s-
book.html#GUID-9B24083F-2DCD-49B6-937C-5190B7984D07
https://www.cisco.com/c/en/us/td/docs/ios/ipv6/command/reference/ipv6_book/ipv6_05.html#wp23
25752
QUESTION NO: 50
For which of the following situations is an OSPF virtual link useful? (Select 2 choices.)
A.
connecting discontinuous nonbackbone areas
B.
connecting discontinuous backbone areas
C.
connecting a remote area to the backbone area through a standard area
D.
connecting a remote area to the backbone area through a stub area
E.
connecting to an interface that requires authentication
F.
connecting OSPF areas separated by another routing protocol
G.
connecting OSPF areas across an MPLS VPN backbone
Answer: B,C
Explanation:
An Open Shortest Path First (OSPF) virtual link is useful for the following situations:
- Connecting a remote area to the backbone area through a standard area

Cisco 400-101 Exam
- Connecting discontinuous backbone areas
All areas in an OSPF internetwork must be directly connected to the backbone area, Area 0. When
a direct connection to the backbone area is not possible, a virtual link must be created between
two area border routers (ABRs) to connect the remote area to the backbone area through a transit
area. The following restrictions apply to virtual links:
- The routers at each end of the virtual link must share a common area.
- The transit area cannot be a stub area.
- The transit area cannot be the backbone area.
- One router must connect to the backbone area.
Area 0 must be continuous. The loss of a router or the loss of a link between two routers can
cause Area 0 to become discontinuous, or partitioned. A virtual link can be created to connect the
discontinuous sections of the Area 0 backbone across a transit area. To connect a discontinuous
backbone, the routers at each end of the virtual link must connect to the backbone area and the
transit area.
To create a virtual link, you should issue the area areaid virtuallink routerid command in router
configuration mode on the routers at each end of the virtual link, where areaid is the transit area ID
and routerid is the router ID of the router at the other end of the virtual link.
A virtual link is not necessary for connecting discontinuous nonbackbone areas. Discontinuous
nonbackbone areas are advertised to one another through interarea routes instead of intraarea
routes. Interarea traffic must pass through the backbone or a transit area.
A virtual link cannot be used to connect a remote area to the backbone area through a stub area,
because the transit area cannot be a stub area. Although a remote stub area can be connected to
the backbone area through a standard area, a remote standard area cannot be connected to the
backbone area through a stub area.
A virtual link is not used for connecting to an interface that requires authentication. The following
authentication modes are available with OSPF:
- Null authentication, or no authentication
- Plaintext password authentication
- Message digest authentication
To configure an interface for plaintext password authentication, you should issue the ip ospf
authenticationkey password command and the ip ospf authenticationcommand in interface

Cisco 400-101 Exam
configuration mode. To configure an interface for message digest authentication, you should issue
the ip ospf messagedigestkey key md5 passwordcommand and the ip ospf authentication
messagedigest command in interface configuration mode.
A virtual link cannot be used to connect OSPF areas that are separated by another routing
protocol. When OSPF areas are separated by another routing protocol, you must configure mutual
redistribution between the routing protocols.
A virtual link cannot be used to connect OSPF areas across a Multiprotocol Label Switching
(MPLS) virtual private network (VPN) backbone. When OSPF areas are separated by an MPLS
VPN super backbone, you must configure a sham link.
Reference:
Cisco: OSPF Design Guide
QUESTION NO: 51
You issue the monitor session 2 destination interface FastEthernet1/0 command on SwitchA.
A.
The FastEthernet1/0 interface cannot be a SPAN destination port.
B.
The FastEthernet1/0 interface cannot be a SPAN source port.
C.
The FastEthernet1/0 interface will pass all traffic.
D.
The FastEthernet1/0 interface cannot be overloaded.
E.
The FastEthernet1/0 interface is monitoring two sessions.
Answer: B
Explanation:
The FastEthernet1/0 interface cannot be a Switched Port Analyzer (SPAN) source port if you issue
the monitor session 2 destination interface FastEthernet1/0 command on SwitchA, because the
command configures the FastEthernet1/0 interface as a SPAN destination port. SPAN enables

Cisco 400-101 Exam
you to monitor traffic on a single switch by configuring one or more ports in one or more virtual
LANs (VLANs) on the switch as the source port and a single port on the switch as the destination
port. Traffic that arrives on the source ports is copied to the destination port for analysis.
Source ports can be any port type, including trunk ports and EtherChannels. However, a
destination port cannot be a source port. A destination port can be any physical Ethernet port? it
cannot be an EtherChannel group or a VLAN. A destination port does not participate in Spanning
Tree Protocol (STP), VLAN Trunking Protocol (VTP), Cisco Discovery Protocol (CDP), Dynamic
Trunking Protocol (DTP), Port Aggregation Protocol (PAgP), or Link Aggregation Control Protocol
(LACP).
The FastEthernet1/0 interface will not pass all traffic. When you configure an interface as a SPAN
destination interface, the interface is only required to pass SPAN-related traffic and no longer
behaves as a normal switch port. Therefore, if you were to issue the show interfaces
FastEthernet1/0 command on SwitchA in this scenario, you would see the following partial output:
SwitchA#show interfaces FastEthernet1/0
FastEthernet1/0 is up, line protocol is down (monitoring)
The line protocol is down (monitoring) syntax in the output above indicates that the
FastEthernet1/0 port is a SPAN destination port.
The FastEthernet1/0 interface can be and is a SPAN destination port in this scenario. To configure
the interface as a SPAN source port, you should issue the monitor session 2 source interface
FastEthernet1/0 command. However, a source interface cannot be simultaneously configured as a
destination interface.
The FastEthernet1/0 interface can be overloaded. For example, if the source ports in this scenario
were Gigabit ports, traffic from those ports could be sent to the destination port at a higher rate
than the port could accept. Additionally, heavy VLAN traffic can overload a FastEthernet
destination port.
The FastEthernet1/0 interface is not monitoring two sessions? it is monitoring session 2. Up to 64

SPAN ports can be configured on a switch, but only one SPAN session can send traffic to a
destination interface. You cannot add a second destination interface to a SPAN session, nor can
you configure a destination interface in a second SPAN session.
Reference:
Cisco: Cisco IOS LAN Switching Command Reference: monitor session
Cisco: Cisco IOS LAN Switching Command Reference: monitor session (VLAN)

Cisco 400-101 Exam
QUESTION NO: 52
Which of the following Cisco IOS XE subpackages provides the operating system software for the
route processor? (Select the best answer.)
A.
RPAccess
B.
RPBase
C.
RPControl
D.
RPIOS
E.
ESPBase
F.
SIPBase
G.
SIPSPA
Answer: B
Explanation:
The RPBase Cisco IOS XE subpackage provides the operating system software for the route
processor. A consolidated package is an image that contains multiple subpackage files. Every
consolidated package will contain the following subpackages:
- RPAccess - provides router access software, either with or without cryptologic support
- RPBase - provides the operating system software for the route processor
- RPControl - provides the control plane interface between the IOS software and the platform
- RPIOS - provides the IOS kernel, which stores and runs IOS software features
- ESPBase - provides the Embedded Service Processor (ESP) operating system and control
processes
- SIPBase - controls the Session Initiation Protocol (SIP) operating system and control processes
-SIPSPA - provides the shared port adaptor (SPA) driver and fieldprogrammable device (FPD)
Cisco 400-101 Exam
images
Of these subpackages, only the RPIOS subpackage is always different among consolidated
packages. The RPBase, RPControl, ESPBase, SIPBase, and SIPSPA subpackages are always
the same regardless of the consolidated package. There are two different versions of RPAccess: a
K9 version, which includes cryptographic support, and a nonK9 version, which does not include
cryptographic support.
Optional subpackages are also available. However, optional subpackages are not contained within
consolidated packages; they must be downloaded directly from Cisco.
Reference:
Cisco: Release Notes for Cisco ASR 1000 Series Aggregation Services Routers for Cisco IOS XE
Release 2: Software Packaging on the Cisco ASR 1000 Series Routers
Select the commands on the left, and place them on the right in the order that you should issue
them when configuring Cisco Performance Monitor.
Answer:

Cisco 400-101 Exam
Explanation:
Cisco Performance Monitor enables you to monitor traffic flow information, such as packet count,
byte count, drops, jitter, and roundtrip time (RTT). To configure Cisco Performance Monitor, you
must perform the following tasks:
1. Create a flow record.
2. Configure a flow monitor.
3. Create one or more classes.
4. Create a policy.
Associate the policy with an interface.
First, create a Performance Monitor flow record by issuing the flow record type
performancemonitor command from global configuration mode. The flow record is used to specify
the data that will be collected. To configure the flow record, issue the match and collect
commands.
Next, configure a Performance Monitor flow monitor by issuing the flow monitor type
performancemonitor command from global configuration mode. The flow monitor allows you to
associate a flow record with a flow exporter. A flow exporter is used to send Performance Monitor
data to a remote system.
Third, create one or more classes by issuing the class-map command from global configuration
mode. A Performance Monitor class map is configured like any other class map by issuing match
statements to specify the classification criteria.
Fourth, create a Performance Monitor policy by issuing the policy-map type performancemonitor
command from global configuration mode. A Performance Monitor policy associates a class with a
flow monitor.
Finally, associate the Performance Monitor policy with an interface by issuing the service-policy
type performancemonitor command from interface configuration mode. Issuing this command
Cisco 400-101 Exam
activates the Performance Monitor policy.
Reference:
Cisco: Configuring Performance Monitoring
QUESTION NO: 54
You have issued the following commands on RouterA:
pseudowireclass boson
ip pmtu
RouterA receives a packet that is larger than the path MTU and that has a DF bit set to 1.
Which of the following will RouterA do? (Select 2 choices.)
A.
RouterA will forward the packet.
B.
RouterA will drop the packet.
C.
RouterA will return an ICMP unreachable message to the sender.
D.
RouterA will fragment the packet before L2TP/IP encapsulation occurs.
E.
RouterA will fragment the packet after L2TP/IP encapsulation has occurred.
Answer: B,C
Explanation:
When RouterA receives a packet that is larger than the path maximum transmission unit (MTU)
and that has a Don't Fragment (DF) bit set to 1, RouterA will drop the packet and will return an
Internet Control Message Protocol (ICMP) unreachable message to the sender. The ip pmtu
command enables path MTU discovery (PMTUD) so that fragmentation issues can be avoided on
the service provider backbone.
With PMTUD, the DF bit is copied from the IP header to the Layer 2 encapsulation header. If an IP
Cisco 400-101 Exam
packet is larger than the MTU of any interface on the path, the packet is dropped or fragmented
based on the DF bit. If the DF bit is set to 0, the packet is fragmented before Layer 2 Tunneling
Protocol (L2TP)/IP encapsulation occurs and is then forwarded. If the DF bit is set to 1, the packet
is dropped and the router will return an ICMP unreachable message to the sender.
Reference:
Cisco: Layer 2 Tunnel Protocol Version 3: IP Packet Fragmentation
Cisco: Cisco IOS Wide-Area Networking Command Reference: ip pmtu
Select the ping mpls ipv4 return codes on the left, and drag then to their corresponding definitions
on the right.
Answer:
Explanation:

Cisco 400-101 Exam
The ping mpls ipv4 command can be used to verify Multiprotocol Label Switching (MPLS) label
switched path (LSP) connectivity. The output will display symbolic and numeric return codes. The
following list contains all of the numeric return codes along with their corresponding symbols and
definitions:
A successful MPLS ping will have a return code of 3 and will look similar to the following output:
Reference:
IETF: RFC 4379: Detecting MultiProtocol Label Switched (MPLS) Data Plane Failures
Cisco: MPLS LSP Ping/Traceroute for LDP/TE, and LSP Ping for VCCV: Information Provided by
the Router Processing LSP Ping or LSP Traceroute
Cisco: MPLS OAM Commands: ping mpls ipv4
QUESTION NO: 56
You issue the following commands on a Cisco router:

Cisco 400-101 Exam
RouterA(config)#ipv6 prefixlist bosonrip permit ::/0
RouterA(config)#ipv6 router rip boson
RouterA(configrtr)#distributelist prefixlist bosonrip out FastEthernet0/0
Which of the following statements best describes what will occur? (Select the best answer.)
A.
IPv6 routing updates matching bosonrip will not be advertised.
B.
IPv6 routing updates matching bosonrip and arriving on the FastEthernet0/0 interface will be
accepted.
C.
IPv6 routing updates matching bosonrip and destined for the FastEthernet0/0 interface will be
advertised.
D.
IPv6 routing updates matching bosonrip and destined for the FastEthernet0/0 interface will not be
advertised.
E.
IPv6 routing updates not matching bosonrip will be advertised.
Answer: C
Explanation:
advertised if you issue the following commands on RouterA:
RouterA(config)#ipv6 prefixlist bosonrip permit ::/0
RouterA(configrtr)#distributelist prefixlist bosonrip out FastEthernet0/0
The ipv6 prefixlist bosonrip permit ::/0 command creates an IPv6 prefix list named bosonrip and
configures the prefix list to match any IPv6 prefixes. The distributelist prefixlist command
configures the Routing Information Protocol for IPv6 (RIPv6) process in this scenario to match
IPv6 prefixes destined for the FastEthernet0/0 interface to the IPv6 prefixes that are defined in the
bosonrip list. If the prefixes match, the route is advertised in outgoing routing updates. If the
prefixes do not match, the route is not advertised. The distributelist prefixlist command can also be
used with Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6.

Cisco 400-101 Exam
IPv6 routing updates matching bosonrip and arriving on the FastEthernet0/0 interface will not be
accepted, because prefix lists, like access control lists (ACLs), have an implicit deny rule. To
configure the RIPv6 process to match IPv6 prefixes that are arriving on the FastEthernet0/0
interface, you should issue the distributelist prefixlist command with the in keyword. For example,
in this scenario, you would issue the distributelist prefixlist bosonrip in FastEthernet0/0 command
to match IPv6 prefixes in the bosonrip list that are arriving on the FastEthernet0/0 interface.
Reference:
Cisco: Cisco IOS IPv6 Command Reference: distributelist prefixlist (IPv6 RIP)
QUESTION NO: 57
Which of the following statements are true regarding MTR? (Select 2 choices.)
A.
MTR is supported only on BGP and OSPF.
B.
MTR requires CEF or dCEF.
C.
MTR is supported on IPv4 and IPv6.
D.
MTR is supported by the show ip rpf command.
E.
MTR can be used with DVMRP.
Answer: B,D
Explanation:
MultiTopology Routing (MTR) requires Cisco Express Forwarding (CEF) or distributed CEF
(dCEF), and MTR is supported by the show ip rpf command. MTR enables the use of multiple
logical topologies over a single physical network. Multiple unicast topologies and a separate
multicast topology can be used by MTR.
The show ip rpf command displays information related to Reverse Path Forwarding (RPF) checks
in an IP multicast environment. For routers that support MTR, the RPF Topologyfield has been
added to the show ip rpf command output to indicate which Routing Information Base (RIB)
topology is being used, as shown in the following output:

Cisco 400-101 Exam
MTR supports a variety of routing protocols, including Border Gateway Protocol (BGP), Enhanced
Interior Gateway Routing Protocol (EIGRP), Intermediate SystemtoIntermediate System (ISIS),
and Open Shortest Path First (OSPF). However, MTR supports only IPv4? it does not support
IPv6. MTR cannot be used with Distance Vector Multicast Routing Protocol (DVMRP).
Reference:
Cisco: Multi-Topology Routing
Cisco: Cisco IOS IP Multicast Command Reference: show ip rpf
QUESTION NO: 58
Which of the following EPC configuration commands will capture multicast traffic? (Select the best
answer.)
A.
monitor capture point ip cef boson fastethernet 0/1 out
B.
monitor capture point ip cef boson fastethernet 0/1 in
C.
monitor capture point ip processswitched boson out
D.
monitor capture point ip processswitched boson in
Answer: D
Explanation:
The monitor capture point ip processswitched boson in Embedded Packet Capture (EPC)
configuration command will capture multicast traffic. Cisco IOS EPC is a feature that you can
implement to assist with tracing packets and troubleshooting issues with packet flow in and out of
Cisco devices.
The syntax for the monitor capture point command is monitor capture point {ip | ipv6} {cef
capturepointname interfacename interfacetype {both | in | out} | processswitched
Cisco 400-101 Exam
capturepointname {both | fromus | in | out}}. The cef keyword indicates that Cisco Express
Forwarding (CEF) packets should be captured, and the processswitched keyword indicates that
processswitched packets should be captured. CEF does not support multicast? therefore, neither
the monitor capture point ip cef boson fastethernet 0/1 out command nor the monitor capture point
ip cef boson fastethernet 0/1 in command will capture multicast traffic.
The in keyword of the monitor capture point command indicates that packets should be captured
on ingress, the out keyword indicates that packets should be captured on egress, and the both
keyword indicates that packets should be captured on both ingress and egress. Unicast and
broadcast packets can be captured by EPC on either ingress or egress. Multicast packets can be
captured by EPC only on ingress, not on egress. Therefore, neither the monitor capture point ip
cef boson fastethernet 0/1 out command nor the monitor capture point ip processswitched boson
out command will capture multicast traffic.
To implement Cisco IOS EPC, you must perform the following steps:
1. Create a capture buffer.
2. Create a capture point.
3. Associate the capture point with the capture buffer.
4. Enable the capture point.
To create a capture buffer, you should issue the monitor capture buffer buffername[clear | export
exportlocation | filter accesslist ipaccesslist | limit {allownthpak nthpacket | duration seconds |
packetcount totalpackets | packetspersec packets} | [maxsize elementsize] [size buffersize]
[circular | linear]] command from global configuration mode. The capture buffer contains packet
data and metadata. The packet data does not contain a timestamp indicating when the packet was
added to the buffer? the timestamp is contained within the metadata. In addition, the metadata
contains information regarding the direction of transmission of the packet, the switch path, and the
encapsulation type.
To create a capture point, you should issue the monitor capture point {ip | ipv6} {cef
capturepointname interfacename interfacetype {both | in | out} | processswitched
capturepointname {both | fromus | in | out}} command from global configuration mode. You can
create multiple capture points with unique names and parameters on a single interface? however,
you can associate each capture point with only one capture buffer.
To associate a capture point with a capture buffer, you should issue the monitor capture point
associate capturepointname capturebuffername command from global configuration mode. Each
capture point can be associated with only one capture buffer. Finally, to enable the capture point
so that it can begin to capture packet data, you should issue the monitor capture point start
{capturepointname | all} command.
Reference:
Cisco 400-101 Exam
Cisco: Embedded Packet Capture: Restrictions for Embedded Packet Capture
Cisco: IP Multicast Switching Paths: Cisco Express Forwarding
Cisco: Cisco IOS Embedded Packet Capture Command Reference: monitor capture buffer
QUESTION NO: 59
You want to establish an EtherChannel between SwitchA and SwitchB.
Which of the following modes can you configure on both of the switches to establish the
EtherChannel over PAgP? (Select the best answer.)
A.
on
B.
passive
C.
active
D.
desirable
E.
auto
Answer: D
Explanation:
You can configure both switches to operate in desirable mode to establish the EtherChannel over
Port Aggregation Protocol (PAgP). Alternatively, you can set one switch to auto and the other
switch to desirable.
PAgP is a Ciscoproprietary protocol that groups individual physical PAgPconfigured ports into a
single logical link, called an EtherChannel. The ports that constitute an EtherChannel are grouped
according to various parameters, such as hardware, port, and administrative limitations. Once
PAgP has created an EtherChannel, it adds the EtherChannel to the spanning tree as a single
switch port. Because PAgP is a Cisco-proprietary protocol, it can be used only on Cisco switches.
Link Aggregation Control Protocol (LACP) is a newer, standardsbased alternative to PAgP that is
defined by the Institute of Electrical and Electronics Engineers (IEEE) 802.3ad standard. LACP is
available on switches newer than the Catalyst 2950 switch, which offers only PAgP. Like PAgP,
Cisco 400-101 Exam
LACP identifies neighboring ports and their group capabilities; however, LACP goes further by
assigning roles to the EtherChannel's endpoints. Because LACP is a standardsbased protocol, it
can be used between Cisco and nonCisco switches.
The following table displays the channelgroup configurations that will establish an EtherChannel:
The channelgroup command configures the EtherChannel mode. The syntax of the channelgroup
command is channelgroup number mode {on | active | passive | {auto | desirable} [nonsilent]},
where number is the port channel interface number. The on keyword configures the channel group
to unconditionally create the channel with no LACP or PAgP negotiation.
The active and passive keywords can be used only with LACP. The active keyword configures the
channel group to actively negotiate LACP, and the passive keyword configures the channel group
to listen for LACP negotiation to be offered. Either or both sides of the link must be set to active to
establish an EtherChannel over LACP? setting both sides to passive will not establish an
EtherChannel over LACP.
The auto, desirable, and nonsilent keywords can be used only with PAgP. The desirable keyword
configures the channel group to actively negotiate PAgP, and the autokeyword configures the
channel group to listen for PAgP negotiation to be offered. Either or both sides of the link must be
set to desirable to establish an EtherChannel over PAgP; setting both sides to auto will not
establish an EtherChannel over PAgP. The optional nonsilent keyword requires that a port receive
PAgP packets before the port is added to the channel.
Reference:
140.html#lacp_pagp
2_52_se/command/reference/3750cr/cli1.html#wp11890010

Cisco 400-101 Exam
Drag each of the TLVs on the left protocol that supports it on the right.
Answer:
Explanation:

Cisco 400-101 Exam
Link Layer Discovery Protocol (LLDP) is a Layer 2 open-standard discovery protocol that is used
to facilitate interoperability between Cisco devices and nonCisco devices. LLDP for Media
Endpoint Devices (LLDP-MED) is an extension of LLDP that operates between endpoint devices,
such as a PC or a Voice over IP (VoIP) phone, and vendor-neutral network devices. By contrast,
LLDP does not operate between endpoint devices and network devices? LLDP operates only
between network devices, such as routers, switches, and access servers.
Attributes that can be learned from neighboring devices are contained within type, length, and
value (TLV) descriptions. The following TLVs are supported by LLDP:
- Management address
- Port description
- System capabilities
- System description
- System name
In addition, the following LLDP TLVs are advertised to support LLDP-MED:
- Port VLAN ID
- MAC/PHY configuration status
The following TLVs are supported by LLDP-MED:
- Inventory management
Cisco 400-101 Exam
- LLDPMED capabilities
- Location
- Network policy
- Power management
Reference:
2_55_se/configuration/guide/3560_scg/swlldp.html
QUESTION NO: 61
Which of the following commands configures a router as an AutoRP mapping agent? (Select the
best answer.)
A.
ip pim autorp listener
B.
ip pim send-rp-announce
C.
ip pim send-rp-discovery
D.
ip pim rpaddress
Answer: C
Explanation:
The ip pim sendrpdiscovery command configures a router as an AutoRP mapping agent. AutoRP
dynamically determines the rendezvous point (RP) for a multicast group so that RPs need not be
manually configured. AutoRP uses a mapping agent to learn which routers are advertised as
candidate RPs for each multicast group. The candidate list is then advertised to client routers.
The ip pim rpaddress command does not configure a router as an AutoRP mapping agent? it
statically configures a router with the IP address of an RP. For example, the ip pim rpaddress
10.10.2.2 command configures a router to use the router at 10.10.2.2 as an RP? you do not have
to make any configuration changes to the router at 10.10.2.2 for it to serve as an RP. The ip pim
rpaddress command is required if you implement Protocol Independent Multicast sparse mode
(PIMSM) in a group in which the receivers only support Internet Group Management Protocol
Cisco 400-101 Exam
version 2 (IGMPv2) or if you do not implement a dynamic method of RP discovery, such as
AutoRP, BootStrap Router (BSR), or Source Specific Multicast (SSM). SSM is supported only on
IGMPv3. If you need to implement SSM on a router, you should issue the ip pim ssm command
and the ip igmp version 3 command instead of the ip pim rpaddress command.
The ip pim sendrpannounce command does not configure a router as an AutoRP mapping agent?
it configures a router as an AutoRP candidate RP. Candidate RPs advertise themselves to the
mapping agent, and the mapping agent maps the candidate RPs to multicast groups. If multiple
routers are advertised as candidate RPs for a multicast group, the router with the highest IP
address is used as the RP for that group.
The ip pim autorp listener command does not configure a router as an AutoRP mapping agent? it
configures PIMSM interfaces to use dense mode to flood AutoRP traffic to 224.0.1.39 and
224.0.1.40. AutoRP candidate RPs use multicast address 224.0.1.39 to transmit RPAnnounce
messages, which advertise that a router is eligible to become an RP. AutoRP mapping agents use
multicast address 224.0.1.40 to transmit RPDiscovery messages, which advertise the authoritative
RP for a multicast group.
Reference:
Cisco: IP Multicast Commands: ip pim sendrpdiscovery
Cisco: Configuring IP Multicast Routing: Enabling PIM on an Interface
Cisco: Configuring IP Multicast Routing: IGMP VersionsCategory:
3. Layer 3 Technologies
QUESTION NO: 62

Cisco 400-101 Exam
You administer the network shown in the diagram above. You have issued the appropriate
network commands to configure RIP on all of the routers on the network.
You issue the following commands on RouterE:
RouterE(config)#router rip
RouterE(configrouter)#version 2
RouterE(configrouter)#passive-interface default
RouterE(configrouter)#no passive-interface fa0/0
RouterE(configrouter)#no passive-interface fa0/1
Which of the following statements is accurate? (Select the best answer.)
A.
RouterA will receive a route to the 172.16.0.0/24 network but not to the 192.168.0.0/24 network.
B.
RouterA will receive a route to the 192.168.0.0/24 network but not to the 172.16.0.0/24 network.
C.
RouterA will not receive a route to the 172.16.0.0/24 network or to the 192.168.0.0/24 network.
D.
RouterA will receive a route to the 172.16.0.0/24 network and to the 192.168.0.0/24 network.

Cisco 400-101 Exam
Answer: D
Explanation:
RouterA will receive a route to the 172.16.0.0/24 network and to the 192.168.0.0/24 network. The
router rip command places the router into Routing Information Protocol (RIP) router configuration
mode. The version 2 command specifies that RIP version 2 (RIPv2) is used instead of version 1 to
support classless addressing. The passiveinterface default command turns every interface
configured with RIP on the router into a passive interface. In RIP, a passive interface receives
routing information but does not transmit routing information to neighboring routers. The no
passiveinterface fa0/0command negates the effect of the passiveinterface default command on
interface Fa0/0. The no passiveinterface fa0/0 command enables interface Fa0/0 to transmit and
receive RIP routing information? the no passiveinterface fa0/1 command does the same for
interface Fa0/1. RouterE will receive routing information from its neighboring routers on all of its
interfaces? however, RouterE will not transmit routing information out interface Fa0/2 or interface
Fa0/3, because they remain configured as passive interfaces.
RouterE will receive the route to the 192.168.0.0/24 network from RouterB on interface Fa0/1. This
interface is not a passive interface and allows RouterE to send and receive routing information
normally. RouterE will then advertise the route to the 192.168.0.0/24 network to RouterA.
RouterE will receive the route to the 172.16.0.0/24 network from RouterC on interface Fa0/2. This
interface is a passive interface, and no routing information will be transmitted from RouterE to
RouterC. RouterE will then advertise the route to the 172.16.0.0/24 network to RouterA and
RouterB.
RouterE will receive the route to the 10.0.0.0/24 network from RouterD on interface Fa0/3. This
interface is a passive interface, and no routing information will be transmitted from RouterE to
RouterD. RouterE will then advertise the route to the 10.0.0.0/24 network to RouterA and RouterB.
RouterE sends all of its routing information to RouterA through interface Fa0/0 and to RouterB
through interface Fa0/1. These interfaces are not passive interfaces? they allow RouterE to send
and receive routing information normally. Therefore, RouterA and RouterB will receive a route to
the 172.16.0.0/24 network, the 172.19.0.0/24 network, the 192.168.0.0/24 network, and the
10.0.0.0/24 network from RouterE.
Reference:
Cisco: Filtering Routing Updates on Distance Vector IP Routing Protocols
QUESTION NO: 63

Cisco 400-101 Exam
You have configured an HSRP group for the network shown above. You issue the show running-
config command on R1 and receive the following partial output:
interface FastEthernet0/1
no switchport
ip address 10.10.1.1 255.255.255.0
standby 1 ip 10.10.1.50
standby 1 priority 110
standby 1 preempt delay minimum 50
standby 1 track Serial 0 decrement 15
You issue the show running-config command on R2 and receive the following partial output:
interface FastEthernet0/1

Cisco 400-101 Exam
no switchport
ip address 10.10.1.2 255.255.255.0
standby 1 ip 10.10.1.50
standby 1 track Serial 0
You notice that R2 does not take over the role of the active router when interface Serial 0 on R1
goes down. You want to ensure that R2 will assume the active router role in the event that
interface Serial 0 on R1 goes down again.
Which of the following should you do? (Select the best answer.)
A.
Reconfigure the priority for R1 to make it lower than the priority for router R2.
B.
Reconfigure the priority for R2 to make it higher than the priority for router R1.
C.
Disable preemption on R1.
D.
Enable preemption on R2.
E.
Configure R1 to track its local Serial 1 interface.
F.
Configure R2 to track its local Serial 1 interface.
Answer: D
Explanation:
You should enable preemption on R2 so that it will assume the active router role when interface
Serial 0 on R1 goes down. The Hot Standby Router Protocol (HSRP) preemption feature
configures a router to become the active router when its priority becomes higher than the priority
of all other routers in the HSRP group. However, HSRP preemption is disabled by default.
If two routers have an equal priority value that is the highest of the group, the router with the
highest IP address becomes the active router. Router priorities can be increased or decreased by
using the interface tracking feature. When an interface is being tracked, it has a default priority of
100 unless it is configured with a different priority. Output from the show runningconfig command
shows that R1 has a configured HSRP priority value of 110. R1 is also tracking Serial 0, which is
configured with a priority of 15. When Serial 0 on R1 goes down, the priority for R1 decreases by
15 points, which would make the current priority value for R1 equal to 95.

Cisco 400-101 Exam
The output for R2 does not show a configured HSRP priority value, which means that R2 is
configured with the default HSRP priority value of 100. Because R2 has a higher priority than R1
when Serial 0 on R1 goes down, it would seem likely that R2 should take over the active router
role from R1. However, R1 is still operational, even though its link to the Internet is down. As long
as no other router in the HSRP group has preemption enabled, R1 will not relinquish the active
router role until it fails completely. In its current state, R1 is still working but users will not be able
to access the Internet. To prevent this situation from occurring in the future, you should configure
the preemption feature on R2. By issuing the standby 1 preempt interface configuration command,
you can configure R2 to immediately take over the active router role when its priority value
becomes the highest priority value of the group.
You should not reconfigure the priority for either R1 or R2. Although reconfiguring R1 with a lower
priority than R2 or reconfiguring R2 with a higher priority than R1 could work, reconfiguring the
priority would still require R2 to have preemption enabled if R1 is the current active router.
Additionally, reconfiguring the routers would require continual management and administrative
effort. The HSRP preemption feature was designed to make sure that the router that is best suited
to act as the active router can become the active router when necessary.
The track interface feature allows you to monitor specific interfaces on a router so that HSRP can
automatically recalculate the priority value for the router to make it look more or less desirable as
the active router. Configuring either router to track its local Serial 1 interface does not allow R2 to
take over the active router role. Configuring interface tracking on R1 or R2 could possibly make
the router less desirable as the active router if its Serial 1 interface were to go down. However,
preemption still needs to be configured on R2 if it is to assume the active role from R1.
Reference:
Cisco: Hot Standby Router Protocol Features and Functionality: Preemption
Cisco: Cisco IOS IP Application Services Command Reference: standby preempt
QUESTION NO: 64
Which of the following statements are true regarding PVLAN Edge? (Select 2 choices.)
A.
PVLAN Edge does not provide isolation between ports on different switches.
B.
You can configure a port to be a community port by using PVLAN Edge.
C.
You can configure a port to be an isolated port by using PVLAN Edge.
D.
Cisco 400-101 Exam
You can configure a port to be a promiscuous port by using PVLAN Edge.
E.
You can configure a port to be a protected port by using PVLAN Edge.
F.
You can verify PVLAN Edge port configuration by issuing the show vlan private-vlan command.
Answer: A,E
Explanation:
You can configure a port to be a protected port by using private virtual LAN (PVLAN) Edge? a
protected port is the only type of port that can be configured by using PVLAN Edge. Traffic cannot
be sent between PVLAN Edge protected ports? however, traffic can be sent between a protected
port and an unprotected port. Unlike normal PVLANs, PVLAN Edge does not provide isolation
between ports on different switches.
You can use PVLANs, but not PVLAN Edge, to configure a port to be an isolated, community, or
promiscuous port. Isolated ports can communicate only with promiscuous ports. Community ports
can communicate with promiscuous ports and with other ports that belong to the same community.
Promiscuous ports can communicate with any port within the primary VLAN.
You cannot verify PVLAN Edge port configuration by issuing the show vlan private-vlan command.
The show vlan private-vlan command can be used to indicate whether a port is configured as an
isolated, community, or promiscuous port. To verify PVLAN Edge port configuration, you should
issue the show interfaces switchport command. Ports configured as PVLAN Edge protected ports
will be listed with the line Protected: true in the output of the show interfaces switchport command.
Reference:
https://www.cisco.com/en/US/tech/tk389/tk814/tk841/tsd_technology_support_sub-
protocol_home.html
2_25_see/configuration/guide/scg_1/swtrafc.html#wp1029319
QUESTION NO: 65
You issue the snmpserver host 10.20.30.1 v3 command on a Cisco switch. No previous SNMP
commands have been issued on the switch.
What version of SNMP is enabled? (Select the best answer.)
A.

Cisco 400-101 Exam
SNMPv1
B.
SNMPv2
C.
SNMPv2C
D.
SNMPv3
Answer: A
Explanation:
Simple Network Management Protocol version 1 (SNMPv1) is enabled. When the snmpserver
host command is issued without the version keyword, SNMPv1 is enabled by default. SNMP is
used to remotely monitor and manage network devices.
The basic syntax of the snmpserver host command is snmpserver host {hostname | ipaddress} [vrf
vrfname | informs | traps | version {1 | 2c | 3 [auth | noauth | priv]}] communitystring [udpport port
[notificationtype] | notificationtype]. Therefore, the snmpserver host 10.20.30.1 v3 command
specifies that SNMP notifications should be sent to 10.20.30.1 with the community string v3; this
command does not enable SNMP version 3 (SNMPv3).
To enable SNMP version 2C (SNMPv2C), you should issue the snmpserver hostcommand with
the version 2c keywords. Similarly, to enable SNMPv3, you should issue the snmpserver host
command with the version 3 keywords.
Reference:
Cisco: Cisco IOS IP Switching Command Reference: snmpserver host
QUESTION NO: 66
Which of the following commands configures a hub router to allow spoke routers to register with
the hub as multicast receivers? (Select the best answer.)
A.
ip nhrp group
B.
ip nhrp map

Cisco 400-101 Exam
C.
ip nhrp map group
D.
ip nhrp map multicast
E.
F.
ip nhrp responder
Answer: E
Explanation:
The ip nhrp map multicast dynamic command configures a hub router to allow spoke routers to
register with the hub as multicast receivers. Next Hop Resolution Protocol (NHRP) is used to
create a database of tunnel addresses to real addresses. When a spoke router wants to send a
packet to another spoke router by using an ondemand spoketospoke tunnel, the sending router
queries the NHRP database to determine the receiving router’s dynamic spoke address. The
sending router then creates the ondemand tunnel between the spoke routers.
Spoke routers should not be configured with the ip nhrp map multicast dynamiccommand?
instead, they should be configured with the ip nhrp map multicast ipaddresscommand, where
ipaddress is the physical IP address of the hub router. The ip nhrp map multicast command
enables the spoke router to send broadcast and multicast packets over the tunnel.
The ip nhrp map command configures spoke routers with a static mapping that maps the hub
router's tunnel IP address to the hub router's physical IP address. The syntax of the ip nhrp map
command is ip nhrp map ipaddress nbmaaddress, where ipaddress is the hub router's tunnel IP
address and nbmaaddress is the hub router's physical IP address. Hub routers need not be
configured with the ip nhrp map ipaddress nbmaaddresscommand, because as spoke routers
register with the hub, the mappings are dynamically created.
You should issue the ip nhrp map group command from interface configuration mode to associate
an NHRP group with a Quality of Service (QoS) policy map. However, before you can associate
an NHRP group with a QoS policy map, you must first create the NHRP group by issuing the ip
nhrp group command from interface configuration mode. The following command set creates an
NHRP group named boson and maps the group to a QoS policy map named exsim:
Router(config)#interface Tunnel 0
Router(configif)#ip nhrp group boson
Router(configif)#ip nhrp map group boson servicepolicy output exsim

Cisco 400-101 Exam
The ip nhrp responder command specifies the IP address that the nexthop server should use
when replying to Responder Address queries. The syntax of the ip nhrp respondercommand is ip
nhrp responder interfacetype interfacenumber. The primary IP address of the interface is the IP
address that the nexthop server will use in the NHRP reply.
Reference:
Cisco: Cisco IOS IP Addressing Services Command Reference: ip nhrp map multicast dynamic
QUESTION NO: 67
Which of the following statements are true regarding VLANs 1002 through 1005? (Select 2
choices.)
A.
These VLANs are supported by VTPv2.
B.
These VLANs cannot be pruned by VTP.
C.
These VLANs can be used to send data over Ethernet.
D.
These VLANs are extended-range VLANs.
E.
These VLANs can be deleted.
Answer: A,B
Explanation:
Virtual LANs (VLANs) 1002 through 1005 cannot be pruned by VLAN Trunking Protocol (VTP), but
they are supported by VTP version 2 (VTPv2). VTP is a protocol that is used to manage VLAN
changes and to propagate those changes over trunk ports. VTP reduces the administrative
overhead of maintaining VLANs. When VTP is used, changes regarding VLAN information can be
centrally configured and then propagated by VTP over trunk ports, instead of manually configured
on each device on the network.
VTP pruning restricts VLAN traffic to only the trunk ports that require it. However, VLAN 1 and
VLANs 1002 through 1005 cannot be pruned by VTP, nor can they be deleted. Only VLANs 2
through 1001 are marked as prune-eligible VLANs.
VLANs 1002 through 1005 are normal-range VLANs. Normal-range VLANs are numbered from 1

Cisco 400-101 Exam
through 1005. Extended-range VLANs are numbered from 1006 through 4094. VTPv2 does not
support extended-range VLANs. A switch must either use transparent mode or VTP version 3
(VTPv3) to support extended VLANs. Extended-range VLANs cannot be pruned.
VLANs 1002 through 1005 cannot be used to send data over Ethernet. VLANs 1002 and 1004 are
reserved for Fiber Distributed Data Interface (FDDI). VLANs 1003 and 1005 are reserved for
Token Ring. The following table displays VLANs 1002 through 1005 along with their corresponding
names:
You can see these names when issuing the show vlan command:
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750e_3560e/software/release/12-
2_35_se2/configuration/guide/3750escg/swvtp.html
https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_boo
k/vlans.html
QUESTION NO: 68
A FastEthernet interface with the IP address of 10.10.10.1 is directly connected to your company's
primary link to the Internet. A FastEthernet interface with the IP address of 10.10.11.1 is directly
connected to your company's backup link to the Internet.
You issue the show runningconfig command on RouterA and receive the following partial output:

Cisco 400-101 Exam
ip route 0.0.0.0 0.0.0.0 10.10.10.2
ip route 0.0.0.0 0.0.0.0 10.10.11.2 254
Upstream connectivity fails overnight, causing several critical processes that rely on a connection
to the Internet to fail. The primary interface remains in the up state, and traffic is not automatically
routed through the backup link.
Which of the following technologies could you combine on RouterA to enable the backup link to
automatically become the route to the Internet when the primary link fails? (Select 2 choices.)
A.
object tracking
B.
HSRP link tracking
C.
IP SLA
D.
a third static route with an AD of 253
E.
a third static route with an AD of 255
Answer: A,C
Explanation:
You could combine object tracking and IP Service Level Agreements (IP SLAs) to enable the
Cisco 400-101 Exam
backup link to automatically become the route to the Internet when the primary link fails. In this
scenario, two static routes have been configured on RouterA. The static route to 10.10.10.2 has a
default administrative distance (AD) of 1. The static route to 10.10.11.2 has an assigned AD of
254. Therefore, the router will insert the static route to 10.10.10.2 in the routing table as the
gateway of last resort unless the primary interface is placed into the down or administratively down
state. When that happens, the static route to 10.10.11.2 will be inserted in the routing table as the
gateway of last resort.
However, if connectivity problems upstream from the primary link result in traffic not being routed
to the Internet, the interface on RouterA will never be placed into the down state and the static
route to 10.10.11.2 will not be inserted into the routing table as the best path. By configuring an IP
SLA monitor and assigning it an object tracking number, you could monitor connectivity between
RouterA and a destination host on the Internet. When the IP SLA monitor detects that Internet
connectivity has gone down, the route to 10.10.10.2 will be removed from the routing table and
replaced with the route to 10.10.11.2.
You could not fix the issue by combining Hot Standby Router Protocol (HSRP) with any of the
other technologies in this scenario. HSRP, which uses priority values to help determine which
device should be the active router at a given moment, is typically used when more than one router
or Layer 3 switch is available to act as a gateway. In this scenario, RouterA is your company's sole
connection to the Internet and there is no indication that HSRP or a second router is available.
You could not fix the issue by combining a third static route with any of the other technologies in
this scenario. A third static route with an AD of 253 would not be inserted into the routing table
when the primary Internet connectivity failed unless object tracking and IP SLAs were configured
to make it so. Additionally, a third static route with an AD of 255 would never be inserted into the
routing table, because an AD of 255 causes the router to reject the source of the route.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/dial/configuration/guide/12_2sr/dia_12_2sr_book/dia_rel
_stc_rtg_bckup.html#wp1064228
QUESTION NO: 69
Which of the following DHCP options can be configured to aid in distributing IP addresses to
clients by providing additional information about the relay agent that is processing DHCP
requests? (Select the best answer.)
A.
DHCP option 43
B.
DHCP option 66

Cisco 400-101 Exam
C.
DHCP option 82
D.
DHCP option 150
Answer: C
Explanation:
Dynamic Host Configuration Protocol (DHCP) option 82 aids in distributing IP addresses to clients
by providing additional information about the relay agent that is processing DHCP requests.
Option 82 provides additional security by blocking DHCP requests from untrusted clients; option
82 information in the packet must match before the relay agent will pass the request to the DHCP
server. Additionally, when DHCP snooping and IP Source Guard are enabled, the DHCP server
must support option 82 or client IP addresses will not be assigned. To enable DHCP option 82
data insertion, issue the ip dhcp snooping information option command.
DHCP option 43 cannot be configured to aid in distributing IP addresses to clients by providing

additional information about the relay agent that is processing DHCP requests. Instead, DHCP
option 43 can be configured to aid in the distribution of wireless LAN controller (WLC) IP
addresses to lightweight access points (LAPs). DHCP option 43 is a vendorspecific option that
administrators can configure to distribute vendorspecific information to DHCPenabled network
clients.

additional information about the relay agent that is processing DHCP requests. DHCP option 66
aids in the distribution of Trivia File Transfer Protocol (TFTP) server host names.
additional information about the relay agent that is processing DHCP requests. Similar to DHCP
option 66, DHCP option 150 aids in the distribution of TFTP server information to client computers.
However, by using option 150, administrators can provide the IP address rather than the host
name of the TFTP server.
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter
_010110010.html
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-
2SX/configuration/guide/book/snoodhcp.html#wp1099127

Cisco 400-101 Exam
QUESTION NO: 70
For which of the following applications does Cisco recommend that SSM be used? (Select the
best answer.)
A.
few-to-few applications
B.
one-to-many applications
C.
many-to-one applications
D.
many-to-many applications
Answer: B
Explanation:
Cisco recommends that Source Specific Multicast (SSM) be used for onetomany applications,
which are also called broadcast applications. Onetomany applications include streaming
multimedia and other pushbased applications. Each application must use a separate multicast
group. The Internet Assigned Numbers Authority (IANA) has reserved the IPv4 multicast address
range of 232.0.0.0/8 and the IPv6 multicast address range of FF3x::/32 for use with SSM. When
SSM is used, multicast hosts can specify the source addresses from which they will accept
multicast traffic.
Cisco recommends that Bidirectional Protocol Independent Multicast (bidirPIM) be used for
manytomany applications, such as conferencing and multiplayer gaming. BidirPIM enables
designated forwarder (DF) routers to forward multicast traffic up the shared tree directly to
multicast receivers? the router with the lowest cost to the rendezvous point (RP) is elected as the
DF for that network segment. By contrast, unidirectional PIM implementations, such as PIM sparse
mode (PIMSM), use a designated router (DR), which forwards multicast traffic from the multicast
sources directly to the RP. The RP then sends the multicast traffic down the shared tree. The
router with the highest IP address is elected as the DR for that network segment.
Cisco provides no specific recommendations for fewtofew applications, which are generally used
for publishing. Additionally, Cisco provides no specific recommendations for manytoone
applications, such as online auctions and polling, which involve multiple receivers sending data to
the source.
Reference:
Cisco: Source Specific Multicast: SSM Components
Cisco: Bidirectional PIM Deployment Guide (PDF)

Cisco 400-101 Exam
IETF: RFC 4607: SourceSpecific Multicast for IP: 4.3. Allocation of SourceSpecific Multicast
Addresses
QUESTION NO: 71
You issue the mls ip cef loadsharing full excludeport destination command.
Which of the following ports and addresses are excluded from the CEF load balancing algorithm?
(Select 2 choices.)
A.
only destination Layer 4 ports
B.
source and destination Layer 4 ports
C.
only destination Layer 3 addresses
D.
source and destination Layer 3 addresses
Answer: A,D
Explanation:
Destination Layer 4 ports as well as source and destination Layer 3 addresses are excluded from
the Cisco Express Forwarding (CEF) load balancing algorithm. The syntax of the mls ip cef
loadsharing command is mls ip cef loadsharing [full] [excludeport{destination | source}] [simple].
The excludeport keyword configures CEF to exclude either source or destination Layer 4 ports
from the load balancing algorithm. In addition, the excludeport keyword configures CEF to exclude
both source and destination IP addresses from the load balancing algorithm, regardless of
whether the source or destination keywords are used.
The full keyword configures CEF load balancing to use Layer 3 and Layer 4 information with
multiple adjacencies. The simple keyword configures CEF load balancing to use Layer 3
information without multiple adjacencies. When the full and simple keywords are both used, CEF
load balancing will use Layer 3 and Layer 4 information without multiple adjacencies.
Reference:
Cisco: Cisco IOS IP Switching Command Reference: mls ip cef loadsharing

Cisco 400-101 Exam
QUESTION NO: 72
Which of the following routes from the show ip route command was learned from a Type 3 or Type
4 LSA? (Select the best answer.)
A.
O E1 172.17.1.0/24 [110/74] via 10.1.2.3, 00:00:23, FastEthernet1/0
B.
O 172.17.2.0/24 [110/74] via 10.1.2.3, 00:00:23, FastEthernet1/0
C.
O IA 172.17.3.0/24 [110/74] via 10.1.2.3, 00:00:23, FastEthernet1/0
D.
C 172.17.4.0/24 is directly connected, FastEthernet1/1
E.
S 172.17.5.0/24 is directly connected, FastEthernet0/1
Answer: C
Explanation:
The following route from the show ip route command was learned from a Type 3 or Type 4
linkstate advertisement (LSA):
A routing table entry that begins with O IA indicates an Open Shortest Path First (OSPF) interarea
summary route from a Type 3 or Type 4 LSA. Interarea routes are routes that are advertised
between areas. These routes are not propagated through totally stubby areas.
A routing table entry that begins with O E1 or O E2 indicates an OSPF external summary route
from a Type 5 LSA. Type 5 LSAs are not propagated through stubby areas, notsostubby areas
(NSSAs), or totally stubby areas. By default, routes are redistributed into OSPF as Type 2 external
routes. Type 2 external routes have an external cost metric that remains constant throughout the
autonomous system (AS). Type 1 external routes have a metric that is the sum of the external and
internal costs? this metric increases as the route is propagated throughout the AS.
A routing table entry that begins with O indicates an intraarea route from a Type 1 or Type 2 LSA.
Intraarea routes are advertised within an area. Type 1 and Type 2 LSAs are accepted by all OSPF
area types.

Cisco 400-101 Exam
A routing table entry that begins with C indicates a directly connected route. A routing table entry
that begins with S indicates a static route, which is configured by issuing the ip route command.
Neither of these routes is learned from a Type 3 or Type 4 LSA.
Reference:
Cisco: How OSPF Propagates External Routes into Multiple Areas
QUESTION NO: 73
You administer the network shown in the diagram above. RouterA and RouterB run eBGP and are
forwarding packets normally between the 192.168.100.0/24 and 192.168.200.0/24 networks. You
want to establish load balancing over equalcost paths by connecting the Serial0/1 interfaces of
RouterA and RouterB.
After configuring the Serial0/1 interfaces on each router, you issue the show runningconfig
command on RouterA and receive the following partial output:
Which of the following statements is most accurate? (Select the best answer.)
Cisco 400-101 Exam
A.
No further configuration is necessary.
B.
BGP is unable to load balance over equalcost paths.
C.
You must issue the network command on each router.
D.
You must issue the neighbor nexthopself command and create two static routes on each router.
E.
You must issue the neighbor ebgpmultihop command and create two static routes on each router.
F.
You must issue the neighbor localas command on each router.
Answer: E
Explanation:
You must issue the neighbor ebgp-multihop command and create two static routes on each router.
To enable external Border Gateway Protocol (eBGP) to load balance over equalcost routes, you
must perform the following tasks:
- Configure an IP address for the Loopback0 interface on each router.
- Issue the neighbor address update-source loopback0 command on each router, where address
is the address of the neighbor router.
- Issue the neighbor address ebgp-multihop command on each router, where address is the
address of the neighbor router.
- Create two static routes on each router by issuing the ip route networkaddress subnetmask
{ipaddress | interface} command, where ipaddress is the IP address of the nexthop router and
interface is the exit interface.
According to the output of the show runningconfig command, you have already configured an IP
address for the Loopback0 interface and you have already issued the neighbor address
updatesource loopback0 command. Therefore, you must issue the neighbor ebgpmultihop
command and create two static routes on each router.
To correctly configure RouterA for equalcost load balancing, you must issue the following
commands:
neighbor 10.10.10.2 ebgp-multihop
ip route 10.10.10.2 255.255.255.255 172.16.1.2

Cisco 400-101 Exam
ip route 10.10.10.2 255.255.255.255 172.16.2.2
To correctly configure RouterB, you must issue the following commands:
neighbor 10.10.10.1 ebgp-multihop
ip route 10.10.10.1 255.255.255.255 172.16.1.1
ip route 10.10.10.1 255.255.255.255 172.16.2.1
Instead of using the nexthop IP address with the ip route command, you could use the exit
interface to create the static routes on each router. On RouterA, you would issue the following
commands:
ip route 10.10.10.2 255.255.255.255 s0/0
ip route 10.10.10.2 255.255.255.255 s0/1
On RouterB, you would issue the following commands:
ip route 10.10.10.1 255.255.255.255 s0/0
ip route 10.10.10.1 255.255.255.255 s0/1
You are not required to issue the network command on each router. The output from the show
runningconfig command indicates that the network command has already been issued on
RouterA. Since packets are flowing normally between the two networks, the appropriate network
command has most likely been issued on RouterB.
You are not required to issue the neighbor next-hop-self command. The neighbor nexthopself
command is used to configure a router as the nexthop router for a neighbor or a BGP peer group.
You are not required to issue the neighbor local-as command. The neighbor localas command is
used to cause a router to appear to the neighbor as if it were part of a different autonomous
system (AS) instead of its actual AS. This configuration is often used when merging two networks
together or when a router must advertise a 2byte AS to a neighbor that does not support 4byte
ASes.
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/26634-bgp-
toc.html#ebgpmulithoploadbal

Cisco 400-101 Exam
QUESTION NO: 74
You administer an EIGRP network with a main office and several branch locations. You install
RouterS in a branch location and configure connectivity to RouterMain.
You issue the eigrp stub command on RouterS.
Which of the following statements are true? (Select 2 choices.)
A.
RouterMain will advertise no routes to RouterS.
B.
RouterMain will advertise a summary route to RouterS.
C.
RouterMain will advertise all routes to RouterS.
D.
RouterS will advertise no routes to RouterMain.
E.
RouterS will advertise static and redistributed routes to RouterMain.
F.
RouterS will advertise static and directly connected routes to RouterMain.
G.
RouterS will advertise summary and directly connected routes to RouterMain.
Answer: C,G
Explanation:
RouterMain will advertise all routes to RouterS, and RouterS will advertise summary routes and
directly connected routes to RouterMain. The eigrp stub command configures a router as a stub
router. A hub router detects that a router is a stub router by examining the TypeLengthValue (TLV)
field within Enhanced Interior Gateway Routing Protocol (EIGRP) hello packets sent by the stub
router. The hub router will specify in its neighbor table that the router is a stub router and will no
longer send query packets to that stub router, thereby limiting how far EIGRP queries spread
throughout a network. However, the hub router will continue to advertise all routes to the stub
router.
Stub routers advertise only a specified set of routes. When the eigrp stub command is issued
without parameters, summary routes and directly connected routes are advertised by default. The
following options can be issued with the eigrp stub command:
- receiveonly - configures the router to receive routes but not advertise routes

Cisco 400-101 Exam
- connected - configures the router to advertise directly connected networks
- redistributed - configures the router to advertise routes learned from another protocol
- static - configures the router to advertise static routes
- summary - configures the router to advertise summary routes
- leak-map map-name - configures the router to advertise specific dynamically learned prefixes
With the exception of the receive-only option, all of the options can be included together in the
eigrp stub command. For example, to configure a stub router to advertise connected, static, and
summary routes, you should issue the eigrp stub connected static summary command.
A regular EIGRP route will not be advertised by a stub router to neighbor routers. Regular EIGRP
routes are displayed with a D in the routing table. The following route is a regular EIGRP route:
D 192.168.1.0 [170/2588160] via 10.1.1.2, 0:02:22, Serial0
Routes redistributed into EIGRP are displayed with a D EX in the routing table. The following route
is a redistributed route:
D EX 192.168.1.0 [90/3131514] via 10.1.1.2, 0:02:22, Serial0
Summary routes are displayed with the words is a summary in the routing table and are sourced
from Null0. The following route is a summary route:
D 192.168.1.0/24 is a summary, 00:04:22, Null0
Directly connected networks are displayed with a C in the routing table. The following route is to a
directly connected network:
Static routes are displayed with an S in the routing table. The following route is a static route:
To configure a stub router to not advertise any routes, you should issue the eigrp stub receiveonly
command in router configuration mode. The stub router will continue to receive routes advertised
from neighbor routers.
Reference:
Cisco 400-101 Exam
https://www.cisco.com/en/US/technologies/tk648/tk365/technologies_white_paper0900aecd8023d
f6f.html
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/command/ire-cr-book/ire-
a1.html#wp1217649486
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/command/iri-cr-book/iri-cr-
s1.html#wp2136320492
QUESTION NO: 75
Which of the following OSPFv3 LSAs indicate whether a router is on one end of a virtual link?
A.
Type 1
B.
Type 2
C.
Type 3
D.
Type 4
E.
Type 5
F.
Type 8
G.
Type 9
Answer: A
Explanation:
Open Shortest Path First version 3 (OSPFv3) Type 1 link-state advertisements (LSAs) indicate
whether a router is on one end of a virtual link. Type 1 LSAs, which are called router LSAs,
indicate whether a router is an area border router (ABR) or an autonomous system boundary
router (ASBR). Router LSAs are also used to advertise stub networks. Type 1 LSAs are flooded
only within an area. Unlike OSPF version 2 (OSPFv2) Type 1 LSAs, OSPFv3 Type 1 LSAs do not
carry route prefixes.

Cisco 400-101 Exam
OSPFv3 Type 2 LSAs are network LSAs. Type 2 LSAs indicate the link state and cost information
for all network routers. Unlike OSPFv2 Type 2 LSAs, OSPFv3 Type 2 LSAs do not carry route
prefixes. Only designated routers (DRs) can generate Type 2 LSAs.
OSPFv3 Type 3 LSAs are interareaprefix LSAs for ABRs. Type 3 LSAs are used to advertise
internal networks to other areas. Type 9 LSAs carry IPv6 prefix information, much like OSPFv2
Type 1 and Type 2 LSAs carry IPv4 prefix information.
OSPFv3 Type 4 LSAs are interarearouter LSAs for ASBRs. Type 4 LSAs are used to advertise the
location of an ASBR so that routers can determine the best nexthop path to an external network.
OSPFv3 Type 5 LSAs are autonomous system (AS)external LSAs. Type 5 LSAs are used to
advertise external routes that are redistributed into OSPF.
OSPFv3 Type 8 LSAs are link LSAs. Type 8 LSAs are used to advertise the router's linklocal IPv6
address, prefix, and option information. These LSAs are never flooded outside the local link.
OSPFv3 Type 9 LSAs are intraareaprefix LSAs. Like Type 3 LSAs, Type 9 LSAs also carry IPv6
prefix information.
Reference:
Cisco: Implementing OSPFv3: LSA Types for OSPFv3
QUESTION NO: 76
Which of the following fields in an MPLS label does a Cisco router use to carry the IP precedence
value of a packet? (Select the best answer.)
A.
Label
B.
TC
C.
Bottom-of-Stack
D.
TTL
Answer: B
Explanation:
A Cisco router uses the 3bit Traffic Class (TC) field in a Multiprotocol Label Switching (MPLS)
Cisco 400-101 Exam
label to carry the IP precedence value of a packet. The TC field was formerly designated as the
Experimental (EXP) field in Request for Comments (RFC) 3032. However, RFC 3032 did not
officially designate the use of the EXP field, so some nonCisco routers use this field for other
purposes. RFC 5462 officially renames the EXP field as the TC field and designates it to carry
traffic class information, such as IP precedence values.
A 32bit, or 4byte, MPLS label, sometimes referred to as an MPLS header, is used by label switch
routers (LSRs) to make forwarding decisions. The MPLS label is placed between the Layer 2
header and the Layer 3 header. The structure of an MPLS label is shown below:
The Label field contains a 20bit label value that represents the Forwarding Equivalence Class
(FEC) that forwarding decisions are based on. The FEC is generally associated with a destination
IP network, although it can also be associated with a Layer 2 circuit or a specific classification of
traffic.
The Bottom-of-Stack field, sometimes called the S field or Stack bit, is a 1bit field that indicates
whether the label is the last MPLS label in a packet. A Bottom-of-Stack field set to 0 indicates that
one or more MPLS labels follow this label. A Bottom-of-Stack field set to 1 indicates that this label
is the last label in the packet.
The Time-To-Live (TTL) field is an 8bit field used to control the propagation of MPLS packets.
Thus the TTL field in the MPLS label is similar to the TTL field in an IP header. When an IP packet
enters an MPLS network, the ingress router decrements the IP TTL value by 1 and copies that
value to the MPLS TTL field. Each MPLS router along the path decrements the MPLS TTL field by
1. When the packet reaches the egress router, the MPLS TTL value is decremented by 1 and
copied to the IP TTL field. You can disable MPLS TTL propagation by issuing the no mpls ip
propagate-ttl command. When MPLS TTL propagation is disabled, the MPLS TTL field is set to
255 and decrements as the packet passes through the MPLS network. When the packet reaches
the egress router, the MPLS TTL value is not copied to the IP TTL field.
Reference:
https://www.cisco.com/en/US/tech/tk828/technologies_q_and_a_item09186a00800a43f5.shtml
https://tools.ietf.org/html/rfc5462
QUESTION NO: 77
Which of the following routing protocols support both plaintext and MD5 authentication? (Select 2
Cisco 400-101 Exam
choices.)
A.
BGP
B.
EIGRP
C.
OSPF
D.
RIPv1E.
E.
RIPv2
Answer: C,E
Explanation:
Open Shortest Path First (OSPF) and Routing Information Protocol version 2 (RIPv2) support both
plaintext and Message Digest 5 (MD5) authentication. Routing protocol spoofing can inject false
routes into routing tables, which can influence path selection through a routed network. You can
mitigate routing table modification by implementing routing protocol authentication and filtering.
To ensure that routes are updated securely, you can disable all dynamic routing protocols and use
static routes. However, static routes work well only on small, reliable networks. Static routes are
not scalable, because changes made on one router are not propagated to the other routers on the
network? each router must be modified manually.
Border Gateway Protocol (BGP) and Enhanced Interior Gateway Routing Protocol (EIGRP)
support MD5 authentication? however, they do not support plaintext authentication. RIP version 1
(RIPv1) supports neither plaintext nor MD5 authentication.
Reference:
Cisco: Neighbor Router Authentication: Overview and Guidelines: How Neighbor Authentication
Works
QUESTION NO: 78
Which of the following commands should you issue so that only packets with a TTL count greater
than or equal to 251 are accepted from an eBGP neighbor at 192.168.1.1? (Select the best
Cisco 400-101 Exam
answer.)
A.
neighbor 192.168.1.1 ttlsecurity hops 1
B.
C.
D.
Answer: B
Explanation:
You should issue the neighbor 192.168.1.1 ttlsecurity hops 4 command so that only packets with a
timetolive (TTL) count greater than or equal to 251 are accepted from an external Border Gateway
Protocol (eBGP) neighbor at 192.168.1.1. Normally, eBGP messages are sent with a TTL of 1,
which requires that the eBGP neighbor be directly connected. The neighbor ebgpmultihop
command can be used to allow eBGP connections from neighbors that are several hops away.
However, this feature can be exploited by an attacker masquerading as an eBGP neighbor router.
To mitigate this kind of attack, you can implement BGP TTL security by issuing the neighbor
ttlsecurity command. BGP TTL security inverts the direction in which the TTL is counted. Instead
of the sending router setting the TTL to a value of 1, the sending router sets the TTL to 255 and
the receiving router checks the decremented TTL when the packet is received.
The syntax of the neighbor ttlsecurity command is neighbor ipaddress ttlsecurity hops hopcount.
The hopcount variable should be set to 255 minus the maximum hopcount distance of neighbors.
For example, to allow eBGP messages from a neighbor up to four hops away, you should issue
the neighbor ipaddress ttlsecurity hops 251command.
BGP TTL security is not supported for internal BGP (iBGP) neighbors. In addition, you cannot
configure th neighbor ttlsecurity command for a neighbor that is configured with the neighbor
ebgpmultihop command.
You should not issue the neighbor 192.168.1.1 ttlsecurity hops 1 command. The neighbor
192.168.1.1 ttlsecurity hops 1 command allows only packets with a TTL count greater than or
equal to 254. Because the hopcount variable is set to 1, eBGP messages are allowed only from
directly connected routers.
You should not issue the neighbor 192.168.1.1 ttlsecurity hops 251 command or the neighbor
192.168.1.1 ttlsecurity hops 252 command. These commands will allow packets with a TTL count
greater than or equal to 4 and 3, respectively.
Cisco 400-101 Exam
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/command/irg-cr-book/bgp-
m1.html#wp1050556880
QUESTION NO: 79
You are a network administrator and receive the console message shown above. Port 1/4 has
entered the errdisable state and must be manually re-enabled.
Which of the following features most likely caused the switch port to enter the errdisable state and
send the console message displayed above? (Select the best answer.)
A.
BPDU guard
B.
PortFast
C.
root guard
D.
loop guard
Answer: A
Explanation:
The BPDU guard feature puts a switch port into the errdisable state and generates a console
message when a bridge protocol data unit (BPDU) is received on a switch port that has been
enabled with the BPDU guard feature. BPDU guard can be enabled on access ports that have
been enabled with PortFast to prevent a rogue switch from modifying the Spanning Tree Protocol
(STP) topology. When such a port receives a BPDU, BPDU guard immediately puts that port into
the errdisable state and shuts down the port, thereby ensuring that no other switches are added to
the STP domain. The port must then be manually re-enabled, or it can be recovered automatically
through the errdisable timeout function. BPDU guard should not be enabled on ports that are
connected to other switches. You can enable BPDU guard for the entire switch by issuing the
spanning-tree portfast bpduguard default command in global configuration mode, or you can
enable BPDU guard on a specific port by issuing the spanning-tree bpduguard enable command in

Cisco 400-101 Exam
PortFast is a feature that provides immediate accessibility to the network for ports that are
connected to end devices, such as computers and print devices. Because PortFast immediately
transitions a port to the STP forwarding state, skipping over the listening and learning states, steps
should be taken to ensure that a switch that is inadvertently or intentionally connected to the port
cannot influence the STP topology. Since the ports are not expected to receive BPDUs, they are
not required to listen for BPDUs and learn the network topology. You can enable PortFast for the
entire switch by issuing the spanning-tree portfast default command in global configuration mode,
or you can enable PortFast for specific ports by issuing the spanning-tree portfast command in
The root guard feature, when enabled on a port, prevents superior BPDUs received on a neighbor
switch connected to that port from becoming the root port. If superior BPDUs are received on a
port enabled with root guard, the port enters the rootinconsistent state and no data will flow
through that port until the port stops receiving superior BPDUs. You can enable root guard on
specific ports by issuing the spanningtree guard root command in interface configuration mode.
The loop guard feature prevents nondesignated ports from inadvertently forming Layer 2 switching
loops if the steady flow of BPDUs is interrupted. When the port stops receiving BPDUs, loop guard
puts the port into the loopinconsistent state, which keeps the port in a blocking state. After the port
starts receiving BPDUs again, loop guard enables the port to transition through the normal STP
states. You can enable loop guard for the entire switch by issuing the spanning-tree loopguard
default command in global configuration mode, or you can enable loop guard for specific ports by
issuing the spanning-tree guard loopcommand in interface configuration mode.
Reference:
65.html#topic1
QUESTION NO: 80
Which of the following statements best describes the IEEE 802.1s standard? (Select the best
answer.)
A.
The 802.1s standard always creates a single spanning tree instance for a network.
B.
The 802.1s standard always creates a spanning tree instance for each VLAN.
C.
The 802.1s standard can be used to create a spanning tree instance for each group of VLANs.
D.
The 802.1s standard increases the speed of transitioning a switch port to the forwarding state.

Cisco 400-101 Exam
Answer: C
Explanation:
The Institute of Electrical and Electronics Engineers (IEEE) 802.1s Multiple Spanning Tree (MST)
standard can be used to create a spanning tree instance for each group of virtual LANs (VLANs).
Although MST can be used to define a spanning tree instance for each VLAN, it is best used to
define a spanning tree instance for each set of VLANs along a redundant path. For example, you
could implement MST to create one spanning tree instance for a group of five VLANs and another
spanning tree instance for a group of three VLANs.
The 802.1D Spanning Tree Protocol (STP) standard creates a single spanning tree instance for a
network. STP prevents switching loops on a network. Switches send bridge protocol data units
(BPDUs) to determine the path cost to the root switch. The spanning tree algorithm then uses that
information to determine the best path through the network. A port that creates a redundant path
will be blocked. If the best path becomes unavailable, the network topology will be recalculated
and the redundant port will be unblocked.
The 802.1w Rapid STP (RSTP) standard increases the speed of transitioning a switch port to the
forwarding state. Although enabling MST on a switch also enables RSTP, the 802.1w standard by
itself does not increase a port's transition speed. RSTP is backward compatible with switches that
can use only STP, but the fast convergence benefits provided by RSTP are lost when RSTP
interacts with STP devices.
PerVLAN Spanning Tree Plus (PVST+) always creates a spanning tree instance for each VLAN.
PVST+ is a Ciscoproprietary form of STP. When PVST+ is implemented, 802.1Q encapsulation
must be used. If InterSwitch Link (ISL) encapsulation is used, PVST must be used instead of
PVST+.
Reference:
https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24248-147.html
QUESTION NO: 81
For which of the following reasons would a multicast host send a packet to 224.0.0.2? (Select the
best answer.)
A.
to join a multicast group at 234.19.19.19
B.
to leave a multicast group at 234.19.19.19

Cisco 400-101 Exam
C.
to send a membership query
D.
to reply to a membership query
Answer: B
Explanation:
A multicast host would send a packet to 224.0.0.2 to leave a multicast group, such as
234.19.19.19. Internet Group Management Protocol (IGMP) has three message types: a
membership report message, a membership query message, and a leave group message. When
IGMP version 1 (IGMPv1) is used, hosts leave a multicast group without sending any notification.
When IGMPv2 is used, hosts send a leave group message to 224.0.0.2 when leaving a multicast
group? the 224.0.0.2 multicast address is used to send a message to all multicast-capable routers.
A multicast host would not send a packet to 224.0.0.2 to join a multicast group at 234.19.19.19.
When a host wants to join a multicast group, it sends an IGMP membership report message to
that multicast group IP address. Therefore, a multicast host would send a packet to 234.19.19.19
to join a multicast group at 234.19.19.19. Packets for that multicast group are then sent on that
network segment so that the host can receive the multicast traffic.
A multicast host would not send a packet to 224.0.0.2 to send a membership query. There are two
types of membership queries: general queries and groupspecific queries. General queries are sent
to the 224.0.0.1 all hosts multicast address to determine whether any hosts on that network
segment want to continue to receive multicast packets for any multicast group. Interested hosts
will respond with a membership report message sent to the multicast group. If at least one host
responds with a membership report message, the querier will continue to send those multicast
packets on that network segment. If no host responds to three consecutive membership query
messages, the router will stop forwarding the multicast traffic on that network segment. When
IGMPv2 is used, the Max Response Time field in membership query messages contains a
nonzero value. In IGMPv1 messages, the field is set to a value of 0, which is interpreted to mean
100 deciseconds, or 10 seconds. The IGMPv2 membership query message is the only message
that contains a nonzero value in the Max Response Time field? all other message types set the
field to a value of 0.
Reference:
CCIE Routing and Switching v5.0 Certification Guide, Volume 2, Chapter 7, IGMPv2 Host
Membership Query Functions, pp. 285-286
CCIE Routing and Switching v5.0 Certification Guide, Volume 2, Chapter 7, IGMPv2 Leave Group
and GroupSpecific Query Messages, pp. 289-291

Cisco 400-101 Exam
QUESTION NO: 82
Which of the following DSCP PHBs is designed to be backward compatible with IP precedence
values? (Select the best answer.)
A.
AF
B.
CS
C.
EF
D.
AF, CS, and EF
Answer: B
Explanation:
The Class Selector (CS) Differentiated Services Code Point (DSCP) perhop behaviors (PHBs) are
designed to be backward compatible with IP precedence values. DSCP values are sixbit header
values that identify the Quality of Service (QoS) traffic class that is assigned to the packet. CS
PHBs use the IP precedence value as the first three bits of the DSCP value, and the last three bits
of the DSCP value are set to 0. Packets with higher CS values are given queuing priority over
packets with lower CS values. The following table displays the CS values with their binary values,
decimal values, and IP precedence category names:
The Assured Forwarding (AF) PHBs are not designed to be backward compatible with IP
precedence values. With AF, the first three DSCP bits correspond to the queue class, the fourth
and fifth DSCP bits correspond to the drop priority, and the sixth bit is always set to 0. AF
separates packets into four queue classes and three drop priorities. The AF values are specified in
the format AFxy, where x is the queue class and y is the drop priority. The following table displays
the AF values with their queue classes and drop rates:

Cisco 400-101 Exam
The Expedited Forwarding (EF) PHB is not designed to be backward compatible with IP
precedence values. With EF, the DSCP value is always set to a binary value of 101110, which is
equal to the decimal value 46. A DSCP value of EF indicates a high-priority packet that should be
given queuing priority over other packets but should not be allowed to completely monopolize the
interface. Voice over IP (VoIP) traffic is often assigned a DSCP value of EF.
Reference:
Cisco: Implementing Quality of Service Policies with DSCP: Differentiated Services Code Point
QUESTION NO: 83
Which of the following statements are correct regarding traffic policing? (Select 2 choices.)
A.
Traffic policing buffers excess traffic.
B.
Traffic policing creates queuing delay.
C.
Traffic policing is typically performed at the CE device.
D.
Traffic policing is applied to inbound and outbound traffic.
E.
Traffic policing does not change in response to network conditions.
Answer: D,E
Explanation:
Traffic policing does not change in response to network conditions, and traffic policing is applied to
inbound and outbound traffic. Traffic policing is used to slow down traffic to a value that the
Cisco 400-101 Exam
medium can support, to monitor bandwidth utilization, to enforce bandwidth limitations at the
service provider edge, and to remark traffic that exceeds the Service Level Agreement (SLA).
By contrast, traffic shaping changes in response to network conditions. Traffic shaping is used to
slow down traffic due to congestion, to enforce bandwidth rates, and to send traffic classes at
different rates. Unlike traffic policing, traffic shaping is not applied to both inbound and outbound
traffic? it is applied to only outbound traffic.
Traffic policing does not buffer excess traffic. Instead, excess traffic and out-of-profile packets are
dropped or remarked and transmitted. Therefore, traffic policing does not create queuing delay. By
contrast, traffic shaping buffers excess traffic and out-of-profile packets in memory and drops
traffic only if the queue is full. Because traffic shaping does not remark traffic, it can create
queuing delay, particularly when queues are large and traffic flow is heavy.
Traffic policing is typically performed at the service provider edge, not at the customer edge (CE)
device.
Traffic policing is applied to inbound and outbound traffic on the interface that is connected to the
customer.
By contrast, traffic shaping is typically performed at the CE device. Traffic shaping is applied to
outbound traffic that passes through the interface that is connected to the service provider.
Reference:
https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-
policevsshape.html
QUESTION NO: 84
You want to use MQC to configure an NBARbased QoS policy on a router.
Which of the following commands should you issue to specify the traffic that should be discovered
and classified by NBAR? (Select the best answer.)
A.
match protocol
B.
classmap
C.
policymap

Cisco 400-101 Exam
D.
servicepolicy
E.
ip nbar protocol-discovery
Answer: A
Explanation:
You should issue the match protocol command to specify the traffic that should be discovered and
classified by Network Based Application Recognition (NBAR). NBAR is a Quality of Service (QoS)
feature that provides deep packet inspection for application traffic that flows through a router
interface. You can use the Cisco IOS modular QoS commandline interface (MQC) to configure
NBAR on a router or a switch. Before NBAR can classify any traffic, Cisco Express Forwarding
(CEF) must be enabled on the router. CEF is enabled by default on Cisco routers. If CEF has
been disabled by the no ip cef command, you can reenable CEF by issuing the ip cef command.
There are three mandatory steps in a typical NBAR configuration:
1. Define a class map.
2. Configure a policy map.
3. Attach the policy map to an interface.
The first step in an NBAR configuration is to define a class map, also known as a traffic class. A
class map is used to identify packets based on the parameters that you specify. Packets that
match the parameters are considered to be part of a particular traffic class. You should issue the
classmap command to create a class map and to place the router in classmap configuration mode.
From classmap configuration mode, you can use match protocol statements to identify the traffic
that should be discovered and classified by NBAR. For example, the command set below creates
the class map named secureshell, which identifies incoming Secure Shell (SSH) packets:
Router(config)#class-map secure-shell
Router(config-cmap)#match protocol ssh
Router(config-cmap)#exit
However, if an application or protocol has been configured to use nonstandard port numbers, you
can issue the ip nbar portmap command to modify the NBAR configuration accordingly. For
example, if SSH servers on the network are configured to listen on ports 22 and 2222, you should
issue the ip nbar portmap ssh tcp 22 2222command to modify the default NBAR port mapping for
SSH.
Next, you should issue the policymap command to configure a policy map and to enter policymap
configuration mode. A policy map ties a traffic class to a QoS policy and is used to define actions
Cisco 400-101 Exam
that are performed on packets identified in a particular class map. For example, the command set
below creates a policy map named NBARpolicy and then specifies that any packets identified by
the class map named secureshell should be ratelimited to 128 Kbps:
Router(config)#policy-map NBAR-policy
Router(config-pmap)#class secure-shell
Router(config-pmapc)#bandwidth 128
Router(config-pmapc)#
exitRouter(config-pmap)#exit
Then you should issue the servicepolicy command from interface configuration mode to apply the
QoS policy to a particular interface. A service policy can be applied in either the inbound or the
outbound direction. For example, the command set below applies the service policy named
NBARpolicy to the Serial1/0 interface in the inbound direction:
Router(config)#interface serial 1/0
Router(config-if)#service-policy input NBAR-policy
Router(config-if)#exit
The ip nbar protocol-discovery command can be issued from interface configuration mode to
record traffic statistics based on packet content. Either or both inbound and outbound traffic can
be monitored. To monitor only IPv4 traffic, you should issue the ip nbar protocoldiscovery ipv4
command; to monitor only IPv6 traffic, you should issue the ip nbar protocoldiscovery ipv6
command.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/configuration/15-mt/qos-nbar-15-mt-
book/nbar-mqc.html#GUID-9FEB66A9-F0EE-4408-80B7-C7C258B19CD2
QUESTION NO: 85
Which of the following statements are true regarding 6to4 tunnels? (Select 2 choices.)
A.
6to4 tunnels are point-to-multipoint.
B.
Cisco 400-101 Exam
6to4 tunnels are automatic tunnels.
C.
6to4 tunnels transport IPv4 packets over an IPv6 network.
D.
Cisco recommends using ISATAP tunnels instead of 6to4 tunnels to connect isolated IPv6 sites.
E.
Cisco recommends using IPv4compatible tunnels instead of 6to4 tunnels to connect isolated IPv6
sites.
F.
6to4 tunnels support IPv6 multicasting.
Answer: A,B
Explanation:
6to4 tunnels are automatic point-to-multipoint tunnels. The 6to4 tunneling method is used to
transport IPv6 packets over an IPv4 network, not to transport IPv4 packets over an IPv6 network.
Cisco recommends using 6to4 tunnels when connecting several isolated IPv6 domains over an
IPv4 backbone. Each site must connect to the IPv4 backbone and must have a unique IPv4
address. The IPv6 address for a 6to4 tunnel interface begins with 2002::/16, and the 32 bits
following the 2002::/16 prefix correspond to the unique IPv4 address of the tunnel source.
Because 6to4 tunneling is an automatic tunneling method, you do not have to manually configure
each tunnel destination individually.
6to4 tunnels do not support IPv6 multicasting. If you require support for IPv6 multicasting, you
should use a 6over4 tunnel or a Generic Routing Encapsulation (GRE) tunnel.
Cisco does not recommend using IPv4compatible tunnels instead of 6to4 tunnels to connect
isolated IPv6 sites. Like 6to4 tunnels, IPv4compatible tunnels are automatic pointtomultipoint
tunnels. However, the IPv4compatible tunneling method has been deprecated in favor of the
IntraSite Automatic Tunnel Addressing Protocol (ISATAP) tunneling method.
Cisco does not recommend using ISATAP tunnels instead of 6to4 tunnels to connect isolated IPv6
sites. Like 6to4 tunnels, ISATAP tunnels are automatic pointtomultipoint tunnels. However, Cisco
recommends using ISATAP for encapsulating and tunneling IPv6 packets within a single IPv6 site,
not between isolated IPv6 sites.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_4/interface/configuration/guide/inb_tun.html#wp1045
782

Cisco 400-101 Exam
QUESTION NO: 86
You accidentally configure a GRE tunnel so that the preferred route to its destination interface is
through itself.
Which of the following will you most likely see when troubleshooting this issue? (Select the best
answer.)
A.
a %FORWARDINGIP_TUNNEL3LOOPING error message
B.
a %FORWARDINGIP_TUNNEL3UNSUP_PROTO error message
C.
a %TUN5RECURDOWN error message
D.
the destination interface in the administratively down state
Answer: C
Explanation:
Most likely, you will see a %TUN5RECURDOWN error message on the router when you
accidentally configure a Generic Routing Encapsulation (GRE) tunnel so that the preferred route to
its destination interface is through itself. When you manually configure a GRE tunnel, you must
specify a source point and the destination point at each end of the tunnel. In order for the tunnel to
remain open, the routes to the destination points must be available to the tunnel endpoint routers
outside of the tunnel. If the tunnel endpoint router's preferred route to the tunnel's destination is
through the tunnel itself, recursive routing occurs and errors similar to the following will be
displayed on the router:
*Mar 1 00:26:15.379: %TUN5RECURDOWN: Tunnel0 temporarily disabled due to recursive

routing
*Mar 1 00:26:16.379: %LINEPROTO5UPDOWN: Line protocol on Interface Tunnel0, changed

state to down
Recursive routing can be caused by misconfiguration, such as configuring a routing protocol on

the tunnel that has a higher administrative distance (AD) than other paths to the tunnel destination.
Additionally, recursive routing can be caused by flapping somewhere else on the network.
You will not see a %FORWARDINGIP_TUNNEL3LOOPING error message. This message is

indicative of encapsulation looping, not recursive routing.
You will not see a %FORWARDINGIP_TUNNEL3UNSUP_PROTO error message. This message

is indicative of an unsupported tunneling protocol.
The destination interface will not be in the administratively down state. To place an interface into
Cisco 400-101 Exam
the administratively down state, you should issue the shutdown command in interface
configuration mode.
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-
eigrp/22327-gre-flap.html
QUESTION NO: 87
Which of the following EIGRP commands is the most likely to cause a previously established
adjacency to disappear in a multicast environment? (Select the best answer.)
A.
router eigrp 6
B.
network 10.10.10.0
C.
neighbor 10.10.11.1 FastEthernet 0/0
D.
network 10.10.9.0 0.0.0.3
E.
network 10.10.8.0 255.255.255.252
Answer: C
Explanation:
Of the choices provided, the neighbor 10.10.11.1 FastEthernet 0/0 Enhanced Interior Gateway
Routing Protocol (EIGRP) command is most likely to cause a previously established adjacency to
disappear in a multicast environment. You can issue the neighbor ipaddress interface command in
router configuration mode to manually establish a neighbor relationship between two EIGRP
routers. However, doing so prevents the interface on which the neighbor relationship is
established from sending or receiving multicast packets. Therefore, it is important to understand
the potential effects of the neighbor command on your company's network before you manually
configure an EIGRP neighbor relationship.
The router eigrp 6 command is not likely to cause an adjacency to disappear in a multicast
environment. Issuing the router eigrp processnumber command on a Cisco router creates an
EIGRP routing process and places the router into router configuration mode. From there, you can
issue other commands to configure the behavior of EIGRP and to establish EIGRP relationships

Cisco 400-101 Exam
with other routers.
None of the network commands are more likely than the neighbor command to cause an
adjacency to disappear in a multicast environment. You could cause an adjacency to disappear if
you misconfigured the network address or wildcard mask associated with the network command.
Reference:
Cisco: EIGRP Frequently Asked Questions: Q. What does the neighbor statement in the EIGRP
configuration section do?
QUESTION NO: 88
You issue the show ip route command on RouterA and receive the following partial output:
O 10.20.0.0/28 [110/64] via 192.168.10.1, 00:02:38, Serial0/1
R 10.20.0.0/24 [120/3] via 192.168.10.3, 00:33:38, Serial0/3
D 10.20.0.0/20 [90/2809856] via 192.168.10.4, 00:02:14, Serial0/4
S 10.20.0.0/16 [1/0] via 192.168.10.2
RouterA receives a packet that is destined for 10.20.0.17.
To which nexthop IP address will RouterA send the packet? (Select the best answer.)
A.
192.168.10.1
B.
192.168.10.2
C.
192.168.10.3
D.
192.168.10.4
Answer: C
Explanation:
RouterA will send the packet to the nexthop address 192.168.10.3. RouterA will use the Routing

Cisco 400-101 Exam
Information Protocol (RIP) route, because it is the route with the longest prefix match. When a
packet is sent to a router, the router checks the routing table to see if the nexthop address for the
destination network is known. If multiple routes to a destination are known, the most specific route
is used. Therefore, the following rules apply on RouterA:
- Packets sent to the 10.20.0.0/28 network use the Open Shortest Path First (OSPF) route. This
includes destination addresses from 10.20.0.0 through 10.20.0.15.
- Packets sent to the 10.20.0.0/24 network, except those sent to the 10.20.0.0/28 network, use the
RIP route. This includes destination addresses from 10.20.0.16 through 10.20.0.255.
Enhanced Interior Gateway Routing Protocol (EIGRP) route. This includes destination addresses
from 10.20.1.0 through 10.20.15.255.
static route. This includes destination addresses from 10.20.16.0 through 10.20.255.255.
- Packets sent to any destination not listed in the routing table are forwarded to the default
gateway, if one is configured.
Because the most specific route to 10.20.0.17 is the route toward the 10.20.0.0/24 network,
RouterA will forward a packet destined for 10.20.0.17 to the nexthop address 192.168.10.3
through the Serial0/3 interface.
RouterA will not use the OSPF route to send a packet destined for 10.20.0.17 to the nexthop
address 192.168.10.1, because 10.20.0.17 is outside the 10.20.0.0/28 address range. Packets
destined to addresses within the 10.20.0.0/28 subnet will be sent using the OSPF route to the
nexthop address 192.168.10.1.
RouterA will not use the static route to send a packet destined for 10.20.0.17 to the nexthop
address 192.168.10.2. Although the static route has the lowest AD, AD values are used only to
determine which route is placed in the routing table when multiple routes to a destination are
known. A router considers routes with different prefix lengths as separate routes. If the static route
was configured so that the destination network was 10.20.0.0/24, the static route would be
preferred over the RIP route.
RouterA will not use the EIGRP route to send a packet destined for 10.20.0.17 to the nexthop
address 192.168.10.4. If OSPF, EIGRP, and RIP had all advertised routes to 10.20.0.0/24, the
EIGRP route would have been selected because EIGRP has the lowest AD of the three dynamic
routing protocols. The following list contains the most commonly used ADs:

Cisco 400-101 Exam
Reference:
eigrp/8651-21.html
QUESTION NO: 89
You issue the spanning-tree guard root command on the FastEthernet 0/1 port of a switch.
Which of the following occurs when the FastEthernet 0/1 port receives an inferior BPDU? (Select
the best answer.)
A.
The port becomes the root port.
B.
The port transitions to the errdisable state.
C.
The port continues to be a designated port.
D.
The port transitions to the rootinconsistent state.
Answer: C
Explanation:

Cisco 400-101 Exam
When the FastEthernet 0/1 port receives an inferior bridge protocol data unit (BPDU), the port
continues to be a designated port. The spanningtree guard root command enables root guard on a
port. When root guard is enabled on a port, it prevents a port from becoming a root port? the port
permanently becomes a designated port.
The FastEthernet 0/1 port does not become the root port when it receives an inferior BPDU.
Normally, a port that receives a superior BPDU will become the root port. However, if a port
configured with root guard receives a superior BPDU, the port transitions to the rootinconsistent
state and no data will flow through that port until it stops receiving superior BPDUs. As a result,
root guard can be used to influence the placement of the root bridge on a network by preventing
other switches from propagating superior BPDUs throughout the network and becoming the root
bridge.
The FastEthernet 0/1 port does not transition to the errdisable state when it receives an inferior
BPDU. If BPDU guard were configured on the FastEthernet 0/1 port, the port would transition to
the errdisable state when it received any BPDU, not just inferior BPDUs. BPDU guard defines the
edge of a Spanning Tree Protocol (STP) domain by preventing the advertisement of BPDUs to a
port. When a port that is configured with BPDU guard receives a BPDU, BPDU guard immediately
puts the port into the errdisable state and shuts down the port.
Reference:
CCIE Routing and Switching v5.0 Certification Guide, Volume 1, Chapter 3, Protecting and
Optimizing STP, pp. 148-154
Select the following routes from the left, and drag them to the right, placing them in the order
preferred by a router.

Cisco 400-101 Exam
Answer:
Explanation:

Cisco 400-101 Exam
Route preference is based on the administrative distance (AD) of the connectivity method or
routing protocol used. When multiple routes to a network exist, a router prefers the routing protocol
with the lowest AD. The following list contains the most commonly used ADs:
A directly connected route, which has an AD of 0, is preferred over any other route to the same
network. If a link to a directly connected network goes down, the route with the next lowest AD is
used.
Static routes, which have an AD of 1, are preferred after directly connected routes. You can create
a static route to a network by issuing the ip route command. The basic syntax of the ip route

Cisco 400-101 Exam
command is ip route prefix mask {ipaddress | interface}, where prefix is the network address, mask
is the subnet mask, ipaddress is the IP address of the nexthop router, and interface is the local
interface to which the packets should be sent.
Of the choices available, an internal Enhanced Interior Gateway Routing Protocol (EIGRP) route is
the next most preferred route. Internal EIGRP routes have an AD of 90.
Of the remaining choices, an Open Shortest Path First (OSPF) route is the next most preferred
route. OSPF routes have an AD of 110.
Of the choices available, a Routing Information Protocol (RIP) route is the least preferred route.
RIP routes have an AD of 120.
You can configure the AD of routing protocols by issuing the distance command in router
configuration mode. For example, to change the AD of RIP from 120 to 50, you should issue the
following commands:
RouterA(config)#router rip
RouterA(configrouter)#distance 50
You can view the AD of the best route to a network by issuing the show ip routecommand. The AD
is the first number inside the brackets in the output. For example, the following router output
shows an OSPF route with an AD of 110:
Router#show ip routeGateway of last resort is 10.19.54.20 to network 10.140.0.0
O E2 172.150.0.0 [110/5] via 10.19.54.6, 0:01:00, Ethernet2
Reference:
Cisco: What Is Administrative Distance?
QUESTION NO: 91
Which of the following are ELAN services? (Select 2 choices.)
A.
EMS
B.

Cisco 400-101 Exam
EPL
C.
ERMS
D.
ERS
E.
EWS
Answer: A,C
Explanation:
Ethernet multipoint service (EMS) and Ethernet relay multipoint service (ERMS) are ELAN
services. There are two types of Metro Ethernet services: ELine services and ELAN services.
ELAN services are multipointtomultipoint Ethernet services. ELine services are pointtopoint
Ethernet services. Pointtomultipoint EVCs are not used for Metro Ethernet.
Metro Ethernet services connect geographically disparate networks over a service provider
network. Ethernet virtual connections (EVCs) are created between two User Network Interfaces
(UNIs). An EVC associates two or more UNIs. A UNI is the demarcation point at which the service
provider's responsibility ends and the customer's responsibility begins. Bandwidth profiles can be
established per EVC or per UNI.
An Ethernet private line (EPL) is a pointtopoint portbased ELine service that maps Layer 2 traffic
directly onto a timedivision multiplexing (TDM) circuit. EPL supports alltoone bundling but not
service multiplexing. Generally, if a UNI is configured for service multiplexing, alltoone bundling
must be disabled, and conversely, if a UNI is configured for alltoone bundling, service multiplexing
must be disabled.
Ethernet wire service (EWS) is a pointtopoint portbased ELine service that connects Layer 2
Customer Edge (CE) bridges. EWS typically tunnels traffic through the service provider network
over an 802.1Q or QinQ tunnel.
Ethernet relay service (ERS) is a pointtopoint VLANbased ELine service that connects Layer 3 CE
routers and is typically used as an alternative to Frame Relay or Asynchronous Transfer Mode
(ATM). An ERS is sometimes referred to as an Ethernet virtual private line (EVPL).
EMS is a multipointtomultipoint portbased ELAN service that connects Layer 2 CE bridges. EMS
functions similarly to EWS but allows for multipoint EVCs.
ERMS is a multipointtomultipoint VLANbased ELAN service that connects Layer 3 CE routers.

ERMS functions similarly to ERS but allows for multipoint EVCs.
Reference:
https://www.cisco.com/c/en/us/td/docs/net_mgmt/ip_solution_center/6-

Cisco 400-101 Exam
0/infrastructure/reference/guide/infrastructure/iscglss1.pdf
https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/fulfillment/6-
1/theory/operations/guide/theory/l2ce.html
QUESTION NO: 92
You have just issued the multilink bundle-name authenticated command.
Which of the following statements is true regarding this configuration? (Select the best answer.)
A.
The user name will always be used to create the bundle name.
B.
Both the user name and the endpoint discriminator will be used to create the bundle name.
C.
The user name will be used to create the bundle name only if no endpoint discriminator is
supplied.
D.
The endpoint discriminator will be used to create the bundle name only if the link is not
authenticated.
Answer: D
Explanation:
After you issue the multilink bundle-name authenticated command, the endpoint discriminator will
be used to create the bundle name only if the link is not authenticated. Multilink PointtoPoint
Protocol (MLP) is a variation of PointtoPoint Protocol (PPP) that bundles multiple PPP links
together into a single logical link.
Each MLP bundle is named based on the configuration of the multilink bundle-name command.
The syntax of the multilink bundle-name command is multilink bundlename {authenticated |
endpoint | both}. When the authenticated keyword is used, the authenticated user name of the
client is used to name the MLP bundle. However, if the link is not authenticated, the PPP endpoint
discriminator of the client is used to name the MLP bundle. If the endpoint discriminator is not
supplied, the caller ID is used.
The authenticated keyword is useful when each client has a unique user name. However, if more
than one client uses the same user name, data streams could be erroneously bundled together
and delivered to the wrong device. In these situations, you should issue the multilink bundlename
endpoint command or the multilink bundle-name bothcommand.

Cisco 400-101 Exam
When the endpoint keyword is used, the PPP endpoint discriminator of the client is used to name
the MLP bundle. The endpoint discriminator uniquely identifies the client device. If no endpoint
discriminator is supplied, the authenticated user name of the client is used. If the link is not
authenticated, the caller ID is used.
When the both keyword is used, both the authenticated user name and the PPP endpoint
discriminator are used to name the MLP bundle. If the link is not authenticated, only the endpoint
discriminator is used; if no endpoint discriminator is supplied, only the authenticated user name is
used. If the link is not authenticated and if the endpoint discriminator is not supplied, the caller ID
is used.
Reference:
https://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/10238-mppp-bundle-
name.html#backinfo
QUESTION NO: 93
You issue the following command on a Cisco router: ip route vrf ce1 10.10.10.0 255.255.255.0
172.16.0.1
Upon testing the configuration, you discover that the 172.16.0.1 gateway appears in the global
routing table but not in VRF ce1. Therefore, the static route you have configured is not functioning.
Which of the following could you do to correct the problem? (Select the best answer.)
A.
Reissue the command with the global keyword.
B.
Issue the no form of the command.
C.
Reissue the command with the permanent keyword.
D.
Reissue the command without the vrf keyword.
E.
Reissue the command with the tag keyword.
Answer: A
Explanation:
To ensure that the static route you have configured for the VPN routing and forwarding (VRF)
Cisco 400-101 Exam
table named ce1 becomes functional, you could reissue the ip route vrf ce1 10.10.10.0
255.255.255.0 172.16.0.1 command in this scenario with the globalkeyword. Issuing the ip route
vrf ce1 10.10.10.0 255.255.255.0 172.16.0.1 globalcommand in this scenario would configure VRF
ce1 to use the 172.16.0.1 gateway that is present in the global routing table instead of attempting
to look it up in the VRF ce1 routing table. The global routing table stores paths that can be
accessed by using any of the addresses on the router, not just the addresses associated with a
given VRF.
However, the global keyword applies only to the gateway address in the command, not to the
entire static route. To configure a static route to apply to a given VRF, you should issue the vrf
keyword along with the name of the VRF to which you want the route to apply. In this scenario, the
ip route vrf ce1 10.10.10.0 255.255.255.0 172.16.0.1 command configures a static route for the
VRF named ce1. Static VRF routes that are configured without the global keyword look up routes
by using only the VRF routing table that has been configured for the route.
You do not need to reissue the command with the permanent keyword. The permanentkeyword
ensures that a route will not be removed from the associated VRF table even if the interface
associated with the route is shut down. There are no conditions in this scenario that require you to
issue the command with the permanent keyword.
You do not need to reissue the command with the tag keyword. The tag keyword enables you to
apply route tagging to the static route in the given VRF table. Route tags can be used to apply a
given route map to the route.
You do not need to issue the no form of the command in this scenario. If you were to issue the no
form of the command and did not issue a new command that includes the globalkeyword, the
router would no longer contain the static route configuration you are attempting to apply. Reissuing
the command with the global keyword in this scenario will overwrite the previous version of the
command in the router's running configuration.
Reference:
https://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/24508-
internet-access-mpls-vpn.html#conf
https://www.cisco.com/c/en/us/td/docs/ios/12_2/switch/command/reference/fswtch_r/xrfscmd2.htm
l#wp1029959
QUESTION NO: 94
Which of the following PfR policies best describe the use of a maximum threshold on the amount
of traffic that a specific link is allowed to carry? (Select 2 choices.)
A.
cost policy

Cisco 400-101 Exam
B.
link policy
C.
range policy
D.
traffic load policy
E.
utilization policy
Answer: D,E
Explanation:
A Cisco Performance Routing (PfR) traffic load policy, which is also called a utilization policy,
enables the specification of a maximum threshold on the amount of traffic that a specific link is
allowed to carry.
Therefore, the traffic load policy applies to a specific link, not to all links within a given utilization
percentage.
If either the exit link or the entrance link goes above the threshold, the link is placed into an
outofpolicy (OOP) state. When a link is placed into an OOP state, PfR attempts to locate an
alternate link for the given class of traffic.
A Cisco PfR range policy is used to configure performancebased load sharing across all links
within a given utilization percentage. Cisco PfR enhances traditional routing methods by
dynamically selecting the best path for applications based on network performance, loadbalancing
requirements, or link capacity thresholds. A range policy applies to all links within a given range, or
percentage, of utilization. For example, you can configure a range policy to evenly distribute traffic
over a set of links within a certain percentage of utilization of each other.
A Cisco PfR cost policy enables the configuration of utilization based on the monetary cost of
using a link. For example, a Service Level Agreement (SLA) with an Internet service provider (ISP)
might cause a company to seek the most costeffective utilization of a link through the ISP. There
are several billing calculation models that can be used to implement a Cisco PfR cost policy.
The term link policy is a general term that describes cost policy, range policy, and traffic load
policy. Therefore, of the available choices, link policy is not the best term to describe the use of a
maximum threshold on the amount of traffic that a link is allowed to carry.
Reference:
Cisco: Performance Routing Configuration Guide, Cisco IOS XE Release 3S: Information About
Performance Routing Cost Policies

Cisco 400-101 Exam
QUESTION NO: 95
Which of the following services are not typically provided by a PaaS vendor? (Select the best
answer.)
A.
operating systems
B.
database platforms
C.
software applications
D.
network infrastructure
E.
computing and storage resources
F.
software development platforms
Answer: C
Explanation:
Software applications are not typically provided by a Platform as a Service (PaaS) vendor. A PaaS
vendor provides operating systems, software development platforms, and database platforms, as
well as the underlying network infrastructure and the raw computing and storage resources. PaaS
is often used by companies that want to migrate their application development to a cloudbased
solution. However, a PaaS customer must use whatever software development platform is
supported by the PaaS vendor, so a degree of control and flexibility is lost. The PaaS vendor is
responsible for maintaining the operating systems, software development platforms, and database
platforms, as well as any underlying hardware infrastructure.
An Infrastructure as a Service (IaaS) vendor provides computing and storage resources as well as
the network infrastructure. The customer is responsible for everything else, including operating
systems, software development platforms, database platforms, and software applications. With
IaaS, the customer has a great deal of control and flexibility. However, IaaS places a larger
management burden on the customer than the other cloudbased services do.
A Software as a Service (SaaS) vendor typically provides a complete software application

package to customers. For example, a company might contract with an SaaS vendor to provide
hosted email services. The software application, the operating system on which the application
runs, the hardware on which the operating system runs, and the network infrastructure on which
the hardware communicates are maintained by the SaaS vendor, thereby lowering the
management burden for the customer. Access to the software application is often provided
Cisco 400-101 Exam
through a web browser interface.
Reference:
Cisco: Cloud Computing- A Primer- The Internet Protocol Journal, Volume 12, No.3
Cisco: Planning the Migration of Enterprise Applications to the Cloud (PDF)
Cisco: Cisco Prime Service Catalog OpenShift Integration 1.0, Design and Implementation Guide,
Chapter 1 (PDF)
QUESTION NO: 96
In Cisco ACI, what is a collection of rules and policies that define how endpoints can
communicate? (Select the best answer.)
A.
an ANP
B.
an EPG
C.
a context
D.
a contract
Answer: D
Explanation:
In Cisco Application Centric Infrastructure (ACI), a contract is a collection of rules and policies that
define how endpoints and endpoint groups (EPGs) can communicate. For example, a contract can
be created so that a web server can be accessed only by Hypertext Transfer Protocol (HTTP) or
HTTP Secure (HTTPS).
A context is a collection of VPN routing and forwarding (VRF) instances or IP address spaces.
Each customer, or tenant, can have one or more contexts. Endpoints and EPGs define the
application within each context.
An EPG is a collection of endpoints that provide a similar function, such as an application tier or a
set of services. The endpoints within an EPG are defined by network interface card (NIC), virtual
NIC (vNIC), port group, IP address, or Domain Name System (DNS) name.
An Application Network Profile (ANP) is a collection of EPGs, their connections, and related
Cisco 400-101 Exam
policies. To create an ANP, you should perform the following steps:
1. Create EPGs.
2. Create policies that define connectivity rules.
3. Create contracts between EPGs by applying policies.
Reference:
https://www.cisco.com/c/en/us/products/cloud-systems-management/index.html
QUESTION NO: 97
In a threenode OpenStack architecture, which node or nodes contain Keystone, Glance, and
Neutron Server? (Select the best answer.)
A.
the compute node
B.
the controller node
C.
the network node
D.
the controller node and the compute node
E.
the network node and the compute node
Answer: B
Explanation:
In a three-node OpenStack architecture, the controller node contains Keystone, Glance, and
Neutron Server. OpenStack is an open-source cloud-computing platform. Each OpenStack
modular component is responsible for a particular function, and each component has a code
name. The following list contains several of the most popular OpenStack components:
- Nova - OpenStack Compute: manages pools of computer resources
- Neutron - OpenStack Networking: manages networking and addressing
- Cinder - OpenStack Block Storage: manages blocklevel storage devices

Cisco 400-101 Exam
- Glance - OpenStack Image: manages disk and server images
- Swift - OpenStack Object Storage: manages redundant storage systems
- Keystone - OpenStack Identity: is responsible for authentication
- Horizon - OpenStack Dashboard: provides a graphical user interface (GUI)
- Ceilometer - OpenStack Telemetry: provides counterbased tracking that can be used for
customer usage billing
A three-node OpenStack architecture consists of the controller node, the network node, and the
compute node. The controller node consists of the following services:
- Keystone
- Glance
- Nova Management
- Neutron Server
- Neutron Modular Layer 2 (ML2) PlugIn
- Horizon
- Cinder
- Swift
- Ceilometer Core
The network node consists of several Neutron services:
- Neutron ML2 PlugIn
- Neutron Layer 2 Agent
- Neutron Dynamic Host Configuration Protocol (DHCP) Agent
The compute node consists of the following services:
- Nova Hypervisor
- Kernelbased Virtual Machine (KVM) or Quick Emulator (QEMU)
- Neutron ML2 PlugIn

Cisco 400-101 Exam
- Ceilometer Agent
Reference:
RedHat: OpenStack Installation Guide for Red Hat Enterprise Linux, CentOS, and Fedora: Figure
1.2. Three-node architecture with OpenStack Networking (neutron) (PDF)
QUESTION NO: 98
Which of the following uses YANG as a data modeling language? (Select the best answer.)
A.
KVM
B.
NETCONF
C.
OpenStack
D.
SNMP
Answer: B
Explanation:
Network Configuration Protocol (NETCONF) uses YANG as a data modeling language.

NETCONF, which is described in Request for Comments (RFC) 6241, provides the ability to
automate the configuration of network devices. YANG, which is defined in RFC 6020, is a
hierarchical data modeling language that can model configuration and state data for NETCONF.
OpenStack does not use YANG as a data modeling language. OpenStack is an opensource
cloudcomputing platform. Each OpenStack modular component is responsible for a particular
function, and each component has a code name. The following list contains several of the most
popular OpenStack components:
- Nova - OpenStack Compute: manages pools of computer resources
- Neutron - OpenStack Networking: manages networking and addressing
- Cinder - OpenStack Block Storage: manages block-level storage devices
- Glance - OpenStack Image: manages disk and server images

Cisco 400-101 Exam
- Swift - OpenStack Object Storage: manages redundant storage systems
- Keystone - OpenStack Identity: is responsible for authentication
- Horizon - OpenStack Dashboard: provides a graphical user interface (GUI)
- Ceilometer - OpenStack Telemetry: provides counter-based tracking that can be used for
Simple Network Management Protocol (SNMP) does not use YANG as a data modeling language.
Although SNMP is used to monitor network devices, it is not typically used to manage network
devices. NETCONF was created to address this lack of standardized functionality.
Kernelbased Virtual Machine (KVM) does not use YANG as a data modeling language. KVM is a
virtualization infrastructure that turns the Linux kernel into a Type1 hypervisor. A hypervisor is
used to create and run virtual machines (VMs). A Type1 hypervisor, which is also called a native
hypervisor or a baremetal hypervisor, runs directly on the host computer's hardware. A Type2
hypervisor, which is also called a hosted hypervisor, runs within an operating system on the host
computer.
Reference:
QUESTION NO: 99
Which of the following configuration management tools are aligned more closely with the needs of
system administrators? (Select 2 choices.)
A.
Ansible
B.
Chef
C.
Puppet
D.
Salt
Answer: A,D

Cisco 400-101 Exam
Explanation:
Ansible and Salt are aligned more closely with the needs of system administrators. By contrast,
Puppet and Chef are aligned more closely with the needs of application developers. Puppet, Chef,
Salt, and Ansible are configuration management tools that are used to automate the installation,
configuration, and maintenance of multiple computer systems, including the software that runs on
those systems.
Of the four major configuration management tools, Puppet is the most mature and the most widely
used. Puppet is written in Ruby and operates on Linux distributions, UNIXlike systems, and
Microsoft Windows. Puppet uses a client/server architecture? managed nodes running the Puppet
Agent application can receive configurations from a master server running Puppet Server.
Modules are written in Ruby or by using a Rubylike Puppet language.
Like Puppet, Chef is written in Ruby and operates on Linux distributions, UNIXlike systems, and
Microsoft Windows. Chef can use a client/server architecture or a standalone client configuration.
Configuration information is contained within cookbooks that are written in Ruby and are stored on
a Chef Server.
Managed nodes running the Chef Client can pull cookbooks from the server. Standalone clients
that do not have access to a server can run chefsolo and pull cookbooks from a local directory or
from a tar.gz archive on the Internet.
Salt also operates on Linux distributions, UNIXlike systems, and Microsoft Windows. However,
Salt is written in Python, not Ruby. Salt can use a client/server architecture by installing Salt
master software on the server and Salt minion software on managed nodes. Masters and minions
communicate by using ZeroMQ. Salt can also be used without installing Salt minion software by
using Salt Secure Shell (SSH). However, Salt SSH is much slower than ZeroMQ. Configuration
information is stored primarily in state modules that are typically written in YAML? however,
Python or Python Domain Specific Language (PyDSL) can also be used for complex configuration
scripts.
Like Salt, Ansible is written in Python and operates on Linux distributions, UNIXlike systems, and
Microsoft
Windows. However, unlike the other configuration management software packages, Ansible does
not use agent software on managed nodes. Configurations are stored on the Ansible server in
playbooks that are written in YAML. Managed nodes can download scripted modules from an
Ansible server by using SSH.
Reference:
https://www.infoworld.com/article/2609482/data-center/data-center-review-puppet-vs-chef-vs-
ansible-vs-salt.html?page=4

Cisco 400-101 Exam
QUESTION NO: 100
Which of the following configuration management tools does not use client agent software on
managed nodes? (Select the best answer.)
A.
Ansible
B.
Chef
C.
Puppet
D.
Salt
Answer: A
Explanation:
Ansible does not use client agent software on managed nodes. By contrast, Puppet and Chef
require client agent software on managed nodes. Salt nodes can use client agent software but do
not require it. Puppet, Chef, Salt, and Ansible are configuration management tools that are used to
automate the installation, configuration, and maintenance of multiple computer systems, including
the software that runs on those systems.
used.
Puppet is written in Ruby and operates on Linux distributions, UNIX-like systems, and Microsoft
Windows. Puppet uses a client/server architecture; managed nodes running the Puppet Agent
application can receive configurations from a master server running Puppet Server. Modules are
written in Ruby or by using a Ruby-like Puppet language.
Like Puppet, Chef is written in Ruby and operates on Linux distributions, UNIX-like systems, and
a Chef Server. Managed nodes running the Chef Client can pull cookbooks from the server.
Standalone clients that do not have access to a server can run chef-solo and pull cookbooks from
a local directory or from a tar.gz archive on the Internet.
Salt also operates on Linux distributions, UNIXlike systems, and Microsoft Windows. However,
Salt is written in Python, not Ruby. Salt can use a client/server architecture by installing Salt
master software on the server and Salt minion software on managed nodes. Masters and minions
communicate by using ZeroMQ. Salt can also be used without installing Salt minion software by
using Salt Secure Shell (SSH). However, Salt SSH is much slower than ZeroMQ. Configuration
information is stored primarily in state modules that are typically written in YAML? however,
Python or Python Domain Specific Language (PyDSL) can also be used for complex configuration
Cisco 400-101 Exam
scripts.
Microsoft Windows. Configurations are stored on the Ansible server in playbooks that are written
in YAML. Managed nodes can download scripted modules from an Ansible server by using SSH.
Reference:
https://www.ansible.com/configuration-management
QUESTION NO: 101
Which of the following messages are sent using multicast addresses 224.0.1.39 and 224.0.1.40?
A.
BSR messages
B.
Auto-RP messages
C.
PIMv2 messages
D.
PIMv1 messages
Answer: B
Explanation:
AutoRP messages are sent using multicast addresses 224.0.1.39 and 224.0.1.40. AutoRP
dynamically determines the rendezvous point (RP) for a multicast group so that RPs need not be
manually configured. The multicast address 224.0.1.39 is used for RPAnnounce messages, which
are sent by candidate RPs to advertise their eligibility to become an RP. The RPAnnounce
messages are received by the mapping agent, which maps the candidate RPs to multicast groups.
If multiple routers are advertised as candidate RPs for a multicast group, the router with the
highest IP address is used as the RP for that group. The multicast address 224.0.1.40 is used for
RPDiscovery messages, which are sent by mapping agents to advertise the authoritative RP for a
multicast group.
Protocol Independent Multicast version 1 (PIMv1) messages are sent using multicast address

Cisco 400-101 Exam
224.0.0.2. The multicast address 224.0.0.2 is the allrouters address. The allrouters address is also
used by Internet Group Management Protocol (IGMP).
PIMv2 messages are sent using multicast address 224.0.0.13. The multicast address 224.0.0.13
is the allPIMrouters address. This address is used by PIMv2 to send status messages, such as
hello messages, prune messages, and assert messages. The allPIMrouters address is also used
to send Bootstrap Router (BSR) messages. Like AutoRP, the BSR feature dynamically assigns
RPs to multicast groups. However, BSR can be used only by PIMv2? it cannot be used by PIMv1.
Other PIMv2 message types include the Register message, the RegisterStop message, and the
Join/Prune message.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/ip_multicast/White_papers/rps.html#wp1
029236
QUESTION NO: 102
RouterA receives routes to the following overlapping networks:
192.168.1.0/24
192.168.1.0/25
192.168.1.0/26
192.168.1.0/28
Each of the routes is received from a different routing protocol.
Which of the following routes will RouterA install in the routing table? (Select the best answer.)
A.
the route with the longest prefix match
B.
the route with the shortest prefix match
C.
the route with the highest AD
D.
the route with the lowest AD
E.
Cisco 400-101 Exam
all of the routes
Answer: E
Explanation:
RouterA will install all of the routes in the routing table. When multiple routes to overlapping
networks exist, a router will prefer the most specific route, which is the route with the longest prefix
match. For example, if RouterA receives a packet to 192.168.1.4, it will send the packet to the
192.168.1.0/28 route? if RouterA receives a packet to 192.168.1.20, it will send the packet to the
192.168.1.0/26 route. RouterA will not install only the route with the longest or shortest prefix
match.
RouterA will not install only the route with the highest or lowest administrative distance (AD),
because the routes target separate destination networks. When multiple routes to the same
destination network exist and each route uses a different routing protocol, a router prefers the
routing protocol with the lowest AD. The following list contains the most commonly used ADs:
ADs for a routing protocol can be manually configured by issuing the distance command in router
configuration mode. For example, to change the AD of Routing Information Protocol (RIP) from
120 to 50, you should issue the following commands:
Reference:
eigrp/8651-21.html
Cisco 400-101 Exam
QUESTION NO: 103
Which of the following commands can you issue to limit EIGRP queries? (Select 2 choices.)
eigrp stub
A.
router eigrp as-number
B.
ip summary-address eigrp as-number address mask
C.
ip hello-interval eigrp as-number seconds
D.
ip hold-time eigrp as-number seconds
Answer: A,C
Explanation:
You can issue the eigrp stub command or the ip summary-address eigrp as-number address mask
command to limit Enhanced Interior Gateway Routing Protocol (EIGRP) queries. Query packets
are sent to find feasible successors to a destination network. When a router does not have a
feasible successor, it floods query packets to its neighbors. If a neighbor has a route to the
destination network, it replies with the route. However, if a neighbor does not have a route to the
destination network, it queries its neighbors, those neighbors query their neighbors, and so on.
This process continues until either a router replies with the route or there are no routers left to
query. The network cannot converge until all the replies have been received, which can cause a
router to become stuck in active (SIA).
Limiting EIGRP queries prevents queries from consuming bandwidth and processor resources and
prevents routers from becoming SIA. You can display which routers have not yet replied to a query
by issuing the show ip eigrp topology active command, as shown in the following output:
The eigrp stub command limits EIGRP queries by creating a stub router. Stub routers advertise
only a specified set of routes and therefore typically need only a default route from the hub router.
Cisco 400-101 Exam
A hub router detects that a router is a stub router by examining the TypeLengthValue (TLV) field
within EIGRP hello packets sent by the router. The hub router will specify in its neighbor table that
the router is a stub router and will no longer send query packets to that stub router, thereby limiting
how far EIGRP queries spread throughout a network.
The ip summaryaddress eigrp asnumber address mask command limits EIGRP queries by
configuring route summarization. If a neighbor router has a summarized route but does not have
the specific route to the destination network in the query, the neighbor router will reply that it does
not have a route to the destination network and will not query its neighbors. Thus route
summarization creates a query boundary that prevents queries from propagating throughout the
network.
You cannot limit EIGRP queries by issuing the router eigrp asnumber command, which is used to
create an EIGRP process for an autonomous system (AS). Queries are sent from neighbor to
neighbor throughout a network, even from one AS to another. Therefore, creating a separate AS
will not limit EIGRP queries.
You cannot limit EIGRP queries by issuing the ip hellointerval eigrp asnumber seconds command,
which is used to adjust the hello timer interval. By default, the hello timer is set to five seconds on
high-bandwidth links and 60 seconds on low-bandwidth multipoint links slower than 1.544 Mbps.
You cannot limit EIGRP queries by issuing the ip holdtime eigrp asnumber seconds command,
which is used to adjust the hold timer interval. The hold timer is set to three times the hello timer
value by default. Therefore, the hold timer is typically set to 15 seconds on high-bandwidth links
and 180 seconds on low-bandwidth multipoint links. If you adjust the hello timer values, you must
also adjust the hold timer values because they are not adjusted automatically.
Reference:
f6f.html
QUESTION NO: 104

Cisco 400-101 Exam
You administer the networks shown above. RouterA is connected to network A, RouterB is
connected to network B, and so on. RouterB and RouterD are iBGP peers of RouterC? RouterE
and RouterF are eBGP peers of RouterC. RouterA and RouterC are OSPF neighbors.
RouterC, which is not configured as a route reflector, receives routes from all of the other routers
on the network. You have issued the network command on each router to advertise their
respective networks. You have also issued the redistribute command on RouterC to redistribute
the OSPF routes from RouterA into BGP.
RouterC will advertise to RouterD routes to which of the following networks? (Select the best
answer.)
A.
only networks B and C
B.
only networks A and C
C.
only networks A, B, and C
D.
only networks C, E, and F

Cisco 400-101 Exam
E.
only networks A, C, E, and F
F.
networks A, B, C, D, E, and F
Answer: E
Explanation:
RouterC will advertise only networks A, C, E, and F to RouterD. RouterC and RouterD are internal
Border Gateway Protocol (iBGP) peers, which are Border Gateway Protocol (BGP) routers that
exist within the same autonomous system (AS). The BGP split horizon rule states that routes
learned through iBGP are not advertised to iBGP peers. Therefore, only routes learned through
external BGP (eBGP), routes learned through redistribution, and routes originated by a network
statement are advertised to iBGP peers. In this scenario, the routes to networks E and F are
learned through eBGP, the route to network A is learned through redistribution, and the route to
network C originated on RouterC.
RouterC will not advertise network B to RouterD, because RouterC learned of network B through
an iBGP peer, RouterB. Because iBGP routes are not advertised to iBGP peers, one of the
following actions must be taken to enable routers running iBGP to communicate:
- Configure a full mesh.
- Configure a confederation.
- Configure a route reflector.
A full-mesh configuration enables each router to learn each iBGP route independently without
passing through a neighbor. However, a full-mesh configuration requires the most administrative
effort to configure.
A confederation enables an AS to be divided into discrete units, each of which acts like a separate
AS. Within each confederation, the routers must be fully meshed unless a route reflector is
established. A route reflector can be used to pass iBGP routes between iBGP routers, which
would eliminate the need for a full-mesh configuration. However, it is important to note that route
reflectors advertise best paths only to route reflector clients. Additionally, if multiple paths exist, a
route reflector will always advertise the exit point that is closest to the route reflector.
RouterC will not advertise network D to RouterD. When RouterD advertises network D to RouterC,
RouterD adds the AS number to the AS_PATH. Routes with an AS_PATH that contains the AS
number of a BGP peer are not advertised back to that peer. The AS_PATH attribute contains all of
the AS numbers that a packet must traverse to reach a destination network. If a BGP router
receives an advertised route that contains its own AS number, the route is ignored, thereby
preventing routing loops.

Cisco 400-101 Exam
Reference:
toc.html#ibgp
toc.html#aspathattribute
A switch will select the root port based on attributes that it receives in BPDUs. Drag the attributes
on the left to the correct order in which they are considered by the STP root port selection process.
Fill all boxes.
Answer:

Cisco 400-101 Exam
Explanation:
The root port on a switch is the port that receives the best Spanning Tree Protocol (STP) bridge
protocol data unit (BPDU), which indicates the best path to the root bridge based on the best root
port cost. A root port is always in the forwarding state. Because there is only one best path to the
root bridge, a switch cannot have more than one root port.
The root bridge sends BPDUs every two seconds by default. When a switch receives a BPDU, the
receiving switch modifies the forwarding switch's bridge ID, port priority, port number, and cost to
reach the root bridge before forwarding the BPDU to neighboring switches. The interface that
receives the hello packet with the lowest path cost will become the root port. When a switch
receives multiple BPDUs with the same path cost, it will choose the interface connected to the
forwarding switch with the lowest bridge ID. When multiple equal-cost paths to a forwarding switch
exist, the receiving switch will choose the lowest port priority of the forwarding switch. If all port
priorities are equal, the receiving switch will choose the lowest port number of the forwarding
switch.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960xr/software/15-
0_2_EX1/layer2/configuration_guide/b_lay2_152ex1_2960-xr_cg/b_lay2_152ex1_2960-
xr_cg_chapter_010.html#ID92
QUESTION NO: 106
Which of the following terms refers to a congestion avoidance mechanism? (Select the best
answer.)
A.
tail drop
B.
global synchronization
C.
Cisco 400-101 Exam
queuing
D.
TCP starvation
Answer: A
Explanation:
Tail drop is the default congestion avoidance mechanism on Cisco routers. Interface congestion
occurs when a router receives packets faster than it can send them. When congestion exists, the
excess packets are stored in a queue until the interface can transmit them. When the queue
becomes full, the router drops all packets on the congested interface until there is room in the
queue. This method of discarding packets is referred to as the tail drop mechanism. As the router
drops packets, each sending device detects the packet loss and reduces its transmission rate,
thereby reducing the congestion on the interface. This behavior is a feature of Transmission
Control Protocol (TCP), which was designed to adjust transmit rates based on network conditions.
However, because the tail drop mechanism does not differentiate between highpriority and
lowpriority packets, all packets are dropped without regard to priority. Additionally, because the tail
drop mechanism does not differentiate between packet flows, all TCP sessions are affected.
Global synchronization is a phenomenon associated with the tail drop mechanism. Because the
tail drop mechanism discards packets for all TCP sessions, all sending devices reduce their
transmission rates in unison. This behavior typically results in a lull in network traffic, causing the
receiving router's interface to be underutilized. Then, as each TCP session attempts to maximize
its transmission window, the interface rapidly becomes congested again, causing the router to tail
drop packets. This cycle is referred to as global synchronization.
Queuing is a method of congestion management, not congestion avoidance. Every physical

interface on a router has a hardware queue and a software queue. The hardware queue is always
a first-in-first-out (FIFO) queue and has limited configuration options. The software queue can be
configured for one of various queuing methods, such as weighted fair queuing (WFQ) or low
latency queuing (LLQ).
TCP starvation is a phenomenon that occurs when TCP traffic is dominated by nonTCP traffic on
an interface. Because nonTCP traffic, such as User Datagram Protocol (UDP) traffic, is not aware
of packet loss due to congestion control mechanisms, devices sending nonTCP traffic might not
reduce their transmission rates. This behavior causes the nonTCP traffic to dominate the queue
and prevent TCP traffic from resuming a normal flow. To mitigate TCP starvation, you should
avoid mixing TCP and UDP traffic in the same traffic class.
Reference:
https://search.cisco.com/search?query=Cisco%20IOS%20Quality%20of%20Service%20Configura
tion%20Guide&locale=enUS&tab=Cisco

Cisco 400-101 Exam
QUESTION NO: 107
Which of the following terms best describe the origin, ASpath, and next hop BGP attributes?
(Select 2 choices.)
A.
optional
B.
mandatory
C.
discretionary
D.
transitive
E.
nontransitive
F.
well-known
Answer: B,F
Explanation:
The origin, AS-path, and next hop Border Gateway Protocol (BGP) attributes are best described
as well-known, mandatory BGP path attributes. Internet Engineering Task Force (IETF)standard
BGP path attributes can be broken down into the following categories:
Support for optional BGP path attributes is not required of any BGP implementation. However,
optional attributes must still be handled by BGP in either a transitive or nontransitive fashion.
Optional, transitive path attributes are passed to BGP peers regardless of whether support for the
attribute is available. Aggregator and community are both optional, transitive BGP attributes.
Optional, nontransitive BGP attributes are silently discarded if support for the attribute is not
available. Cluster list, originator ID, and multi-exit discriminator (MED) are optional, nontransitive
BGP attributes.
Well-known BGP attributes are required path attributes that must be supported by every BGP
implementation. Well-known, mandatory attributes must be sent in every BGP update message.
Well-known, discretionary attributes, on the other hand, are only included in BGP update
messages under specific sets of circumstances. Atomic aggregate and local preference are both
Cisco 400-101 Exam
well-known, discretionary BGP attributes.
Reference:
https://tools.ietf.org/html/rfc4271#section-5
QUESTION NO: 108
Which of the following statements are true regarding RADIUS? (Select 2 choices.)
A.
RADIUS is an IETF standard protocol.
B.
RADIUS uses TCP port 49.
C.
RADIUS encrypts the entire packet during transmission.
D.
RADIUS combines authentication and authorization into a single function.
E.
RADIUS provides more flexible security options than TACACS+.
Answer: A,D
Explanation:
Of the choices available, Remote Authentication DialIn User Service (RADIUS) is an Internet
Engineering Task Force (IETF) standard protocol and combines authentication and authorization
into a single function. RADIUS is an Authentication, Authorization, and Accounting (AAA) protocol
that can be used for controlling access to a router or switch. Although RADIUS does not encrypt
the entire contents of a packet, it does provide some security by encrypting the password in an
AccessRequest packet. By contrast, Terminal Access Controller Access Control System Plus
(TACACS+) encrypts the entire packet.
RADIUS is limited by the fact that authorization and authentication are combined into a single
function. By contrast, TACACS+ separates authorization, authentication, and accounting
functions, which provides TACACS+ with more flexible security options for controlling access to
configuration commands.
RADIUS uses User Datagram Protocol (UDP), not Transmission Control Protocol (TCP), for
packet delivery. By contrast, TACACS+ uses TCP on port 49 for data delivery.

Cisco 400-101 Exam
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-
radius/13838-10.html#comparing
QUESTION NO: 109
You issue the following commands on the routers on your network:
RouterMain(config)#username Router1 password Boson
RouterMain(config)#interface s0/1
RouterMain(configif)#encapsulation ppp
RouterMain(configif)#ppp authentication chap
RouterMain(configif)#exit
RouterMain(configif)#exit
Router1(config)#username routermain password boson
Router1(config)#interface s0/1
Router1(configif)#encapsulation ppp
Router1(configif)#ppp authentication chap
Router2(config)#username RouterMain password Boson
Cisco 400-101 Exam
Router3(config)#username RouterMain password boson
Which of the following routers will be able to connect successfully to RouterMain? (Select the best
answer.)
A.
Router1
B.
Router2
C.
Router3
D.
Router1 and Router2
E.
Router2 and Router3
F.
Router1 and Router3
G.
Router1, Router2, and Router3
Answer: B
Explanation:
Only Router2 will be able to connect successfully to RouterMain. The syntax of the username
command is username hostname password password. By default, the hostname parameter is the
host name configured in the hostname command of the peer router. However, you can use the
ppp chap hostname command to specify a separate host name that is used only for Challenge
Handshake Authentication Protocol (CHAP) authentication. Since the ppp chap hostname
command has not been issued on the routers in this scenario, the host name that should be
specified in the username command is the normal host name for each router.
Router1 will not be able to connect successfully to RouterMain, because the host name and
Cisco 400-101 Exam
password are specified incorrectly in the username command on Router1. The host name and
password specified in the username command are case-sensitive. Therefore, the host name
"routermain" does not match the host name "RouterMain", and the password "boson" does not
match the password "Boson". To enable Router1 to connect, you should issue the username
RouterMain password Boson command.
Router3 will not be able to connect successfully to RouterMain. Although the host name is
specified correctly in the username command on Router3, the password is specified incorrectly?
the password "boson" does not match the password "Boson". To enable Router3 to connect, you
should issue the username RouterMain password Boson command.
Reference:
https://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/25647-understanding-
ppp-chap.html
QUESTION NO: 110
Which of the following statements are true regarding OSPFv3? (Select 3 choices.)
A.
OSPFv3 does not support IPv6.
B.
Enabling OSPFv3 on an interface enables the OSPFv3 routing process on the router.
C.
Network addresses are included in the OSPFv3 process when the network command is issued.
D.
OSPFv3 sends hello messages and LSAs over multicast addresses 224.0.0.5 and 224.0.0.6.
E.
The BDR is elected before the DR is elected.
F.
OSPFv3 uses MD5 to secure communication.
G.
OSPFv3 supports multiple instances on a single link.
Answer: B,E,G
Explanation:
Enabling Open Shortest Path First version 3 (OSPFv3) on an interface enables the OSPFv3
Cisco 400-101 Exam
routing process on the router. Additionally, the backup designated router (BDR) is elected before
the designated router (DR) is elected. Finally, OSPFv3 supports multiple instances on a link. To
enable OSPFv3 on an interface, you should issue the ipv6 ospf processid area areaid command in
interface configuration mode. To enter router configuration mode for OSPFv3, you should issue
the ipv6 router ospf processid command or the router ospfv3 [processid] command in global
configuration mode.
The DR and BDR election process for OSPFv3 multiaccess segments is handled the same way as
it is handled in OSPFv2: the BDR is elected first, and then the DR is elected. The router with the
highest priority, as long as it has not already declared itself as the DR, becomes the BDR. Of
those routers that have declared themselves as the DR, the router with the highest priority is
elected to become the DR. If priority values are equal, the router with the highest router ID is
elected. To change the OSPF priority of a router, you should issue the ip ospf priority value
command, where value is an integer from 0 through 255. The default OSPF priority is 1, and a
router with an OSPF priority of 0 will never be elected the DR or BDR.
OSPFv3 supports both IPv4 and IPv6. OSPFv3, which is described in Request for Comments
(RFC) 2740, was developed as an enhancement to OSPFv2, which supports only IPv4. An
OSPFv3 instance can support either IPv4 or IPv6, but not both. However, you can run multiple
OSPFv3 instances on a single link. You can issue the ospfv3 processid area areaid {ipv4 | ipv6}
[instance instanceid] command to enable OSPFv3 on an interface for a particular address family.
Network addresses are not included in the OSPFv3 process when the network command is
issued. The network command is not required, because OSPFv3 is configured directly on each
participating interface. Each IPv6 interface is designed to be configured with many different types
of IPv6 addresses, such as sitelocal, linklocal, and global unicast. When you configure OSPFv3 on
an interface, all IPv6 address prefixes are included? you cannot exclude certain prefixes and allow
others.OSPFv3 does not send hello messages or linkstate advertisements (LSAs) over the IPv4
multicast addresses 224.0.0.5 and 224.0.0.6. Instead, OSPFv3 uses the IPv6 multicast addresses
FF02::5 and FF02::6. All OSPFv3 routers receive packets destined for FF02::5, which is similar to
the OSPFv2 allrouters multicast address 224.0.0.5. OSPFv3 DRs and BDRs receive packets
destined for FF02::6, which is similar to the OSPFv2 allDR/BDR multicast address 224.0.0.6.
Unlike OSPFv2, OSPFv3 does not use Message Digest 5 (MD5) to secure communication.
Instead, OSPFv3 uses IP Security (IPSec) to secure communication.
Reference:
https://search.cisco.com/search?query=Cisco%20IOS%20IPv6%20Configuration%20Guide&local
e=enUS&tab=Cisco
http://www.ietf.org/rfc/rfc2328.txt
http://www.ietf.org/rfc/rfc2740.txt
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-
book/ip6-route-ospfv3-esp.html

Cisco 400-101 Exam
QUESTION NO: 111
Which of the following attacks can be mitigated by implementing uRPF? (Select the best answer.)
A.
reconnaissance attacks
B.
man-in-the-middle attacks
C.
malware attacks
D.
IP spoofing attacks
Answer: D
Explanation:
IP spoofing attacks can be mitigated by implementing unicast Reverse Path Forwarding (uRPF).
uRPF checks the source IP address of a packet to determine whether the packet arrived on the
best path back to the source based on routing table information. If the IP address information is
spoofed, the uRPF check will fail and the packet will be dropped. Therefore, uRPF can be
implemented to prevent spoofing attacks, such as Denial of Service (DoS), smurf, and Tribal Flood
Network (TFN) attacks. However, uRPF can cause legitimate traffic to be dropped in asymmetric
routing configurations. In order for uRPF to function, Cisco Express Forwarding (CEF) must be
enabled.
Reconnaissance attacks cannot be mitigated by implementing uRPF. A reconnaissance attack

involves attempting to gain information about a network. Port scanning, packet sniffing, and ping
sweeping are examples of reconnaissance attacks. To mitigate port scanning attacks, you should
implement an Intrusion Prevention System (IPS). To mitigate packet sniffing attacks, you should
implement secure protocols, such as Secure Shell (SSH). To mitigate ping sweeping attacks, you
should disable Internet Control Message Protocol (ICMP) echo and echo-reply packets.
Malware attacks cannot be mitigated by implementing uRPF. Malware is removed by antivirus and
antispyware software. You should ensure that the antivirus and antispyware software is updated
regularly so that the latest signature definitions are installed.
Man-in-the-middle attacks cannot be mitigated by implementing uRPF. A man-in-the-middle attack

is a type of access attack that occurs when an attacker gains access to traffic sent between two
networks or two devices. If the traffic is sent as plain text, the attacker can view all network traffic
sent across the network.
To mitigate man-in-the-middle attacks, you should encrypt traffic on the network.
Reference:

Cisco 400-101 Exam
https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrpf.html#
wp1000903
QUESTION NO: 112
Which of the following statements best describes split horizon? (Select the best answer.)
A.
Split horizon prevents switching loops.
B.
Split horizon prevents routing loops by advertising a route as unreachable to all devices.
C.
Split horizon prevents routing loops by advertising a route as unreachable to the interface from
which the route was received.
D.
Split horizon prevents routers from advertising a route through the same interface from which the
route was learned.
E.
Split horizon suppresses information regarding a better path to a route for a specified period of
time.
F.
Split horizon synchronizes VLAN configuration information between switches.
Answer: D
Explanation:
route was learned. Thus split horizon prevents routing loops, not switching loops. By default, split
horizon is enabled on all interfaces except those on which Frame Relay encapsulation or Switched
Multimegabit Data Service (SMDS) encapsulation is enabled. To enable split horizon, you should
issue the ip splithorizon or ip splithorizon eigrpcommand from interface configuration mode. To
disable split horizon, you should issue the no ip splithorizon or no ip splithorizon eigrp command
from interface configuration mode.
Spanning Tree Protocol (STP) prevents switching loops on a network. Switching loops can occur
when there is more than one switched path to a destination. The spanning tree algorithm
determines the best path through a switched network, and any ports that create redundant paths
are blocked. If the best path becomes unavailable, the network topology is recalculated and the
port connected to the next best path is unblocked.

Cisco 400-101 Exam
Poison reverse prevents routing loops by advertising a route as unreachable to the interface from
which the route was received. Split horizon is similar to poison reverse in that both methods
prevent routing loops. However, poison reverse advertises a route as unreachable to the source
interface, whereas split horizon does not.
Route poisoning is similar to poison reverse in that both methods prevent routing loops by
advertising a route as unreachable. However, route poisoning sends the advertisements to all
interfaces, not just to the source interface.
Holddown timers also prevent routing loops. Holddown timers suppress information regarding a
better path to a route for a specified period of time. When a router receives a routing update
stating that a route is unreachable, the router waits a specified amount of time before accepting
routes advertised by other sources.
VLAN Trunking Protocol (VTP), not split horizon, is used to synchronize VTP and virtual LAN
(VLAN) configuration information between switches. For switches to synchronize information over
VTP, the following configuration parameters must match on all switches:
- VTP domain name
- VTP password
- VTP version
Reference:
eigrp/16406-eigrp-toc.html#anc9
QUESTION NO: 113
In which of the following ways are ISIS and OSPF similar? (Select 2 choices.)
A.
IS-IS and OSPF both have a backbone area.
B.
IS-IS and OSPF both elect a DR and a BDR.
C.
IS-IS and OSPF flood routing information to every router in the AS.
D.
IS-IS and OSPF can both perform address summarization.
E.
Cisco 400-101 Exam
ISIS and OSPF are both IETF standards.
F.
ISIS and OSPF can both route IP and CLNP.
Answer: C,D
Explanation:
The Intermediate System-to-Intermediate System (ISIS) and Open Shortest Path First (OSPF)
routing protocols are similar in that they both flood routing information to every router in the
autonomous system (AS) and they can both perform address summarization. Routers that use a
linkstate routing protocol maintain a complete topology of the network by flooding the state of each
router's links across the entire network until each of the routers has information about all of the
other routers in the AS.
ISIS and OSPF can both perform address summarization. Summarization helps to reduce the size
of the routing table. You can issue the summaryaddress command to configure ISIS to summarize
routes. You can issue the area range command on an Area Border Router (ABR) to configure
OSPF to summarize internal routes at the area boundary.
Although ISIS does not have a backbone area, ISIS requires that all Level 2 (L2) and Level
1/Level 2 (L1/ L2) routers be connected to form a backbone through the routing domain. OSPF
has a backbone area that is used for interarea routing. With OSPF, all routers that connect to
multiple areas are required to attach to the backbone area.
ISIS does not have a designated router (DR) or a backup designated router (BDR). ISIS uses a
designated intermediate system (DIS) in a broadcast multiaccess network. The DIS is analogous
to the OSPF DR. All ISIS routers on the network segment establish adjacencies with the DIS. The
DIS serves as a focal point for the distribution of ISIS routing information. Once elected, the DIS
must relinquish its duties if another router with a higher priority joins the network. If the DIS is no
longer detected on the network, a new DIS is elected based on the priority of the remaining routers
on the network segment. If a new DIS cannot be elected based solely on router priority, the
highest Media Access Control (MAC) address is used. If there is still a tie, the highest system ID is
the deciding factor. Every ISIS router is required to have a unique system ID.
OSPF requires the election of a DR and a BDR in a multiaccess network. All OSPF routers on the
multiaccess network segment are required to establish adjacencies with only the DR and the BDR.
The DR and BDR serve as a focal point for the distribution of OSPF routing information. The BDR
is elected first, and the DR is elected afterward. Once elected, the DR does not relinquish its
duties if another more suitable router joins the network. If the DR is no longer detected on the
network, the BDR immediately assumes the role of the DR and a new BDR is elected. Both ISIS
and OSPF are standards, but ISIS is not an Internet Engineering Task Force (IETF) standard? it is
an Open Systems Interconnection (OSI) standard. ISIS is specified in International Organization
for Standardization (ISO) 10589. By contrast, OSPF is an IETF standard. OSPFv2 is specified in
Request for Comments (RFC) 2328, and OSPFv3 is specified in RFC 5340.
ISIS can route IP and Connectionless Network Protocol (CLNP). ISIS encapsulates its data
directly at the Data Link layer and is therefore not dependent on the Network layer protocol. ISIS
Cisco 400-101 Exam
uses Data Link layer multicast addresses to send hello packets and linkstate information. OSPF
was designed to work in conjunction only with IP? OSPFv2 can route only IPv4, and OSPFv3 can
route only IPv4 and IPv6. OSPF encapsulates its data at the Network layer, making it dependent
on the supporting Network layer protocol.
OSPF uses Network layer multicast addresses to send hello packets and linkstate information.
Reference:
http://docwiki.cisco.com/wiki/Routing_Basics#Link-State_Versus_Distance_Vector
https://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a00800a3e6f.shtml
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7039-1.html
QUESTION NO: 114
Which of the following commands is functionally equivalent to the no mls qos map cosdscp
command, thereby setting the CoStoDSCP map to the default settings? (Select the best answer.)
A.
mls qos map cosdscp 0 4 8 12 16 20 24 28
B.
C.
D.
Answer: B
Explanation:
The mls qos map cosdscp 0 8 16 24 32 40 48 56 command is functionally equivalent to the no mls
qos map cosdscp command, thereby setting the Class of Service (CoS)toDifferentiated Services
Code Point (DSCP) map to the default settings. The CoS field is a Quality of Service (QoS) 3bit
marking field, whereas the DSCP is a QoS 6bit marking field. The following table shows the
relationship between CoS and DSCP values:

Cisco 400-101 Exam
The first three bits of the DSCP value are the same as the CoS value? the DSCP value just has
three extra 0 bits appended to the end. If you know the CoS value of a packet, you can derive the
default DSCP value by converting the CoS value to binary, appending three 0 bits, and converting
back to decimal.
The CoStoDSCP map is used to generate an internal DSCP value for packets that arrive on a
CoStrusted port. By default, the CoS for untagged packets is set to 0, so the internal DSCP value
would also be 0. If the CoS were 4, the internal DSCP value used by the switch would be 32.
You can view the current CoStoDSCP map by issuing the show mls qos maps cosdscpcommand.
If you were to issue the show mls qos maps cosdscp command on a switch that is using the
default CoStoDSCP map, the following output would be displayed:
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/qos/command/reference/qos_book/qos_m2.html#wp10
63877
Drag the steps on the left to the corresponding IKE Phase on the right. One space will remain
unfilled.

Cisco 400-101 Exam
Answer:
Explanation:

Cisco 400-101 Exam
Internet Key Exchange (IKE) is a protocol that is used to negotiate security parameters and
manage security keys, particularly for IP Security (IPSec). There are two phases of IKE security
negotiation. In Phase 1, the IKE peers negotiate an Internet Security Association and Key
Management Protocol (ISAKMP) security association (SA). An SA is a collection of security
configuration parameters that each endpoint agrees to use, thus enabling the construction of a
secure channel of communication. The peers then establish a key management tunnel and
authenticate each other. Authentication is provided by either preshared keys or digital certificates.
The key management tunnel is used to protect the SA negotiations that occur in Phase 2.
In Phase 2, IKE negotiates IPSec SAs to establish a data management tunnel. Because Phase 2
uses the key management tunnel created during Phase 1, it is not necessary for the IKE peers to
be reauthenticated during Phase 2. The data management tunnel is used to protect the data that
is transferred between the IPSec virtual private network (VPN) peers.
Reference:
https://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-
0/ip_security/provisioning/guide/IPsecPG1.html#wp1023438
https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfike.html#
wp1012444
QUESTION NO: 116
You issue the following commands on a Cisco router named RouterA:
RouterA(config)#ip options ignore
RouterA(config)#ip options drop

Cisco 400-101 Exam
A.
RouterA will ignore IP options on packets.
B.
RouterA will drop all packets with IP options.
C.
RouterA will remove IP options on packets.
D.
RSVP and IGMPv2 might not function properly.
E.
Threats will be mitigated for RouterA as well as for downstream devices.
Answer: A,D
Explanation:
RouterA will ignore IP options on packets, and features that rely on IP options, such as Resource
Reservation Protocol (RSVP) and Internet Group Management Protocol version 2 (IGMPv2), might
not function properly. The ip options command can be used to specify what a router does with
packets that include IP options. The syntax of the ip optionscommand is ip options {drop | ignore}.
The ip options drop command configures the router to drop all packets with IP options. The ip
options ignore command configures the router to ignore IP options on packets. When both
commands are issued on a router, the ip options ignore command takes priority; therefore,
RouterA will ignore IP options on packets.
RouterA will not remove IP options on packets. The ip options command does not include a
keyword that can remove IP options from packets.
Threats that exploit IP options will be mitigated for RouterA. However, these threats will not be
mitigated for downstream devices, because RouterA will continue to forward packets with IP
options. If the ip options drop command were the only ip options command issued on RouterA,
threats would be mitigated for RouterA as well as for downstream devices.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-
i4.html#wp1031242328
https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html#anc96
QUESTION NO: 117

Cisco 400-101 Exam
With which of the following ISIS routers can an L1 router establish adjacencies? (Select the best
answer.)
A.
only L1 routers in the same area
B.
L1 and L2 routers in the same area
C.
L1 and L1/L2 routers in the same area
D.
only L1 routers in any area
E.
L1 and L2 routers in any area
F.
L1 and L1/L2 routers in any area
Answer: C
Explanation:
An Intermediate System-to-Intermediate System (ISIS) Level 1 (L1) router can establish

adjacencies with any L1 or Level 1/Level 2 (L1/L2) router in the same area. In ISIS, adjacencies
are established by sending and receiving intermediate system-to-intermediate system hello (IIH)
packets at the Data Link layer. Since IIH packets are transmitted at the Data Link layer,
adjacencies can only be formed if routers share a common network segment. Separate
adjacencies are maintained between Level 1 and Level 2 intermediate systems. L1 routers send
only Level 1 IIHs, Level 2 (L2) routers send only Level 2 IIHs, and L1/L2 routers send both Level 1
and Level 2 IIHs.
When an L1 router receives an IIH packet on its network segment, the router verifies several
details before forming an adjacency:
- Network type
- Routing level
- Area
- Maximum transmission unit (MTU) length
- Authentication parameters
First, the L1 router determines whether the IIH packet is configured for the correct network type
and routing level. ISIS recognizes two network types: broadcast and pointtopoint. Broadcast
networks use Level 1 LAN IIHs and Level 2 LAN IIHs. If an interface is configured as a broadcast
Cisco 400-101 Exam
link, such as on a LAN, the interface ignores pointtopoint IIHs. Pointtopoint networks use
pointtopoint IIHs. If an interface is configured as a pointtopoint link, it ignores LAN IIHs.
Pointtopoint IIHs indicate the routing level within their type and circuit type fields. An L1 router on a
pointtopoint link accepts only pointtopoint IIHs configured for Level 1 routing.
The L1 router then verifies that the IIH packet originated from a router within the same area in the
routing domain. An adjacency is not formed unless the sending router resides in the same area as
the L1 router processing the IIH packet.
An adjacency is not established unless the router sending the IIH packet is using the same MTU
length as the receiving router. By default, IIH packets are padded to the full MTU size unless the
no hello padding router configuration command or the no isis hello paddinginterface configuration
command has been issued, in which case only the first five IIH packets are padded.
If authentication is used in the area, an adjacency will not be established unless all IIH packets
contain the same authentication parameters. If the L1 router determines that the IIH packet
satisfies all of the requirements listed above, an adjacency is formed with the neighboring router
that sent the packet and routing information is shared.
L1 and L1/L2 routers periodically transmit Level 1 IIH packets onto their network segments. If an
L1 router and a neighboring L1 or L1/L2 router send IIH packets with the same network type, area,
MTU length, and authentication parameters, an adjacency is established between the routers. If
the IIH packet does not meet all of these requirements, it is discarded by the L1 router and an
adjacency is not established.
L2 and L1/L2 routers periodically transmit Level 2 IIH packets onto their network segments. L1
routers examine the IIH packets received from L2 routers to determine the packet type before
establishing an adjacency. All packets not identified as Level 1 IIH packets are discarded by an L1
router, and an adjacency is not formed. No further processing is performed on the Level 2 IIH
packet by the L1 router once the packet has been discarded.
L2 routers form adjacencies only with L2 and L1/L2 routers. L2 routers use the same parameters
for establishing adjacencies as L1 routers, except L2 routers do not consider the area parameter?
L2 routers can establish adjacencies with L2 and L1/L2 routers from any area in the routing
domain.
There are two remaining hello packet types: the end system hello (ESH) and the intermediate
system hello (ISH). An ESH is sent by an end system (ES), such as a computer, to announce itself
to other devices on the network segment. An ISH is sent by an intermediate system (IS), such as a
router, to announce itself to other devices on the network segment. ESs discover routers by
listening for ISH packets. ISs discover ESs by listening for ESH packets. The ESH and ISH
packets are part of the End SystemtoIntermediate System (ESIS) routing exchange protocol.
When an ISIS routing level mismatch, authentication mismatch, or MTU mismatch occurs, an ISIS
adjacency will not form, but the output of the show clns neighbors command might instead show
an ESIS adjacency. For example, if RouterA, an L1 router, is connected to RouterB, a router in
another area, the following output might be displayed on RouterA:

Cisco 400-101 Exam
Reference:
QUESTION NO: 118
You administer the switched network shown above. All switches are configured to use STP. The
Fa0/2 interface of SwitchA is in the blocking state.
You issue the following commands on the Fa0/1 interface of SwitchA:
speed 100
duplex full
You issue the following commands on the Fa0/1 interface of SwitchD:
speed 10
duplex half
A.
Data will be sent between SwitchA and SwitchD at 10 Mbps.
B.
The speed mismatch will cause a switching loop.
Cisco 400-101 Exam
C.
The duplex mismatch will cause a switching loop.
D.
The speed mismatch will cause the Fa0/1 interfaces to be down.
E.
The duplex mismatch will cause the Fa0/1 interfaces to be down.
Answer: D
Explanation:
The speed mismatch will cause the Fa0/1 interfaces to be down. Switch ports that are manually
configured to use different speeds will cause speed mismatches. To prevent a speed mismatch
from occurring, you should ensure that one or both sides of a link are set to autonegotiate and that
the two interfaces have at least one data transmission speed in common.
The speed mismatch will not cause a switching loop. When a speed mismatch occurs, neither
interface will establish a link. Therefore, a switching loop will not occur, because data cannot flow
through the port.
The Fa0/1 interfaces on SwitchA and SwitchD are manually configured with different duplex
modes. However, a duplex mismatch will not cause the interfaces to be down? if there were no
speed mismatch, the interfaces would be up and the line protocol would be up. A duplex mismatch
can cause collisions, alignment errors, intermittent connectivity, and switching loops. Therefore, if
there were no speed mismatch, a switching loop could occur because of the duplex mismatch.
Data will not be sent between SwitchA and SwitchD at 10 Mbps. To enable data to flow between
SwitchA and SwitchD at 10 Mbps, you should issue the speed 10 command on the Fa0/1 interface
of SwitchA. Alternatively, you could configure the Fa0/1 interface of SwitchA to autonegotiate
speed and duplex settings. To enable data to flow between SwitchA and SwitchD at 100 Mbps,
you should issue the speed 100 command on the Fa0/1 interface of SwitchD. You should not
configure SwitchD to autonegotiate speed and duplex settings, because a port configured to
transmit at 10 Mbps or 100 Mbps defaults to halfduplex mode, which would cause a duplex
mismatch.
Reference:
46.html#auto_neg_valid
QUESTION NO: 119
Which of the following protocols is used with IPv6 multicast and natively supports SSM? (Select
the best answer.)
Cisco 400-101 Exam
A.
MLDv1
B.
MLDv2
C.
IGMPv2
D.
IGMPv3
Answer: B
Explanation:
Multicast Listener Discovery version 2 (MLDv2) is used with IPv6 multicast and natively supports
Source Specific Multicast (SSM). MLD is similar to Internet Group Management Protocol (IGMP) in
that both are used to manage multicast group membership information. However, MLD is used on
IPv6 multicast networks, whereas IGMP is used on IPv4 multicast networks. IPv6 routers are MLD
queriers, and IPv6 hosts are MLD receivers. An MLD host sends a report message to the MLD
querier on the subnet to indicate that the host wants to receive multicast traffic. MLD messages
are sent with a timetolive (TTL) value of 1, which means that an MLD message is sent only to the
next hop.
When SSM is used, a multicast host can specify the source addresses from which it will accept
multicast traffic. As a result, SSM uses the (S,G) model instead of the (*,G) model? the S denotes
a particular multicast source address, the G denotes the multicast group address, and the *
denotes all multicast source addresses. Protocol Independent Multicast dense mode (PIMDM)
routers also use the (S,G) model, but PIMDM is not supported in IPv6 multicast.
MLDv1 also supports IPv6 networks? however, it does not natively support SSM. SSM mappings
can be used to enable MLDv1 hosts to receive multicast streams using Domain Name System
(DNS) or static host nametoIPv6 address mappings. To enable SSM mapping, you should issue
the ipv6 mld ssmmap enable command. SSM mapping uses DNS for name resolution by default.
Neither IGMP version 2 (IGMPv2) nor IGMPv3 supports IPv6. IGMPv3 improves upon IGMPv2 by
adding support for SSM. Thus an IGMPv3 host can specify the source addresses from which it will
accept multicast traffic. If the receivers specifically require SSM, you can enable IGMPv3 multicast
with SSM by issuing the ip pim ssm command, the ip pim {sparsemode | sparsedensemode}
command, and the ip igmp version 3command. Conversely, an IGMPv2 host cannot use SSM to
specify the source address from which it will accept multicast traffic. Therefore, you should issue
the ip pim {sparsemode | sparsedensemode | densemode} command to enable IGMPv2 multicast
on a router? sparsemode interfaces must also be configured with the ip pim rpaddresscommand.
IGMPv2 does not require the ip igmp version 2 command, because IGMPv2 is used by default.
The ip pim rpaddress command statically configures the address of the rendezvous point (RP) on
the router. The ip pim sparsemode command enables PIM sparse mode (PIMSM) on an interface.
PIMSM adds an interface to the multicast table either when a downstream router sends a join

Cisco 400-101 Exam
message on that interface or when a member of the multicast group is directly connected to the
interface. Otherwise, multicast traffic will not be sent by using the PIMSM interface.
Reference:
os/multicast/configuration/guide/n7k_multic_cli_5x/mld.html
001
064
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/xe-3se/3850/imc-pim-
xe-3se-3850-book/imc-ss-mc.html
QUESTION NO: 120
Which of the following statements is correct regarding the differences between PIM snooping and
IGMP snooping? (Select the best answer.)
A.
PIM snooping restricts IPv6 multicast traffic? IGMP snooping does not.
B.
IGMP snooping is disabled by default? PIM snooping is enabled by default.
C.
PIM snooping restricts multicast traffic on interfaces that are connected to multicast routers; IGMP
snooping does not.
D.
IGMP snooping requires that PIM snooping also be enabled; PIM snooping does not require that
IGMP snooping also be enabled.
Answer: C
Explanation:
Protocol Independent Multicast (PIM) snooping restricts multicast traffic on interfaces that are
connected to multicast routers? Internet Group Management Protocol (IGMP) snooping does not.
IGMP snooping restricts multicast traffic only on interfaces that are connected to host devices.
IGMP snooping does not require that PIM snooping also be enabled. However, PIM snooping
requires that IGMP snooping be enabled. IGMP snooping enables switches to listen to IGMP
Cisco 400-101 Exam
traffic and forward multicast traffic only to ports from which an IGMP report has been received.
IGMP reports are sent from multicast receivers that want to receive traffic from a multicast group.
When an IGMP report is received on a port, the switch adds the port number to the list of ports
that should receive traffic for that multicast group. When an IGMP leave message is received on a
port, the switch sends an IGMP query to determine whether any interested multicast receivers
remain on the port.
IGMP snooping is enabled on Cisco switches by default. You can globally disable IGMP snooping
on a switch by issuing the no ip igmp snooping command from global configuration mode.
Alternatively, you can disable IGMP snooping on a particular virtual LAN (VLAN) by issuing the no
ip igmp snooping command from interface configuration mode for that VLAN. When IGMP
snooping is disabled, switches will flood multicast traffic to every port in every VLAN. To reenable
IGMP snooping, you should issue the ip igmp snooping command from global configuration mode
or from interface configuration mode.
PIM snooping is disabled on Cisco switches by default. You can globally enable PIM snooping on
a switch by issuing the ip pim snooping command from global configuration mode. Alternatively,
you can enable PIM snooping on a particular VLAN by issuing the ip pim snooping command from
interface configuration mode for that VLAN. To disable PIM snooping, you should issue the no ip
pim snooping command from global configuration mode or from interface configuration mode.
Neither PIM snooping nor IGMP snooping restricts IPv6 multicast traffic. To restrict IPv6 multicast
traffic, you need to enable Multicast Listener Discovery (MLD) snooping. Similar to how IGMP
snooping forwards IPv4 multicast traffic, MLD forwards IPv6 multicast traffic only to ports from
which an MLD report has been received. MLD is enabled by default. When MLD is enabled, MLD
messages are sent with a timetolive (TTL) value of 1, which means that an MLD message is sent
only to the next hop. You can globally disable MLD snooping on a switch by issuing the no ipv6
mld snooping command from global configuration mode. Alternatively, you can disable MLD
snooping on a particular VLAN by issuing the no ipv6 mld snooping command from interface
configuration mode for that VLAN. When MLD snooping is disabled, switches will flood IPv6
multicast traffic to every port in every VLAN. To re-enable MLD snooping, you should issue the
ipv6 mld snooping command from global configuration mode or from interface configuration mode.
Reference:
2SX/configuration/guide/book/snooppim.html
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/
CLIConfigurationGuide/IGMPSnooping.html
2SX/configuration/guide/book/snoopmld.html
QUESTION NO: 121

Cisco 400-101 Exam
Which of the following OSPF LSAs are also called ASBR summary LSAs? (Select the best
answer.)
A.
Type 1 LSAs
B.
Type 2 LSAs
C.
Type 3 LSAs
D.
Type 4 LSAsE
E.
Type 5 LSAs
Answer: D
Explanation:
Open Shortest Path First (OSPF) Type 4 link-state advertisements (LSAs) are also called
autonomous system boundary router (ASBR) summary LSAs. ASBR summary LSAs are used to
advertise the location of an ASBR so that routers can determine the best next-hop path. Type 4
LSAs are generated by area border routers (ABRs) and are flooded throughout an area except
into stub areas.
Type 1 LSAs, which are also called router LSAs, contain router ID and interface IP address
information for a single router. Router LSAs, which are generated by all OSPF routers, are not
propagated outside the area? they are flooded only within the local area.
Type 2 LSAs, which are also called network LSAs, contain subnet and neighbor router information.
Network LSAs, which are generated by designated routers (DRs), are not propagated outside the
area in which they originate? they are flooded only within the local area.
Type 3 LSAs, which are also called network summary LSAs, contain subnet information for an
entire area. Network summary LSAs, which are generated by ABRs, are advertised between areas
throughout an autonomous system (AS) except into totally stubby areas.
Type 5 LSAs, which are also called AS-external LSAs, contain subnet information for an external
AS. AS-external LSAs, which are generated by ASBRs, are advertised throughout an AS except
into stub areas, totally stubby areas, and not-so-stubby areas (NSSAs).
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_2/nx-
os/unicast/configuration/guide/l3_cli_nxos/l3_ospf.html#pgfId-1243056

Cisco 400-101 Exam
https://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm32/asdm52f/user/guide/asdmug/mon_rt
g.html#wp1046958
QUESTION NO: 122
Which of the following statements are true when an RSTP switch detects a topology change?
(Select 2 choices.)
A.
It starts the TC While timer with a value equal to the hello timer for all its non-edge designated
ports and its root port.
B.
It starts the TC While timer with a value equal to twice the hello timer for all its non-edge
designated ports and its root port.
C.
It starts the TC While timer with a value equal to three times the hello timer for all its non-edge
designated ports and its root port.
D.
It flushes the MAC addresses associated with its edge designated ports and its root port from the
CAM table.
E.
It flushes the MAC addresses associated with its non-edge designated ports and its root port from
the CAM table.
Answer: B,E
Explanation:
When a Rapid Spanning Tree Protocol (RSTP) switch detects a topology change, it starts the TC
While timer with a value equal to twice the hello timer for all its non-edge designated ports and its
root port. Additionally, the switch flushes the Media Access Control (MAC) addresses associated
with its non-edge designated ports and its root port from the Content Addressable Memory (CAM)
table. A switch detects a topology change by receiving a bridge protocol data unit (BPDU) with the
topology change (TC) bit set? these BPDUs are called topology change notification (TCN)
messages.
With RSTP, topology changes are detected for the sole purpose of updating RSTP switching
tables. RSTP does not consider loss of connectivity a topology change? consequently, only non-
edge ports that transition into the forwarding state are considered topology changes, which results
in TCN messages being disseminated throughout the network. When a switch detects a topology
change, it starts the TC While timer and generates TCN messages for all its non-edge designated

Cisco 400-101 Exam
ports and its root port. Additionally, all MAC addresses linked to the non-edge designated ports
and the root port are flushed from the CAM table. Flushing the CAM table requires that the MAC
addresses be relearned after the topology change in the event that a host now appears on a
different link. It is important to note that a flood of TCN messages could cause repeated flushing of
the CAM table and a spike in CPU utilization, which could cause performance problems on the
switch.
RSTP is used to significantly increase convergence speed after a topology change. RSTP is
based on the 802.1w standard developed by the Institute of Electrical and Electronics Engineers
(IEEE) to address the slow transition of a Spanning Tree Protocol (STP) port to the forwarding
state. Unlike STP, which has five port states, RSTP has only three: discarding, learning, and
forwarding. The disabled, blocking, and listening states of STP are combined into the discarding
state in RSTP. RSTP uses the STP root port and designated port roles but splits up the STP
blocking port role into the alternate port and backup port roles. An alternate port is a blocked port
that receives more useful BPDUs from a port on another device, and a backup port is a blocked
port that receives more useful BPDUs from a port on the same device. RSTP is backward
compatible with switches that can only use STP, but the convergence benefits provided by RSTP
are lost when RSTP interacts with STP devices.
RSTP does not flush the MAC addresses associated with its edge ports. Because the edge port is
connected to a single host, the port cannot form a loop and is immediately placed into the
forwarding state. If an edge port ever receives a BPDU, the port will lose its edge port designation.
When a switch detects a topology change, it does not start the TC While timer with a value equal
to the hello timer, nor does it start the TC While timer with a value equal to three times the hello
timer. The switch will start the TC While timer with a value equal to twice the hello timer and
generate TCN messages for its non-edge designated ports and its root port.
Reference:
146.html#topchng
QUESTION NO: 123
Which of the following command sets will cause an EEM applet to finish before the show
runningconfig command is executed? (Select the best answer.)
A.
Router(config)#event manager applet boson
Router(configapplet)#event cli pattern "show runningconfig" sync no skip no
Router(configapplet)#action 1.0 syslog msg "Running configuration displayed"
B.
Cisco 400-101 Exam
Router(configapplet)#event cli pattern "show runningconfig" sync no skip yes
C.
Router(configapplet)#event cli pattern "show runningconfig" sync yes

Router(configapplet)#set 2.0 _exit_status 0
D.
Answer: D
Explanation:
The following command set will cause an Embedded Event Manager (EEM) applet to finish before
the show runningconfig command is executed:

This command set configures an EEM applet named boson that is triggered when the show
runningconfig command is issued. The applet writes a message to syslog and sets the
_exit_status to a value of 1. The applet then exits, and the show runningconfigcommand is
executed.
The event cli command configures EEM to monitor commandline interface (CLI) commands and to
trigger the event when a specified pattern is matched one or more times. Events can be processed
synchronously or asynchronously. The sync yes keywords are used with the event cli command to
configure synchronous processing. With synchronous processing, the EEM applet must finish
before the CLI command can be executed, and the _exit_status variable determines whether the
CLI command is executed or skipped. If the _exit_status variable is set to a value of 0 or is not
configured, the CLI command will not execute after the EEM applet is finished; if the _exit_status
Cisco 400-101 Exam
variable is set to a value of 1, the CLI command will execute after the EEM applet is finished. For
example, the following command set will cause the show runningconfig command to be skipped
because the _exit_status variable is set to a value of 0:

The sync no keywords are used with the event cli command to configure asynchronous
processing. With asynchronous processing, the EEM applet is processed at the same time the CLI
command is executed. When you issue the event cli command with the sync nokeywords, you
must also include the skip no or skip yes keywords to indicate whether the CLI command should
be executed or skipped, respectively. For example, the following command set will cause the EEM
applet to run at the same time the show runningconfig command is executed:
Router(configapplet)#event cli pattern "show runningconfig" sync no skip no
The following command set will cause the EEM applet to run and to not execute the show
runningconfig command:
Router(configapplet)#event cli pattern "show runningconfig" sync no skip yes

Router(configapplet)#action 1.0 syslog msg "Running configurationdisplayed"
Reference:
Cisco: Cisco IOS Embedded Event Manager Command Reference: event cli
Cisco: Understanding Cisco EEM by examples Part 2
QUESTION NO: 124
Which of the following commands will track whether IP routing is enabled, the interface line
protocol is up, and the interface IP address is configured? (Select the best answer.)

Cisco 400-101 Exam
A.
track 1 interface FastEthernet1/1 lineprotocol
B.
track 1 interface FastEthernet1/1 ip routing
C.
track 1 ip route 10.10.10.0/24 reachability
D.
track 1 ip route 10.10.10.0/24 metric threshold
Answer: B
Explanation:
The track 1 interface FastEthernet1/1 ip routing command will track whether IP routing is enabled,
the interface line protocol is up, and the interface IP address is configured. If any of the three
criteria are not met, the tracked interface is considered to be down. To track whether IPv6 routing
is enabled, the line protocol is up, and the interface IPv6 address is configured, you could issue
the track 1 interface FastEthernet1/1 ipv6 routing command.
The track 1 interface FastEthernet1/1 lineprotocol command will track whether the interface line
protocol is up. However, it will not track whether IP routing is enabled and the interface IP address
is configured.
The track 1 ip route 10.10.10.0/24 reachability command will track whether the destination network
is reachable. The subnet address must be issued in Classless InterDomain Routing (CIDR)
notation.
The track 1 ip route 10.10.10.0/24 metric threshold command will track whether the metric
threshold is exceeded. By default, a metric value of 254 or less is considered to be accessible and
a metric value of 255 is considered to be inaccessible. The threshold metric up upvalue down
downvalue command can be used to change the default metric threshold values.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/command/iap-cr-book/iap-
t1.html#wp9828037020
t1.html#wp4199553004
QUESTION NO: 125
Which of the following NetFlow features is not unique to version 9 and later? (Select the best

Cisco 400-101 Exam
answer.)
A.
template-based export protocol
B.
support for IPv6 flows
C.
support for MPLS flows
D.
support for multicast flows
E.
support for router-based aggregation
Answer: E
Explanation:
Explanation/:
Support for router-based aggregation is not unique to NetFlow version 9 and later. Routerbased
aggregation is available with NetFlow version 8 and version 9. NetFlow is a reporting tool that can
be used to measure network bandwidth, Quality of Service (QoS), and performance, among other
things.
NetFlow version 9 and later use a templatebased export protocol. The purpose of the
templatebased format is to enable future versions of NetFlow to extend services without
significantly altering the basic NetFlow export format.
NetFlow version 9 and later contain support for IPv6 flows, Multiprotocol Label Switching (MPLS)
flows, and multicast flows. Therefore, it is possible with version 9 and later to measure and report
on network characteristics beyond basic IPv4 functionality. All versions of NetFlow support IPv4
flows.
Reference:
Cisco: NetFlow Services Solutions Guide: NetFlow Export Version Formats
Cisco: NetFlow Export Datagram Format
QUESTION NO: 126

Cisco 400-101 Exam
You administer the network shown above. RouterA and RouterB are Anycast RPs that are
configured as MSDP multicast peers. The following partial output is from the show running-config
command on RouterA:
interface Loopback0
ip address 192.168.1.1 255.255.255.255
interface Loopback1
ip address 192.168.1.2 255.255.255.255
ip msdp peer 192.168.1.3 connect-source loopback1 remote-as 2
ip msdp originator-id loopback1
ip pim rp-address 192.168.1.1
The following partial output is from the show runningconfig command on RouterB:
interface Loopback0
ip address 192.168.1.1 255.255.255.255
interface Loopback1
ip address 192.168.1.3 255.255.255.255

Cisco 400-101 Exam
!
ip msdp peer 192.168.1.2 connect-source loopback1 remote-as 1
ip msdp originator-id loopback1
ip pim rpaddress 192.168.1.1
RouterC is configured to use Auto-RP to discover the Anycast RP. RouterD is configured to use
BSR to discover the Anycast RP. RouterE is configured with the ip pim rp-address 192.168.1.3
command.
A.
RouterA and RouterB cannot use the same IP address on Loopback 0.
B.
RouterA and RouterB cannot be in different domains.
C.
RouterC cannot use AutoRP to discover the Anycast RP.
D.
RouterD cannot use BSR to discover the Anycast RP.
E.
RouterE is not configured with the correct IP address of the Anycast RP.
Answer: E
Explanation:
RouterE is not configured with the correct IP address of the Anycast rendezvous point (RP).
Anycast RP enables multiple RPs to provide redundancy and loadsharing capabilities. Each
downstream router uses the closest RP. If an Anycast RP fails or is added, the Protocol
Independent Multicast (PIM) network will converge as quickly as IP routing converges. You should
configure each of the Anycast RPs as Multicast Source Discovery Protocol (MSDP) peers of one
another by issuing the ip msdp peer command for each Anycast RP peer.
RouterA and RouterB must use the same IP address on a loopback interface? this address is the
Anycast RP address. In this scenario, RouterA and RouterB are correctly using the 192.168.1.1
address on Loopback 0. When an Anycast RP fails, the downstream routers will not have to
discover a new RP; they will continue to use the shared IP address of the Anycast RPs.
Each downstream router must be configured with the shared IP address of the AnycastRPs, either
statically by using the ip pim rpaddress command or dynamically by using AutoRP or Bootstrap
Router (BSR). In this scenario, RouterE is configured with the ip pimrpaddress 192.168.1.3

Cisco 400-101 Exam
command. However, the Loopback 0 interfaces of RouterA and RouterB are configured with the
shared IP address 192.168.1.1. Therefore, RouterE should be configured with the ip pim
rpaddress 192.168.1.1 command. RouterC is correctly configured to use AutoRP to discover the
RP address, and RouterD is correctly configured to use BSR to discover the RP address.
RouterA and RouterB can be in different domains. In fact, MSDP enables Anycast RPs to share
information about multicast sources across domains. Without MSDP, an Anycast RP would be
able to know about multicast sources only within its own domain.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/ip_multicast/White_papers/anycast.html
QUESTION NO: 127
What does an asterisk indicate in the output of the show ip pim tunnel command? (Select the best
answer.)
A.
The router is an RP.
B.
Fast switching is enabled.
C.
The entry includes all multicast sources.
D.
The neighbor has been learned through an assert.
Answer: A
Explanation:
An asterisk in the output of the show ip pim tunnel command indicates that the router is a
rendezvous point (RP). An RP is a well-connected, centrally located router that is responsible for
keeping track of multicast group membership information. Protocol Independent Multicast sparse
mode (PIMSM) requires an RP, whereas PIM dense mode(PIMDM) does not. When PIMSM is
used, each multicast receiver must be able to reach the RP through a connected tree of PIMSM
routers. If a router along the path is not configured for PIMSM, multicast receivers will not be able
to register with the RP and multicast traffic will not flow to those receivers.
When you issue the show ip pim tunnel command on an RP, you will receive output that is similar
to the following:

Cisco 400-101 Exam
An RP will always have a PIM Encap and a PIM Decap tunnel interface. Additionally, anasterisk
will appear next to the RP IP address.
An asterisk in the output of the show ip pim interface count command indicates thatfast switching
is enabled. The show ip pim interface count command also displays how many multicast packets
have been received and sent by each interface. The following output is from the show ip pim
interface count command:
An asterisk in the output of the show ip mroute command indicates that an entryincludes all
multicast sources or that a neighbor has been learned through an assert. The show ip mroute
command displays the multicast routing table. Shared distribution trees are specified by a (*,G)
notation? the * indicates all sources, and the G indicates the multicast group address. Source
distribution trees, which are also known as shortest path trees (SPTs), are specified by an (S,G)
notation? the S indicates the address of the multicast source, and the G indicates the multicast
group address. PIMSM supports both shared distribution trees and source distribution trees and
can use both (S,G) and (*,G) routes. PIMDM supports only source distribution trees, and PIMDM
groups use only (S,G) routes. The following output from the show ip mroute command shows both
types of routes:
If an asterisk appears next to the RPF nbr IP address, the neighbor has been learned through an
assert. Asserts are used to elect a designated forwarder (DF). DFs are elected to ensure a loop-
Cisco 400-101 Exam
free tree with the root at the RP. The router with the lowest cost to the RP will become the DF on a
network segment.
Reference:
book/imc_s1.html#wp3622554730
QUESTION NO: 128
Your company has configured STP with the timers set to their default values.
For what duration will the TC bit be set by the root bridge after it receives a TCN BPDU? (Select
the best answer.)
A.
two seconds
B.
15 seconds
C.
20 seconds
D.
35 seconds
Answer: D
Explanation:
The topology change (TC) bit will be set for a duration of 35 seconds on configuration bridge
protocol data units (BPDUs) that are sent by the root bridge after it receives a topology change
notification (TCN) BPDU. TCN BPDUs are a Spanning Tree Protocol (STP) mechanism sent from
a designated bridge back to the root bridge to inform the root bridge of a change in the network
topology. TCN BPDUs are sent under the following circumstances: when a switch receives a TCN
from another non-root bridge, when a link has failed, or when a port begins to forward packets
despite the bridge already having a designated port. Ports that have PortFast enabled will not
send TCN BPDUs when entering or leaving the forwarding state.
Cisco 400-101 Exam
After a bridge receives a TCN BPDU, it will send a BPDU with the topology change
acknowledgment (TCA) bit set back to the bridge that sent the TCN BPDU. When the root bridge
receives a TCN BPDU, it begins sending configuration BPDUs to the downstream bridge devices.
Configuration BPDUs contain a TC bit indicating that a change has occurred. This bit is set for a
period of the max_age timer plus the forward_delay timer. STP defaults the max_age timer to 20
seconds and the forward_delay timer to 15 seconds. Therefore, the TC bit will be set for 35
seconds.
TC BPDUs will cause a switch to shorten the aging time for Media Access Control (MAC)
addresses from 300 seconds to the forward_delay value, which is 15 seconds by default.
Excessive flooding can occur as the switch receives packets and forwards the traffic out all ports.
The TC bit will not be set for a duration of two seconds in this scenario. The default hello timer is
two seconds. The hello_time is the interval at which BPDUs are sent.
Reference:
17.html#event
QUESTION NO: 129

Cisco 400-101 Exam
You administer the network shown above. You issue the show spanning-tree command on
SwitchC and receive the following output:
Which of the following statements are true regarding the switches on the network? (Select 2
choices.)
A.
SwitchA is the root bridge.
B.
SwitchC is using the default STP timer values.
C.
802.1D STP is running on SwitchB.
D.
802.1D STP is running on SwitchD.
E.
The BID of SwitchB is 32810.001c.223b.0717.
F.
The BID of SwitchC is 001c.223b.0717.32810.

Cisco 400-101 Exam
Answer: B,D
Explanation:
SwitchC is using the default Spanning Tree Protocol (STP) timer values, and 802.1D STP is
running on SwitchD. STP uses three timer values: the hello timer value, the forward_delay timer
value, and the max_age timer value. The hello timer value is the time between the sending of
bridge protocol data units (BPDUs)? this value is set to two seconds by default. The forward_delay
timer value is the time spent in the listening state and the learning state? this value is set to 15
seconds by default. The max_age timer value is the maximum length of time before BPDU
information is aged out? this value is set to 20 seconds by default. The output of the show
spanningtree command indicates that SwitchC is using these default STP timer values.
Traditional STP is defined in the Institute of Electrical and Electronics Engineers (IEEE) 802.1D
standard. Rapid STP (RSTP), which is defined in the IEEE 802.1w standard, is used to improve
the slow transition of an STP port to the forwarding state. The line of text Spanning tree enabled
protocol rstp in the output of the show spanningtree
command indicates that SwitchC is running RSTP. If SwitchC were running 802.1D STP, the line
of text Spanning tree enabled protocol ieee would be displayed in the output of the show
spanningtree command.
To determine the type of STP running on neighbor switches, you should analyze the Type field in
the show spanningtree command output. If the Type field displays P2p, the neighbor switch is
running RSTP. If the Type field displays P2p Peer(STP), the neighbor switch is running traditional
802.1D STP. Therefore, SwitchB is running RSTP and SwitchD is running 802.1D STP.
SwitchA is not the root bridge. The output of the show spanningtree command indicates that the
root bridge is reachable through the Fa0/1 interface. Therefore, either SwitchA or SwitchB is the
root bridge. You can determine which switch is the root by analyzing the link cost, which is used to
determine the best path to the root bridge. The link cost is based on the bandwidth of a link. The
higher the bandwidth, the lower the cost. STP uses the following link costs by default:

Cisco 400-101 Exam
FastEthernet links have a bandwidth of 100 Mbps, so the link cost of traversing aFastEthernet link
is 19. If packets must traverse two FastEthernet links, the link cost is 38. In this scenario, the
output of the show spanningtree command indicates that the link cost is 19. Because packets
must traverse only one FastEthernet link to reach the root bridge, SwitchB must be the root bridge.
The bridge ID (BID) of SwitchB is not 32810.001c.223b.0717. The BID is composed of a 2-byte
bridge priority prefix and a 6byte Media Access Control (MAC) address suffix. The output of the
show spanningtree command indicates that the root bridge has a priority value of 31574 and a
MAC address of 001c.6e5e.7aa3. Therefore, the BID of the root bridge, SwitchB, is
31574.001c.6e5e.7aa3.
The BID of SwitchC is not 001c.223b.0717.32810. The Bridge ID field in the output of the show
spanningtree command indicates the priority value and MAC address of the local switch, SwitchC.
In the BID, the bridge priority comes before the MAC address. Therefore, the BID of SwitchC is
32810.001c.223b.0717.
Reference:
rapidpvst-mig-config.html
QUESTION NO: 130
You issue the show ipv6 ospf command on RouterA and receive the following output:

Cisco 400-101 Exam
Which of the following statements are correct? (Select 3 choices.)
A.
RouterA is an ASBR.
B.
RouterA is an ABR.
C.
RouterA is an internal router.
D.
RouterA is a backbone router.
E.
RouterA is part of a stub area.
F.
Router A is part of a totally stubby area.
G.
RouterA is part of a standard area.
H.
Route recalculation has occurred seven times.
Answer: C,G,H
Explanation:
The output of the show ipv6 ospf command indicates that RouterA is an internal router, RouterA is
part of a standard area, and route recalculation has occurred seven times. The output of the show
ipv6 ospf command is similar to the show ip ospf command in that they both display the following
information:
Cisco 400-101 Exam
-Shortest path first (SPF) timer values and statistics
-Linkstate advertisement (LSA) timer values and statistics
-Number and type of areas in the router
-Whether authentication is enabled for an area
The router output Number of areas in this device is 1 indicates that there is only one Open
Shortest Path First (OSPF) area in the router. Internal routers belong to a single OSPF area?
therefore, RouterA is an internal router. The router output 1 normal 0 stub 0 nssa indicates that the
area is a normal area, which is also called an ordinary or standard area. Therefore, RouterA is part
of a standard area. Finally, the router output indicates that route recalculation has occurred seven
times because the SPF algorithm has executed seven times on the router.
RouterA is not an autonomous system boundary router (ASBR). ASBRs connect two or more
autonomous systems and redistribute routes between them. If RouterA were an ASBR, the output
of the show ipv6 ospf command would display the line of text It isan autonomous system boundary
router. In addition, the output would display the route sources that RouterA is redistributing into
OSPF.
RouterA is not an area border router (ABR). ABRs connect two or more OSPF areas? a separate
linkstate database (LSDB) is maintained for each area. If RouterA were an ABR, the output of the
show ipv6 ospf command would display the line of text It is an area border device. In addition, the
router output would indicate that multiple OSPF areas were configured on the router and statistical
information would exist for each of those areas. In the output of the show ipv6 ospf command,
statistical information exists only for Area 2.
RouterA is not a backbone router. A backbone router is a router with at least one interface in Area
0, the backbone area. The router output Area 2 indicates that RouterA is within Area 2, not Area 0.
If RouterA were a backbone router, the output of the show ipv6 ospfcommand would display the
line of text Area BACKBONE(0) instead of Area 2.
RouterA is not part of a stub area. A stub area is an area that does not accept Type 5 summary
LSAs. If RouterA had at least one interface in a stub area, the output of the show ipv6 ospf
command would indicate at least one stub area within the line of text 1 normal 0 stub 0 nssa.
Additionally, if Area 2 were a stub area, the router output It is a stub area would appear within the
statistical information for Area 2.
RouterA is not part of a totally stubby area. A totally stubby area is an area that does not accept
Type 3, 4, or 5 summary LSAs. If RouterA had at least one interface in a totally stubby area, the
output of the show ipv6 ospf command would indicate at least one stub area within the line of text
1 normal 0 stub 0 nssa. Additionally, if Area 2 were a stub area, the router output It is a stub area,
no summary LSA in this area would appear within the statistical information for Area 2.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-
s4.html#wp1570786054

Cisco 400-101 Exam
Drag the OSFP neighbor relationship states on the left to the corresponding reasons on the right.
Answer:
Explanation:

Cisco 400-101 Exam
When an Open Shortest Path First (OSPF) neighbor router is powered on, it transitions through
the following neighbor states:
-Down
-Init
-2-Way
-Exstart
-Exchange
-Loading
-Full
An OSPF neighbor router begins in the Down state. A neighbor in the Down state has not yet sent
a hello packet. When a hello packet is received from the neighbor router but the hello packet does
not contain the receiving router's ID, the neighbor router is in the Init state. The receiving router
replies to the neighbor router with a hello packet that contains the neighbor router's ID as an
acknowledgment that the receiving router received the neighbor's hello packet. If a router is stuck
in the Init state, it has sent hello packets but has not received them from the neighbor router. If a
router is stuck in the Down or Init state, you should check to see whether an access list is blocking
224.0.0.5, which is used by OSPF to send hello packets. Additionally, you should ensure that
Layer 1 and Layer 2 connectivity exists and that authentication is disabled or enabled on both
neighbors.
The neighbor router replies with a hello packet that contains the receiving router's ID. When this
occurs, the neighbor router is in the 2Way state. At the end of the 2Way state, the designated
router (DR) and backup designated router (BDR) are elected for broadcast and nonbroadcast
multiaccess (NBMA) networks. On broadcast and NBMA networks, neighbor routers will proceed
to the Full state only with the DR and BDR? routers will remain in the 2Way state with all other
neighbor routers. Routers that remain in the 2Way state will contain 2WAY/DROTHER in the
output of the show ip ospf neighbor command. If all routers on a segment remain in the 2Way

Cisco 400-101 Exam
state, you should verify whether all routers on the segment are set to a priority of 0, which
prevents any of them from becoming the DR or BDR.
After the DR and BDR are elected, neighbor routers form master-slave relationships in order to
establish the method for exchanging linkstate information. Routers in this state are in the Exstart
state. Neighbor routers then exchange database descriptor (DBD) packets. These DBD packets
contain linkstate advertisement (LSA) headers that describe the contents of the linkstate database.
Routers in this state are in the Exchange state. If a router is stuck in the Exstart or Exchange
state, you should determine whether there is a problem with mismatched maximum transmission
unit (MTU) settings.
Routers then send linkstate request packets to request the contents of the neighbor router's OSPF
database. The neighbor router replies with linkstate update packets that contain the routing
database information. Routers in this state are in the Loading state. If a router is stuck in the
Loading state, you should determine whether there is a problem with corrupted LSAs.
After the OSPF databases of neighbor routers are fully synchronized, the routers transitionto the
Full state, which is the normal OSPF router state. A router will periodically send hello packets to its
neighbors to indicate that it is still functional. If a router does not receive a hello packet from a
neighbor within the dead timer interval, the neighbor router will transition back to the Down state.
Reference:
QUESTION NO: 132
RouterA and RouterB are connected by their Serial 0/0 interfaces. You are able to successfully
ping from one router to the other? however, the routers are not establishing an OSPF neighbor
relationship.
You issue the debug ip ospf hello command on each router and notice that RouterA is sending
hello packets but not receiving them.
Which of the following statements best describes why the routers are unable to form a neighbor
relationship? (Select the best answer.)
A.
RouterA should be configured as the DR.
B.
RouterB should be configured as the DR.
C.

Cisco 400-101 Exam
The Serial 0/0 interface of RouterA is configured as a passive interface.
D.
The Serial 0/0 interface of RouterB is configured as a passive interface.
E.
RouterA and RouterB are configured with different OSPF process IDs.
F.
RouterA and RouterB are configured with different hello timer or dead timer intervals.
Answer: D
Explanation:
The Serial 0/0 interface of RouterB is configured as a passive interface, so RouterA and RouterB
are unable to form a neighbor relationship. A passive interface does not send or receive any
routing information, regardless of the routing protocol. Additionally, an Open Shortest Path First
(OSPF) passive interface does not send hello packets. OSPF uses the periodic exchange of hello
packets to maintain neighbor relationships. If an OSPF router does not receive a hello packet from
a neighbor after a specified amount of time, the neighbor relationship is terminated and no further
routing information is exchanged. In this scenario, RouterA is sending periodic hello packets?
however, RouterA is not receiving hello packets, because RouterB is no longer sending them.
RouterB also ignores the incoming hello packets from RouterA.
To configure a single interface to be a passive interface, you should issue the passive-interface
interface-type interface-number command from router configuration mode. Alternatively, you can
issue the passive-interface default command from routerconfiguration mode to configure all
interfaces to be passive? you must then issue the no passive-interface interfacetype
interfacenumber command from router configuration mode to allow an interface to participate in
the routing protocol and to establish neighbor relationships.
The Serial 0/0 interface of RouterA is not configured as a passive interface. The output of the
debug ip ospf hello command indicates that RouterA is sending periodic hello packets. An OSPF
passive interface does not send or receive routing information, including hello packets.
There is no designated router (DR) elected on an OSPF pointtopoint network segment. RouterA
and RouterB are connected by their Serial 0/0 interfaces and do not attempt to elect a DR. A DR is
elected by using hello packets on a multiaccess network, such as a LAN. If RouterA and RouterB
were connected by an Ethernet switch, RouterA would become theDR because RouterB is not
sending hello packets.
The OSPF process ID is an identifier that is locally significant to the router and is used to
distinguish between multiple OSPF processes running on the router. Because the OSPF process
ID is locally significant, two routers could have different process IDs and still establish a neighbor
relationship. Therefore, the OSPF process ID has no effect on whether RouterA and RouterB
establish a neighbor relationship.
The hello timer and dead timer intervals are used to determine how frequently a router should

Cisco 400-101 Exam
expect a hello packet from a neighbor. If a router does not receive a hello packet from a neighbor
within the dead timer interval, the relationship with that neighbor is terminated. If a router receives
hello packets with a different hello timer interval or dead timer interval, the hello packets will be
ignored and a neighbor relationship will not be established. However, mismatched timer intervals
do not prevent a router from sending or receiving hello packets. Because the output of the debug
ip ospf hello command reveals that RouterA is not receiving hello packets from RouterB, RouterA
cannot compare timer values with RouterB to determine whether a neighbor relationship can be
established.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/iproute_pi/command/reference/iri_book/iri_pi1.html#wp1
034440
QUESTION NO: 133
You administer the network in the following exhibit:
interface Loopback0
ip address 10.10.1.1 255.255.255.0
interface Tunnel0
ip address 192.168.50.5 255.255.255.0
tunnel source Loopback0
tunnel destination 10.10.3.1
RouterA and RouterC are both configured to use RouterB as a gateway of last resort. Additionally,
static routes to the Loopback0 interfaces on RouterA and RouterC have beenconfigured on
Cisco 400-101 Exam
RouterB.
You configure EIGRP on RouterA and then issue the show ip route command, which produces the
Gateway of last resort is 172.15.1.2 to network 0.0.0.0
172.15.0.0/24 is subnetted, 1 subnets
C 172.15.1.0 is directly connected, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
10.10.1.0 is directly connected, Loopback0
10.10.3.0 [90/297372416] via 192.168.50.6, 00:00:01, Tunnel0
C 192.168.50.0/24 is directly connected, Tunnel0
S* 0.0.0.0/0 [1/0] via 172.15.1.2
Which of the following is true? (Select the best answer.)
A.
The Tunnel0 interface and EIGRP adjacency on RouterA will flap.
B.
The Tunnel0 interface and EIGRP adjacency on RouterA will function properly.
C.
The Tunnel0 interface on RouterA will function properly, but EIGRP will flap.
D.
The Tunnel0 interface on RouterA will flap, but the EIGRP adjacency will function properly.
Answer: A
Explanation:
The Tunnel0 interface and Enhanced Interior Gateway Routing Protocol (EIGRP) adjacency on
RouterA will flap because the preferred route to the Tunnel0 destination interface is through the
tunnel itself, which results in recursive routing. When recursive routing occurs, the Tunnel0
interfaces on both RouterA and RouterC will be temporarily disabled, which breaks the EIGRP
adjacency.
The EIGRP adjacency will reestablish when the tunnel interfaces return to the up state. Therefore,
if you were to issue the show ip route command on RouterA while the adjacency is established,

Cisco 400-101 Exam
you would see that the preferred route to the Loopback0 interface on RouterC from RouterA is
through Tunnel0, even though the destination interface for Tunnel0 on RouterA is the Loopback0
interface on RouterC.
If the cause of the recursive routing is not fixed, the Tunnel0 interfaces will flap and errorssimilar to
the following will be displayed on RouterA:
*Mar 1 00:26:15.379: %TUN5RECURDOWN: Tunnel0 temporarily disabled due to recursive

routing
*Mar 1 00:26:16.379: %LINEPROTO5UPDOWN: Line protocol on Interface Tunnel0, changed

state to down
*Mar 1 00:26:16.487: %DUAL5NBRCHANGE: IPEIGRP(0) 6: Neighbor 192.168.50.6 (Tunnel0) is

down: interface down
In this scenario, an EIGRP adjacency has been established between the Tunnel0 interfaceson
RouterA and RouterC. When the EIGRP adjacency comes up, the show ip route command
displays Tunnel0 as the preferred route to 192.168.50.0 instead of the gateway of last resort.
Therefore, the EIGRP 6 domain has been configured to include the 10.10.1.0/24 and
192.168.50.0/24 networks on RouterA and the 10.10.3.0/24 and 192.168.50.0/24 networks on
RouterC. As a result, recursive routing to the 10.10.3.0 network through Tunnel0 occurs on
RouterA and recursive routing to the 10.10.1.0 network occurs on RouterC.
There are two ways to resolve the recursive routing issue on both RouterA and RouterC in this
scenario: remove the 192.168.50.0/24 network from the EIGRP 6 domain, or add a static route to
the Tunnel0 destination IP addresses on both RouterA and RouterC. A static route has a lower
administrative distance (AD) than EIGRP. Therefore, a static route would fix the recursive routing
problem.
Reference:
eigrp/22327-gre-flap.html
QUESTION NO: 134
Which of the following routes cannot be redistributed into a dynamic routing protocol? (Select 2
choices.)
A.
C 192.168.1.0/30 is directly connected, Ethernet0/0
B.
Cisco 400-101 Exam
C 192.168.1.1/32 is directly connected, Loopback0
C.
L 192.168.1.1/32 is directly connected, Ethernet0/0
D.
C 2001:1234::/64 [0/0]
E.
L 2001:1234::1/128 [0/0]
F.
LC 2001:1234::1/128 [0/0]
Answer: C,E
Explanation:
The following routes cannot be redistributed into a dynamic routing protocol:
- L 192.168.1.1/32 is directly connected, Ethernet0/0
- L 2001:1234::1/128 [0/0]
Routes that are marked with an L in the output of the show ip route command or the show ipv6
route command are local host routes. Local host routes cannot be redistributed into a dynamic
routing protocol. IPv4 host routes always have a /32 mask, and IPv6 host routes always have a
/128 mask.
Not all IPv4 routes with a /32 mask are considered host routes. IPv4 addresses that are manually
configured with a /32 mask are considered to be connected addresses and are marked with a C in
the output of the show ip route command. Connected routes can be redistributed into a dynamic
routing protocol. The following routes are connected IPv4 routes:
- C 192.168.1.0/30 is directly connected, Ethernet0/0
- C 192.168.1.1/32 is directly connected, Loopback0
The following route is a normal, connected IPv6 route that can be redistributed into a dynamic
routing protocol:
C 2001:1234::/64 [0/0]
IPv6 addresses that are manually configured with a /128 mask are marked with an LC inthe output
of the show ipv6 route command. These LC routes can be redistributed into a dynamic routing
protocol. The following route is a local connected route:

Cisco 400-101 Exam
LC 2001:1234::1/128 [0/0]
Reference:
Cisco: Local Host Routes Installed in the Routing Table on Cisco IOS and Cisco IOS-XR
QUESTION NO: 135
Which of the following can be applied on a switch to filter inbound traffic on nonrouted ports?
A.
VACLs
B.
RACLs
C.
PACLs
D.
both VACLs and RACLs
E.
both VACLs and PACLs
Answer: E
Explanation:
VLAN access control lists (VACLs) and port access control lists (PACLs) can be applied on a
switch to filter inbound traffic on nonrouted ports. Access control lists (ACLs) are security
mechanisms that are used to determine whether inbound and outbound packets should be
forwarded or blocked. Unlike standard and extended ACLs, which are typically used to filter Layer
3 traffic, VACLs and PACLs can be used to filter nonrouted Layer 2 traffic. However, PACLs
cannot filter outbound traffic? they can filter only inbound traffic.
VACLs are used to filter traffic within a virtual LAN (VLAN). VACLs can be used to prevent
malicious users from gaining access to other resources on the same VLAN. Unlike most ACLs,
VACLs do not filter packets as they reach an interface. Instead, VACLs filter packetsacross the
entire VLAN, even if it spans multiple interfaces. PACLs are used to filter inbound traffic on Layer
2 switch ports. When PACLs are applied on a switch, all packets are reviewed as they reach a
port. PACLs take precedence over VACLs and Layer 3 ACLs. Like VACLs, PACLs can be used to
filter VLAN traffic, including voice and data VLAN traffic, if the PACLs are applied to a trunk port.

Cisco 400-101 Exam
Router ACLs (RACLs) cannot be applied on a switch to filter inbound traffic on nonrouted ports.
RACLs provide similar functionality as VACLs and PACLs, except they cannot be applied to Layer
2 traffic. RACLs are limited to use on Layer 3 interfaces, such as those on routers or multilayer
switches configured for Layer 3 routing.
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html#anc118
QUESTION NO: 136
Which of the following functions is the data plane responsible for? (Select the best answer.)
A.
forwarding packets
B.
exchanging routing information
C.
exchanging label information
D.
reserving bandwidth
Answer: A
Explanation:
The data plane is responsible for forwarding packets. Packets are forwarded based on destination
address or label information. The Cisco Express Forwarding (CEF) Forwarding Information Base
(FIB), which is part of the data plane, is built from information in the routing table. When the
routing table is updated, the nexthop information in the FIB is also updated. The Label Forwarding
Information Base (LFIB), which is also part of the data plane, contains inbound-to-outbound label
mappings. These label mappings are used by Multiprotocol Label Switching (MPLS) to forward
packets to the correct destination. When a label switch router (LSR) receives an unlabeled packet
destined for an MPLSenabled interface, it consults the FIB, adds the appropriate label for the
destination address, and forwards the packet.
MPLS includes two primary components: the control plane and the data plane. The control plane
is responsible for exchanging routing information by using a routing protocol, such as Border
Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP),Intermediate
SystemtoIntermediate System (ISIS), or Open Shortest Path First (OSPF).Additionally, the control
plane is responsible for exchanging label information by using alabel exchange protocol, such as
Resource Reservation Protocol (RSVP), Tag Distribution Protocol (TDP), or Label Distribution
Cisco 400-101 Exam
Protocol (LDP). LDP is a newer standard that includes features of the Ciscoproprietary TDP.
RSVP is used by MPLS Traffic Engineering (MPLS TE) to also reserve network bandwidth.
Bandwidth is reserved on demand based on destination address or traffic type so that enough
bandwidth is available for the traffic.
Reference:
https://www.cisco.com/c/en/us/products/collateral/security/ios-network-foundation-protection-
nfp/prod_white_paper0900aecd805ffde8.html
Cisco: Control Plane Security Overview in Cisco IOS Software
QUESTION NO: 137
You are creating a pointtopoint serial connection between RouterA and RouterB. RouterA has
been configured as DTE, and RouterB has been configured as DCE.
A.
You should issue the clock rate command on the serial interface of RouterA.
B.
You should issue the clock rate command on the serial interface of RouterB.
C.
You should issue the clock rate command on the serial interface of both routers.
D.
You should not issue the clock rate command on either router.
Answer: B
Explanation:
You should issue the clock rate command on the serial interface of RouterB. RouterB has been
configured as data communications equipment (DCE), and the DCE device must provide clocking
to establish the data communication speed for the link. A DCE device is the device that provides a
clocking signal. A device that is not capable of providing or not configured to provide a clocking
Cisco 400-101 Exam
signal is considered the data terminal equipment (DTE) device. Although Cisco routers can be
configured as DCE devices, they are typically considered DTE devices when connected to a
Channel Service Unit (CSU)/Data Service Unit (DSU). You can verify whether a router has been
configured as DTE or DCE by issuing the show controllers serial command.
When issuing the clock rate command, you should specify the parameter in bits per second. Thus,
if you were to issue the clock rate 64000 command, you would configure the interface to operate
at 64 Kbps.
RouterA has been configured as DTE. The DTE device accepts clocking parameters from the
DCE device.
Therefore, you should not issue the clock rate command on the serial interface of RouterA.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/interface/command/ir-cr-book/ir-
c2.html#wp3930272930
QUESTION NO: 138
Which of the following statements is correct regarding EIGRPv6? (Select the best answer.)
A.
The ipv6 router eigrp asnumber command enables EIGRPv6 on all router interfaces, including
passive interfaces and loopback interfaces.
B.
The network command configures the networks that should be advertised by EIGRPv6.
C.
The auto-summary command enables automatic summarization for EIGRPv6.
D.
The distribute-list route-map command enables route filtering for EIGRPv6.
E.
The no shutdown command enables the EIGRPv6 routing process.
F.
The v6routerid command configures an EIGRPv6 router ID.
Answer: E
Explanation:

Cisco 400-101 Exam
The no shutdown command enables the Enhanced Interior Gateway Routing Protocol version 6
(EIGRPv6) routing process. EIGRPv6 is also referred to as EIGRP for IPv6. To enable EIGRPv6
on a router, you should issue the ipv6 router eigrp as-number command in global configuration
mode, where as-number is the autonomous system number (ASN), then issue the no shutdown
command in router configuration mode to start the routing process.
The ipv6 router eigrp as-number command does not enable EIGRPv6 on any router interfaces? it
only creates the EIGRPv6 routing process. EIGRPv6 must be enabled on each interface that
should participate in EIGRP routing. To enable EIGRPv6 on an interface, you should issue the
ipv6 eigrp as-number command in interface configuration mode. You need not configure EIGRPv6
on any interfaces that are configured as passive interfaces.
The network command does not configure the networks that should be advertised by EIGRPv6,
because EIGRPv6 is configured directly on each participating interface. The network command is
used with EIGRP for IPv4 to specify the networks that should be advertised out the router's
interfaces.
The autosummary command does not enable automatic summarization for EIGRPv6. IPv6 does
not use classful routing like IPv4 does, so automatic summarization is not possible with EIGRPv6.
The distributelist routemap command cannot be used to filter routes in EIGRPv6. However, you
can filter the EIGRPv6 routing updates by prefix list. To implement prefix list route filtering, you
should issue the distribute-list prefix-list list-name command in router configuration mode.
The v6routerid command does not configure an EIGRPv6 router ID. The EIGRPv6 router ID is the
same as the EIGRPv4 router ID, which is automatically configured unless there are no IPv4
addresses configured on the router. If there are no IPv4 addresses configured on the router, you
must issue the routerid id command in router configuration mode to manually configure a router
ID, where id is a 32bit value similar to an IPv4 address.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2mt/ipv6-15-2mt-book/ip6-
eigrp.html
Cisco: Implementing EIGRP for IPv6
QUESTION NO: 139
What do dual stacks enable a host to do? (Select the best answer.)
A.
Dual stacks enable a host to pass IPv4 traffic over an IPv6only network.
B.
Dual stacks enable a host to pass IPv6 traffic over an IPv4only network.
Cisco 400-101 Exam
C.
Dual stacks enable an IPv4only host to communicate with an IPv6only host.
D.
Dual stacks enable an IPv6only host to communicate with an IPv4only host.
E.
Dual stacks enable a host to pass IPv4 and IPv6 traffic.
Answer: E
Explanation:
Explanation/:
Dual stacks enable a host to send IPv4 and IPv6 traffic. Dualstack devices are configured with an
IPv4 address and an IPv6 address? thus a dualstack device can communicate directly with both
IPv4 devices and IPv6 devices without requiring protocol translation. However, a network
infrastructure capable of routing both IPv4 and IPv6 traffic is required. The following partial output
displays a router that is configured with dual stacks:
ipv6 unicast routing
interface fastethernet 0/1
ip address 10.1.14.7 255.255.255.0
ipv6 address 2001:0:0:1::2/64
Dual stacks alone do not enable a host to pass IPv4 traffic over an IPv6only network. A tunneling
method must be implemented for IPv4 traffic to be passed over an IPv6only network. The
implemented tunneling method should encapsulate an IPv4 packet inside an IPv6 header, thereby
allowing the packet to travel across an IPv6 network. Because routers on the IPv6only network
recognize only the IPv6 header information, the IPv4 packet is carried as the data payload of the
IPv6 packet.
Similarly, dual stacks alone do not enable a host to pass IPv6 traffic over an IPv4only network.
The 6to4 tunneling method is one method that is used to pass IPv6 traffic over an IPv4only
network. The 6to4 tunneling method is the reverse of the 4to6 tunneling method? it encapsulates
an IPv6 packet inside an IPv4 header.
Network Address Translation 64 (NAT64), not dual stacks, enables an IPv4only host to
communicate with an IPv6only host and enables an IPv6only host to communicate with an
IPv4only host. NAT64 translates IPv4 packets to IPv6 packets and translates IPv6 packets to IPv4
packets. However, a NAT64 router must contain address mappings so that the router can correctly
translate IPv4 and IPv6 addresses. NAT64 supports stateless and stateful address translation.
When performing stateless translation, NAT64 uses algorithms to create a onetoone relationship
between IPv6 addresses on the inside network and IPv4 addresses on the outside network. When
performing stateful translation, NAT64 maps multiple IPv6 addresses to a single IPv4 address and

Cisco 400-101 Exam
keeps track of the state of each connection. Static mappings can also be applied manually.
Reference:
addrg-bsc-con.html#GUID-1CE3CFDD-8889-4C0C-84BE-56505EBC8517
QUESTION NO: 140
At which security level does SNMPv3 use CBCDES to encrypt authentication? (Select the best
answer.)
A.
at the noAuthNoPriv security level
B.
at the authNoPriv security level
C.
at the authPriv security level
D.
at none of the security levels
Answer: C
Explanation:
Simple Network Management Protocol version 3 (SNMPv3) uses Cipher Block ChainingData
Encryption Standard (CBCDES) to encrypt authentication at the authPriv security level. SNMP is
used to monitor and manage network devices by collecting statistical data about those devices.
The authPriv security level authenticates by matching a Message Digest 5 (MD5) or Secure Hash
Algorithm (SHA) hash of the user name. The authentication process is also encrypted by using
either Data Encryption Standard (DES), Triple DES (3DES), or Advanced Encryption Standard
(AES).
Three versions of SNMP currently exist. SNMPv1 and SNMPv2C do not provide encryption?
password information, known as community strings, is sent as plain text with messages. If an
attacker intercepts the message, the attacker can view the password information. SNMPv3
improves upon SNMPv1 and SNMPv2 by providing encryption, authentication, and message
integrity to ensure that the messages are not tampered with during transmission.
Two SNMPv3 security levels, authNoPriv and authPriv, authenticate by matching Hashbased
Message Authentication CodeSHA (HMACSHA) or HMACMD5 authentication strings. The
authPriv security level is the only SNMPv3 security level that can encrypt the authentication

Cisco 400-101 Exam
process.
The noAuthNoPriv security level in SNMPv3 authenticates by matching a user name sent as clear
text. Earlier versions of SNMP, such as SNMPv1 and SNMPv2C, match community strings instead
of user names.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-
0_2_EX/network_management/configuration_guide/b_nm_15ex_2960-x_cg/b_nm_15ex_2960-
x_cg_chapter_0100.html#reference_160326642C03413B92A68E856426EABA
Select the metrics from the left, and place them in the correct order that BGP will use them to
determine the best path to a destination. Not all metrics will be used.
Answer:

Cisco 400-101 Exam
Explanation:

Cisco 400-101 Exam
Border Gateway Protocol (BGP) uses a complex method of selecting the best path to the
destination. The following list displays the criteria used by BGP for path selection:
1. Highest weight
2.Highest local preference
3.Locally originated paths over externally originated paths
4. Shortest autonomous system (AS) path
5. Lowest origin type
6. Lowest multiexit discriminator (MED)
7. External BGP (eBGP) paths over internal BGP (iBGP) paths
8. Lowest Interior Gateway Protocol (IGP) cost

Cisco 400-101 Exam
9. Oldest eBGP path
10. Lowest BGP router ID (RID)
When determining the best path, a BGP router first chooses the route with the highest weight.
Weight is a Ciscoproprietary BGP path attribute that is significant only to the local router? it is not
advertised to neighbor routers. To configure the weight value, you should issue the neighbor
{ipaddress | peergroupname} weightweightvalue command, where ipaddress is the IP address of a
neighbor router, peergroupname is the name of a BGP peer group, and weightvalue is a locally
significant weight value from 0 through 65535. By default, routes generated by the local router are
assigned a weight of 32768 and routes learned from another BGP router are assigned a weight of
0.
When weight values are equal, a BGP router chooses the route with the highest local preference.
The local preference value is advertised to iBGP neighbor routers to influence routing decisions
made by those routers. To configure the local preference, you should issue the bgp default
localpreference number command, where number is a value from 0 through 4294967295.
When local preferences are equal, a BGP router chooses locally originated paths over externally
originated paths. Locally originated paths that have been created by issuing the network or
redistribute command are preferred over locally originated paths that have been created by issuing
the aggregate-address command.
If multiple paths to a destination still exist, a BGP router chooses the route with the shortest AS
path attribute. The AS path attribute contains a list of the AS numbers (ASNs) that a route passes
through.
If multiple paths have the same AS path length, a BGP router chooses the lowest origin type. An
origin type of i, which is used for IGPs, is preferred over an origin type of e, which is used for
Exterior Gateway Protocols (EGPs). These origin types are preferred over an origin type of ?,
which is used for incomplete routes where the origin is unknown or the route was redistributed into
BGP.
If origin types are equal, a BGP router chooses the route with the lowest MED. A MED value is
basically the external metric of a route that is advertised to eBGP routers in order to specify a
preferred path into an AS with multiple entry points. To configure the MED value, you should issue
the defaultmetric number command, where number is a value from 1 through 4294967295. Routes
redistributed into BGP are assigned this MED value; redistributed connected routes are assigned
a MED value of 0 regardless of the defaultmetric setting.
If MED values are equal, a BGP router chooses eBGP routes over iBGP routes. If there are
multiple eBGP paths, or multiple iBGP paths if no eBGP paths are available, a BGP router
chooses the route with the lowest IGP metric to the nexthop router. If IGP metrics are equal, a
BGP router chooses the oldest eBGP path, which is typically the most stable path.
Finally, if route ages are equal, a BGP router chooses the path that comes from the router with the
lowest RID. The RID can be manually configured by issuing the bgp router-idcommand. If the RID
is not manually configured, the RID is the highest loopback IP address on the router. If no
loopback address is configured, the RID is the highest IP address from among a router's available

Cisco 400-101 Exam
interfaces.
Reference:
QUESTION NO: 142
Which of the following steps in the NAT order of operation typically occur after NAT outside-to-
inside translation? (Select 4 choices.)
A.
decryption
B.
encryption
C.
redirect to web cache
D.
check inbound access list
E.
check outbound access list
F.
inspect CBAC
G.
IP routing
Answer: B,E,F,G
Explanation:
after NAT outsidetoinside translation:
-Encryption
-Check outbound access list
-IP routing
-Inspect Contextbased Access Control (CBAC)

Cisco 400-101 Exam
communicate with the remote network. NAT outsidetoinside translation, which is also known as
globaltolocal translation, occurs when the NAT router maps an outside destination IP address to
an inside destination IP address. When a NAT router performs NAT outsidetoinside translation,
the following operations occur in order:
1.If IP Security (IPSec) is implemented, check inbound access list
2.Decryption
3.Check inbound access list
4.Check inbound rate limits
5.Inbound accounting
6.Redirect to web cache
7.NAT outsidetoinside translation
8.Policy routing
9.IP routing
10.Check crypto map and mark for encryption
11.Check outbound access list
12.Inspect CBAC
13.Transmission Control Protocol (TCP) intercept
14.Encryption
15.Queueing
Conversely, when a NAT router performs NAT insidetooutside, or localtoglobal, translation, the
NAT insidetooutside translation operation immediately follows the IP routing operation. Otherwise,
the order of operation is the same:
2.Decryption
3.Check inbound access list
4.Check inbound rate limits
5.Inbound accounting

Cisco 400-101 Exam
6.Redirect to web cache
7.Policy routing
8.IP routing
9.NAT insidetooutside translation
11.Check outbound access list
12.Inspect CBAC
13.TCP intercept
14.Encryption
15.Queueing
Reference:
QUESTION NO: 143
Which of the following statements is true regarding VRRPv3? (Select the best answer.)
A.
VRRPv3 supports IPv6, but previous versions of VRRP do not.
B.
VRRPv3 supports authentication, but previous versions of VRRP do not.
C.
VRRPv3 supports multiple master virtual routers, but previous versions of VRRP do not.
D.
VRRPv3 is a standards-based protocol, but previous versions of VRRP are not.
Answer: A
Explanation:
Virtual Router Redundancy Protocol version 3 (VRRPv3) supports IPv6, but previous versions of
VRRP do not. VRRP enables a group of routers to appear like a single default gateway. VRRPv3
uses the IPv4 or IPv6 address of a physical interface on the master virtual router, which is the
Cisco 400-101 Exam
router in the group with the highest VRRP priority. The other routers in the group are backup
virtual routers. If the master virtual router fails, the backup virtual router with the highest priority will
assume the role of the master virtual router, thereby providing uninterrupted service for the
network. When the original master virtual router comes back online, it reestablishes its role as the
master virtual router.
VRRPv3 is a standardsbased protocol, but so are previous versions of VRRP. VRRPv1 is defined
in Request for Comments (RFC) 2338. VRRPv2 is defined in RFC 3768. VRRPv3 is defined in
RFC 5798.
Previous versions of VRRP included support for authentication, but VRRPv3 as defined in RFC
5798 does not include support for authentication. Cisco's implementation of VRRP supports
plaintext and Message Digest 5 (MD5) authentication. When a router receives a VRRP packet for
its VRRP group, it validates the authentication string. If the authentication string does not match
the string that is configured on the router, the VRRP packet is discarded. When plaintext
authentication is configured, the authentication string is sent unencrypted. When MD5
authentication is configured, each VRRP packet is sent with a keyed MD5 hash of that packet? if
the receiving device does not generate the same hash, the packet is ignored.
Neither VRRPv3 nor previous versions of VRRP support multiple master virtual routers. All
versions of VRRP allow only a single device to become the master virtual router for a group.
Therefore, a VRRP group cannot be configured to use multiple devices in a load-balancing
configuration.
Reference:
IETF: RFC 2338: Virtual Router Redundancy Protocol
IETF: RFC 3768: Virtual Router Redundancy Protocol (VRRP)
IETF: RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6
QUESTION NO: 144
For which of the following routes does PfR use PIRO? (Select 2 choices.)
A.
BGP
B.
EIGRP
C.
IS-IS
D.

Cisco 400-101 Exam
OSPF
E.
static
Answer: C,D
Explanation:
Performance Routing (PfR) uses Protocol Independent Routing Optimization (PIRO) to control
path selection for Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate
System (IS-IS) routes. PfR can control path selection directly for Border Gateway Protocol (BGP),
Enhanced Interior Gateway Routing Protocol (EIGRP), and static routes.
PfR enhances traditional routing methods by dynamically selecting the best path for traffic classes
based on network performance. The path selection procedure can be influenced by several
factors, including delay, packet loss, reachability, throughput, jitter, and mean opinion score
(MOS). When PfR wants to modify a path for a traffic class, it will search for a parent route, which
is an exactmatching route or a lessspecific route. PfR will search for a parent route in the following
locations, in order:
1. BGP routing database
2.EIGRP routing database
3. Static route database
PIRO extends the capabilities of PfR by searching for a parent route within the IP Routing
Information Base (RIB) after the other locations have been searched.
Reference:
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/performance-routing-
pfr/product_data_sheet0900aecd806c4ee4.html
http://docwiki.cisco.com/wiki/Performance_Routing_FAQs
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pfr/configuration/xe-3s/pfr-xe-3s-book/pfr-
simple-ph1.html
https://www.cisco.com/c/dam/global/bg_bg/assets/ciscoexpo2011/pdf/Next_Generation_Routing_
Architectures-Gerd_Pflueger.pdf
QUESTION NO: 145
You issue the following commands on Router1:

Cisco 400-101 Exam
Router1(config)#classmap voice
Router1(config-cmap)#match protocol rtp audio
Router1(config-cmap)#exit
Router1(config)#policymap exsim
Router1(config-pmap)#class voice
Router1(config-pmap-c)#priority percent 10
Router1(config-pmap-c)#exit
Router1(config-pmap)#class classdefault
Router1(configpmap-c)#bandwidth percent remaining
Router1(config-pmap)#exit
Router1(config)#policymap boson
Router1(configpmap)#class class-default
Router1(config-pmap-c)#shape peak 50000000
Router1(config-pmap-c)#service-policy exsim
Router1(config-pmap)#exit
Router1(config)#interface fa0/1
Router1(config-if)#service-policy output boson
A.
Voice traffic is given priority up to a bandwidth of 5 Mbps.
B.
C.
D.
Traffic is configured to strictly conform to the CIR.

Cisco 400-101 Exam
E.
Traffic might be dropped when the network becomes congested.
Answer: A,E
Explanation:
Voice traffic is given priority up to a bandwidth of 5 Mbps. However, traffic might be dropped when
the network is congested. The FastEthernet 0/1 interface is configured with a service policy named
boson, which references a child service policy named exsim. All traffic is considered first by the
parent policy, then by the child policy.
The parent service policy is configured with the shape peak 50000000 command. The peak
keyword indicates that peak shaping should occur. Peak shaping allows higher bursts than
average shaping allows, but occasional packet drops can occur when the network is congested.
The average keyword can be used with the shape command to ensure that the traffic strictly
conforms to the committed information rate (CIR). The variable for the shape command is the CIR,
which is specified in bits per second.
Voice traffic is matched in the child policy named exsim. The priority percent 10 command
indicates that 10 percent of the bandwidth is guaranteed to the traffic class. In this scenario, the
traffic is first shaped by the parent policy to a value of 50 Mbps. Therefore, 10 percent of this value
is 5 Mbps.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos/command/qos-cr-book/qos-
s1.html#wp3296491684
QUESTION NO: 146
You boot a router that contains an RXBOOT image and no startup configuration file. After a few
moments, streamlined Setup mode begins.
Which of the following will you be prompted to configure? (Select the best answer.)
A.
the host name
B.
the VTY password
C.
the enable secret password

Cisco 400-101 Exam
D.
interface parameters
Answer: D
Explanation:
You will be prompted to configure interface parameters, such as IP addresses and subnet masks.
Streamlined Setup mode enables a router to load an image from a network server. A router will
enter streamlined Setup mode if any of the following conditions are met:
-The startup configuration has been removed by issuing the erase startup-config command.
-The startup configuration file has become corrupted.
-Bit 6 of the configuration register is set, which specifies that the router should ignore the contents
of nonvolatile random access memory (NVRAM).
-The last four bits of the configuration register are equal to a value of 0 or 1.
However, if an RXBOOT image is not installed on the router, the router will enter ROM monitor
(ROMmon) mode instead.
Streamlined Setup is faster than standard Setup. In addition to interface parameters, standard
Setup will prompt you to configure various global router parameters, such as the host name, the
virtual terminal (VTY) password, and the enable secret password.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf002.html#w
p1001707
QUESTION NO: 147
You issue the aaa authentication login default group tacacs+ local command.
A.
If a user's account is not found on the TACACS+ servers, the user will automatically be allowed
access.
B.
If the TACACS+ servers are unavailable; the user will automatically be allowed access.

Cisco 400-101 Exam
C.
If the TACACS+ servers are unavailable; the user will automatically be denied access.
D.
The default authentication method is applied to all lines for which no other login method has been
specified.
Answer: D
Explanation:
When you issue the aaa authentication login default group tacacs+ local command, the default
authentication method is applied to all lines for which no other login method has been specified.
The syntax of the aaa authentication login command is aaa authentication login {default | listname}
method1 [method2...], where listname is an identifier for a list of authentication methods and
method1 is at least one of the following authentication methods:
In this scenario, the router will first attempt to authenticate a user by checking a group of
TACACS+ servers. If the TACACS+ servers do not respond, the router will use the local user
database for authentication. To access the router if the TACACS+ server is unavailable, the user
must authenticate to the local database. Configuring a secondary authentication such as the
enable password or the local database is useful because administrators can connect to the router
even if the authentication server is unavailable.
If a user's account is not found on the TACACS+ servers, the user will be denied access. As long
as a TACACS+ server responds, the router will not use the next authentication method on the list.
If the TACACS+ servers are unavailable, the user will not be automatically allowed or denied
access. The user can still access the router by using the local database. To ensure that the user
will be denied access if the TACACS+ servers are unavailable, you should issue the aaa
authentication login default group tacacs+ command without the local keyword.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-
a1.html#wp4227342077

Cisco 400-101 Exam
QUESTION NO: 148
You issue the following commands on RouterA:
RouterA(config)#policy-map boson
RouterA(config-pmap)#class applications
RouterA(config-pmap-c)#police 100000 5000 8000 conform-action transmit exceed-action set-qos-

transmit 4 violate-action drop
When will RouterA begin to drop packets? (Select the best answer.)
A.
when the burst rate exceeds 5,000 bits
B.
C.
D.
E.
Answer: D
Explanation:
RouterA will begin to drop packets when the burst rate exceeds 64,000 bits. You can issue the
police command to explicitly configure a maximum bandwidth limit. The syntax of the police
command is policebps [burstnormal] [burstmax] conform action actionexceedaction action
[violateaction action]. The bps parameter is the average rate specified in bits per second, and the
optional burstnormal and burstmaxparameters are specified in bytes. When traffic exceeds the
burstnormal rate, the router will perform the exceedaction action, and when traffic exceeds the
burstmax rate, the router will perform the violateaction action.
Traffic policing is used to slow down traffic to a value that the medium can support, to monitor
bandwidth utilization, to enforce bandwidth limitations at the service provider edge, and to remark
traffic that exceeds the Service Level Agreement (SLA). Excess traffic and outofprofile packets are
dropped or remarked and transmitted. By contrast, traffic shaping buffers excess traffic and
outofprofile packets in memory and drops traffic only if the queue is full. Because traffic shaping

Cisco 400-101 Exam
does not remark traffic, it can create queuing delay, particularly when queues are large and traffic
flow is heavy.
In this scenario, the burstmax rate is set to a value of 8,000 bytes, which is equal to 64,000 bits.
The action that corresponds to the violateaction keyword is drop. The drop keyword configures the
router to silently drop packets. Therefore, when burst traffic exceeds 64,000 bits, some packets
will be dropped.
RouterA will not begin to drop packets when the burst rate exceeds 5,000 bits or 8,000 bits. The
burstnormal and burstmax parameters are specified in bytes, not bits.
RouterA will not begin to drop packets when the burst rate exceeds 40,000 bits. The burstnormal
rate is set to a value of 5,000 bytes, which is equal to 40,000 bits. The action that corresponds to
the exceedaction keyword is setqostransmit 4. Therefore, when burst traffic exceeds 40,000 bits,
some packets will begin to be reclassified with a Quality of Service (QoS) value of 4 and will be
transmitted.
RouterA will begin to drop packets before the burst rate exceeds 100,000 bits. The bit rate
indicates the average rate of burst traffic, not the rate at which packets will begin to be dropped.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfpoli.html
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/xe-3s/qos-plcshp-xe-
3s-book/qos-plcshp-trfc-plc.html
QUESTION NO: 149
In which of the following situations are redistributed routes not entered into the routing table by
default? (Select 2 choices.)
A.
when BGP routes are redistributed into OSPF
B.
when OSPF routes are redistributed into EIGRP
C.
when EIGRP routes are redistributed into BGP
D.
when RIP routes are redistributed into OSPF
E.
when EIGRP routes are redistributed into RIP

Cisco 400-101 Exam
Answer: B,E
Explanation:
Open Shortest Path First (OSPF) routes redistributed into Enhanced Interior Gateway Routing
Protocol (EIGRP) and EIGRP routes redistributed into Routing Information Protocol (RIP) are not
entered into the routing table by default. EIGRP uses a complex metric based on bandwidth,
delay, reliability, and load. Because of its complex metric, EIGRP requires that redistributed routes
be assigned a metric before they are entered into the routing table. To assign a default metric for
routes redistributed into EIGRP, you should issue the defaultmetric bandwidth delay reliability
loading mtu command. To assign a metric to an individual route redistributed into EIGRP, you
should issue the redistribute protocol[processid | autonomoussystemnumber] metric bandwidth
delay reliability loading mtucommand. If no metric is assigned during redistribution and no default
metric is configured for EIGRP, the routes are assigned an infinite metric and are ignored by
EIGRP.
RIP uses hop count as a metric. Valid hop count values are from 1 through 15? a value of 16 is
considered to be infinite. The hop count metric increases by 1 for each router along the path.
Cisco recommends that you set a low value for the hop count metric for redistributed routes. To
assign a default metric for routes redistributed into RIP, you should issue the defaultmetric
hopcount command. To assign a metric to an individual route redistributed into RIP, you should
issue the redistribute protocolhopcount command. If no metric is assigned during redistribution
and no default metric is configured for RIP, the routes are assigned an infinite metric and are
ignored by RIP.
Border Gateway Protocol (BGP) routes and RIP routes redistributed into OSPF are entered into
the routing table as external routes. The default metric that OSPF assigns to redistributed routes is
20? however, BGP is an exception and is assigned a default metric of 1. OSPF uses a cost metric
based on the bandwidth of each participating interface. OSPF prefers internal routes with the
lowest cost. By default, all routes redistributed into OSPF are designated as Type 2 external (E2)
routes. E2 routes have a metric that remains constant throughout the routing domain.
Alternatively, routes redistributed into OSPF can be designated as Type 1 external (E1) routes.
With E1 routes, the internal cost of the route is added to the initial metric assigned during
redistribution.
EIGRP routes redistributed into BGP are entered into the routing table without the metric being
changed. BGP uses the EIGRP metric as a multi-exit discriminator (MED). The MED is one of
several variables BGP considers before making a path selection. BGP considers weight, local
preference, origin, and autonomous system (AS) path length before using the MED for path
selection.
Reference:
eigrp/8606-redist.html
https://www.cisco.com/networkers/nw04/presos/docs/CERT-2100.pdf#page=6

Cisco 400-101 Exam
QUESTION NO: 150
Which of the following does a BGP cluster ID identify? (Select the best answer.)
A.
the originator of a route
B.
a group of route reflectors
C.
a route reflector in a cluster
D.
the clusters that a route has passed through
E.
a group of peers with the same update policies
Answer: B
Explanation:
A Border Gateway Protocol (BGP) cluster ID identifies a group of route reflectors. Internal BGP
(iBGP) routes are not advertised to iBGP peers. In order to avoid having to create a fullmesh
configuration, you can configure one or more route reflectors to pass iBGP routes between iBGP
routers. A route reflector and its peers form a cluster, and the route reflector is configured with a
4byte cluster ID. To increase redundancy, a cluster can have multiple route reflectors. Each route
reflector in the cluster should be fully meshed and configured with the same cluster ID so that the
route reflector can recognize routing updates from other route reflectors in the cluster. To
configure a route reflector with a cluster ID, you should issue the bgp cluster-id cluster-id
command from BGP router configuration mode.
A BGP cluster ID does not identify a single route reflector in a cluster. Each route reflector is
identified by its router ID. When a cluster has only a single route reflector, the cluster ID is often
configured with the route reflector's router ID. When a cluster has multiple route reflectors, the
cluster ID must be the same on all of the route reflectors.
A BGP cluster ID does not identify the clusters that a route has passed through? this is the
function of a cluster list. When a route reflector sends a route to or receives a route from a
nonclient peer router, the route reflector appends its cluster ID to the cluster list. If no cluster list
exists, a cluster list is created with the cluster ID of the route reflector. If a route reflector receives
a routing update with its cluster ID in the cluster list, the routing update is ignored.
A BGP cluster ID does not identify a group of peers with the same update policies? this is the
function of a peer group. Peer groups can simplify administration by enabling an administrator to

Cisco 400-101 Exam
simultaneously configure a group of peers with the same update policies, such as route maps,
filter lists, and distribute lists. Any configuration options that are configured with the specified peer
group name will be applied to
members of the peer group. To define a peer group, you should issue the neighbor peer-group-
name-peer-group command.
A BGP cluster ID does not identify the originator of a route? this is the function of the originator ID.
A route reflector that originates a route in a local autonomous system (AS) will insert its router ID
as the originator ID. If a route reflector receives a routing update with its router ID as the originator
ID, the routing update is ignored.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfbgp.html#wp10019
65
toc.html#routereflectors
QUESTION NO: 151
When optimizing throughput, which of the following formulas would you use to calculate BDP?
A.
BW x rwin = BDP
B.
BW ÷ rwin = BDP
C.
BW x RTT = BDP
D.
BW ÷ RTT = BDP
Answer: C
Explanation:
When optimizing throughput, you would use the formula BW x RTT = BDP to calculate bandwidth
delay product (BDP), where BW is the bandwidth and RTT is the round-trip time, also known as
latency. BDP is the maximum amount of data that can exist on a network path at any given time.
This value is often used to establish a maximum goal when optimizing the bandwidth used by

Cisco 400-101 Exam
Transmission Control Protocol (TCP) traffic flows.
When calculating BDP, you should ensure that the unit measurements match for each variable.
For example, BW is typically measured in bits per second, whereas RTT is typically measured in
milliseconds. Therefore, you should convert the RTT value to seconds before multiplying the
values. For example, a Fast Ethernet link with a latency of 40 milliseconds (ms) would have a BDP
of 4 Mb:
100 Mbps x 0.040 seconds = 4 Mb
The BDP measurement will match the measurement that is used for the BW variable. In this
example, the BDP is expressed in megabits. If you need to convert from bits (lowercase b) to
bytes (uppercase B), you should divide by 8. Conversely, if the bandwidth is expressed in bytes
and you need to convert to bits, you should multiply by 8.
The rwin variable is not used when calculating BDP. However, rwin is related to BDP. The TCP
receive window size, sometimes expressed as rwin, is often a limiting factor in optimizing
throughput. In order to achieve maximum throughput, you should set the TCP receive window size
to a value equal to or greater than BDP, thereby ensuring that either bandwidth or latency is the
limiting factor.
Reference:
https://www.cisco.com/application/pdf/en/us/guest/tech/tk277/c1482/ccmigration_09186a00801b1
259.pdf#page=26
https://www.cisco.com/c/en/us/td/docs/nsite/enterprise/wan/wan_optimization/wan_opt_sg/chap06
.html#wp1053392
QUESTION NO: 152

Cisco 400-101 Exam
You administer the OSPF network shown in the diagram. Area 1 is configured as a standard area.
Area 2 and Area 3 are configured as stub areas. Router3 fails. Several routes are lost throughout
the network.
Which of the following actions can you take to restore the lost routes? (Select 2 choices.)
A.
Configure Area 1 as a stub area.
B.
Configure Area 2 and Area 3 as standard areas.
C.
Create a virtual link between Router1 and Router5.
D.
Create a virtual link between Router2 and Router4.
E.
Configure the Fa0/0 interfaces on Router2 and Router4 to be part of Area 0.
F.
Configure the Fa0/1 interfaces on Router2 and Router4 with IP addresses that were configured
onRouter3.
Answer: D,E

Cisco 400-101 Exam
Explanation:
You can take either of the following actions to restore the lost routes:
- Create a virtual link between Router2 and Router4.
- Configure the Fa0/0 interfaces on Router2 and Router4 to be part of Area 0.
In this scenario, the backbone area, Area 0, has become discontinuous, or partitioned, as shown
in the following network diagram:
To connect a backbone area that has become discontinuous because of the loss of a router or the
loss of a link between two routers, you can create a virtual link. The routers at each end of the
virtual link must adhere to the following restrictions:
- Both routers must connect to the backbone area.
- Both routers must share another common area, which is used as a transit area.
- The transit area cannot be a stub area.
- The transit area cannot be the backbone area.
To create a virtual link, you should issue the area area-id virtual-link router-id command in router
configuration mode on the routers at each end of the virtual link, where area-id is the transit area
ID and routerid is the router ID of the router at the other end of the virtual link. For example, if the
router ID of Router4 were 1.2.3.4, you would issue the area 1 virtual-link 1.2.3.4 command on
Router2. You would also issue a similar command on Router4 by using the router ID of Router2 as
Cisco 400-101 Exam
the router-id parameter.
Alternatively, you can configure the Fa0/0 interfaces on Router2 and Router4 to be part of Area 0.
Doing so would make Area 1 discontinuous. This is acceptable because interarea traffic must pass
through the backbone or a transit area; therefore, nonbackbone areas can be discontinuous. The
discontinuous Area 1 partitions would be advertised to one another through inter-area routes
instead of intra-area routes.
Configuring Area 1 as a stub area will not restore the lost routes. Additionally, configuring Area 1
as a stub area eliminates the possibility of using a virtual link to connect the discontinuous
backbone areas.
Configuring Area 2 and Area 3 as standard areas will not restore the lost routes. Changing a stub
area to a standard area will only allow Type 5 external summary routes to be advertised
throughout the area.
You cannot create a virtual link between Router1 and Router5. For a virtual link to be created, both
routers must share a common area. If Router1 and Router5 shared a nonstub area, you could
create a virtual link between them and the lost routes would be restored.
Configuring the Fa0/1 interfaces on Router2 and Router4 with IP addresses that were configured
on Router3 will not restore the lost routes. The routes were not lost because of the unavailability of
the IP addresses on Router3 the routes were lost because of the discontinuous backbone area.
Reference:
QUESTION NO: 153
Which of the following ICMPv6 message types is sent by an IPv6capable host at startup? (Select
the best answer.)
A.
router solicitation
B.
router advertisement
C.
neighbor solicitation
D.
neighbor advertisement

Cisco 400-101 Exam
Answer: A
Explanation:
An Internet Control Message Protocol version 6 (ICMPv6) router solicitation message is sent by an
IPv6capable host at startup. When IPv6 is enabled on a router interface, a linklocal address is
created. Before the address is assigned to the interface, duplicate address detection (DAD) is
performed to determine whether the IPv6 address is unique on the link. If DAD determines that the
address is unique, the linklocal address is assigned to the interface and the router solicitation
message is sent to the allrouters multicast address FF02::2. Hosts use router solicitation
messages to request an immediate router advertisement.
A router advertisement that is sent in response to a router solicitation message is sent directly to
the host that sent the router solicitation. Routers also send unsolicited router advertisements
periodically to the allnodes multicast address FF02::1. Router advertisements contain the following
information:
- The IPv6 address of the router interface attached to the link
- One or more IPv6 prefixes for the local link
- The lifetime for each prefix
- Flags that specify whether stateless or stateful autoconfiguration can be used
- The hop limit and maximum transmission unit (MTU) that the host should use
- Whether the router is a default router
- The amount of time that the router can be used as a default router
When a host receives a router advertisement, the IPv6 link-local prefix is added to the host's
interface identifier to create the host's full IPv6 address. The first three octets of the interface
identifier are set to the Organizationally Unique Identifier (OUI) of the Media Access Control (MAC)
address of the interface. The fourth and fifth octets are set to FFFE. The sixth, seventh, and eighth
octets are equal to the last three octets of the MAC address.
A host will send a neighbor solicitation message to determine the link-layer address of another
host on the local link. Neighbor solicitation messages are sent with the sender's own link-layer
address to the solicited-node multicast address. The solicited-node multicast address is created by
adding the FF02::1:FF00/104 prefix to the last 24 bits of the destination host's IPv6 address. After
a destination host's link-layer address is discovered, neighbor solicitations can be used to verify
the reachability of a destination host.
When a host receives a neighbor solicitation message, it will reply with a neighbor advertisement
message that contains the link-layer address of the host. The neighbor advertisement is sent
directly to the host that sent the neighbor solicitation. A host will send an unsolicited neighbor
advertisement whenever its address changes. Unsolicited neighbor advertisements are sent to the
allnodes link-local multicast address FF02::1.

Cisco 400-101 Exam
Reference:
Cisco: Implementing IPv6 Addressing and Basic Connectivity: IPv6 Router Advertisement
Message IETF: RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
QUESTION NO: 154
Which of the following is used to encrypt data between GET VPN group members? (Select the
best answer.)
A.
KEK
B.
SAR
C.
TEK
D.
TSK
Answer: C
Explanation:
A traffic encryption key (TEK) is used to encrypt data between Group Encrypted Transport (GET)
virtual private network (VPN) group members. GET VPN is a connectionless, nontunneling VPN
technology based on the Group Domain of Interpretation (GDOI) standard proposed in Request for
Comments (RFC) 3547. Nontunneling VPNs such as GET VPN can be used on a variety of
networks, including IP, Frame Relay,
Multiprotocol Label Switching (MPLS), and Asynchronous Transfer Mode (ATM) networks.
Although GET VPN does not use tunneling, it does rely upon Internet Key Exchange (IKE) and IP
Security (IPSec) security associations (SAs).
GET VPN requires a key server. The key server maintains the policy, creates and maintains group
keys, and services registration requests. When a group member registers with the key server, the
group member downloads the IPSec policy and encryption keys from the key server. If a group
member fails to register with a key server, all traffic is sent unencrypted through the group member
unless the FailClose feature is activated.
A key encryption key (KEK) is used to encrypt data between the key server and group members.
Periodically, the key server will send rekey messages to group members in order to refresh the
IPSec SA before it expires. The KEK protects the rekey message, which contains new encryption
keys that the group members should use, thereby securing the control plane.
Cisco 400-101 Exam
Synchronous Antireplay (SAR) provides antireplay protection for GET VPN group members. The
key server keeps track of time by maintaining a pseudotime clock. Group members regularly
synchronize to the pseudotime on the key server. If an intercepted message is replayed, the
replayed message will likely fall outside the pseudotime window. A group member will detect the
pseudotime discrepancy and will therefore reject the replayed message.
A transmission security key (TSK) is used by directsequence spread spectrum (DSSS) or

frequencyhopping radios. TSKs are not used by GET VPN group members.
Reference:
https://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_getvpn/configuration/15-2mt/sec-get-
vpn.html#GUID-E692E019-DFFD-4763-AD2F-2C3080844581
QUESTION NO: 155
Which of the following commands will cause a router to be prone to CEF polarization? (Select the
best answer.)
A.
no ip cef loadsharing algorithm
B.
ip cef loadsharing algorithm original
C.
ip cef loadsharing algorithm tunnel
D.
ip cef loadsharing algorithm universal
E.
ip cef loadsharing algorithm includeports source destination
Answer: B
Explanation:
The ip cef loadsharing algorithm original command will cause a router to be prone to Cisco
Express Forwarding (CEF) polarization, which occurs when multiple routers in sequence use the
same loadbalancing mechanism. To understand CEF polarization, consider the following topology:

Cisco 400-101 Exam
RouterMain will run the load-balancing algorithm on a flow and, based on the hash result, will send
the flow to Router1, Router2, or Router3. If Router1, Router2, and Router3 run the same
loadbalancing algorithm as RouterMain uses, those routers will get the same hash result and will
therefore no longer load balance. For example, flows that are sent from RouterMain to Router3 will
always be forwarded to Router3c because Router3 generates the same hash for each flow that
RouterMain does.
The ip cef loadsharing algorithm original command configures CEF to load balance based only on
the source and destination. Universal mode improves on the original CEF loadbalancing algorithm
by using a source, a destination, and a 32bit Universal ID as a hashing seed. Because each router
uses a different Universal ID, each router will produce different hashing values, thereby avoiding
CEF polarization by enabling each router to load balance differently. Universal mode is enabled by
default or by issuing the ip cef loadsharing algorithm universal command. Because universal mode
is enabled by default, the no ip cef loadsharing algorithm command enables universal mode,
thereby avoiding CEF polarization.
The ip cef loadsharing algorithm tunnel command avoids CEF polarization. The tunnelmode
algorithm uses an improved universalmode algorithm that works well in environments with a small
number of source and destination pairs, which often occurs with tunnels.
The ip cef loadsharing algorithm includeports source destination command avoids CEF
polarization. This command configures CEF to not only use the universal loadbalancing algorithm
but also to consider Layer 4 source and destination port information.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipswitch/command/isw-cr-book/isw-
i1.html#wp5609710740
QUESTION NO: 156
Which of the following commands configures primary and fallback link groups for Cisco PfR?
Cisco 400-101 Exam
A.
border
B.
link-group
C.
pfr-map
D.
set link-group
Answer: D
Explanation:
The set link-group command configures primary and fallback link groups for Cisco Performance
Routing (PfR). The syntax of the set linkgroup command is set linkgroup primarylinkgroupname
[fallbackfallbacklinkgroupname]. Link groups enable you to configure a set of exit interfaces as
preferred or standby links to optimize traffic classes in a PfR policy. Primary and fallback link
groups are configured on the master controller.
The border command does not configure primary and fallback link groups. Instead, the border
command is issued on the master controller in order to configure a border router. A master
controller can control up to 10 border routers. In small environments, the master controller and the
border router will be the same device. The syntax of the bordercommand is borderipaddress
[keychain keychainname], where ipaddress is the IP address of the border router.
The linkgroup command does not configure primary and fallback link groups. Instead, the
linkgroup command configures a border router exit interface as a member of a link group. Up to
three link groups can be specified on an interface. The syntax of the linkgroup command is
linkgroup linkgroupname [linkgroupname [linkgroupname]].
The pfrmap command does not configure primary and fallback link groups. Instead, the pfrmap
command configures a PfR map. The syntax of the pfrmap command is pfrmap mapname
sequencenumber. Issuing the pfrmap command places the router into pfrmap configuration mode.
In this mode, you will configure a match clause with the match command and specify the primary
and fallback link groups with the set linkgroupcommand. Only one match command can be
configured for a PfR map sequence.
Reference:
https://search.cisco.com/search?query=Cisco%20IOS%20Performance%20Routing%20Configura

Cisco 400-101 Exam
Select the terms on the left, and drag them to the corresponding features on the right.
Answer:
Explanation:
Route Target Constraint (RTC) uses the rtfilter address family. In a normal Multiprotocol Label
Switching (MPLS) virtual private network (VPN), the route reflector (RR) sends all of its VPN
version 4 (VPNv4) and VPNv6 prefixes to the Provider Edge (PE) router. The PE router then drops
the prefixes for which it does not have a matching VPN routing and forwarding (VRF). RTC sends
only prefixes that the PE router wants. When RTC is enabled, the PE router sends its route target
(RT) membership data to the RR within an address family named rtfilter. The RR then uses rtfilter
to determine which prefixes to send to the PE. In order for RTC to work, both the RR and the PE
need to support RTC.
Border Gateway Protocol (BGP) Enhanced Route Refresh finds route inconsistencies, and if
inconsistencies exist, peers are synchronized without a hard reset. If two BGP peers support
Enhanced Route Refresh, each peer will send a RouteRefresh StartofRIB (SOR) message and a
RouteRefresh EndofRIB (EOR) message before and after an AdjRIBOut message, respectively.
After a peer receives an EOR message, or after the EOR timer expires, the peer will check to see
Cisco 400-101 Exam
whether it has any routes that were not readvertised. If any stale routes remain, they are deleted
and the route inconsistency is logged.
Unified Multiprotocol Label Switching (MPLS) makes the area border router (ABR) an RR and sets
the next hop to self. Unified MPLS increases scalability for an MPLS network by extending the
label switched path (LSP) from end to end, not by redistributing interior gateway protocols (IGPs)
into one another, but by distributing some of the IGP prefixes into BGP. BGP then distributes
those prefixes throughout the network.
BGP PrefixIndependent Convergence (PIC) improves convergence by creating and storing an

alternate path in the Routing Information Base (RIB), Forwarding Information Base (FIB), and
Cisco Express Forwarding (CEF). As soon as a failure is detected, BGP uses the alternate path.
BGP PIC works on IPv4, IPv6, and MPLS networks.
Reference:
technologies-technote-restraint-00.html
https://search.cisco.com/search?query=Cisco%20IOS%20BGP%20Configuration%20Guide&local
e=enUS&tab=Cisco
configure-technology-00.html
k/BGP.html
QUESTION NO: 158
Which of the following is true regarding the structure of a multiprotocol BGP VPNIPv4 address?
A.
It begins with a 2byte Type field and ends with a 6byte Value field.
B.
It begins with an 8byte RD and ends with a 4byte IPv4 address.
C.
It begins with a 4byte VPN ID and ends with an 8byte RD.
D.
It begins with a 4byte ASN and ends with a 2byte Assigned Number.
E.

Cisco 400-101 Exam
It begins with a 6byte MAC address and ends with a 4byte IPv4 address.
Answer: B
Explanation:
A multiprotocol Border Gateway Protocol (BGP) virtual private network (VPN)IPv4 address begins
with an 8byte route distinguisher (RD) and ends with a 4byte IPv4 address. The RD consists of a
2byte Type field and a 6byte Value field. The value of the Type field determines what the structure
of the Value field is. The following table lists the Type values along with their corresponding Value
field structures:
If the Type field is 0, the Administrator subfield is a 2byte autonomous system number (ASN). If
the Type field is 1, the Administrator subfield is an IP address. If the Type field is 2, the
Administrator subfield is a 4byte ASN. In all cases, the Assigned Number subfield contains a
number assigned by the administrator.
The BGP VPNIPv4 address does not contain a VPN ID or a Media Access Control (MAC)
address.
Reference:
QUESTION NO: 159
Which of the following is required by MPLS? (Select the best answer.)
A.
BGP
B.
CDP
C.
CEF
D.
IS-IS
E.
Cisco 400-101 Exam
TDP
Answer: C
Explanation:
Cisco Express Forwarding (CEF) is required by Multiprotocol Label Switching (MPLS). MPLS
relies on CEF to forward labeled packets through the network. If CEF is not enabled, an MPLS
router cannot switch labeled packets and MPLS functionality is lost. By default, CEF is enabled on
Cisco routers; however, if CEF is disabled, you should enable it by issuing the ip cef command in
global configuration mode. CEF depends on the IP routing functionality of the router and cannot be
enabled unless IP routing is enabled. By default, IP routing is enabled on Cisco routers; however,
if IP routing is disabled, you should enable it by issuing the ip routing command in global
configuration mode.
The CEF Forwarding Information Base (FIB) is built from information contained in the IP routing
table. When the routing table is updated, the nexthop information in the FIB is also updated. A
routing protocol, such as Border Gateway Protocol (BGP) or Intermediate SystemtoIntermediate
System (ISIS), can be used to populate the routing table, and, therefore, the FIB. However, neither
BGP nor ISIS is required by MPLS; another internal gateway protocol (IGP), such as Open
Shortest Path First (OSPF) or Enhanced Interior Gateway Routing Protocol (EIGRP), can be used
instead.
A label exchange protocol, such as Tag Distribution Protocol (TDP), is used by MPLS to exchange
label information. However, TDP itself is not required by MPLS; another label exchange protocol,
such as Label Distribution Protocol (LDP) or Resource Reservation Protocol (RSVP), can be used
instead.
Cisco Discovery Protocol (CDP) is used to collect information about neighboring Cisco devices,
such as the host name, network address, port information, device type, and IOS version. CDP is
enabled by default on Cisco devices. However, CDP is not required by MPLS.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t2/ftldp41.html#wp1632254
QUESTION NO: 160
Which of the following actions cannot be performed in VRF configuration mode? (Select the best
answer.)
A.
associating an SNMP context with the VRF
B.
Cisco 400-101 Exam
assigning an RD
C.
configuring shared route targets between IPv4 and IPv6
D.
defining the VRF instance name
E.
updating a VPN ID
Answer: D
Explanation:
You cannot define the VPN routing and forwarding (VRF) instance name in VRF configuration
mode. A VRF instance name is defined by issuing the vrf definition command in global
configuration mode. The syntax of the vrf definition command is vrf definition vrfname, where
vrfname is any name that you want to assign to the VRF, except default. After you issue the vrf
definition vrfname command, the router will be placed into VRF configuration mode, where you
can issue commands to configure other features of the VRF.
If you issue the vrf definition default command on a Cisco router, a VRF instance will be created
with the name configured to a NULL value. The NULL value acts as a VRF name placeholder until
a default VRF name can be defined.
You can assign a route distinguisher (RD) in VRF configuration mode. To assign an RD to a VRF,
issue the rd routedistinguisher command. Configuring an RD creates the routing tables and the
forwarding tables for the VRF instance.
You can configure shared route targets between IPv4 and IPv6 in VRF configuration mode. To
configure a shared route target, issue the routetarget [import | export | both]
routetargetextcommunity command. Specifying the import keyword imports routing information
from the community specified by the routetargetextcommunity parameter. Conversely, the export
keyword sends routing information to the specified community. The both keyword imports routing
information to and exports routing information from the specified community. To configure
separate route target policies for IPv4 and IPv6, you should first issue the addressfamily
command, which places the router into address family configuration mode.
You can associate a Simple Network Management Protocol (SNMP) context in VRF configuration
mode. To associate an SNMP context, issue the contextcontextnamecommand, where
contextname is the name of the SNMP context you want to assign.
You can update a virtual private network (VPN) ID in VRF configuration mode. The VPN ID
consists of a 3byte Organizationally Unique Identifier (OUI) and a 4byte VPN index. To update a
VPN ID for a VRF, issue the vpn id oui: vpn-index command.
Reference:

Cisco 400-101 Exam
49861
Select the features on the left, and place them in the appropriate category on the right.
Answer:
Explanation:

Cisco 400-101 Exam
An Ethernet virtual circuit (EVC) is a Layer 2 connection between two or more user network
interfaces (UNIs) over a service provider (SP) network. The following are required for EVCs:
-Multiple Spanning Tree (MST) must be used for the spanning-tree mode.
-The dot1ad command must be configured from global configuration mode.
The following features are supported on EVCs:
-EtherChannel, including Port Aggregation Protocol (PAgP) and Link Aggregation Control
Protocol(LACP)
-UniDirectional Link Detection (UDLD)
-Link Layer Discovery Protocol (LLDP)
-Cisco Discovery Protocol (CDP)
-Media Access Control (MAC) address security
The following features are not supported on EVCs:
-Layer 2 multicast frame flooding
-Layer 2 protocol tunneling
-QinQ tagging
-Virtual LAN (VLAN) translation
-Ethernet over Multiprotocol Label Switching (EoMPLS)
-Split horizon
- Bridge domain routing
Reference:

Cisco 400-101 Exam
2SY/configuration/guide/sy_swcg/ethernet_virtual_connection.html#54887
QUESTION NO: 162
You want to create a named ACL to use in a route map that allows redistribution of the following
subnets:
192.168.3.0/24
192.168.4.0/24
192.168.5.0/24
192.168.6.0/24
192.168.7.0/24
192.168.8.0/24
192.168.9.0/24
Which of the following commands should you issue in order to fulfill your objective? (Select the
best answer.)
A.
permit 192.168.3.0 0.0.7.255
B.
permit 192.168.0.0 0.0.15.255
C.
permit 192.168.0.0 255.255.240.0
D.
permit 192.168.3.0 255.255.248.0
Answer: B
Explanation:
You should issue the permit 192.168.0.0 0.0.15.255 command. The basic syntax of the permit
command is permit source wildcard-mask. A 20bit subnet mask, which corresponds to the
wildcard mask 0.0.15.255, will aggregate 16 contiguous 24bit subnets. Therefore, a 20bit mask
can be used to allow redistribution of addresses from 192.168.0.0 through 192.168.15.255, which

Cisco 400-101 Exam
includes all of the subnets in this scenario.
You should not issue the permit 192.168.3.0 0.0.7.255 command. A 21bit subnet mask, which
corresponds to the wildcard mask 0.0.7.255, would aggregate eight contiguous 24bit subnets.
Although there are only seven subnets in this scenario, the 21bit mask boundary falls between the
192.168.7.0/24 subnet and the
192.168.8.0/24 subnet. Therefore, the permit 192.168.3.0 0.0.7.255 command would allow
redistribution of only the addresses from 192.168.0.0/24 through 192.168.7.255/24.
You should not issue the permit 192.168.0.0 255.255.240.0 command or the permit 192.168.3.0
255.255.248.0 command. The permit command accepts wildcard masks, not subnet masks.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/m1/sec-m1-cr-book/sec-cr-
p1.html#wp1501248131
QUESTION NO: 163 CORRECT TEXT
You issue the show running-config command on a router and receive the following partial output:
router eigrp boson
addressfamily ipv4 autonomoussystem 1
afinterface default bandwidthpercent 75 afinterface Ethernet 0/0 hellointerval 15 afinterface

Ethernet 0/1 holdtime 45
What is the hold time for the Ethernet 0/0 interface? (Select the best answer.)
five seconds
15 seconds
45 seconds
60 seconds
180 seconds
Answer:
B
Explanation:
The hold time for the Ethernet 0/0 interface is 15 seconds. Settings for Enhanced Interior Gateway

Cisco 400-101 Exam
Routing Protocol (EIGRP) named mode are configured under each address family. The afinterface
default command enables you to configure settings that apply to all EIGRP interfaces unless a
conflicting setting is explicitly configured on the interface. For example, the bandwidthpercent 75
command has been issued under the afinterface default command? therefore, the
bandwidthpercent 75 command would apply to all interfaces that are not explicitly configured with
the bandwidthpercent command.
In this scenario, the holdtime command has not been configured under the afinterface default
command or under the afinterface Ethernet 0/0 command? therefore, the default EIGRP hold time
for Ethernet interfaces will be used, which is 15 seconds.
If the holdtime 5 command had been issued under the afinterface default command, the Ethernet
0/0 interface would have had a hold time of five seconds. However, that setting would not have
applied to the Ethernet 0/1 interface, because the holdtime 45command has been issued under
the afinterface Ethernet 0/1 command.
The hello interval for the Ethernet 0/0 interface is 15 seconds. Even if a different hellointerval
command had been issued under the afinterface default command, the Ethernet 0/0 interface
would still be configured with a hello interval of 15 seconds because the hellointerval 15 command
has been explicitly issued on the Ethernet 0/0 interface. By default, the hello interval is five
seconds for Ethernet interfaces? therefore, the Ethernet 0/1 interface would have a hello interval
of five seconds because the hellointervalcommand has not been issued on that interface.
The hold time for the Ethernet 0/0 interface is not 60 seconds. The default hello interval for
lowspeed nonbroadcast multiaccess (NBMA) interfaces is 60 seconds.
The hold time for the Ethernet 0/0 interface is not 180 seconds. The default hold time for lowspeed
NBMA interfaces is 180 seconds.
Reference:
Cisco: Cisco IOS IP Routing: EIGRP Command Reference: afinterface
Cisco: Cisco IOS IP Routing: EIGRP Command Reference: hellointerval
Cisco: Cisco IOS IP Routing: EIGRP Command Reference: holdtime
CCIE Routing and Switching v5.0 Certification Guide, Volume 1, Chapter 8, EIGRP Named Mode,
pp. 410417
QUESTION NO: 164
When you are enabling AutoQoS for the Enterprise on a router, which of the following commands
should you ensure has been issued before you issue the auto discovery qoscommand? (Select
the best answer.)
A.
Cisco 400-101 Exam
mls qos
B.
auto qos voip
C.
ip cef
D.
auto qos
Answer: C
Explanation:
When you are enabling AutoQoS for the Enterprise on a router, you should ensure the ip cef
command has been issued before you issue the auto discovery qos command. Cisco Express
Forwarding (CEF) must be enabled before you can implement AutoQoS for the Enterprise.
AutoQoS uses Network Based Application Recognition (NBAR) for packet classification. If you find
that CEF has not been enabled, you should enable it by issuing the ip cef command. After
ensuring that CEF is enabled, you can issue the auto discovery qos interface configuration
command, which will initiate the autodiscovery phase of the AutoQoS for the Enterprise
implementation process. The autodiscovery phase profiles the traffic on the network to determine
the volume and type of traffic being sent on the network. By default, autodiscovery will run for
three days to determine as accurately as possible the volume and type of traffic sent on the
network. However, you can configure autodiscovery to take more or less time, depending on the
needs of the network.
You should issue the auto qos command after you issue the auto discovery qoscommand on an
interface. After the auto discovery qos command has profiled the traffic, the auto qos command
uses that data to generate Quality of Service (QoS) templates, which are then used to create class
maps and policy maps. You can use the auto qos voip command if you are configuring AutoQoS
Voice over IP (VoIP) rather than AutoQoS for the Enterprise.
The mls qos command enables QoS. This command is automatically enabled when you issue the
auto qos command or the auto qos voip command, so it is not necessary to issue the mls qos
command when you are configuring AutoQoS.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_auto/configuration/15-mt/qos-auto-15-mt-
book/qos-auto-ent.html#GUID-72FB0F57-E978-4DD2-A314-9E0C677768FA
https://www.cisco.com/en/US/technologies/tk543/tk879/technologies_qas0900aecd8020a589.html
QUESTION NO: 165

Cisco 400-101 Exam
Which of the following TLVs are specific to LLDPMED? (Select 2 choices.)
A.
location
B.
management address
C.
port description
D.
power management
E.
system capabilities
F.
system description
G.
system name
Answer: A,D
Explanation:
The location and power management type, length, and value (TLV) descriptions are specific to
Link Layer Discovery Protocol for Media Endpoint Devices (LLDP-MED). LLDP-MED is an
extension of Link Layer Discovery Protocol (LLDP). LLDP is a Layer 2 openstandard discovery
protocol that is used to facilitate interoperability between Cisco devices and nonCisco devices.
LLDP-MED operates between endpoint devices, such as a PC or a Voice over IP (VoIP) phone,
and vendorneutral network devices. By contrast, LLDP does not operate between endpoint
devices and network devices; LLDP operates only between network devices, such as routers,
switches, and access servers.
Attributes that can be learned from neighboring devices are contained within TLVs. The following
TLVs are supported by LLDP:
- Port description
- System name
- System description
- System capabilities
- Management address

Cisco 400-101 Exam
In addition, the following LLDP TLVs are advertised to support LLDP-MED:
- Port VLAN ID
- MAC/PHY configuration status
The following TLVs are supported by LLDPMED:
-LLDP-MED capabilities
-Network policy
-Power management
-Inventory management
- Location
Reference:
2_55_se/configuration/guide/3560_scg/swlldp.html
Select the default timer settings form the left, and drag them to the corresponding RIP timers on
the right. Some values might be used more than once.
Answer:

Cisco 400-101 Exam
Explanation:
Routing Information Protocol (RIP) uses four different network timers: update, invalid, holddown,
and flush. To manually configure the four RIP network timers, you should issue the timers basic
update, invalid, holddown, flush command in RIP router configuration mode, where update, invalid,
holddown, and flush are specified in seconds.
The update timer is used to specify the amount of time to wait between broadcasting routing table
updates. By default, the update timer is set to 30 seconds.
The invalid timer is used to specify the amount of time to wait before declaring a route to be
unreachable. By default, the invalid timer is set to 180 seconds, and it should always be set to at
least three times the value of the update timer.
Holddown timers are used by RIP to specify the amount of time to suppress information regarding
a better path to a route. When a router receives a routing update stating that a route is
unreachable, the router waits a specified amount of time before accepting routes advertised by
other sources. By default, the holddown timer is set to 180 seconds.
The flush timer is used to specify the amount of time to wait before deleting a route from the
routing table. By default, the flush timer is set to 240 seconds, and it should always be set to a
value greater than the invalid timer.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfrip.html#wp
1018019
QUESTION NO: 167

Cisco 400-101 Exam
Which of the following is an IETF-standard FHRP that can use object tracking and preemption to
provide Layer 3 failover? (Select the best answer.)
A.
GLBP
B.
HSRP
C.
LACP
D.
VRRP
Answer: D
Explanation:
Virtual Router Redundancy Protocol (VRRP) is an Internet Engineering Task Force

(IETF)standard FirstHop Redundancy Protocol (FHRP) that can use object tracking and
preemption to provide Layer 3 failover. FHRPs are protocols that are used to provide Layer 3
gateway redundancy, such as failover and load balancing. Providing Layer 3 redundancy ensures
that hosts on a LAN will have a backup path to external networks should a primary path fail or
become too congested to forward traffic. Layer 3 devices in an FHRP configuration typically share
a virtual IP address that is then configured as the default gateway on each host for which the
device is to forward traffic. The FHRP devices might also share a virtual Media Access Control
(MAC) address or multiple virtual MAC addresses, depending on the protocol. FHRPs typically use
a priority system to elect a primary Layer 3 forwarding device, which is known as an active virtual
gateway (AVG), an active router, or a master router, depending on the protocol. The same priority
system elects either a single or multiple backup-forwarding devices.
VRRP can be configured to use object tracking to influence the priority of a router in a group and
therefore force the election of a different master router when certain conditions are met. When
combined with VRRP preemption, which enables a VRRP router to automatically assume the
master router role when priority values change, object tracking enables VRRP to adjust the priority
of a router based on the line protocol status of a specific interface or the availability of a given
route to a destination. For example, if RouterA and RouterB in a VRRP configuration had different
paths to the Internet, VRRP could be configured to monitor
RouterA's outbound interface and to automatically set RouterA's VRRP priority to a value lower
than RouterB's if RouterA's outbound interface were to go down. RouterB would then become the
master router, and Layer 3 traffic would be forwarded through its outbound interface instead of
through RouterA's.
Gateway Load Balancing Protocol (GLBP) is a Ciscoproprietary FHRP, not an IETF standard.
However, GLBP does support object tracking and preemption. GLBP is different from both VRRP
and Hot Standby

Cisco 400-101 Exam
Router Protocol (HSRP) in that it is, by default, capable of load balancing traffic between all
routers in a GLBP group. VRRP and HSRP are primarily failover protocols. GLBP elects an AVG
and up to four primary active virtual forwarders (AVFs). The routers in a GLBP group receive traffic
sent to a virtual IP address that is configured for the group. Each GLBP group contains an AVG
that is elected based on which router is configured with the highest priority value or the highest IP
address value if multiple routers are configured with the highest priority value. The other routers in
the GLBP group are configured as primary or secondary AVFs. The AVG in a GLBP group assigns
a virtual MAC address to up to four primary AVFs? all other routers in the group are considered
secondary AVFs and are placed in the listen state. When the AVG receives ARP requests that are
sent to the virtual IP address for the GLBP group, the AVG responds with different virtual MAC
addresses. This provides load balancing, because each of the primary AVFs will participate by
forwarding a portion of the traffic sent to the virtual IP address.
HSRP is a Ciscoproprietary FHRP, not an IETF standard. However, like VRRP, HSRP is capable
of using object tracking and preemption to modify the priority of the HSRP active router and force
the standby router to take over if a specific interface goes down or a path to the destination
becomes unavailable.
Link Aggregation Control Protocol (LACP) is not an FHRP. LACP is an Institute of Electrical and
Electronics Engineers (IEEE) protocol that is used to enable link aggregation on EtherChannel
links.
Reference:
book/fhp-vrrp.html#GUID-ECF180A0-1633-4DB2-AD31-9D807B5833AD
QUESTION NO: 168
You manage a StackWise stack of nine switches.
Which of the following switches will be elected as the stack master? (Select the best answer.)
A.
the switch with stack ID 1
B.
the switch with stack ID 9
C.
the switch with the lowest MAC address
D.
the switch with the highest MAC address
E.
Cisco 400-101 Exam
the switch with the lowest configured IP address
F.
the switch with the highest configured IP address
G.
the switch with the lowest priority value
H.
the switch with the highest priority value
Answer: H
Explanation:
The switch with the highest priority value will be elected as the stack master. StackWise is a
Ciscoproprietary technology that is used to provide Layer 2 or Layer 3 connectivity between
switches so that the stack of switches acts as a single device. When a StackWise configuration is
used, the failure of a single switch will not result in an outage. Instead, the other switches in the
stack will compensate for the failed switch. The switches are connected sequentially by stack
cables: the first switch is connected to the second, the second switch is connected to the third, and
so on until the last switch is connected to the first. If a stack cable is broken, the bandwidth of the
stack will be reduced by 50 percent until the cable is fixed.
The stack master controls the operation of the stack. From the stack master, you can configure
global features that apply to all switches in the stack as well as interfacelevel features for
individual stack members. The stack priority is a value from 1 through 15? by default, the priority
value is set to 1. To change the stack priority, you should issue the switch stackidpriorityvalue
command from global configuration mode. The following checklist is used to elect a stack master:
- The current stack master is elected as the stack master. Otherwise, the switch with the highest
priorityis elected stack master.
-If multiple switches have the same priority, the switch with a nondefault saved
interfacelevelconfiguration is elected stack master.
-If multiple switches have a nondefault saved interfacelevel configuration, the switch with the
highestfeature set priority is elected stack master, based on the following hierarchy:
-IP services with cryptographic image
-IP services with noncryptographic image
-IP base with cryptographic image
-IP base with noncryptographic image
-If multiple switches have the same feature set, the switch with the shortest startup time is
electedstack master.

Cisco 400-101 Exam
-If multiple switches are still eligible, the stack member with the lowest Media Access Control
(MAC)address is elected stack master.
The stack ID is not used to elect a stack master. Each stack member has a unique stack ID. By
default, all switches use stack ID 1. However, if two switches attempt to take the same stack ID,
the switch with the higher priority will retain the stack ID number and the other switch will
automatically be assigned a new stack ID. Therefore, you need not make any configuration
changes before adding a switch to a StackWise stack. However, you can manually configure a
stack ID by issuing the switch current-stack-id renumber new-stack-id command from global
configuration mode. The change will not take effect until the switch is reloaded.
IP addresses are not used to elect a stack master. In fact, a switch need not be configured with
any IP addresses to become a stack member or stack master.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-
2_55_se/configuration/guide/3750xscg/swstack.html#pgfId-1228109
Select the NetFlow components from the left, and place them on the right in the order in which
they are used by NetFlow.
Answer:
Explanation:

Cisco 400-101 Exam
NetFlow is a Cisco IOS feature that can be used to monitor traffic flows. A traffic flow is defined as
a series of packets with the same source IP address, destination IP address, protocol, and Layer 4
information. NetFlow gathers flowbased statistics such as packet counts, byte counts, and protocol
distribution. The data gathered by NetFlow is typically exported to management software. You can
then analyze the data to facilitate network planning, customer billing, and traffic engineering.
Flow caching collects IP data flow information and prepares the information for export. A traffic
flow can be identified based on the combination of the following attributes:
-Source IP address
-Destination IP address
-Source port number
-Destination port number
-Protocol value
-Type of Service (ToS) value
-Input interface
A flow collector collects the exported data from multiple devices so that it can be aggregated and
stored for analysis by a data analyzer. NetFlow can be used to perform all three functions, or it can
export the data to a thirdparty product that can read the data that is stored within FlowCollector
files.
Reference:
netflow/product_data_sheet0900aecd80173f71.html
QUESTION NO: 170
You issue the following commands on the FastEthernet 0/1 interface of SwitchA:

Cisco 400-101 Exam
SwitchA(configif)#switchport portsecurity
SwitchA(configif)#switchport portsecurity maximum 3
SwitchA(configif)#switchport portsecurity macaddress sticky
SwitchA(configif)#switchport portsecurity violation restrict
Which of the following are true? (Select 2 choices.)
A.
Up to three MAC addresses will be stored in the running configuration.
B.
Up to three MAC addresses will be stored in the address table but not in the running configuration.
C.
The switch will silently discard the traffic when a security violation occurs.
D.
The switch will discard the traffic, log the unauthorized entry attempt, increment the
SecurityViolationcounter, and send an SNMP trap message when a security violation occurs.
E.
The switch will discard the traffic, log the unauthorized entry attempt, increment the
SecurityViolation counter, and place the port into the error-disabled state when a security violation
occurs.
Answer: A,D
Explanation:
Up to three Media Access Control (MAC) addresses will be stored in the running configuration. In
this scenario, the switchport portsecurity maximum 3 command specifies that three MAC
addresses are authorized to send traffic on port FastEthernet 0/1. MAC addresses can be
configured statically or learned dynamically by port security. Dynamically learned MAC addresses
are converted to sticky addresses and stored in the running configuration when the switchport
portsecurity macaddress stickycommand is issued on a port. Any MAC addresses that are not
configured statically will be learned dynamically from incoming traffic, up to the maximum number
of MAC addresses allowed to communicate on the port.
Because no MAC addresses have been statically configured in this scenario, all three MAC
addresses will be learned dynamically. If the switchport portsecurity macaddress sticky command
had not been issued, the switch would retain dynamically learned MAC addresses in the MAC
address table but not in the running configuration.
Additionally, the switch will discard the traffic, log the unauthorized entry attempt, increment the
SecurityViolation counter, and send a Simple Network Management Protocol (SNMP) trap
message when a security violation occurs in this scenario. You can configure a switch to perform
Cisco 400-101 Exam
the following actions when a switch port with port security enabled receives traffic from a host with
an unauthorized MAC address:
-Protect: The switch will discard the traffic.
-Restrict: The switch will discard the traffic, log the unauthorized entry attempt, increment the
SecurityViolation counter, and send an SNMP trap message.
-Shutdown: The switch will discard the traffic, log the unauthorized entry attempt, increment the
SecurityViolation counter, and place the port into the error-disabled state.
To configure the action that a switch will perform when unauthorized traffic is received on a switch
port, you should issue the switchport portsecurity violation {protect | restrict | shutdown} command
in interface configuration mode. By default, a switch port with port security enabled will be
configured for shutdown mode. For example, the following commands would configure port
security on SwitchA to use the default violation behavior:
SwitchA(config-if)#switchport port-security
SwitchA(config-if)#switchport port-security maximum 3
SwitchA(config-if)#switchport port-security mac-address sticky
Because no switchport portsecurity violation command is issued in the output above, the switch
will discard the traffic, log the unauthorized entry attempt, increment the SecurityViolation counter,
and place the port into the errordisabled state when an unauthorized MAC address attempts to
use the port.
Reference:
QUESTION NO: 171
You issue the show framerelay map command on Router2 and receive the following output:
Serial2/0 (up): ip 10.11.12.13 dlci 20(0x14,0x440), dynamic,
CISCO, status defined, active
What protocol was used to dynamically create this PVC? (Select the best answer.)

Cisco 400-101 Exam
A.
DHCP
B.
ARP
C.
Inverse ARP
D.
RARP
Answer: C
Explanation:
Inverse Address Resolution Protocol (ARP) is used to dynamically create permanent virtual
circuits (PVCs). A PVC is a virtual connection between a source and a destination through which
data is transmitted as if over a physical connection. The destination becomes the next hop from
the source over the PVC.
PVCs that are created dynamically by Inverse ARP are marked as dynamic in the output of the
show frame-relay map command. The show frame-relay map command can be used to verify the
local datalink connection identifier (DLCI) numbers that have been assigned to remote IP
addresses, the status of the PVC, the encapsulation format that is used by the PVC, and whether
the PVC was manually configured or created dynamically.
Inverse ARP is used to find a Layer 3 address when the Layer 2 address is known. In the case of
Frame Relay, Inverse ARP maps Layer 2 DLCIs to Layer 3 IP addresses. DLCIs uniquely identify
a PVC connection in a Frame Relay circuit.
ARP is not used to dynamically create PVCs. ARP is used to find a Layer 2 address when the
Layer 3 address is known. Because Inverse ARP is an extension of ARP, ARP packets are
structured the same as Inverse ARP packets.
Reverse ARP (RARP) is not used to dynamically create PVCs. A device uses RARP to obtain an
IP address for itself based on its Layer 2 Media Access Control (MAC) address. RARP has the
same packet structure as ARP and Inverse ARP. However, RARP has been largely replaced with
Dynamic Host Configuration Protocol (DHCP).
DHCP is not used to dynamically create PVCs. DHCP dynamically assigns network configuration
information to client computers. This network configuration information can include the IP address,
subnet mask, default gateway, and Domain Name System (DNS) servers that the client computer
will use.
Reference:
https://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1918.html#wp1020791

Cisco 400-101 Exam
https://www.cisco.com/c/en/us/td/docs/ios/12_2/wan/configuration/guide/fwan_c/wcffrely.html#wp1
001012
QUESTION NO: 172
Which of the following best defines a FEC? (Select the best answer.)
A.
a group of packets that are forwarded similarly
B.
a table that is built from information in the routing table
C.
a table that contains inboundtooutbound label mappings
D.
a value that enables MPLS VPN customers to use overlapping IP address ranges
Answer: A
Explanation:
A Forwarding Equivalence Class (FEC) is a group of packets that are forwarded similarly. A FEC
is generally associated with a destination IP network, although it can also be associated with a
Layer 2 circuit or an IP precedence value. The Label field of a Multiprotocol Label Switching
(MPLS) label is a 20bit field that is used to represent the FEC. The structure of an MPLS label is
shown below:
The Forwarding Information Base (FIB) is a table that is built from information in the routing table.
When a label switch router (LSR) receives an unlabeled packet destined for an MPLS-enabled
interface, it consults the FIB, adds the appropriate label for the destination address, and forwards
the packet. However, if the packet's destination address is not contained in the FIB, the packet is
dropped.
The Label Forwarding Information Base (LFIB) is a table that contains inbound-to-outbound label
mappings. If a route becomes unavailable, the LFIB information will be modified based on
information in the Label Information Base (LIB) and FIB tables? the LIB contains all of the labels

Cisco 400-101 Exam
received from neighboring LSRs. When an LSR receives a labeled packet, it consults the LFIB,
swaps or removes the label, and forwards the packet. However, if the label mapping is not
contained in the LFIB, the packet is dropped.
A route distinguisher (RD) is a value that enables MPLS virtual private network (VPN) customers
to use overlapping IP address ranges? MPLS VPNs are described in Request for Comments
(RFC) 4364. An ingress LSR creates a globally unique VPN version 4 (VPNv4) address by adding
the RD to the beginning of an IP address. The LSR then assigns a label to the VPNv4 address
prefix and stores the inbound-to-outbound label mapping in the LFIB. Authentication to the MPLS
VPN is provided based on logical port and RD information.
Reference:
https://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/4649-mpls-
faq-4649.html#anc4
QUESTION NO: 173
You issue the show ip nhrp detail command on RouterA and receive the following output:
Which of the following flags indicates that the entry cannot be overwritten by a different NBMA
entry with the same IP address? (Select the best answer.)
A.
authoritative
B.
nat
C.
registered
D.
unique
E.
used
Answer: D

Cisco 400-101 Exam
Explanation:
Of the available choices, the unique flag in the output of the show ip nhrp detailcommand indicates
that the entry cannot be overwritten by another nonbroadcast multiaccess (NBMA) entry with the
same IP address. Similar to Address Resolution Protocol (ARP) on broadcast networks, Next Hop
Resolution Protocol (NHRP) enables devices on an NBMA network to dynamically discover the
physical addresses of other devices on the network. The show ip nhrp command displays
information about NHRP mappings. When issued with the detail keyword, this command displays
more detailed information about those mappings, including a list of flags.
The show ip nhrp detail command might display any of the following flags for a given entry:
- authoritative -The mapping was obtained directly from the nexthop router or server.
- implicit -The mapping was obtained from an NHRP resolution request or packet.
- local -The mapping isfor networks that are local to the router.
- nat -The remote device supports NHRP Network Address Translation (NAT) extensions.
- negative -A mapping could not be obtained for negative caching.
- (no socket) -IP Security (IPSec) will not set up encryption, because data traffic does not require
thistunnel.
- registered-The mapping was created in response to an NHRP registration.
- router -The mappings for aremote router are marked with the router flag.
- unique -The mapping cannot be overwritten by a different NBMA entry with the same IP address.
-used-Data packets are being processswitched for the given mapping.
Reference:
s1.html#wp2302625547
Select the capabilities on the left, and place them underneath the corresponding protocols on the
right. Fill all boxes. Some capabilities will be used more than once.

Cisco 400-101 Exam
Answer:
Explanation:

Cisco 400-101 Exam
Link Layer Discovery Protocol (LLDP) is a Layer 2 openstandard discovery protocol that is used to
facilitate interoperability between Cisco devices and thirdparty devices. LLDP for Media Endpoint
Devices (LLDPMED) is an extension of LLDP that operates between endpoint devices, such as a
PC or a Voice over IP (VoIP) phone, and vendorneutral network devices. By contrast, LLDP does
not operate between endpoint devices and network devices? LLDP operates only between
network devices, such as routers, switches, and access servers.
Cisco Discovery Protocol (CDP) is a Layer 2 Ciscoproprietary discovery protocol that is used to
collect information about neighboring Cisco devices. However, CDP cannot be used to collect
information about thirdparty devices.
Both LLDPMED and CDP can determine whether a neighboring port is running full or half duplex,
but only LLDPMED can also determine the speed capabilities of a port. In addition, LLDPMED
supports topology change notifications, whereas CDP does not. CDP supports VLAN Trunking
Protocol (VTP) management, native virtual LAN (VLAN) detection, and maximum transmission unit
(MTU) detection, whereas LLDPMED does not.
Reference:
https://www.cisco.com/en/US/technologies/tk652/tk701/technologies_white_paper0900aecd804cd
46d.html
QUESTION NO: 175
Which of the following commands should you issue to increase the number of protocols that NBAR
can classify and inspect? (Select the best answer.)
A.
ip nbar pdlm
B.
ip nbar port-map
C.
D.
ip nbar resources
Answer: A
Explanation:
You should issue the ip nbar pdlm command to increase the number of protocols that Network
Based Application Recognition (NBAR) can classify and inspect. NBAR enables a router to

Cisco 400-101 Exam
perform deep packet inspection for all packets that pass through an NBARenabled interface.
Although NBAR supports several common applications and protocols, you can update or expand
the base protocol support by installing Packet Description Language Modules (PDLMs). Cisco
provides many PDLMs for download on its support website. PDLMs are stored in Flash memory.
Issuing the ip nbar portmap command does not increase the number of protocols that NBAR can
classify and inspect? it modifies the mapping between NBARrecognized applications and their
associated ports. NBAR supports a limited number of protocols and applications based on their
wellknown port numbers. However, if an application or protocol has been configured to use
nonstandard port numbers, you can issue the ip nbar portmap command to modify the NBAR
configuration accordingly. For example, if Secure Shell (SSH) servers on the network are
configured to listen on ports 22 and 2222, you should issue the ip nbar portmap ssh tcp 22 2222
command to configure NBAR to search for SSH on those ports.
Issuing the ip nbar protocoldiscovery command does not increase the number of protocols that
NBAR can classify and inspect? it records traffic statistics on an interface based on packet
content. After NBAR has been enabled on an interface, you can issue the servicepolicy input
command to configure NBAR to classify inbound traffic or you can issue the servicepolicy output
command to configure NBAR to classify outbound traffic.
Issuing the ip nbar resources command does not increase the number of protocols that NBAR can
classify and inspect? it tunes NBAR's memory usage. You can issue the ip nbar resources
command to adjust how quickly state information expires and how much system memory is
available to NBARrecognized applications.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/qos/command/reference/qos_book/qos_i1.html#wp1022
981
QUESTION NO: 176

Cisco 400-101 Exam
You administer the OSPF network shown above. The cost values are displayed next to each link.
RA receives packets destined for the 172.20.0.0/24 network.
How many paths will RA use to send the packets? (Select the best answer.)
A.
one
B.
two
C.
three
D.
four
Answer: B
Explanation:
RA will use two paths to send the packets: the path from RA through RD to RF and the path from
RA through RC and RD to RF. The total cost from RA through RD to RF is 20 + 20 = 40, and the
total cost from RA through RC and RD to RF is 10 + 10 + 20 = 40. Open Shortest Path First
(OSPF) can load balance traffic across equal-cost paths; since both paths have a total cost of 40,
RA can use both paths to send the packets. RA will not always prefer the route through the least

Cisco 400-101 Exam
number of routers. Instead, RA prefers the intra-area route with the lowest total cost, regardless of
the number of routers the packets must pass through.
RA will not use the two paths through Area 0 to send the packets. Although the total cost from RA
through both paths is 40, OSPF prefers intra-area routes over inter-area routes, regardless of the
total path cost. OSPF uses the following preference order when selecting the best route to a
destination:
1. Intra-area routes
2. Inter-area routes
3. External Type 1 routes
Therefore, RA prefers an intra-area route with a cost of 40 over an inter-area route with a cost of
40. If all of the routers were within the same area, RA would use all four paths to send the packets.
Reference:
QUESTION NO: 177
Which of the following IPv6 addresses is used as the source address in OSPFv3 packets? (Select
the best answer.)
A.
A link-local unicast address is used on all OSPF interfaces.
B.
A link-local unicast address is used on all OSPF interfaces except virtual links.
C.
A global scope address is used on all OSPF interfaces.
D.
A global scope address is used on all OSPF interfaces except virtual links.
Answer: B
Explanation:
A link-local unicast address is used as the source address in Open Shortest Path First version 3

Cisco 400-101 Exam
(OSPFv3) packets on all OSPF interfaces except virtual links. Link-local unicast addresses use the
FE80::/10 address range? these addresses begin with the hexadecimal characters FE80 through
FEBF. Because link-local addresses are unique only on the local segment, link-local addresses
are not routable. An IPv6capable host typically creates a link-local unicast address automatically
at startup.
OSPFv3 virtual link interfaces must use a global scope IPv6 address as the source address for
OSPFv3 packets. If a router has one or more virtual links configured, it includes the global scope
IPv6 address in the LSA, sets the LA-bit in the PrefixOptions field, configures the PrefixLength
field to a value of 128, and sets the Metric field to a value of 0. Global aggregatable unicast
addresses use the 2000::/3 address range? these addresses begin with the hexadecimal
characters 2000 through 3FFF. Global aggregatable unicast address prefixes are distributed by
the Internet Assigned Numbers Authority (IANA) and are globally routable over the Internet.
Reference:
https://tools.ietf.org/html/rfc5340#section-2.5
QUESTION NO: 178
Which of the following commands will cause iBGP routes to have the same AD as internal EIGRP
routes? (Select 2 choices.)
A.
distance bgp 90 110 120
B.
C.
D.
E.
F.
Answer: C,E
Explanation:
The distance bgp 110 90 120 command and the distance bgp 120 90 110 command will cause

Cisco 400-101 Exam
internal Border Gateway Protocol (iBGP) routes to have the same administrative distance (AD) as
internal Enhanced Interior Gateway Routing Protocol (EIGRP) routes. When multiple routes to the
same destination network exist and each route uses a different routing protocol, a router prefers
the routing protocol with the lowest AD. The following list contains the most commonly used ADs:
configuration mode. The syntax of the distance bgp command is distance bgp external-distance
internaldistance localdistance. The externaldistance value configures the AD for external BGP
(eBGP) routes. The internaldistance value configures the AD for iBGP routes. The localdistance
value configures the AD for local BGP routes. For example, the distance bgp 110 90 120
command configures an AD of 110 for eBGP routes, an AD of 90 for iBGP routes, and an AD of
120 for local BGP routes. Internal EIGRP routes have an AD of 90; therefore, the distance bgp
110 90 120 command configures iBGP routes to have the same AD as internal EIGRP routes.
The distance bgp 90 110 120 command and the distance bgp 120 110 90 command will cause
iBGP routes to have the same AD as Open Shortest Path First (OSPF), not internal EIGRP. The
distance 90 120 110 command and the distance bgp 110 120 90command will cause iBGP routes
to have the same AD as Routing Information Protocol (RIP), not internal EIGRP.
Reference:
c1.html#wp1296277485
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/15986-admin-
distance.html
QUESTION NO: 179

Cisco 400-101 Exam
You issue the show adjacency command on RouterA and receive the following output:
Which of the following is not a step in troubleshooting the incomplete marker in the output? (Select
the best answer.)
A.
waiting 60 seconds and issuing the show adjacency command again
B.
issuing the debug arp command to verify that ARP requests are sent
C.
issuing the show ip arp command to verify the ARP table's contents
D.
issuing the show ip cef command to verify the contents of the FIB
Answer: D
Explanation:
Issuing the show ip cef command to verify the contents of the Cisco Express Forwarding (CEF)
Forwarding Information Base (FIB) is not a step in troubleshooting the incomplete marker when it
appears in the output of the show adjacency command. The show ip cef command is used to
display the contents of the FIB. The FIB, which is similar in concept to a routing table, is one of two
databases used by CEF. The other database is the adjacency table, which is used to store
nexthop information that is discovered by using Address Resolution Protocol (ARP) requests. The
incomplete marker in this scenario appears in the contents of the adjacency table.
When an incomplete marker appears in the adjacency table, the cause is typically either a failed
ARP request or a failure to clear a transient incomplete marker that resulted from issuing the clear
ip arp command or the clear adjacency command. Therefore, you could wait 60 seconds and
issue the show adjacency command again if you are troubleshooting the appearance of the
incomplete marker. When the clear ip arpcommand or the clear adjacency command is issued, the
nexthop entry will initially be marked as incomplete in the adjacency table. However, under normal
circumstances, that marker should be cleared from the table after 60 seconds. In addition, you
could choose to verify that ARP is sending requests by issuing the debug arp command or verify
that the ARP table is populated with correct information by issuing the show ip arpcommand.
Reference:
Cisco: Cisco IOS IP Switching Command Reference: show ip cef
Cisco: Troubleshooting Incomplete Adjacencies with CEF: Reasons for Incomplete Adjacencies

Cisco 400-101 Exam
QUESTION NO: 180
Which of the following entries in the output of the show ip eigrp topology command indicates that a
route is undergoing recomputation? (Select the best answer.)
A.
A 192.168.13.0/24, 1 successor, FD is Inaccessible, Q
B.
P 192.168.13.0/24, 1 successor, FD is Inaccessible, Q
C.
R 192.168.13.0/24, 1 successor, FD is Inaccessible, Q
D.
r 192.168.13.0/24, 1 successor, FD is Inaccessible, Q
Answer: A
Explanation:
The following show ip eigrp topology output indicates that a route is undergoing recomputation:
A 192.168.13.0/24, 1 successor, FD is Inaccessible, Q
The letter A indicates a route that is in the active state. A route is in the active state when a
successor becomes unavailable and no feasible successor exists. When a route transitions from
the passive state to the active state, the router will send multicast query packets to its neighbors to
find an alternate route to the destination network. The route will remain in the active state until
replies are received for each of the neighbor queries. When all queries have been received, the
router will calculate the best route to the destination network. If a neighbor router does not respond
before the active timer expires, the querying router will become stuck in active (SIA) and the
neighbor router will be removed from the querying router's neighbor table. A router that is SIA
because of missing replies will generate %DUAL-3-SIA debug error messages.
The letter P indicates a route that is in the passive state. A route is in the passive state if it has
connectivity to the successor, which is the best nexthop router to a destination network. If all of the
routes in the topology table display a P, the network is stable and is not undergoing
recomputation.
The letters R and r are not displayed at the beginning of routes in the topology table. The letter R
is displayed after the IP address of a neighbor router that has responded to a query. If a neighbor
router has not yet responded to the query, the letter r is displayed after the neighbor's IP address.

Cisco 400-101 Exam
Reference:
Cisco: EIGRP Commands: show ip eigrp topology
Cisco: What Does the EIGRP DUAL3SIA Error Message Mean?
QUESTION NO: 181
The MPLS TTL field of a packet is set to 0.
Which of the following statements is accurate? (Select the best answer.)
A.
The packet is discarded.
B.
MPLS TTL propagation is disabled.
C.
The MPLS label is the last label in the stack.
D.
The packet has a low priority.
Answer: A
Explanation:
When the Multiprotocol Label Switching (MPLS) TimeToLive (TTL) field of a packet is set to 0, the
packet is discarded. The structure of a typical 4byte MPLS label, which is also known as a MPLS
header, is shown below:
The TTL field is an 8bit field in the MPLS label that is used to control the propagation of packets
through an MPLS network. Thus the MPLS TTL field is similar to the TTL field in an IP header.
When an IP packet enters an MPLS network, the ingress router decrements the IP TTL value by 1
and copies that value to the MPLS TTL field. Each MPLS router along the path decrements the
MPLS TTL field by 1. When the packet reaches the egress router, the MPLS TTL value is
decremented by 1 and copied to the IP TTL field.

Cisco 400-101 Exam
If the MPLS TTL field of a packet is set to 0, MPLS TTL propagation is more likely to be enabled
than disabled. When MPLS TTL propagation is disabled, the MPLS TTL field is set to 255 and
decrements as the packet passes through the MPLS network. When the packet reaches the
egress router, the MPLS TTL value is not copied to the IP TTL field. By default, MPLS TTL
propagation is enabled, but you can disable it by issuing the no mpls ip propagate-ttl command.
The MPLS TTL field does not indicate whether an MPLS label is the last label in the stack. The
BottomofStack field, sometimes called the S field or Stack bit, is a 1bit field that indicates whether
the label is the last MPLS label in a packet. A BottomofStack field set to 0 indicates that one or
more MPLS labels follow this label. A BottomofStack field set to 1 indicates that this label is the
last label in the stack.
The MPLS TTL field does not indicate whether a packet has a low priority. Cisco routers use the
3bit Traffic Class (TC) field in the MPLS label to carry the IP precedence value, which is used to
classify and prioritize network traffic. The TC field was formerly designated as the Experimental
(EXP) field in Request for Comments (RFC) 3032. However, RFC 3032 did not officially designate
the use of the EXP field, so some nonCisco routers use this field for other purposes. RFC 5462
officially renames the EXP field as the TC field and designates it to carry traffic class information,
such as IP precedence values. Lowpriority traffic might be assigned an IP precedence value of 0,
and highpriority traffic might be assigned an IP precedence value of 7.
Reference:
traceroute.html#no_mpls
QUESTION NO: 182
Which of the following commands should you issue to manually attach a traffic policy to an
interface in an NBAR configuration? (Select the best answer.)
A.
class-map
B.
policy-map
C.
service-policy
D.
E.
auto qos

Cisco 400-101 Exam
Answer: C
Explanation:
You should issue the service-policy command to manually attach a traffic policy to an interface.
Network Based Application Recognition (NBAR) is a Quality of Service (QoS) feature that
classifies application traffic that flows through a router interface. You can use the Cisco IOS
modular QoS commandline interface (MQC) to manually configure NBAR on a router or a switch.
Before NBAR can classify any traffic, Cisco Express Forwarding (CEF) must be enabled on the
router. CEF is enabled by default on Cisco routers. If CEF has been disabled by the no ip cef
command, you can reenable CEF by issuing the ip cefcommand.
There are three mandatory steps in a typical NBAR configuration:
1. Define a class map.
2. Configure a policy map.
3. Attach the policy map to an interface.
The first step in an NBAR configuration is to define a class map, also known as a traffic class. A
class map is used to identify packets based on the parameters that you specify. Packets that
match the parameters are considered to be part of a particular traffic class. You should issue the
classmap command to create a class map and to place the router in classmap configuration mode.
From classmap configuration mode, you can use match protocol statements to identify the traffic
that should be discovered and classified by NBAR. For example, the command set below creates
the class map named secureshell, which identifies incoming Secure Shell (SSH) packets:
Router(config)#classmap secureshell
Router(configcmap)#match protocol ssh
Router(configcmap)#exit
However, if an application or protocol has been configured to use nonstandard port numbers, you
can issue the ip nbar portmap command to modify the NBAR
configuration accordingly. For example, if SSH servers on the network are configured to listen on
ports 22 and 2222, you should issue the ip nbar portmap ssh tcp 22 2222command to modify the
default NBAR port mapping for SSH.
Next, you should issue the policymap command to configure a policy map and to enter policymap
configuration mode. A policy map ties a traffic class to a QoS policy and is used to define actions
that are performed on packets identified in a particular class map. For example, the command set
below creates a policy map named NBARpolicy and then specifies that any packets identified by
the class map named secure-shell should be rate-limited to 128 Kbps:

Cisco 400-101 Exam
Router(config)#policy-map NBAR-policy
Router(config-pmap)#class secure-shell
Router(config-pmap-c)#bandwidth 128
Router(confi-gpmap-c)#exit
Router(config-pmap)#exit
Then you should issue the service-policy command from interface configuration mode to apply the
QoS policy to a particular interface. A service policy can be applied in either the inbound or the
outbound direction. For example, the command set below applies the service policy named
NBARpolicy to the Serial1/0 interface in the inbound direction:
Router(config)#interface serial 1/0
Router(config-if)#servicepolicy input NBARpolicy
Router(config-if)#exit
The ip nbar protocol-discovery command can be issued from interface configuration mode to
record traffic statistics based on packet content. Either or both inbound and outbound traffic can
be monitored. To monitor only IPv4 traffic, you should issue the ip nbar protocol-discovery ipv4
command; to monitor only IPv6 traffic, you should issue the ip nbar protocol-discovery ipv6
command.
The auto qos command enables AutoQoS, which automatically configures QoS settings on an
interface. However, if you have manually configured and attached a service policy to an interface
by issuing the servicepolicycommand, you cannot use AutoQoS to automatically configure QoS.
Reference:
Cisco: Configuring NBAR Using the MQC: Attaching a Traffic Policy to an Interface or
Subinterface
Cisco: Cisco AutoQoS White Paper: Considerations, Caveats, and Restrictions for AutoQoS VoIP
QUESTION NO: 183
Which of the following statements are true regarding the IGMPv3 source filtering feature? (Select
2 choices.)
A.
It enables hosts to specify the systems to which they will send multicast traffic.
Cisco 400-101 Exam
B.
It enables hosts to specify the systems from which they want to receive multicast traffic.
C.
It enables hosts to specify the systems to which they do not want to send multicast traffic.
D.
It enables hosts to specify the systems from which they do not want to receive multicast traffic.
Answer: B,D
Explanation:
The Internet Group Management Protocol version 3 (IGMPv3) source filtering feature enables
hosts to specify the systems from which they want to receive multicast traffic? it also enables
hosts to specify the systems from which they do not want to receive multicast traffic. IGMPv3
hosts operate in either INCLUDE mode or EXCLUDE mode. In INCLUDE mode, an IGMPv3 host
specifies that it wants to join only the multicast groups listed in the INCLUDE list. In EXCLUDE
mode, an IGMP host specifies that it wants to join all multicast groups except those listed in the
EXCLUDE list.
IGMPv3 source filtering does not enable hosts to specify the systems to which they will send
multicast traffic. Similarly, IGMPv3 source filtering does not enable hosts to specify the systems to
which they will not send multicast traffic. IGMPv3 hosts are typically multicast receivers, not
multicast sources? multicast sources send traffic, and multicast receivers receive traffic.
Reference:
118
QUESTION NO: 184
What extra information does the loginput keyword provide in an ACL log that the logkeyword does
not? (Select 2 choices.)
A.
destination IP address
B.
source IP address
C.
destination MAC address

Cisco 400-101 Exam
D.
source MAC address
E.
ingress interface
F.
egress interface
Answer: D,E
Explanation:
The log-input keyword provides source Media Access Control (MAC) address and ingress
interface information in an access control list (ACL) log? the log keyword does not provide that
information. Apart from this information, the log-input keyword logs everything that the log keyword
logs, including the source and destination IP address and port numbers.
Neither the log keyword nor the log-input keyword provides the destination MAC address or
egress interface information. Both the log keyword and the log-input keyword provide the message
identifier, the ACL name or number, whether the packet was permitted or denied, the protocol, the
source IP address and port, the destination IP address and port, and the number of similar
packets logged during the log update threshold. By default, the log update threshold is five
minutes. If multiple matching packets are received during the log update threshold, only one
instance is reported every five minutes? additional instances will increment a packet counter and
will be reported when the log update threshold expires.
The following sample output is generated by an ACL with the log keyword:
*Mar 16 17:02:24.519: %SEC6IPACCESSLOGP: list 101 permitted tcp
10.1.14.3(1234) > 192.168.17.6(6543), 1 packet
The following sample output is generated by an ACL with the log-input keyword? note the addition
of the source MAC address and ingress interface:
10.1.14.3(1234) (FastEthernet0/1 0000.0c12.3456) > 192.168.17.6 (6543), 1 packet
You can uniquely identify a particular ACL log message by enabling ACL hash generation. When
you enable hash generation by issuing the ip accesslist logging hashgeneration command, an
MD5 hash is appended to each ACL log entry.
The following sample output is generated by an ACL when the ip access-list logging hash-
generation command has been issued on the router:

Cisco 400-101 Exam
10.1.14.3(1234) (FastEthernet0/1 0000.0c12.3456) > 192.168.17.6 (6543), 1 packet Hash code is

0xCE87F535
Reference:
Cisco: Understanding Access Control List Logging
QUESTION NO: 185
Which of the following is best suited for many-to-many applications? (Select the best answer.)
A.
SSM
B.
PIM-SM
C.
PIM-DM
D.
Bidirectional PIM
Answer: D
Explanation:
Bidirectional Protocol Independent Multicast (bidir-PIM) is best suited for many-to-many

applications, such as conferencing and multiplayer gaming. Bidir-PIM enables designated
forwarder (DF) routers to forward multicast traffic up the shared tree directly to multicast receivers;
the router with the lowest cost to the rendezvous point (RP) is elected as the DF for that network
segment. By contrast, unidirectional PIM implementations, such as PIM sparse mode (PIMSM),
use a designated router (DR), which forwards multicast traffic from the multicast sources directly to
the RP. The RP then sends the multicast traffic down the shared tree. The router with the highest
IP address is elected as the DR for that network segment.
Source Specific Multicast (SSM) is best suited for one-to-many applications, which are also called
broadcast applications. One-to-many applications include streaming multimedia and other push-
based applications. Each application must use a separate multicast group. The Internet Assigned
Numbers Authority (IANA) has reserved the IPv4 multicast address range 232.0.0.0/8 and the
IPv6 multicast address range of FF3x::/32 for use with SSM. When SSM is used, a multicast host
can specify the source addresses from which they will accept multicast traffic.

Cisco 400-101 Exam
Cisco provides no specific recommendations for applications to be used with PIM dense mode
(PIMDM) or PIMSM. PIMDM routers initially add all the dense mode interfaces to the multicast
routing table, flood multicast traffic out all available interfaces, and then prune back those
interfaces that have no multicast receivers. By contrast, PIMSM routers add an interface to the
multicast routing table only when a device connected through that interface joins the multicast
group.
Reference:
Cisco: Source Specific Multicast: SSM Components
Cisco: Bidirectional PIM Deployment Guide (PDF)
IETF: RFC 4607: SourceSpecific Multicast for IP: 4.3. Allocation of SourceSpecific Multicast
Addresses
QUESTION NO: 186
Which of the following statements is true regarding EEM? (Select the best answer.)
A.
The Watchdog System Monitor can monitor interface errors.
B.
EEM cannot be configured to restart a router.
C.
EEM cannot be configured to send an email message.
D.
EEM cannot be configured to generate an SNMP trap.
E.
EEM must publish events to subsystem number 798.
Answer: E
Explanation:
Embedded Event Manager (EEM) must publish events to subsystem number 798. EEM enables
routers to monitor events and perform actions if those events are triggered. To configure EEM to
publish an application specific event when the EEM event is triggered, you should issue the action
publishevent command.
The Watchdog System Monitor (IOSWDSysMon) cannot monitor interface errors? it is used to
monitor memory and processor usage. To configure the Watchdog System Monitor, you should
Cisco 400-101 Exam
issue the event ioswdsysmon command. To monitor interface errors, you should issue the event
interface command. To trigger a command when you manually run a policy event, you can issue
the event none command.
EEM can be configured to restart a router with the action reload command, to send an email
message with the action mail command, or to generate a Simple Network Management Protocol
(SNMP) trap with the action snmptrap command. The following keywords can be used with the
action command:
-cli
-cnsevent
-counter
-force-switchover
-info
-mail
-policy
-publish-event
-reload
-snmp-trap
- syslog
Reference:
https://search.cisco.com/search?query=Cisco%20IOS%20Network%20Management%20Configur
ation%20Guide&locale=enUS&tab=Cisco
QUESTION NO: 187

Cisco 400-101 Exam
You administer the network shown above. You issue the show running-config command on
RouterA and receive the following partial output:
Which of the following routers will receive the route to 192.168.0.0/24? (Select the best answer.)
A.
only RouterB
B.
only RouterB and RouterC
C.
only RouterB and RouterD

Cisco 400-101 Exam
D.
RouterB, RouterC, and RouterD
E.
None of the routers will receive the route.
Answer: A
Explanation:
Only RouterB will receive the route to 192.168.0.0/24. The neighbor 10.1.1.2 remote-as 200
command specifies that RouterB, which is in autonomous system (AS) 200, is an external Border
Gateway Protocol (eBGP) neighbor of RouterA. The neighbor 10.1.1.2 sendcommunity command
configures RouterA to send community attribute settings to RouterB. The neighbor 10.1.1.2
routemap map1 out command applies route map map1 to modify outgoing routes from RouterA.
Route map map1 will not affect which routes are advertised from RouterA to RouterB? it will only
apply the noadvertise community attribute to routes that match access list 1. Routes that do not
match access list 1 are advertised without the attribute. Because route map map1 is configured to
apply to only the routes that pass access list 1, the noadvertise community attribute will affect only
the route to 192.168.0.0/24.
The neighbor 10.1.1.2 send-community command configures RouterA to send community attribute
settings to RouterB. The community attribute is an optional, transitive Border Gateway Protocol
(BGP) attribute that is not required to be supported by all BGP implementations. Additionally, BGP
implementations that do not support the community attribute are not required to pass the attribute
to other routers. By default, Cisco routers do not pass community attributes to BGP neighbors.
The community attribute can be modified in a route map by issuing the set community command
with one of the following four keywords:
-no-advertise -prevents advertisements to any BGP peer
-no-export-prevents advertisements to eBGP peers
-local-as -prevents advertising outside the AS, or in confederation scenarios, outside the subAS -
internet-advertises the route to any router
The set community no-advertise command configures the BGP community attribute to inform
neighbor routers to not advertise routes to any BGP peer. Because the community attribute in this
scenario applies only to the 192.168.0.0/24 route, RouterB will advertise the route to
192.168.1.0/24 but not the route to 192.168.0.0/24. The community attribute does not modify how
RouterA advertises the routes? it modifies how neighbor routers advertise the routes received
from RouterA.
Reference:
toc.html#communityattribute

Cisco 400-101 Exam
toc.html#sec3
n1.html#wp2607806244
QUESTION NO: 188
Which of the following statements best describes loop guard? (Select the best answer.)
A.
Loop guard prevents a switch port from transitioning to the forwarding state.
B.
Loop guard prevents a switch port from becoming the root port.
C.
Loop guard prevents a switch port from receiving BPDUs.
D.
Loop guard prevents a switch port from becoming a trunk port.
Answer: A
Explanation:
Loop guard prevents a switch port from transitioning to the forwarding state when it stops receiving
bridge protocol data units (BPDUs)? this prevents Layer 2 switching loops from occurring. A port
that is configured with loop guard that stops receiving BPDUs will be put into the loopinconsistent
state, as shown in the following output:
%SPANTREE-4-LOOPGUARDBLOCK: No BPDUs were received on port 0/1 in vlan 4. Moved to

loop inconsistent state
After the port starts receiving BPDUs again, loop guard enables the port to transition through the
normal Spanning Tree Protocol (STP) states. Loop guard is only used on interfaces that STP
considers to be pointtopoint links.
Root guard, not loop guard, prevents a switch port from becoming the root port, thereby
influencing where the root bridge is located on the network. When a port receives a superior
BPDU, it will normally attempt to become a root port. However, a root guard port that receives a
superior BPDU will be put into the rootinconsistent state, as shown in the following output:
%SPANTREE-2-ROOTGUARDBLOCK: Port 0/1 tried to become non-designated in VLAN 4.

Cisco 400-101 Exam
Moved to root-inconsistent state
When the port stops receiving superior BPDUs, the port will be enabled, as shown in the following
output:
%SPANTREE-2-ROOTGUARDUNBLOCK: Port 0/1 restored in VLAN 4
BPDU guard disables a switch port that receives BPDUs. Access ports should never receive
BPDUs? to prevent access ports from receiving BPDUs, you can enable BPDU guard on the
access ports, thereby defining the edge of the STP domain. When a port that is configured with
BPDU guard receives a BPDU, BPDU guard immediately puts the port into the errdisable state
and shuts down the port, as shown in the following output:
%SPANTREE-2-RX_PORTFAST: Received BPDU on PortFast enabled port.
Disabling FastEthernet0/1.
%PM-4-ERR_DISABLE: bpduguard error detected on Fa0/1, putting Fa0/1 in err-disable state
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
The port must be manually re-enabled, or it can be recovered automatically through the
err0disable timeout function.
Although loop guard can be enabled on trunk ports, it does not prevent a switch port from
becoming a trunk port. Loop guard should not be enabled on access ports. By contrast, BPDU
guard and root guard can be enabled on access ports.
Reference:
CCIE Routing and Switching v5.0 Certification Guide, Volume 1, Chapter 3, Protecting and
Optimizing STP, pp. 148-154
QUESTION NO: 189
Which of the following port states exist in both 802.1D and 802.1w? (Select 2 choices.)
A.
blocking
B.
disabled

Cisco 400-101 Exam
C.
discarding
D.
forwarding
E.
learning
F.
listening
Answer: D,E
Explanation:
The forwarding and learning port states exist in both traditional 802.1D Spanning Tree Protocol
(STP) and 802.1w Rapid STP (RSTP). An STP switch port will pass through the following port
states after a switch is turned on:
-Blocking
-Listening
-Learning
-Forwarding
When STP is enabled and a switch is turned on, each port first enters the blocking state. The
switch port then transitions to the listening state, in which it begins processing bridge protocol data
units (BPDUs) as it listens for information to determine whether it should transition to the learning
state. After entering the learning state, a switch port begins to transmit BPDUs and learn
addressing information with which to build the switching database. Finally, a switch port transitions
to the forwarding state, in which the switch port forwards frames. If a switch port determines at any
time during the STP state process that a switching loop would be caused by entering the
forwarding state, the switch port enters the disabled state, in which the switch receives BPDUs but
does not direct them to the system module.
RSTP combines the STP disabled, blocking, and listening states into a single port state called the
discarding state. An RSTP switch port will pass through the following port states after a switch is
turned on:
-Discarding
-Learning
-Forwarding

Cisco 400-101 Exam
When RSTP is enabled and a switch is turned on, each port first enters the discarding state, in
which a port receives BPDUs and directs them to the system module? however, the port neither
sends BPDUs nor forwards any frames. The switch port then transitions to the learning state, in
which it begins to transmit BPDUs and learn addressing information. Finally, a switch port
transitions to the forwarding state, in which the switch port forwards frames. If a switch port
determines at any time during the RSTP state process that a switching loop would be caused by
entering the forwarding state, the switch port again enters the discarding state, in which the switch
receives BPDUs and directs them to the system module but does not send BPDUs or forward
frames.
Reference:
146.html#states
QUESTION NO: 190
Which of the following commands creates a capture point named boson? (Select the best answer.)
A.
monitor capture point boson size 256 circular
B.
monitor capture point start boson
C.
monitor capture point associate boson exsim
D.
monitor capture point ip cef boson fastethernet 0/1 both
Answer: D
Explanation:
The monitor capture point ip cef boson fastethernet 0/1 both command creates a capture point
named boson on the FastEthernet 0/1 interface. The syntax for the monitor capture point
command is monitor capture point {ip | ipv6} {cefcapturepointname interfacename interfacetype
{both | in | out} | processswitched capturepointname {both | fromus | in | out}}.
Cisco IOS Embedded Packet Capture (EPC) is a feature that you can implement to assist with
tracing packets and troubleshooting issues with packet flow in and out of Cisco devices. You can
create multiple capture points with unique names and parameters on a single interface? however,
you can associate each capture point with only one capture buffer. To implement Cisco IOS EPC,
you must perform the following steps:
Cisco 400-101 Exam
The monitor capture point boson size 256 circular command will not create a capture point named
boson? however, the monitor capture buffer boson size 256 circularcommand would create a
capture buffer named boson. The syntax for the monitor capture buffer command is monitor
capture bufferbuffername [clear | exportexportlocation | filteraccesslist {ipaccesslist |
ipexpandedlist | accesslistname} | limit {allownthpaknthpacket | duration seconds |
packetcounttotalpackets | packetspersecpackets} | [maxsizeelementsize] [size buffersize] [circular
| linear]]. When creating capture buffers, you can adjust several items, including buffer type,
sampling interval, buffer size, and packet capture rate. Specifying the sampling interval and the
buffer type will allow for the maximum number of pertinent packets to be stored in the buffer. The
capture buffer contains packet data and metadata? the metadata contains a timestamp indicating
when the packet was added to the buffer, the direction of transmission of the packet, the switch
path, and the encapsulation type.
The monitor capture point associate boson exsim command will not create a capture point. The
monitor capture point associate boson exsim command will associate a capture point named
boson with a capture buffer named exsim. The syntax of the command to associate a capture
point with a capture buffer is monitor capture point associate capture-point-name capture-buffer-
name.
The monitor capture point start boson command will not create a capture point. The monitor
capture point start boson command will enable a capture point named boson and begin the
process of capturing packet data. The capture point must first be created before it can be enabled.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/configuration/15-mt/epc-15-mt-book/nm-
packet-capture.html#GUID-B343AF14-7CA2-45EC-BF9C-5DA65AEAD7A3
QUESTION NO: 191
IS-IS encapsulates its data at which layer of the OSI model? (Select the best answer.)
A.
the Data Link layer
B.
the Network layer

Cisco 400-101 Exam
C.
the Transport layer
D.
the Application layer
Answer: A
Explanation:
Intermediate System-to-Intermediate System (ISIS) encapsulates its data at the Data Link layer of
the Open Systems Interconnection (OSI) model and can therefore be used with both IP and
Connectionless Network Protocol (CLNP). When ISIS encapsulates packets, it uses 0xFE and
0xFEFE in the Layer 2 header to identify the Layer 3 protocol as OSI. ISIS is specified in
International Organization for Standardization (ISO) 10589.
ISIS is a linkstate routing protocol. Routers that use a linkstate routing protocol maintain a
complete topology of the network by flooding the state of each router's links across the entire
network until each of the routers has information about all of the other routers in the autonomous
system (AS). ISIS uses the following Data Link layer multicast addresses to send hello packets
and linkstate information:
0180.C200.0014 -All Level 1 (L1) Intermediate Systems
0900.2B00.0005 -All Intermediate Systems
0900.2B00.0004 -All End Systems
IS-IS uses a designated intermediate system (DIS) in a broadcast multiaccess network. All ISIS
routers on the network segment establish adjacencies with the DIS. The DIS serves as a focal
point for the distribution of ISIS routing information. Once elected, the DIS must relinquish its
duties if another router with a higher priority joins the network. If the DIS is no longer detected on
the network, a new DIS is elected based on the priority of the remaining routers on the network
segment. If a new DIS cannot be elected based solely on router priority, the highest Media Access
Control (MAC) address is used. If there is still a tie, the highest system ID is the deciding factor.
Every ISIS router is required to have a unique system ID.
Reference:
https://www.cisco.com/c/en/us/products/index.html#wp38435
QUESTION NO: 192

Cisco 400-101 Exam
Which of the following events would cause the overload bit to be set on a router running IS-IS?
A.
Multiple routes to the same destination exist on the router.
B.
The router comes online for the first time.
C.
The router has recently been reloaded.
D.
The router goes offline.
Answer: C
Explanation:
Of the available choices, the overload bit would be set on a router running Intermediate
SystemtoIntermediate System (ISIS) that has recently been reloaded. Routers that use a linkstate
routing protocol maintain a complete topology of the network by flooding the state of each router's
links across the entire network until each of the routers has information about all of the other
routers in the autonomous system (AS). ISIS uses Data Link layer multicast addresses to send
hello packets and linkstate information. Once a recently reloaded router comes back online, if the
overload bit is not set, the adjacent routers will begin forwarding packets to the router before the
router can completely populate its routing table. Because the routing table is not complete, the
router will drop packets to destinations that have not been written in the table yet? this describes a
blackhole issue.
Multiple routes to the same destination existing on a router running IS-IS would not cause the
overload bit to be set. Multiple routes typically do not exist in a routing table? however, when a
network is using shortest path first (SPF), multiple routes can exist. Linkstate routing protocols
consider the links that represent the shortest path to a destination as the best paths. After a router
has collected linkstate information for every destination in a topology, the router uses an SPF
algorithm to construct an SPF tree. The best paths from the SPF tree are then inserted into the
router's routing table.
A router going offline or coming online for the first time would not cause the overload bit to be set.
When a router is offline, the adjacent routers will not attempt to send packets to that router. An
alternate path, if one exists, will be used to deliver packets to a destination? otherwise, the packet
will be returned to the originator as undeliverable. A router coming online for the first time does not
have the configuration required for the overload bit to be set.
Reference:
Cisco: Intermediate SystemtoIntermediate System Protocol: Fast Convergence at Adjacency

Setup
Cisco 400-101 Exam
QUESTION NO: 193
Which of the following are Eline services? (Select 2 choices.)
A.
E-LAN
B.
EPL
C.
E-Tree
D.
EVPL
E.
VPLS
Answer: B,D
Explanation:
Both Ethernet private line (EPL) and Ethernet virtual private line (EVPL) are E-line services. E-line
services are Ethernet point-to-point Ethernet virtual connection (EVC) services that can be used to
connect two User Network Interfaces (UNIs). A UNI is the physical demarcation between a service
provider and a subscriber. The difference between an EPL and an EVPL is that an EVPL is
capable of service multiplexing. In addition, an EPL requires full service frame transparency. An
EVPL does not.
An ELAN service is a multipoint-to-multipoint EVC. Therefore, an ELAN service is not an E-line

service. ELAN services fully mesh two or more UNIs and follow a specific set of rules for delivering
service frames to a UNI. Each UNI in an ELAN can communicate with any other UNI in the ELAN.
ELANs typically have a distance limitation of 50 miles (80 kilometers). Layer 2 Virtual Private
Networks (L2VPNs) and multipoint L2VPNs are examples of ELANs.
A Virtual Private LAN Service (VPLS) enables multipoint ELAN services on a Multiprotocol Label
Switching
(MPLS) network. In a VPLS configuration, MPLS pseudowires are used to link virtual switch
instances (VSIs), which emulates an Ethernet switch. A VPLS can then be used to provide EVC
services and Transparent LAN Service (TLS).
An E-Tree is a point-to-multipoint EVC that resembles a hubandspoke configuration. Therefore, an

E-Tree is not an E-line service. An E-Tree service connects more than one UNI to a single root
UNI or leaf UNI. Root UNIs can send data to any leaf UNI. However, a leaf UNI can send traffic
only to a root UNI. E-Trees are typically used to provide Internet access to multiple sites.
Cisco 400-101 Exam
Reference:
https://www.cisco.com/c/en/us/td/docs/net_mgmt/active_network_abstraction/3-
7/service_activation/user/guide/anansaug/tech_overview.html#wp1106296
QUESTION NO: 194
Which of the following best describes a feasible successor? (Select the best answer.)
A.
the best metric along a path to a destination
B.
the total metric along a path to a destination
C.
the highest metric along a path to a destination
D.
a reported distance lower than the feasible distance of the current best path
Answer: D
Explanation:
A feasible successor is the Enhanced Interior Gateway Routing Protocol (EIGRP) neighbor that
has a reported distance that is lower than the feasible distance of the current best path. A feasible
successor must have a valid, loop-free path to the destination. If these conditions are met, EIGRP
immediately installs the feasible successor in the Routing Information Base (RIB) in order to speed
up convergence should the best path become unavailable.
Feasible distance is the EIGRP term for the best metric along a path to a destination. The feasible
distance includes the metric to the EIGRP neighbor that is advertising the path.
Reported distance, not feasible distance, is the total metric along a path to a destination. The
reported distance is determined by using the metric of the path as advertised by an upstream
EIGRP neighbor. The reported distance might also be the highest metric or the lowest metric
along a path to a destination.
Reference:
eigrp/16406-eigrp-toc.html

Cisco 400-101 Exam
QUESTION NO: 195
You want to move several company functions to the cloud, including software development and
CRM. You decide to use an IaaS vendor.
Which of the following will you most likely have to provide and manage? (Select 3 choices.)
A.
the CRM application
B.
the operating system
C.
the networking infrastructure
D.
the software development platform
E.
the computing and storage resources
Answer: A,B,D
Explanation:
You will most likely have to provide and manage the customer relationship management (CRM)
application, the operating system, and the software development platform. An Infrastructure as a
Service (IaaS) vendor provides computing and storage resources as well as the network
infrastructure. The customer is responsible for everything else, including operating systems,
software development platforms, database platforms, and software applications. With IaaS, the
customer has a great deal of control and flexibility. However, IaaS places a larger management
burden on the customer than the other cloud-based services do.
A Platform as a Service (PaaS) vendor provides the same services as an IaaS vendor does. In
addition, a PaaS vendor also provides operating systems, software development platforms, and
database platforms. PaaS is often used by companies that want to migrate their application
development to a cloud-based solution. However, a PaaS customer must use whatever software
development platform is supported by the PaaS vendor, so a degree of control and flexibility is
lost. The PaaS vendor is responsible for maintaining the operating systems, software development
platforms, and database platforms, as well as any underlying hardware infrastructure. If you were
to use a PaaS vendor, you would have to provide and manage only the CRM application.
A Software as a Service (SaaS) vendor typically provides a complete software application

package to customers. For example, a company might contract with an SaaS vendor to provide
hosted email services. The software application, the operating system on which the application
runs, the hardware on which the operating system runs, and the network infrastructure on which
the hardware communicates are maintained by the SaaS vendor, thereby lowering the
management burden for the customer. Access to the software application is often provided
Cisco 400-101 Exam
through a web browser interface. If you were to use an SaaS vendor, you would not have to
provide or manage anything? however, you would have to use whatever platforms and CRM
applications that the SaaS vendor has available.
Reference:
https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-
45/123-cloud1.html
https://www.cisco.com/en/US/services/ps2961/ps10364/ps10370/ps11104/Migration_of_Enterpris
e_Apps_to_Cloud_White_Paper.pdf
https://www.cisco.com/c/en/us/td/docs/solutions/Hybrid_Cloud/PaaS/1-0/PaaS/PaaS1.pdf
QUESTION NO: 196
In Cisco ACI, what is a collection of VRF instances or IP address spaces? (Select the best
answer.)
A.
an ANP
B.
an EPG
C.
a context
D.
a contract
Answer: C
Explanation:
In Cisco Application Centric Infrastructure (ACI), a context is a collection of VPN routing and
forwarding (VRF) instances or IP address spaces. Each customer, or tenant, can have one or
more contexts. Endpoints and endpoint groups (EPGs) define the application within each context.
A contract is a collection of rules and policies that define how endpoints and EPGs can
communicate. For example, a contract can be created so that a web server can be accessed only
by Hypertext Transfer Protocol (HTTP) or HTTP Secure (HTTPS).
Cisco 400-101 Exam
1. Create EPGs.
2. Create policies that define connectivity rules.
3. Create contracts between EPGs by applying policies.
Reference:
QUESTION NO: 197
In a three-node OpenStack architecture, the network node consists of services from which of the
following OpenStack components? (Select the best answer.)
A.
Glance
B.
Horizon
C.
Keystone
D.
Neutron
E.
Nova
Answer: D
Explanation:
In a three-node OpenStack architecture, the network node consists of services from the Neutron
component. OpenStack is an open-source cloud-computing platform. Each OpenStack modular
component is responsible for a particular function, and each component has a code name. The
following list contains several of the most popular OpenStack components:
-Nova -OpenStack Compute: manages pools of computer resources
-Neutron -OpenStack Networking: manages networking and addressing

Cisco 400-101 Exam
-Cinder -OpenStack Block Storage: manages blocklevel storage devices
-Glance -OpenStack Image: manages disk and server images
-Swift -OpenStack Object Storage: manages redundant storage systems
-Keystone -OpenStack Identity: is responsible for authentication
-Horizon -OpenStack Dashboard: provides a graphical user interface (GUI)
-Ceilometer -OpenStackTelemetry: provides counterbased tracking that can be used for customer
usage billing
A three-node OpenStack architecture consists of the network node, the controller node, and the
compute node. The network node consists of the following Neutron services:
-Neutron Modular Layer 2 (ML2) PlugIn
-Neutron Layer 2 Agent
-Neutron Dynamic Host Configuration Protocol (DHCP) Agent
The controller node consists of the following services:
-Keystone
-Glance
-Nova Management
-Neutron Server
-Neutron ML2 Plug-In
-Horizon
-Cinder
-Swift
-Ceilometer Core
The compute node consists of the following services:
-Nova Hypervisor
-Kernel-based Virtual Machine (KVM) or Quick Emulator (QEMU)

Cisco 400-101 Exam
-Neutron ML2 Plug-In
-Ceilometer Agent
Reference:
https://www.redhat.com/archives/rdo-list/2014-November/pdfzGvyHATdWc.pdf#page=12
QUESTION NO: 198
Which of the following statements is true regarding hypervisors? (Select the best answer.)
A.
Both KVM and Xen are Type1 hypervisors.
B.
Both KVM and Xen are Type2 hypervisors.
C.
Type1 hypervisors are generally slower than Type2 hypervisors.
D.
Type2 hypervisors are also called native hypervisors.
Answer: A
Explanation:
Both Kernel based Virtual Machine (KVM) and Xen are Type1 hypervisors. A hypervisor is used to
create and run virtual machines (VMs). A Type1 hypervisor runs directly on the host computer's
hardware. Other Type1 hypervisors include HyperV and VMware ESX/ESXi.
KVM and Xen are not Type2 hypervisors. A Type2 hypervisor runs within an operating system on
the host computer. VMware Workstation, Parallels Desktop for Mac, and Quick Emulator (QEMU)
are Type2 hypervisors.
Type-1 hypervisors are generally faster than Type-2 hypervisors because Type-1 hypervisors run
directly on the host computer's hardware and because Type-2 hypervisors have a host operating
system that consumes system resources.
Type-1 hypervisors are also called native hypervisors or baremetal hypervisors. Type-2
hypervisors are also called hosted hypervisors.

Cisco 400-101 Exam
Reference:
https://www.ibm.com/developerworks/library/l-hypervisor/
https://www.xenproject.org/users/virtualization.html
QUESTION NO: 199
Which of the following routing protocols can be used for routing on IoT networks? (Select the best
answer.)
A.
EIGRP
B.
IS-IS
C.
OSPF
D.
RPL
Answer: D
Explanation:
Routing Protocol for Lowpower and Lossy Networks (RPL) can be used for routing on Internet of
Things (IoT) networks. RPL is an IP version 6 (IPv6) routing protocol that is defined in Request for
Comments (RFC) 6550. An IoT network is considered to be a Low-power and Lossy Network
(LLN).
IoT networks connect embedded devices. Embedded devices, or smart objects, are typically
lowpower, lowmemory devices with limited processing capabilities. These devices are used in a
variety of applications, such as environmental monitoring, healthcare monitoring, process
automation, and location tracking. Many embedded devices can transmit data wirelessly, and
some are capable of transmitting over a wired connection. However, connectivity is generally
unreliable and bandwidth is often constrained.
IoT networks require a routing protocol that can handle the limitations of embedded devices.
Neither Enhanced Interior Gateway Routing Protocol (EIGRP), Intermediate SystemtoIntermediate
System (IS-IS), nor Open Shortest Path First (OSPF) meets the requirements for routing an IoT
network, as specified by the Internet Engineering Task Force (IETF) Routing over LLNs (ROLL)
working group. In addition to RPL, IPv6 over Low Power Wireless Personal Area Networks
(6LoWPAN) and Constrained Application Protocol (CoAP) have been created to address the
challenges of routing an IoT network.
Cisco 400-101 Exam
Reference:
https://datatracker.ietf.org/wg/roll/charter/
QUESTION NO: 200
Which of the following statements are true regarding Ansible, Salt, Chef, and Puppet? (Select 2
choices.)
A.
All have a web UI.
B.
All are written in Ruby.
C.
All are written in Python.
D.
All require client installation.
E.
All are configuration management tools.
Answer: A,E
Explanation:
Ansible, Salt, Chef, and Puppet are all configuration management tools and all have a web user
interface (UI). Configuration management tools are used to automate the installation,
configuration, and maintenance of multiple computer systems, including the software that runs on
those systems.
Not all of these configuration management tools are written in the same language. Puppet and
Chef are written in Ruby, whereas Salt and Ansible are written in Python.
Not all of these configuration management tools require client installation. Ansible does not use
client agent software on managed nodes. By contrast, Puppet and Chef require client agent
software on managed nodes. Salt nodes can use client agent software but do not require it.
used. Puppet operates on Linux distributions, UNIXlike systems, and Microsoft Windows. Puppet
uses a client/ server architecture; managed nodes running the Puppet Agent application can
receive configurations from a master server running Puppet Server. Modules are written in Ruby

Cisco 400-101 Exam
or by using a Rubylike Puppet language.
Like Puppet, Chef operates on Linux distributions, UNIXlike systems, and Microsoft Windows.
Chef can use a client/server architecture or a standalone client configuration. Configuration
information is contained within cookbooks that are written in Ruby and are stored on a Chef
Server. Managed nodes running the Chef Client can pull cookbooks from the server. Standalone
clients that do not have access to a server can run chefsolo and pull cookbooks from a local
directory or from a tar.gz archive on the Internet.
Salt also operates on Linux distributions, UNIXlike systems, and Microsoft Windows. Salt can use
a client/ server architecture by installing Salt master software on the server and Salt minion
software on managed nodes. Masters and minions communicate by using ZeroMQ. Salt can also
be used without installing Salt minion software by using Salt Secure Shell (SSH). However, Salt
SSH is much slower than ZeroMQ.
Configuration information is stored primarily in state modules that are typically written in YAML?
however, Python or Python Domain Specific Language (PyDSL) can also be used for complex
configuration scripts.
Like the other configuration management software packages, Ansible also operates on Linux
distributions, UNIXlike systems, and Microsoft Windows. However, unlike the other configuration
management software packages, Ansible does not use agent software on managed nodes.
Configurations are stored on the Ansible server in playbooks that are written in YAML. Managed
nodes can download scripted modules from an Ansible server by using SSH.
Reference:
QUESTION NO: 201
Which of the following features influences root bridge selection by putting a designated port into an
inconsistent state when it receives a superior BPDU? (Select the best answer.)
A.
BPDU guard
B.
PortFast
C.
loop guard
D.
root guard
Cisco 400-101 Exam
Answer: D
Explanation:
Root guard influences root bridge selection by putting a designated port into an inconsistent state
when it receives a superior bridge protocol data unit (BPDU). Normally, a port that receives a
superior BPDU will become the root port. However, if a designated port configured with root guard
receives a superior BPDU, the port transitions to the root-inconsistent state and no data will flow
through that port until it stops receiving superior BPDUs. As a result, root guard can be used to
influence the placement of the root bridgeon a network by preventing other switches from
propagating superior BPDUs throughout the network and becoming the root bridge.
Loop guard does not put a port into an inconsistent state when it receives a superior BPDU; loop
guard puts a port into an inconsistent state when it stops receiving BPDUs. This prevents the trunk
port from transitioning to the forwarding state, thereby preventing a Layer 2 switching loop.
BPDU guard does not put a port into an inconsistent state when it receives a superior
BPDU; BPDU guard puts a port into the errdisable state when it receives any BPDUs. This
isuseful for host ports, which should never receive BPDUs. BPDU guard defines the edge of the
Spanning Tree Protocol (STP) domain by limiting the advertisement of BPDUs to a port.
PortFast does not put a port into an inconsistent state when it receives a superior BPDU; PortFast
enables a port to immediately access the network by transitioning the port into the STP forwarding
state without passing through the listening and learning states.
Reference:
QUESTION NO: 202
Which of the following commands could you issue to configure a router interface to use unicast
packets to establish OSPF neighbor relationships? (Select 2 choices.)
A.
ip ospf network broadcast
B.
ip ospf network non-broadcast
C.
ip ospf network point-to-point
D.
ip ospf network point-to-multipoint

Cisco 400-101 Exam
E.
ip ospf network point-to-multipoint non-broadcast
Answer: B,E
Explanation:
You could issue either the ip ospf network non-broadcast command or the ip ospf network point-
to-multipoint non-broadcast command to configure a router interface to use unicast packets to
establish Open Shortest Path First (OSPF) neighbor relationships. These commands are useful for
creating an OSPF network over a non-broadcast multiaccess (NBMA) network, such as a Frame
Relay network, where broadcast and multicast traffic is not allowed. However, OSPF neighbor
discovery relies on multicast traffic, so routers on an NBMA network cannot automatically discover
neighbor routers. Therefore, manual configuration of neighbor routers with the neighbor command
is required with NBMA networks. All OSPF traffic is then sent to the unicast IP addresses
configured in the neighbor commands.
The ip ospf network broadcast command, the ip ospf network point-to-point command, and the ip
ospf network point-to-multipoint command all use multicast packets to establish OSPF neighbor
relationships. As a result, these OSPF network types do not require manual configuration of
neighbor routers. OSPF uses multicast addresses 224.0.0.5 and 224.0.0.6 to send linkstate
advertisements (LSAs) and hello packets.
Reference:
i1.html#wp3564440872
QUESTION NO: 203
The OSPF process on RouterA, which is not a PE router, is associated with a VRF instance.
Which of the following commands will disable PEspecific checks? (Select the best answer.)
A.
address-family ipv4 vrf
B.
capability vrf-lite
C.
ip vrf forwarding

Cisco 400-101 Exam
D.
ip vrf
Answer: B
Explanation:
The capability vrf-lite command will disable provider edge (PE)specific checks on RouterA. PE
checks are used to prevent loops when the Open Shortest Path First (OSPF) process on a PE is
associated with the VPN routing and forwarding (VRF) instance and the router is mutually
redistributing OSPF and Border Gateway Protocol (BGP). VRF enables multiple instances of a
routing table to exist on a router. When OSPF is associated with a VRF instance and is being
mutually redistributed with BGP, it is possible for routing loops to occur. PE checks examine
linkstate advertisements (LSAs) to determine whether a specific path should be considered for
insertion into the routing table. However, PE checks are not necessary on a router that is not
running BGP and is therefore not a PE router.
The addressfamily ipv4 vrf command does not disable PE checks. Instead, the address-family ipv4
vrf vrf-name command is used to configure VRF contexts under a routing process. For example, to
configure the routing context for VRF boson under Enhanced Interior Gateway Routing Protocol
(EIGRP) process 65000, you would issue thefollowing commands:
RouterA(config)#router eigrp 65000
RouterA(config-router)#address-family ipv4 vrf boson
Neither the ip vrf command nor the ip vrf forwarding command disables PE checks.
Instead, the ip vrf forwarding vrfname command adds a VRF instance to an interface.
Fo example, to add the VRF boson to the FastEthernet0/1 interface on RouterA, youwould issue
the following commands:
RouterA(config)#interface FastEthernet0/1
RouterA(config-if)#ip vrf forwarding boson
Reference:
a1.html#wp2582896905
QUESTION NO: 204

Cisco 400-101 Exam
You administer the network shown above. No VLANs are configured on any of the switches.
Which of the following switches is the root bridge for the network? (Select the best answer.)
A.
SwitchA
B.
SwitchB
C.
SwitchC
D.
SwitchD
E.
SwitchE
Answer: E
Explanation:
SwitchE is the root bridge for the network. The root bridge is the switch with the lowest bridge ID.
The bridge ID is composed of a 2byte bridge priority and a 6byte Media Access
Control (MAC) address. The bridge priority is considered first in the determination of the lowest
bridge ID. The bridge priority can be set by issuing the spanning-tree priorityvalue command,
where value is a number from 0 through 65535? the default priority is 32768.
SwitchC and SwitchE both have a priority of 0. When two or more switches have the lowest
priority, the switch with the lowest MAC address becomes the root bridge. MAC addresses are
written in hexadecimal format. With MAC addresses, numbers are lower than letters and the
hexadecimal value A is lower than the hexadecimal value F. Because SwitchE has a lower MAC

Cisco 400-101 Exam
address than SwitchC, SwitchE is the root bridge.
SwitchA is not the root bridge for the network, because it has the highest priority value, not the
lowest priority value. Although link speed is somewhat relevant in determining the root port for a
switch, link speed is irrelevant in determining the root bridge.
SwitchB is not the root bridge for the network; like SwitchA, SwitchB also has the highest priority
value, not the lowest priority value. SwitchB contains redundant links to SwitchD, but redundant
links are irrelevant in determining the root bridge. To avoid a switching loop, at least one of the
redundant links between SwitchB and SwitchD will be blocked.
SwitchC is not the root bridge for the network. If the bridge priority of SwitchE were higher than 0,
SwitchC would be the root bridge because a priority of 0 is the lowest configurable priority value.
SwitchD is not the root bridge for the network. Although SwitchD has the lowest MAC address on
the network, the bridge priority is considered first in the determination of the root bridge. If all of the
switches on the network had the same bridge priority values, SwitchD would be the root bridge
because it has the lowest MAC address.
Reference:
2_53_se/configuration/guide/2960scg/swstp.html#wp1157719
QUESTION NO: 205

Cisco 400-101 Exam
You administer the EIGRP network shown above. RouterB is configured to send only a summary
route to RouterE. RouterC is configured as a stub router.
The link between RouterA and RouterB fails.
Which of the following routers will send a query to RouterF? (Select the best answer.)
A.
only RouterC
B.
only RouterD
C.
only RouterE
D.
only RouterC and RouterD
E.
only RouterD and RouterE
F.
RouterC, RouterD, and RouterE
Answer: B
Explanation:
Only RouterD will send a query to RouterF. Query packets are sent to find routes to a destination
network. When a router loses the best route to a destination and does not have a feasible
successor, it floods query packets to its neighbors. If a neighbor has a route to the destination
network, it replies with the route. However, if a neighbor does not have a route to the destination
network, it queries its neighbors, those neighbors query their neighbors, and so on. This process
continues until either a router replies with the route or there are no routers left to query. The
network cannot converge until all the replies have been received, which can cause a router to
become stuck in active (SIA).
Limiting Enhanced Interior Gateway Routing Protocol (EIGRP) queries prevents queries from
consuming bandwidth and processor resources and prevents routers from becoming SIA. You can
display which routers have not yet replied to a query by issuing the show ip eigrp topology active
command, as shown in the following output:

Cisco 400-101 Exam
The eigrp stub command limits EIGRP queries by creating a stub router. Stub routers advertise
only a specified set of routes and therefore typically need only a default route from a hub router. A
hub router detects that a router is a stub router by examining the Type-Length-Value (TLV) field
within EIGRP hello packets sent by the router. The hub router will specify in its neighbor table that
the router is a stub router and will no longer send query packets to that stub router, thereby limiting
how far EIGRP queries spread throughout a network. Because RouterC is configured as a stub
router, RouterB will not send queries to RouterC, and RouterC will therefore not propagate those
queries to RouterF. Although hub routers will not send queries to stub routers, stub routers can
initiate queries of their own.
The ip summary address eigrp as number address mask command limits EIGRP queries by
configuring route summarization. If a neighbor router has a summarized route but does not have
the specific route to the destination network in the query, the neighbor router will reply that it does
not have a route to the destination network and will not query its neighbors. Thus route
summarization creates a query boundary that prevents queries from propagating throughout the
network. In this scenario, RouterB is configured to send only a summary route to RouterE;
therefore, RouterE will not send queries to RouterF.
RouterD is not configured as a stub router, and RouterB is not sending RouterD a summarized
route. Therefore, when RouterB sends a query to RouterD, RouterD will send a query to RouterF.
Reference:
f6f.html
QUESTION NO: 206
You are configuring a serial link on one of your company's routers. You want to enable
encapsulation for the link and ensure that your configuration will support either asynchronous or
synchronous communications. You also want to configure authentication for the link, and you want
to use the most secure authentication mechanism available for the link.
Which of the following commands should you use to accomplish your goal? (Select the best
answer.)
A.
Cisco 400-101 Exam
Router1(config)#interface serial 1Router1(configif)#encapsulation ppp
Router1(configif)#ppp authentication pap
B.
Router1(config)#interface serial 1
Router1(configif)#encapsulation hdlc
Router1(configif)#ppp authentication pap
C.
Router1(config)#interface serial 1Router1(configif)#encapsulation ppp
D.
Router1(configif)#encapsulation hdlc
Answer: C
Explanation:
You should enable PointtoPoint Protocol (PPP) as the encapsulation protocol for the link and
Challenge Handshake Authentication Protocol (CHAP) as the authentication protocol for the link
by issuing the following command sequence:
Router1(confi-gif)#encapsulation ppp
Router1(config-if)#ppp authentication chap
PPP is a wide area network (WAN) protocol used on pointtopoint serial links. PPP supports both
synchronous and asynchronous communications. HighLevel Data Link Control (HDLC) is another
WAN
protocol that can be used on pointtopoint serial links, but HDLC supports only synchronous
communications. Unlike PPP, HDLC does not support authentication. On Cisco routers, HDLC is
the default serial interface encapsulation protocol.
PPP supports two types of authentication mechanisms: Password Authentication Protocol (PAP)
and CHAP. When PAP is used, the user name and password of the originating router are sent
over the link in plain text. By contrast, when CHAP is used, a hash of the user name and password
combination, as well as a random number, is sent to the destination router? the user name and
password are not sent across the link. Thus CHAP is more secure than PAP for authentication.
Cisco 400-101 Exam
Reference:
http://docwiki.cisco.com/wiki/Point-to-Point_Protocol
ppp-chap.html
QUESTION NO: 207
You use PPP on your Cisco router to allow users to access the network remotely.
Which of the following protocols can you use for authentication? (Select 2 choices.)
A.
PPP
B.
CHAP
C.
SLIP
D.
PAP
E.
HDLC
Answer: B,D
Explanation:
You can use Password Authentication Protocol (PAP) or Challenge Handshake
Authentication Protocol (CHAP) for authentication with PointtoPoint Protocol (PPP). PPPrelies on
an authentication protocol to provide authentication. PPP is a wide area network (WAN) protocol
used to provide remote connectivity. PPP is easy to configure and can transport multiple Layer 3
protocols, such as IP, Internetwork Packet Exchange (IPX), and AppleTalk. To configure an
interface for PPP, you should issue the encapsulation pppcommand in interface configuration
mode.
When PAP is used, the user name and the password of the originating router are sent over the link
in plain text. By contrast, when CHAP is used, a hash of the user name and password
combination, as well as a random number, is sent to the destination router; the user name and
password are not sent across the link. Thus CHAP is more secure than PAP for authentication.
To configure a router interface to use CHAP authentication, you should issue the ppp
Cisco 400-101 Exam
authentication chap command from interface configuration mode. To configure a router interface to
use PAP authentication, you should issue the ppp authentication papcommand. To configure a
router interface to use both CHAP and PAP, you should issue the ppp authentication chap pap
command or the ppp authentication pap chap command? the authentication methods will be used
in the order they are listed.
You can also use Microsoft CHAP (MSCHAP), MSCHAP version 2 (MSCHAP v2), and
Extensible Authentication Protocol (EAP) with PPP. To configure a router interface to

useMSCHAP, you should issue the ppp authentication mschap command. To configure a router
interface to use MSCHAP v2, you should issue the ppp authentication mschapv2 command. To
configure a router interface to use EAP, you should issue the ppp authentication eap command.
You cannot use HighLevel Data Link Control (HDLC) for authentication. Similar to PPP, HDLC is a
WAN encapsulation protocol, and it can be used with multiple Layer 3 protocols. However, HDLC
does not support authentication.
Like PPP, the older Serial Line Internet Protocol (SLIP) can also be used for remote connectivity
and relies on an authentication mechanism to provide authentication. Unlike PPP and HDLC, SLIP
can transport only IP traffic. To configure an interface for SLIP, you should issue the encapsulation
slip command in interface configuration mode.
Reference:
ppp-chap.html
QUESTION NO: 208
Which device or devices receive packets destined for FF02::5? (Select the best answer.)
A.
all IPv6capable nodes on the segment
B.
all IPv6capable routers on the segment
C.
the single device that is configured with the address FF02::5
D.
all RIPv6 routers
E.

Cisco 400-101 Exam
all OSPFv3 routers
F.
all EIGRPv6 routers
G.
all DRs and BDRs
Answer: E
Explanation:
All Open Shortest Path First version 3 (OSPFv3) routers receive packets destined for
FF02::5, which is similar to the OSPFv2 allrouters multicast address 224.0.0.5.

OSPFv3designated routers (DRs) and backup designated routers (BDRs) receive packets
destined for FF02::6, which is similar to the OSPFv2 allDR/BDR multicast address 224.0.0.6.
These multicast addresses are used to exchange hello messages and linkstate advertisements
(LSAs) among OSPF routers.
The IPv6 address FF02::5 is a multicast address, which is used for onetomany communication.
IPv6 multicast addresses begin with the hexadecimal characters FF. Individual devices cannot be
configured with a particular multicast address. Therefore, packets destined for FF02::5 will not be
received by a single device configured with that address.
Al Routing Information Protocol version 6 (RIPv6) routers receive packets destined for
FF02::9, which is similar to the RIPv2 allrouters multicast address 224.0.0.9. This addressis used
to exchange hello packets and routing updates among RIP routers.
Al Enhanced Interior Gateway Routing Protocol version 6 (EIGRPv6) routers receivepackets

destined for FF02::A, which is similar to the EIGRP IPv4 allrouters address 224.0.0.10. This
address is used to exchange hello packets and routing updates among EIGRP routers.
Al IPv6 nodes on a segment receive packets destined for FF02::1, which is similar to the
IPv4 allhosts multicast address 224.0.0.1. Traffic sent to FF02::1 is received by all hostson the
local segment. IPv6 nodes automatically join the FF02::1 multicast group at startup.
Al IPv6 routers on a segment receive packets destined for FF02::2, which is similar to the
IPv4 allrouters multicast address 224.0.0.2. Traffic sent to FF02::1 is received by allrouters on the
local segment. IPv6 routers automatically join the FF02::2 multicast group at startup.
Reference:
https://tools.ietf.org/html/rfc5340#page-57

Cisco 400-101 Exam
QUESTION NO: 209
Which of the following must you do to enable OSPFv3 to function on an interface? (Select 3
choices.)
A.
You must issue the ipv6 router ospfprocessid command in global configuration mode.
B.
You must issue the router ospfv3 [processid] command in global configuration mode.
C.
You must issue the ipv6 unicastrouting command in global configuration mode.
D.
You must issue the ipv6 address command or the ipv6 enable command in interface
configurationmode.
E.
You must issue the ipv6 ospf processidarea areaid [instanceinstanceid] command in
interfaceconfiguration mode.
F.
You must issue the networknetworkidwildcardmaskarea areaid command in router configuration
mode.
Answer: C,D,E
Explanation:
You must perform the following steps to enable Open Shortest Path First version 3 (OSPFv3) to
function on an interface:
-Issue the ipv6 unicastrouting command in global configuration mode.
-Issue the ipv6 address command or the ipv6 enable command in interface configuration mode.
-Issue the ipv6 ospf processidarea areaid [instanceinstanceid] command in interface configuration
mode.
The ipv6 unicast-routing command enables IPv6 unicast routing on the router. IPv6 unicast routing
must be enabled globally on the router so that the router can forward IPv6 packets.
The ipv6 address command enables IPv6 on the interface and assigns an IPv6 address to the
interface.
The ipv6 enable command enables IPv6 on an interface but does not assign an address to the
interface.

Cisco 400-101 Exam
The ipv6 ospf processidarea areaid [instance instanceid] command enables OSPFv3 on the
interface if the previous two steps have been completed. You can also issue the ospfv3
processidarea areaid {ipv4 | ipv6} [instanceinstanceid] command to enable OSPFv3 on an
interface for a particular address family. Address families allow OSPFv3 to support both IPv4 and
IPv6, but only one address family can be enabled on an OSPFv3 instance. Unlike OSPF version 2
(OSPFv2), OSPFv3 allows multiple instances to be enabled on a link.
Issuing the ipv6 router ospfprocessid command or the router ospfv3 [processid]command creates
an OSPFv3 routing process on the router, but neither command is required to enable OSPFv3 to
function on an interface. Enabling OSPFv3 on an interface automatically creates an OSPFv3
routing process on the router, so neither the ipv6 router ospfprocessid command nor the router
ospfv3 command is required unless you need to configure global OSPFv3 parameters.
You are not required to issue the networknetworkidwildcardmaskarea areaidcommand in router

configuration mode. The network command in OSPFv2 is used to specify which networks should
participate in OSPF. Because OSPFv3 is configured directly on the interface, the network
command is no longer necessary and is therefore unavailable in OSPFv3.
Reference:
e=enUS&tab=Cisco
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2s/ipv6-15-2s-
book.html#GUID-F7619122-1D7B-4433-8F1B-012F5978AFFE
QUESTION NO: 210
Which of the following must you do before IP source guard can be used on a switch port? (Select
2 choices.)
A.
Configure static IP bindings on the switch.
B.
Enable DHCP snooping on the switch.
C.
Enable uRPF on the switch port.
D.
Enable IP routing on the switch port.
E.
Enable CEF on the switch.

Cisco 400-101 Exam
Answer: A,B
Explanation:
You must configure static IP bindings or enable Dynamic Host Configuration Protocol (DHCP)
snooping on the switch before IP source guard can be used on a switch port. To configure a static
IP binding, you should issue the ip source binding mac addressvlan vlanid ipaddressinterface
interfaceid command. To enable DHCP snooping, you should issue the ip dhcp snooping
command.
IP source guard prevents all IP traffic except for the following packets:
-DHCP packets allowed by DHCP snooping
-Traffic that matches entries in the IP source binding table
The IP source binding table is populated by static bindings or by DHCP snooping. If you enable IP
source guard on a switch port but do not configure static IP bindings or DHCP snooping, all IP
traffic will be dropped by the switch.
IP source guard mitigates DHCP spoofing attacks. In a DHCP spoofing attack, an attackerinstalls
a rogue DHCP server on the network in an attempt to intercept DHCP requests. The rogue DHCP
server can then respond to the DHCP requests with its own IP address as the default gateway
address? hence all traffic is routed through the rogue DHCP server. As a result, a host that has
obtained an IP address from a rogue DHCP server could become the victim of a maninthemiddle
attack in which a malicious individual eavesdrops on a network conversation between two hosts.
Enabling DHCP snooping with IP source guard helps to mitigate DHCP spoofing attacks.
You do not need to enable unicast Reverse Path Forwarding (uRPF) on the switch port. Like
IP source guard, uRPF can mitigate spoofing attacks. uRPF checks the source IP address ofa
packet to determine whether the packet arrived on the best path back to the source based on
routing table information. If the IP address information is spoofed, the uRPF check will fail and the
packet will be dropped.
You do not need to enable Cisco Express Forwarding (CEF) on the switch. Unlike uRPF, IP
source guard does not rely on CEF to function? CEF must be enabled for uRPF to function.
You should not enable IP routing on the switch port. In fact, enabling routing on a switch port by
issuing the no switchport command prevents you from enabling IP source guard on the switch
port.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/blades/3120/software/release/12-
2_40_ex/configuration/guide/3120scg/swdhcp82.pdf

Cisco 400-101 Exam
QUESTION NO: 211
You have enabled CEF and have issued the ip verify unicast source reachable via rx command to
enable uRPF in strict mode on a router. A TCP packet with a source address of 10.11.12.1 arrives
on the router's FastEthernet0/1 interface. A route to 10.11.12.1 exists in the FIB, but the path
through the FastEthernet0/1 interface is not the best path to the source.
A.
The packet will be dropped.
B.
The packet will be forwarded through a valid path.
C.
The packet will be forwarded through the best path.
D.
The packet will be logged as suspicious.
Answer: A
Explanation:
The packet will be dropped because unicast Reverse Path Forwarding (uRPF) is operating in strict
mode. When you enable uRPF in strict mode, the router checks packets upon arrival at an
interface to determine whether those packets arrived through the best path to the source. If a
packet did not arrive from the best path, the packet is dropped. Implementing uRPF in strict mode
can cause legitimate traffic to be dropped in asymmetric routing configurations.
Fo uRPF to be used in either strict or loose mode, Cisco Express Forwarding (CEF) must be
enabled. The router uses the information in the Forwarding Information Base (FIB) to perform the
reverse lookup. The FIB is generated by CEF. In strict mode, the router checks to see whether a
path to the source exists in the FIB and whether the packet arrived on the interface with the best
path to the source. In loose mode, the router checks to see whether the source exists in the FIB
and is a valid forwarding entry, not just the best path.
There are two network addresses that uRPF always allows to pass even though they might not be
present in the FIB: 0.0.0.0 and 255.255.255.255. Not allowing those addresses to pass would
cause problems with both Bootstrap Protocol (BOOTP) and Dynamic Host Configuration Protocol
(DHCP).
The packet would not be forwarded through any path. Because you have enabled strict mode and
the packet did not arrive on the best path back to the source, the packet is dropped. If the packet
had arrived on the best path to the source, the best path criteria would have been met and the
packet would have been forwarded.
If you had issued the ip verify unicast source reachable via any command, which enables uRPF in
Cisco 400-101 Exam
loose mode, the packet would have been forwarded. In loose mode, the router checks the FIB to
determine whether the packet arrived on a valid path back to the source. uRPF in loose mode
forwards the packet as long as the reverse path is a valid path, even if it is not the best path back
to the source.
The packet will not be logged as suspicious. uRPF is a reverse path checking tool and not a
logging tool for suspicious activity. However, uRPF can mitigate spoofing attacks.
Reference:
https://www.cisco.com/c/en/us/about/security-center/unicast-reverse-path-forwarding.html
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/srpf_gsr.html#wp1053391
https://www.cisco.com/c/en/us/td/docs/ios/sec_data_plane/configuration/guide/convert/sec_data_u
rpf_15_1_book/sec_cfg_unicast_rpf.html#wp1000928
QUESTION NO: 212
Which of the following types of authentication is configured with the isis password command?
A.
interface authentication
B.
area authentication
C.
domain authentication
D.
router authentication
Answer: A
Explanation:
Interface authentication is configured with the isis password command. Intermediate System-to-
Intermediate System (ISIS) has three methods of authentication:
-Interface authentication
-Area authentication

Cisco 400-101 Exam
-Domain authentication
Interface authentication configures ISIS to add authentication for hello messages sentfrom that
interface. Hello messages are used to establish and maintain adjacencies. To configure ISIS
interface authentication, you should issue the isis password command from interface configuration
mode. The syntax of the isis password command is isis password password [level1 | level2]. If the
level is not specified, the password is used for both L1 and L2 routing. The isis password
command is not used to configure router authentication.
Area authentication configures ISIS to add authentication for L1 Link State Packets (LSPs),
Complete Sequence Number PDUs (CSNPs), and Partial Sequence Number PDUs (PSNPs).
LSPs distribute routing information between nodes. The designated intermediate system (DIS),
which is similar to the designated router (DS) in Open Shortest Path First (OSPF), sends CSNPs
and PSNPs that describe the LSPs in the linkstate database. CSNPs, which describe all of the
LSPs in the database, are multicast periodically by the DIS. PSNPs, which describe a subset of
the LSPs, are used to acknowledge received LSPs and to request missing LSPs. To configure
area authentication, you should issue the area password command from ISIS router configuration
mode. The syntax of the area password command is area password password.
Domain authentication configures ISIS to add authentication for L2 LSPs, CSNPs, andPSNPs. To
configure domain authentication, you should issue the domain password command from ISIS
router configuration mode. The syntax of the domain password command is domain password
password.
It is possible to configure interface authentication, area authentication, and domain authentication

on the same router. The following partial configuration is from a router that has been configured
with all three ISIS authentication methods:
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/integrated-intermediate-system-to-intermediate-
system-is-is/13792-isis-authent.html
QUESTION NO: 213 CORRECT TEXT

Cisco 400-101 Exam
RouterA and RouterB are connected routers.
router isis
net 49.1741.0000.0000.000a.00
You issue the show runningconfig command on RouterB and receive the following partial output:
router isis
net 48.1741.0000.0000.000b.00
Neither the ist-ype command nor the isis circuit-type command has been issued on either router.
Which of the following output would you expect to see after issuing the show clns neighbors
command on RouterA? (Select the best answer.)
Answer:
C
Explanation:
You would expect to see the following output after issuing the show clns neighborscommand on
RouterA:
Routers running the Intermediate SystemtoIntermediate System (ISIS) routing protocol are placed
into administrative domains called areas. Each ISIS router resides in only one area. The collection
of all areas managed by a single organization is called a routing domain. RouterA and RouterB are
in separate areas, as indicated by the different netcommands in their running configurations.
RouterA is part of area 49.1741, and RouterB is part of area 48.1741.
Each ISIS router is configured with a routing level. Level 1 (L1) routers are capable ofintraarea
routing, which delivers data within a single area. Level 2 (L2) routers are capable of interarea
routing, which delivers data between areas. Level 1/Level 2 (L1/L2) routers are capable of both
intraarea and interarea routing and maintain a separate linkstate database for each. You can
configure the routing level for an ISIS process by issuing the istype {level1 | level12 | level2only}
Cisco 400-101 Exam
command, and you can configure the routing level for an ISIS interface by issuing the isis
circuittype {level1 | level12 | level2only} command. By default, all ISIS routing processes and
interfaces are configured for L1/L2 routing. Therefore, both RouterA and RouterB are configured
for L1/L2 routing. Additionally, RouterA and RouterB will establish an L2 adjacency because the
routers are in different areas.
If RouterA and RouterB were in the same area, you would expect to see the followingoutput after
issuing the show clns neighbors command on RouterA:
If RouterA and RouterB were in the same area and if either router were configured for L1routing
only, you would expect to see the following output after issuing the show clns neighbors command
on RouterA:
If RouterA and RouterB were in different areas and if either router were configured for L1routing
only, you might see the following output after issuing the show clns neighborscommand on
RouterA:
L1 routers cannot form adjacencies between areas. When an ISIS routing level mismatch,
authentication mismatch, or maximum transmission unit (MTU) mismatch occurs, an ISIS
an End System-to-Intermediate System (ESIS) adjacency. ESIS is used to discover end systems.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/isoclns/command/reference/iso_book/iso_m1.html#wp1
023033
QUESTION NO: 214
router bgp 400
neighbor 192.168.1.1 remote-as 400
neighbor 192.168.1.1 route-map map-in in
neighbor 192.168.1.1 route-map mapout out
neighbor 192.168.1.1 filter-list 1 in

Cisco 400-101 Exam
neighbor 192.168.1.1 password jdsfr39oo26
neighbor 192.168.1.2 remoteas 400
neighbor 192.168.1.2 route-map map-out out
neighbor 192.168.1.5 route-map map-extra in
A.
RouterA uses eBGP to communicate with its neighbors.
B.
You can implement a peer group to simplify the configuration.

Cisco 400-101 Exam
C.
Each neighbor is configured with a different number of route maps.
D.
Each neighbor is configured with the same number of AS path filters.
Answer: B,D
Explanation:
You can implement a peer group to simplify and shorten the configuration. Additionally, each
neighbor is configured with the same number of autonomous system (AS) path filters.
You can use a peer group to easily configure multiple neighbor statements that contain the same
policy information for each neighbor. Using a peer group simplifies the configuration, reduces the
chance for typographical errors, reduces the CPU and memory load on a router, and enables
updates to be replicated more efficiently. To configure a peer group, you should issue the neighbor
peer-group-name-peer-group command in router configuration mode. To configure a peer group
member, you should issue the neighboripaddresspeergroup peergroupname command in router
configuration mode.
The following commands configure a peer group named pg1 and effectively replace the
commands previously issued in this scenario:
router bgp 400
neighbor pg1 peergroup
neighbor pg1 remoteas 400
neighbor pg1 routemap mapin in
neighbor pg1 routemap mapout out
neighbor pg1 filterlist 1 in
neighbor pg1 password jdsfr39oo26
neighbor 192.168.1.1 peergroup pg1
neighbor 192.168.1.5 routemap mapextra in

Cisco 400-101 Exam
Each neighbor is configured with one AS path filter. To create an AS path filter, you should issue
the neighbor {ipaddress | peergroupname} filterlist accesslist {in | out} command. The in keyword
specifies an inbound path filter, and the out keyword specifies an outbound path filter.
Each neighbor is not configured with a different number of route maps. Each neighbor router is
configured with an inbound route map named mapin and an outbound route map named mapout.
Although the neighbor router at 192.168.1.5 was configured with another inbound route map
named mapextra, as indicated by the neighbor 192.168.1.5 routemap mapextra in command, it
was replaced by the neighbor 192.168.1.5 routemap mapin in command. A router can be
configured with only one inbound and one outbound route map per neighbor.
When converting the individual neighbor ipaddress routemap commands as a peer group
configuration, you can specify each route map that is shared by all of the members of the peer
group in a single neighbor peergroupname routemap command. Any extra route maps that are
used by only a few members of the peer group can be specified by using individual neighbor
ipaddress routemap commands.
RouterA does not use external Border Gateway Protocol (eBGP) to communicate with its
neighbors, because all of the routers share the same AS number, as indicated by the neighbor
ipaddress remoteas 400 command. Routers that share the same AS number are internal BGP
(iBGP) routers.
Reference:
m1.html#wp4505123410
QUESTION NO: 215
You have issued the ip multicastrouting command and the ip pim ssm command from global
configuration mode.
Which of the following commands can you issue on each multicast interface to complete the SSM
configuration? (Select 3 choices.)
A.
ip pim densemode
B.
ip pim passive
C.
ip pim sparsemode

Cisco 400-101 Exam
D.
ip pim sparsedensemode
E.
ip igmp version 2
F.
ip igmp version 3
Answer: C,D,F
Explanation:
You can issue the ip igmp version 3 command and either the ip pim sparsemodecommand or the
ip igmp sparsedensemode command on each interface. Source Specific Multicast (SSM) enables
a device to specify the source addresses from which it will accept multicast traffic. Internet Group
Management Protocol version 3 (IGMPv3) improves upon IGMPv2 by adding support for SSM;
therefore, IGMPv3 is required for SSM to function. You can enable IGMPv3 on an interface by
issuing the ip igmp version 3command. IGMPv2 does not support SSM; therefore, you cannot
issue the ip igmp version 2 command on an SSM interface.
SSM is derived from Protocol Independent Multicast sparse mode (PIMSM). Therefore, PIMSM
and PIM sparse dense mode (PIMSDM) are the only modes that can be used with SSM. You can
enable PIMSM on an interface by issuing the ip pim sparse mode command, and you can enable
PIMSDM on an interface by issuing the ip pim sparse dense mode command. You cannot use PIM
dense mode (PIMDM) or PIM passive mode with SSM; therefore, you should not issue the ip pim
dense mode command or the ip pim passive command on an SSM interface.
Reference:
2_53_se/configuration/guide/3750xscg/swmcast.html#wp1308052
QUESTION NO: 216
You want to protect the control plane of RouterA from SNMPbased DoS attacks.
Additionally, you want to ensure that SNMP traffic from your management station,192.168.1.111,
to the control plane of RouterA is not restricted.
You have created a class map, created a policy map, and applied a service policy on the control
plane in the inbound direction, as indicated by the partial running configuration shown below:

Cisco 400-101 Exam
Which of the following command sets should you issue to complete the configuration? (Select the
best answer.)
A.
RouterA(config)#ip access-list extended boson
RouterA(config-ext-nacl)#deny udp host 192.168.1.111 any eq snmp
RouterA(config-ext-nacl)#permit udp any any eq snmp
B.
RouterA(config-ext-nacl)#permit udp host 192.168.1.111 any eq snmp
RouterA(config-ext-nacl)#deny udp any any eq snmp
C.
RouterA(config)#ip accesslist extended boson
RouterA(config-ext-nacl)#deny udp any host 192.168.1.111 eq snmp
D.
RouterA(config-ext-nacl)#permit udp any host 192.168.1.111 eq snmp
RouterA(config-ex-tnacl)#deny udp any any eq snmp

Cisco 400-101 Exam
Answer: A
Explanation:
You should issue the command set below to create a named extended access control list (ACL)
named boson that completes the configuration:
RouterA(config-ext-nacl)#deny udp host 192.168.1.111 any eq snmp
To create a named extended ACL, you should issue the ip access-list extended acl-name
command. Issuing this command will place the router in extendednamedACL mode. Extended
ACL entries can be created by using the following basic syntax:
[sequence-number] {deny | permit} protocol source source-wildcard [operator [port]] destination

destination-wildcard [operator [port]]
In this scenario, the deny udp host 192.168.1.111 any eq snmp command creates an extended
ACL entry that denies User Datagram Protocol (UDP) packets that have a source IP address of
192.168.1.111 and a destination port number of 161. Simple Network Management Protocol
(SNMP) traffic uses UDP port 161 for control traffic and UDP port 162 for SNMP trap traffic. The
permit udp any any eq snmp command adds a second entry to the ACL that permits all other
SNMP traffic.
AC boson is used in a match statement in the class map named limit-snmp, as shown by the
following partial command output:
<output omitted>
Class-map match-all limit-snmp
match access-group name boson
<output omitted>
A class map defines a traffic class and specifies the criteria used to identify packets belonging to
that class. In this scenario, the match access-group name boson command specifies that all
packets permitted by the ACL named boson will belong to the traffic class named limitsnmp.
The traffic class named limitsnmp is then used to identify traffic in a policy map named snmp-
policy, as shown by the following partial command output:

Cisco 400-101 Exam
<output omitted>
Policy-map snmp-policy
class limit-snmp
drop
<output omitted>
A policy map specifies the actions that are taken on packets that match a particular traffic-class. In
this scenario, the drop keyword specifies that packets identified as members of the traffic class
named limits-nmp are discarded by the router.
Finally, the service policy named snmp-policy is applied to the control plane in the inbound
direction, as shown by the partial command output below:
<output omitted>
Controlplane
servicepolicy input snmp-policy
<output omitted>
When this service policy is applied to the control plane in the inbound direction, only SNMP
packets sourced from the management station, 192.168.1.111, are permitted to pass to the control
plane. Because the service policy instructs the router to discard the remainder of the SNMP
packets that are destined to the router's control plane, the router is protected from SNMP based
Denial of Service (DoS) attacks.
The command set below does not complete the configuration, because it incorrectly permits only
SNMP packets sourced from the management station:
RouterA(configextnacl)#permit udp host 192.168.1.111 any eq snmp
RouterA(configextnacl)#deny udp any any eq snmp

Cisco 400-101 Exam
When the above ACL is used with the service policy in this scenario, only SNMP packets sourced
from the management station, 192.168.1.111, are denied access to pass to the control plane.
Because the service policy instructs the router to permit the remainder of the SNMP packets that
are destined to the router's control plane, the router is not protected from SNMPbased DoS
attacks.
The command set below does not complete the configuration, because it incorrectly permits all
SNMP packets, regardless of their source IP address:
RouterA(configextnacl)#deny udp any host 192.168.1.111 eq snmp
RouterA(configextnacl)#permit udp any any eq snmp
Although the above ACL can be used with the service policy in this scenario to protect the router's
control plane from SNMP-based DoS attacks, the ACL does not enable the management station to
access the router's control plane.
Conversely, the command set below does not complete the configuration, because it incorrectly
denies all SNMP packets, regardless of their source IP address:
RouterA(configextnacl)#permit udp any host 192.168.1.111 eq snmp
RouterA(configextnacl)#deny udp any any eq snmp
When the above ACL is used with the service policy in this scenario, all SNMP packets can
access the router's control plane.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfmcli2.html
QUESTION NO: 217
You have implemented OSPF on your network. However, your supervisor asks you to try to
reduce the time to detect a failed link to less than one second.
Which of the following should you do? (Select the best answer.)
A.

Cisco 400-101 Exam
Enable STP UplinkFast.
B.
Implement OSPF fast hellos.
C.
Reduce OSPF hello timers.
D.
Enable BFD.
E.
Switch to EIGRP, and reduce hello and hold timers.
Answer: D
Explanation:
You should enable Bidirectional Forwarding Detection (BFD) to try to reduce the time to detect a
failed link to less than one second. BFD is a detection protocol that is designed to detect
forwarding path failures at a consistent rate, thereby providing network administrators with
predictable reconvergence times.
Additionally, BFD is designed to work regardless of media type, encapsulation, or routing protocol,
providing network administrators with a uniform forwarding failure detection method across a
network. BFD supports Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing
Protocol (EIGRP), Border Gateway Protocol (BGP), and Intermediate SystemtoIntermediate
System (IS-IS).
The detection of a forwarding path failure causes BFD to notify the routing protocol that a link has
failed, which causes the routing protocol to recalculate the routing table. BFD works by sending
control packets between two adjacent routers to create a BFD neighbor session. Once the
neighbor relationship is established, the two adjacent routers send control packets to each other to
maintain the neighbor relationship, similarly to how routing protocols maintain neighbor
relationships. However, BFD sends packets at a much faster rate than routing protocols do. In
addition, BFD can distribute some functionality from the control plane to the data plane, thereby
requiring fewer CPU resources than routing protocol timers do. Only a single BFD session is
established per interface regardless of how many routing protocols are running on that interface.
You should not enable Spanning Tree Protocol (STP) UplinkFast to try to reduce the time to detect
a failed link to less than one second. STP UplinkFast is a Ciscoproprietary STP convergence
enhancement. You can enable STP UplinkFast to reduce STP convergence time from the
standard 14to30 seconds down to one second, but not to less than one second.
You should not implement OSPF fast hellos to try to reduce the time to detect a failed link to less
than one second. OSPF fast hellos can send multiple hello packets per second, which results in a
faster convergence time. However, the detection and notification of link failures also depend on
the OSPF dead interval, which can be set to a minimum of one second.
You should not reduce OSPF hello timers to try to reduce the time to detect a failed link to less
Cisco 400-101 Exam
than one second. Although reducing the OSPF dead interval and increasing the number of hellos
sent during the dead interval can result in hellos being sent at a subsecond rate, the OSPF dead
interval can be set to a minimum of one second; therefore, reducing OSPF hello timers can reduce
the time to detect a failed link to a minimum of one second.
You should not switch to EIGRP and reduce hello and hold timers to try to reduce the time to
detect a failed link to less than one second. Reducing EIGRP timers can reduce the time to detect
a failed link to less than two seconds.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html#wp1053332
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fasthelo.html#wp1036997
QUESTION NO: 218
You issue the ip as-path access-list 1 permit ^[09]*_222$ command on a BGP router.
Which of the following paths are allowed by the AS path filter? (Select the best answer.)
A.
paths that are learned from AS 222 and originate from any directly attached AS
B.
paths that originate from AS 222 and are learned from AS 222 or any AS directly attached to AS
222
C.
paths that are learned from AS 222 and originate from a directly attached AS numbered from 0
through9
D.
paths that originate from AS 222 and are learned from a directly attached AS numbered from 0
through 9
Answer: B
Explanation:
Paths that originate from Border Gateway Protocol (BGP) autonomous system (AS) 222 and are
learned from AS 222 or any AS directly attached to AS 222 are allowed by the AS path filter.
Regular expressions are used to locate character strings that match a particular pattern.
The caret (^) character indicates that the subsequent characters should match the start of the
string. Each router in the path prepends its AS number to the beginning of the AS path? therefore,
Cisco 400-101 Exam
the first AS number in the AS path is the AS from which the path is learned. The expression [09]
indicates a single digit from 0 through 9. The asterisk (*) character indicates zero or more
sequences of the previous expression. When combined, the expression [09]* indicates any
number of digits, including a set of no digits. Therefore, the ip aspath accesslist 1 permit
^[09]*_222$ command allows paths that are learned from any AS number, including AS 222.
The dollar sign ($) character indicates that the preceding characters should match the end of the
string. The originating router will insert its AS number into the AS path, and subsequent routers will
prepend their AS numbers to the beginning of the AS path string. The last AS number in the AS
path is the originating AS; therefore, the ip aspath accesslist 1 permit ^[09]*_222$ command
allows paths that originate from AS 222.
ASes are directly connected. Therefore, the ip aspath accesslist 1 permit ^[09]*_222$ command
indicates that if the path is not learned from AS 222 directly, the AS from which the path is learned
must be directly connected to AS 222.
The ip aspath accesslist 1 permit ^[09]*_222$ command does not permit paths that are learned
from AS 222 and originate from any directly attached AS. To permit paths that are learned from
AS 222 and originate from AS 222 or any directly attached AS, you should issue the ip aspath
accesslist 1 permit ^222_ [09]*$ command.
The ip aspath accesslist 1 permit ^[09]*_222$ command does not permit paths that are learned
from AS 222 and originate from a directly attached AS numbered from 0 through 9. To permit
paths that are learned from AS 222 and originate from a directly attached AS numbered from 0
through 9, you should issue the ip aspath accesslist 1 permit ^222_[09]$ command.
The ip aspath accesslist 1 permit ^[09]*_222$ command does not permit paths that originate from
AS 222 and are learned from a directly attached AS numbered from 0 through 9. To permit paths
that originate from AS 222 and are learned from a directly attached AS numbered from 0 through
9, you should issue the ip aspath accesslist 1 permit ^[09]_222$ command.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/termserv/configuration/guide/ftersv_c/tcfaapre.htm
l
https://supportforums.cisco.com/t5/other-service-provider-subjects/bgp-regular-expression-as-
path-filter/td-p/1821020
QUESTION NO: 219
Which of the following commands will cause EEM to check the value of the _exit_status variable

Cisco 400-101 Exam
after an applet is finished? (Select the best answer.)
A.
event cli pattern "show ip interface brief" sync yes
B.
event cli pattern "show ip interface brief" sync no skip no
C.
event cli pattern "show ip interface brief" sync no skip yes
D.
set 1 _exit_status 0
E.
set 1 _exit_status 1
Answer: A
Explanation:
The event cli pattern "show ip interface brief" sync yes command will cause
Embedded Event Manager (EEM) to check the value of the _exit_status variable after anapplet is
finished. The event cli command configures EEM to monitor commandline interface (CLI)
commands and to trigger the event when a specified pattern is matched one or more times.
Events can be processed synchronously or asynchronously. The sync yeskeywords are used with
the event cli command to configure synchronous processing. With synchronous processing, the
EEM applet must finish before the CLI command can be executed, and the _exit_status variable
determines whether the CLI command is executed or skipped. If the _exit_status variable is set to
a value of 0 or is not configured, the CLI command will not execute after the EEM applet is
finished? if the _exit_status variable is set to a value of 1, the CLI command will execute after the
EEM applet is finished.
The set 1 _exit_status 0 command sets the _exit_status variable to a value of 0, which will cause
EEM to not execute the CLI command after the applet is finished. The set 1 _exit_status 1
command sets the _exit_status variable to a value of 1, which will cause EE to execute the CLI
command after the applet is finished.
The sync no keywords are used with the event cli command to configure asynchronous
processing. With asynchronous processing, the EEM applet is processed at the same time the CLI
command is executed. Asynchronous processing does not check the value of the _exit_status
variable. Instead, asynchronous processing uses the skip no or skip yeskeywords to indicate
whether the CLI command should be executed or skipped, respectively.
The event cli pattern "show ip interface brief" sync no skip no command will cause
EE to execute the CLI command when the applet runs. The event cli pattern "show ipinterface
brief" sync no skip yes command will not execute the CLI command when the applet runs.

Cisco 400-101 Exam
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/eem/command/eem-cr-book/eem-cr-
e1.html#wp1886141985
QUESTION NO: 220
Which of the following values is the default TCP MSS setting for a Cisco router that is originating
data destined for a remote IP network? (Select the best answer.)
A.
68 bytes
B.
536 bytes
C.
1460 bytes
D.
10000 bytes
Answer: B
Explanation:
The default Transmission Control Protocol (TCP) maximum segment size (MSS) setting for a
Cisco router that is originating data destined for a remote IP network is 536 bytes. The MSS is
specified in the TCP SYN packet during the TCP handshake. MSS values can be used to restrict
outgoing TCP segments to a segment size that is small enough to avoid fragmenting the IP
datagram, thereby avoiding the performance problems that can occur as a result of IP
fragmentation.
The smallest maximum transmission unit (MTU) that can be used on an IPv4 network is 576 bytes.
The 536byte default MSS value is therefore derived by subtracting the 20byte TCP header and the
20byte IP header from that MTU value.
It is important to note that some firewall rules are capable of stripping TCP options from a
segment. If a firewall is configured to strip TCP options from a segment, the MSS value that is
applied to a TCP segment by the router will not be used. If you have NetFlow enabled, you can
issue the show ip cache flow command to view statistics that include IP packet size distribution.
The default TCP MSS setting for a Cisco router that is sending data destined for a local LAN is
1460 bytes. The typical default MSS value for PCs communicating on a LAN is 1500 bytes.

Cisco 400-101 Exam
The lowest value you can use to enable an MSS for TCP connections that originate from a router
is 68 bytes. To configure an MSS value for TCP segments that originate from a router, you should
issue the ip tcp mssmssvalue command in global configuration mode.
By issuing the ip tcp adjustmssmssvalue command (where mssvalue is a value in the range from
500 through 1460) in interface configuration mode, you can configure an MSS for TCP segments
that do not originate from the router but that are being forwarded by the router.
The highest value you can use to enable an MSS for TCP connections that originate from a router
is 10000 bytes. To configure a 10000byte MSS value, you should issue the ip tcp mss 10000
command in global configuration mode. However, you cannot configure a 10000byte MSS for TCP
segments that are simply being forwarded on a router interface, because the maximum MSS you
can configure for TCP segments that are being forwarded on a router interface is 1460.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/ipaddr/command/reference/fipras_r/1rfip2.html#wp
1103772
Drag the functions on the left underneath the corresponding VSLP protocols on the right.
Answer:

Cisco 400-101 Exam
Explanation:
Virtual Switching System (VSS) combines two physical Cisco Catalyst switches into a single virtual
switch, which can result in greater network efficiency and bandwidth capacity. One switch chassis
becomes the active virtual switch, and the other switch becomes the standby virtual switch. The
switch chassis are connected together by a virtual switch link (VSL), which is implemented as an
EtherChannel of up to eight physical interfaces.
Configuration, monitoring, and troubleshooting must be performed on the active virtualswitch;

console access is disabled on the standby virtual switch. The active virtual switch is responsible
for all control plane functions, such as Simple Network Management Protocol (SNMP), Telnet,
Secure Shell (SSH), Spanning Tree Protocol (STP), Link Aggregation Control Protocol (LACP),
and Layer 3 routing. The data plane is active on both switches.
Virtual Switch Link Protocol (VSLP) is responsible for establishing the VSS. VSLP has two
component protocols: Link Management Protocol (LMP) and Role Resolution Protocol (RRP). The
VSS initialization process consists of the following steps:
1.The configuration file is pre-parsed for VSL configuration commands.
2.The VSL member interfaces are brought online.

Cisco 400-101 Exam
3. LMP verifies link integrity, rejects unidirectional links, and establishes bidirectional
communication between switch chassis.
4. LMP exchanges switch IDs in order to detect duplicate IDs.
5. RRP checks hardware versions, software versions, and VSL configurations for compatibility.
6. RRP assigns the active virtual and standby virtual switch roles.
7. Switches come up in Nonstop Forwarding/Stateful Switchover (NSF/SSO) mode or route-

processor redundancy (RPR) mode.
8. Switches continue the normal boot process.
If RRP determines that both switches are compatible, both chassis will come up in NSF/SSO
mode, in which all modules are powered up and can forward traffic. If RRP determines that an
incompatibility exists, the standby virtual switch will come up in RPR mode, in which all modules
are powered down.
The switch chassis that is started first will always become the active virtual switch unless
preemption is configured. If both chassis are started simultaneously, the switch with the highest
priority will become the active virtual switch. By default, the priority is set to a value of 100. If
priorities are equal, the switch with the lower switch ID will become the active virtual switch.
Reference:
https://www.cisco.com/c/dam/en/us/products/collateral/interfaces-modules/network-
modules/white_paper_c11_429338.pdf
QUESTION NO: 222
Which of the following queuing methods is the most appropriate for handling voice, video, mission-
critical, and lower-priority traffic? (Select the best answer.)
A.
FIFO
B.
LLQ
C.
WFQ
D.
CBWFQ

Cisco 400-101 Exam
Answer: B
Explanation:
Of the choices provided, low latency queuing (LLQ) is the most appropriate for handling voice,
video, missioncritical, and lowerpriority traffic. LLQ supports the creation of up to 64 user defined
traffic classes as well as one or more strict priority queues that can be used specifically for delay
sensitive traffic, such as voice and video traffic. Each strictpriority queue can use as much
bandwidth as possible but can only use its guaranteed minimum bandwidth when other queues
have traffic to send, thereby avoiding bandwidth starvation. You can also implement weighted
random early detection (WRED) on each of the user defined traffic classes to mitigate packet
loss? WRED is particularly useful for networks with a large amount of Transmission Control
Protocol (TCP) traffic.
On voice networks, you can implement LLQ to help reduce jitter. Additionally, you can configure
the voice class with a smaller queue size. Although a smaller queue size could result in dropped
packets, voice traffic is more tolerant of dropped packets than of delayed packets. A small amount
of packet loss is not noticeable to the human ear. Additionally, some codecs can correct small
amounts of packet loss. Therefore, a smaller queue size combined with the use of LLQ could
reduce delay and jitter.
Class based weighted fair queuing (CBWFQ) provides bandwidth guarantees, so it can be used
for voice, video, missioncritical, and lowerpriority traffic. However, CBWFQ does not provide the
delay guarantees provided by LLQ, because CBWFQ does not provide support for strict priority
queues. CBWFQ improves upon weighted fair queuing (WFQ) by enabling the creation of up to 64
custom traffic classes, each with a guaranteed minimum bandwidth.
Although WFQ can be used for voice, video, and missioncritical traffic, it does not provide the
bandwidth guarantees or the strictpriority queues that are provided by LLQ. WFQ is used by
default on Cisco routers for serial interfaces at 2.048 Mbps or lower. Traffic flows are identified by
WFQ based on source and destination IP address, port number, protocol number, and Type of
Service (ToS). Although WFQ is easy to configure, it is not supported on high speed links.
First-in-first-out (FIFO) queuing is the least appropriate for voice, video, and missioncriticaltraffic.
By default, Cisco uses FIFO queuing for interfaces faster than 2.048 Mbps. FIFO queuing requires
no configuration, because all packets are arranged into a single queue. As the name implies, the
first packet received is the first packet transmitted, without regard for packet type, protocol, or
priority.
Reference:
https://www.cisco.com/c/en/us/support/docs/voice/voice-quality/7111-voip-mlppp.html
QUESTION NO: 223
You administer Cisco routers in a PIM-SSM environment. You issue the ip multicast multipath s-g-
hash basic command on a router that has multiple equalcost paths to a multicast source.
Cisco 400-101 Exam
A.
The router will loadsplit based on the source address only.
B.
The router will loadsplit based on the source and group addresses.
C.
The router will loadsplit based on the source, group, and nexthop addresses.
D.
The router will send traffic to the PIM neighbor with the highest IP address.
Answer: B
Explanation:
The router will loadsplit based on the source and group addresses if you issue the ip multicast
multipath sghash basic command on a router that has multiple equalcost paths to a multicast
source. The ip multicast multipath sghash basic command uses the SGhash algorithm so that
Protocol Independent Multicast SourceSpecific Multicast (PIMSSM) can reply to traffic by using
either the Reverse Path Forwarding (RPF) interface or the source group address when equalcost
paths exist. The basic SGhash configuration is subject to polarization because the hash is the
same no matter which router calculates it.
The router will not send traffic to the Protocol Independent Multicast (PIM) neighbor with the
highest IP address. By default, when equalcost paths to a multicast source exist, PIMSSM will
send traffic to the neighbor with the highest IP address. However, issuing the ip multicast multipath
command with or without keywords enables loadsplitting and disables the default behavior.
The router will not loadsplit based on the source address only. You should issue the ip multicast
multipath command to enable Equal Cost Multipath (ECMP) loadsplitting based on only the source
address. By issuing the ip multicast multipath command, you can configure PIMSSM to loadsplit
traffic between equalcost paths by using the Shash algorithm, which selects the interface on which
the traffic arrives as the interface on which to send a response.
The router will not loadsplit based on the source, group, and nexthop addresses. The ip multicast
multipath sghash nexthopbased command uses the SGhash algorithm and configures PIMSSM to
loadsplit traffic based on the source address, the group address, and the nexthop address. Unlike
the ip multicast multipath sghash basiccommand, the nexthopbased SGhash configuration is not
subject to polarization.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_4t/ip_mcast/configuration/guide/mctlsplt.html#wp106
1381

Cisco 400-101 Exam
QUESTION NO: 224
Which of the following statements best describes the purpose of the wellknown BGP AS 23456?
A.
It facilitates the gradual transition from 4-byte ASes to 2-byte ASes.
B.
It facilitates the gradual transition from 2byte ASes to 4byte ASes.
C.
It is used by default on BGP routers that support 4byte ASes.
D.
It will be used by default on new BGP routers when 2byte allocations are exhausted.
Answer: B
Explanation:
The well-known Border Gateway Protocol (BGP) autonomous system (AS) 23456 facilitates the
gradual transition from 2byte ASes to 4byte ASes. Similar to the creation of IPv6, which is
intended to combat the threat of exhaustion of IPv4 addresses, 4byte BGP ASes were introduced
to combat the eventual exhaustion of 2byte ASes. The well-known 2byte
AS 23456, which is also known as AS_TRANS, can be used by a 4byte BGP router to peer with a
BGP router that supports only 2byte ASes.
When a 4byte BGP router must advertise an AS value larger than 2 bytes to a 2byte BGP router,
the 4byte router will advertise the AS number 23456. Therefore, if the AS number 23456 appears
in the output of the show ip bgp command, the router is not compatible with 4byte ASes.
When a 4byte BGP router peers with another 4byte BGP router, the AS is displayed in the output
of the show ip bgp command in as plain or as dot format. Asp lain format displays the 4byte AS
number as a decimal value from 65536 through 4294967295; this format is used by default. As dot
format displays the 4byte AS number as a dotted decimal value from 1.0 through 65535.65535. To
change the output to display in as dot format, you should issue the bgp as notation dot command
from BGP router configuration mode.
AS 23456 does not facilitate the gradual transition from 4byte ASes to 2byte ASes, because of the
impending exhaustion of the pool of 2byte ASes. A 2byte BGP router cannot use AS 23456 as its
AS number when transitioning from 2byte ASes to 4byte ASes, because AS 23456 is reserved
exclusively for use by 4byte routers peering with 2byte routers. Additionally, AS 23456 is not used
by default on any BGP router. It is possible to configure a 4byte BGP router to use a 2byte AS
other than 23456 in order to peer with 2byte BGP routers.

Cisco 400-101 Exam
Reference:
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/border-gateway-protocol-
bgp/white_paper_c11-516826.html
Drag the metrics on the left to the corresponding PfR monitoring modes on the right. Factors can
be used multiple times.
Answer:
Explanation:

Cisco 400-101 Exam
Cisco Performance Routing (PfR) enhances traditional routing methods by dynamically selecting
the best path for applications based on network performance. The path selection procedure can
be influenced by several factors, including delay, packet loss, reachability, throughput, jitter, and
mean opinion score (MOS).
PfR passive monitoring mode relies on NetFlow to capture performance metrics. Metrics used by
passive mode include delay, packet loss, reachability, and throughput. Throughput can be
measured for all traffic flows. Delay, packet loss, and reachability can be measured only for
Transmission Control Protocol (TCP) flows.
PfR active monitoring mode relies on IP Service Level Agreement (SLA) probes that generate
traffic to capture performance metrics. Metrics used by active mode include delay, jitter, MOS, and
reachability. Short term monitoring uses the last five probe results; long term monitoring uses the
last 60 probe results.
A third PfR monitoring mode, fast mode, is similar to active mode. Active mode generates probes
only for the active exit path. By contrast, fast mode continuously generates probes for all possible
exit paths, not just the active exit path. Fast mode allows route changes to be made within three
seconds. However, the performance benefits of fast mode require significant processor overhead?
therefore, Cisco recommends that you use fast mode only for performance sensitive traffic, such
as Voice over IP (VoIP) or video traffic.
Reference:
QUESTION NO: 226
You issue the show pfr master border detail command on RouterA and receive the following
output:
Cisco 400-101 Exam
What is the link utilization OOP threshold for traffic exiting RouterA? (Select the best answer.)
A.
19%
B.
32%
C.
48%
D.
75%
E.
90%
F.
100%
Answer: D
Explanation:
The link utilization outofpolicy (OOP) threshold for traffic exiting RouterA is 75%. Cisco
Performance Routing (PfR) enhances traditional routing methods by dynamically selecting the
best path for applications based on network performance. The show pfr master border detail
command displays whether the PfR state is up or down. Additionally, the show pfr master border
detail command displays statistics related to inbound and outbound traffic. The information next to
Tx is related to outbound traffic, which is traffic that is transmitted by the router. The information
next to Rx is related to inbound traffic, which is traffic that is received by the router.
If outbound traffic exceeds the link utilization OOP threshold, PfR will attempt to conformto policy
levels by shifting traffic to other exit links. The link utilization OOP threshold for outbound traffic
can be determined by issuing the show pfr master border detailcommand and dividing the
maximum bandwidth by the capacity. In this scenario, the maximum bandwidth is 900 Kbps and
the capacity is 1,200 Kbps? therefore, the link utilization OOP threshold is 75%. By default, the link
utilization OOP threshold is set to 90%.
Cisco 400-101 Exam
The link utilization OOP threshold is not 19%. The Ethernet1/0 interface is receiving traffic at 19%
of the maximum bandwidth. The load percentage is calculated by dividing the bandwidth used by
the maximum bandwidth.
The link utilization OOP threshold is not 32%. The Ethernet1/0 interface is sending traffic at 32%
of the maximum bandwidth. Therefore, the traffic exiting the Ethernet1/0 interface is not exceeding
the link utilization OOP threshold.
The link utilization OOP threshold is not 48%. The Ethernet2/0 interface is sending traffic at 48%
of the maximum bandwidth. Therefore, the traffic exiting the Ethernet2/0 interface is not exceeding
the link utilization OOP threshold.
Reference:
http://docwiki.cisco.com/wiki/PfR:Technology_Overview#Link_Utilization
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pfr/command/pfr-cr-book/pfr-
s1.html#wp3007750440
QUESTION NO: 227
Which of the following statements regarding traffic flooding in a VPLS network is true? (Select the
best answer.)
A.
Only broadcast traffic is flooded through the network.
B.
Only multicast traffic is flooded through the network.
C.
Both broadcast traffic and multicast traffic are flooded through the network.
D.
Neither broadcast nor multicast traffic is flooded through the network.
Answer: C
Explanation:
Broadcast traffic and multicast traffic are flooded through a Virtual Private LAN Service(VPLS)
network. VPLS is a Metro Ethernet (ME) technology that is used to implement
Ethernet Multipoint Service (EMS) and Ethernet Relay Multipoint Service (ERMS) over a
Multiprotocol Label Switching (MPLS) network. With VPLS, the service provider (SP) network
emulates a single Layer 2 switch, or Ethernet bridge. Customer edge (CE) devices in a VPLS
Cisco 400-101 Exam
network connect directly to an SPprovided user provider edge (UPE) device, and the UPEs use
virtual connections known as pseudowires (PWs) to interconnect through the SP network. The
PWs form a fullmesh topology that creates a virtual switch instance (VSI), which emulates an
802.1 bridge.
The VPLS architecture creates a topology wherein each CE device can function as though it were
a member of a virtual LAN (VLAN) on a physical switch. Because the SP network functions as a
Layer 2 switch, broadcast and multicast packets received by the SP are always flooded through
the network. Additionally, packets destined to unknown Media
Access Control (MAC) addresses are initially flooded through the network until their MAC
addresses and associated ports are correlated.
Reference:
https://www.cisco.com/en/US/tech/tk436/tk891/technologies_q_and_a_item09186a00801ed3bf.sht
ml
QUESTION NO: 228
Which of the following scenarios could cause the error message %STP-2-DISPUTE_DETECTED
to appear? (Select the best answer.)
A.
An interface has been administratively shut down.
B.
A unidirectional link failure exists between two switches.
C.
A BPDU has been received on an interface with BPDU guard enabled.
D.
A BPDU has not been received on an interface with Bridge Assurance enabled.
E.
An interface has received a BPDU that is tagged with the same VLAN ID as the interface's native
VLAN.
Answer: B
Explanation:
The error message %STP-2-DISPUTE_DETECTED could appear if a unidirectional link failure

exists between two switches. A unidirectional link failure exists when a defective cable causes one

Cisco 400-101 Exam
device to not receive what the other device sends. Consider the following topology in which
SwitchB does not receive packets sent by the root bridge, SwitchA:
SwitchB cannot receive the superior bridge protocol data units (BPDUs) sent by SwitchA.
Therefore, SwitchB will continue to send inferior BPDUs that are marked as designated and
learning or forwarding. SwitchA will record the %STP-2-DISPUTE_DETECTED error and shut
down the interface to prevent a bridging loop.
The error message %STP-2-DISPUTE_DETECTED would not appear if an interface has been
administratively shut down. An interface that has been administratively shut down does not
participate in Spanning Tree Protocol (STP).
The error message %STP-2-DISPUTE_DETECTED would not appear if a BPDU has been
received on an interface with BPDU guard enabled? instead, the error message %STP-2-
BLOCK_BPDUGUARD would appear. When an interface that is configured with BPDU
guardreceives a BPDU, BPDU guard immediately puts the interface into the errdisable state and
shuts down the interface. Afterward, the interface must be manually reenabled, or it can be
recovered automatically through the errdisable timeout function.
The error message %STP2DISPUTE_DETECTED would not appear if a BPDU has not been
received on an interface with Bridge Assurance enabled? instead, the error message %STP2-
BRIDGE_ASSURANCE_BLOCK would appear. Bridge Assurance ensures that BPDUs are sent
bidirectionally on all network interfaces. If an interface with Bridge Assurance does not receive a
BPDU, or if the connected interface does not have Bridge Assurance enabled, the interface is put
into an inconsistent state and is blocked. Bridge Assurance is supported only with Rapid PerVLAN
Spanning Tree Plus (RPVST +) and Multiple Spanning Tree (MST) and only on pointtopoint links.
The error message %STP-2-DISPUTE_DETECTED would not appear if an interface has received
a BPDU that is tagged with the same virtual LAN (VLAN) ID as the interface's native VLAN?
instead, the error message %STP-2-BLOCK_PVID_LOCAL would appear on the local switch and
the error message %STP-2-BLOCK_PVID_PEER would appear on the remote switch. Native
VLAN BPDUs are sent untagged, so if a switch receives BPDUs that are tagged with the native
VLAN for that interface, the switch will block the interface.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/system_messages/reference/sys_B
ook.html#wp1400041
os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-
OS_Layer_2_Switching_Configuration_Guide_Release_4-2_chapter6.html#con_1490082
Cisco 400-101 Exam
https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24063-pvid-
inconsistency-24063.html#topic1
QUESTION NO: 229
Which of the following is not a feature of VTP version 3? (Select the best answer.)
A.
It can send PVLAN information in addition to normal VLANs.
B.
It can use encrypted passwords for authentication.
C.
It uses primary servers.
D.
VLANs must be in the range from 1 through 1,000.
E.
VTP version 3 is backward compatible with VTP version 2.
Answer: D
Explanation:
VLAN Trunking Protocol (VTP) version 3 does not require virtual LANs (VLANs) to be in the range
from 1 through 1,000. VTP version 3 improves on VTP version 2 by increasing the number of
supported VLANs from 1,000 to 4,095, which is the same range specified in the
Institute of Electrical and Electronics Engineers (IEEE) 802.1Q standard.
VTP version 3 uses primary servers. VTP version 2 relies on a configuration revision number to
determine whether the VLAN configuration should be modified on a switch. By contrast, VTP
version 3 uses configuration revision numbers and a primary server system to determine which
configurations should be changed and which devices are allowed to implement changes. The
intended purpose of the primary server is to mitigate accidental overwrites of the VLAN database.
However, because VTP version 2 does not support primary servers, Cisco recommends that VTP
version 2 devices that are to be connected to a VTP version 3 network be placed into VTP client
mode.
VTP version 3 can use encrypted passwords for authentication. VTP version 2 supports cleartext
passwords only.
VTP version 3 is backward compatible with VTP version 2 and can therefore support normal
VLANs. When a switch configured with VTP version 3 receives a VTP version 2 advertisement on

Cisco 400-101 Exam
a port, it sends VTP version 2 messages on that port and VTP version 3 messages on the other
ports.
VTP version 3 improves on VTP version 2 by adding support for private VLANs (PVLANs). In
addition, VTP version 3 adds support for databases other than VLAN databases, such as Multiple
Spanning Tree (MST) databases.
Reference:
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-
switches/solution_guide_c78_508010.html
QUESTION NO: 230
Which of the following does not typically occur during the PPP Session stage of a PPPoE
session? (Select the best answer.)
A.
The MAC address of the peer is obtained.
B.
LCP negotiates configuration options.
C.
NCP configures Network layer protocols.
D.
PPP authenticates by using CHAP or PAP.
Answer: A
Explanation:
The Media Access Control (MAC) address of the peer is obtained during the Discovery stage of a
Point-to-Point Protocol over Ethernet (PPPoE) session, not the Session stage. The
Discovery stage is also sometimes called the Active Discovery stage. PPPoE sessions are divided
into two distinct stages: the Discovery stage and the Session stage. Because an
Ethernet host must first establish a connection to the remote peer before it can send data, the
PPPoE Discovery stage must retrieve the MAC address of the remote peer and establish a Point-
to-Point Protocol (PPP) session ID before establishing a PPP session.
Following the Discovery stage, the Session stage behaves mostly the same as a normal PPP
session over a WAN link or dialup connection behaves. Therefore, the Session stage is also
sometimes called the PPP Session stage. During the Session stage, PPP negotiates configuration
Cisco 400-101 Exam
options by sending Link Control Protocol (LCP) frames. Next, PPP sends out Network Control
Protocol (NCP) frames to configure Network layer protocol information on the link and enable the
link for packet traversal. The Session stage is also the stage in which PPP authentication occurs
by using either Challenge Handshake Authentication Protocol (CHAP) or Password Authentication
Protocol (PAP).
Reference:
https://tools.ietf.org/html/rfc2516#section-5
QUESTION NO: 231
You issue the show ip ospf interface fastethernet 0/1 command on RouterE and receive the
following output:
A.
RouterE is connected to a point-to-multipoint network.
B.
RouterE is the DR for the segment.
C.
The BDR has a priority higher than 50.
D.
RouterE is configured with incorrect timer settings.
E.
RouterE can establish adjacencies with only two routers on this interface.
Answer: E
Explanation:
RouterE can establish adjacencies with only two routers on this interface. The output of the show
Cisco 400-101 Exam
ip ospf interface fastethernet 0/1 command shows that RouterE is in the
DROTHER state. A router in the DROTHER state can only establish adjacencies with
thedesignated router (DR) and the backup designated router (BDR). Therefore, RouterE is neither
the DR nor the BDR. The DR has a router ID of 10.0.0.7 and an IP address of 10.2.16.1, and the
BDR has a router ID of 10.0.0.11 and an IP address of 10.2.16.17.
RouterE is not connected to a point-to-multipoint network, because the network segment contains
a DR and a BDR. A DR and a BDR are not elected on point-to-multipoint or point-to-point
networks; they are elected only on multi-access networks.
The BDR might or might not have a priority higher than 50. If RouterE were started before the DR
and BDR were elected, RouterE would not be eligible to become the DR or the BDR, regardless of
the priority value of RouterE, until the existing DR and BDR failed or were powered off. If RouterE
were started at the same time as the existing DR and BDR, the
BD would have a priority of at least 50 because RouterE has a priority of 50. If the BDRand
RouterE have the same priority, the BDR will be elected before RouterE because it has a higher
router ID than RouterE. RouterE is not configured with incorrect timer settings. The hello timers
and dead timers between two routers must match for the routers to establish a neighbor
adjacency. Therefore, if RouterE were configured with incorrect timer settings, RouterE would not
be able to establish adjacencies with the DR and the BDR. By default, the hello timer is set to 10
seconds and the dead timer is set to 40 seconds on point-to-point and broadcast links.
Reference:
QUESTION NO: 232
Which of the following LSA types contains subnet and router information for all the routers on a
segment? (Select the best answer.)
A.
Type 1
B.
Type 2
C.
Type 3
D.
Type 5

Cisco 400-101 Exam
Answer: B
Explanation:
Explanationce:
A Type 2 link-state advertisement (LSA) contains subnet and router information for all the routers
on a segment. Type 2 LSAs, which are also called network LSAs, are generated by only the
designated router (DR) to each of the segments connected to the DR. These LSAs are not
propagated outside the area in which they originate? they are flooded only within the local area.
A Type 1 LSA contains router ID and interface IP address information for a single router. Type 1
LSAs, which are also called router LSAs, are generated by all Open Shortest Path First (OSPF)
routers on a segment. Like Type 2 LSAs, Type 1 LSAs are not propagated outside the area in
which they originate; they are flooded only within the local area.
A Type 3 LSA contains subnet information for an entire area. Type 3 LSAs, which are also called
network summary LSAs, are generated by area border routers (ABRs). Unlike Type 1 and Type 2
LSAs, Type 3 LSAs are advertised between areas throughout an autonomous system (AS) except
into totally stubby areas.
A Type 5 LSA contains subnet information for an external AS. Type 5 LSAs, which are alsocalled
ASexternal LSAs, are generated by autonomous system boundary routers (ASBRs). Therefore,
Type 5 LSAs are advertised throughout an AS except into stub areas, totally stubby areas, and not
so stubby areas (NSSAs).
Reference:
os/unicast/configuration/guide/l3_cli_nxos/l3_ospf.html#pgfId-1243056
g.html#wp1046958
QUESTION NO: 233
Which of the following is true of NAT64? (Select the best answer.)
A.
It uses DNSALG for name resolution.
B.
It can be deployed in a stateful configuration.
C.
It translates unique IPv6 prefixes to other unique IPv6 prefixes.

Cisco 400-101 Exam
D.
It cannot be deployed in a stateless configuration.
Answer: B
Explanation:
Network Address Translation 64 (NAT64), which is typically used to enable communication

between IPv6only hosts and IPv4only hosts, can be deployed in a stateful configuration. When
configured as stateful, NAT64 maps multiple IPv6 addresses to a single IPv4 address and keeps
track of the state of each connection. Static mappings can also be applied manually.
NAT64 can also be deployed in a stateless configuration. When operating in a stateless

configuration, NAT64 uses algorithms to create a onetoone relationship between IPv6 addresses
on the inside network and IPv4 addresses on the outside network. Although this technique
preserves endtoend connectivity at the Network layer, it does not conserve
IPv4 addresses the way a stateful manytoone configuration does.
NAT-Protocol Translation (NATPT), not NAT64, uses Domain Name System Application Level
Gateway (DNSALG) for name resolution. NATPT is a predecessor of NAT64? it supports
bidirectional translation of addresses between IPv6 and IPv4 networks. In NATPT, the DNSALG
function is included, along with the address family translation (AFT) function, as part of the
protocol. NAT64, on the other hand, is typically deployed alongside an independent Domain Name
System (DNS) solution, such as DNS64, to facilitate name resolution.
Network Prefix Translation version 6 (NPTv6), not NAT64, translates unique IPv6 prefixes to other
unique IPv6 prefixes. As the name implies, NPTv6 enables the stateless translation of inside IPv6
prefixes to outside IPv6 prefixes at the Internet edge. NPTv6 creates a one-to-one relationship
between addresses on each side of the translating device in order to maintain end-to-end
reachability at the Network layer. NPTv6 does not modify the interface identifier portion of an IPv6
address.
Reference:
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-
solution/white_paper_c11-676277.html
QUESTION NO: 234
You issue the ip rip triggered command on the Serial 0 interface of RouterA.
When will RouterA send a partial routing database? (Select 2 choices.)
A.

Cisco 400-101 Exam
when RouterA is first powered on
B.
when the Serial 0 interface comes up or goes down
C.
when RouterA receives a specific request for a routing table update
D.
when information from another interface modifies the database
Answer: B,D
Explanation:
RouterA will send a partial routing database when information from another interface modifies the
database and when the Serial 0 interface comes up or goes down. By default, routes are
advertised by Routing Information Protocol (RIP) every 30 seconds, not just when the routing
database is updated. However, you can configure RIP to send triggered advertisements by issuing
the ip rip triggered command from interface configuration mode. The following events will trigger a
partial database update:
-When the configured interface comes up or goes down
-When information from another interface modifies the routing table
The following events will trigger a full database update:
-When the router is first powered on
-When the router receives a specific request for a routing table update
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_rip/command/irr-cr-book/irr-cr-
rip.html#wp3830876380
QUESTION NO: 235
Which of the following statements describe how LACP determines whether an interface is an
active interface or a standby interface? (Select 2 choices.)
A.
Ports with higher LACP port priorities are preferred over ports with lower LACP port priorities.

Cisco 400-101 Exam
B.
Ports with lower LACP port priorities are preferred over ports with higher LACP port priorities.
C.
When LACP port priorities are equal, ports with higher port numbers are preferred over ports with
lowerport numbers.
D.
When LACP port priorities are equal, ports with lower port numbers are preferred over ports with
higherport numbers.
E.
When LACP port priorities are equal, all ports with equal priorities are configured as active
interfaces.
Answer: A,D
Explanation:
The following statements describe how Link Aggregation Control Protocol (LACP) determines
whether an interface is an active interface or a standby interface:
- Ports with higher LACP port priorities are preferred over ports with lower LACP port priorities.
- When LACP port priorities are equal, ports with lower port numbers are preferred over ports
withhigher port numbers.
The lacp port-priority value command configures an LACP interface with a port priority, which is
used to determine which interfaces are active interfaces and which interfaces are standby
interfaces. The value parameter is a value from 1 through 65535; if no priority value is defined, the
default port priority value of 32768 is used. Setting the LACP port priority to a value of 1 will
ensure that the port becomes an active port unless a port with a lower port number is also set to a
priority of 1.
Reference:
QUESTION NO: 236
Which of the following steps in the NAT order of operation typically occur before insidetooutside
translation but after outsidetoinside address translation? (Select the best answer.)
A.
checking inbound access lists, rate limits, and accounting
Cisco 400-101 Exam
B.
policy routing and IP routing
C.
checking outbound access lists and inspecting CBAC
D.
encryption and queuing
Answer: B
Explanation:
before inside-to-outside translation but after outsidetoinside translation:
- Policy routing
- IP routing
communicate with the remote network. NAT insidetooutside translation, which is also known as
localtoglobal translation, occurs when the NAT router maps an inside network source IP address
to an outside network source IP address before forwarding the packet to the next hop. When a
NAT router performs NAT insidetooutside translation, the following operations occur in order:
1. If IP Security (IPSec) is implemented, check inbound access list
2. Decryption
7. Policy routing
8. IP routing
9. NAT insidetooutside translation
12. Inspect Contextbased Access Control (CBAC)

Cisco 400-101 Exam
13. Transmission Control Protocol (TCP) intercept
14. Encryption
15. Queueing
NAT outside-to-inside translation, which is also known as global-to-local translation, occurs when
the NAT router maps an outside destination IP address to an inside destination IP address. When
a NAT router performs NAT outside-to-inside translation, the following operations occur in order:
2. Decryption
7. NAT outsidetoinside translation
8. Policy routing
9. IP routing
12. Inspect CBAC
13. TCP intercept
14. Encryption
15. Queueing
Other than the policy routing and IP routing steps, the other steps in the NAT order of operation
are the same for insidetooutside NAT and outsidetoinside NAT. Checking inbound access lists,
rate limits, and accounting are performed before insidetooutside address translation and before
outsidetoinside address translation. Checking outbound access lists, inspecting CBAC, encryption,
and queuing are performed after insidetooutside address translation and after outsidetoinside
address translation.
Reference:
Cisco 400-101 Exam
QUESTION NO: 237
Which of the following first-hop routing protocols can have up to four primary AVFs provide load
balancing across multiple WAN links? (Select the best answer.)
A.
GLBP
B.
HSRP
C.
VRRP
D.
GLBP and HSRP
E.
HSRP and VRRP
F.
GLBP, HSRP, and VRRP
Answer: A
Explanation:
Gateway Load Balancing Protocol (GLBP) can have up to four primary active virtual forwarders
(AVFs) provide load balancing across multiple WAN links. GLBP is a Cisco proprietary First Hop
Redundancy Protocol (FHRP) that enables up to four routers to act as a single virtual router. The
virtual router has its own virtual IP address and up to four virtual Media Access Control (MAC)
addresses, one for each of the four primary AVFs in the group. One of the routers in the GLBP
group is elected the active virtual gateway (AVG) and performs the administrative tasks for the
standby group, such as responding to Address Resolution Protocol (ARP) requests. When a client
sends an ARP request for the IPaddress of the default gateway, the AVG responds with one of the
virtual MAC addresses in the group. Because multiple routers in the GLBP group can actively
forward traffic, GLBP provides load balancing as well as local redundancy.
Additionally, you can control the percentage of traffic that is sent to a specific gateway
byconfiguring weighted load balancing. By default, GLBP uses a round-robin technique to load
balance between routers. If you configure weighted load balancing, GLBP can send a higher
percentage of traffic to a single GLBP group member based on the weight values assigned to the
interfaces of that member.
Ho Standby Router Protocol (HSRP) is a Cisco proprietary protocol that enables two or more
routers to act as a single virtual router. However, only one router in the HSRP standby group

Cisco 400-101 Exam
forwards traffic for the group. Because there is only one AVF in an HSRP standby group, HSRP
cannot provide load balancing across multiple WAN links.
Virtual Router Redundancy Protocol (VRRP) is an open-standard protocol that is similar to
HSRP. VRRP enables two or more routers to act as a single virtual router, but it does not enable
more than a single router to act as an AVF. Therefore, VRRP cannot provide load balancing
across multiple WAN links.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-
book/fhp-glbp.html#GUID-26C72408-6183-415A-9949-8B97542246A9
QUESTION NO: 238
How often is an IP SLA operation repeated if a frequency is not configured? (Select the best
answer.)
A.
every five seconds
B.
every 60 seconds
C.
every 300 seconds
D.
IP SLA operations are not repeated if a frequency is not configured.
Answer: B
Explanation:
An IP Service Level Agreement (SLA) operation is repeated every 60 seconds if a frequencyis not
configured. IP SLA operations are a suite of tools on Cisco devices that enable an administrator to
analyze and troubleshoot IP networks. For example, the following command set configures IP SLA
to regularly test and verify the reachability of IP address 10.10.10.2:

Cisco 400-101 Exam
To change how often an IP SLA operation is repeated, you should issue the frequencycommand
from an IP SLA configuration submode. The variable for the frequencycommand is specified in
seconds? therefore, the frequency 3 command specifies that the operation should repeat every
three seconds. The frequency 60 command has the same effect as the default frequency of 60
seconds.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/command/sla-cr-
book/sla_a1.html#wp4022386755
QUESTION NO: 239
Which of the following statements are correct regarding 802.1X portbased authentication? (Select
3 choices.)
A.
Before authentication occurs, only DHCP traffic is allowed through a port that is configured for
802.1Xauthentication.
B.
Before authentication occurs, only EAPOL, STP, and CDP traffic is allowed on a port that is
configuredfor 802.1X authentication.
C.
If a host is configured to use 802.1X but a switch is not, the host will be unable to communicate on
thenetwork.
D.
If a switch is configured to use 802.1X but a host is not, the host will be unable to communicate on
thenetwork.
E.
Multiple hosts can be connected to a port that is configured for 802.1X authentication.
F.
Only one host can be connected to a port that is configured for 802.1X authentication.

Cisco 400-101 Exam
Answer: B,D,E
Explanation:
Of the available choices, the following statements are correct regarding 802.1X portbased
authentication:
-Before authentication occurs, only Extensible Authentication Protocol over LANs (EAPOL),
SpanningTree Protocol (STP), and Cisco Discovery Protocol (CDP) traffic is allowed on a port that
is configured for 802.1X authentication.
-If a switch is configured to use 802.1X but a host is not, no communication will take place.
-Multiple hosts can be connected to a port that is configured for 802.1X authentication.
Port-based authentication that uses the Institute of Electrical and Electronics Engineers (IEEE)
802.1X standard can be used on Cisco switches to ensure that only authenticated users are able
to send traffic through the switch. Before authentication occurs, the only traffic that the port allows
is EAPOL traffic, STP traffic, and CDP traffic. This ensures that a host connected to the port is
authenticated before any other traffic is allowed through the port. The use of 802.1X authentication
requires that both the host and the switch be configured for 802.1X. If the host is configured for
802.1X but the switch is not, the host can communicate with the switch but 802.1X authentication
will not be used. However, if the switch is configured for 802.1X but the host is not, the host will be
unable to send traffic through the switch? the port will remain in the unauthorized state.
Dynamic Host Configuration Protocol (DHCP) traffic is not allowed through a port that isconfigured
for 802.1X authentication before authentication occurs. A host connected to a switch port that is
configured for 802.1X authentication can only communicate with the switch in order to authenticate
with the switch. After authentication occurs, the host can request an IP address from a DHCP
server.
You can connect more than one host to a port that is configured for 802.1X authentication. For
example, if multiple hosts are connected to a hub or a switch, you can connect the hub or switch to
a port that is configured for 802.1X authentication. To configure the port to accept connections
from multiple hosts, you should issue the dot1x host-mode multi-host command on the interface to
which the hub or switch will be connected.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/ht_8021x.html#wp1025060
QUESTION NO: 240
You issue the show runningconfig command on a Cisco 3700 series router and receive the

Cisco 400-101 Exam
Which of the following classes use FIFO queuing within the class? (Select the best answer.)
A.
only the boson class
B.
only the boson and exsim classes
C.
only the exsim and classdefault classes
D.
the boson, exsim, and classdefault classes
Answer: B
Explanation:
The boson and exsim classes use firstinfirstout (FIFO) queuing within the class. In this scenario,
classbased weighted fair queuing (CBWFQ) and low latency queuing (LLQ) are used, as indicated
by the priority and bandwidth commands. However, only the classdefault class can use weighted
fair queuing (WFQ); the other classes can use only FIFO queuing within the class. A traffic class
may be prioritized over other traffic classes, but traffic within that class is processed in the order
the traffic is received, without regard for packet type, protocol, or IP precedence. For example,
traffic with an IP precedence value of 3 might be transmitted ahead of traffic with an IP
precedence value of 4 even though its precedence value is lower.
Although the classdefault class can use FIFO queuing, it is currently configured to useWFQ. The
fairqueue command configures the classdefault class to use WFQ queuing. To configure the
classdefault class to use FIFO queuing, you should issue the no fair-queue command.

Cisco 400-101 Exam
Reference:
https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/22833-qos-
faq.html#qc
Cisco: QoS Frequently Asked Questions: Queueing and Congestion Management
QUESTION NO: 241
You issue the activation character 8 command from line configuration mode.
A.
Terminal access will not begin until the 8 key is pressed.
B.
Terminal access will not begin until the Backspace key is pressed.
C.
Terminal access will not begin until the Enter key is pressed.
D.
Terminal access will not begin until eight keys have been pressed.
E.
Terminal access must begin within eight seconds, or the session will be disconnected.
Answer: B
Explanation:
Terminal access will not begin until the Backspace key is pressed. The activation character
command can be issued from line configuration mode to help secure access to the console (CON)
port, auxiliary (AUX) port, and virtual terminal (VTY) ports. This method should not be used in lieu
of implementing strong password security, but it can help to dissuade casual intruders looking for
easy device access.
The variable for the activation character command is the decimal value for the ASCII character. By
default, the value 13 is used for the activation character, which corresponds to the Enter or Return
key. The decimal value 8 corresponds to the Backspace key, not the 8 key? the decimal value 56
corresponds to the 8 key.
The exectimeout command is used to configure a terminal line with an idle timeout. If no input is
detected on the line within the idle timeout period, the session is disconnected. The syntax of the
Cisco 400-101 Exam
exectimeout command is exectimeoutminutes [seconds].
Therefore, the exectimeout 1 30 command configures the router to automatically disconnect idle
sessions after one minute and 30 seconds, which is equal to 90 seconds. If the exectimeout
command has not been issued, an idle session will remain established for 10 minutes without
input. Issuing the no exectimeout command or the exectimeout 0 0 command causes a session to
never time out due to inactivity.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-
xml/ios/fundamentals/command/cf_command_ref/A_through_B.html#wp1723943209
QUESTION NO: 242
Which of the following commands should you issue to ensure that the enable password will be
used if a RADIUS server is unavailable? (Select the best answer.)
A.
aaa accounting exec enable start-stop group radius
B.
aaa accounting connection default start-stop group radius
C.
aaa authorization exec default group radius local
D.
aaa authorization exec default group radius if-authenticated
E.
aaa authentication enable default group radius enable
F.
aaa authentication login default local
Answer: E
Explanation:
You should issue the aaa authentication enable default group radius enable command to ensure
that the enable password will be used if a Remote Authentication Dial In User Service (RADIUS)
server is unavailable. Authentication, Authorization, and Accounting (AAA) is used to control
access to a router or switch. When implementing AAA, you can configure users to be
authenticated against a local database, against a RADIUS server, or against a Terminal Access

Cisco 400-101 Exam
Controller Access Control System Plus (TACACS+) server. For AAA authentication to be used
with a RADIUS server, a RADIUS server must exist on the network. However, you can configure a
router so that if a RADIUS server becomes unavailable, the enable password can be used for
authentication. This is accomplished by issuing the aaa authentication enable default group radius
enable command. The aaa authentication command can be used to configure AAA authentication
on a router or a switch. The first enable parameter specifies that the command applies to the
enable mode. The default keyword specifies that the default authentication list should be used.
The group radius keywords specify that the RADIUS server should be used. The final enable
keyword specifies that if the RADIUS server is unavailable, the enable password should be used.
The aaa authentication login default local command is used to configure AAA authentication to use
the local database for authentication purposes. This command does not ensure that the enable
password will be used if a RADIUS server is unavailable.
The aaa accounting command is used to enable AAA accounting on a router. The syntax of the
aaa accounting command is aaa accounting {authproxy | system | network| exec | connection |
commandslevel} {default | listname} [vrfvrfname] {startstop | stoponly | none} [broadcast] group
groupname. Although the aaa accounting exec enable startstop group radius command and the
aaa accounting connection default startstop group radius command are valid IOS commands, they
do not ensure that the enable password will be used if a RADIUS server is unavailable.
Instead, these commands configure AAA accounting with the defined parameters.
The aaa authorization command is used to configure AAA authorization on a router. The syntax of
the aaa authorization command is aaa authorization {network | exec | commandslevel |
reverseaccess | configuration} {default | listname} method1[method2…]. Although the aaa
authorization exec default group radius local command and the aaa authorization exec default
group radius if-authenticated command are valid IOS commands, they do not ensure that the
enable password will be used if a RADIUS server is unavailable. Instead, these commands
configure AAA authorization with the parameters defined.
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-
control-system-tacacs-/10384-security.html#ex3
QUESTION NO: 243
When creating a VPN tunnel, on which of the following devices should you issue the tunnel mode
auto command? (Select the best answer.)
A.
on the responder only
B.

Cisco 400-101 Exam
on the initiator only
C.
on both the responder and the initiator
D.
on neither the responder nor the initiator
Answer: A
Explanation:
You should issue the tunnel mode auto command on the responder only. The tunnel mode auto
command enables the Tunnel Mode Auto Selection feature, which simplifies the configuration of a
virtual private network (VPN) tunnel. When Tunnel Mode Auto Selection is configured, the
responder will apply the tunneling protocol and transport protocol that is established by the
initiator. Tunneling protocols include Generic Routing
Encapsulation (GRE) and IP Security (IPSec). Transport protocols include IPv4 and IPv6.
You should not issue the tunnel mode auto command on the initiator. The tunnel configuration
parameters must be statically configured on an initiator.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-
for-vpns-w-ipsec-xe-3s-book/sec-ipsec-virt-
tunnl.html#concept_D55B0B7783A441BBB576E9F85693DF39
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-
t2.html#wp3291311677
QUESTION NO: 244
Which of the following seed metrics is assigned by default when OSPF routes are redistributed
into EIGRP? (Select the best answer.)
A.
0
B.
1
C.
20

Cisco 400-101 Exam
D.
infinity
E.
the metric used by the OSPF route
Answer: D
Explanation:
A default seed metric with the value of infinity is assigned to Open Shortest Path First(OSPF)
routes that are redistributed into Enhanced Interior Gateway Routing Protocol (EIGRP). Routes
with an infinite metric are ignored by EIGRP and are not entered into the routing table. There is no
direct translation of the OSPF cost-based metric into an EIGRP-equivalent metric? the EIGRP
metric is based on bandwidth, delay, reliability, and load. Because the OSPF metric cannot be
automatically converted into a metric that EIGRPunderstands, EIGRP requires that the metric be
defined for all redistributed routes before those routes are entered into the routing table. To assign
a default metric for routes redistributed into EIGRP, you should issue the defaultmetric bandwidth
delay reliability loading mtu command. To assign a metric to an individual route redistributed from
OSPF into EIGRP, you should issue the redistribute ospfprocessidmetric bandwidth delay
reliability loading mtu command.
A default seed metric of infinity is also assigned to routes that are redistributed into Routing
Information Protocol (RIP). Like EIGRP, RIP requires that the metric be defined for all redistributed
routes before those routes are entered into the routing table. RIP uses hop count as a metric.
Valid hopcount values are from 1 through 15? a value of 16 is considered to be infinite. The
hopcount metric increases by 1 for each router along the path. Cisco recommends that you set a
low value for the hopcount metric for redistributed routes. To assign a default metric for routes
redistributed into RIP, you should issue the defaultmetric hopcount command. To assign a metric
to an individual route redistributed into RIP, you should issue the redistribute protocolhopcount
command. If no metric is assigned during redistribution and no default metric is configured for RIP,
the routes are assigned an infinite metric and are ignored by RIP.
A default seed metric of 0 is assigned to routes that are redistributed into

IntermediateSystemtoIntermediate System (ISIS). ISIS uses a cost metric assigned to each
participating interface. ISIS prefers routes with the lowest cost. Routes redistributed into
IS-IS are designated as Level 2 routes unless otherwise specified.
A default seed metric of 1 is assigned to Border Gateway Protocol (BGP) routes that are
redistributed into OSPF. OSPF uses a cost metric based on the bandwidth of each participating
interface and prefers internal routes with the lowest cost. By default, all routes redistributed into
OSPF are designated as Type 2 external (E2) routes. E2 routes have a metric that remains
constant throughout the routing domain. Alternatively, routes redistributed into OSPF can be
designated as Type 1 external (E1) routes. With E1 routes, the internal cost of the route is added
to the initial metric assigned during redistribution.
A default seed metric of 20 is assigned to routes that are redistributed into OSPF from an internal
gateway protocol other than OSPF. When OSPF routes are redistributed from one OSPF routing
Cisco 400-101 Exam
process to another OSPF routing process, the metrics are preserved and no default seed metric is
assigned. Metrics are also preserved when routes are redistributed from one Interior Gateway
Routing Protocol (IGRP) or EIGRP routing process into another IGRP or EIGRP routing process.
Reference:
QUESTION NO: 245
What is the size of the IPv6 fragment header? (Select the best answer.)
A.
32 bits
B.
64 bits
C.
20 bytes
D.
40 bytes
E.
1,280 bytes
Answer: B
Explanation:
The IPv6 fragment header is 64 bits long. The fragment header is used by an IPv6 source to
indicate a packet that exceeds the path maximum transmission unit (MTU) size. Unlike
IPv4, which enables intervening devices such as routers to fragment packets that exceedthe
permitted size for a local link, IPv6 requires the traffic originator to ensure that each packet sent is
small enough to traverse the entire link without fragmentation. The packet can then be
reassembled at the destination.
The IPv6 fragment header is not 32 bits long. However, the IPv6 fragment header contains a 32bit
field called the identification field. The identification field is used to uniquely identify each
fragmented packet.

Cisco 400-101 Exam
The IPv6 fragment header is neither 20 bytes nor 40 bytes long. A basic IPv4 header without
options is 20 bytes long, and a basic IPv6 header without extension headers is 40 bytes long.
Although an IPv4 header is shorter than an IPv6 header, it is more complex and contains more
fields than an IPv6 header. Several fields that exist in an IPv4 header, such as the Header
Checksum field and the Fragment Offset field, do not exist in an IPv6 header. Because many
protocols at the Data Link and Transport layers contain mechanisms to verify the integrity of the
packet, IPv6 does not contain a redundant method to calculate checksum values.
The IPv6 fragment header is not 1,280 bytes long. The default IPv6 MTU size is 1,280 bytes. IPv6
requires that each device have an MTU of 1,280 bytes or greater.
Reference:
QUESTION NO: 246
Which of the following mutual redistribution scenarios does not require you to configure manual
redistribution? (Select the best answer.)
A.
static routes and RIPv2
B.
static routes and EIGRP
C.
OSPF processes with different process IDs
D.
IS-IS and OSPF processes with the same area number
E.
IGRP and EIGRP processes with the same ASN
F.
EIGRP processes with different ASNs
Answer: E
Explanation:
Interior Gateway Routing Protocol (IGRP) processes and Enhanced IGRP (EIGRP) processeswith
the same autonomous system number (ASN) do not require manual redistribution. Mutual
redistribution of IGRP and EIGRP routing processes occurs automatically if the processes share

Cisco 400-101 Exam
the same ASN; there is no additional configuration required to enable route redistribution between
the IGRP and EIGRP processes. However, you must manually configure route redistribution
between IGRP and EIGRP processes with different ASNs.
Routing Information Protocol version 2 (RIPv2) automatically redistributes static routes that point
to an interface on the router. However, RIP does not redistribute static routes that point to a
nexthop IP address unless you issue the redistribute static command from RIP router configuration
mode. RIPv2 assigns static routes a metric of 1 and redistributes them as though they were
directly connected. Because there is only one routing protocol involved when static routes are
redistributed into a RIPv2 routing domain, this is a oneway redistribution of routing information.
EIGRP automatically redistributes static routes that point to an interface on the router.
However, EIGRP does not redistribute static routes that point to a nexthop IP addressunless you
issue the redistribute static command from EIGRP router configuration mode. The static route is
redistributed as an external route. Because there is only one routing protocol involved when static
routes are redistributed into an EIGRP routing domain, this is a oneway redistribution of routing
information.
Open Shortest Path First (OSPF) processes with different process IDs do not redistribute routes
without manual configuration. Although it is possible to run multiple OSPF processes on a single
router, it is not recommended, because suboptimal routing and routing loops may occur.
Intermediate System-to-Intermediate System (IS-IS) and OSPF processes with the same area
number do not redistribute routes without manual configuration. ISIS and OSPF both assign a
default metric to redistributed routes unless otherwise specified.
Reference:
eigrp/16406-eigrp-toc.html#sameauto
QUESTION NO: 247
Which of the following Cisco IOS XE subpackages is always different among consolidated
packages? (Select the best answer.)
A.
RPAccess
B.
RPBase

Cisco 400-101 Exam
C.
RPControl
D.
RPIOS
E.
ESPBase
F.
SIPBase
G.
SIPSPA
Answer: D
Explanation:
The RPIOS Cisco IOS XE subpackage is always different among consolidated packages. A
consolidated package is an image that contains multiple subpackage files. Every consolidated
package will contain the following subpackages:
-RPAccess -provides router access software, either with or without cryptologic support
-RPBase -provides the operating system software for the route processor
-RPControl -provides the control plane interface between the IOS software and the platform
-RPIOS -provides the IOS kernel, which stores and runs IOS software features
-ESPBase -provides the
-Embedded Service Processor (ESP) operating system and control processes
-SIPBase -controls the Session Initiation Protocol (SIP) operating system and control processes
-SIPSPA -provides the shared port adaptor (SPA) driver and field-programmable device (FPD)
images
Of these subpackages, only the RPIOS subpackage is always different among consolidated
packages. The RPBase, RPControl, ESPBase, SIPBase, and SIPSPA subpackages are always
the same regardless of the consolidated package. There are two different versions of RPAccess: a
K9 version, which includes cryptographic support, and a nonK9 version, which does not include
cryptographic support.
Optional subpackages are also available. However, optional subpackages are not contained within
consolidated packages; they must be downloaded directly from Cisco.
Reference:
Cisco 400-101 Exam
https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp29
96921
QUESTION NO: 248
Which of the following Cisco Performance Monitor commands is not issued from global
configuration mode? (Select the best answer.)
A.
class-map
B.
flow monitor type performance-monitor
C.
flow record type performance-monitor
D.
policy-map type performance-monitor
E.
service-policy type performance-monitor
Answer: E
Explanation:
The servicepolicy type performancemonitor command is not issued from global configuration
mode; it is issued from interface configuration mode. Cisco Performance Monitor enables you to
monitor traffic flow information, such as packet count, byte count, drops, jitter, and roundtrip time
(RTT). To configure Cisco Performance Monitor, you must perform the following tasks:
1. Create a flow record.
2. Configure a flow monitor.
3. Create one or more classes.
4. Create a policy.
5. Associate the policy with an interface.
First, create a Performance Monitor flow record by issuing the flow record typeperformancemonitor
command from global configuration mode. The flow record is used to specify the data that will be
collected. To configure the flow record, issue match and collect commands.

Cisco 400-101 Exam
Next, configure a Performance Monitor flow monitor by issuing the flow monitor type
performancemonitor command from global configuration mode. The flow monitor allows you to
associate a flow record with a flow exporter. A flow exporter is used to send Performance Monitor
data to a remote system.
Third, create one or more classes by issuing the classmap command from global configuration
mode. A Performance Monitor class map is configured like any other class map by issuing match
statements to specify the classification criteria.
Fourth, create a Performance Monitor policy by issuing the policymap type performancemonitor
command from global configuration mode. A Performance Monitor policy associates a class with a
flow monitor.
Finally, associate the Performance Monitor policy with an interface by issuing the servicepolicy
type performancemonitor command from interface configuration mode. Issuing this command
activates the Performance Monitor policy.
Reference:
https://search.cisco.com/search?query=Cisco%20IOS%20Media%20Monitoring%20Configuration
%20Guide&locale=enUS&tab=Cisco
QUESTION NO: 249
You issue the ping mpls ipv4 command.
Which of the following return codes indicates a successful ping? (Select the best answer.)
A.
0
B.
1
C.
2
D.
3
E.
4
Answer: D

Cisco 400-101 Exam
Explanation:
A return code of 3 indicates a successful ping. The ping mpls ipv4 command can be usedto verify
Multiprotocol Label Switching (MPLS) label switched path (LSP) connectivity. The output will
display symbolic and numeric return codes. The following list contains all of the numeric return
codes along with their corresponding symbols and definitions:
A successful MPLS ping will look similar to the following output:
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/ht_lspng.html#wp1054221
https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-
2/mpls/command/reference/b_mpls_cr42crs/b_mpls_cr42crs_chapter_0110.html#wp2685217708
Select the components on the left that create a complete multiprotocol BGP VPN-IPv4 address.
Place the components in the order they appear in the address.

Cisco 400-101 Exam
Answer:
Explanation:
A multiprotocol Border Gateway Protocol (BGP) virtual private network (VPN)IPv4 addressbegins
with an 8byte route distinguisher (RD) and ends with a 4byte IPv4 address. The RD consists of a
2byte Type field and a 6byte Value field. The value of the Type field determines what the structure
of the Value field is. The following table lists the Type values along with their corresponding Value
field structures:
If the Type field is 0, the Administrator subfield is a 2byte autonomous system number(ASN). If the
Type field is 1, the Administrator subfield is an IP address. If the Type field is 2, the Administrator
subfield is a 4byte ASN. In all cases, the Assigned Number subfield contains a number assigned
by the administrator.
Although the Type field and the Value field are found within a BGP VPNIPv4 address, these fields
compose only the RD, not the entire multiprotocol BGP VPNIPv4 address. Although the
Administrator subfield and Assigned Number subfield are found within a multiprotocol
BG VPNIPv4 address, these subfields compose the Value field of the RD. The ASN is a part of the
Administrator subfield.
Reference:
Cisco 400-101 Exam
Select the attributes from the left, and place them on the right in the order they are prioritized by
the OSPFv2 Loop-Free Alternate Fast Route feature by default.
Answer:
Explanation:

Cisco 400-101 Exam
The Open Shortest Path First version 2 (OSPFv2) Loop-Free Alternate Fast Reroute feature is
used to reroute traffic if a link fails. Repair paths are calculated and stored in the Routing
Information Base (RIB). When a primary path fails, the repair path is used without requiring route
recomputation. OSPFv2 Loop-Free Alternate Fast Reroute is not supported on virtual links, but it
is supported on VPN routing and forwarding (VRF) OSPF instances. You can configure a traffic
engineering (TE) tunnel interface as a repair path but not as a protected interface.
The srlg attribute is considered first in the calculation of a repair path. A shared risk link group
(SRLG) is a group of next-hop interfaces that are likely to fail simultaneously. You can issue the
srlg command to assign an interface to an SRLG.
The primary path attribute is considered second. You can configure the primary path attribute so
that a particular repair path is used.
The interface-disjoint attribute is considered third. You can set the interface-disjoint attribute to
prevent selection of pointtopoint interfaces, which have no alternate next hop for rerouting.
The lowest metric attribute is considered fourth. The lowest cost route might not be the most
stable route. However, you can configure the metric attribute to ensure that routes with lower
metrics are selected as repair paths.
The linecard-disjoint attribute is considered fifth. Interfaces on the same line card are likely to fail
at the same time if there is a problem with the card.
The node-protecting attribute is considered sixth. You can configure the node-protecting attribute
so that the primarypath gateway router is not selected for the repair path.
The broadcast-interface-disjoint attribute is considered last. You can configure the broadcast-
interface-disjoint attribute so that the repair path does not use the broadcast network to which the

Cisco 400-101 Exam
primary path is connected.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/iro-xe-3s-
book/iro-lfa-frr.html
QUESTION NO: 252
You issue the show running-config command on RouterA and receive the following partial output:
Access-list 101 permit ip host 172.16.223.82 10.17.88.0 0.0.0.255
route-map map1 permit 10
match ip address 101
set next-hop 192.168.1.1
Which of the following packets will RouterA redirect to the nexthop router at 192.168.1.1? (Select
the best answer.)
A.
packets sent from the 10.17.88.0/24 network or destined to 172.16.223.82
B.
packets sent from the 10.17.88.0/24 network and destined to 172.16.223.82
C.
packets sent from 172.16.223.82 or destined to the 10.17.88.0/24 network
D.
packets sent from 172.16.223.82 and destined to the 10.17.88.0/24 network
Answer: D
Explanation:
RouterA will detect packets sent from 172.16.223.82 and destined to the 10.17.88.0/24 network
and then redirect them to the nexthop router at 192.168.1.1. Route maps are conditional
statements that determine whether a packet is processed normally or modified. A route map can
be divided into a series of sequences that are processed in sequentialorder. If a route matches all
the match criteria in a sequence, the route is permitted or denied based on the permit or deny
keywords in the routemap command and any setconditions are applied. If a route does not match

Cisco 400-101 Exam
all the match criteria in any sequence, the route is discarded.
In this scenario, the routemap map1 permit 10 command creates a route map namedmap1. The
permit10 keywords indicate that any route satisfying all the matchstatements in route map
sequence number 10 will be redistributed. In this sequence, there is only one match statement,
match ip address 101, which indicates that packets that match the IP addresses in access list 101
will be processed by the route map.
The accesslist 101 permit ip host 172.16.223.82 10.17.88.0 0.0.0.255 command creates access
list 101, which specifies that IP packets sent from 172.16.223.82 and destined to the
10.17.88.0/24 network are processed by the route map. Packets have to match only one
accesslist statement in order to be processed by the route map.
RouterA will not redirect packets sent from the 10.17.88.0/24 network and destined to
172.16.223.82. To configure RouterA to match this traffic, you would need to reverse the keywords
in the accesslist statement so that the source is the 10.17.88.0/24 network and the destination is
the host at 172.16.223.82. The following command set would configure RouterA to detect packets
sent from the 10.17.88.0/24 network and destined to 172.16.223.82 and then redirect those
packets to the nexthop router at 192.168.1.1:
RouterA(config)#accesslist 101 permit ip 10.17.88.0 0.0.0.255 host 172.16.223.82
RouterA(config)#routemap map1 permit 10
RouterA(configroutemap)#match ip address 101
RouterA(configroutemap)#set nexthop 192.168.1.1
RouterA will not redirect packets sent from the 10.17.88.0/24 network or destined to
172.16.223.82. To configure RouterA to match either of two access list criteria, you would need to
create two separate accesslist statements: one that matches traffic sent from the 10.17.88.0/24
network destined to anywhere, and one that matches traffic sent from anywhere destined to
172.16.223.82. The following command set would configure RouterA to detect packets sent from
the 10.17.88.0/24 network or destined to 172.16.223.82 and redirect those packets to the nexthop
router at 192.168.1.1:
RouterA(config)#accesslist 101 permit ip 10.17.88.0 0.0.0.255 any
RouterA(config)#accesslist 101 permit ip any host 172.16.223.82
RouterA will not redirect packets sent from 172.16.223.82 or destined to the 10.17.88.0/24
network. To configure RouterA to match either of two access list criteria, you would need to create

Cisco 400-101 Exam
two separate accesslist statements: one that matches traffic sent from 172.16.223.82 destined to
anywhere, and one that matches traffic sent from anywhere destined to the 10.17.88.0/24 network.
The following command set would configure RouterA to detect packets sent from 172.16.223.82 or
destined to the 10.17.88.0/24 network and then redirect those packets to the nexthop router at
192.168.1.1:
RouterA(config)#accesslist 101 permit ip any 10.17.88.0 0.0.0.255
RouterA(config)#accesslist 101 permit ip host 172.16.223.82 any
RouterA(configroutemap)#match ip address 101 RouterA(configroutemap)#set nexthop

192.168.1.1
Reference:
CCIE Routing and Switching v5.0 Certification Guide, Volume 1, Chapter 11, ConfiguringRoute
Maps with the routemap Command, pp. 638-640
a2.html#wp4698537840
QUESTION NO: 253
You administer an MPLS domain. You issue the ip vrf Customer129 command to create a VRF
table for a customer. You now want to create an RD and configure RTs.
Which of the following formats can you use? (Select 2 choices.)
A.
nn:AS, where nn is a 16-bit decimal number and AS is a 16-bit ASN
B.
nn:A.B.C.D, where nn is a 16-bit decimal number and A.B.C.D is a 32-bit IP address
C.
nn:MAC, where nn is a 16-bit decimal number and MAC is a 48-bit MAC address
D.
AS:nn, where AS is a 16-bit ASN and nn is a 32-bit decimal number
E.
A.B.C.D:nn, where A.B.C.D is a 32-bit IP address and nn is a 16-bit decimal number
F.

Cisco 400-101 Exam
MAC:nn, where MAC is a 48-bit MAC address and nn is a 16-bit decimal number
Answer: D,E
Explanation:
You can use the following formats to create a route distinguisher (RD) and configure route targets
(RTs):
- AS:nn, where AS is a 16bit autonomous system number (ASN) and nn is a 32bit decimal number
- A.B.C.D:nn, where A.B.C.D is a 32bit IP address and nn is a 16bit decimal number
When you issue the ip vrf name command in global configuration mode, you are placed in VPN
routing and forwarding (VRF) configuration mode, where you can configure the VRF.
First, you should create an RD by issuing the rd value command. An RD is a value that is used to
create a virtual private network (VPN) prefix to identify the VPN. You can specify the RD by
combining an ASN or IP address with any decimal number.
There are three types of RDs: Type 0, Type 1, and Type 2. The type of RD configuration you
create depends on how you issue the value parameter of the rd command and whether you are
configuring a multicast VPN environment. Type 0 and Type 1 RDs are used in unicast
configurations. A Type 0 RD is configured by issuing the value parameter of the rd command with
the 16bit ASN in front of the 32bit decimal number. A Type 1 RD is configured by issuing the value
parameter of the rd command with the 32bit decimal number in front of the 16bit ASN. A Type 2
RD is configured similarly to a Type 1 RD but applies to only multicast VPN configurations.
To configure RT extended community attributes for the VRF, you should issue the route-target
{import | export | both} value command. Like RDs, RTs are specified by combining an ASN or IP
address with any decimal number. The import, export, and both keywords specify whether
extended community attributes should be imported, exported, or both.
You should also associate an interface with the VRF by issuing the ip vrf forwarding name
command, where name is the name of the VRF as specified in the ip vrf name command. When
the ip vrf forwarding command is issued, the IP address is removed from the interface. Therefore,
you should reconfigure the IP address on the interface after issuing the ip vrf forwarding
command.
The following commands can be used to create a VRF table for a customer and apply it to an
interface:
RouterA(config) #ip vrf Customer129
RouterA(config-vrf) #rd 123:6
RouterA(config-vrf) #route-target both 123:6
RouterA(config-vrf) #route-target export 192.168.14.1:77
RouterA(config-vrf) #exit
Cisco 400-101 Exam
RouterA(config) #interface fa0/1
RouterA(config-if) #ip vrf forwarding Customer129
You would not use the following formats to create RDs and RTs, because the parameters are in
the wrong order:
-nn:AS, where nn is a 16bit decimal number and AS is a 16-bit ASN
-nn:A.B.C.D, where nn is a 16bit decimal number and A.B.C.D is a 32-bit IP address
You would not use the following formats to create RDs and RTs, because Media Access Control
(MAC) addresses cannot be used to create them:
-nn:MAC, where nn is a 16-bit decimal number and MAC is a 48-bit MAC address
- MAC:nn, where MAC is a 48-bit MAC address and nn is a 16-bit decimal number
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mpls/command/mp-cr-book/mp-
m4.html#wp3212018555
19815
Select the BFD mode or function from the left, and place it on the corresponding description on the
right.
Answer:

Cisco 400-101 Exam
Explanation:
Bidirectional Forwarding Detection (BFD) is a detection protocol that is designed to

detectforwarding path failures in less than one second. Additionally, BFD is designed to work
regardless of media type, encapsulation, or routing protocol, providing network administrators with
a uniform forwarding failure detection method across a network. BFD supports Open Shortest
Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), Border Gateway
Protocol (BGP), and Intermediate SystemtoIntermediate System (ISIS).
BF has two operating modes: Asynchronous mode and Demand mode. Asynchronous mode
systems periodically send BFD Control packets. If Control packets are not received from a
neighbor in a timely fashion, the neighbor is assumed to be down.
Demand mode systems assume that there is an external method of verifying connectivity. When
Demand mode is enabled on a system, the system can ask neighbors to stop sending
BF Control packets except when absolutely necessary. This enables Demand modesystems to
support a large number of BFD sessions, but the relative lack of Control packets can cause failure
detection to be slower.
The Echo function can be enabled with Asynchronous mode or Demand mode. When the
Echo function is enabled on a system, the system will send a stream of BFD Echo packetsto a
neighbor. If enough Echo packets are not returned, the neighbor is assumed to be down. The
Echo function can reduce roundtrip jitter and can increase the speed of failure detection. Although
the Echo function does not send packets as often as Asynchronous mode does, Asynchronous
mode requires half as many packets as the Echo function does in order to detect a failure.
Reference:
QUESTION NO: 255

Cisco 400-101 Exam
Which of the following statements is true regarding BGP soft reconfiguration? (Select the best
answer.)
A.
It requires very little memory.
B.
It can be performed by issuing the clear ip bgp command.
C.
It tears down BGP sessions before rebuilding the routing tables.
D.
It requires no configuration to support both inbound and outbound updates.
Answer: B
Explanation:
Border Gateway Protocol (BGP) soft reconfiguration can be performed by issuing the clear ip bgp
command. The clear ip bgp command rebuilds the BGP routing table. This command can be used
to begin a soft or hard reset. A soft reset uses stored prefix information in order to rebuild the BGP
routing tables without breaking down any active peering sessions, whereas a hard reset breaks
down the active peering sessions and then rebuilds the BGP routing tables. Typically, the clear ip
bgp * soft command initiates soft reconfiguration; however, if all BGP routers support soft
reconfiguration, the soft keyword is assumed by default.
BG soft reconfiguration does not require any configuration to support outbound updates, because
outbound updates are stored automatically. However, soft reconfiguration requires that you issue
the neighbor rneighbor-id soft-reconfiguration inbound command
before it stores inbound updates from a neighbor. These updates are stored in memory, so soft
reconfiguration is very memory intensive. When soft reconfiguration inbound is configured, the
route will display (received only) in the output of the show ip bgp command.
Reference:
l#wp1107408
QUESTION NO: 256

Cisco 400-101 Exam
You administer the network shown above. RouterA and RouterB are configured to use EIGRP on
all interfaces. Automatic summarization is enabled.
What network or networks will RouterA advertise to RouterB? (Select the best answer.)
A.
172.16.0.0/16
B.
172.16.0.0/22
C.
172.16.0.0/23 and 172.16.3.0/24
D.
172.16.0.0/24, 172.16.1.0/24, and 172.16.3.0/24
Answer: A
Explanation:
RouterA will advertise the 172.16.0.0/16 network to RouterB. When the auto-summarycommand
has been used to enable automatic summarization on a router, Enhanced Interior Gateway
Routing Protocol (EIGRP) automatically summarizes networks on classfulboundaries.
Summarization, which is also referred to as aggregation, minimizes and optimizes the size of
routing tables and advertisements and reduces a router's processor and memory requirements.
Summarization is also useful in limiting the scope of EIGRP queries.
The 172.16.0.0/24, 172.16.1.0/24, and 172.16.3.0/24 networks in this scenario use Class B
addresses. Therefore, these network ranges are summarized to the Class B boundary, which is
/16.
To disable automatic summarization, you should issue the no autosummary command. The no
autosummary command enables EIGRP to advertise the actual networks, not the classful
summary. You should use the no autosummary command when a classful network is divided and
portions of the same classful network exist in different parts of the network topology. If you were to
issue the no autosummary command on RouterA, RouterA would advertise the individual network

Cisco 400-101 Exam
ranges and subnet mask information to RouterB.
You can issue the ip summaryaddress eigrp command to enable manual summarization. Manual
summarization is configured on a perinterface basis. The syntax of the ip summaryaddress eigrp
command is ip summaryaddress eigrp asnumberaddressmask, where asnumber is the EIGRP
autonomous system number (ASN), address is the summary address, and mask is the subnet
mask in dotted decimal notation.
You can also summarize external routes. However, EIGRP will not automatically summarize
external routes unless there is an internal route that uses the same classful network. If the
172.16.0.0/24, 172.16.1.0/24, and 172.16.3.0/24 networks in this scenario were external routes
redistributed into EIGRP, those networks would not be automatically summarized by RouterA,
because there is no internal route that uses the 172.16.0.0/16 network range.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfeigrp.html#
wp1017389
eigrp/16406-eigrp-toc.html#auto
QUESTION NO: 257
Which of the following TCP features can cause TCP starvation in a network with a large amount of
UDP traffic and no QoS mechanism? (Select the best answer.)
A.
window scaling
B.
sliding window
C.
MSS adjustment
D.
selective acknowledgment
Answer: B
Explanation:
The Transmission Control Protocol (TCP) sliding window feature can cause TCP starvation in a
network with a large amount of User Datagram Protocol (UDP) traffic and no Quality of Service

Cisco 400-101 Exam
(QoS) mechanism. TCP starvation, which is also known as UDP dominance, occurs when
congestion and packet loss cause TCP data streams to scale back their transmission window
sizes, thereby enabling UDP data streams to dominate the available network bandwidth. TCP
starvation can introduce additional latency and reduce the overall throughput of a network link.
TCP has flow control mechanisms to prevent a sending device from transmitting data faster than
the receiver can process it. When TCP detects dropped packets, it reduces the TCP transmission
window size and retransmits the dropped packets. Reducing the window size slows the rate at
which TCP sends traffic. If multiple TCP data streams exist and no QoS mechanism is in place,
the streams typically reduce their window sizes in unison because they experience dropped
packets in an equal distribution. If there are a large number of UDP data streams on the same
network link as the TCP data streams, they will quickly consume the network bandwidth that was
made available by the reduction of TCP traffic.
However, because UDP does not have an inherent flow control mechanism like TCP does, the
UDP data streams are not directly affected by dropped packets and the network congestion will
likely continue or possibly get worse.
Window scaling is not a TCP feature that can cause TCP starvation in a network with a large
amount of UDP traffic and no QoS mechanism. Window scaling enables a router to store the
equivalent of a 32bit value in the 16bit TCP header field that specifies the window size. This
enables the router to process a significantly larger number of bytes before it is required to send an
acknowledgment. Larger window sizes are of particular use on networks with high bandwidth and
high delay, which are known as Long Fat Networks (LFNs).
Selective acknowledgment is not a TCP feature that can cause TCP starvation in a network with a
large amount of UDP traffic and no QoS mechanism. Selective acknowledgment enables TCP to
acknowledge packets that were received out of order. Without selective acknowledgment, the
receiving router would only be able to acknowledge packets in order.
Fo example, if 10 packets were sent and only packets 1, 2, 3, 5, 7, 8, 9, and 10 werereceived, a

router without selective acknowledgment would acknowledge the receipt of only packets 1, 2, and
3. This would likely cause packets 5, 7, 8, 9, and 10 to be retransmitted. However, with selective
acknowledgment, the router could acknowledge the receipt of all of the packets and only the
missing packets would be retransmitted. Selective acknowledgment reduces wasted transmissions
and increases the overall efficiency of TCP on a particular link.
Maximum segment size (MSS) adjustment is not a TCP feature that can cause TCP starvation in a
network with a large amount of UDP traffic and no QoS mechanism. MSS adjustment enables a
router to override the MSS value of TCP SYN packets. Hosts use the MSS option in the TCP
header to negotiate a maximum size of an IP segment. However, if an intervening device cannot
support this size, the packets might get dropped and the TCP session might terminate. With the
TCP MSS adjustment feature, you can modify the TCP MSS value for transient packets, which are
packets that neither originate from nor terminate on the router. This can ensure that the router will
not drop the packets because they exceed the maximum transmission unit (MTU) of one of its
interfaces.
Reference:

Cisco 400-101 Exam
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-
SRND-Book/VPNQoS.html#pgfId-113408
QUESTION NO: 258
You want to connect four ports on two switches in an EtherChannel configuration. SwitchEast is a
Cisco switch, and SwitchWest is a nonCisco switch.
Which of the following command sets should you issue to configure interfaces Gi 2/1 through Gi
2/4 on SwitchEast? (Select the best answer.)
A.
SwitchEast(config)#interface port-channel 1
SwitchEast(config-if)#ip address 10.20.30.40 255.255.255.0
SwitchEast(config-if)#interface range gi 2/1 4
SwitchEast(config-if-range)#no ip address
SwitchEast(config-if-range)#channel-protocol pagp
SwitchEast(config-if-range)#channel-group 1 mode active
B.
SwitchEast(confi-gif)#interface range gi 2/1 4
SwitchEast(config-if-range)#channel-group 1 mode desirable non-silent
C.
SwitchEast(config-if-range)#channel-protocol lacp

Cisco 400-101 Exam
D.
Answer: C
Explanation:
You should issue the following command set to configure interfaces Gi 2/1 through Gi 2/4 on
SwitchEast:
SwitchEast(config)#interface portchannel 1
SwitchEast(config-if)#interface range gi 2/1 - 4
These commands configure a Link Aggregation Control Protocol (LACP) EtherChannel on

SwitchEast.
LACP is defined in the Institute of Electrical and Electronics Engineers (IEEE) 802.3ad standard.
Because LACP is a standardsbased protocol, it can be used between Cisco and nonCisco
switches.
The interface portchannel 1 command creates port channel interface 1? the port channel interface
number can be any number from 1 through 64. The ip address 10.20.30.40 255.255.255.0
command assigns the IP address 10.20.30.40/24 to the port channel interface. The interface
range gi 2/1 4 command enters interface configuration mode for interfaces Gi 2/1 through Gi 2/4,
and the no ip address command ensures that no IP address is configured for any of the interfaces
that will belong to the channel group.
The channel-protocol lacp command configures the interfaces for LACP operation. The
channelgroup 1 mode active command configures the interfaces for channel group 1 in active
mode. The syntax of the channelgroup command is channel
Cisco 400-101 Exam
group numbermode {on | active | passive | {auto | desirable} [nonsilent]}, where number is the port
channel interface number. The auto, desirable, and nonsilentkeywords can be used only with Port
Aggregation Protocol (PAgP). The on keyword configures the channel group to unconditionally
create the channel with no LACP negotiation. The active keyword configures the channel group to
actively negotiate LACP, and the passive keyword configures the channel group to listen for LACP
negotiation to be offered.
The following command set configures a PAgP EtherChannel on interfaces Gi 2/1 through 2/4 on
SwitchEast:
PAgP is a Ciscoproprietary protocol. Therefore, PAgP cannot be used to create an EtherChannel

between SwitchEast and SwitchWest; it can only be used to create an EtherChannel between two
Cisco switches.
The first part of PAgP configuration is identical to LACP configuration. The channel-protocol pagp
command configures the interfaces for PAgP operation. The channel-group 1 mode desirable non-
silent command configures the interfaces for channel group 1 in desirable mode. The syntax of the
channelgroup command is channel-group numbermode {on | active | passive | {auto | desirable}
[nonsilent]}, where number is the port channel interface number. The active and passive keywords
can be used only with LACP. The on keyword configures the channel group to unconditionally
create the channel with no PAgP negotiation. The desirable keyword configures the channel group
to actively negotiate PAgP, and the auto keyword configures the channel group to listen for PAgP
negotiation to be offered. The optional nonsilent keyword requires that a port receive PAgP
packets before the port is added to the channel.
The following command set is invalid because the desirable and nonsilent keywords cannot be
used with LACP:

Cisco 400-101 Exam
SwitchEast(config-if-range)#channel-group 1 mode desirable non silent
The following command set should not be issued on SwitchEast, because PAgP cannot be used
on nonCisco switches. Additionally, the command set is invalid because the active keyword cannot
be used with PAgP:
SwitchEast(config)#interface portchannel 1
SwitchEast(configif)#ip address 10.20.30.40 255.255.255.0
SwitchEast(configif)#interface range gi 2/1 - 4
SwitchEast(configifrange)#no ip address
SwitchEast(configifrange)#channelprotocol pagp
SwitchEast(configifrange)#channelgroup 1 mode active
Reference:
2_55_se/configuration/guide/3750xscg/swethchl.html
QUESTION NO: 259
Which of the following commands should you issue on a switch port so that the port will trust the
CoS value of the incoming voice and data traffic? (Select the best answer.)
A.
mls qos trust
B.
mls qos trust cos

Cisco 400-101 Exam
C.
mls qos trust ip-precedence
D.
switchport priority extend cos
E.
switchport priority extend trust
F.
switchport trunk native vlan tag
Answer: B
Explanation:
You should issue the mls qos trust cos interface configuration command on the switch port
connected to an IP phone to configure that port to trust the class of service (CoS) values of
incoming voice and data traffic. CoS values are used to prioritize voice and data traffic so the
delaysensitive voice traffic receives preferential treatment on the network. By default, the switch
port does not trust the CoS values of incoming traffic and reclassifies the traffic with the port's
default CoS value of 0. The mls qos trust cos command configures the switch to trust the CoS
value of both voice traffic and data traffic that is sent by an IP phone.
The multilayer switching (MLS) port trust feature can be used to examine the CoS or differentiated
services code point (DSCP) value to classify incoming traffic. To configure the MLS port trust
state, you should issue the mls qos trust command. The syntax for configuring the MLS port trust
state is mls qos trust [cos | dscp | ip-precedence]. If you do not specify one of the keywords or if
Quality of Service (QoS) has been disabled globally, the mls qos trust command defaults to dscp,
which classifies incoming traffic according to the DSCP values in the packet header. If you use the
ip-precedence keyword, the incoming packets are classified according to the type of service (ToS)
bits in the packet header.
Issuing the switchport priority extend cos interface configuration command on the switch port to
which the IP phone is connected configures the IP phone to override the priority of the data
packets it receives from the host and assigns new CoS values to the host generated packets.
Using the switchport priority extend cos command reclassifies incoming data packets with the
default CoS value of 0. Thus an IP phone can prevent the computer from exploiting a high-priority
data queue.
The switchport priority extend trust interface configuration command configures an IP phone to
trust the CoS value of incoming data packets it receives from the attached computer. The
switchport priority extend trust command does not configure the switch port to trust the traffic it
receives from an IP phone.
The switchport trunk native vlan tag interface configuration command configures native virtual LAN
(VLAN) traffic to be tagged. By default, traffic from the native VLAN is sent untagged. Tagging
native VLAN traffic is necessary to enable Layer 2 QoS support on the native VLAN.

Cisco 400-101 Exam
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos/command/qos-cr-book/qos-
m2.html#wp3022589880
QUESTION NO: 260
Which of the following algorithms will an OSPF router use to determine the best route for packets?
A.
the Dijkstra algorithm
B.
the Diffie-Hellman algorithm
C.
the Bellman-Ford algorithm
D.
the DUAL algorithm
E.
the path-vector algorithm
Answer: A
Explanation:
An Open Shortest Path First (OSPF) router will use the Dijkstra algorithm to determine the best
route for packets. The OSPF routing process determines the best route for packets by analyzing
its link state database and building a shortest path first (SPF) tree. The SPF tree is a simplified
view of the entire network topology and contains the shortest route to any destination on the
network. Although every router in an area has the same link state database, each router can
calculate its own SPF tree to determine the best route to any location on the network. The SPF
tree is typically recalculated only if a router receives a link state packet that indicates a change on
the network. Because link state updates are only transmitted within an area, OSPF routers in other
areas do not recalculate their SPF trees when a change occurs in an area to which they are not
connected.
An OSPF router will not use the Bellman-Ford algorithm to determine the best route for packets.
The Bellman-Ford algorithm is used by distance vector routing protocols, such as Routing
Information Protocol (RIP), to determine the best routes to locations on the network.
An OSPF router will not use the path-vector algorithm to determine the best route for packets. The
path-vector algorithm, which is used by Border Gateway Protocol (BGP) to determine the best
Cisco 400-101 Exam
routes to locations on the network, is based on the Bellman-Ford algorithm.
An OSPF router will not use the Diffusing Update Algorithm (DUAL) to determine the best route for
packets. The DUAL algorithm is a hybrid of distance-vector routing protocols and is used by
Enhanced Interior Gateway Routing Protocol (EIGRP) to determine the best routes to locations on
the network.
An OSPF router will not use the Diffie-Hellman algorithm to determine the best route for packets.
The Diffie-Hellman algorithm is not used by dynamic routing processes. The Diffie-Hellman
algorithm is commonly used by IP Security (IPSec) to generate shared keying material and to
securely transfer the information necessary to establish a security association (SA) with an IPSec
peer.
Reference:
QUESTION NO: 261
Which of the following OSPF network types have a default hello timer of 10 seconds and dead
timer of 40 seconds? (Select 2 choices.)
A.
broadcast
B.
nonbroadcast
C.
point-to-point
D.
point-to-multipoint
E.
point-to-multipoint nonbroadcast
Answer: A,C
Explanation:
The broadcast and pointtopoint Open Shortest Path First (OSPF) network types have a default
hello timer of 10 seconds and dead timer of 40 seconds. The nonbroadcast, pointtomultipoint, and
pointtomultipoint nonbroadcast OSPF network types have a default hello timer of 30 seconds and
a dead timer of 120 seconds.

Cisco 400-101 Exam
The hello timer is used to specify the amount of time between sending hello packets, and the dead
timer is used to specify the amount of time to wait for hello packets before declaring a neighbor to
be down. In order for OSPF routers to establish an adjacency, the hello timer on one router should
match the hello timer on the other router, and the dead timer on one router should match the dead
timer on the other router. The dead timer is set to four times the hello timer value by default.
To manually configure the hello timer interval, you should issue the ip ospf hellointerval seconds
command in interface configuration mode. To manually configure the dead timer interval, you
should issue the ip ospf dead-interval seconds command in interface configuration mode.
Reference:
i1.html#wp4134450560
a1.html#wp2917383021
QUESTION NO: 262
Which of the following statements is accurate regarding alternate ports? (Select the best answer.)
A.
An alternate port is always in the forwarding state.
B.
An alternate port is the port on a switch that has the best path to the root bridge.
C.
An alternate port is the port on a segment that has the best path to the root bridge.
D.
An alternate port is a blocked port that receives more useful BPDUs from a port on another switch.
E.
An alternate port is a blocked port that receives more useful BPDUs from another port on the local
switch.
Answer: D
Explanation:
An alternate port is a blocked port that receives more useful bridge protocol data units(BPDUs)
from a port on another switch. Rapid Spanning Tree Protocol (RSTP) defines the following four
port roles:

Cisco 400-101 Exam
-Root port
-Designated port
-Alternate port
-Backup port
The root port on a switch is the port that receives the best BPDU, which indicates the best path to
the root bridge based on the best root port cost. All switches except the root bridge contain exactly
one root port. Because there is only one best path to the root bridge, a switch can have only one
root port; only the root bridge does not have a root port. Root ports are always in the forwarding
state.
The best path to the root bridge is the one that has the lowest cost to the root bridge. The cost is
based on the bandwidth of a link. The higher the bandwidth, the lower the cost. RSTP uses the
following link costs by default:
In the event of a tie, the port connected to the device with the lowest bridge ID (BID)becomes the
root port. If both ports are connected to the same switch, the port that receives the BPDU with the
lowest sending port ID becomes the root port. The port ID consists of the port priority and the port
number. The port configured with the lowest port priority will also have the lowest port ID? port
numbers are considered only when port priorities are equal.
A designated port is the port on a segment that has the best path to the root bridge.
Onedesignated port is selected for each segment. If multiple ports on a segment have the same
root port cost, the port on the switch with the lowest BID becomes the designated port. Switches
can have one or more designated ports, and some switches might not have any designated ports.
All the ports on a root bridge are designated ports. Designated ports are normally in the forwarding
state.
The blocking port role in Spanning Tree Protocol (STP) is split into two RSTP port roles: the
Cisco 400-101 Exam
alternate port role and the backup port role. An alternate port receives more useful BPDUs from a
designated port located on another switch, and a backup port receives more useful
BPDUs from a designated port on the switch itself. For a port to receive more useful BPDUsfrom
the same switch, it must be connected to the same collision domain as another port on the same
switch or it must be connected to itself by a loopback device, such as a loopback adapter. An
alternate port guarantees a path to the root bridge should the current root port become
unavailable; however, a backup port only guarantees redundant access to a particular network
segment and not necessarily an alternate path to the root bridge. Alternate ports and backup ports
are always in the blocking state.
The following graphic displays the correlation among the various RSTP port roles:
Reference:
QUESTION NO: 263
You are configuring EEM on a router. You have issued the event ioswdsysmon sub1 cpu-proc
taskname Task1 op ge val 90 period 20 command to trigger an action when the processor usage
exceeds 90 percent over a 20second period. You want to configure the router to change the IP
address of the s0/0 interface when this event is triggered.
A.
Cisco 400-101 Exam
action cli
B.
action force-switchover
C.
action info
D.
action ipaddress
E.
action publish-event
F.
action reload
G.
action snmp-trap
Answer: A
Explanation:
You should issue the action cli command to configure the router to change the IP address of the
s0/0 interface when the Embedded Event Manager (EEM) event is triggered. EEM enables event
detectors to monitor events and perform actions if those events are triggered. The event
ioswdsysmon command configures the Watchdog System Monitor (IOSWDSysMon) to monitor
memory and processor usage.
The syntax of the action cli command is action labelcli command commandstring. The label
variable, which is used with all the action commands, is an alphanumeric value that determines
the order in which the actions are processed when the event is triggered. The commandstring
variable is the IOS command that should be issued; if the command contains spaces, the
command must be enclosed in double quotation marks (").
You should not issue the action force-switchover command to change the IP address of the s0/0
interface when the EEM event is triggered. The action force-switchovercommand configures the
router to switch to a secondary processor when the event is triggered.
You should not issue the action info command to change the IP address of the s0/0 interface when
the EEM event is triggered. The action info command enables the router to retrieve command
history and logging information.
You should not issue the action publish-event command to change the IP address of the s0/0
interface when the EEM event is triggered. The action publish-event command configures the
router to publish an application-specific event when the EEM event is triggered. EEM must publish
events to subsystem number 798.
You should not issue the action reload command to change the IP address of the s0/0 interface

Cisco 400-101 Exam
when the EEM event is triggered. The action reload command reloads the Cisco IO software when
the EEM event is triggered.
You should not issue the action snmp-trap command to change the IP address of the s0/0
interface when the EEM event is triggered. The action snmp-trap command generates a Simple
Network Management Protocol (SNMP) trap when the EEM event is triggered.
You should not issue the action ip-address command to change the IP address of the s0/0
interface when the EEM event is triggered, because the ip-address keyword is not supported with
the action command. The following keywords can be used with the action command:
-cli
-cns-event
-counter
-force-switchover
-info
-mail
-policy
-publish-event
-reload
-snmp-trap
-syslog
Reference:
a1.html#wp3174969440
QUESTION NO: 264
Which of the following commands would you issue to create a unique identifier for a DHCP client
that uses Ethernet and that has a MAC address of aaaa.bbbb.cccc? (Select the best answer.)
A.
client-identifier aaaa.bbbb.cccc
B.
Cisco 400-101 Exam
client-identifier 01aa.aabb.bbcc.cc
C.
client-identifier aaaa.bbbb.cccc.01
D.
hardware-address aaaa.bbbb.cccc
E.
hardware-address 01aa.aabb.bbcc.cc
F.
hardware-address aaaa.bbbb.cccc.01
Answer: B
Explanation:
You would issue the clientidentifier 01aa.aabb.bbcc.cc command to create a unique identifier for a
Dynamic Host Configuration Protocol (DHCP) client that uses Ethernet and that has a Media
Access Control (MAC) address of aaaa.bbbb.cccc. You can specify the client identifier as a
sevenbyte hexadecimal notation or as a 27byte dotted hexadecimal notation. To use the
sevenbyte version, add the twocharacter media type to the beginning of the MAC address; for
Ethernet, the media type is 01. The 27byte version takes an ASCII string that contains the vendor,
the MAC address, and the source interface and converts it into dotted hexadecimal.
You would not issue the hardwareaddress command to create a unique identifier for a
DHCP client. The hardwareaddress command is used to specify the hardware address ofa
Bootstrap Protocol (BOOTP) client.
Reference:
c1.html#wp2742622403
QUESTION NO: 265

Cisco 400-101 Exam
You administer the MPLS network displayed above. Routing information regarding the networks
connected to C1 and C2 is passed along the MPLS core.
C3 forwards a packet that is destined for 172.16.1.8 to P4.
Which router will perform PHP? (Select the best answer.)
A.
P1
B.
P2
C.
P3
D.
P4
Answer: B
Explanation:
P2 will perform penultimate hop popping (PHP). PHP is used for directly connected and
summarized routes to optimize Multiprotocol Label Switching (MPLS) networks. When PHP is
used, the nexttolast router will remove, or pop off, the MPLS label so that the nexthop egress
router does not have to perform two table lookups. The removed label is actually an implicitnull
label. When the egress router sees the implicitnull label, it will forward the packet based on
information in the Forwarding Information Base (FIB).
P1 receives routes to 172.16.1.0/24 and 172.16.2.0/24. P1 tells P2 that P2 should remove the
label on packets destined for these two networks. P2 will generate a label for the route and
advertise it to P3. Similarly, P3 will generate a label for the route and advertise it to P4.
P4 will not perform PHP. When P4 receives a packet destined for 172.16.1.8, it determines that
the packet is destined for the 172.16.0.0/16 network. P4 consults the FIB, labels the packet with
the label advertised by P3, and forwards the packet to P3.
P3 will not perform PHP. When P3 receives the packet, it consults the Label Forwarding
Information Base (LFIB), swaps the label with the label advertised by P2, and forwards the packet
to P2. When P2 receives the packet, it will consult the LFIB, pop the label, and forward the packet
to P1. P1 receives the packet and forwards the IP packet to C1.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t2/ftldp41.html#wp1656659

Cisco 400-101 Exam
Select the 802.1D STP states from the left, and drag them to corresponding definitions on the
right.
Answer:
Explanation:
A switch port that is in the Spanning Tree Protocol (STP) listening state can send and receive
bridge protocol data units (BPDUs), but the port will not update its Media Access Control (MAC)
address table.
There are five possible port states when 802.1D Spanning Tree Protocol (STP) is used: blocking,
listening, learning, forwarding, and disabled. After a port is initialized, it enters the blocking state.
From the blocking state, the port transitions to either the listening state or the disabled state. From

Cisco 400-101 Exam
the listening state, the port transitions to either the learning state or the disabled state. From the
learning state, the port transitions to either the forwarding state or the disabled state.
A port will enter the listening state from the blocking state if STP determines that the port can enter
the forwarding state. When a port is in the listening state, the port discards any data frames that it
receives; however, it receives and forwards BPDUs. Additionally, the port is able to receive and
respond to network management messages. The port does not learn any MAC addresses and
does not populate its MAC address table. The root bridge, root port, and designated ports are
elected during the listening state.
When a port is in the learning state, it does not forward data frames but does populate the MAC
address table based on the frames that it receives. The port responds to network management
messages, receives and directs BPDUs to the system module, and processes BPDUs received
from the system module.
Similar to a port in the learning state, a port in the forwarding state can populate the MAC address
table based on the frames that it receives. However, unlike a port in the learning state, a port in
the forwarding state can forward data frames as well as receive and process data frames, BPDUs,
and network management messages.
A port in the blocking state is similar to a port in the listening state in that the port cannot forward
data frames or populate the MAC address table. Additionally, a port in the blocking state can
receive BPDUs as well as receive and respond to network management messages.
A port in the disabled state does not process or forward data frames, nor does it forward BPDUs
or update the MAC address table. A port in the disabled state does not participate in STP.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/cisco_ie2000/software/release/15-
0_1_ey/configuration/guide/scg-ie2000/swstp.html#pgfId-1020084
Select the CHAP packet types from the left, and drag them to the corresponding packet formats on
the right.

Cisco 400-101 Exam
Answer:
Explanation:
A Challenge Handshake Authentication Protocol (CHAP) packet consists of the following fields:
-A one-octet Code field
-A one octet Identifier field, which helps to match challenges to responses
-A two-octet Length field, which indicates the length of the packet
-One or more fields that are determined by the Code field
A Challenge packet has a Code field that is set to a value of 1. It also has the following additional
fields:
-A one octet Value-Size field, which indicates the length of the Value field
-A variable-length Challenge Value field, which contains a variable, unique stream of octets
-A variable-length Name field, which identifies the name of the transmitting device
A Response packet has a Code field that is set to a value of 2. It also has the following additional
fields:
A one-octet Value-Size field, which indicates the length of the Response Value field
-A variable-length Response Value field, which contains a concatenated one-way hash of the ID,
the secret key, and the Challenge Value
-A variable-length Name field, which identifies the name of the transmitting device

Cisco 400-101 Exam
A Success packet has a Code field that is set to a value of 3, and a Failure packet has a
Code field that is set to a value of 4. In addition to the standard fields, the Success packet and the
Failure packet have a variable-length Message field, which displays a success or failure message,
typically in human-readable ASCII characters.
Reference:
ppp-chap.html
QUESTION NO: 268
ARouterA(config) #interface fa0/1
RouterA(config-if) #ip address 10.1.1.1 255.255.255.0
RouterA(config-if) #ip address 10.1.1.2 255.255.255.0
RouterA(config-if) #ip address 10.1.1.3 255.255.255.0 secondary
RouterA(config-if) #ip address 10.1.1.4 255.255.255.0 secondary.
A.
Two IP addresses are active on the interface: 10.1.1.1 and 10.1.1.3.
B.
C.
D.
E.
Three IP addresses are active on the interface: 10.1.1.1, 10.1.1.3, and 10.1.1.4.
F.
Three IP addresses are active on the interface: 10.1.1.2, 10.1.1.3, and 10.1.1.4.
Cisco 400-101 Exam
G.
All four IP addresses are active on the interface.
Answer: F
Explanation:
Three IP addresses are active on the interface: 10.1.1.2, 10.1.1.3, and 10.1.1.4. An interface can
be configured with one primary IP address and any number of secondary IP addresses. Primary IP
addresses are configured by issuing the ip address address mask command. If a primary IP
address is configured on an interface, it replaces any previously configured primary IP address.
A secondary IP address is configured by issuing the ip address address mask secondary

command. Unlike primary IP addresses, secondary IP addresses do not replace previously
configured secondary IP addresses. Although secondary IP addresses work like primary IP
addresses, a Cisco device will not use a secondary IP address to generate datagrams other than
routing updates.
Reference:
c1.html#wp1930336422
QUESTION NO: 269
You issue the following commands from OSPF router configuration mode on RouterA:
timers throttle lsa all 500 10000 40000
timers lsa arrival 2000
Fo how long will RouterA ignore identical LSAs that are received from a neighborrouter? (Select
the best answer.)
A.
One-half second
B.
two seconds
C.
10 seconds
D.

Cisco 400-101 Exam
40 seconds
Answer: B
Explanation:
RouterA will ignore identical linkstate advertisements (LSAs) that are received from a neighbor
router for two seconds. Identical Open Shortest Path First (OSPF) LSAs are LSAs with the same
LSA ID number, LSA type, and advertising router ID. To configure the interval at which a router will
ignore identical LSAs, you should issue the timers lsa arrival milliseconds command? by default,
this interval is set to a value of 1000 milliseconds, or one second.
The timers throttle lsa all command configures the rate at which LSAs are generated by a router,
not received from a neighbor router. The syntax of the timers throttle lsa all command is timers
throttle lsa all start interval hold interval max interval.
The startinterval timer is a value expressed in milliseconds that indicates how long the router will
wait before generating an LSA. An LSA is generated immediately upon a local topology change,
and the second LSA is generated sometime after the startinterval timer expires. In this scenario,
the startinterval timer is set to a value of 500 milliseconds, or onehalf second. By default, the
startinterval timer is set to a value of 0.
The holdinterval timer is a value expressed in milliseconds that indicates how long the router will
wait before generating an LSA. In this scenario, the holdinterval timer is set to a value of 10000
milliseconds, or 10 seconds. By default, the holdinterval timer is set to a value of 5000
milliseconds, or five seconds.
The maxinterval timer is a value expressed in milliseconds that indicates how long the router will
wait before generating an identical LSA, not receiving an identical LSA. In this scenario, the
maxinterval timer is set to a value of 40000 milliseconds, or 40 seconds. By default, the
maxinterval timer is set to a value of 5000 milliseconds, or five seconds.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fsolsath.html
s1.html#wp3611083381
s1.html#wp3761694958
QUESTION NO: 270
Which of the following statements is correct regarding an MPLS VPN super backbone that
connects a customer's OSPF network? (Select the best answer.)
Cisco 400-101 Exam
A.
The Area 0 backbone cannot be used on a customer's OSPF network because the backbone area
is replaced by the MPLS VPN super backbone.
B.
Only one Area 0 backbone can be used on a customer's OSPF network and must be connected to
the MPLS VPN super backbone.
C.
Only one Area 0 backbone can be used on a customer's OSPF network and must not be
connected to the MPLS VPN super backbone.
D.
Multiple Area 0 backbones can be used on a customer's OSPF network, but all must be connected
to the MPLS VPN super backbone.
E.
Multiple Area 0 backbones can be used on a customer's OSPF network and do not need to be
connected to the MPLS VPN super backbone.
Answer: D
Explanation:
Multiple Area 0 backbones can be used on a customer's Open Shortest Path First (OSPF)
network, but all must be connected to the Multiprotocol Label Switching (MPLS) virtual private
network (VPN) super backbone. An MPLS VPN super backbone connects multiple sites over a
service provider network, becoming either an extension of or a replacement for a customer's
OSPF backbone.
The following graphic shows an MPLS VPN super backbone connecting two customer sites:

Cisco 400-101 Exam
In this topology, the MPLS VPN super backbone has replaced the customer's OSPF backbone.
The provider edge (PE) routers are area border routers (ABRs) and autonomous system boundary
routers (ASBRs), and the customer edge (CE) routers are normal intra area routers.
Although an MPLS VPN super backbone can replace a customer's OSPF backbone, it does not
have to do so. Instead, the super backbone can become an extension of a customer's OSPF
backbone. However, each of the customer's backbone areas must connect to the super backbone,
as shown in the following graphic:

Cisco 400-101 Exam
In this topology, the customer has multiple Area 0 backbone areas connected to the super
backbone. The PE routers are ABRs and ASBRs, and the CE routers are ABRs.
Reference:
https://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/multiprotocol-label-
switching-over-atm-mpls-over-atm/10472-mpls-ospf.html#backinfo
Select features from the left that are recommended by Cisco for implementing a scalable DMVPN,
and place them on the corresponding boxes on the right. Multiple correct answers are possible.

Cisco 400-101 Exam
Answer:
Explanation:
Dynamic Multipoint virtual private network (DMVPN) enables an administrator to easily configure
scalable IP Security (IPSec) virtual private networks (VPNs) using a hub-and-spoke design. The
hub router or routers are typically assigned a static IP address? the spoke routers can be
dynamically addressed.

Cisco 400-101 Exam
DMVPN requires Generic Routing Encapsulation (GRE), Next Hop Resolution Protocol(NHRP),
and a dynamic routing protocol. NHRP is used to create a database of tunnel address to real
address mappings. Although several routing protocols can be used to create a DMVPN, Cisco
recommends that Enhanced Interior Gateway Routing Protocol (EIGRP) be used to enhance
scalability.
A multipoint GRE (mGRE) tunnel is used to carry multiple IPSec or GRE tunnels. Although you
can use either tunnel mode or transport mode, Cisco recommends that transport mode be used. In
addition, strong encryption should be used, such as Triple Data Encryption Standard (3DES) or
Advanced Encryption Standard (AES). Data Encryption Standard (DES) is not as strong as 3DES
or AES.
You should enable Dead Peer Detection (DPD) to provide failure detection. By default, DPD
messages are sent only if there is a 10second lull in traffic from a tunnel peer and only if there is
outbound traffic destined for that tunnel peer. For example, if 10 seconds pass and RouterA has
not received traffic from RouterB, RouterA prepares a DPD message for transmission. However,
the DPD message is not sent to RouterB until RouterA has traffic to send to RouterB.
Reference:
https://sso.cisco.com/autho/forms/CDClogin.html
QUESTION NO: 272
Which of the following events will trigger a log entry to be created with a severity level of 5 if syslog
has been enabled on a router? (Select the best answer.)
A.
the Cisco IOS software failing to load
B.
a packet being denied by an ACL
C.
a router interface transitioning to the down state
D.
an invalid packet type being received on an interface
Answer: C
Explanation:
A router interface transitioning to the down state will generate a log entry with a severity level of 5
if syslog has been enabled on a router. Syslog is a management protocol that can be used to

Cisco 400-101 Exam
transmit logging information from a device to a syslog server. When syslog is enabled on a router,
logging messages are generated by the router and sent to the console or to a syslog server that is
used to view and process the syslog messages. Log files that are generated by routers are
categorized into one of the following severity levels:
Level 0 -Emergency
Level 1 -Alert
Level 2 -Critical
Level 3 -Errors
Level 4 -Warnings
Level 5 -Notifications
Level 6 -Informational
Level 7 –Debugging
A router interface transitioning to the down state would cause a log entry to be generated with a
severity level of 5. A severity level of 5 indicates that a normal but significant event has occurred.
System restart messages are also displayed at this level.
A log entry with a severity level of 6 indicates an informational message. An informational

message is generated when an event such as a packet being denied as a result of matching an
access control list (ACL) entry occurs. Reload request messages are also displayed at this level.
The Cisco IOS software failing to load would generate a log entry with a severity level of 0. A
severity level of 0 indicates that the system is unusable? an emergency condition has occurred
that has prevented the router from functioning.
If a router interface receives an invalid packet type, a log entry will be created with a severity level
of 7. A severity level of 7 indicates a debugging message.
Reference:
2_55_se/configuration/guide/scg3750/swlog.html#pgfId-1031557
QUESTION NO: 273
On which interface type is turbo flooding not supported? (Select the best answer.)
A.
Cisco 400-101 Exam
ARPAencapsulated Ethernet
B.
FDDI
C.
HDLCencapsulated Serial
D.
Token Ring
Answer: D
Explanation:
Turbo flooding is not supported on Token Ring interfaces. Turbo flooding is a Cisco feature that
speeds up flooding of User Datagram Protocol (UDP) datagrams using the spanningtree
algorithm. To enable turbo flooding, you should issue the following commands:
ip forward-protocol turbo-flood
ip forward-protocol spanning-tree
Turbo flooding is supported on the following interface types:
-Advanced Research Projects Agency (ARPA)encapsulated Ethernet
-Fiber Distributed Data Interface (FDDI)
-HighLevel Data Link Control (HDLC)encapsulated Serial
Reference:
i1.html#wp4079755394
QUESTION NO: 274
What is the default WTD maximum threshold for queue 1? (Select the best answer.)
A.
50 percent
B.
100 percent
Cisco 400-101 Exam
C.
200 percent
D.
400 percent
Answer: D
Explanation:
The default weighted taildrop (WTD) threshold for queue 1 is 400 percent. To configure the WTD
thresholds, you should issue the mls qos queues-et output threshold command. The syntax of the
mls qos queue-set output threshold command is mls qos queue-set output qset-idthreshold
[queue-id] drop-threshold1 drop-threshold2 reserved-threshold maximum-threshold.
When Quality of Service (QoS) is enabled, WTD is enabled and uses the default threshold values.
The following table displays the default threshold values for WTD:
The two drop thresholds are expressed as a percentage of the allocated memory of the queue.
The reserved threshold is the percentage of allocated memory that is guaranteed for the queue.
The maximum threshold is the maximum queue memory before packets are dropped.
Reference:
0_2_EX/qos/command_reference/b_qos_152ex_2960-x_cr/b_qos_152ex_2960-
x_cr_chapter_011.html#wp5865016930
QUESTION NO: 275
Which of the following features does IGMPv3 support that IGMPv2 does not? (Select the best
answer.)
A.
querier elections
B.
leave group messages
C.
Cisco 400-101 Exam
groupspecific queries
D.
host membership report suppression
E.
multicast source filtering
Answer: E
Explanation:
Internet Group Management Protocol version 3 (IGMPv3) supports multicast sourcefiltering.

Multicast source filtering allows a host to specify the source addresses from which it will receive
multicast traffic; it also allows a host to specify the source addresses from which it will not receive
multicast traffic. IGMP version 1 (IGMPv1) and IGMPv2 do not provide support for multicast
source filtering.
Although IGMPv3 supports querier elections, this feature was introduced in IGMPv2. Therouter
with the lowest IP address on the subnet is elected as the querier. The querier is responsible for
periodically sending out membership query messages to determine whether any hosts want to
receive multicast packets for the multicast group. If at least one host responds with a membership
report message, the querier will continue to send those multicast packets on that network
segment. By default, membership query messages are sent every 60 seconds.
Although IGMPv3 supports leave group messages, this feature was introduced in IGMPv2.
In IGMPv1, a host leaves a multicast group silently. In IGMPv2, a host sends an IGMP
leavemessage when it wants to leave a multicast group. IGMP routers maintain the IP address of
the last reporter, which is the last host that sent a membership report message for that multicast
group. If the last reporter sends a leave message, the IGMP router will wait an amount of time
configured in the last member query response interval before sending a response and deleting the
group. By default, the last member query response interval is one second.
Although IGMPv3 supports groupspecific queries, this feature was introduced in IGMPv2.
IGMPv1 queries are general queries sent to the 224.0.0.1 allhosts multicast address.
IGMPv2 queries are either general queries, which are sent to 224.0.0.1, or groupspecificqueries,
which are sent only to members of a particular multicast group. When IGMPv2 is used, the Max
Response Time field in membership query messages contains a nonzero value. In IGMPv1
messages, the field is set to a value of 0, which is interpreted to mean 100 deciseconds, or 10
seconds. The IGMPv2 membership query message is the only message that contains a nonzero
value in the Max Response Time field; all other message types set the field to a value of 0.
IGMPv3 membership query messages, on the other hand, use a Max Resp Code field from which
the Max Response Time value is derived.
IGMPv3 does not support host membership report suppression? in fact, IGMPv3 removedsupport
for host membership report suppression. This feature, which is supported in

Cisco 400-101 Exam
IGMPv1 and IGMPv2, prevents the sending of a membership report if a similar report isdetected
from another host on the network. IGMPv3 removes this restriction.
Reference:
001
QUESTION NO: 276
Which of the following statements is correct regarding ISAKMP preshared keys that are stored in
secure type 6 format? (Select the best answer.)
A.
The master key is stored in the router configuration and is encrypted with AES.
B.
The master key can be changed after it has been created.
C.
Deletion of the master key will unencrypt all of the encrypted passwords.
D.
Keys are encrypted as soon as you issue the key configkey password encryption masterkey
command.
Answer: B
Explanation:
The master key can be changed after it has been created. Internet Security Association and Key
Management Protocol (ISAKMP) preshared key encryption can be used to encrypt and store keys
in secure type 6 format. To enable ISAKMP preshared key encryption, issue the following
commands:
key config-key password-encryption master-key
password encryption aes
The master key encrypts all of the other keys that are stored in the router configuration by using
Advanced Encryption Standard (AES). Passwords are not encrypted until the password encryption

Cisco 400-101 Exam
aes command has been issued. The master key is not stored anywhere in the router configuration,
nor can the master key be displayed.
To change the master key, issue the key configkey passwordencryption command. You will be
prompted once for the old master key and twice for the new master key. If you successfully
authenticate the old key, the existing encrypted preshared keys will be encrypted with the new
master key.
You can delete the master key by issuing the no key configkey passwordencryptioncommand.
However, the existing encrypted preshared keys will not be unencrypted, and they cannot be used
by the router. Issuing the no password encryption aes command will also not unencrypt the
existing preshared keys; once they are encrypted with secure type 6 encryption, they cannot be
unencrypted.
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/46420-
pre-sh-keys-ios-rtr-cfg.html
QUESTION NO: 277
IP routing is not enabled on a Cisco router that you administer. You want to create a gateway of
last resort on the router.
Which of the following commands should you issue to accomplish your goal? (Select the best
answer.)
A.
ip route 0.0.0.0 0.0.0.0 s0/0
B.
ip defaultnetwork 10.10.100.0
C.
ip route 0.0.0.0 0.0.0.0 10.10.100.1
D.
ip defaultgateway 10.10.100.1
Answer: D
Explanation:
You should issue the ip defaultgateway 10.10.100.1 command to create a gateway of last resort
on the router in this scenario. The gateway of last resort is used when no route can be identified

Cisco 400-101 Exam
for routing packets. If a route cannot be determined and the gateway of last resort has been
defined, packets are routed to the gateway's address. The ip defaultgateway command should be
used to configure a gateway of last resort when IP routing is disabled on a Cisco router or switch.
You should not issue the ip defaultnetwork 10.10.100.0 command to create a gateway of last
resort on the router in this scenario, because the ip defaultnetworkcommand can be used only on
devices that have IP routing enabled. Because IP routing is disabled on the router in this scenario,
you cannot use the ip defaultnetwork command to create a gateway of last resort on the router.
The ip defaultnetwork command is issued to flag routes in the routing table as candidates for the
default route. If the ip defaultnetwork command is issued with a network address that matches an
entry appearing in the routing table, that route becomes the default route. If there is no matching
entry in the routing table, the route will not become a default route. You can issue multiple ip
default network commands on a router; the router will use administrative distances (ADs) and
metrics to determine the best default route.
You should not issue the ip route command to create a gateway of last resort on the router in this
scenario, because the ip route command can be used only on devices that have IP routing
enabled. Because IP routing is disabled on the router in this scenario, you cannot use the ip route
command to create a gateway of last resort on the router. You can create a static gateway of last
resort on a router by issuing the ip route command with a static route followed by an IP address.
For example, you could issue the ip route 0.0.0.0 0.0.0.0 10.10.100.1 command to create a static
gateway of last resort to the nexthop router at 10.10.100.1. Alternatively, you could specify a
physical interface on the router as the gateway. For example, you could issue the ip route 0.0.0.0
0.0.0.0 s0/0 command to specify the Serial 0/0 interface on the local router as the gateway of last
resort? packets with destinations not found in the routing table will be forwarded to the Serial 0/0
interface.
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/16448-default.html
QUESTION NO: 278
Which of the following best describes how to create a MAC address that is mapped from a
multicast IPv6 address? (Select the best answer.)
A.
Prepend FF to the last five octets of the IPv6 address.
B.
Prepend 3333 to the last four octets of the IPv6 address.
C.
Prepend FFFF to the last four octets of the IPv6 address.

Cisco 400-101 Exam
D.
Prepend 0100.0CCC to the last two octets of the IPv6 address.
E.
Prepend 0180.C200 to the last two octets of the IPv6 address.
Answer: B
Explanation:
To create a Media Access Control (MAC) address that is mapped from a multicast IPv6 address,
prepend 3333 to the last four octets of the IPv6 address. This procedure is described in Internet
Engineering Task Force (IETF) Request for Comments (RFC) 2464.
The IPv6 prefix FF00::/8 is generally used for multicast addresses. IPv6 addresses in the
FF00::/8 range begin with the characters FF00 through FFFF. However, you would not prepend
FF to the last five octets of the IPv6 address, nor would you prepend FFFF to the last four octets
of the IPv6 address in order to create a MAC address that is mapped from a multicast IPv6
address.
You would not prepend 0100.0CCC to the last two octets of the IPv6 address. Multicast MAC
address 0100.0CCC.CCCC is used by Cisco Discovery Protocol (CDP), Dynamic Trunking
Protocol (DTP), Port Aggregation Protocol (PAgP), UniDirectional Link Detection (UDLD), and
VLAN Trunking Protocol (VTP).
CDP is a Layer 2 Ciscoproprietary protocol that is used to advertise and discover only directly
connected Cisco devices on a local network. DTP is a pointtopoint protocol that is used to
negotiate trunking. PAgP is an EtherChannel aggregation protocol. UDLD monitors a link to verify
that both ends of thelink are functioning. VTP is used to centrally manage virtual LAN (VLAN)
changes and to propagate those changes over trunk ports. Multicast MAC address
0100.0CCC.CCCD is used by 802.1D Spanning Tree Protocol (STP) to send nonnative VLAN
bridge protocol data units (BPDUs).
You would not prepend 0180.C200 to the last two octets of the IPv6 address. Multicast MAC
address 0180.C200.0000 is used by 802.1D STP to send native VLAN BPDUs. Multicast MAC
address 0180.C200.0003 is used by 802.1X. Multicast MAC address 0180.C200.000E is used by
Link Layer Discovery Protocol (LLDP).
Reference:
QUESTION NO: 279
Which of the following best defines an RD? (Select the best answer.)
Cisco 400-101 Exam
A.
a value that indicates membership in an RFC 4364 VPN
B.
a path that labeled packets take through an MPLS network
C.
a value that enables RFC 4364 VPN customers to use overlapping IP address ranges
D.
a routing table instance for a VPN
Answer: C
Explanation:
A route distinguisher (RD) is a value that enables Multiprotocol Label Switching (MPLS)virtual
private network (VPN) customers to use overlapping IP address ranges; MPLS VPNs are
described in Request for Comments (RFC) 4364. An ingress label switch router (LSR) creates a
globally unique VPN version 4 (VPNv4) address by adding the RD to the beginning of an IP
address. The LSR then assigns a label to the VPNv4 address prefix and stores the
inboundtooutbound label mapping in the Label Forwarding Information Base (LFIB). Authentication
to the MPLS VPN is provided based on logical port and RD information. To create an RD, you
should issue the rd value command, where the valueparameter uses one of the following formats:
RD is configured similarly to a Type 1 RD but only applies to multicast VPN configurations.
A route target (RT) is a value that is appended to a VPNv4 Border Gateway Protocol (BGP)route
to indicate membership in an RFC 4364 MPLS VPN. Export RTs associate each route with one or
more VPNs, and import RTs are associated with each VPN routing and forwarding (VRF) table to
determine the routes that should be imported into the VRF? a VRF is a routing table instance for a
VPN. By configuring import and export RTs, you can configure which sites can reach each other.
For example, you can configure RTs so that CustomerA and CustomerB can communicate with
ProviderZ, but CustomerA and CustomerB cannot communicate with one another. To configure
RTs, you should issue theroutetarget {import | export | both} value command, where the value
parameter uses the same formats as the value parameter in the rd command.
A label switched path (LSP) is a path that labeled packets take through an MPLS network from
one LSR to another. The 32bit MPLS label is used by LSRs to make forwarding decisions along

Cisco 400-101 Exam
the LSP. The MPLS label is placed between the Layer 2 header and the Layer 3 header. The
structure of an MPLS label is shown below:
Reference:
CCIE Routing and Switching v5.0 Certification Guide, Volume 2, Chapter 11, MPBGP andRoute
Distinguishers, pp. 541-543
QUESTION NO: 280
Which of the following statements is correct about external routes received by an NSSA? (Select
the best answer.)
A.
External routes from an ASBR are converted to Type 3 LSAs and tunneled through the NSSA to
theABR, where they are converted to Type 5 LSAs.
B.
C.
theABR, where they are advertised as Type 5 LSAs.
D.
E.
F.
theABR, where they are advertised as Type 7 LSAs.
Answer: E

Cisco 400-101 Exam
Explanation:
External routes from an autonomous system boundary router (ASBR) are converted to Type7
linkstate advertisements (LSAs) and tunneled through the notsostubby area (NSSA) to the area
border router (ABR), where they are converted to Type 5 LSAs. An NSSA is basically a stub area
that contains one or more ASBRs. Type 7 LSAs are used to advertise external routes that are
injected into an Open Shortest Path First (OSPF) NSSA.
External routes from an ASBR into an NSSA are not converted to Type 5 LSAs and
tunneledthrough the NSSA to the ABR. Type 5 LSAs are used to advertise external routes that are
injected into an OSPF backbone or standard area. When an ASBR in a backbone area or a
standard area receives an external route, the ASBR creates a Type 5 LSA to advertise the
external route. Like stub areas, NSSAs do not accept or create Type 5 LSAs.
External routes from an ASBR into an NSSA are not converted to Type 3 LSAs and
tunneledthrough the NSSA to the ABR. Type 3 LSAs are used to advertise the area's subnets to
another area. NSSAs accept Type 3 LSAs. However, Type 3 LSAs are not created by ASBRs;
they are created by ABRs. Totally stubby areas and totally NSSAs do not accept Type 3, 4, or 5
summary LSAs. These LSAs are replaced by a default route at the ABR. As a result, routing tables
are kept small within the totally stubby area.
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13703-
8.html#definensstub
QUESTION NO: 281
Which of the following are true of both traffic policing and traffic shaping? (Select 2 choices.)
A.
Both buffer excess traffic.
B.
Both remark excess traffic.
C.
Both limit bandwidth utilization.
D.
Both use a token bucket.
E.
Both smooth traffic.

Cisco 400-101 Exam
Answer: C,D
Explanation:
Traffic policing and traffic shaping both limit bandwidth utilization, and both use a token bucket.
traffic that exceeds the Service Level Agreement (SLA). Traffic shaping is used to slow down
traffic due to congestion, to enforce bandwidth rates, and to send traffic classes at different rates.
To control the rate at which an interface sends packets, traffic policing and traffic shaping use a
token bucket. Tokens are put into the token bucket at a specified rate, and tokens are removed
from the bucket as bits are sent through the interface. If there are not enough tokens to send a
packet, traffic policing drops or remarks the packet. As a result, traffic policing can cause traffic to
be bursty. By contrast, traffic shaping queues packets when there are not enough tokens to send
them. This generates a "leaky bucket" effect, which smooths traffic into a constant flow rather than
a variable, bursty flow. The shaping parameters can also be configured so that packets can be
sent in excess of the committed information rate (CIR) for a short period of time.
Traffic shaping does not remark excess traffic. Instead, traffic shaping buffers excess traffic and
outofprofile packets in memory until the queue is full and drops traffic only if the queue is full. By
contrast, traffic policing drops or remarks excess traffic and out-of-profile packets.
Reference:
policevsshape.html
QUESTION NO: 282

Cisco 400-101 Exam
You administer the switched network shown above. All switches are configured to use STP.
Which of the following could cause a switching loop? (Select the best answer.)
A.
configuring Fa0/1 on SwitchA and SwitchD for halfduplex mode
B.
configuring Fa0/1 on SwitchA and SwitchD for fullduplex mode
C.
configuring Fa0/1 on SwitchA and SwitchD to autonegotiate duplex settings
D.
configuring Fa0/1 on SwitchA for halfduplex mode and configuring Fa0/1 on SwitchD to
autonegotiateduplex settings
E.
configuring Fa0/1 on SwitchA for fullduplex mode and configuring Fa0/1 on SwitchD to
autonegotiate duplex settings
Answer: E
Explanation:
Configuring Fa0/1 on SwitchA for fullduplex mode and configuring Fa0/1 on SwitchD
toautonegotiate duplex settings could cause a switching loop. A switch port that has been
manually configured to use fullduplex or halfduplex mode does not respond to a port that is
attempting to autonegotiate duplex settings. When the autonegotiating port receives no reply, it will
use the default duplex settings. A port configured to transmit at 100 Mbps defaults to halfduplex
mode, and a port configured to transmit at 1000 Mbps defaults to fullduplex mode. Therefore,
Fa0/1 on SwitchD will use halfduplex mode, causing a duplex mismatch with Fa0/1 on SwitchA.
Duplex mismatches can cause collisions, alignment errors, and intermittent connectivity. You can
detect a duplex mismatch by monitoring a switch for %CDP4DUPLEXMISMATCHerror messages.
Additionally, you can issue the show interfacesinterface command, which displays interface
counter information. If you see an abnormal increase in frame check sequence (FCS) errors and
alignment errors on a halfduplex port, you should suspect a duplex mismatch. An abnormal
increase in FCS errors and runts on a fullduplex port is also an indicator of a duplex mismatch.
When SwitchD is in halfduplex mode, it performs carrier sense to determine whether the link is
clear before sending packets. However, SwitchA does not perform carrier sense, because it is
configured for fullduplex mode; this is what causes intermittent connectivity problems with a duplex
mismatch. When SwitchA sends a high volume of traffic to SwitchD, the Spanning Tree Protocol
(STP) bridge protocol data units (BPDUs) from SwitchD could be lost due to collisions. If SwitchA
does not receive those BPDUs from SwitchD, SwitchA will assume that there is a loss of
connectivity to SwitchD, unblock port Fa0/2, and forward all packets to SwitchB, which could
cause a switching loop.
Cisco 400-101 Exam
Manually configuring Fa0/1 on SwitchA and SwitchD to use the same duplex mode would not
cause a switching loop. Configuring both switch ports for fullduplex mode would enable both ports
to send and receive data simultaneously. Configuring both switch ports for halfduplex mode would
enable only one port to send data at a time? however, communication could still occur, albeit
slowly.
Configuring Fa0/1 on SwitchA for halfduplex mode and configuring Fa0/1 on SwitchD
toautonegotiate duplex settings would not cause a switching loop. Fa0/1 on SwitchD would not
receive a duplex autonegotiation response from SwitchA, so SwitchD would default to halfduplex
mode. Both switch ports would then be using the same duplex mode, thereby enabling
communication between the two ports.
Configuring Fa0/1 on SwitchA and SwitchD to autonegotiate duplex settings would notcause a
switching loop. If both sides of a link were configured to autonegotiate duplex settings, they would
negotiate fullduplex mode if both ports support fullduplex operation.
If either side of the link does not support fullduplex operation, the ports would negotiatehalfduplex
mode.
Reference:
16.html#duplex
QUESTION NO: 283
How long does it take for a PIM network to converge after the failure or addition of an Anycast
RP? (Select the best answer.)
A.
about a second
B.
between one and two minutes
C.
as quickly as unicast routing converges
D.
as soon as an administrator manually reconfigures the RPs
E.
as soon as a multicast source or multicast listener attempts to contact the RP

Cisco 400-101 Exam
Answer: C
Explanation:
A Protocol Independent Multicast (PIM) network will converge as quickly as unicast

routingconverges after the failure or addition of an Anycast rendezvous point (RP). Convergence
does not require a certain period of time, it does not require the presence or absence of multicast
sources or receivers, and it does not require that an administrator manually reconfigure the RP.
Anycast RP enables multiple RPs to provide redundancy and load-sharing capabilities.

Eachmulticast receiver will use the closest RP. Each of the Anycast RPs must be configured as
Multicast Source Discovery Protocol (MSDP) peers of one another because they use MSDP to
share information about multicast sources. All the Anycast RPs must have the same IP address on
a loopback interface. Downstream routers must be configured with the shared loopback address of
the Anycast RPs, either statically by using the ip pim rp-address command or dynamically by using
AutoRP or BootStrap Router (BSR).
Reference:
QUESTION NO: 284
Which of the following requires a physical RP? (Select the best answer.)
A.
PIM-DM
B.
PIM-SM
C.
PIM-SDM
D.
PIM-SSM
E.
Bidirectional PIM
Answer: B
Explanation:

Cisco 400-101 Exam
Protocol Independent Multicast sparse mode (PIMSM) requires a physical rendezvous point (RP).
An RP is a well-connected, centrally located router that is responsible for keeping track of
multicast group membership information. When a host wants to join a multicast group, it sends an
Internet Group Management Protocol (IGMP) membership report message to its local router. The
local router adds the interface to the multicast tree and forwards the message to the RP. This
process creates a branch of the multicast tree from the host to the RP. A branch is not pruned until
the group member leaves the group.
Bidirectional PIM (bidirPIM) can use a physical RP, but the RP does not have to be a physical
device. Instead, bidirPIM can use a phantom RP, which is an address that is used as the RP
address but is not assigned to a physical device. A physical RP is not required with bidir-PIM,
because bidirPIM designated forwarders (DFs) can forward traffic up the shared tree directly to
multicast receivers.
PIM dense mode (PIMDM) does not require an RP to keep track of multicast group membership
information. Instead, PIMDM routers assume that all interfaces contain group members, so they
periodically flood multicast traffic out all available interfaces, which causes a traffic spike. Each
router in the network determines whether any hosts are interested in receiving the multicast traffic.
If so, the router forwards the multicast traffic. If not, the router sends a prune message back to the
multicast source and that branch of the multicast tree is pruned for a short period of time.
PIM sparse-dense mode (PIMSDM) does not require an RP. PIMSDM uses a combination of
sparse mode and dense mode. The mode is determined on a per group basis. PIMSDM routers
use sparse mode if an RP exists for a multicast group and use dense mode if no RP exists for a
multicast group.
PIM Source-Specific Multicast (PIMSSM) does not require an RP. PIMSSM is best suited for
onetomany applications, which are also called broadcast applications. When PIMSSM is used, a
multicast host can specify the source addresses from which it will accept multicast traffic. Like
PIMDM, PIMSSM uses sourcebased distribution trees, which are built from the multicast source to
the multicast receivers.
Reference:
http://docwiki.cisco.com/wiki/Internet_Protocol_Multicast#PIM_Sparse_Mode
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fsbidir.html
QUESTION NO: 285
You have issued the following commands on Router1:
router eigrp 86
network 192.168.100.0

Cisco 400-101 Exam
eigrp stub
Which of the following commands or command sets must you issue to enable Router1 to advertise
connected and summary routes? (Select the best answer.)
A.
No commands are necessary; the eigrp stub command enables the stub router to advertise
connected and summary routes.
B.
eigrp stub connected summary
C.
eigrp stub connected
eigrp stub summary
D.
eigrp stub static connected summary
E.
redistribute connected
redistribute static
Answer: A
Explanation:
No commands are necessary; the eigrp stub command enables the stub router to advertise
connected and summary routes. The eigrp stub command configures a router as a stub router.
When the eigrp stub command is issued without parameters, summary routes and directly
connected routes are advertised by default. The following options can be issued with the eigrp
stub command:
-receive-only-configures the router to receive routes but not advertise routes
-connected -configures therouter to advertise directly connected networks
-redistributed -configures the router to advertise routes learned from another protocol
-static -configures the router to advertise static routes
-summary-configures the router to advertise summary routes
-leak-map map-name-configures the router to advertise specific dynamically learned prefixes
With the exception of the receive only option, all of the options can be included together in the
eigrp stub command. For example, to configure a stub router to advertise connected, static, and
Cisco 400-101 Exam
summary routes, you should issue the eigrp stub connected static summary command.
When you issued the eigrp stub command in the scenario, you enabled Router1 to advertise
connected and summary routes. Although issuing the eigrp stub connected summary command
would also enable Router1 to advertise connected and summary routes, you are not required to
advertise these routes.
Issuing the eigrp stub connected and eigrp stub summary commands in sequence would not
enable Router1 to advertise connected and summary routes? only the last command issued
defines the routes that are advertised by Router1. Thus, issuing these two commands in sequence
would configure Router1 to advertise only summary routes.
Issuing the eigrp stub static connected summary command would enable Router1 to advertise
connected, summary, and static routes. However, you are not required to advertise static routes,
and the eigrp stub command already configures Router1 to advertise connected and summary
routes.
The redistribute static command enables a router to redistribute static routes into
Enhanced Interior Gateway Routing Protocol (EIGRP) but does not configure the router to
advertise those static routes. Similarly, the redistribute connected command enables a router to
redistribute directly connected routes into EIGRP but does not configure the router to advertise
those connected routes.
Reference:
f6f.html
a1.html#wp1217649486
QUESTION NO: 286
Which of the following statements are true regarding the differences between TACACS+ and
RADIUS? (Select 2 choices.)
A.
TACACS+ encrypts the entire body of a packet, whereas RADIUS encrypts only the password.
B.
TACACS+ combines authorization and authentication functions, whereas RADIUS separates
authentication, authorization, and accounting functions.
C.
TACACS+ provides router command authorization capabilities, whereas RADIUS does not provide

Cisco 400-101 Exam
router command authorization capabilities.
D.
TACACS+ uses UDP, whereas RADIUS uses TCP.
E.
TACACS+ is an IETF standard protocol, whereas RADIUS was developed by Cisco.
Answer: A,C
Explanation:
Terminal Access Controller Access Control System Plus (TACACS+) encrypts the entire body of a
packet, whereas Remote Authentication Dial-In User Server (RADIUS) encrypts only the
password; also, TACACS+ provides router command authorization capabilities, whereas RADIUS
does not provide router command authorization capabilities. TACACS+ is a Cisco proprietary
protocol used during Authentication, Authorization, and Accounting (AAA) operations. TACACS+
provides more security and flexibility than RADIUS? because TACACS+ can be used to encrypt
the entire body of a packet, users who intercept the encrypted packet cannot view the user name
or contents of the packet. TACACS+ provides more flexibility by separating the authentication,
authorization, and accounting functions of AAA. This enables more granular control of access to
resources. TACACS+ gives administrators more control over access to configuration commands?
users can be permitted or denied access to specific configuration commands. Because of this
flexibility, TACACS+ is used with Cisco Secure Access Control Server (ACS), which is a software
tool that is used to manage user authorization for router access.
RADIUS, not TACACS+, is an Internet Engineering Task Force (IETF) standard protocol. Like
TACACS+, RADIUS is a protocol used with AAA operations. However, RADIUS is less secure and
less flexible than TACACS+. RADIUS encrypts only the password of a packet? the rest of the
packet would be viewable if the packet was intercepted by a malicious user. With RADIUS, the
authentication and authorization functions of AAA are combined into a single function, which limits
the flexibility that administrators have when configuring these functions. Furthermore, RADIUS
does not provide router command authorization capabilities.
TACACS+ uses Transmission Control Protocol (TCP) for transport. By contrast, RADIUS uses
User Datagram Protocol (UDP) for packet delivery.
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-
radius/13838-10.html#comparing
QUESTION NO: 287
Which of the following addresses are not used by EIGRPv6 to form neighbor relationships?

Cisco 400-101 Exam
A.
addresses in the same subnet
B.
addresses in different subnets
C.
link-local addresses
D.
global addresses
Answer: D
Explanation:
Global addresses are not used by Enhanced Interior Gateway Routing Protocol version
6(EIGRPv6) to form neighbor relationships. Only linklocal addresses are used by EIGRPv6 to form
neighbor relationships.
EIGRPv6 is also referred to as EIGRP for IPv6. To enable EIGRPv6 on a router, you shouldissue
the ipv6 router eigrp asnumber command in global configuration mode, where asnumber is the
autonomous system (AS) number, and then issue the no shutdown command in router
configuration mode to start the routing process. If no IPv4 or IPv6 addresses are configured on the
router, you must also issue the routerid id command in router configuration mode to manually
configure a router ID, where id is a 32bit value similar to an IPv4 address.
Fo a neighbor relationship to form between two routers running EIGRP for IPv4, theprimary IP
address of each router must be on the same subnet? EIGRP will not form a neighbor relationship
over a secondary IP address. However, EIGRPv6 does not require that neighbors be in the same
subnet to form a neighbor relationship. Linklocal addresses are significant only on the local link, so
EIGRPv6 routers must share a common medium. Therefore, it does not matter whether the
linklocal addresses are on the same subnet or not.
Reference:
https://learningnetwork.cisco.com/servlet/JiveServlet/downloadBody/8347-102-3-
41650/CCNP%2520Route.pdf
QUESTION NO: 288

Cisco 400-101 Exam
In which of the following situations does a router use AD values to determine route selection?
A.
when multiple routes to the same destination network are received, and all of these routes are
received from the same routing protocol
B.
when multiple routes to the same destination network are received, and each of these routes is
received from a different routing protocol
C.
when multiple routes to different destination networks are received, and all of these routes are
received from the same routing protocol
D.
when multiple routes to different destination networks are received, and each of these routes is
received from a different routing protocol
Answer: B
Explanation:
A router uses administrative distance (AD) values to determine route selection when multiple
routes to the same destination network are received, and each of these routes is received from a
different routing protocol. Lower ADs are preferred over higher ADs. The following list contains the
most commonly used ADs:
A router uses metrics to determine route selection when multiple routes to the same destination
network are received, and all of these routes are received from the same routing protocol. Each
routing protocol uses different metrics. For example, Routing Information Protocol (RIP) uses hop
Cisco 400-101 Exam
count as a metric, Open Shortest Path First (OSPF)uses cost as a metric, and Enhanced Interior
Gateway Routing Protocol (EIGRP) uses bandwidth and delay by default. When a routing protocol
contains multiple routes to the same destination network, a router prefers the route with the lowest
metric.
A router uses prefix lengths to determine route selection when multiple routes to different
destination networks are received, regardless of the routing protocol. When multiple routes to
overlapping networks exist, a router will prefer the most specific route, which is the route with the
longest prefix match. For example, if a router has a packet destined to 10.1.1.1, it will prefer a
route to 10.1.1.0/24 over a route to 10.1.1.0/16, and it will prefer a route to 10.1.1.0/30 over a
route to 10.1.1.0/24.
Reference:
eigrp/8651-21.html
QUESTION NO: 289
Which of the following EEM policy components is optional and contains code libraries? (Select the
best answer.)
A.
event register keyword
B.
namespace import
C.
body
D.
entry status
Answer: B
Explanation:
The namespace import component of the Embedded Event Manager (EEM) policy is optional and
contains code libraries. An EEM policy can be written as an applet in the commandline interface
(CLI) or in Tool Command Language (Tcl). EEM policies contain instructions on what action
should take place if a defined event occurs. An EEM policy can consist of the following six
components:

Cisco 400-101 Exam
-Event register keyword
-Environmental must defines
-Namespace import
-Entry status
-Body
-Exit status
The event register keyword and the body are both required components of an EEM policy? the
remaining four components are all optional. The event register keyword describes, registers, and
schedules the event that is to be detected by the policy. The body contains the instructions
regarding the actions to be carried out. The environmental must defines component determines
whether required environmental variables have been defined before recovery actions are taken.
The entry status determines whether another policy has been previously run for the defined event.
The exit status determines whether the default action will be performed.
Reference:
QUESTION NO: 290
Which of the following is most likely related to microbursts occurring on a network? (Select the
best answer.)
A.
The network administrator reduces the size of the buffer to prevent packet loss.
B.
More than one device is sending traffic to a single destination at the same time.
C.
A gradual increase in traffic has occurred over a long period of time.
D.
An interface has shut down.
Answer: B
Explanation:

Cisco 400-101 Exam
Of the available choices, more than one device sending traffic to a single destination at the same
time is most likely related to microbursts occurring on a network. A microburst is a significant
increase in traffic over a very short period of time that can result in packet loss.
If the buffer size is inadequate and the buffer limit is exceeded, packets are dropped. Reducing the
buffer size would increase, not decrease, the negative effects of a microburst? increasing the size
of the buffer is the most effective way of avoiding packet loss due to a microburst. However, even
if the network administrator reduces the size of the buffer, that action in itself will not cause a
microburst to occur. Although a shutdown interface might cause some packets to not reach their
destination, a shutdown interface would not cause microbursts to occur on a network.
Reference:
https://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/white-
paper-c11-733020.html#_Toc401129774
QUESTION NO: 291
Which of the following statements is true regarding LISP? (Select the best answer.)
A.
LISP requires preconfigured tunnel endpoints.
B.
LISP must be running on both ends of the tunnel.
C.
The MR stores the registered EID prefixes and a mapping database.
D.
RLOC addresses are the IP addresses and prefixes that identify different routers in the IP network.
E.
LISP is used as the control plane protocol for EIGRP OTP.
Answer: D
Explanation:
Route Locator (RLOC) addresses are the IP addresses and prefixes that identify different routers
in the IP network. Locator Identity Separation Protocol (LISP) splits the device identity and its
location into separate numbering spaces. The Endpoint Identifier (EID) contains the locally
relevant device identity and is used for endsite addressing. The RLOC contains the globally routed
location of the device and is used to forward traffic between different networks.

Cisco 400-101 Exam
The MapServer (MS), not the MapResolver (MR), stores the registered EID prefixes? the MS
contains the mapping database of EID to RLOC mappings. The MR receives map request queries
from LISP site Ingress Tunnel Routers (ITRs) when they attempt to populate the local mapcache
of resolved EIDtoRLOC mappings. An ITR receives packets from internal hosts and forwards them
to external sites. Egress Tunnel Routers (ETRs) receive packets from external sites and forward
them to internal hosts. If an edge device is both an ITR and an ETR, it is often called an xTR.
LISP tunnels are dynamically configured and do not require preconfigured endpoints. One
advantage of LISP is its ability to offer mobility and scalability to a network. Endpoints can be
relocated within a network and retain their configurations, including IP addressing, easing
management tasks related to mobile endpoint devices.
LISP does not have to be running on both ends of a tunnel. LISP is designed to communicate with
networks that are not using LISP.
LISP is not used as the control plane protocol for Enhanced Interior Gateway Routing Protocol
(EIGRP) Over the Top (OTP); however, LISP is used as the data plane protocol for
EIGRP OTP. EIGRP OTP is used to create a single contiguous EIGRP routing domain between
sites over a service provider network. All Customer Edge (CE) routers must be configured for
EIGRP OTP, and EIGRP neighbors must be manually configured with the neighbor command.
Reference:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DCI/5-
0/LISPmobility/DCI_LISP_Host_Mobility/LISPmobile_2.html#wp1277848
QUESTION NO: 292
You want to ensure that a route in a VRF named ce1 uses the default gateway address of
172.16.0.1, which is commonly accessible from all other addresses on the router but does not
exist in the ce1 table.
A.
ip route 0.0.0.0 0.0.0.0 172.16.0.1 global
B.
ip route 0.0.0.0 0.0.0.0 172.16.0.1 permanent
C.
ip route vrf 0.0.0.0 0.0.0.0 172.16.0.1 permanent
D.

Cisco 400-101 Exam
ip route vrf 0.0.0.0 0.0.0.0 172.16.0.1 global
E.
ip route vrf ce1 0.0.0.0 0.0.0.0 172.16.0.1 global
F.
ip route vrf ce1 0.0.0.0 0.0.0.0 172.16.0.1 permanent
Answer: E
Explanation:
You should issue the ip route vrf ce1 0.0.0.0 0.0.0.0 172.16.0.1 global command to ensure that the
route in a VPN routing and forwarding (VRF) named ce1 uses the default gateway address of
172.16.0.1, which is commonly accessible from all other addresses on the router but does not
exist in the ce1 table. The global keyword configures VRF ce1 to use the 172.16.0.1 gateway that
is present in the global routing table instead of attempting to look it up in the VRF ce1 routing
table. The global routing table stores paths that can be accessed by using any of the addresses on
the router, not just the addresses associated with a given VRF.
However, the global keyword applies only to the gateway address in the command, not to the
entire static route. To configure a static route to apply to a given VRF, you should issue the vrf
keyword along with the name of the VRF to which you want the route to apply. In this scenario, the
ip route vrf ce1 0.0.0.0 0.0.0.0 172.16.0.1 global command configures a default route for the VRF
named ce1.
You should not issue the ip route vrf ce1 0.0.0.0 0.0.0.0 172.16.0.1 permanent command in this
scenario. The permanent keyword ensures that a route will not be removed from the associated
VRF table even if the interface associated with the route is shut down. There are no conditions in
this scenario that require you to issue the command with the permanent keyword.
You should not issue either the ip route vrf 0.0.0.0 0.0.0.0 172.16.0.1 global command or the ip
route vrf 0.0.0.0 0.0.0.0 172.16.0.1 permanent command in this scenario. Neither of those
commands contain valid syntax.
Reference:
internet-access-mpls-vpn.html#conf
https://www.cisco.com/c/en/us/td/docs/ios/12_2/switch/command/reference/fswtch_r/xrfscmd2.htm
l#wp1029959
QUESTION NO: 293
Which of the following observations about potential BGP enhancements were documented in RFC
Cisco 400-101 Exam
6774? (Select the best answer.)
A.
possible modifications to the bestpath algorithm
B.
possible software upgrades for PE routers
C.
possible addition of a session between a route reflector and its client
D.
possible addition of a fouroctet Path Identifier
Answer: C
Explanation:
Observations about the possible addition of a session between a router reflector and its client
were documented in Request for Comments (RFC) 6774, which discusses the distribution of
diverse Border Gateway Protocol (BGP) paths. Specifically, RFC 6774 observed that BGP as it is
typically deployed has no mechanism for distributing paths that are not considered the best path
between speakers. However, the possible addition of a session between a route reflector and its
client could enable a BGP router to distribute alternate paths.
RFC 6774 does not document possible modifications to the bestpath algorithm, nor does it
document possible software upgrades for provider edge (PE) routers that are acting as route
reflector clients. Although the document does discuss a possible means of distributing paths other
than the best path, the means by which BGP determines the best path to a destination were not
changed. Therefore, no software upgrade is required.
The BGP AddPaths proposal, not RFC 6774, proposed the possible addition of a fouroctet Path
Identifier to Network Layer Reachability Information (NLRI) in order to enable BGP to distribute
multiple paths.
Reference:
QUESTION NO: 294
Which of the following statements best describes poison reverse? (Select the best answer.)
A.
Poison reverse prevents switching loops.
Cisco 400-101 Exam
B.
Poison reverse prevents routing loops by advertising a route as unreachable to all devices.
C.
whichthe route was received.
D.
Poison reverse prevents routers from advertising a route through the same interface from which
theroute was learned.
E.
Poison reverse suppresses information regarding a better path to a route for a specified period of
time.
F.
Poison reverse synchronizes VLAN configuration information between switches.
Answer: C
Explanation:
Reference:
advertising a route as unreachable. However, route poisoning immediately sends the
advertisements to all interfaces, not just to the source interface.
route was learned. Thus split horizon prevents routing loops. By default, split horizon is enabled on
all interfaces except those on which Frame Relay encapsulation or Switched Multimegabit Data
Service (SMDS) encapsulation is enabled.
Holddown timers suppress information regarding a better path to a route for a specifiedperiod of
time. When a router receives a routing update stating that a route is unreachable, the router waits
a specified amount of time before accepting routes advertised by other sources.
VLAN Trunking Protocol (VTP) is used to synchronize VTP and virtual LAN (VLAN) configuration
information between switches. For switches to synchronize information over VTP, the following
configuration parameters must match on all switches:
Cisco 400-101 Exam
- VTP domain name
- VTP password
- VTP version
Reference:
eigrp/16406-eigrp-toc.html#splithorizon
QUESTION NO: 295
You are considering moving your company's software development to a public cloudbased
solution. Which of the following are least likely to increase? (Select 2 choices.)
A.
availability
B.
redundancy
C.
security
D.
mobility
E.
control
F.
scalability
Answer: C,E
Explanation:
Of the choices provided, security and control are least likely to increase. With a public cloudbased
solution, the service provider, not the customer, controls the cloud infrastructure and devices.
Therefore, physical security of the data and hardware is no longer in the customer's control. In
addition, resources stored in the public cloud are typically accessed over the Internet. Care must
be taken so that the data can be accessed securely.
Availability, redundancy, mobility, and scalability are all likely to increase by moving to apublic
cloudbased solution. Cloudbased resources are typically spread over several devices, sometimes
Cisco 400-101 Exam
even in multiple geographic areas, thereby ensuring availability. If one device or location becomes
unavailable, other devices and locations can handle the workload. Data stored on cloudbased
resources can be copied or moved to other devices or locations, thereby increasing redundancy
and mobility. As usage increases, additional devices can be brought online, thereby providing
scalability.
Reference:
45/123-cloud1.html
QUESTION NO: 296
In a threenode OpenStack architecture, which services are part of the compute node? (Select 2
choices.)
A.
Ceilometer Agent
B.
Ceilometer Core
C.
Neutron DHCP Agent
D.
Neutron Server
E.
Nova Hypervisor
F.
Nova Management
G.
Correct
Answer: A,E
Explanation:
In a three-node OpenStack architecture, the Ceilometer Agent and the Nova Hypervisorservices
are part of the compute node. OpenStack is an opensource cloudcomputing platform. Each
OpenStack modular component is responsible for a particular function, and each component has a
code name. The following list contains several of the most popular OpenStack components:

Cisco 400-101 Exam
usage billing
A threenode OpenStack architecture consists of the compute node, the controller node, and the
network node. The compute node consists of the following services:
-Nova Hypervisor
-Kernelbased Virtual Machine (KVM) or Quick Emulator (QEMU)
-Ceilometer Agent
-The controller node consists of the following services:
-Keystone
-Glance
-Nova Management
-Neutron Server
-Neutron ML2 PlugIn
-Horizon
-Cinder
-Swift
-Ceilometer Core
The network node consists of several Neutron services:

Cisco 400-101 Exam
-Neutron ML2 PlugIn
Reference:
QUESTION NO: 297
Which of the following is the mandatory transport protocol for NETCONF? (Select the best
answer.)
A.
SSH
B.
SNMP
C.
SOAP
D.
YANG
Answer: A
Explanation:
Secure Shell (SSH) is the mandatory transport protocol for Network Configuration Protocol
(NETCONF). NETCONF, which is described in Request for Comments (RFC) 6241, provides the
ability to automate the configuration of network devices. Protocol messages are encoded by using
an Extensible Markup Language (XML)based format.
Simple Network Management Protocol (SNMP) is not the mandatory transport protocol for
NETCONF. Although SNMP is used to monitor network devices, it is not typically used to manage
network devices. NETCONF was created to address this lack of standardized functionality.
Simple Object Access Protocol (SOAP) is not the mandatory transport protocol for NETCONF.
However, SOAP can be used to transport NETCONF.
YANG is not the mandatory transport protocol for NETCONF. YANG, which is defined in RFC

Cisco 400-101 Exam
6020, is a hierarchical data modeling language that can model configuration and state data for
NETCONF. The YANG data can be encoded in an XML format.
Reference:
QUESTION NO: 298
Which of the following hypervisors operates as a Type2 hypervisor? (Select the best answer.)
A.
HyperV
B.
KVM
C.
QEMU
D.
Xen
Answer: C
Explanation:
Quick Emulator (QEMU) operates as a Type2 hypervisor. A hypervisor is used to create and run
virtual machines (VMs). A Type2 hypervisor, which is also called a hosted hypervisor, runs within
an operating system on the host computer. Other Type2 hypervisors include VMware Workstation,
VirtualBox, and Parallels Desktop for Mac.
A Type1 hypervisor, which is also called a native hypervisor or a baremetal hypervisor, runs
directly on the host computer's hardware. KVM, Xen, HyperV, and VMware ESX/ESXi operate as
Type1 hypervisors.
Reference:
https://www.ibm.com/developerworks/library/l-hypervisor/
https://www.ibm.com/developerworks/community/blogs/ibmvirtualization/entry/kvm_myths_uncove
ring_the_truth_about_the_open_source_hypervisor?lang=en

Cisco 400-101 Exam
QUESTION NO: 299
Which of the following statements are generally true of IoT devices? (Select 3 choices.)
A.
They are numerous.
B.
They are reliable.
C.
They consume a lot of power.
D.
They do not have much memory.
E.
They collectively produce a lot of data.
Answer: A,D,E
Explanation:
Internet of Things (IoT) devices are numerous, do not have much memory, and
collectivelyproduce a lot of data. IoT devices, which are often called embedded devices or smart
objects, are typically lowpower, lowmemory devices with limited processing capabilities. These
devices are used in a variety of applications, such as environmental monitoring, healthcare
monitoring, process automation, and location tracking. Many embedded devices can transmit data
wirelessly, and some are capable of transmitting over a wired connection. However, connectivity is
generally unreliable and bandwidth is often constrained.
In 2003, there were only 500 million Internetconnected devices worldwide. By 2010, thatnumber
had grown to 12.5 billion devices, or 1.84 devices per person. Cisco estimates that 50 billion IoT
devices will exist by 2020 and more than 500 billion IoT devices will exist by 2030.
Io devices collectively and individually produce a lot of data. For example, an airplanegenerates 10
terabytes (TB) of data for every 30 minutes of flight, and a tagged cow can generate an average of
200 megabytes (MB) of data per year. However, IoT devices often do not have the processing
power to analyze the data, nor do they have the power or bandwidth to transmit a lot of data.
Reference:
https://www.cisco.com/web/AP/IoEWebinarSeries/docs/the_internet_of_everythings_relevance_to
_cloud_and_mobility_applications.pdf
https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf

Cisco 400-101 Exam
https://developer.cisco.com/site/iox/documents/developer-guide/?ref=fog
QUESTION NO: 300
Which of the following statements is accurate regarding Salt? (Select the best answer.)
A.
Salt requires SSH.
B.
Salt requires installation of a master.
C.
Salt requires installation of a minion client.
D.
Salt requires Ruby programming knowledge.
E.
Salt requires Python programming knowledge.
Answer: B
Explanation:
Salt requires installation of a master. Salt is a configuration management tool that is used to
automate the installation, configuration, and maintenance of multiple computer systems, including
the software that runs on those systems. Other configuration management tools include Puppet,
Chef, and Ansible.
Salt is written in Python and operates on Linux distributions, UNIXlike systems, and Microsoft
Windows.
Salt can use a client/server architecture by installing Salt master software on the server and Salt
minion software on managed nodes. Masters and minions communicate by using ZeroMQ. Salt
can also be used without installing Salt minion software by using Salt Secure Shell (SSH).
However, Salt SSH is much slower than ZeroMQ.
Knowledge of Ruby or Python is not required to use Salt. Configuration information is stored
primarily in state modules that are typically written in YAML? however, Python or Python Domain
Specific Language (PyDSL) can also be used for complex configuration scripts.
Microsoft Windows. However, unlike the other configuration management software packages,
Ansible does not use agent software on managed nodes. Configurations are stored on the Ansible
server in playbooks that are written in YAML. Managed nodes can download scripted modules

Cisco 400-101 Exam
from an Ansible server by using SSH.
Puppet is written in Ruby and operates on Linux distributions, UNIXlike systems, and Microsoft
Windows. Puppet uses a client/server architecture? managed nodes running the Puppet Agent
application can receive configurations from a master server running Puppet Server. Modules are
written in Ruby or by using a Rubylike Puppet language.
a Chef Server.
Reference:
https://docs.saltstack.com/en/latest/topics/installation/index.html
https://docs.saltstack.com/en/latest/topics/ssh/index.html
QUESTION NO: 301
Which of the following must match for two routers running OSPFv3 to establish a neighbor
adjacency? (Select 2 choices.)
A.
area IDs
B.
router IDs
C.
process IDs
D.
instance IDs
Answer: A,D
Explanation:

Cisco 400-101 Exam
The area IDs must match and the instance IDs must match in order for two routers running Open
Shortest Path First version 3 (OSPFv3) to establish a neighbor adjacency? OSPFv3 is also called
OSPF for IPv6. Like its IPv4 counterpart, OSPFv2, OSPFv3 requires that routers have identically
configured area IDs, hello timers, and dead timers in order to establish neighbor adjacencies. In
addition, OSPFv3 requires that instance IDs also match; instance ID do not exist in OSPFv2.
OSPFv3 allows multiple OSPF instances to run on a router. To keep track of each instance,
OSPFv3 includes an instance ID field in the packet header. If no instance ID is specified on a link,
the default value of 0 is used. When a router receives an OSPFv3 packet, it checks the instance
ID in the packet header. If the instance ID in the header does not match the instance ID on the
receiving interface, the router discards the packet even if the packet has a matching area ID.
Similar to OSPFv2, OSPFv3 requires that hello timers and dead timers match in order for routers
to establish a neighbor adjacency. Hello timers are used to specify the amount of time between
hello packets, which are used for neighbor discovery and maintaining neighbor relationships. By
default, the hello timer is set to 10 seconds on pointtopoint and broadcast links and 30 seconds on
nonbroadcast multiaccess (NBMA) links. The dead timer is used to specify the amount of time to
wait before declaring a neighbor to be down. By default, the dead timer is set to four times the
hello timer value.
Router IDs should not match between two routers running OSPFv3. The router ID is a 32bit value
used to uniquely identify an OSPF router. By default, the router ID is the highest IPv4 loopback
address configured on a router. If no loopback address is configured, therouter ID is the highest
IPv4 address among configured interfaces on the router. If no IPv4 addresses are configured on
the router, the router ID must be manually configured before the OSPFv3 process will start. To
manually configure the router ID, you should issue the routerid id command in router configuration
mode.
Process IDs do not have to match in order for two routers running OSPFv3 to establish a neighbor
adjacency. Process IDs are used to identify an OSPF process on a router. However, unlike
instance IDs, process IDs are only locally significant to the router.
Reference:
https://tools.ietf.org/html/rfc5340#page-48
64384
QUESTION NO: 302
You administer an OSPF network that contains a mixture of Ethernet, FastEthernet,

GigabitEthernet, and TenGigabitEthernet links. The reference bandwidth is set to thedefault value
of 100.

Cisco 400-101 Exam
A.
All links will have the same OSPF cost.
B.
FastEthernet, GigabitEthernet, and TenGigabitEthernet links will have the same OSPF cost.
C.
GigabitEthernet and TenGigabitEthernet links will have the same OSPF cost.
D.
Ethernet andFastEthernet links will have the same OSPF cost.
E.
All links will have different OSPF costs.
Answer: B
Explanation:
FastEthernet, GigabitEthernet, and TenGigabitEthernet links will have the same OpenShortest
Path First (OSPF) cost. An OSPF routing process uses a cost metric that is based on the
bandwidth of an interface relative to a reference bandwidth. The formula to determine the cost of
an interface is as follows: cost = reference bandwidth / interface bandwidth
The default reference bandwidth is 100 Mbps. You can issue the autocost command from router
configuration mode to change the reference bandwidth for an OSPF routing process. The syntax
for the autocost command is autocost referencebandwidth refbw, where refbw is the reference
bandwidth expressed as an integer value in megabits per second between 1 and 4294967.
Therefore, the default value of the refbw parameter is 100.
The minimum supported cost for an OSPF interface is 1, and any values that calculate to less than
1 are rounded up to 1. Therefore, any link with an interface bandwidth greater than or equal to 100
Mbps will result in a cost of 1 by default. As a result, the 100Mbps FastEthernet links, the 1Gbps
GigabitEthernet links, and the 10Gbps TenGigabitEthernetlinks in this scenario will all have a cost
of 1; the 10Mbps Ethernet links will have a cost of 10.
If the reference bandwidth is less than the fastest routed link on the network, a situationcan arise
where the cost of two interfaces is the same even though their link speeds are different. When an
OSPF routing process is presented with multiple routes of the same cost, equalcost load balancing
is used to distribute packets evenly among the available paths. This distribution will cause some
packets in this scenario to take suboptimal routes to their destinations. To prevent this from
occurring, the reference bandwidth should be a value greater than or equal to the bandwidth of the
fastest routed link in the administrative domain. Alternatively, you can manually configure an
OSPF cost for each interface by issuing the ip ospf cost command from interface configuration
mode.
Reference:
Cisco 400-101 Exam
a1.html#wp3271966058
a1.html#wp4045850100
QUESTION NO: 303
Which of the following statements is true about the PortFast feature? (Select the best answer.)
A.
PortFast permanently places a switch port in the STP forwarding state.
B.
PortFast should not be enabled for ports that are connected to servers.
C.
PortFast prevents switching loops from occurring.
D.
PortFast can be configured only as a global default.
E.
PortFast can be configured only on a specific port.
F.
PortFast effectively disables STP on a port.
Answer: A
Explanation:
PortFast permanently places a switch port in the Spanning Tree Protocol (STP) forwarding state,
bypassing the listening and learning states. PortFast is a feature available on Catalyst switches
that enables faster connectivity for hosts connected to an accesslayer switch port. If PortFast is
not enabled, a switch port transitions through the STP listening and learning states before it enters
the forwarding state. This process can take as long as 30 seconds if the default STP timers are
used. Additionally, port initialization could take as long as 50 seconds if Port Aggregation Protocol
(PAgP) is enabled. Since host computers or IP phones do not typically perform bridging functions,
it is not necessary to make theswitch port transition through the normal STP states, because the
port should not encounter a switching loop. Thus STP skips the listening and learning states and
places the port into the forwarding state so that the end host has immediate network connectivity.
Although PortFast does accelerate the STP process, PortFast does not disable STP on theport.
Host ports that are not enabled for PortFast can cause a high number of STP topologychanges to
flood throughout the network, thereby causing high CPU utilization on network switches.
Cisco 400-101 Exam
Therefore, you should enable PortFast on ports that are connected to end hosts, such as IP
phones, client workstations, or servers. Typically, servers and client workstations do not perform
routing or switching, so there is no need to delay network connectivity while STP cycles through
the listening and learning states. Conversely, PortFast should not be enabled on a port that is
connected to a switch or other networking device. If you enable PortFast on such a port, you risk
creating switching loops because the port is permanently in the STP forwarding state.
PortFast can be enabled as a global default as well as on a specific port. If you enable PortFast as
a global default, each port that is configured as an access port is enabled with PortFast. You can
enable PortFast as a global default by issuing the spanningtree portfast default global
configuration command. You can also enable PortFast on a perport basis by issuing the
spanningtree portfast interface configuration command.
Reference:
12.html#sptree
https://www.cisco.com/en/US/products/hw/switches/ps679/products_configuration_guide_chapter0
9186a008007d779.html#xtocid24321
https://www.cisco.com/en/US/products/hw/switches/ps679/products_configuration_guide_chapter0
9186a008007d779.html#xtocid24323
cat4500-high-cpu.html#host
QUESTION NO: 304
A nonroot switch receives several BPDUs from multiple forwarding switches. Each hello packet
has the same root bridge ID and the same STP path cost to the root bridge.
Which of the following BPDU criteria is used next to determine the root port? (Select the best
answer.)
A.
the lowest bridge ID of the forwarding switch
B.
the lowest port priority of the forwarding switch
C.
the lowest port number of the forwarding switch
D.
the highest bridge ID of the forwarding switch

Cisco 400-101 Exam
E.
the highest port priority of the forwarding switch
F.
the highest port number of the forwarding switch
Answer: A
Explanation:
The lowest bridge ID of the forwarding switch is used next to determine the root port. The root port
on a switch is the port that receives the best Spanning Tree Protocol (STP) bridge protocol data
unit (BPDU), which indicates the best path to the root bridge based on the best path cost. A root
port is always in the forwarding state. Because there is only one best path to the root bridge, a
switch cannot have more than one root port. Only the root bridge does not have a root port.
The bridge ID is composed of a 2byte bridge priority and a 6byte Media Access Control (MAC)
address. For example, a switch with a bridge priority of 32768 and a MAC address of
1234.5678.9abc would have a bridge ID of 32768.1234.5678.9abc. A switch with a lower priority
value would also have a lower bridge ID. If priority values are equal, the switch with the lower MAC
address is preferred; in MAC addresses, numbers are lower than letters and the hexadecimal
value A is lower than the hexadecimal value F.
The root bridge sends hello packets every two seconds by default. When a switch receives a hello
packet, the receiving switch modifies the forwarding switch's bridge ID, port priority, port number,
and cost to reach the root bridge before forwarding the hello packet to neighboring switches. The
interface that receives the hello packet with the lowest path cost will become the root port. When a
switch receives multiple hello packets with the same path cost, it will choose the interface
connected to the forwarding switch with the lowest bridge ID. When multiple equalcost paths to a
forwarding switch exist, the receiving switch will choose the lowest port priority of the forwarding
switch. If all port priorities are equal, the receiving switch will choose the lowest port number of the
forwarding switch.
Reference:
QUESTION NO: 305
Which of the following statements best describe why WRED is useful for networks where the
majority of traffic uses TCP? (Select 2 choices.)
A.
TCP packets that are dropped must be retransmitted.

Cisco 400-101 Exam
B.
TCP packets cannot arrive out of sequence.
C.
TCP packets have large header sizes.
D.
TCP sources reduce traffic flow when congestion occurs.
E.
TCP packets must have priority over UDP packets.
Answer: A,D
Explanation:
Weighted random early detection (WRED) is useful for networks where the majority of traffic uses
Transmission Control Protocol (TCP) because TCP packets that are dropped must be
retransmitted. Additionally, TCP sources reduce traffic flow when congestion occurs, thereby
further slowing down the network.
WRED is a congestion avoidance mechanism that addresses packet loss caused by tail drop,
which occurs when new incoming packets are dropped because a router's queues are too full to
accept them. Tail drop causes a problem called global TCP synchronization, whereby all of the
TCP sources on a network reduce traffic flow during periods of congestion and then the TCP
sources increase traffic flow when the congestion is reduced, which again causes congestion and
dropped packets. When WRED is implemented, you can configure different tail drop thresholds for
each IP precedence or Differentiated Services Code Point (DSCP) value so that lowerpriority
traffic is more likely to be dropped thanhigherpriority traffic, thereby avoiding global TCP
synchronization.
WRED does not address header size. To compress the header of TCP packets, you should
implement TCP header compression. Because TCP header compression compresses only the
header, not the entire packet, TCP header compression works best for packets with small
payloads, such as those carrying interactive data.
WRED does not address the order in which TCP packets arrive. TCP packets can arrive in any
order because each packet is numbered with a sequence number. When the TCP packets arrive
at their destination, TCP rearranges the packets into the correct order.
Although it is possible for TCP packets to require a higher priority than User DatagramProtocol
(UDP) packets, it is also possible for UDP packets to require a higher priority than TCP packets.
UDP traffic that requires a high priority includes Voice over IP (VoIP) traffic and realtime
multimedia traffic. You should avoid placing TCP and UDP traffic in the same traffic class,
because doing so can cause TCP starvation. UDP traffic is not aware of packet loss due to
congestion control mechanisms, so devices sending UDP traffic might not reduce their
transmission rates. This behavior causes the UDP traffic to dominate the queue and prevent TCP
traffic from resuming a normal flow.

Cisco 400-101 Exam
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfconav.html
QUESTION NO: 306
Which of the following features should not be enabled on a host port? (Select the best answer.)
A.
PortFast
B.
loop guard
C.
root guard
D.
BPDU guard
Answer: B
Explanation:
Loop guard should not be enabled on a host port? it should be enabled on trunk ports to prevent
Layer 2 switching loops from occurring. Loop guard is only used on interfaces that Spanning Tree
Protocol (STP) considers to be pointtopoint links. When a trunk port configured with loop guard
stops receiving bridge protocol data units (BPDUs), loop guard will put the port into the
loopinconsistent state instead of allowing the port to transition to the forwarding state. If you were
to enable loop guard on a port connected to a host computer, the port would transition to the
loopinconsistent state because a host does not send BPDUs.
PortFast can be enabled on a host port. PortFast enables a port to immediately access the
network by transitioning the port into the STP forwarding state without passing through the STP
listening and learning states. Because the ports are not expected to receive BPDUs, they are not
required to learn the network topology. Host ports that are not enabled for PortFast can cause a
high number of STP topology changes to flood throughout the network, thereby causing high CPU
utilization on network switches. However, care should be taken to ensure that PortFast is not
enabled on a port that is connected to a switch or other networking device. If you enable PortFast
on such a port, you risk creating switching loops because the port is permanently in the STP
forwarding state.
BPDU guard can be enabled on a host port to ensure that the port cannot receive BPDUs, thereby
defining the edge of the STP domain. When a port that is configured with BPDU guard receives a
BPDU, BPDU guard immediately puts the port into the errdisable state and shuts down the port.
The port must be manually reenabled, or it can be recovered automatically through the errdisable
Cisco 400-101 Exam
timeout function.
Root guard can be enabled on a host port? however, it is more useful to enable PortFast and
BPDU guard on a host port instead. Root guard is typically used to prevent a designated port from
becoming a root port, thereby influencing which bridge will become the root bridge on the network.
When root guard is applied to a port, the port is permanently configured as a designated port. A
port that receives a superior BPDU will normally attempt to become a root port. However, if a
designated port configured with root guard receives a superior BPDU, the port will be put into the
rootinconsistent state and no data will flow through that port until it stops receiving superior
BPDUs.
Reference:
84.html#loop_guard_description
12.html#sptree
74.html#diff
QUESTION NO: 307
Which of the following multicast addresses is used for Auto-RP announcement messages? (Select
the best answer.)
A.
224.0.0.2
B.
224.0.0.13
C.
224.0.0.102
D.
224.0.1.39
E.
224.0.1.40
Answer: D
Explanation:

Cisco 400-101 Exam
The multicast address 224.0.1.39 is used by AutoRP for RPAnnounce messages, which are sent
by each candidate rendezvous point (RP) to advertise its eligibility to become an RP. The
RPAnnounce messages are received by the mapping agent, which maps the candidate RPs to
multicast groups. If multiple routers are advertised as candidate RPs for a multicast group, the
router with the highest IP address is used as the RP for that group.
The multicast address 224.0.1.40 is used by AutoRP for RPDiscovery messages, which are sent
by mapping agents to advertise the authoritative RP for a multicast group. AutoRP dynamically
determines the RP for a multicast group so that RPs need not be manually configured. AutoRP
uses a mapping agent to learn which routers are advertised as candidate RPs for each multicast
group. The candidate list is then advertised to client routers.
The multicast address 224.0.0.2 is the allrouters address. This address is used by Protocol
Independent Multicast version 1 (PIMv1) to send status messages, such as querymessages. The
allrouters address is also used by Internet Group Management Protocol (IGMP) and Hot Standby
Router Protocol (HSRP).
The multicast address 224.0.0.13 is the allPIMrouters address. This address is used by PIMv2 to
send status messages, such as hello messages, prune messages, and assert messages. The
allPIMrouters address is also used by the Bootstrap Router (BSR) feature to dynamically assign
RPs to multicast groups. Other PIMv2 message types include the Register message, the
RegisterStop message, and the Join/Prune message.
The multicast address 224.0.0.102 is used for Gateway Load Balancing Protocol (GLBP) hello
messages. GLBP is a Ciscoproprietary protocol that was developed to resolve some of the
shortcomings of other router redundancy protocols, such as HSRP and Virtual Router
Redundancy Protocol (VRRP). By default, hello messages are sent among GLBP group members
every three seconds.
Reference:
029236
QUESTION NO: 308
Which of the following IPv6 address prefixes are not routable? (Select 2 choices.)
A.
2000::/3
B.
FC00::/8
C.
FD00::/8
Cisco 400-101 Exam
D.
FE80::/10
E.
FF02::/16
F.
FF05::/16
Answer: D,E
Explanation:
The IPv6 address prefixes FE80::/10 and FF02::/16 are not routable. The IPv6 prefix FE80::/10 is
used for linklocal unicast addresses. IPv6 addresses in the FE80::/10 range begin with the
characters FE80 through FEBF. Unicast packets are used for onetoone communication. Linklocal
addresses are unique only on the local segment. Therefore, linklocal addresses are not routable.
An IPv6capable host typically creates a linklocal unicast address automatically at startup. Linklocal
unicast addresses are used for nexthop neighbor discovery and for environments in which no
router is present to provide a routable IPv6 prefix.
The IPv6 prefix FF02::/16 is used for linklocal multicast addresses. Like linklocal unicast
addresses, linklocal multicast addresses are not routable.
characters FC00 through FDFF. Uniquelocal unicast addresses are not globally routable, but they
are routable within an organization.
Al IPv6 addresses beginning with FF are multicast addresses, which are used for onetomany
communication. The following IPv6 multicast scopes are defined:
-FF01::/16 -nodelocal
-FF02::/16 -linklocal
-FF05::/16 -sitelocal
-FF08::/16 -organizationlocal
- FF0E::/16 –global
The FF01::/16 prefix is used for nodelocal multicast addresses. These addresses are used only on
the interface itself, much like a loopback address. Therefore, they are not routable.
Cisco 400-101 Exam
The FF05::/16 prefix is used for sitelocal multicast addresses, and the FF08::/16 prefix is used for
organization local multicast addresses. Like uniquelocal unicast addresses, sitelocal multicast and
organization local multicast addresses are not globally routable, but they are routable within an
organization. The FF0E::/16 prefix is used for globally routable multicast addresses.
hop to hop. Therefore, a router that receives an ND packet with a Ho Limit value of 255 considers
Reference:
https://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-
firewalls/products-installation-and-configuration-guides-list.html#wp1010923
https://www.cisco.com/c/en/us/products/collateral/physical-security/video-surveillance-
manager/prod_white_paper0900aecd8073c232.html
QUESTION NO: 309
You issue the show ip route command on RouterA and receive the following partial output:
RouterA receives a packet that is destined for 10.20.0.14.
Which of the following routes will RouterA use to send the packet? (Select the best answer.)
A.
the static route, because static routes are preferred over dynamic routes
B.
the EIGRP route, because it has the lowest administrative distance
C.
the RIP route, because it has the highest administrative distance
D.
the OSPF route, because it is the route with the longest prefix match

Cisco 400-101 Exam
Answer: D
Explanation:
RouterA will use the Open Shortest Path First (OSPF) route, because it is the route with the
longest prefix match. When a packet is sent to a router, the router checks the routing table to see
whether the nexthop address for the destination network is known. If multiple routes to a
destination are known, the most specific route is used. Therefore, the following rules apply on
RouterA:
-Packets sent to the 10.20.0.0/28 network use the OSPF route. This includes destination
addressesfrom 10.20.0.0 through 10.20.0.15.
-Packets sent to the 10.20.0.0/26 network, except those sent to the 10.20.0.0/28 network, use
theEnhanced Interior Gateway Routing Protocol (EIGRP) route. This includes destination
addresses from 10.20.0.16 through 10.20.0.63.
-Packets sent to the 10.20.0.0/24 network, except those sent to the 10.20.0.0/26 network, use
theRouting Information Protocol (RIP) route. This includes destination addresses from 10.20.0.64
through 10.20.0.255.
-Packets sent to the 10.20.0.0/22 network, except those sent to the 10.20.0.0/24 network, use the
staticroute. This includes destination addresses from 10.20.1.0 through 10.20.3.255.
-Packets sent to any destination not listed in the routing table are forwarded to the default
gateway, ifone is configured.
Because the most specific route to 10.20.0.14 is the route toward the 10.20.0.0/28network,
RouterA will forward a packet destined for 10.20.0.14 to the Serial0/1 interface.
RouterA will not use the EIGRP route to send a packet that is destined for 10.20.0.14.
Administrative distance (AD) values are used only to determine which route is placed in therouting
table when multiple routes to a destination are known. However, a router considers routes with
different prefix lengths as separate routes. If OSPF, EIGRP, and RIP had each advertised routes
to 10.20.0.0/28, the EIGRP route would have been selected because EIGRP has the lowest AD.
The following list contains the most commonly used ADs:

Cisco 400-101 Exam
RouterA will not use the RIP route to send a packet that is destined for 10.20.0.14. Routes with
longer prefix lengths are preferred over routes with shorter prefix lengths, and routes with lower
ADs are preferred over routes with higher ADs.
RouterA will not use the static route to send a packet that is destined for 10.20.0.14. If the static
route were configured so that the destination network was 10.20.0.0/28, the static route would be
preferred over the OSPF route because static routes have a lower AD than dynamic routes.
Reference:
eigrp/8651-21.html
QUESTION NO: 310

Cisco 400-101 Exam
You administer the EIGRP network shown above. The bandwidth (Bw) and delay (D) values are
displayed above each link.
Which of the following are feasible successors on RouterA for the 172.20.0.0/24 network? (Select
the best answer.)
A.
only the route through RouterB
B.
only the route through RouterE
C.
only the routes through RouterB and RouterE
D.
only the routes through RouterC and RouterE
E.
only the routes through RouterB, RouterD, and RouterE
F.
the routes through RouterB, RouterC, RouterD, and RouterE
Answer: D
Explanation:

Cisco 400-101 Exam
Only the routes through RouterC and RouterE are feasible successors on RouterA for the
172.20.0.0/24 network. Feasible successors are backup routes that can be used immediately if the
successor route is lost? the successor route is the best route to a destination. To qualify as a
feasible successor, the advertising router must be closer to the destination than the router to which
the route is advertised. To ensure that the advertising router meets this feasibility condition,
compare the advertised distance (AD) to the feasible distance (FD) of the successor. The AD,
which is also called the reported distance (RD), is the cost that the nexthop router has calculated
for the route, and the FD is the cost that the local router has calculated for the route. If the AD of a
route is lower than the FD of the successor, the route is a feasible successor.
By default, the Enhanced Interior Gateway Routing Protocol (EIGRP) composite metric
iscalculated by bandwidth and delay. The route with the lowest metric is the best route to the
destination. EIGRP uses the lowest bandwidth along the path to a destination to calculate the
bandwidth portion of the metric. Higher bandwidth values create lower metric values. By contrast,
EIGRP uses the sum of the delays along the path to a destination to calculate the delay portion of
the metric. Lower delay values create lower metric values. Therefore, higher bandwidth values and
lower delay values are preferred over lower bandwidth values and higher delay values.
The following table displays the FD values for each route from RouterA to the 172.20.0.0/24
network:
The table shows that the route through RouterB has the highest bandwidth and lowest total delay.
Therefore, the route through RouterB is the successor. For a route to qualify as a feasible
successor, the metrics at the nexthop router should be lower than the metrics of the best route on
the local router. The following table displays the AD values for each nexthop router to the
172.20.0.0/24 network:
The route through RouterC is a feasible successor because the AD from RouterC is lower than the
FD through RouterB. The bandwidth of the AD from RouterC is the same as the bandwidth of the
FD through RouterB. However, because the total delay of the AD from RouterC is less than the
Cisco 400-101 Exam
total delay of the FD through RouterB, the route through RouterC is a feasible successor.
The route through RouterE is a feasible successor because the AD from RouterE is lower than the
FD through RouterB. The bandwidth of the AD from RouterE is the same as the bandwidth of the
FD through RouterB. However, because the total delay of the AD from RouterE is less than the
total delay of the FD through RouterB, the route through RouterE is a feasible successor.
The route through RouterD is not a feasible successor, because the AD from RouterD is higher
than the FD through RouterB. The total delay of the AD from RouterD is the same as the total
delay of the FD through RouterB. However, because the bandwidth of the AD from RouterD is
lower than the bandwidth of the FD through RouterB, the route through RouterD is not a feasible
successor.
Reference:
eigrp/16406-eigrp-toc.html#feasibleandreported
QUESTION NO: 311
Which of the following functions is not performed by LCP? (Select the best answer.)
A.
establishment of the PPP link
B.
termination of the PPP link
C.
detection of looped links
D.
negotiation of Network layer protocols
E.
negotiation of authentication parameters
Answer: D
Explanation:
Network Control Protocol (NCP), not Link Control Protocol (LCP), negotiates Network layer
protocols. NCP, a subprotocol in the PointtoPoint Protocol (PPP) suite, establishes and configures
the Network layer protocols, such as IP and Internetwork Packet Exchange (IPX), that are used
over the PPP link. When IP is used over the PPP link, either IP Control Protocol (IPCP) or IPv6

Cisco 400-101 Exam
Control Protocol (IPv6CP) is the NCP. When IPX is used over the PPP link, IPX Control Protocol
(IPXCP) is the NCP.
LCP is the most important subprotocol in the PPP suite. LCP establishes, configures, tests,
maintains, and terminates PPP connections. The LCP phase must be complete and in an open
state in order for a PPP link to establish. If the LCP phase fails, the output of the debug ppp
negotiation command will indicate that LCP is in the closed state.
LCP uses a magic number parameter to determine whether a link is looped. A PPP router
transmits the magic number within an LCP message. If the router receives an LCP message with
that same magic number, the router recognizes that the line is looped and shuts down the
interface.
LCP also negotiates authentication parameters. If PPP authentication is implemented, LCP

negotiates whether to use Challenge Handshake Authentication Protocol (CHAP) or Password
Authentication Protocol (PAP).
Reference:
https://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/25440-debug-ppp-
negotiation.html
QUESTION NO: 312
You have configured an IS-IS node with the NET 49.1741.c867.5309.af89.00.
Which of the following is the system ID? (Select the best answer.)
A.
49
B.
49.1741
C.
1741.c867.5309
D.
c867.5309.af89
E.
af89.00
F.
00
Cisco 400-101 Exam
Answer: D
Explanation:
The system ID of the Intermediate SystemtoIntermediate System (ISIS) node is c867.5309.af89. A

network entity title (NET) is a hexadecimal address that consists of the following three parts:
-The area ID
-The system ID
-The network service access point (NSAP) selector, or NSEL
The NET has a minimum length of 8 bytes and a maximum length of 20 bytes. Each byte consists
of two hexadecimal characters. The NSEL is the last byte in the address and is typically set to 00.
The system ID is always 6 bytes long and precedes the NSEL. Level 1 routers must have a
system ID that is unique within the area, and Level 2 routers must have a system ID that is unique
within the domain. ISIS will not establish an adjacency between two routers with the same system
ID.
The area ID is of variable length and precedes the system ID. The first byte, which is part of the
area ID, is called the authority and format identifier (AFI) and is typically set to a value of 49 on
privately addressed networks. Routers that share the same area address can form an adjacency.
In the NET 49.1741.c867.5309.af89.00, the area ID is 49.1741, the system ID isc867.5309.af89,

and the NSEL is 00. You can configure a NET for a router by issuing the net command in ISIS
router configuration mode. For example, to configure the NET on the node in this scenario, you
would issue the command net 49.1741.c867.5309.af89.00.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/apollo/configuration/guide/fapolo_c/3cfclns.html#w
p1012582
https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfisis.html#w
p1018178
QUESTION NO: 313
Which of the following DiffServ classes is most likely to be dropped? (Select the best answer.)
A.
AF11
B.
Cisco 400-101 Exam
AF23
C.
AF31
D.
AF42
Answer: B
Explanation:
Of the choices provided, the DiffServ class AF23 is most likely to be dropped. AF23 is a
Differentiated Services Code Point (DSCP) value, which is a 6bit header value thatidentifies the
Quality of Service (QoS) traffic class that is assigned to the packet. DSCP values beginning with
AF are called Assured Forwarding (AF) perhop behaviors (PHBs), which are defined in Request
for Comments (RFC) 2597. AF separates packets into four queue classes and three drop
probabilities. The AF values are specified in the format AFxy, where x is the queue class and y is
the drop probability. The following table displays the AF values with their queue classes and drop
rates:
values, you should use the formula 8x + 2y. For example, AF42converts to a decimal value of 36,
because (8 x 4) + (2 x 2) = 32 + 4 = 36.
values. Packets with a higher queue class value are given queuing priority over packetswith a
with a lower drop rate value. Packets with DSCP values of AF13, AF23, AF33, and AF43 all have
high drop probabilities; packets with DSCP values of AF11, AF21, AF31, and AF41 all have low
drop probabilities.
Reference:
dscpvalues.html#assured
QUESTION NO: 314
What is the first step in a successful DHCP lease process? (Select the best answer.)
Cisco 400-101 Exam
A.
A DHCP server sends a DHCPACK unicast.
B.
A DHCP client sends a DHCPDECLINE broadcast.
C.
A DHCP client sends a DHCPDISCOVER broadcast.
D.
A DHCP server sends a DHCPNAK broadcast.
E.
A DHCP server sends a DHCPOFFER unicast.
F.
A DHCP client sends a DHCPREQUEST broadcast.
Answer: C
Explanation:
The first step in a successful Dynamic Host Configuration Protocol (DHCP) lease process occurs
when a DHCP client sends a DHCPDISCOVER broadcast. The following graphic displays the
steps in a successful DHCP lease process:
A DHCPDISCOVER packet is used to locate a DHCP server. If no DHCP server is available, the
DHCP client will not be able to dynamically receive IP configuration information and, thus, will not
be able to communicate on the network.
The second step in a successful DHCP lease process occurs when one or more DHCP servers
send a DHCPOFFER unicast to the DHCP client. A DHCPOFFER packet contains IP
configuration information, such as the IP address, subnet mask, default gateway, and Domain
Name System (DNS) server addresses that a client should use.
The third step in a successful DHCP lease process occurs when the DHCP client sends a
DHCPREQUEST broadcast. A DHCPREQUEST packet formally requests the IP address fromthe
DHCP server. The DHCPREQUEST packet is broadcast to the entire network rather than unicast
to the specific DHCP server so that the other DHCP servers can reallocate the IP addresses they
offered to the DHCP client.
The fourth step in a successful DHCP lease process occurs when the DHCP server sends a

Cisco 400-101 Exam
DHCPACK unicast to the DHCP client. A DHCPACK packet confirms that the IP address hasbeen
officially assigned to the client for the duration of the lease.
Some packets are sent only during an unsuccessful DHCP lease process. A DHCPDECLINE
packet is the opposite of a DHCPREQUEST packet. A DHCPDECLINE packet is a broadcast
packet that a DHCP client sends to formally reject a DHCPOFFER from a DHCP server. A
DHCP client usually sends this kind of packet when the IP configuration is not valid for theclient.
A DHCPNAK packet is the opposite of a DHCPACK packet. A DHCPNAK packet is a broadcast

packet sent by a DHCP server to inform a DHCP client that the IP address in the DHCPREQUEST
is no longer valid for the client to use. A DHCP server usually sends thiskind of packet when the
DHCP client is slow to respond to the DHCP server.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfdhcp.html
QUESTION NO: 315
You issue the showip cache flow command and receive the following partial output:
Which of the following protocols is indicated in this flow? (Select the best answer.)
A.
DNS
B.
FTP
C.
HTTP
D.
HTTPS
E.
Telnet
F.
TFTP

Cisco 400-101 Exam
Answer: F
Explanation:
Trivial File Transfer Protocol (TFTP) is indicated in this flow. The device at 10.1.1.36 has sent a
User Datagram Protocol (UDP) TFTP packet to the device at 10.2.1.74.
The show ip cache flow command is used to display a summary of NetFlow statistics. The DstP
field indicates the destination port field and is displayed in hexadecimal. The hexadecimal value 45
converts to the decimal value 69, which is the port number used by TFTP.
The Pr field is used to indicate the IP protocol number and is displayed in hexadecimal. The Pr
field is set to a hexadecimal value of 06 for Transmission Control Protocol (TCP) and to a
hexadecimal value of 11 for UDP.
Domain Name System (DNS) communicates over TCP and UDP port 53. The decimal value53
converts to a hexadecimal value of 35. Therefore, the destination port field in the output of the
show ip cache flow command would display a value of 0035 for DNS traffic.
File Transfer Protocol (FTP) communicates over TCP ports 20 and 21. The decimal values20 and
21 convert to hexadecimal values of 14 and 15, respectively. Therefore, the destination port field
in the output of the show ip cache flow command would display a value of 0014 or 0015 for FTP
traffic.
Hypertext Transfer Protocol (HTTP) communicates over TCP port 80. The decimal value
80converts to a hexadecimal value of 50. Therefore, the destination port field in the output of the
show ip cache flow command would display a value of 0050 for HTTP traffic.
HTTP Secure (HTTPS) communicates over TCP port 443. The decimal value 443 converts toa
hexadecimal value of 1BB. Therefore, the destination port field in the output of the show ip cache
flow command would display a value of 01BB for HTTPS traffic.
Telnet communicates over TCP port 23. The decimal value 23 converts to a hexadecimal value of
17. Therefore, the destination port field in the output of the show ip cache flowcommand would
display a value of 0017 for Telnet traffic.
Reference:
netflow/prod_white_paper0900aecd80406232.html
QUESTION NO: 316
Which of the following statements are correct regarding the differences between IGMPv1,
Cisco 400-101 Exam
IGMPv2, and IGMPv3? (Select 2 choices.)
A.
IGMPv2 introduced support for SSM.
B.
IGMPv2 introduced support for groupspecific queries.
C.
IGMPv2 introduced support for querier elections.
D.
IGMPv3 introduced support for leave group messages.
E.
IGMPv3 introduced support for membership report suppression.
F.
IGMPv1 has a default query interval of 120 seconds? IGMPv2 and IGMPv3 have a default
queryinterval of 60 seconds.
G.
IGMPv1 has a default querier timeout of 120 seconds? IGMPv2 and IGMPv3 have a default
queriertimeout of 60 seconds.
Answer: B,C
Explanation:
Internet Group Management Protocol version 2 (IGMPv2) introduced support for groupspecific
queries and querier elections. IGMPv1 queries are general queries sent to the 224.0.0.1 allhosts
multicast address. IGMPv2 and IGMPv3 queries are either general queries, which are sent to
224.0.0.1, or groupspecific queries, which are sent only to members of a particular multicast
group.
Although IGMPv3 supports querier elections, this feature was introduced in IGMPv2. Therouter
with the lowest IP address on the subnet is elected as the querier. The querier is responsible for
periodically sending out membership query messages to determine whether any hosts want to
receive multicast packets for the multicast group. If at least one host responds with a membership
segment.
Although the Request for Comments (RFC) standard for IGMP query messages is 125seconds,
Cisco uses a default query interval of 60 seconds for all IGMP versions. The query interval
determines how often the querier sends out membership query messages. If no member has
responded to the query message within three times the query interval, the interface is pruned.
Cisco uses a default querier timeout of two times the query interval, or 120 seconds, for

Cisco 400-101 Exam
IGMPv2 and IGMPv3? IGMPv1 does not support querier elections. The querier timeout isused to
trigger querier elections. If an IGMP device has not received a query message from the querier
within the querier timeout period, a querier election is triggered and a new querier is elected.
IGMPv3 introduced support for Source Specific Multicast (SSM). SSM enables IGMPv3 hoststo
specify the source addresses from which they will accept multicast traffic. To enable SSM, you
should issue the ip pim ssm command from global configuration mode, the ip pim {sparsemode |
sparsedensemode} command from interface configuration mode, and the ip igmp version 3
command from interface configuration mode.
Although IGMPv3 supports leave group messages, this feature was introduced in IGMPv2.
In IGMPv1, a host leaves a multicast group silently. In IGMPv2 and IGMPv3, a host sendsan
IGMP leave message when it wants to leave a multicast group. IGMP routers maintain the IP
address of the last reporter, which is the last host that sent a membership report message for that
multicast group. If the last reporter leaves a multicast group, the IGMP router immediately sends a
membership query message to determine whether any interested hosts remain.
IGMPv3 does not support host membership report suppression; in fact, IGMPv3 removedsupport
for host membership report suppression. This feature, which is supported in
IGMPv1 and IGMPv2, prevents the sending of a membership report if a similar report isdetected
from another host on the network. IGMPv3 removes this restriction.
Reference:
001
QUESTION NO: 317
You issue the show vlan private-vlan command on SwitchA and receive the following partial
output:

Cisco 400-101 Exam
You are going to create secondary VLAN 50 and associate it with primary VLAN 30.
Which of the following commands should you issue in VLAN configuration mode for VLAN 50?
A.
private-vlan community
B.
private-vlan isolated
C.
private-vlan primary
D.
private-vlan secondary
E.
private-vlan association 30
F.
private-vlan association add 30
Answer: A
Explanation:
You should issue the privatevlan community command in virtual LAN (VLAN) configuration mode
for VLAN 50. The privatevlan community command configures a VLAN to be a community
secondary VLAN.
A private VLAN (PVLAN) provides separation between ports that belong to the same VLAN.
Because the separation exists at Layer 2, the hosts can exist on the same IP subnet. TheVLAN to
which the hosts belong is called the primary VLAN. To configure a VLAN as a primary VLAN, you
should issue the privatevlan primary command. You should not issue the privatevlan primary
command for VLAN 50, because doing so would make VLAN 50 a primary VLAN, not a secondary
VLAN.
To create a PVLAN, you must create secondary VLANs and associate them with the primary
VLAN. There are two types of secondary VLANs: community VLANs and isolated VLANs. Ports
that belong to a community VLAN can communicate with promiscuous ports and with other ports

Cisco 400-101 Exam
that belong to the same community. However, they cannot communicate with isolated ports or with
ports that belong to other communities. To configure a VLAN as a community VLAN, you should
issue the privatevlan community command.
Ports that belong to an isolated VLAN can communicate with only promiscuous ports. To configure
a VLAN as an isolated VLAN, you should issue the privatevlan isolatedcommand. Only one
isolated VLAN can be associated with a primary VLAN. Therefore, you should not issue the
privatevlan isolated command for VLAN 50, because VLAN 10 is configured as an isolated VLAN
and is associated with primary VLAN 30. If VLAN 10 did not exist, you could configure VLAN 50 as
an isolated VLAN and associate it with primary VLAN 30.
You should not issue the privatevlan secondary command for VLAN 50. The privatevlan
secondary command uses incorrect syntax; therefore, issuing this command will generate an
error.
You should not issue the privatevlan association 30 command or the privatevlan association add
30 command for VLAN 50. The privatevlan association command associates the primary VLAN
with one or more secondary VLANs; this command should be issued in VLAN configuration mode
for the primary VLAN. Therefore, the privatevlan association command should not be issued for
VLAN 50; it should be issued for VLAN 30. Issuing the privatevlan association 50 command for
VLAN 30 would associate onlysecondary VLAN 50 with primary VLAN 30, but doing so would
remove the existing secondary VLAN associations for VLAN 30. Issuing the privatevlan
association add 50command for VLAN 30 would add secondary VLAN 50 to the list of existing
secondary VLANs that are associated with VLAN 30.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/
CLIConfigurationGuide/PrivateVLANs.html
QUESTION NO: 318

Cisco 400-101 Exam
You administer the EIGRP network shown above. The bandwidth (Bw) and delay (D) values are
displayed above each link. RouterA uses the default variance value.
A.
RouterB is a successor for the 172.20.0.0/24 network.
B.
RouterC is a successor for the 172.20.0.0/24 network.
C.
RouterD is a successor for the 172.20.0.0/24 network.
D.
RouterE is a successor for the 172.20.0.0/24 network.
E.
RouterA will not perform load balancing.
F.
RouterA will perform unequalcost load balancing.
Answer: C,E
Explanation:
RouterD is a successor for the 172.20.0.0/24 network. Additionally, RouterA will not perform load
balancing.

Cisco 400-101 Exam
A successor is a router with the lowest metric to a destination network. By default, the Enhanced
Interior Gateway Routing Protocol (EIGRP) composite metric is calculated bybandwidth and delay.
Higher bandwidth values create lower metric values. By contrast, lower delay values create lower
metric values. Therefore, higher bandwidth values and lower delay values are preferred over lower
bandwidth values and higher delay values. RouterD is a successor for the 172.20.0.0/24 network
because the path through RouterD has the highest bandwidth and the lowest delay. Therefore,
RouterD is the only successor for the 172.20.0.0/24 network.
RouterB is not a successor for the 172.20.0.0/24 network. Although the bandwidth through
RouterB is the same as the bandwidth through RouterD, the delay through RouterB is higher than
the delay through RouterD.
RouterC is not a successor for the 172.20.0.0/24 network. Although the delay through RouterC is
the same as the delay through RouterD, the bandwidth through RouterC is lower than the
bandwidth through RouterD.
RouterE is not a successor for the 172.20.0.0/24 network. The bandwidth through RouterE is
lower than the bandwidth through RouterD. Additionally, the delay through RouterE is higher than
the delay through RouterD.
RouterA will not perform load balancing. By default, an EIGRP router is configured with a variance
value of 1, which enables the router to perform equalcost load balancing. However, there are no
routes with a metric value as low as the route through RouterD. Ifthere were another path to the
172.20.0.0/24 network with a bandwidth of 100 and a delay of 10, RouterA would load balance
traffic between the two equalcost paths.
Although EIGRP is capable of unequalcost load balancing, RouterA is not configured toperform
unequalcost load balancing, because RouterA is using the default variance value of 1. A variance
value of 2 or higher means that a feasible successor can be used for unequalcost load balancing.
However, voice traffic and other delaysensitive traffic will be negatively affected if those packets
are routed over paths with lower bandwidths and higher delays.
Reference:
s1.html#wp3209991315
eigrp/16406-eigrp-toc.html#anc6
QUESTION NO: 319
You want to configure SSH for incoming VTY connections. The router has not been configured
with a host name, a domain name, or an RSA key pair. Additionally, the VTY lines are not yet
configured to accept incoming SSH connections.

Cisco 400-101 Exam
You issue the ip ssh timeout 60 command from global configuration mode to configure the router
with a 60second timeout.
Which of the following messages will you most likely receive? (Select the best answer.)
A.
Invalid input detected at '^' marker.
B.
Please define a hostname other than Router.
C.
Please define a domainname first.
D.
Please create RSA keys to enable SSH.
E.
Please enable SSH as a transport mode.
Answer: D
Explanation:
You will most likely receive the Please create RSA keys to enable SSH message when you issue
the ip ssh timeout 60 command from global configuration mode. To enable Secure Shell (SSH) for
virtual terminal (VTY) lines on a Cisco router, you should complete the following steps:
1. Configure the router with a host name other than Router by issuing the hostname command.
2. Configure the router with a domain name by issuing the ip domain name command.
3. Generate an RSA key pair for the router by issuing the crypto key generate rsa command.
4. Configure the VTY lines to use SSH by issuing the transport input ssh command from line
configuration mode.
You will not receive the Invalid input detected at '^' marker message when you issue the ip ssh
timeout 60 command in this scenario. You would receive the Invalid input detected at '^' marker
message if you were to mistype the timeout keyword or if you were to try to configure the SSH
timeout with a value greater than 120 seconds. Although SSH is not yet enabled in this scenario,
the router will accept the ip ssh timeout 60 command as a valid configuration. The ip ssh timeout
60 command would appear in the configuration if you were to issue the show runningconfig
command.
You will not receive the Please define a hostname other than Router message when you issue the
ip ssh timeout 60 command in this scenario. However, because you have not configured the router
with a host name other than the default name of Router, you would receive the Please define a
hostname other than Router message if you were to issue the crypto key generate rsa command.
To configure a router with a host name other than the default, you should issue the hostname
Cisco 400-101 Exam
hostname command from global configuration mode.
You will not receive the Please define a domainname first message when you issue the ip ssh
timeout 60 command in this scenario. However, if you had configured the router with a valid host
name but had not configured the router with a domain name, you would receive the Please define
a domainname first message if you were to issue the crypto key generate rsa command. In this
scenario, you have configured neither the domain name nor the host name. To configure a router
with a domain name, you should issue the ip domainname domainname command from global
configuration mode.
You will not receive the Please enable SSH as a transport mode message when you issue the ip
ssh timeout 60 command in this scenario. The Please enable SSH as a transport mode message
is not a warning message that is displayed on Cisco routers. You can issue the transport input ssh
command to configure SSH as the transport mode for VTY lines.
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-
ssh.html#settingupaniosrouterasssh
QUESTION NO: 320
Which of the following statements are incorrect? (Select 2 choices.)
A.
NBAR will not work without CEF.
B.
NBAR can classify IP and IPX traffic.
C.
NBAR can classify TCP and UDP traffic.
D.
NBAR can classify HTTP and FTP traffic.
E.
NBAR can classify unicast and multicast traffic.
F.
NBAR can classify inbound and outbound traffic.
Answer: B,E
Explanation:

Cisco 400-101 Exam
Although Network Based Application Recognition (NBAR) can classify IP traffic, it cannotclassify
Internetwork Packet Exchange (IPX) traffic. Additionally, NBAR can classify unicast traffic, but it
cannot classify multicast traffic.
NBAR enables a router to perform deep packet inspection for all packets that pass through an
NBARenabled interface. With deep packet inspection, an NBARenabled router can classify traffic
based on the content of a packet, not just the network header information.
Additionally, NBAR provides statistical reporting relative to each recognized application.

Forexample, NBAR can be used to track bandwidth usage for each protocol type.
NBAR can classify traffic that uses Transmission Control Protocol (TCP), such as Hypertext
Transfer Protocol (HTTP) and File Transfer Protocol (FTP) traffic, and traffic that uses User
Datagram Protocol (UDP), such as Dynamic Host Configuration Protocol (DHCP) and Trivial
File Transfer Protocol (TFTP) traffic. Additionally, NBAR can classify IP traffic that does notuse
TCP or UDP, such as Generic Routing Encapsulation (GRE) and IP Security (IPSec) traffic. Not
only can NBAR classify traffic that uses static port numbers, it can also classify traffic that uses
dynamically assigned port numbers.
Before NBAR can classify any traffic, Cisco Express Forwarding (CEF) must be enabled onthe
router. CEF is enabled by default on Cisco routers. If CEF has been disabled by the no ip cef
command, you can reenable CEF by issuing the ip cef command.
You can configure NBAR to classify inbound traffic on an interface by issuing the servicepolicy
input command. Alternatively, you can configure NBAR to classify outbound traffic by issuing the
service-policy output command.
Reference:
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/network-based-application-
recognition-nbar/prod_case_study09186a00800ad0ca.html
https://www.cisco.com/c/en/us/products/ios-nx-os-software/index.html
Select the default STP timer values from the left, and place them over the corresponding STP
timers on the right. Each timer value can be used only once. Not all timer values will be used.

Cisco 400-101 Exam
Answer:
Explanation:

Cisco 400-101 Exam
Spanning Tree Protocol (STP) uses three timer values: the hello timer value, the forward_delay
timer value, and the max_age timer value. The hello timer value is the time between the sending
of bridge protocol data units (BPDUs). Switches send BPDUs to determine the path cost to the
root bridge. A switch assumes that it has lost connectivity with a neighbor root bridge or neighbor
designated bridge after it misses three BPDUs, which are sent every two seconds by default.
Therefore, the STP information is removed from a switch after six seconds pass without the switch
receiving a BPDU.
STP information is also removed after a set period of time. The max_age timer value is the
maximum length of time before old BPDU information is removed. By default, the max_age timer
is set to 20 seconds.
STP interfaces exist in one of five states: blocking, listening, learning, forwarding, or disabled. The
forward_delay timer value is the time a port spends in the listening state and learning state. By
default, the forward_delay timer is set to 15 seconds.
Switches use the STP timer values on BPDUs that they receive, not on the local STP timer values
configured on the switch itself. Therefore, only the timers configured on the root bridge will be
used throughout the network. If you want to modify STP timer values, you should change them on
the root bridge and the backup root bridge, at a minimum.
Reference:
122.html#stp_timers
QUESTION NO: 322
Which of the following TOS values is used for the PHB value EF in the output of the show ip cache
flow command? (Select the best answer.)
A.
E0
B.
0

Cisco 400-101 Exam
C.
A0
D.
B8.
E.
80
Answer: D
Explanation:
The Type of Service (ToS) value B8 is used for the perhop behavior (PHB) value EF in the output
of the show ip cache flow command. PHBs identify the Quality of Service (QoS) traffic class that is
assigned to the packet. Expedited Forwarding (EF), which is defined in Request for Comments
(RFC) 2598, indicates a highpriority packet that should be given queuing priority over other
packets but should not be allowed to completely monopolize the interface. Voice over IP (VoIP)
traffic is often assigned a value of EF.
The TOS value in the output of the show ip cache flow command is an 8bit hexadecimal value. EF
has a binary value of 10111000. To convert an eightdigit binary value to a twocharacter
hexadecimal value, split the binary value in half and convert each section individually. The binary
value 1011 converts to the hexadecimal character B, and the binary value 1000 converts to the
hexadecimal character 8. Therefore, the value EF converts to the hexadecimal value B8, which is
the TOS value that is displayed in the output of the show ip cache flow command.
Class Selector (CS) PHBs, which are defined in RFC 2475, only use the first three QoS bits;
therefore, CS PHBs are backward compatible with 3bit IP precedence values. Packets with higher
CS values are given queuing priority over packets with lower CS values. The following table
displays the CS values with their binary values, hexadecimal TOS values, and IP precedence
category names:
Reference:
https://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/command/reference/clicp5.pdf#page=7
93
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/command/nf-cr-book/nf-02.html#GUID-
Cisco 400-101 Exam
E3881A9E-7FD9-4BCE-83E5-603E55AE72DC
QUESTION NO: 323
Which of the following PfR modes use IP SLA probes? (Select the best answer.)
A.
only fast mode
B.
only active mode
C.
only passive mode
D.
only fast mode and active mode
E.
only fast mode and passive mode
F.
only active mode and passive mode
G.
fast mode, active mode, and passive mode
Answer: D
Explanation:
Only fast mode and active mode use IP Service Level Agreement (SLA) probes. Cisco
best path for applications based on network performance. The following three monitoring modes
are used by PfR:
-Passive mode
-Active mode
-Fast mode
Active mode relies on IP SLA probes that generate traffic to capture performance metrics. Metrics
used by active mode include delay, jitter, mean opinion score (MOS), and reachability. Shortterm
monitoring uses the last five probe results; longterm monitoring uses the last 60 probe results.

Cisco 400-101 Exam
Fast mode is similar to active mode. Active mode generates IP SLA probes only for theactive exit
path. By contrast, fast mode continuously generates IP SLA probes for all possible exit paths, not
just the active exit path. Fast mode allows route changes to be made within three seconds.
However, the performance benefits of fast mode require significant processor overhead; therefore,
Cisco recommends that you use fast mode only for performancesensitive traffic, such as Voice
over IP (VoIP) or video traffic.
Passive mode does not use IP SLA probes. Instead, passive mode relies on NetFlow to capture
performance metrics. Metrics used by passive mode include delay, packet loss, reachability, and
throughput. Throughput can be measured for all traffic flows. Delay, packet loss, and reachability
can be measured only for Transmission Control Protocol (TCP) flows.
Reference:
QUESTION NO: 324

Cisco 400-101 Exam
Ho much web traffic can RouterA send out the FastEthernet0/1 interface during periodsof heavy
voice and video traffic? (Select the best answer.)
A.
10 Mbps
B.
15 Mbps
C.
20 Mbps
D.
25 Mbps
E.
40 Mbps
Answer: A
Explanation:
RouterA can send 10 Mbps of web traffic out the FastEthernet0/1 interface during periods of heavy
voice and video traffic. To create a Quality of Service (QoS) policy, you must perform the following

Cisco 400-101 Exam
steps:
1.Define one or more class maps by issuing the classmap name command.
2.Define the traffic that matches the class map by issuing one or more match commands.
3.Define one or more policy maps by issuing the policymap name command.
4.Link the class maps to the policy maps by issuing the classname command.
5.Define one or more actions that should be taken for that traffic class.
6.Link the policy map to an interface by issuing the servicepolicy {input | output} name command.
Bandwidth guarantees are set in policymap class configuration mode. You can specify
thebandwidth as a rate or as a percentage with the bandwidth and priority commands. The syntax
of the priority command is priority {bandwidth | percentpercentage} [burst], where bandwidth is
specified in Kbps and burst is specified in bytes. The prioritycommand creates a strictpriority
queue where packets are dequeued before packets from other queues are dequeued. The
strictpriority queue is given priority over all other traffic.
If no priority traffic is being sent, the other traffic classes can share the remainingbandwidth based
on their configured values.
The bandwidth command specifies a guaranteed amount of bandwidth for a particular traffic class.
The syntax of the bandwidth command is bandwidth {kbps | remaining percentpercentage |
percentpercentage}, where kbps is the amount of bandwidth that is guaranteed to a particular
traffic class.
In this scenario, Voice over IP (VoIP) traffic is given a guaranteed 20 percent of theinterface's
bandwidth. Video traffic is given a guaranteed 40 percent of the interface's bandwidth. Voice and
video traffic can exceed these bandwidth percentages if any unused bandwidth remains.
The remaining 40 percent, or 40 Mbps, of the interface's bandwidth can be used by other traffic. If
traffic does not match any traffic class, it will become part of the classdefault class. In this
scenario, web traffic belongs to the classdefault class. Therefore, web traffic can consume 25
percent of the remaining bandwidth. If no other traffic is being sent on the interface, web traffic can
consume 25 percent of the interface's bandwidth. However, when voice and video traffic are
heavy, web traffic can consume 25 percent of the remaining 40 Mbps, which is equal to 10 Mbps.
Even less web traffic can be sent if File Transfer Protocol (FTP) traffic or other unclassifiedtraffic is
heavy. FTP traffic can consume 50 percent of the remaining bandwidth on the interface. If no other
traffic is being sent on the interface, FTP traffic can consume 50 percent of the interface's
bandwidth. During periods of heavy voice and video usage, FTP traffic can consume 50 percent of
the remaining 40 Mbps, which is equal to 20 Mbps.
Reference:
Cisco 400-101 Exam
priorityvsbw.html
QUESTION NO: 325
Which of the following is appended to a VPNv4 BGP route to indicate membership in an RFC
4364 MPLS VPN? (Select the best answer.)
A.
a label
B.
an RT
C.
an RD
D.
an LSP
E.
a VRF
Answer: B
Explanation:
A route target (RT) is appended to a virtual private network version 4 (VPNv4) Border
Gateway Protocol (BGP) route to indicate membership in a Request for Comments (RFC)4364
Multiprotocol Label Switching (MPLS) VPN. Export RTs associate each route with one or more
VPNs, and import RTs are associated with each VPN routing and forwarding (VRF) table to
determine the routes that should be imported into the VRF; a VRF is a routing table instance for a
VPN. A label is assigned to each VPNv4 address prefix, and the inboundtooutbound label
mapping is stored in the Label Forwarding Information Base (LFIB). By configuring import and
export RTs, you can configure which sites can reach each other. For example, you can configure
RTs so that CustomerA and CustomerB can communicate with ProviderZ, but CustomerA and
CustomerB cannot communicate with one another.
To configure RTs, you should issue the routetarget {import | export | both} valuecommand. The
import, export, and both keywords specify whether extended community attributes should be
imported, exported, or both. The value parameter should use one of the following formats:

Cisco 400-101 Exam
A route distinguisher (RD) is a value that is added to the beginning of an IP address to create a
globally unique VPNv4 address. RDs enable customers to use the same or overlapping IP
address ranges on their internal networks. To create an RD, you should issue the rd value
command, where the value parameter uses the same formats as the value parameter in the route-
target command.
RD is configured similarly to a Type 1 RD but only applies to multicast VPN configurations.
A label switched path (LSP) is the path that labeled packets take through an MPLS network from
one label switch router (LSR) to another. The 32bit MPLS label is used by LSRs to make
forwarding decisions along the LSP. The MPLS label is placed between the Layer 2 header and
the Layer 3 header. The structure of an MPLS label is shown below:
Reference:
QUESTION NO: 326
On which of the following interfaces can a port ACL be applied? (Select 3 choices.)
A.
an SVI
B.
a trunk port
C.
an EtherChannel interface
D.
a routed port

Cisco 400-101 Exam
E.
a Layer 2 port
Answer: B,C,E
Explanation:
A port access control list (PACL) can be applied to a trunk port, a Layer 2 port, or an EtherChannel
interface. PACLs filter inbound Layer 2 traffic on a switch port interface; PACLs cannot filter
outbound traffic. When PACLs are applied on a switch, packets are filtered based on several
criteria, including IP addresses, port numbers, or upperlayer protocol information. If a PACL is
applied to a trunk port, it will filter all virtual LAN (VLAN) traffic traversing the trunk, including voice
and data VLAN traffic. A PACL can be used with an EtherChannel configuration, but the PACL
must be applied to the logical EtherChannel interface? physical ports within the EtherChannel
group cannot have a PACL applied to them.
PACLs cannot be applied to a switch virtual interface (SVI) or to a routed port. An SVI is a virtual
interface that is used as a gateway on a multilayer switch. SVIs can be used to route traffic across
Layer 3 interfaces. However, PACLs can only be applied to Layer 2 switching interfaces.
Furthermore, because PACLs operate at Layer 2, they cannot be applied to routed ports, which
operate at Layer 3.
Reference:
2SX/configuration/guide/book/vacl.html#wp1119764
QUESTION NO: 327
Which of the following attacks results in unicast traffic being sent out every port on a switch,
regardless of the intended destination of the traffic? (Select the best answer.)
A.
an ARP poisoning attack
B.
a VLAN hopping attack
C.
a MAC flooding attack
D.
a DHCP spoofing attack
E.

Cisco 400-101 Exam
an STP attack
Answer: C
Explanation:
A Media Access Control (MAC) flooding attack results in traffic being sent out every port ona
switch, regardless of the intended destination of the traffic. Switches and bridges store any learned
MAC addresses in a MAC address table. When the MAC address table becomes full, no more
MAC addresses can be learned. If a switch receives traffic destined for a MAC address that is not
in its MAC address table, the switch floods the traffic out every port except the port that originated
the traffic. Consequently, in a MAC flooding attack, an attacker attempts to fill the MAC address
table so that any further traffic will be sent to all hosts on the network, causing excessive unicast
flooding. As a result, the attacker can access any traffic that is sent to the switch.
In a Dynamic Host Configuration Protocol (DHCP) spoofing attack, a rogue DHCP server
isattached to the network in an attempt to intercept DHCP requests. The rogue DHCP server can
then respond to the DHCP requests with its own IP address as the default gateway address so
that all traffic is routed through the rogue DHCP server. As a result, a host that has obtained an IP
address from a rogue DHCP server could become the victim of a maninthemiddle attack in which
a malicious individual eavesdrops on a network conversation between two hosts.
In an Address Resolution Protocol (ARP) poisoning attack, which is also known as an

ARPspoofing attack, the attacker intercepts an ARP request packet and replies with its own MAC
address, rather than the address of the intended recipient. Subsequently, the attacker is able to
intercept any traffic intended for the original recipient.
In a virtual LAN (VLAN) hopping attack, an attacker attempts to inject packets into otherVLANs by
accessing the VLAN trunk and doubletagging 802.1Q frames. A successful VLAN hopping attack
enables an attacker to send traffic to other VLANs without using a router.
In a Spanning Tree Protocol (STP) attack, an attacker listens for STP frames to determinethe port
ID of the interface that is transmitting the STP frames. The attacker can then send bridge protocol
data units (BPDUs) in an attempt to become the root bridge for the network.
Reference:
switches/prod_white_paper0900aecd805457cc.html
QUESTION NO: 328
Which of the following error messages might appear when a unidirectional link failure exists
between two switches? (Select 2 choices.)

Cisco 400-101 Exam
A.
%STP-2-BLOCK_BPDUGUARD
B.
%STP-2-BLOCK_PVID_LOCAL
C.
%STP-2-BLOCK_PVID_PEER
D.
%STP-2-BRIDGE_ASSURANCE_BLOCK
E.
%STP-2-DISPUTE_DETECTED
Answer: D,E
Explanation:
Of the choices provided, the %STP2BRIDGE_ASSURANCE_BLOCK error message or the

%STP2DISPUTE_DETECTED error message might appear when a unidirectional link failure
exists between two switches. A unidirectional link failure exists when a defective cable causes one
device to not receive what the other device sends, as illustrated by the following exhibit:
The %STP2BRIDGE_ASSURANCE_BLOCK error message appears when a Spanning Tree

Protocol (STP) bridge protocol data unit (BPDU) has not been received on an interface with Bridge
Assurance enabled. Bridge Assurance ensures that BPDUs are sent bidirectionally onall network
interfaces. If an interface with Bridge Assurance does not receive a BPDU, or if the connected
interface does not have Bridge Assurance enabled, the interface is put into an inconsistent state
and is blocked. Bridge Assurance is supported only with Rapid PerVLAN Spanning Tree Plus
(RPVST+) and Multiple Spanning Tree (MST) and only on pointtopoint links.
The %STP2DISPUTE_DETECTED error message appears when a switch receives inferior

BPDUs that are marked as designated and learning or forwarding. This indicates that
theconnected switch is not receiving superior BPDUs from the local switch. As a result, the local
switch will record the %STP2DISPUTE_DETECTED error and shut down the interface to prevent
a bridging loop.
The %STP2BLOCK_BPDUGUARD error message appears not when a unidirectional link failure
exists, but when a BPDU has been received on an interface with BPDU guard enabled. When an
interface that is configured with BPDU guard receives a BPDU, BPDU guard immediately puts the
interface into the errdisable state and shuts down the interface. Afterward, the interface must be
manually reenabled, or it can be recovered automatically through the errdisable timeout function.

Cisco 400-101 Exam
The %STP2BLOCK_PVID_LOCAL and %STP2BLOCK_PVID_PEER error messages appear not
when a unidirectional link failure exists, but when an interface has received a BPDU that is tagged
with the same virtual LAN (VLAN) ID as the interface's native VLAN.Native VLAN BPDUs are sent
untagged, so if a switch receives BPDUs that are tagged with the native VLAN for that interface,
the local switch will record the % STP2BLOCK_PVID_LOCAL error message and block the
interface? the remote switch will recordthe % STP2BLOCK_PVID_PEER error message.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/system_messages/reference/sys_B
ook.html#wp1400041
os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-
OS_Layer_2_Switching_Configuration_Guide_Release_4-2_chapter6.html#con_1490082
QUESTION NO: 329
You administer the network shown in the diagram above. All routers are running BGP, and all
attributes are set to the default values.
You want to ensure that Router3 sends packets to the 192.168.200.0/24 network through Router2.
Which of the following command sets can you issue to accomplish your goal? (Select 2 choices.)
Cisco 400-101 Exam
A.
Router2(config)#router bgp 100
Router2(configrouter)#neighbor 10.20.20.3 weight 45000
B.
C.
Router2(configrouter)#bgp default localpreference 400
D.
Router2(config)#routemap map1 permit 10
Router2(configroutemap)#set localpreference 500
Router2(configroutemap)#exit
Router2(configrouter)#neighbor 10.20.20.3 routemap map1 in
E.
Answer: C,E
Explanation:
You can issue the following command set to ensure that Router3 sends packets to the
192.168.200.0/24 network through Router2:
Router2(configrouter)#bgp default localpreference 400
Alternatively, you can issue the following command set to accomplish your goal:

Cisco 400-101 Exam
When a router has multiple paths to a destination and weight values of the routes are equal, the
route with the highest local preference is preferred. Typically, the multiexit discriminator (MED)
value is used to indicate a preferred path into an AS with multiple entry points and is advertised to
external Border Gateway Protocol (eBGP) routers.
However, local preference is considered before the MED value, so you can configure thelocal
preference to prefer one route over another.
Issuing the bgp default localpreference 400 command configures Router2 to advertisea local
preference value of 400 to Router3. By default, a local preference value of 100 is advertised.
Therefore, Router1 will advertise a local preference of 100 to Router3. Because the local
preference of the route through Router2 is higher than the local preference of the route through
Router1, Router3 will prefer the route through Router2.
The local preference value can also be specified by using a route map. The routemap map1
permit 10 command configures a route map named map1. The permit keyword indicates that the
conditions specified in the set command will be processed, and the 10keyword is a sequence
number that specifies the order in which route maps should be processed. Since no match
command is specified, the route map will apply to all packets. The set localpreference 300
command configures a local preference value of 300 for routes affected by the route map. Finally,
the neighbor 10.40.40.4 routemap map1 incommand applies the route map named map1 to
incoming routes from 10.40.40.4. Router2 will then advertise this route to Router3 with a local
preference value of 300. Because the local preference of the route through Router2 is higher than
the default local preference of the route through Router1, Router3 will prefer the route through
Router2.
You cannot accomplish your goal by issuing the following command set:
In this command set, the neighbor command incorrectly specifies Router3, not Router4, as the

Cisco 400-101 Exam
neighbor router. Therefore, routes received by Router2 from Router3 would be assigned a local
preference value of 500 and advertised to Router4.
You cannot accomplish your goal by issuing the following command set:
When determining the best path, a BGP router first chooses the route with the highest weight. By
default, routes generated by the local router are assigned a weight of 32768 and routes learned
from another BGP router are assigned a weight of 0. Issuing the neighbor 10.40.40.4 weight
45000 command on Router2 would configure the path toward Router4 with a weight value of
45000. However, this weight value is significant only to Router2 it would not be advertised to
Router3. Therefore, issuing the neighbor 10.40.40.4 weight 45000 command on Router2 would
not influence routing decisions on Router3. Issuing the neighbor 10.20.20.2 weight 45000
command on Router3 would ensure that Router3 preferred the route through Router2.
You cannot accomplish your goal by issuing the following command set, because the neighbor
command would configure Router2 with a weight value for the path toward Router3:
Reference:
a1.html#wp9538078130
s1.html#wp4033207811
m1.html#wp2222404444
07
QUESTION NO: 330
Which of the following statements is accurate regarding 6to4 tunneling? (Select the best answer.)

Cisco 400-101 Exam
A.
IPv6 addresses from the 2002::/16 prefix must be used.
B.
IPv6 packets are encapsulated inside an IPv4 packet that has a protocol type of 42.
C.
IPv6 and CLNS can be used.
D.
Any IPv6 unicast address can be used.
E.
A tunnel destination is required.
Answer: A
Explanation:
IPv6 addresses from the 2002::/16 prefix must be used with 6to4 tunneling. The 32 bitsfollowing
the 2002::/16 prefix correspond to the IPv4 address of the tunnel source. For example, if the IPv4
address of the tunnel source is 10.14.177.1, you could use 2002:0A0E:B101::/128 for the IPv6
address of the tunnel interface; the hexadecimal value 0A corresponds to the decimal value 10,
the hexadecimal value 0E corresponds to the decimal value 14, the hexadecimal value B1
corresponds to the decimal value 177, and the hexadecimal value 01 corresponds to the decimal
value 1.
Although an IPv6 unicast address can be used with the IntraSite Automatic Tunnel Addressing
Protocol (ISATAP) tunneling method, only IPv6 addresses with the 2002::/16prefix can be used
with 6to4 tunneling.
IPv6 packets are encapsulated inside an IPv4 packet that has a protocol type of 41, not aprotocol
type of 42. When an IPv4 packet with a protocol type of 41 arrives on the router interface, the IPv6
packet is decapsulated and mapped to the appropriate IPv6 tunnel interface based on the IPv4
address.
Connectionless Network Service (CLNS) cannot be used with 6to4 tunneling. CLNS packetscan
be encapsulated using Generic Routing Encapsulation (GRE) and IPv4compatible tunneling. GRE
and IPv4compatible tunneling can encapsulate a variety of Network layer packets, including IPv6.
Because 6to4 tunneling is an automatic, pointtomultipoint tunneling method, a tunneldestination is

not required. Other pointtomultipoint tunneling methods include ISATAP and IPv4compatible
tunneling. GRE and manual tunneling are pointtopoint tunneling methods that require an IPv4
address for the tunnel destination.
Reference:
tunnel.html

Cisco 400-101 Exam
QUESTION NO: 331
Which of the following planes is responsible for exchanging routing and label information? (Select
the best answer.)
A.
the data plane
B.
the forwarding plane
C.
the control plane
D.
the management plane
E.
the routing plane
Answer: C
Explanation:
The control plane is responsible for exchanging routing and label information. Routing information
is exchanged by using a routing protocol, such as Border Gateway Protocol (BGP), Enhanced
Interior Gateway Routing Protocol (EIGRP), Intermediate System to
Intermediate System (ISIS), or Open Shortest Path First (OSPF). Label information isexchanged
by using a label exchange protocol, such as Resource Reservation Protocol (RSVP), Tag
Distribution Protocol (TDP), or Label Distribution Protocol (LDP). LDP is a newer standard that
includes features of the Ciscoproprietary TDP. RSVP is used by Multiprotocol Label Switching
Traffic Engineering (MPLS TE) to also reserve network bandwidth. Bandwidth is reserved on
demand based on destination address or traffic type so that enough bandwidth is available for the
traffic.
Cisco routers are separated into three planes: the management plane, the control plane, and the
data plane. Cisco does not define a routing plane. The data plane, which is also called the
forwarding plane, is responsible for forwarding packets. Packets are forwarded based on
destination address or label information. The Forwarding Information Base (FIB), which is part of
the data plane, is built from information in the routing table. When the routing table is updated, the
nexthop information in the FIB is also updated. Multiprotocol Label Switching (MPLS) label
information is stored in the Label Forwarding Information Base (LFIB) table? the data plane then
uses that information to forward the packets to thecorrect destination.
The management plane is responsible for device management and coordination between the

Cisco 400-101 Exam
three planes. Protocols used by the management plane include Hypertext Transfer Protocol
(HTTP), Secure HTTP (HTTPS), Simple Network Management Protocol (SNMP), Secure Shell
(SSH), and Telnet.
Reference:
https://www.cisco.com/c/en/us/products/collateral/security/ios-network-foundation-protection-
nfp/prod_white_paper0900aecd805ffde8.html
QUESTION NO: 332
Which of the following statements best describes RTCP? (Select the best answer.)
A.
RTCP is used to monitor and transport audio and video packets.
B.
RTCP is used to monitor and report statistics about an RTP session.
C.
RTCP is used to monitor and control packet loss for an RTP session.
D.
RTCP is used to monitor and control jitter for an RTP session.
Answer: B
Explanation:
RealTime Transport Control Protocol (RTCP) is used to monitor and report statistics about a
RealTime Transport Protocol (RTP) session. RTCP monitors the RTP session and collects
statistical information about transmitted octet and packet counts, packet delay, packet loss, and
jitter. An RTCP packet is sent from the originating device to the remote device every five seconds.
A twoway audio session, such as a telephone conversation, requires two RTP streams andtwo
RTCP streams: one pair of streams originating from each device. An RTP session is established
on an evennumbered User Datagram Protocol (UDP) port ranging from 16384 through 32767. The
corresponding RTCP session is established on the port immediately following the UDP port
established by RTP. Once a UDP port pair is established by an IP phone, the phone uses those
ports for the duration of the session.
RTP, not RTCP, is used to monitor and transport audio and video packets. RTP adds three pieces
of information to an audio or video data packet header: the payload type, the sequence number,
and a time stamp. The payload type indicates whether the data is audio or video data. Sequence
numbers are used to determine how to order incoming audio or video packets to reconstruct the

Cisco 400-101 Exam
data. Time stamps are useful for creating a buffer to mitigate delays between packets.
RTCP is not used to control packet loss for an RTP session. Although RTCP monitors and reports
on packet loss for an RTP stream, RTCP does not prevent packets from being lost during transfer.
RTCP is not used to control jitter, which is a variation in delay, for an RTP session.
Although RTCP monitors and reports on packet delay and jitter, RTCP cannot activelycontrol
packet delay and jitter.
Reference:
https://www.cisco.com/c/en/us/td/docs/interfaces_modules/shared_port_adapters/configuration/AS
R1000/asr1000-sip-spa-book.html#pgfId-1296118
QUESTION NO: 333
You administer a network that contains only nonCisco routers. You purchase a new Cisco router
and connect the S0/0 interface to one of the nonCisco routers. During the initial system
configuration dialog, you choose yes when you are asked whether you want to configure S0/0.
You configure the IP address and subnet mask, and you choose the router defaults for the other
options.
After you complete the configuration, you discover that you are unable to ping the serialinterface
on the nonCisco router, which is configured with an IP address of 10.10.10.2/30. You issue the
show interfaces serial 0/0 command on the Cisco router and receive the following partial output:
Why are you unable to ping the serial interface of the nonCisco router? (Select the best answer.)
A.
The subnet mask used during the initial configuration is incorrect.
B.
There is another device with the IP address 10.10.10.1 on the network.
C.
The serial interface on the Cisco router is administratively down.
D.
The encapsulation type should be set to PPP.

Cisco 400-101 Exam
Answer: D
Explanation:
You are unable to ping the serial interface of the nonCisco router because the encapsulation type
on the Cisco router should be set to PointtoPoint Protocol (PPP). The status line Serial0/0 is up,
line protocol is down indicates a Layer 2 problem? Layer 2 problems are often caused by
mismatched encapsulation modes.
On Cisco routers, HighLevel Data Link Control (HDLC) is the default serial interface encapsulation
protocol. Cisco's implementation of HDLC is proprietary and should be used only with other Cisco
routers. Because the existing network comprises a mixture of Cisco and nonCisco equipment,
PPP encapsulation is a more viable choice than HDLC.
The subnet mask used in the initial configuration is correct. The 255.255.255.252 subnet mask
allows for two host addresses on the 10.10.10.0 network: 10.10.10.1 and 10.10.10.2.
If there were another device with the IP address 10.10.10.1 on the network, the Ciscorouter would
show a status of Serial0/0 is administratively down, line protocol is down. In the output, S0/0 is up?
thus no IP address conflict exists.
Ha the interface been shut down administratively, the interface status would have beenSerial0/0 is
administratively down, line protocol is down. In the output, S0/0 is up? thus the interface has not
been shut down administratively with the shutdown command.
Reference:
https://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1915.html
https://www.cisco.com/c/en/us/td/docs/routers/access/800/805/software/configuration/guide/805sw
cfg/overview.html
QUESTION NO: 334
What AD is assigned to external BGP routes by default? (Select the best answer.)
A.
1
B.
5
C.
20
D.

Cisco 400-101 Exam
90
E.
170
F.
200
Answer: C
Explanation:
External Border Gateway Protocol (eBGP) routes are assigned an administrative distance(AD) of
20 by default. AD values are used to determine the routing protocol that should be preferred when
multiple routes to a destination network exist. A routing protocol with a lower AD will be preferred
over a route with a higher AD. The following list contains the most commonly used ADs:
Internal BGP (iBGP) routes are assigned an AD of 200 by default. Therefore, eBGP routesare
preferred over iBGP routes.
Directly connected routes have an AD of 0. Therefore, directly connected routes are trustedover
routes from any other source.
Static routes have an AD of 1. Therefore, static routes are more trusted than routes from any
routing protocol. Static routes are optimal for routing networks that do not change often. To create
a static route, you should issue the ip route command.
Enhanced Interior Gateway Routing Protocol (EIGRP) summary routes are assigned an ADof 5 by
default. Routes that are learned by EIGRP are called internal EIGRP routes and have an AD of 90.
Routes that are redistributed into EIGRP are called external EIGRP routes and have an AD of 170.
To modify the AD values used by EIGRP, you should issue the distance eigrp internalexternal

Cisco 400-101 Exam
command, where internal is the AD used for internal
EIGRP routes and external is the AD used for external EIGRP routes.
Reference:
distance.html
QUESTION NO: 335
How does SNMPv3 use HMAC-SHA or HMAC-MD5? (Select 2 choices.)
A.
as authentication hashes at the noAuthNoPriv security level
B.
as authentication hashes at the authNoPriv security level
C.
as authentication hashes at the authPriv security level
D.
as encryption hashes at the noAuthNoPriv security level
E.
as encryption hashes at the authNoPriv security level
F.
as encryption hashes at the authPriv security level
Answer: B,C
Explanation:
Simple Network Management Protocol version 3 (SNMPv3) uses Hashbased Message

Authentication CodeSecure Hash Algorithm (HMACSHA) or HMACMessage Digest 5(HMACMD5)
as authentication hashes at the authNoPriv security level and at the authPriv security level. The
difference between the authNoPriv security level and the authPriv security level is that the authPriv
security level also encrypts the authentication process by using either Data Encryption Standard
(DES), Triple DES (3DES), or Advanced Encryption Standard (AES).
There are three SNMPv3 security levels: noAuthNoPriv, authNoPriv, and authPriv. Both the
authPriv security level and the authNoPriv security level authenticate by matching a hash of the
user name. The noAuthNoPriv security level, on the other hand, authenticates by matching the
user name in clear text.
Cisco 400-101 Exam
The noAuthNoPriv security level operates differently in SNMPv3 than it does in SNMPv1 and
SNMPv2C. Both SNMPv1 and SNMPv2C match a clear-text community string, not a user name,
to authenticate.
Reference:
0_2_EX/network_management/configuration_guide/b_nm_15ex_2960-x_cg/b_nm_15ex_2960-
x_cg_chapter_0100.html#reference_160326642C03413B92A68E856426EABA
QUESTION NO: 336
Which of the following is an optional, nontransitive BGP path attribute? (Select the best answer.)
A.
aggregator
B.
AS-path
C.
origin
D.
originator ID
E.
next hop
F.
weight
Answer: D
Explanation:
Originator ID is an optional, nontransitive Border Gateway Protocol (BGP) path attribute. An

optional BGP path attribute can be supported by a particular BGP implementation but is not
required. A nontransitive BGP path attribute is not forwarded to BGP peers if the attribute is not
supported on a particular BGP implementation. Multiexit discriminator (MED) and cluster list are
also optional, nontransitive BGP path attributes.
Internet Engineering Task Force (IETF)standard BGP path attributes can be broken downinto the
following categories:

Cisco 400-101 Exam
Aggregator and community are both optional, transitive BGP path attributes. A transitiveBG path
attribute must be passed to BGP peers, even if the attribute is not supported.
ASpath, origin, and next hop are all wellknown, mandatory BGP path attributes. All
BGPimplementations are required to recognize wellknown BGP path attributes. A mandatory BG
attribute must be included in every BGP update. A discretionary BGP attribute, on theother hand,
can be included in a BGP update under specific sets of circumstances. Atomic aggregate and
local preference are wellknown, discretionary BGP attributes.
Weight is a Ciscoproprietary BGP path attribute. The value assigned to the weight attribute is not
passed to BGP peers. The route that has been assigned the highest BGP weight value is
considered the best route.
Reference:
https://tools.ietf.org/html/rfc4271#section-5.1.4
CCIE Routing and Switching v5.0 Certification Guide, Volume 2, Chapter 2, Generic Termsand
Characteristics of BGP PAs, pp. 93-95
Select the routing methods on the left, and place them in order in which PfR will search their
respectivre databases in order to find a parent route.

Cisco 400-101 Exam
Answer:
Explanation:
best path for traffic classes based on network performance. The path selection procedure can be
influenced by several factors, including delay, packet loss, reachability, throughput, jitter, and
mean opinion score (MOS). When PfR wants to modify a path for a traffic class, it will search for a
parent route, which is an exactmatching route or a lessspecific route. PfR will search for a parent
route in the following locations, in order:
1.Border Gateway Protocol (BGP) routing database
2.Enhanced Interior Gateway Routing Protocol (EIGRP) routing database
3.Static route database
4. Routing Information Base (RIB)
PfR can directly control path selection for BGP, EIGRP, and static routes. Protocol

Cisco 400-101 Exam
Independent Routing Optimization (PIRO) enables PfR to also search for a parent routewithin the
IP RIB, extending support for PfR to routing protocols such as Open Shortest Path First (OSPF)
and Intermediate SystemtoIntermediate System (IS-IS).
Reference:
simple-ph1.html
https://www.cisco.com/c/dam/global/bg_bg/assets/ciscoexpo2011/pdf/Next_Generation_Routing_
Architectures-Gerd_Pflueger.pdf
QUESTION NO: 338
You issue the ip sla schedule 20 starttime 9:00:00 command.
How long will the IP SLA operation run? (Select the best answer.)
A.
until the operation has completed once
B.
for 20 minutes
C.
for one hour
D.
for nine hours
E.
forever
Answer: C
Explanation:
The IP Service Level Agreement (SLA) operation will run for one hour. IP SLA operations are a
suite of tools on Cisco devices that enable an administrator to analyze and troubleshoot IP
networks. For example, the following command set configures IP SLA to regularly test and verify
the reachability of IP address 10.10.10.2:
Cisco 400-101 Exam
The syntax of the ip sla schedule command is ip sla scheduleoperationnumber [life{forever |

seconds}] [starttime {hh:mm[:ss] [monthday | daymonth] | pending | now | afterhh:mm:ss | random
milliseconds}] [ageoutseconds] [recurring]. The ip sla schedule command has replaced the ip sla
monitor schedule command, which you might see on older IOS versions.
The life keyword specifies how long the operation should run. If the life keyword is not specified,
such as in the ip sla schedule 20 starttime 9:00:00 command, the operation will run for 3,600
seconds, or one hour. The life keyword is not specified in the ip sla schedule 20 starttime 9:00:00
command in this scenario? therefore, the operation will run for one hour.
The operationnumber variable indicates the number of the IP SLA operation that is to be
scheduled. The ip sla schedule 20 starttime 9:00:00 command in this scenario specifies that IP
SLA operation 20 is to be scheduled.
The starttime keyword indicates when the IP SLA operation should start. If the starttime keyword is
not specified, the operation is placed in a pending state and will not run automatically? issuing the
starttime pending keywords also places the operation in a pending state. The ip sla schedule 20
starttime 9:00:00 command in this scenario specifies that IP SLA operation 20 should start at 9
a.m.
The ip sla schedule command does not influence how often an IP SLA operation is repeated. To
change how often an IP SLA operation is repeated, you can issue the frequency command from
an IP SLA configuration submode. If the frequency command is not configured, the IP SLA
operation will repeat every 60 seconds. The variable for the frequency command is specified in
seconds; therefore, the frequency 60 command has the same effect as the default frequency of 60
seconds.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/command/sla-cr-
book/sla_i1.html#wp3201991432
QUESTION NO: 339
Which of the following can you configure on a router to gather userlevel network resource
utilization statistics? (Select the best answer.)
A.
Cisco 400-101 Exam
CoPP
B.
AutoQoS
C.
NetFlow
D.
traffic policing
E.
traffic shaping
Answer: C
Explanation:
You can configure NetFlow on a router to gather userlevel network resource utilization statistics.
NetFlow is a Cisco IOS feature that can be used to silently monitor traffic flows. A traffic flow is
defined as a series of packets with the same source IP address, destination IP address, protocol,
and Layer 4 information. NetFlow caches flowbased statistics, such as packet counts, byte counts,
and protocol distribution. The data gathered by NetFlow is typically exported to flow collectors or
other management software. You can then analyze the data to facilitate network planning,
customer billing, and traffic engineering.
You can configure Control Plane Policing (CoPP) to protect the management and control planes
on a Cisco router, not to gather userlevel network utilization statistics. The control plane is one of
the four logical components that collectively define a router? the remaining components are the
data plane, the management plane, and the services plane. The control plane contains the route
processor; routing protocol operation, network management, and processbased switching are
handled by the control plane. CoPP filters the types of packets that enter or exit the control plane
and controls the rate at which permitted packets enter or exit the control plane. Because traffic
must pass through the control plane to reach the management plane, CoPP protects the
management plane as well.
You can configure AutoQoS on a router to help automate the configuration of Quality of Service
(QoS), not to gather userlevel network utilization statistics. For example, you can implement
AutoQoS to generate the commands necessary to configure QoS for a specific network
configuration, thereby simplifying QoS configuration.
You can configure traffic policing on a router to limit the rate of traffic that passes through an
interface, not to gather userlevel network utilization statistics. With traffic policing, packet flows that
exceed the configured thresholds are typically dropped. Alternatively, traffic can be remarked with
a lower priority before being transmitted.
Similarly, you can configure traffic shaping on a router to limit the rate of traffic that passes through
an interface. However, with traffic shaping, flows that exceed the configured thresholds are
typically buffered and not dropped. Because traffic is buffered to maintain a desired packet rate,

Cisco 400-101 Exam
erratic patterns are smoothed into a uniform flow. You cannot configure traffic shaping on a router
to gather userlevel network utilization statistics.
Reference:
https://www.cisco.com/en/US/tech/tk812/technologies_white_paper09186a008022bde8.shtml#wp
1002404
QUESTION NO: 340
Which of the following statements is true regarding HSRPv2 and HSRPv6? (Select the best
answer.)
A.
Both support 4,096 groups.
B.
Both use the same UDP port number.
C.
Both use the same multicast address.
D.
Both use the same virtual MAC address range.
Answer: A
Explanation:
Both Hot Standby Router Protocol version 2 (HSRPv2) and HSRPv6 support 4,096 groups. HSRP
is a First Hop Redundancy Protocol (FHRP) that enables multiple routers to act as asingle
gateway. The HSRP virtual IP address can be configured as the default gateway address for client
devices.
Multiple routers can be assigned to an HSRP group, but each group has only one active router
and one standby router. The active router is the router in the group with the highest HSRP priority
value, and the standby router is the router with the secondhighest HSRPpriority value. Other
routers in the HSRP group are in the listen state. If the active router fails, the standby router
assumes the active router role and a new standby router is elected.
HSRPv1 supports only 256 groups, numbered from 0 through 255. HSRPv2 improves upon
HSRPv1 by increasing the number of groups to 4,096. HSRPv6, which is also called HSRPfor
IPv6, further improves HSRPv2 by adding support for IPv6. The default HSRP group value for all
HSRP versions is 0.

Cisco 400-101 Exam
HSRPv2 and HSRPv6 do not use the same User Datagram Protocol (UDP) port number. HSRPv1
and HSRPv2 use UDP port number 1985. HSRPv6 uses UDP port number 2029.
HSRPv2 and HSRPv6 do not use the same multicast address. Multicast addresses are usedto
send Hello packets to group members. By default, Hello packets are sent by the active router
every three seconds. Only the standby router monitors the active router's Hello packets. If the
standby router does not receive a Hello packet from the active router for the duration configured in
the Hold time, the standby router takes over the role of the active router. By default, the Hold time
is set to 10 seconds. HSRPv1 uses multicast address 224.0.0.2. HSRPv2 uses multicast address
224.0.0.102. HSRPv6 uses multicast address FF02::66.
HSRPv2 and HSRPv6 do not share the same virtual Media Access Control (MAC) addressrange.
Although each router has a unique MAC address, the routers in an HSRP group will share a virtual
MAC address. HSRPv1 uses the virtual MAC address 0000.0c07.acxx, where xx is the group
number in hexadecimal format. Therefore, an HSRPv1 router could have a virtual MAC address
from 0000.0c07.ac00 through 0000.0c07.acff. HSRPv2 uses the virtual MAC address
0000.0c9f.fxxx, where xxx is the group number in hexadecimal format. Therefore, an HSRPv2
router could have a virtual MAC address from 0000.0c9f.f000 through 0000.0c9f.ffff. HSRPv6 uses
the virtual MAC address 0005.73a0.0xxx, where xxx is the group number in hexadecimal format.
Therefore, an HSRPv6 router could have a virtual MAC address from 0005.73a0.0000 through
0005.73a0.0fff.
Reference:
2_55_se/configuration/guide/3750escg/swhsrp.html
https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9281-3.html#q34
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-sy/fhp-15-sy-
book/HSRP-for-IPv6.html
QUESTION NO: 341
You have just configured an NHRP hub router and an NHRP spoke router. You issue the show
runningconfig command on the hub and receive the following partial output:
You issue the show running-config command on the spoke and receive the following partial output:

Cisco 400-101 Exam
A.
The tunnel should establish normally.
B.
The tunnel will not establish, because the network IDs are different.
C.
The tunnel will not establish, because the authentication keys cannot be fewer than eight
characters inlength.
D.
The tunnel will not establish, because the tunnel interface IDs are not the same.
E.
The tunnel will not establish, because the hub is missing the ip nhrp nhs command.
Answer: A
Explanation:
The tunnel should establish normally. Next Hop Resolution Protocol (NHRP) dynamically learns IP
addresses of spoke routers in a hubandspoke Dynamic Multipoint virtual private network (DMVPN)
environment, which uses Generic Routing Encapsulation (GRE) tunneling.
The authentication key must match on an NHRP hub router and an NHRP spoke router. If the
authentication key does not match on the hub and the spoke, the tunnel will not establish. To
configure the authentication key, issue the ip nhrp authentication keycommand in interface
configuration mode for the tunnel interface. The authentication key can be any value up to eight
characters in length? therefore, having a fivecharacter authentication key on the hub and spoke
will allow the tunnel to establish as long as the authentication keys match. The authentication key
is casesensitive.
The NHRP network ID need not match on the hub and spokes. The NHRP network ID is used to
identify the NHRP domain for an interface when two or more NHRP domains are configured on the
same device. The network ID is a locally significant value and is not sent out in any NHRP
packets. When NHRP packets arrive on an interface, those packets are assigned to the network
ID that is configured on that interface. Although it is easier to keep track of NHRP domains if all of
the devices in the NHRP domain are configured with the same NHRP network ID, it is not
Cisco 400-101 Exam
required. To configure the network ID, issue the ip nhrp networkid networkid command in interface
configuration mode for the tunnel interface. The network key can be any value from 1 through
4294967295.
The tunnel interface ID need not match on the hub and spokes. The tunnel interface ID number is
a locally significant value. As long as the tunnel is configured properly, the tunnel between the hub
and the spoke will establish regardless of the interface ID that is used for the tunnel.
The ip nhrp nhs command configures a spoke router with the tunnel address of the hub.
Hu routers need not be configured with the ip nhrp nhs command? as spoke routersregister with
the hub, their IP addresses are automatically discovered.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html
QUESTION NO: 342
Which of the following best defines a BGP confederation? (Select the best answer.)
A.
a division of an AS
B.
one or more route reflectors and their client peers
C.
a group of peers with the same update policies
D.
a group of destinations to which the same routing decisions should be applied
Answer: A
Explanation:
A Border Gateway Protocol (BGP) confederation is a division of an autonomous system(AS). A

confederation enables an AS to be divided into discrete units, each of which acts like a separate
AS. The routers within each confederation must be fully meshed with one another unless a route
reflector is established. BGP updates are passed within the confederation and between
confederations. To configure a confederation, you should issue the bgp confederation
identifierasnumber and bgp confederation peers as-number commands.
A cluster consists of one or more route reflectors and their client peers. Internal BGP (iBGP)routes
are not advertised to iBGP peers. In order to avoid having to create a fullmesh configuration, you
Cisco 400-101 Exam
can configure one or more route reflectors to pass iBGP routes between iBGP routers. Each route
reflector in the cluster should be fully meshed with one another. In addition, each route reflector in
the cluster should be configured with the same 4bytecluster ID so that the route reflectors in the
cluster can recognize routing updates from each other. To configure a route reflector with a cluster
ID, you should issue the bgp cluster-id cluster-id command from BGP router configuration mode.
A peer group is a group of peers with the same update policies. Peer groups can simplify
administration by enabling an administrator to simultaneously configure a group of peers with the
same update policies, such as route maps, filter lists, and distribute lists. Any configuration options
that are configured with the specified peer group name will be applied to members of the peer
group. To define a peer group, you should issue the neighbor peergroupnamepeergroup
command.
A community is a group of destinations to which the same routing decisions should beapplied. By
default, Cisco routers do not pass community attributes to BGP neighbors. To configure a router to
send community attributes to a neighbor, you should issue the neighbor {ipaddress |
peergroupname} sendcommunity [standard | extended | both] command. The community attribute
can be modified within a route map by issuing the set community command with one of the
following four keywords:
-local-as -prevents advertising outside the AS, or in confederation scenarios, outside the sub-AS
-internet-advertises the route to any router
Reference:
70
toc.html#bgpconfed
QUESTION NO: 343
Which of the following routes from the show ip route command was learned from a Type 3 or Type
4 LSA? (Select the best answer.)
A.
O E1 172.17.1.0/24 [110/74] via 10.1.2.3, 00:00:23, FastEthernet1/0
B.

Cisco 400-101 Exam
O 172.17.2.0/24 [110/74] via 10.1.2.3, 00:00:23, FastEthernet1/0
C.
D.
E.
Answer: C
Explanation:
The following route from the show ip route command was learned from a Type 3 or Type 4
linkstate advertisement (LSA):
A routing table entry that begins with O IA indicates an Open Shortest Path First (OSPF)interarea
summary route from a Type 3 or Type 4 LSA. Interarea routes are routes that are advertised
between areas. These routes are not propagated through totally stubby areas.
A routing table entry that begins with O E1 or O E2 indicates an OSPF external summaryroute
from a Type 5 LSA. Type 5 LSAs are not propagated through stub areas, notsostubby areas
(NSSAs), or totally stubby areas. By default, routes are redistributed into OSPF as Type 2 external
routes, which are indicated by an E2 in the output of the show ip route command. Type 2 external
routes have a metric that remains constant throughout the autonomous system (AS). Type 1
external routes, which are indicated by an E1 in the output of the show ip route command, have a
metric that increases as the route is propagated throughout the AS.
A routing table entry that begins with O indicates an intraarea route from a Type 1 or Type2 LSA.
Intraarea routes are advertised within an area. Type 1 and Type 2 LSAs are accepted by all OSPF
area types.
A routing table entry that begins with C indicates a directly connected route. A routing tableentry
that begins with S indicates a static route, which is configured by issuing the ip route command.
Neither of these routes is learned from a Type 3 or Type 4 LSA.
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/47865-ospfdb6.html
QUESTION NO: 344

Cisco 400-101 Exam
Which of the following statements are true regarding the ipv6 ospf authentication command and
the ipv6 ospf encryption command? (Select 3 choices.)
A.
Both commands require AH.
B.
Both commands require ESP.
C.
Both commands enable encryption.
D.
Both commands enable authentication.
E.
Both commands require an SPI value.
F.
Both commands must be configured from interface configuration mode.
Answer: D,E,F
Explanation:
Both commands enable authentication, require a Security Parameter Index (SPI) value, andmust
be configured from interface configuration mode. Open Shortest Path First version 3 (OSPFv3)
uses IP Security (IPSec) to provide security. IPSec relies upon Authentication Header (AH) for
authentication and Encapsulating Security Payload (ESP) for encryption. An IPSec security policy
consists of an SPI and a key. The SPI value that is configured in theipv6 ospf authentication
command and the ipv6 ospf encryption command must be a value from 256 through 4294967295.
The ipv6 ospf authentication command enables only authentication, not encryption. Therefore, it
requires AH. Either Message Digest 5 (MD5) or Secure Hash Algorithm 1 (SHA1) can be used as
the authentication algorithm.
The ipv6 ospf encryption command enables both authentication and encryption. Therefore, it
requires ESP.
ESP can be used by itself or in conjunction with AH. Either
Advanced Encryption Standard (AES), Data Encryption Standard (DES), or Triple DES(3DES) can
be used as the encryption algorithm.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-
book/ip6-route-ospfv3-auth-ipsec.html

Cisco 400-101 Exam
i3.html#wp3695874190
i4.html#wp2881247299
QUESTION NO: 345
What restrictions apply to OSPF virtual link creation? (Select 3 choices.)
A.
The routers at each end of the virtual link must share a common area.
B.
The router at the far end of the virtual link cannot connect to a stub area.
C.
The transit area cannot be a stub area.
D.
One router must connect to the backbone area.
E.
The virtual link must pass through the backbone area.
Answer: A,C,D
Explanation:
The following restrictions apply to Open Shortest Path First (OSPF) virtual link creation:
1.The routers at each end of the virtual link must share a common area.
2.The transit area cannot be a stub area.
3.The transit area cannot be the backbone area.
4. One router must connect to the backbone area.
Al areas in an OSPF internetwork must be connected to the backbone area, Area 0. If aremote
area has no direct connection to the backbone area, you can create a virtual link between two
area border routers (ABRs) to connect the remote area to the backbone area through a transit
area. One ABR is connected to Area 0 and the transit area, and the other AB is connected to the
transit area and the remote area. The following displays a virtuallink between Area 2 and Area 0
through the transit area, Area 1:

Cisco 400-101 Exam
The virtual link passes through the transit area, Area 1, not the backbone area, Area 0. Although
Area 2 can be a stub area, the transit area, Area 1, cannot be a stub area.
To create a virtual link, you should issue the area areaidvirtuallinkrouterid command in router
configuration mode, where areaid is the transit area ID and routerid is the router ID of the router at
the other end of the virtual link. For example, to create a virtual link between RouterA and RouterB
in the example, you should issue the area 1 virtuallink 10.20.30.50 command on RouterA and the
area 1 virtuallink 10.20.30.40 command on RouterB.
Reference:
QUESTION NO: 346
Which of the following ICMPv6 message types is used to query for the link-layer address of a
host? (Select the best answer.)
A.
router solicitation
B.
router advertisement
C.
neighbor solicitation
D.
neighbor advertisement
Answer: C
Explanation:
An Internet Control Message Protocol version 6 (ICMPv6) neighbor solicitation message isused to
Cisco 400-101 Exam
query for the linklayer address of a host. Neighbor solicitation messages are sent with the sender's
own linklayer address to the solicitednode multicast address. The solicitednode multicast address
is created by adding the FF02::1:FF00/104 prefix to the last 24 bits of the destination host's IPv6
address. After a destination host's linklayer address is discovered, neighbor solicitations can be
used to verify the reachability of a destination host.
When a host receives a neighbor solicitation message, it will reply with a neighbor advertisement
message that contains the linklayer address of the host. The neighbor advertisement is sent
directly to the host that sent the neighbor solicitation. A host will send an unsolicited neighbor
advertisement whenever its address changes. Unsolicited neighbor advertisements are sent to the
allnodes linklocal multicast address FF02::1.
A router solicitation message is sent by an IPv6capable host at startup. When IPv6 isenabled on a
router interface, a linklocal address is created. Before the address is assigned to the interface,
duplicate address detection (DAD) is performed to determine whether the
IPv6 address is unique on the link. If DAD determines that the address is unique, the linklocal
address is assigned to the interface and the router solicitation message is sent to the allrouters
multicast address FF02::2. Hosts use router solicitation messages to request an immediate router
advertisement.
A router advertisement that is sent in response to a router solicitation message is sentdirectly to

the host that sent the router solicitation. Routers also periodically send unsolicited router
advertisements to the allnodes multicast address FF02::1. Router advertisements contain the
following information:
-The IPv6 address of the router interface attached to the link
-One or more IPv6 prefixes for the local link
-The lifetime for each prefix
-Flags that specify whether stateless or stateful autoconfiguration can be used
-The hop limit andmaximum transmission unit (MTU) that the host should use
-Whether the router is a default router
-The amount of time that the router can be used as a default router
When a host receives a router advertisement, the IPv6 linklocal prefix is added to the host's
interface identifier to create the host's full IPv6 address. The first three octets of the interface
identifier are set to the Organizationally Unique Identifier (OUI) of the Media Access Control (MAC)
address of the interface. The fourth and fifth octets are set to FFFE.The sixth, seventh, and eighth
octets are equal to the last three octets of the MAC address.
Reference:
addrg-bsc-con.html#GUID-82127508-12DE-489C-B004-52CE8DB1415F
Cisco 400-101 Exam
QUESTION NO: 347
Which of the following command sets correctly configures and applies a MAC ACL? (Select the
best answer.)
A.
Router(config)#accesslist 800 permit 0000.0c01.abcd
Router(config)#interface gigabitethernet 1/0
Router(configif)#mac accessgroup 800 in
B.
Router(config)#interface gigabitethernet 1/0
Router(configif)#mac accessgroup 800 out
C.
Router(config)#interface gigabitethernet 1/0.1
D.
E.
Router(config)#accesslist 700 deny 0000.0c01.abcd
Router(config)#accesslist 700 permit any
F.

Cisco 400-101 Exam
Answer: E
Explanation:
The following command set correctly configures and applies a Media Access Control (MAC)
access control list (ACL):
A MAC ACL filters inbound Ethernet packets based on the source MAC address. Because aMAC
ACL filters at Layer 2, both IP and nonIP packets can be filtered. MAC ACLs support Ethernet,
802.1Q virtual LAN (VLAN), and 802.1QinQ packets.
To create a MAC ACL, you should issue the accesslistaccesslistnumber {deny | permit}
{macaddress | any} command. The accesslist number variable must be a number from 700
through 799. MAC ACLs that include the any keyword are automatically moved to the end of the
ACL. Like normal ACLs, MAC ACLs also have an implicit deny anystatement that is applied to any
routes that have not been explicitly permitted or denied by previous accesslist statements.
You can then apply the MAC ACL to an interface or a subinterface by issuing the mac
accessgroup accesslistnumberin command from interface or subinterface configuration mode.
The command sets that configure the accesslistnumber variable in the accesslistcommand to a
value of 800 cannot be used to create a MAC ACL. Access lists numbered from 800 through 899
are used for Internetwork Packet Exchange (IPX) ACLs.
The command sets that attempt to configure the out keyword in the mac accessgroupcommand
cannot be used to create a MAC ACL. MAC ACLs can be configured only for inbound filtering.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/macacl.html
QUESTION NO: 348

Cisco 400-101 Exam
Which of the following provides antireplay protection for GET VPN group members? (Select the
best answer.)
A.
KEK
B.
SAR
C.
TEK
D.
TSK
Answer: B
Explanation:
Synchronous Antireplay (SAR) provides antireplay protection for Group Encrypted Transport
(GET) virtual private network (VPN) group members. GET VPN is a connectionless, nontunneling
VPN technology based on the Group Domain of Interpretation (GDOI) standard proposed in
Request for Comments (RFC) 3547. Nontunneling VPNs such as GET VPN can be used on a
variety of networks, including IP, Frame Relay, Multiprotocol Label Switching (MPLS), and
Asynchronous Transfer Mode (ATM) networks. Although GET VPN does not use tunneling, it does
rely upon Internet Key Exchange (IKE) and IP Security (IPSec) security associations (SAs).
GE VPN requires a key server, which is responsible for maintaining the policy, creatingand
maintaining group keys, and servicing registration requests. The key server prevents replay
attacks by maintaining a pseudotime clock to keep track of time. Group members regularly
synchronize to the pseudotime on the key server. If an intercepted message is replayed, the
replayed message will likely fall outside the pseudotime window. A group member will detect the
pseudotime discrepancy and will therefore reject the replayed message.
A traffic encryption key (TEK) is used to encrypt data between GET VPN group members. When a
group member registers with the key server, the group member downloads the IPSec policy and
encryption keys from the key server. If a group member fails to registerwith a key server, all traffic
is sent unencrypted through the group member unless the Fail Close feature is activated.
A key encryption key (KEK) is used to encrypt data between the key server and groupmembers.
IPSec SA before it expires. The KEK protects the rekey message, which contains new encryption
keys that the group members should use, thereby securing the control plane.
A transmission security key (TSK) is used by directsequence spread spectrum (DSSS)

orfrequencyhopping radios. TSKs are not used by GET VPN group members.
Reference:

Cisco 400-101 Exam
vpn.html#GUID-AA25D5AD-BDD5-499E-AA2F-4F4F113C57D2
QUESTION NO: 349
Which of the following commands configures the CEF loadbalancing algorithm to use only a
source, a destination, and an ID hash? (Select the best answer.)
A.
ip cef load-sharing algorithm universal
B.
ip cef load-sharing algorithm original
C.
ip cef load-sharing algorithm include-ports source destination
D.
ip cef load-sharing algorithm include-ports source destination gtp
Answer: A
Explanation:
The ip cef loadsharing algorithm universal command configures the Cisco Express Forwarding
(CEF) loadbalancing algorithm to use only a source, a destination, and an IDhash. The original
CEF loadbalancing algorithm is prone to CEF polarization, which occurs when multiple routers in
sequence use the same loadbalancing mechanism. To understand CE polarization, consider the
following topology:
RouterMain will run the loadbalancing algorithm on a flow and, based on the hash result, will send
Cisco 400-101 Exam
the flow to Router1, Router2, or Router3. If Router1, Router2, and Router3 run the same
loadbalancing algorithm as RouterMain uses, those routers will get the same hash result and will
therefore no longer load balance. For example, flows that are sent from RouterMain to Router3 will
always be forwarded to Router3c because Router3 generates the same hash for each flow that
RouterMain does. The ip cef loadsharing algorithm original command configures a router to use
the original CEF loadbalancing algorithm, which uses only a source and destination hash and is
prone to CEF polarization.
Universal mode is an improvement to CEF that causes each router to use a 32bit Universal ID as
a hashing seed. Because each router uses a different Universal ID, each router willproduce
different hashing values, thereby avoiding CEF polarization by enabling each router to load
balance differently. Universal mode is enabled by default or by issuing the ip cef loadsharing
algorithm universal command.
The ip cef loadsharing algorithm includeports source destination command configures CEF to not
only use the universal loadbalancing algorithm but also to consider Layer 4 source and destination
port information. Because this command uses the Universal ID it also avoids CEF polarization.
The ip cef loadsharing algorithm includeports source destination gtp command is similar to the ip
cef loadsharing algorithm includeports source destinationcommand. However, the ip cef
loadsharing algorithm includeports source destination gtp command also considers the GPRS
Tunneling Protocol (GTP) Tunnel Endpoint Identifier (TEID), when applicable.
Reference:
i1.html#wp5609710740
CCIE Routing and Switching v5.0 Certification Guide, Volume 1, Chapter 6, Load Sharingwith CEF
and Related Issues, pp. 282-285
QUESTION NO: 350
Which of the following is true regarding RTC? (Select the best answer.)
A.
RTC sends only the prefixes that the PE router wants.
B.
RTC finds route inconsistencies.
C.
RTC synchronizes peers without a hard reset.
D.
RTC works with only VPNv4.
Cisco 400-101 Exam
E.
RTC makes the ABR an RR and sets the next hop to self.
Answer: A
Explanation:
Route Target Constraint (RTC) sends only the prefixes that the Provider Edge (PE) router wants.
In a normal Multiprotocol Label Switching (MPLS) virtual private network (VPN), the route reflector
(RR) sends all of its VPN version 4 (VPNv4) and VPNv6 prefixes to the PE router. The PE router
then drops the prefixes for which it does not have a matching VPN routing and forwarding (VRF).
RTC allows a PE router to send its route target (RT) membership data to the RR within an address
family named rtfilter. The RR then uses rtfilter to determine which prefixes to send to the PE. In
order for RTC to work, both the RR and the PE need to support RTC.
RTC does not find route inconsistencies, nor does it synchronize peers without a hard reset. This
functionality is provided by Border Gateway Protocol (BGP) Enhanced Route Refresh.
BG Enhanced Route Refresh is enabled by default. If two BGP peers support EnhancedRoute
Refresh, each peer will send a RouteRefresh StartofRIB (SOR) message and a RouteRefresh
EndofRIB (EOR) message before and after an AdjRIBOut message, respectively. After a peer
receives an EOR message, or after the EOR timer expires, the peer will check to see whether it
has any routes that were not readvertised. If any stale routes remain, they are deleted and the
route inconsistency is logged.
RTC does not make the area border router (ABR) an RR, nor does it set the next hop to self. This
behavior is exhibited by Unified MPLS. Unified MPLS increases scalability for an MPLS network
by extending the label switched path (LSP) from end to end, not by redistributing interior gateway
protocols (IGPs) into one another, but by distributing some of the IGP prefixes into BGP. BGP then
distributes those prefixes throughout the network.
Reference:
technologies-technote-restraint-00.html
https://search.cisco.com/search?query=Cisco%20IOS%20BGP%20Configuration%20Guide&local
e=enUS&tab=Cisco
configure-technology-00.html
QUESTION NO: 351
A switch receives a BPDU with the TC bit set.

Cisco 400-101 Exam
By default, how long will it take for the switch to age out the MAC address table? (Selectthe best
answer.)
A.
two seconds
B.
15 seconds
C.
20 seconds
D.
35 seconds
E.
300 seconds
Answer: B
Explanation:
The switch will age out the Media Access Control (MAC) address table in 15 seconds by default.
After the switch receives a bridge protocol data unit (BPDU) with the topology change (TC) bit set,
the switch will reduce the default aging time of 300 seconds to the forward_delay value, which is
15 seconds by default.
When a switch needs to signal that a topology change has occurred, it will send topology change
notification (TCN) BPDUs on its root port every two seconds, which is the default hello_time value.
The designated bridge will forward the TCN BPDU to its root port? additionally, it will send a
topology change acknowledgment (TCA) BPDU back to the switch that sent the TCN. This
process will continue until the root bridge receives the TCN.
When the root bridge receives the TCN, it will send BPDUs with the TC bit set. By default, the root
bridge will set the TC bit for 35 seconds, which is the default max_age timer of 20 seconds plus
the default forward_delay value of 15 seconds. The TC BPDUs will be propagated throughout the
spanningtree topology.
Reference:
17.html#anc6
QUESTION NO: 352

Cisco 400-101 Exam
RouterA(config-rtr)#distribute-list prefix-list bosonrip in FastEthernet0/0
A.
IPv6 routing updates matching bosonrip will not be accepted.
B.
IPv6 routing updates matching bosonrip and arriving on the FastEthernet0/0 interface will be
accepted.
C.
advertised.
D.
IPv6 routing updates matching bosonrip and arriving on the FastEthernet0/0 interface will not
beadvertised.
E.
IPv6 routing updates not matching bosonrip will be advertised.
Answer: B
Explanation:
IPv6 routing updates matching bosonrip and arriving on the FastEthernet0/0 interface willbe
accepted if you issue the following commands on RouterA:
RouterA(config-rtr)#distribute-list prefix-list bosonrip in FastEthernet0/0
The distributelist prefixlist command configures the Routing Information Protocol for IPv6 (RIPv6)
process in this scenario to match IPv6 prefixes arriving on the FastEthernet0/0 interface to the
IPv6 prefixes that are defined in the bosonrip prefix list. If the prefixes match, the route is
accepted. If the prefixes do not match, the route is notaccepted. The distributelist prefixlist
command can also be used with Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6.
IPv6 routing updates matching bosonrip and destined for the FastEthernet0/0 interfacewill not be
advertised. To configure the RIPv6 process to match IPv6 prefixes that are destined for the
FastEthernet0/0 interface, you should issue the distributelist prefixlistcommand with the out
keyword. For example, in this scenario, you would issue the distributelist prefixlist bosonrip out
Cisco 400-101 Exam
FastEthernet0/0 command to match IPv6 prefixes in the bosonrip list that are destined for the
FastEthernet0/0 interface.
Reference:
10121
QUESTION NO: 353
Which of the following flags in the output of the show ip mroute command indicates that a receiver
is directly connected to the network segment that is connected to the interface? (Select the best
answer.)
A.
A
B.
C
C.
D
D.
L
E.
S
Answer: B
Explanation:
The C flag in the output of the show ip mroute command indicates that a receiver is directly
connected to the network segment that is connected to the interface. You can view the IP
multicast routing table by issuing the show ip mroute command, as shown in the following output:

Cisco 400-101 Exam
The A flag in the flags field would indicate that the router is a candidate for Multicast Source
Discovery Protocol (MSDP) advertisement. However, if the A flag is specified in the outgoing
interface list, as shown in the previous output, the router is the winner of an assert mechanism and
therefore becomes the forwarder.
The D flag would indicate that the router is using dense mode. The L flag would indicate that the
local router is a member of the multicast group. The S flag would indicate that the router is using
sparse mode.
Reference:
QUESTION NO: 354
Which of the following is true regarding the structure of a VPN ID? (Select the best answer.)
A.
It begins with a 4-byte VPN index and ends with a 6-byte MAC address.
B.
It begins with an 8-byte RD and ends with a 4-byte IPv4 address.
C.
It begins with a 4-byte IPv4 address and ends with a 3-byte OUI.
D.
It begins with a 3-byte OUI and ends with a 4-byte VPN index.
E.
It begins with a 6-byte MAC address and ends with a 4-byte IPv4 address.
Answer: D
Cisco 400-101 Exam
Explanation:
A virtual private network (VPN) ID begins with a 3byte Organizationally Unique Identifier(OUI) and
ends with a 4byte VPN index. The VPN ID identifies a VPN routing and forwarding (VRF). To
update a VPN ID for a VRF, issue the vpn id oui: vpn-index command from VRF configuration
mode.
Although a Media Access Control (MAC) address contains an OUI, a VPN ID does notcontain a
MAC address. A VPN ID also does not contain a route distinguisher (RD) or an
IPv4 address. However, a multiprotocol Border Gateway Protocol (BGP) VPNIPv4 address begins
with an 8byte RD and ends with a 4byte IPv4 address.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/12_2b/12_2b4/feature/guide/12b_vpn.html
Select each BGP command on the left, and drag it o its corresponding description on the right.
Answer:

Cisco 400-101 Exam
Explanation:
The show ip bgp neighbors command displays the number of keepalive messages exchanged
between Border Gateway Protocol (BGP) peers. The keepalive statistics are displayed within the
Message statistics block of output. Additional information provided by the show ip bgp neighbors
command includes detailed neighbor path, prefix, capability, and attribute information.
The following is sample output from the show ip bgp neighbors command:
The clear ip bgp command rebuilds the BGP routing table. This command can be used to begin
soft reconfiguration or a hard reset. Soft reconfiguration uses stored prefix information in order to
Cisco 400-101 Exam
rebuild BGP routing tables without breaking down any active peering sessions, whereas a hard
reset breaks down the active peering sessions and then rebuilds the BGP routing tables.
The aggregateaddress command indicates a summarized route that should be advertised. The
syntax of the aggregateaddress command is aggregateaddressipaddresssubnetmask
[summaryonly] [asset]. Typically, the aggregateaddresscommand is issued with the optional
summaryonly keyword, which prevents the advertisement of routes with longer prefixes within the
summarized range. The optional asset keyword enables BGP to detect loops by generating an
aggregate address mathematically from a set of autonomous systems (ASes). You can determine
whether an aggregate address has been calculated from a set of ASes by examining the output of
the show ip bgp command. For example, the following output displays an aggregate address that
summarizes AS 600 by using paths through AS 500 and AS 400:
The show ip bgp summary command displays the session state. You can also use the show ip bgp
summary command to determine neighbor path, prefix, capability, and attribute information. If the
output indicates that network entries and path entries are consuming a lot of memory, the BGP
database might be too large; this can occur when the router is attempting to store the entire global
BGP routing table. The following is sample output from the show ip bgp summary command:
Reference:
l#wp1159860
l#wp1107408
l#wp1111300
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5441-
aggregation.html#aggregatingwiththeassetargument

Cisco 400-101 Exam
l#wp1162534
Select the multicast MAC addresses on the left, and place them on the corresponding protocols on
the right.
Answer:
Explanation:

Cisco 400-101 Exam
Multicast Media Access Control (MAC) address 0180.C200.0003 is used by 802.1X. The Institute
of Electrical and Electronics Engineers (IEEE) 802.1X standard defines a methodthat uses
Extensible Authentication Protocol (EAP) to establish portbased connections.
IEEE 802.1X is designed to require authentication before a client is allowed access to anetwork.
Multicast MAC address 0100.0CDD.DDDD is used by Cisco Group Management Protocol

(CGMP). CGMP is used between routers and switches to manage IP multicast traffic at the Data
Link layer.
Multicast MAC address 0180.C200.000E is used by Link Layer Discovery Protocol (LLDP). LLDP
is a Layer 2 openstandard discovery protocol that is used to facilitate interoperability between
Cisco devices and nonCisco devices. Attributes that can be learned from neighboring devices
contain type, length, and value (TLV) information including port description, system description,
system name, and management address.
Multicast MAC address 0100.0CCC.CCCC is used by Cisco Discovery Protocol (CDP), Dynamic
Trunking Protocol (DTP), Port Aggregation Protocol (PAgP), UniDirectional LinkDetection (UDLD),
and VLAN Trunking Protocol (VTP). CDP is a Layer 2 Ciscoproprietaryprotocol that is used to
advertise and discover only directly connected Cisco devices on a local network. DTP is a
pointtopoint protocol that is used to negotiate trunking. PAgP is an EtherChannel aggregation
protocol. UDLD monitors a link to verify that both ends of the link are functioning. VTP is used to
centrally manage virtual LAN (VLAN) changes and to propagate those changes over trunk ports.
Multicast MAC address 0180.C200.0000 is used by 802.1D Spanning Tree Protocol (STP) to send
native VLAN bridge protocol data units (BPDUs). Multicast MAC address 0100.0CCC.CCCD is
used by 802.1D STP to send nonnative VLAN BPDUs.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-
2/01xo/configuration/guide/config/cntl_pln.html#wp1151092
QUESTION NO: 357
Which of the following packet types can be captured by EPC on egress? (Select the best answer.)
A.
only unicast packets
B.
only unicast and broadcast packets

Cisco 400-101 Exam
C.
only broadcast and multicast packets
D.
only unicast and multicast packets
E.
unicast, broadcast, and multicast packets
F.
no packets
Answer: B
Explanation:
Only unicast and broadcast packets can be captured by Embedded Packet Capture (EPC) on
egress; unicast and broadcast packets can also be captured by EPC on ingress. Multicast packets
can be captured by EPC, but only on ingress, not on egress.
Cisco IOS EPC is a feature that you can implement to assist with tracing packets
andtroubleshooting issues with packet flow in and out of Cisco devices. To implement EPC, you
must perform the following steps:
To create a capture buffer, you should issue the monitor capture bufferbuffername[clear |
exportexportlocation | filteraccesslistipaccesslist | limit {allownthpaknthpacket | duration seconds |
packetcounttotalpackets | packetsper sec packets} | [maxsizeelementsize] [sizebuffersize] [circular
| linear]] command from global configuration mode. The capture buffer contains packet data and
metadata. The packet data does not contain a timestamp indicating when the packet was added to
the buffer; the timestamp is contained within the metadata. In addition, the metadata contains
information regarding the direction of transmission of the packet, the switch path, and the
encapsulation type.
To create a capture point, you should issue the monitor capture point {ip | ipv6}
{cefcapturepointname interfacename interfacetype {both | in | out} | processswitched
create multiple capture points with unique names and parameters on a single interface; however,
you can associate each capture point with only one capture buffer.
associatecapturepointname capturebuffername command from global configuration mode. Each
Cisco 400-101 Exam
capture point can be associated with only one capture buffer.
Finally, to enable the capture point so that it can begin to capture packet data, you shouldissue the
monitor capture point start {capturepointname | all} command.
Reference:
packet-capture.html#GUID-CF6AFCF6-34DC-4B16-9406-E73C806FBD2E
QUESTION NO: 358
You want to establish an EtherChannel between SwitchA and SwitchB using an IEEE
standardsbased protocol.
Which of the following channelgroup modes could you configure on the switches? (Select 2
choices.)
A.
SwitchA set to on and SwitchB set to on
B.
SwitchA set to passive and SwitchB set to active
C.
SwitchA set to active and SwitchB set to active
D.
SwitchA set to desirable and SwitchB set to auto
E.
SwitchA set to desirable and SwitchB set to desirable
Answer: B,C
Explanation:
You could set one switch to active and the other switch to passive? alternatively, you could set
both switches to active. Link Aggregation Control Protocol (LACP) is an Institute of Electrical and
Electronics Engineers (IEEE) standardsbased protocol that groups individualphysical ports into a
single logical link, called an EtherChannel. The ports that constitute an EtherChannel are grouped
according to various parameters, such as hardware, port, andadministrative limitations. Because
LACP is a standardsbased protocol, it can be used between Cisco and nonCisco switches.
Port Aggregation Protocol (PAgP) is an older, Ciscoproprietary alternative to LACP. Because

PAgP is a Ciscoproprietary protocol, it can be used only on Cisco switches. LikeLACP, PAgP
Cisco 400-101 Exam
identifies neighboring ports and their group capabilities? however, PAgP does not assign roles to
the EtherChannel's endpoints like LACP does.
The channelgroup command configures the EtherChannel mode. The syntax of the channelgroup
command is channelgroup numbermode {on | active | passive | {auto | desirable} [nonsilent]},
where number is the port channel interface number. The on keyword configures the channel group
to unconditionally create the channel with no LACP or PAgP negotiation. The active and passive
keywords can be used only with LACP. The active keyword configures the channel group to
actively negotiate LACP, and the passive keyword configures the channel group to listen for LACP
negotiation to be offered. Either or both sides of the link must be set to active to establish an
EtherChannel over LACP? setting both sides to passive will not establish an EtherChannel over
LACP.
The auto, desirable, and nonsilent keywords can be used only with PAgP. The desirable keyword
configures the channel group to actively negotiate PAgP, and the autokeyword configures the
channel group to listen for PAgP negotiation to be offered. Either or both sides of the link must be
set to desirable to establish an EtherChannel over PAgP? setting both sides to auto will not
establish an EtherChannel over PAgP. The optional nonsilent keyword requires that a port receive
PAgP packets before the port is added to the channel.
Reference:
140.html#lacp_pagp
QUESTION NO: 359
You issue the following commands on a switch:
SwitchA#configure terminal
Cisco 400-101 Exam
SwitchA(config)#interface fastethernet 0/7
SwitchA(config-if)#switchport mode trunk
SwitchA(config-if)#switchport trunk encapsulation dot1q
SwitchA(config-if)#switchport trunk native vlan 44
SwitchA(config-if)#switchport trunk allowed vlan remove 55
Which of the following statements is true regarding VLAN traffic when it is sent over port Fa0/7?
A.
VLAN 1 traffic will be untagged.
B.
C.
D.
All VLAN traffic will be untagged.
E.
All VLAN traffic will be tagged.
Answer: B
Explanation:
Traffic from virtual LAN (VLAN) 44 will be untagged when it is sent over port Fa0/7. VLAN 44
traffic is untagged because it has been configured as the native VLAN by the switchport trunk
native vlan 44 command. By default, the native VLAN is VLAN 1. You can issue the switchport
trunk native vlan vlanid command to change the native VLAN.
Al VLAN traffic will not be untagged when it is sent over port Fa0/7; only native VLANtraffic will be
untagged. Traffic from all other VLANs will be tagged when it is sent over port Fa0/7. To ensure
that traffic from the native VLAN is tagged, you can issue theswitchport trunk native vlan tag
command. Tagging native VLAN traffic is necessary to enable Layer 2 Quality of Service (QoS)
support on the native VLAN.
Traffic from VLAN 1 will not be untagged when it is sent over port Fa0/7? it will be tagged because
VLAN 1 is no longer the native VLAN. To reconfigure VLAN 1 to be the native VLAN, you can
issue the switchport trunk native vlan 1 command or the noswitchport trunk native vlan command.
Traffic from VLAN 55 cannot be sent over port Fa0/7. The switchport trunk allowed vlan remove 55
command removes VLAN 55 from the list of allowed VLANs that can be trunked over port Fa0/7.

Cisco 400-101 Exam
The switchport trunk allowed vlan {add | all | except | remove} vlanlist command is issued from
interface configuration mode to manually prune VLANs. Manual pruning enables an administrator
to strictly specify which VLANs are allowed or denied on a trunk port.
You can issue the show interfaces trunk command to display the list of ports that are configured
for trunking, the native VLAN for each trunk port, and the list of currently allowed VLANs for each
trunk port. The following displays the output of the show interfaces trunk command:
Reference:
https://www.cisco.com/c/en/us/support/docs/lan-switching/8021q/8758-43.html
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/interface/command/ir-cr-book/ir-
s7.html#wp3698486980
QUESTION NO: 360
Which of the following commands configures PIM-SM interfaces to use dense mode to flood
Auto-RP traffic to 224.0.1.39 and 224.0.1.40? (Select the best answer.)
A.
ip pim sparse-dense-mode
B.
ip pim send-rp-discovery
C.
ip pim send-rp-announce
D.
ip pim autorp listener
Answer: D
Explanation:

Cisco 400-101 Exam
The ip pim autorp listener command configures Protocol Independent Multicast sparse mode
(PIMSM) interfaces to use dense mode to flood AutoRP traffic to 224.0.1.39 and 224.0.1.40.
AutoRP candidate rendezvous points (RPs) use multicast address 224.0.1.39 to transmit
RPAnnounce messages, which advertise that a router is eligible to become an RP.
AutoRP mapping agents use multicast address 224.0.1.40 to transmit RPDiscoverymessages,

which advertise the authoritative RP for a multicast group.
The ip pim sendrpdiscovery command does not configure PIMSM interfaces to use dense mode to
flood AutoRP traffic to 224.0.1.39 and 224.0.1.40? it configures a router as an AutoRP mapping
agent. AutoRP dynamically determines the RP for a multicast group so that RPs do not have to be
manually configured. AutoRP uses a mapping agent to learn which routers are advertised as
candidate RPs for each multicast group. The candidate list is then advertised to client routers.
The ip pim sendrpannounce command does not configure PIMSM interfaces to use dense mode
to flood AutoRP traffic to 224.0.1.39 and 224.0.1.40? it configures a router as an AutoRP
candidate RP. A candidate RP advertises itself to the mapping agent, and the mapping agent
maps the candidate RPs to multicast groups. If multiple routers are advertised as candidate RPs
for a multicast group, the router with the highest IP address is used as the RP for that group.
The ip pim sparsedensemode command does not configure PIMSM interfaces to use dense mode
to flood AutoRP traffic to 224.0.1.39 and 224.0.1.40? it configures a PIM router to operate in PIM
sparsedense mode (PIMSDM). PIMSDM uses PIMSM for groups that have an RP configured and
PIM dense mode (PIMDM) for groups that do not have an RP configured.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/ipmulti/command/reference/fiprmc_r/1rfmult2.html
#wp1090395
QUESTION NO: 361
Which of the following statements best describes the purpose of holddown timers? (Select the
best answer.)
A.
Holddown timers are used by RIP to specify the amount of time to wait before deleting a route
from therouting table.
B.
Holddown timers are used by OSPF to specify the amount of time between sending hello packets.
C.
Holddown timers are used by OSPF to specify the amount of time to wait before declaring a
neighbor tobe down.

Cisco 400-101 Exam
D.
Holddown timers are used by RIP to specify the amount of time to suppress information regarding
abetter path to a route.
E.
Holddown timers are used by RIP to specify the amount of time to wait between broadcasting
routing table updates.
F.
Holddown timers are used by RIP to specify the amount of time to wait before declaring a route to
be unreachable.
Answer: D
Explanation:
Holddown timers are used by Routing Information Protocol (RIP) to specify the amount oftime to
suppress information regarding a better path to a route. When a router receives a routing update
stating that a route is unreachable, the router waits a specified amount of time before accepting
routes advertised by other sources. By default, the holddown timer is set to 180 seconds. RIP
uses holddown timers and split horizon to prevent routing loops. Split horizon prevents routers
from sending routing information to the same interface from which it was received.
RIP uses four different network timers: update, invalid, holddown, and flush. The update timer is
used to specify the amount of time to wait between broadcasting routing table updates. By default,
the update timer is set to 30 seconds. The invalid timer is used to specify the amount of time to
wait before declaring a route to be unreachable. By default, the invalid timer is set to 180 seconds,
and it should always be set to at least three times the value of the update timer. The flush timer is
used to specify the amount of time to wait before deleting a route from the routing table. By
default, the flush timer is set to 240 seconds, and it should always be set to a value greater than
the invalid timer. To manually configure the four RIP network timers, you should issue the timers
basic updateinvalidholddownflush command in RIP router configuration mode, where update,
invalid, holddown, and flush are specified in seconds.
The Open Shortest Path First (OSPF) hello timer is used to specify the amount of time between
sending hello packets. Hello packets are used for neighbor discovery and maintaining neighbor
relationships. By default, the hello timer is set to 10 seconds on pointtopoint and broadcast links
and to 30 seconds on nonbroadcast multiaccess (NBMA) links. The OSPF dead timer is used to
specify the amount of time to wait before declaring a neighbor to be down. By default, the dead
timer is set to four times the hello timer value. In order for OSPF to work correctly, the hello and
dead timers should be consistent acrossall OSPF routers. To manually configure the hello timer
interval, you should issue the ip ospf hellointerval seconds command in OSPF interface
configuration mode. To manually configure the dead timer interval, you should issue the ip ospf
deadinterval secondscommand in OSPF interface configuration mode.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfrip.html#wp

Cisco 400-101 Exam
1018019
QUESTION NO: 362
You issue the snmpserver host auth version 3 dot1x command on a Cisco switch. No previous
SNMP commands have been issued on the switch.
A.
Notifications are sent as informs.
B.
Notifications are sent as traps.
C.
Only 802.1X notifications are sent.
D.
Only authentication notifications are sent.
E.
The noAuthNoPriv security level is applied to the host.
F.
The AuthNoPriv security level is applied to the host.
Answer: B,E
Explanation:
Notifications are sent as traps, and the noAuthNoPriv security level is applied to the host. Simple
Network Management Protocol (SNMP) is used to remotely monitor and manage network devices.
The basic syntax of the snmpserver host command is snmpserver host {hostname | ipaddress}
[vrfvrfname | informs | traps | version {1 | 2c | 3 [auth | noauth | priv]}] communitystring [udpportport
[notificationtype] | notificationtype]. Therefore, the command snmpserver host auth version 3 dot1x
specifies that the switch should send SNMP version 3 (SNMPv3) notifications to a device with the
hostname auth using the community string dot1x.
By default, notifications are sent as traps. You can also explicitly specify that notificationsbe sent
as traps by issuing the traps keyword in the snmpserver host command. To send notifications as
informs, you should issue the informs keyword in the snmpserver host command.
There are three SNMPv3 security levels: noAuthNoPriv, authNoPriv, and authPriv. If no security
Cisco 400-101 Exam
level is specified in the snmpserver host command, the noAuthNoPriv security level is used. The
noAuthNoPriv security level, which is also enabled by issuing the noauthkeyword, authenticates by
matching the user name in clear text. The authNoPriv security level, which is enabled by issuing
the auth keyword, matches an unencrypted Message
Digest 5 (MD5) or Secure Hash Algorithm (SHA) hash of the user name in order toauthenticate.
The authPriv security level, which is enabled by issuing the priv keyword, authenticates by
matching an MD5 or SHA hash of the user name that is also encrypted by using either Data
Encryption Standard (DES), Triple DES (3DES), or Advanced Encryption Standard (AES). In this
scenario, the placement of the auth keyword configures a host name, not a security level.
If a notification type is not specified in the snmpserver host command, all notificationtypes are
sent. Although the dot1x keyword can be used to specify that 802.1X notifications are sent, the
placement of the dot1x keyword in this scenario configures a community string, not a notification
type.
Reference:
s3.html#wp3482803949
QUESTION NO: 363
Which of the following commands should you issue from interface configuration mode to associate
an NHRP group with a QoS policy map? (Select the best answer.)
A.
ip nhrp group
B.
ip nhrp map
C.
ip nhrp map group
D.
ip nhrp map multicast
E.
F.
ip nhrp responder
Answer: C

Cisco 400-101 Exam
Explanation:
You should issue the ip nhrp map group command from interface configuration mode to associate
a Next Hop Resolution Protocol (NHRP) group with a Quality of Service (QoS) policy map. NHRP
is used to create a database of tunnel addresses to real addresses. When a spoke router wants to
send a packet to another spoke router by using an ondemand spoketospoke tunnel, the sending
router queries the NHRP database to determine the receiving router's dynamic spoke address; the
sending router then creates the ondemand tunnel between the spoke routers.
Before you can map an NHRP group with a QoS policy map, you must first create the NHRPgroup
by issuing the ip nhrp group command from interface configuration mode. The following command
set creates an NHRP group named boson and maps the group to a QoS policy map named exsim:
Router(config)#interface Tunnel 0
Router(configif)#ip nhrp group boson
Router(configif)#ip nhrp map group boson servicepolicy output exsim
The ip nhrp map command configures spoke routers with a static mapping that maps the hub
router's tunnel IP address to the hub router's physical IP address. The syntax of the ip nhrp map
command is ip nhrp map ipaddress nbmaaddress command, where ip address is the hub router's
tunnel IP address and nbmaaddress is the hub router's physical IP address. Hub routers need not
be configured with the ip nhrp map ipaddress nbmaaddress command; as spoke routers register
with the hub, the mappings are dynamically created.
The ip nhrp map multicast dynamic command configures a hub router to allow spoke routers to
register with the hub as multicast receivers. Spoke routers should not be configured with the ip
nhrp map multicast dynamic command? instead, they should be configured with the ip nhrp map
multicastipaddress command, where ipaddress is the physical IP address of the hub router. The ip
nhrp map multicast command enables the spoke router to send broadcast and multicast packets
over the tunnel.
The ip nhrp responder command specifies the IP address that the nexthop server should use
when replying to Responder Address queries. The syntax of the ip nhrp respondercommand is ip
nhrp responderinterfacetype interfacenumber. The primary IP address of the interface is the IP
address that the nexthop server will use in the NHRP reply.
Reference:
i4.html#wp2318545993
QUESTION NO: 364

Cisco 400-101 Exam
Which of the following is the VLAN name for VLAN 1004? (Select the best answer.)
A.
fddi-default
B.
fddinet-default
C.
token-ring-default
D.
trnet-default
Answer: B
Explanation:
The virtual LAN (VLAN) name for VLAN 1004 is fddinetdefault. VLANs 1002 through 1005 cannot
be pruned, deleted, or used to send data over Ethernet. VLANs 1002 and 1004 are reserved for
Fiber Distributed Data Interface (FDDI). VLANs 1003 and 1005 are reserved for Token Ring.
The following table displays VLANs 1002 through 1005 along with their corresponding names:
You can see these names when issuing the show vlan command:
Reference:
k/vlans.html
Cisco 400-101 Exam
QUESTION NO: 365
Which of the following will occur when you issue the ntp server 10.11.12.13 command on
RouterA? (Select 2 choices.)
A.
RouterA will become an NTP server for a host at 10.11.12.13.
B.
RouterA will become an NTP client of a server at 10.11.12.13.
C.
RouterA will listen for NTP packets on the interface that is configured to use IP address
10.11.12.13.
D.
RouterA will use IP address 10.11.12.13 as the source IP address for all NTP packets leaving
theinterface.
E.
RouterA will use NTP version 3.
F.
RouterA will be set to stratum 8.
Answer: B,E
Explanation:
RouterA will become a Network Time Protocol (NTP) client of a server at 10.11.12.13 and will use
NTP version 3. NTP is used to synchronize the time on network devices. Issuing the ntp server
command from global configuration mode configures a Cisco router to operate as an NTP static
client. An NTP static client receives its time from an NTP server.
The basic syntax of the ntp server command is ntp serveripaddress [version number] [prefer],
where ipaddress is the IP address of the NTP server that the client will use to receive its time. The
optional version keyword can be issued to specify the NTP version? if no version is specified, NTP
version 3 will be used by default. The optional prefer keyword can be used so that the specified
NTP server will be preferred by the client over other NTP servers? if the prefer keyword is not
used, the client will synchronize with the server that has the lowest stratum number.
RouterA will not become an NTP server for a host at 10.11.12.13. You should issue the ntp master
command from global configuration mode to configure a Cisco router to operate as an NTP server.
The syntax of the ntp master command is ntp master [stratum], where stratum is an NTP stratum
value from 1 through 15. By default, an NTP server is configured to use a stratum value of 8.
Devices with higher stratum numbers receive time from devices with lower stratum numbers. For

Cisco 400-101 Exam
example, a stratum 2 device typically receives its time from a stratum 1 device, a stratum 3 device
typically receives its time from a stratum 2 device, and so on.
RouterA will not be set to stratum 8 unless it receives its time from an NTP server at stratum 7.
You cannot manually set the stratum for an NTP client. To configure RouterA so that it is set to
stratum 8, you must issue the ntp master command or the ntp master 8command.
RouterA will not listen for NTP packets on the interface that is configured to use IP address
10.11.12.13, nor will RouterA use IP address 10.11.12.13 as the source IP address for all NTP
packets leaving the interface. IP address 10.11.12.13 is the address of the NTP server, not an IP
address on RouterA. Issuing the ntp broadcast client command from interface configuration mode
configures a Cisco router to operate as an NTP broadcast client. An NTP broadcast client listens
on the configured interface for NTP broadcasts from an NTP server, which the NTP client uses to
adjust its time. The difference between a broadcast client and a static client is that a broadcast
client can receive its time from any NTP server. By contrast, a static client receives its time from
the NTP server specified in the ntp servercommand.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/command/reference/ffun_r/frf012.html#w
p1123899
Cisco: Basic System Management Commands: ntp server
QUESTION NO: 366

Cisco 400-101 Exam
You administer the OSPF network shown above. The cost values are displayed next to each link.
RA receives packets destined for the 172.20.0.0/24 network.
Which path or paths will RA use to send the packets? (Select the best answer.)
A.
only R-ARD-RF
B.
only RA-RC-RE-RF
C.
only RA-RD-RF and RA-RC-RD-RF
D.
only RA-RD-RF, RA-RC-RD-RF, and RA-RC-RB-RE-RF
Answer: C
Explanation:
RA will use only the RARDRF path and the RARCRDRF path to send the packets to the
172.20.0.0/24 network. The total cost from RA through RD to RF is 20 + 20 = 40, and the total cost
from RA through RC and RD to RF is 10 + 10 + 20 = 40. Open Shortest Path First (OSPF) can
load balance traffic across equalcost paths? since both paths have a totalcost of 40, RA can use
both paths to send the packets. RA will not always prefer the route through the least number of
routers. Instead, RA prefers the intraarea route with the lowest total cost, regardless of the number
of routers the packets must pass through.
RA will not use the RARCRERF path to send the packets. Although the total cost from RA through
RC and RE to RF is 10 + 10 + 10 = 30, OSPF prefers intraarea routes over interarea routes,
regardless of the total path cost. OSPF uses the following preference order when selecting the
best route to a destination:
1.Intraarea routes
2. Interarea routes
Therefore, RA prefers an intraarea route with a cost of 40 over an interarea route with a cost of 30.
If the link between RC and RE were within Area 1, as shown in the following graphic, RA would
prefer the route from RA through RC and RE to RF:

Cisco 400-101 Exam
RA will not use the RA-RC-RB-RE-RF path to send the packets. Although the total cost of this
path is 10 + 10 + 10 + 10 = 40, the RARCRBRERF route is an interarea route; RA prefers the
intraarea routes with a cost of 40.
Reference:
QUESTION NO: 367
Which of the following is a pointtopoint protocol that can be configured on a switch to dynamically
control the establishment of 802.1Q and ISL trunk links? (Select the best answer.)
A.
DTP
B.
LACP
C.
PAgP
D.
STPE

Cisco 400-101 Exam
E.
VTP
Answer: A
Explanation:
Dynamic Trunking Protocol (DTP) is a Ciscoproprietary pointtopoint protocol that can beconfigured
on a switch to dynamically control the establishment of 802.1Q and InterSwitch Link (ISL) trunk
links. ISL is Cisco's proprietary encapsulation method; it can be used to configure trunks on Cisco
switches only. The Institute of Electrical and Electronics Engineers (IEEE) 802.1Q standard is
widely supported and should be used when you mustincorporate thirdparty switches into an
existing Cisco topology.
There are five DTP switch port modes: trunk, desirable, auto, access, and nonegotiate. The
switchport mode {trunk | dynamic {desirable | auto} | access | nonegotiate} command configures
the DTP mode for a switch port. Cisco recommends that you set both sides of a trunk link to
desirable mode when using DTP. When connecting to a nonCisco device, you should manually
configure the switch port for trunk mode. The following table indicates whether a trunk link will be
established between a pair of switches configured with the switchport mode command:
Port Aggregation Protocol (PAgP) is a Ciscoproprietary protocol that groups individual physical
PAgPconfigured ports into a single logical link, called an EtherChannel. The ports that constitute
an EtherChannel are grouped according to various parameters, such as hardware, port, and
administrative limitations. Once PAgP has created an EtherChannel, it adds the EtherChannel to
the spanning tree as a single switch port.
Link Aggregation Control Protocol (LACP) is a newer, standardsbased alternative to PAgP that is
defined by the IEEE 802.3ad standard. LACP is available on switches newer than the Catalyst
2950, which only offers PAgP. Like PAgP, LACP identifies neighboring ports andtheir group
capabilities? however, LACP goes further by assigning roles to the EtherChannel's endpoints.
Spanning Tree Protocol (STP) is defined in the IEEE 802.1D standard. Layer 2 protocols use STP
to determine the best path through a switched network. STP prevents switching loops on a
network. Switching loops can occur when there is more than one switched path to a destination.
The spanning tree algorithm determines the best path through a switched network, and any ports
that create redundant paths are blocked. If the best path becomes unavailable, the network
topology is recalculated and the port connected to the next best path is unblocked.
information between switches. Changes that are made on one VTP server are propagated
Cisco 400-101 Exam
throughout the VTP domain. For switches to synchronize information over VTP, the following
-VTP domain name
-VTP password
-VTP version
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-
2/31sga/configuration/guide/config/layer2.html#wp1020498
140.html#lacp_pagp
QUESTION NO: 368
In which of the following situations will an EIGRP router transition a route from the passive state to
the active state and send multicast query packets to its neighbors? (Select the best answer.)
A.
when the successor becomes unreachable and a feasible successor exists
B.
when the successor becomes unreachable and no feasible successors exist
C.
when the router sees its own router ID in the Neighbor field of an update packet
D.
when all the routes in the router's topology table are in the passive state
E.
when the DR fails and no BDR exists on the multiaccess segment
Answer: B
Explanation:
Reference:
When the successor becomes unreachable and no feasible successors exist, an Enhanced
Interior Gateway Routing Protocol (EIGRP) router transitions a route from the passive stateto the
active state and sends multicast query packets to its neighbors by using the multicast IP address
224.0.0.10. These multicast query packets are used to interrogate EIGRP neighbors to determine
Cisco 400-101 Exam
whether they have a route to a destination network. Theroute will remain in the active state until
replies are received for each of the neighbor queries. You can display which routers have not yet
replied to a query by issuing the show ip eigrp topology active command, as shown in the following
output:
If feasible successors exist when the current successor becomes unreachable, the EIGRProuter
immediately uses a feasible successor. Because route recomputation is not required, the route will
stay in the passive state.
EIGRP routers maintain a neighbor table, a topology table, and a routing table. Theneighbor table
lists all the adjacent routers configured to run EIGRP. The topology table lists the next hop for all
the network destinations known to all the EIGRP neighbors that represent a loopfree path to that
destination. The routing table lists only the best route to each destination network.
EIGRP calculates a feasible distance (FD) for each neighbor. The FD represents the cost ofusing
that particular next hop to reach the destination. The neighbor with the lowest FD to a destination
network is known as the successor, and the route to that successor is stored in the routing table. If
a second neighbor can reach the same destination, but at a higher FD it is listed in the topology
table as a feasible successor and is stored in the topologytable as a backup in the event that the
successor fails. In the topology table, EIGRP will list all the successors and feasible successors
that can reach a given destination.
Routes are always in one of two states: passive or active. Routes are in the passive state when no
route recomputation is necessary. Route recomputation occurs when the network topology
changes due to a link failure or recovery. The routes will remain in the passive state as long as at
least one feasible successor exists. When no feasible successors exist for a destination, the route
enters the active state and EIGRP initiates a route recomputation by using the 224.0.0.10
multicast address to send query packets to all known EIGRP neighbors.
Routers running EIGRP will not check for their own router ID in the Neighbor field of an update
packet. Only routers running Open Shortest Path First (OSPF) perform this action. Before entering
a twoway state with an OSPF neighbor, a router running OSPF must seeits own router ID in the
Neighbor field of an update packet that it receives from that neighbor.
Routers running EIGRP do not elect designated routers (DRs) or backup designated routers
(BDRs). Only routers running OSPF elect DRs and BDRs. OSPF elects one router to be the DR
and another router to be the BDR in each multiaccess segment. The DR serves as asingle point of
contact for all OSPF routers on the multiaccess segment, and the BDR exists in case the DR fails.
All OSPF routers on the segment exchange updates only with the DR and BDR.
Reference:
http://docwiki.cisco.com/wiki/Enhanced_Interior_Gateway_Routing_Protocol

Cisco 400-101 Exam
QUESTION NO: 369
You issue the no service tcpsmallservers command on a Cisco router.
Which of the following servers are disabled by the command? (Select 3 choices.)
A.
BOOTP
B.
chargen
C.
discard
D.
echo
E.
finger
Answer: B,C,D
Explanation:
The discard, echo, and chargen servers are disabled by issuing the no service tcpsmallservers
command. The discard server, which uses Transmission Control Protocol (TCP) port 9, discards
any data that is sent to it. The echo server, which uses TCP port 7, receives data and echoes that
data back to the sender. The chargen server, which uses TCP port 19, generates a stream of
ASCII data back to the sender. These servers are used to test TCP functionality; however, they
can be exploited. Therefore, it is recommended that these servers be disabled. The TCP small
servers are disabled by default on Cisco IOS version 11.3 and later.
The finger server is not disabled by issuing the no service tcpsmallservers command. The finger
server, which uses TCP port 79, displays user information. By default, the finger server is
disabled. If the finger server has been enabled, you can disable it by issuing the no ip finger
command or the no service finger command.
The Bootstrap Protocol (BOOTP) server is not disabled by issuing the no service tcpsmallservers
command. The BOOTP server, which uses User Datagram Protocol (UDP) port 67, is a
predecessor of Dynamic Host Configuration Protocol (DHCP) and is used to assign IP addresses
to client devices. By default, the BOOTP server is enabled. To disable the BOOTP server, you
should issue the no ip bootp server command.
Reference:
xml/ios/fundamentals/command/cf_command_ref/R_through_setup.html#wp2590195365

Cisco 400-101 Exam
https://www.cisco.com/image/gif/paws/12815/23.pdf
Cisco: TCP and UDP Small Servers (PDF)
Select the characteristics from the left, and place them underneath the corresponding line type on
the right. Fill all boxes. Characteristics can be used more than once; some characterisitcs might
not be used.
To complete this question, click Launch Simulator and follow the onscreen instructions.
Select and Place:
Answer:

Cisco 400-101 Exam
Explanation:
An Ethernet private line (EPL) is a Metro Ethernet ELine service that uses a pointtopoint Ethernet
virtual connection (EVC) between two User Network Interfaces (UNIs). An EVCassociates two or
more UNIs. A UNI is the demarcation point at which the service provider's responsibility ends and
the customer's responsibility begins. Bandwidth profiles can be established per EVC or per UNI.
An EPL provides full transparency such that Layer 2 protocols are the same at the sourceand
destination UNIs. However, an EPL does not allow for service multiplexing; only one EP is
supported at the UNI. Instead, an EPL allows alltoone bundling. Generally, if a UNIis configured
for service multiplexing, alltoone bundling must be disabled, and conversely, if a UNI is configured
for alltoone bundling, service multiplexing must be disabled.
An Ethernet virtual private line (EVPL) is also a Metro Ethernet ELine service that uses
apointtopoint EVC between two UNIs. Unlike an EPL, an EVPL does not provide full transparency,
because Layer 2 control protocols are discarded at the UNI. However, an EVPL allows for service

Cisco 400-101 Exam
multiplexing so that more than one EVC is supported at the UNI.
Neither an EPL nor an EVPL use EVCs between Network to Network Interfaces (NNIs). Like UNIs,
NNIs are demarcation points? however, NNIs are demarcation points between service provider
networks.
Neither an EPL nor an EVPL are ELAN services. Whereas ELine services are pointtopoint
Ethernet services, ELAN services are multipointtomultipoint Ethernet services.
Reference:
Select the terms that are displayed in the output from the show ip eigrp neigbors command form
the left, and drag them to the corresponding definitions on the right.
Answer:
Explanation:
Enhanced Interior Gateway Routing Protocol (EIGRP) maintains three tables for each Layer3
protocol:
-Neighbor table
Cisco 400-101 Exam
-Topology table
-Routing table
The EIGRP neighbor table lists the directly connected neighbors that have an established
EIGRP adjacency with the router, as shown in the following output from the show ip eigrp
neighbors command:
In the output above, the EIGRP process on RouterA has established an adjacency, or neighbor
relationship, with another EIGRP router that has been assigned the IP address of 192.168.1.2.
The SRTT column value, which is 26, indicates the smooth roundtrip time (SRTT) in milliseconds.
The SRTT indicates how long it takes for an EIGRP packet to be sent and for an acknowledgment
to be returned. The RTO column value, which is 200, indicates the retransmit interval in
milliseconds. The retransmit interval, or retransmission timeout (RTO), is the amount of time an
EIGRP router will wait before attempting to resend a packet that has been stored in the
retransmission queue. The retransmission queue contains packets that a router needs to resend
to a neighboring router. Related to the retransmit interval is the queue (Q) count, which is
displayed in the Q Cnt column. The Q count is the number of EIGRP reply, query, and update
packets that are waiting to be sent. The Q count in the output above is 0, which indicates that
there are no packets that are waiting to be sent.
Reference:
QUESTION NO: 372
You issue the mls ip cef loadsharing full simple command.
A.
CEF load balancing will use Layer 3 information with multiple adjacencies.
B.
CEF load balancing will use Layer 3 information without multiple adjacencies.

Cisco 400-101 Exam
C.
CEF load balancing will use Layer 3 and Layer 4 information with multiple adjacencies.
D.
CEF load balancing will use Layer 3 and Layer 4 information without multiple adjacencies.
Answer: D
Explanation:
Cisco Express Forwarding (CEF) load balancing will use Layer 3 and Layer 4 informationwithout
multiple adjacencies. The syntax of the mls ip cef loadsharing command is mls ip cef loadsharing
[full] [excludeport {destination | source}] [simple]. When the full keyword is used, CEF load
balancing will use Layer 3 and Layer 4 information with multiple adjacencies. When the simple
keyword is used, CEF load balancing will use Layer 3 information without multiple adjacencies.
When the full and simple keywords are both used, CEF load balancing will use Layer 3 and Layer
4 information without multiple adjacencies.
The excludeport keyword configures CEF to exclude either source or destination Layer 4 ports
from the load balancing algorithm. In addition, the excludeport keyword configures
CE to exclude both source and destination IP addresses from the load balancingalgorithm,
regardless of whether the source or destination keywords are used.
Reference:
i1.html#wp4169023325
QUESTION NO: 373
In which of the following scenarios will a BGP route be advertised when conditional
advertisements are configured? (Select 2 choices.)
A.
when a prefix appears in the advertise map and in the exist map
B.
when a prefix appears in the advertise map but not in the exist map
C.
when a prefix appears in the advertise map and in the nonexist map
D.
when a prefix appears in the advertise map but not in the nonexist map

Cisco 400-101 Exam
E.
when a prefix does not appear in the advertise map but does appear in the exist map
F.
when a prefix appears in neither the advertise map nor the exist map
G.
when a prefix does not appear in the advertise map but does appear in the nonexist map
H.
when a prefix appears in neither the advertise map nor the nonexist map
Answer: A,D
Explanation:
When conditional advertisements are configured, a Border Gateway Protocol (BGP) route will be
advertised in either of these scenarios:
-When a prefix appears in the advertise map and in the exist map
-When a prefix appears in the advertise map but not in the nonexist map
A conditional advertisement is a route that is withheld from a neighbor until a condition ismet. The
prefixes are contained within two route maps: an advertise map and either an exist map or a
nonexist map. The advertise map indicates the prefixes that will be advertised when the condition
is met, provided that the prefix exists in the BGP routing table. If an exist map is used, the prefix
must appear within the advertise map and the exist map in order for the router to advertise the
prefix. If a nonexist map is used, the prefix must appear within the advertise map but not within the
nonexist map in order for the router to advertise the prefix.
Conditional advertisements are created by issuing the neighbor advertisemapcommand from BGP
router configuration mode. The syntax of the neighbor advertisemap command is neighbor ip
address advertisemap mapname {existmap mapname | nonexistmap mapname}. For example, the
neighbor 192.168.1.1 advertisemap BOSON1 existmap EXIST1 command creates a conditional
advertisement where a prefix will be advertised to a neighbor at 192.168.1.1 if a prefix exists in
BOSON1 as well as the exist map EXIST1. Conversely, the neighbor 192.168.1.1 advertisemap
BOSON1 nonexistmap NONEXIST1 command creates a conditional advertisement where a prefix
will be advertised to a neighbor at 192.168.1.1 if the prefix appears in BOSON1 but does not
appear in the nonexist map NONEXIST1.
Reference:
l#wp1105432

Cisco 400-101 Exam
QUESTION NO: 374
Which of the following commands should you issue to create a virtual link between Area 0.0.0.0
and Area 0.0.0.5? (Select 2 choices.)
A.
Router1(configrouter)#area 0.0.0.5 virtuallink 10.5.1.1
B.
C.
D.
E.
F.
Answer: B,E
Explanation:
You should issue the area 0.0.0.9 virtuallink 10.4.1.1 command on Router2 and the area 0.0.0.9

Cisco 400-101 Exam
virtuallink 10.2.1.1 command on Router4 to create a virtual link between Area 0.0.0.0 and Area
0.0.0.5. To create a virtual link, you should issue the area areaidvirtuallinkrouterid command in
router configuration mode on each area border router (ABR), where areaid is the transit area ID,
and routerid is the router ID of the router at the other end of the virtual link.
Al areas in an Open Shortest Path First (OSPF) internetwork must be connected to thebackbone
area, Area 0.0.0.0, also known as simply Area 0. A virtual link must be created between two ABRs
to connect a remote area to the backbone area through a transit area. The following restrictions
apply to virtual links:
-The routers at each end of the virtual link must share a common area.
-The transit area cannot be a stub area.
-The transit area cannot be the backbone area.
-One router must connect to the backbone area.
In this scenario, Router2 and Router4 are ABRs that share a common area, Area 0.0.0.9. Router2
connects to the backbone area, and Router4 connects to the remote area. Because Area 0.0.0.9
will be used as the transit area for the virtual link, Area 0.0.0.9 cannot beconfigured as a stub area.
You cannot create a virtual link between Router1 and Router5, because they do not share a
common area. Therefore, you should not issue the area 0.0.0.5 virtuallink 10.5.1.1command on
Router1 or the area 0.0.0.0 virtuallink 10.1.1.1 command on Router5.
You should not issue the area 0.0.0.0 virtuallink 10.3.1.1 command on Router2 or the area 0.0.0.5
virtuallink 10.3.1.1 command on Router4. The areaid parameter should be the transit area ID, not
the backbone or remote area ID. Additionally, you should establish the virtual link directly between
two routers, not between two routers and an intermediate router.
Reference:
QUESTION NO: 375
Which of the following commands creates a single-rate, dual-bucket, three-color policer? (Select
the best answer.)
A.
police 100000 5000 8000 conform-action transmit exceed-action set-dscp-transmit af21
B.
police 100000 5000 8000 conform-action transmit exceed-action set-dscp-transmit af21 violate-
Cisco 400-101 Exam
action drop
C.
police cir 50000 bc 50000 pir 100000 conform-action transmit exceed action se-tdscp-transmit
af21
D.
police cir 50000 pir 100000 conform-action transmit exceed-action set dscp-transmit af21 violate-
actiondrop
Answer: B
Explanation:
The police 100000 5000 8000 conformaction transmit exceedaction setdscp transmit af21
violateaction drop command creates a singlerate, dualbucket, threecolor policer. Traffic policing is
used to control the amount of traffic sent on an interface. The police command transmits,
reclassifies, or drops traffic based on how much traffic is being sent.
The syntax of the singlerate police command is policebps [burstnormal] [burstmax] conformaction
actionexceedaction action [violateaction action], where the optional burstnormal and burstmax
parameters are specified in bytes. In the police 100000 5000 8000 conformaction transmit
exceedaction setdscptransmit af21 violateaction drop command, the average rate is 100,000 bps,
the normal burst size is 5,000 bytes, and the maximum burst size is 8,000 bytes. The
conformactionkeyword specifies what happens to packets that conform to the bps rate? in this
example, traffic up to 100,000 bps is transmitted. The exceedaction keyword specifies what
happens to traffic that exceeds the rate limit but does not exceed the maximum burst size? in this
example, traffic that exceeds the rate limit up to 8,000 bytes is transmitted with a
Differentiated Services Code Point (DSCP) value of AF21. The optional violateactionkeyword
specifies what happens to packets that exceed the maximum burst size? in this example, packets
that exceed the maximum burst size are dropped.
Issuing the singlerate police command with the conformaction, exceedaction, andviolateaction
keywords creates a dualbucket, threecolor policer. Conforming traffic is considered green traffic,
bursting traffic is considered yellow traffic, and traffic that violates the policy is considered red
traffic. Traffic flowing into the first bucket is green traffic. When the first bucket is full, traffic flows
into the second bucket. Traffic flowing into the second bucket is yellow traffic. When the second
bucket is full, red traffic overflows the second bucket.
Issuing the singlerate police command with the conformaction and exceedactionkeywords but
without the violateaction keyword creates a singlebucket, twocolor policer. Therefore, the police
100000 5000 8000 conformaction transmit exceedaction setdscptransmit af21 command creates a
singlerate, singlebucket, twocolor policer. You can also issue the police command with two traffic
rates: a committed information rate (CIR) and a peak information rate (PIR). The syntax of the
dualrate police command is policecircir [bc conformburst] [pirpir] [bepeakburst] [conformaction
action[exceedaction action [violateaction action]]], where cir and pir are specified in bps.
Therefore, the police cir 50000 bc 50000 pir 100000 conformaction transmit exceedaction
setdscptransmit af21 command and the police cir 50000 pir 100000 conformaction transmit
Cisco 400-101 Exam
exceedaction setdscptransmit af21 violateaction drop command create a dualrate policer, not a
singlerate policer.
A dualrate policer always uses a dualbucket policer regardless of the number of colorsspecified.
Therefore, the police cir 50000 bc 50000 pir 100000 conformaction transmit exceedaction
setdscptransmit af21 command creates a dualrate, dualbucket, twocolor policer, and the police cir
50000 pir 100000 conformaction transmit exceedaction setdscptransmit af21 violateaction drop
command creates a dualrate, dualbucket, threecolor policer.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/qos/command/reference/qos_book/qos_n1.html#wp106
0117
https://www.cisco.com/c/en/us/td/docs/ios/qos/command/reference/qos_book/qos_n1.html#wp104
7550
https://www.cisco.com/c/en/us/td/docs/routers/10000/10008/configuration/guides/qos/qoscf/10qpol
ce.html#wp1041572
Select the pseudowire FEC element fileds from the left, and place them on the corresponding
descriptions on the right.
Answer:

Cisco 400-101 Exam
Explanation:
A pseudowire FEC element consists of the following fields:
Pseudowire ID FEC
CBit
Pseudowire Type
Pseudowire Information Length
Group ID
Pseudowire ID
Interface Parameters
The Pseudowire ID Forwarding Equivalence Class (FEC) is an 8bit field that is always set to a
value of 128. This value indicates that the packet is a pseudowire FEC element.
The CBit, or Control Word Bit, indicates whether a 4bit control word will be present in every
pseudowire packet. If the CBit is set to a value of 1, the control word will be placed between the
Multiprotocol Label Switching (MPLS) label stack and the Layer 2 payload.
Cisco 400-101 Exam
The Pseudowire Type is a 15bit field that indicates the type of pseudowire. This field will be set to
a value of 0x0005 if the pseudowire is an Ethernet pseudowire.
The Pseudowire Information Length is an 8bit field that indicates the octet length of the
Pseudowire ID field and the Interface Parameters field. If the Pseudowire Information Length field
is set to a value of 0, the Pseudowire ID and Interface Parameters fields are not present? the
pseudowire FEC element applies to all pseudowires using the specified Group ID. The Group ID is
a 32bit arbitrary value that represents a group of pseudowires. The Pseudowire ID field is a 32bit
specific value that represents a particular pseudowire.
The Pseudowire ID is a 32bit value that identifies a particular pseudowire. Both endpoints must be
configured with the same pseudowire type and ID.
The Interface Parameters field is the only variable length field. This field provides circuitspecific
information, such as the maximum transmission unit (MTU) for the interface.
Reference:
https://tools.ietf.org/html/rfc4447#section-5.2
http://www.ciscopress.com/articles/article.asp?p=386788&amp;amp;amp;seqNum=2
QUESTION NO: 377
Which of the following statements best describes the BGP split horizon rule? (Select the best
answer.)
A.
Routes learned through eBGP are not advertised to iBGP peers.
B.
Routes learned through iBGP are not advertised to eBGP peers.
C.
Routes learned through iBGP are not advertised to iBGP peers.
D.
Routes learned through eBGP are not advertised to eBGP peers.
Answer: C
Explanation:
The Border Gateway Protocol (BGP) split horizon rule states that routes learned through internal
BGP (iBGP) are not advertised to iBGP peers, which are BGP routers that exist within the same
autonomous system (AS). An iBGP peer advertises the following routes to another iBGP peer:
Cisco 400-101 Exam
-Routes learned through external BGP (eBGP)
-Routes learned through redistribution
-Routes originated by a network statement
Because iBGP routes are not advertised to iBGP peers, one of the following actions must betaken
to enable routers running iBGP to communicate:
-Configure a full mesh.
-Configure a confederation.
-Configure a route reflector.
A full mesh configuration enables each router to learn each iBGP route independentlywithout
passing through a neighbor. However, a full mesh configuration requires the most administrative
effort to configure. A confederation enables an AS to be divided into discrete units, each of which
acts like a separate AS. Within each confederation, the routers must be fully meshed unless a
route reflector is established. A route reflector can be used to pass iBGP routes between iBGP
routers, eliminating the need for a full mesh configuration.
However, it is important to note that route reflectors advertise best paths only to routereflector
clients. Additionally, if multiple paths exist, a route reflector will always advertise the exit point that
is closest to the route reflector.
eBGP peers are BGP routers that belong to different ASes. An eBGP peer advertises the following
routes to another eBGP peer:
-Routes learned through iBGP
-Routes learned through eBGP
Reference:
m1.html#wp9015889000
https://www.cisco.com/en/US/docs/net_mgmt/ip_manager/1.0/user/guide/app_integrity_checks.ht
ml#wp4405
QUESTION NO: 378
Which of the following values in an MPLS label indicates that this label is the last label in the

Cisco 400-101 Exam
stack? (Select the best answer.)
A.
a value of 0 in the TTL field
B.
a value of 255 in the TTL field
C.
a value of 0 in the TC field
D.
a value of 1 in the TC field
E.
a value of 0 in the S field
F.
a value of 1 in the S field
Answer: F
Explanation:
A value of 1 in the S field in a Multiprotocol Label Switching (MPLS) label, which is alsoknown as a
MPLS header, indicates that this label is the last label in the stack. The structure of a typical 4byte
MPLS label is shown below:
The S field, sometimes referred to as the Stack bit or the BottomofStack field, is a 1bit field that
indicates whether the label is the last MPLS label in a packet. An S field set to 0 indicates that one
or more MPLS labels follow this label. An S field set to 1 indicates that this label is the last label in
the stack.
The TimeToLive (TTL) field is not used to indicate whether a label is the last label in the stack.
Similar to an IP TTL field, the MPLS TTL field is an 8bit field that is used to control the propagation
of packets through an MPLS network. When an IP packet enters an MPLS network, the ingress
router decrements the IP TTL value by 1 and copies that value to the MPLS TTL field. Each MPLS
router along the path decrements the MPLS TTL field by 1. When the packet reaches the egress
router, the MPLS TTL value is decremented by 1 and copied to the IP TTL field. A TTL field set to
0 indicates that the packet should be discarded. If MPLS TTL propagation is disabled, the MPLS
TTL field is set to 255 and decrements as the packet passes through the MPLS network; when the

Cisco 400-101 Exam
packet reaches the egress router, the MPLS TTL value is not copied to the IP TTL field.
The Traffic Class (TC) field is not used to indicate whether an MPLS label is the last label in the
stack. Cisco routers use the 3bit TC field to carry the IP precedence value, which is used to
classify and prioritize network traffic. The TC field was formerly designated as the
Experimental (EXP) field in Request for Comments (RFC) 3032. However, RFC 3032 did
notofficially designate the use of the EXP field, so some nonCisco routers use this field for other
purposes. RFC 5462 officially renames the EXP field as the TC field and designates it to carry
traffic class information, such as IP precedence values. A TC field set to 0 indicates a packet that
contains lowpriority traffic, and a TC field set to 1 indicates a packet with a slightly higher priority
than a packet with a TC field set to 0. Highpriority traffic would have a TC field set to 7.
Reference:
faq-4649.html
https://www.cisco.com/en/US/tech/tk828/technologies_q_and_a_item09186a00800a43f5.shtml
QUESTION NO: 379
Which of the following OSPF areas does not accept Type 3, 4, and 5 summary LSAs? (Select the
best answer.)
A.
stub area
B.
ordinary area
C.
backbone area
D.
notsostubby area
E.
totally stubby area
Answer: E
Explanation:

Cisco 400-101 Exam
An Open Shortest Path First (OSPF) totally stubby area does not accept Type 3, 4, and 5summary
linkstate advertisements (LSAs), which advertise routes outside the area. These LSAs are
replaced by a default route at the area border router (ABR). As a result, routing tables are kept
small within the totally stubby area. To create a totally stubby area, you should issue the area
areaid stub nosummary command in router configuration mode.
The backbone area, Area 0, accepts all LSAs. All OSPF areas must directly connect to the
backbone area or must traverse a virtual link to the backbone area. To configure a router to be
part of the backbone area, you should issue the area 0 command in router configuration mode.
An ordinary area, which is also called a standard area, accepts all LSAs. Every router in
anordinary area contains the same OSPF routing database. To configure an ordinary area, you
should issue the area areaid command in router configuration mode.
A stub area does not accept Type 5 LSAs, which advertise external summary routes. Routers
inside the stub area will send all packets destined for another area to the ABR. To configure a stub
area, you should issue the area areaid stub command in router configuration mode.
A notsostubby area (NSSA) is basically a stub area that contains one or more autonomoussystem
boundary routers (ASBRs). Like stub areas, NSSAs do not accept Type 5 LSAs.
External routes from the ASBR are converted to Type 7 LSAs and tunneled through theNSSA to
the ABR, where they are converted back to Type 5 LSAs. To configure an NSSA, you should issue
the area areaid nssa command in router configuration mode. To configure a totally NSSA, which
does not accept summary routes, you should issue the area areaid nssa nosummary command in
router configuration mode.
Reference:
QUESTION NO: 380
For which of the following reasons would a multicast host send a packet to 235.77.34.2? (Select 2
choices.)
A.
to join a multicast group at 235.77.34.2
B.
to leave a multicast group at 235.77.34.2
C.
to send a general query
D.

Cisco 400-101 Exam
to reply to a general query
Answer: A,D
Explanation:
A multicast host would send a packet to 235.77.34.2 to join a multicast group at235.77.34.2 and to
reply to either a general membership query or a groupspecific membership query. Internet Group
Management Protocol (IGMP) has three message types: a membership report message, a
membership query message, and a leave group message. When a host wants to join a multicast
group, it sends an IGMP membership report message to that multicast group IP address. Packets
for that multicast group are then sent on that network segment so that the host can receive the
multicast traffic. When a host receives a membership query, it will send a membership report
message to the multicast groups from which the host wants to receive traffic.
A multicast host would not send a packet to 235.77.34.2 to send a general query. Thequerier
router on a network segment sends out general query messages to the 224.0.0.1 all hosts
multicast address to determine whether any hosts on that network segment want to continue to
receive multicast packets for any multicast group. If at least one host responds with a membership
segment. If no host responds to three consecutive membership query messages, the router will
stop forwarding the multicast traffic on that network segment. When IGMPv2 is used, the Max
Response Time field in membership query messages contains a nonzero value. In IGMPv1
messages, the field is set to a value of 0, which is interpreted to mean 100 deciseconds, or 10
seconds. The IGMPv2 membership query message is the only message that contains a nonzero
value in the Max Response Time field? all other message types set the field to a value of 0.
A multicast host would not send a packet to 235.77.34.2 to leave a multicast group at235.77.34.2.
When IGMP version 1 (IGMPv1) is used, hosts leave a multicast group without sending any
notification. When IGMPv2 is used, hosts send a leave group message to 224.0.0.2 when leaving
a multicast group; the 224.0.0.2 multicast address is used to send a message to all
multicastcapable routers. When a multicast router receives a leave group message, the router will
send a groupspecific membership query to the multicast group to determine whether there are any
hosts on the segment that want to continue to receive the multicast traffic from that group. If at
least one host responds with a membership report message, the querier will continue to send
those multicast packets on that network segment.
Reference:
CCIE Routing and Switching v5.0 Certification Guide, Volume 2, Chapter 7, IGMPv2
HostMembership Query Functions, pp. 285-286
CCIE Routing and Switching v5.0 Certification Guide, Volume 2, Chapter 7, IGMPv2 Leave Group
and GroupSpecific Query Messages, pp. 289-291

Cisco 400-101 Exam
QUESTION NO: 381
Which of the following statements are true regarding traffic shaping and traffic policing? (Select 2
choices.)
A.
Traffic shaping can be used on only inbound traffic.
B.
Traffic shaping can be used on only outbound traffic.
C.
Traffic shaping can be used on both inbound and outbound traffic.
D.
Traffic policing can be used on only inbound traffic.
E.
Traffic policing can be used on only outbound traffic.
F.
Traffic policing can be used on both inbound and outbound traffic.
Answer: B,F
Explanation:
Traffic shaping can be used on only outbound traffic, and traffic policing can be used on both
inbound and outbound traffic. Traffic shaping is typically performed at the customer edge (CE)
device, so inbound shaping is not necessary. Traffic policing is applied at the service provider
edge on the interface that is connected to the customer.
traffic that exceeds the Service Level Agreement (SLA). Excess traffic and outofprofile packets are
dropped or remarked and transmitted. If the policing rate for a priority queue is too low with
respect to the amount of available bandwidth for given type of traffic, the quality of that traffic can
suffer. Therefore, you should ensure that the policing rate is configured at a rate that both protects
the quality of traffic and mitigates excessive use of bandwidth by a single type of traffic. Traffic
shaping is used to slow down traffic due to congestion, to enforce bandwidth rates, and to send
traffic classes at different rates.
Although traffic shaping and traffic policing both use a token bucket to control bandwidthutilization,
they do so in different ways. Traffic policing smooths traffic by queuing excess traffic in memory
and drops the excess traffic only if the queue is full. The shaping parameters can also be
configured so that packets can be sent in excess of the committed information rate (CIR) for a
short period of time. By contrast, traffic policing drops or remarks excess traffic, which causes
bandwidth utilization to be more bursty.

Cisco 400-101 Exam
Reference:
policevsshape.html
QUESTION NO: 382
You connect RouterA and RouterB to your network. RouterA is a Cisco router, and RouterB is a
thirdparty router.
RouterA is configured with the following information:
VRRP group 1
VRRP priority 150
IP address 192.168.1.1
MAC address 0000.0c12.3456
RouterB is configured with the following information:
VRRP group 1
VRRP priority 200
IP address 192.168.1.2
MAC address 0000.0d12.3456
A.
RouterA will be the master virtual router.
B.
The virtual router group will use IP address 192.168.1.2.
C.
The virtual router group will use MAC address 0000.0d12.3456.
D.
VRRP will not work, because the routers are from two different vendors.
Answer: B
Cisco 400-101 Exam
Explanation:
The virtual router group will use IP address 192.168.1.2. Virtual Router Redundancy Protocol
(VRRP) is a standards-based redundancy protocol that enables a group of routers to act as a
single virtual network gateway. The router with the highest priority in the VRRP group is called the
master virtual router, which is the only active router in the group. In this scenario, RouterB has the
highest priority, so it will become the master virtual router. The
IP address of the master virtual router is used as the IP address of the virtual router group; client
computers should use this address as the default gateway. In this scenario, the IP address of
RouterB is 192.168.1.2. Therefore, the virtual router group will use IP address 192.168.1.2.
Al the other routers in the VRRP group are called backup virtual routers, which are placed into the
VRRP backup state. When the master virtual router fails, one of the backup virtual routers will
assume the role of master virtual router. When the original master virtual router comes back up, it
will reassume the role of master virtual router. In this scenario, RouterA will assume the role of
backup virtual router. If RouterB were to fail, RouterA would assume the role of master virtual
router. When RouterB comes back up, it would preempt RouterA and reassume the role of master
virtual router.
The virtual router group will not use Media Access Control (MAC) address 0000.0d12.3456.
Instead, it will use the multicast virtual MAC address 0000.5e00.01xx, where xx is the VRRPgroup
number in hexadecimal notation.
VRRP will work even though the routers are from two different vendors. Unlike Hot Standby
Router Protocol (HSRP) and Gateway Load Balancing Protocol (GLBP), which are both
proprietary to Cisco, VRRP is standardsbased? VRRP is defined in Request for Comments (RFC)
3768. Therefore, VRRP can be used with routers from many different vendors.
Reference:
book/fhp-vrrp.html#GUID-B7086877-B97F-47C9-BF33-90B4D098DBF5
CCIE Routing and Switching v5.0 Certification Guide, Volume 1, Chapter 5, HSRP, VRRP, and
GLBP, pp. 236-239
QUESTION NO: 383
You administer a router that receives four routes to a destination network: an internal EIGRP
route, an external EIGRP route, an OSPF route, and an internal BGP route. Which of the following
statements is accurate? (Select the best answer.)
A.
Cisco 400-101 Exam
A RIB failure will occur.
B.
A memory failure will occur.
C.
All the routes will be placed into the routing table.
D.
The OSPF route will be placed into the routing table.
E.
The internal BGP route will be placed into the routing table.
Answer: A
Explanation:
A Routing Information Base (RIB) failure will occur because the router is attempting toinstall into
the routing table a Border Gateway Protocol (BGP) route that is the same as an existing route with
a lower administrative distance (AD). When multiple routes to a network exist and each route uses
a different routing protocol, a router prefers the routing protocol with the lowest AD. The following
list contains the most commonly used ADs:
You can verify the list of Open Shortest Path First (OSPF) routes that are eligible to be included in
the routing table by issuing the show ip ospf rib command.
Al the routes will not be placed into the routing table; only the route with the lowest ADwill be
placed into the routing table. Therefore, the router installs the internal Enhanced Interior Gateway
Routing Protocol (EIGRP) route. The internal EIGRP route has an AD of90, the OSPF route has
an AD of 110, the external EIGRP route has an AD of 170, and the internal BGP (iBGP) route has
an AD of 200.
Cisco 400-101 Exam
A RIB failure can be caused by a memory failure, but a memory failure will not occur whena router
attempts to install into the routing table a BGP route that is the same as an existing route with a
lower AD. In addition, RIB failures can occur when the number of VPN routing and forwarding
(VRF) routes exceeds the VRF instance's route limit.
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5816-bgpfaq-
5816.html#twenty-three
distance.html
QUESTION NO: 384
You administer the network shown above. ServerB, ServerC, and ServerD are multicast sources
for multicast group 227.1.1.1. You want HostA to join multicast group 227.1.1.1. However, you
want HostA to receive multicast traffic from only ServerB.
A.
IGMPv2 is required.
B.
IGMPv3 is required.
C.
You must connect HostA to RouterB.
D.
HostA must be on the same subnet as ServerB.

Cisco 400-101 Exam
E.
HostA must join the multicast group and exclude ServerC and ServerD.
Answer: B
Explanation:
To enable HostA to receive multicast traffic from only RouterB, Internet Group Management
Protocol version 3 (IGMPv3) is required. IGMPv3 improves upon IGMPv2 by adding support for
Source Specific Multicast (SSM). SSM enables a multicast host to send an INCLUDE message to
specify the source addresses from which it will accept multicast traffic or to send an EXCLUDE
message to specify the source addresses from which it will not accept multicast traffic.
HostA could join the multicast group and exclude RouterC and RouterD by sending an EXCLUDE
message with the IP addresses of RouterC and RouterD, but it is not required todo so. Instead,
HostA could join the multicast group and include ServerB by sending an INCLUDE message with
the IP address of ServerB.
IGMPv3 is backward compatible with IGMPv1 and IGMPv2. However, neither IGMPv1 nor
IGMPv2 supports SSM. Therefore, neither IGMPv1 nor IGMPv2 can enable HostA to
receivemulticast traffic from only ServerB.
Neither connecting HostA to RouterB nor placing HostA on the same subnet as ServerB will
enable HostA to receive multicast traffic from only ServerB. If HostA does not specify from which
sources it should receive multicast traffic or if IGMPv3 is not enabled, HostA could receive
multicast traffic from ServerB, ServerC, or ServerD.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/ip_multicast/White_papers/mcst_ovr.ht
ml#wp1015526
QUESTION NO: 385
You are configuring EEM on a router. You issue the event ioswdsysmon sub1 mem-proc
taskname Task1 op ge val 30 is-percent true period 200 command.
When will the event action be triggered for the Task1 process? (Select the best answer.)
A.
when the memory usage decreases by 30 percent or more during a 200 millisecond period
B.
when the memory usage increases by 30 percent or more during a 200 second period

Cisco 400-101 Exam
C.
when the processor usage decreases by 30 percent or more during a 200 millisecond period
D.
when the processor usage increases by 30 percent or more during a 200 second period
Answer: B
Explanation:
The event action will be triggered when the memory usage increases by 30 percent or more during
a 200second period. Embedded Event Manager (EEM) enables routers to monitor events and
perform actions if those events are triggered. The event ioswdsysmon command configures the
Watchdog System Monitor (IOSWDSysMon) to monitor memory and processor usage.
To configure a router to monitor memory events, you should issue the event ioswdsysmon sub1
memproc taskname processnameop operatorval value [ispercent {true | false}] [period
periodvalue] command. The processname variable is the name of the process that is monitored by
the router; if the process name contains spaces, the process name must be enclosed in double
quotation marks ("). The following operators can be used with the operator variable:
-gt-greater than
-ge-greater than or equal to
-lt-less than
-le-less than or equal to
-eq -equal to
-ne-not equal to
The value variable is used to specify the threshold value. If the ispercent true keywords are used,
the value variable is specified as a percentage; if the ispercent false keywords are used, the value
variable is specified in kilobits. Finally, the periodvalue variable is used to determine the number of
seconds during which the monitored value or values should be compared.
You can also trigger actions at specific intervals of time instead of when a specific event occurs by
issuing the event timer command. For example, to configure an Event Manager applet named
BOSON to trigger a set of commands at the half mark of every hour, you could issue the event
timer cron name BOSON cronentry 30 * * * * command. The cronentry keyword enables you to
specify precise intervals of time at which to execute a command. Each spaceseparated field of the
text string that follows the cronentrykeyword represents a unit of time. The units are configured in
the following order: minute hour dayofmonth month dayofweek. A * character in a field indicates
that the action should be triggered each minute, hour, day of the month, month, or day of the
week, depending on which fields contain the * character.
The event timer cron name BOSON cronentry 30 * * * * command configures the
Cisco 400-101 Exam
BOSON applet to trigger an action on the half hour mark of every hour, every day of themonth,
every month, and every day of the week. As a result, the action will execute once per hour. You
can additionally use mathematical functions within the unit of time fields so that an action occurs at
regular intervals. For example, if you were to specify a value of */10 in the minutes field of the
command above, the actions would be executed every 10 minutes instead of at the half mark of
every hour.
The event action will not be triggered when the memory usage decreases by 30 percent during a
200millisecond period. To configure a router to trigger the event action when the memory usage
decreases by 30 percent or more during a 200millisecond period, you should issue the event
ioswdsysmon sub1 memproc taskname Task1 op le val 30 ispercent true period 0.2 command.
The event action will not be triggered when the processor usage changes. To configure a router to
monitor processor events, you should issue the event ioswdsysmon sub1 cpuproc taskname
processnameop operatorval value [period periodvalue] command. To configure a router to trigger
the event action when the processor usage decreases by 30 percent during a 200millisecond
period, you should issue the event ioswdsysmon sub1 cpuproc taskname Task1 op le val 30
period 0.2 command. Similarly, to configure a router to trigger the event action when the processor
usage increases by 30 percent during a 200second period, you should issue the event
ioswdsysmon sub1 cpuproc taskname Task1 op ge val 30 period 200 command.
To configure the event action that is triggered by EEM, you should issue the action command. For
example, EEM can be configured to restart a router with the action reload command, to send an
email message with the action mail command, or to generate a Simple Network Management
Protocol (SNMP) trap with the action snmp-trap command. The following keywords can be used
with the action command:
cli
cns-event
counter
force-switchover
info
mail
policy
publish-event
reload
snmpt-rap
syslog
Reference:
Cisco 400-101 Exam
e1.html#wp3383021707
https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t2/ht_eem.html#wp1053262
QUESTION NO: 386
Which of the following steps in the NAT order of operations always occur before address
translation? (Select 2 choices.)
A.
check input access list
B.
check output access list
C.
decryption
D.
encryption
E.
inspect CBAC
F.
policy routing
G.
routing
Answer: A,C
Explanation:
The following steps in the Network Address Translation (NAT) order of operations always occur
before address translation:
- Check input access list
- Decryption
communicate with the remote network. The steps that occur in the NAT order of operations
depend on what type of address translation is being processed. For example, NAT insidetooutside
translation operation typically occurs before the policy routing and routing operations. However,
Cisco 400-101 Exam
the NAT outsidetoinside translation operation typically occurs after policy routing and routing.
When a NAT router performs NAT insidetooutside translation, the following operations occur in
order:
1.If IP Security (IPSec) is implemented, check input access list
2.Decryption
3.Check input access list
4.Check input rate limits
5.Input accounting
6.Redirect to Web cache
7.Policy routing
8.Routing
9.NAT insidetooutside translation
11.Check output access list
12.Inspect Contextbased Access Control (CBAC)
13.Transmission Control Protocol (TCP) intercept
14.Encryption
15.Queueing
Conversely, when a NAT router performs NAT outsidetoinside translation, the followingoperations
occur in order:
1.If IPSec is implemented, check input access list
2.Decryption
3.Check input access list
4.Check input rate limits
5.Input accounting
6.Redirect to Web cache
7.NAT outsidetoinside translation

Cisco 400-101 Exam
8.Policy routing
9.Routing
11.Check output access list
12.Inspect CBAC
13.TCP intercept
14.Encryption
15.Queueing
Reference:
QUESTION NO: 387
Which of the following ports does TACACS+ use for AAA? (Select the best answer.)
A.
TCP 49
B.
UDP 1645
C.
UDP 1646
D.
TCP 1812
E.
TCP 1813
Answer: A
Explanation:
Terminal Access Controller Access Control System Plus (TACACS+) uses Transmission
Control Protocol (TCP) port 49 for Authentication, Authorization, and Accounting (AAA). TACACS+
is a network protocol that enables remote clients to authenticate with a server. Older
Cisco 400-101 Exam
implementations of the protocol, such as TACACS, used UDP port 49. TACACS+ segregated
authentication, authorization, and accounting into three separate server processes that can be run
on different physical servers and standardized on TCP port 49.
TACACS+ encrypts the entire body of a packet. Therefore, malicious users who intercept the
encrypted packet cannot view the user name or contents of the packet. TACACS+ provides more
flexibility by separating the authentication, authorization, and accounting functions of AAA. This
enables more granular control of access to resources. TACACS+ gives administrators more
control over access to configuration command; users can be permitted or denied access to
specific configuration commands.
Remote Authentication DialIn User Service (RADIUS), not TACACS+, uses User Datagram
Protocol (UDP) port 1645 and UDP port 1812 for authentication. Additionally, RADIUS uses UDP
port 1646 and UDP port 1813 for accounting. RADIUS is a client/serverbased authentication and
accounting system. The UDP port combination that will be used by RADIUS depends on the
whether the latest RADIUS Request for Comments (RFC) is being supported. Current RFCs
specify using port 1812 for authentication and port 1813 for accounting.
RADIUS is less secure and less flexible than TACACS+. RADIUS encrypts only the password of a
packet? the rest of the packet would be viewable if the packet was intercepted by a malicious
user. With RADIUS, the authentication and authorization functions of AAA are combined into a
single function, which limits the flexibility that administrators have when configuring these
functions. Furthermore, RADIUS does not provide router command authorization capabilities.
Reference:
https://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-
1/user/guide/acsuserguide/rad_tac_phase.html#wp1025022
QUESTION NO: 388
Which of the following statements are true regarding the graceful restart feature? (Select 2
choices.)
A.
Graceful restart enables a router to continue to forward packets during a restart of the routing
process.
B.
Graceful restart works only with OSPF.
C.
Graceful restart must be configured on all neighbor routers for the feature to work correctly.
D.
Graceful restart is proprietary to Cisco.
Cisco 400-101 Exam
E.
Graceful restart uses softwarebased forwarding mechanisms.
Answer: A,C
Explanation:
Graceful restart enables a router to continue to forward packets during a restart of therouting
process.
However, graceful restart must be configured on all neighbor routers for the feature to work
correctly. Graceful restart is enabled by default on routers running IOS version 12.4(6)T or later.
Graceful restart does not use softwarebased forwarding mechanisms. Instead, gracefulrestart
uses a hardwarebased forwarding mechanism, such as Cisco Express Forwarding (CEF), to
forward packets while the routing process is restarting. CEF maintains a copy of the routing table
information in the Forwarding Information Base (FIB). When a routing process is restarted on a
router with graceful restart enabled, the router uses the contents of the FIB to forward packets
during the restart. Neighbor routers continue to treat the restarting router as if it were fully
functional. After the routing process is restarted, the router reestablishes adjacencies with
neighbor routers and rebuilds the routing table.
Graceful restart works with Open Shortest Path First (OSPF). However, it also works with
Enhanced Interior Gateway Routing Protocol (EIGRP), Border Gateway Protocol (BGP), and
Intermediate SystemtoIntermediate System (ISIS).
Graceful restart is not just a feature that is proprietary to Cisco. Request for Comments(RFC) 3623
defines a nonproprietary, standardsbased version of graceful restart called Internet Engineering
Task Force (IETF) nonstop forwarding (NSF). However, beforegraceful restart was defined in RFC
3623, Cisco implemented a proprietary version of graceful restart called Cisco NSF. Cisco IOS
supports both NSF implementations.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/gr_ospf.html
QUESTION NO: 389
Which of the following ports will be put into the errdisable state? (Select the best answer.)
A.
a port configured with root guard that starts receiving BPDUs
B.
a port configured with root guard that stops receiving BPDUs

Cisco 400-101 Exam
C.
a port configured with loop guard that starts receiving BPDUs
D.
a port configured with loop guard that stops receiving BPDUs
E.
a port configured with BPDU guard that starts receiving BPDUs
F.
a port configured with BPDU guard that stops receiving BPDUs
Answer: E
Explanation:
A port configured with BPDU guard that starts receiving bridge protocol data units (BPDUs)will be
put into the errdisable state. BPDU guard is used to define the edge of the Spanning Tree Protocol
(STP) domain by ensuring that access mode ports do not receive BPDUs. When a port that is
configured with BPDU guard receives a BPDU, BPDU guard immediately puts the port into the
errdisable state and shuts down the port. The port must then be manually reenabled, or it can be
recovered automatically through the errdisable timeout function.
Root guard is used to prevent a port from becoming a root port. When a port receives a superior
BPDU, it will normally attempt to become a root port. However, a root guard port that receives a
superior BPDU will be put into the rootinconsistent state, and no data will flow through that port
until it stops receiving superior BPDUs. A root guard port will not be put into the errdisable state
because of the presence or absence of BPDUs.
The loop guard feature prevents a port from inadvertently forming switching loops if the steady
flow of BPDUs is interrupted. A port that is configured with loop guard that stops receiving BPDUs
will be put into the loopinconsistent state. After the port starts receiving
BPDUs again, loop guard enables the port to transition through the normal STP states. Aloop
guard port will not be put into the errdisable state because of the presence or absence of BPDUs.
Reference:
CCIE Routing and Switching v5.0 Certification Guide, Volume 1, Chapter 3, Protecting
andOptimizing STP, pp. 148-154
QUESTION NO: 390
Which of the following should be considered first when MLP bundle names are created on a
network where multiple clients might use the same user name? (Select the best answer.)

Cisco 400-101 Exam
A.
user name
B.
endpoint discriminator
C.
password
D.
MAC address
E.
caller ID
Answer: B
Explanation:
The endpoint discriminator should be considered first when Multilink PointtoPoint Protocol (MLP)
bundle names are created on a network where multiple clients might use the same user name.
MLP is a variation of PointtoPoint Protocol (PPP) that bundles multiple PPP links together into a
single logical link.
Each MLP bundle is named based on the configuration of the multilink bundlenamecommand. The
syntax of the multilink bundlename command is multilink bundlename {authenticated | endpoint |
both}. When the authenticated keyword is used, the authenticated user name of the client is used
to name the MLP bundle. If the link is not authenticated, the PPP endpoint discriminator of the
client is used to name the MLP bundle.
If the endpoint discriminator is not supplied, the caller ID is used.
The authenticated keyword is useful when each client has a unique user name. However, if more
than one client uses the same user name, data streams could be erroneously bundled together
and delivered to the wrong device. In these situations, you should issue the multilink bundlename
endpoint command or the multilink bundlename bothcommand.
When the endpoint keyword is used, the PPP endpoint discriminator of the client is used to name
the MLP bundle. The endpoint discriminator uniquely identifies the client device. If no endpoint
discriminator is supplied, the authenticated user name of the client is used. If the link is not
authenticated, the caller ID is used.
When the both keyword is used, both the authenticated user name and the PPP endpoint
discriminator are used to name the MLP bundle. If the link is not authenticated, only the endpoint
discriminator is used? if no endpoint discriminator is supplied, only the authenticated user name is
used. If the link is not authenticated and if the endpoint discriminator is not supplied, the caller ID
is used.
The endpoint discriminator, the user name, and the caller ID can be used to name an MLP bundle.
Neither the password nor the Media Access Control (MAC) address can be used to name an MLP
Cisco 400-101 Exam
bundle.
Reference:
https://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/10238-mppp-bundle-
name.html#backinfo
Select the descriptors from the left, and drag them to the corresponding EEM policy component on
the right.
Answer:
Explanation:

Cisco 400-101 Exam
An Embedded Event Manager (EEM) policy can be written as an applet in the command line
interface (CLI) or in Tool Command Language (Tcl). EEM policies contain instructions regarding
what action should take place if a defined event occurs. An EEM policy can consist of the following
six components:
-Event register keyword
-Environmental must defines
-Namespace import
-Entry status
-Body
-Exit status
remaining four components are all optional. The namespace import component of the
EE policy contains code libraries. The event register keyword describes, registers, andschedules
the event that is to be detected by the policy. The body contains the instructions regarding the
actions to be carried out. The environmental must defines component determines whether
required environmental variables have been defined before recovery actions are taken. The entry
status determines whether another policy has been previously run for the defined event. The exit
status determines whether the default action will be performed.
Reference:
QUESTION NO: 392

Cisco 400-101 Exam
Which of the following is most likely to cause a blackhole issue on a router running IS-IS? (Select
the best answer.)
A.
Multiple routes to the same destination exist in the router.
B.
The router is offline.
C.
The router has recently been reloaded, and the overload bit has not been set.
D.
Adjacent routers have an additional route to the destination.
Answer: C
Explanation:
In this scenario, a blackhole issue is most likely to arise on a router running Intermediate
SystemtoIntermediate System (ISIS) if the router has recently been reloaded and the overload bit
has not been set. Routers that use a linkstate routing protocol maintain a complete topology of the
network by flooding the state of each router's links across the entire network until each of the
routers has information about all of the other routers in the autonomous system (AS). ISIS uses
Data Link layer multicast addresses to send hello packets and linkstate information. Once the
recently reloaded router comes back online, if the overload bit is not set, the adjacent routers will
begin forwarding packets to the router before the router can completely populate its routing table.
Because the routing table is not complete, the router will drop packets to destinations that have
not been written in the table yet; this describes a blackhole issue.
Multiple routes to the same destination existing on a router running ISIS would not cause a
blackhole issue. Conversely, a missing route causes packets to be dropped when the adjacent
routers expect the receiving router to have a complete routing table.
The router being offline would not cause a blackhole issue. When a router is offline, the adjacent
routers will not attempt to send packets to that router. An alternate path, if one exists, will be used
to deliver packets to a destination; otherwise, an undeliverable message will be returned to the
originator.
Adjacent routers having an additional route to the destination would not cause a blackholeissue on
a router running ISIS. When a network is using shortest path first (SPF), multiple routes can exist.
Linkstate routing protocols consider the links that represent the shortest path to a destination as
the best paths. After a router has collected linkstate information for every destination in a topology,
the router uses an SPF algorithm to construct an SPF tree. The best paths from the SPF tree are
then inserted into the router's routing table.
Reference:

Cisco 400-101 Exam
QUESTION NO: 393
Which of the following best describes feasible distance? (Select the best answer.)
A.
the best metric along a path to a destination
B.
the total metric along a path to a destination
C.
the highest metric along a path to a destination
D.
a reported distance lower than the current best path
Answer: A
Explanation:
Feasible distance is the Enhanced Interior Gateway Routing Protocol (EIGRP) term for thebest
metric along a path to a destination. The feasible distance includes the metric to the EIGRP
neighbor that is advertising the path.
Reported distance, not feasible distance, is the total metric along a path to a destination. The
reported distance is determined by using the metric of the path as advertised by an upstream
EIGRP neighbor. The reported distance might also be the highest metric or the lowest metric
along a path to a destination.
A feasible successor, not feasible distance, is the EIGRP neighbor that has a reporteddistance
that is lower than the feasible distance of the current best path. A feasible successor must have a
valid, loopfree path to the destination. If these conditions are met,
EIGRP immediately installs the feasible successor in the Routing Information Base (RIB) inorder
to speed up convergence should the best path become unavailable.
Reference:
eigrp/16406-eigrp-toc.html

Cisco 400-101 Exam
QUESTION NO: 394
Which of the following PfR policies is used to configure performancebased load sharing across all
links within a given utilization percentage? (Select the best answer.)
A.
cost policy
B.
range policy
C.
traffic load policy
D.
utilization policy
Answer: B
Explanation:
Of the available choices, a Cisco Performance Routing (PfR) range policy is used to configure
performancebased load sharing across all links within a given utilization percentage. Cisco PfR
enhances traditional routing methods by dynamically selecting the best path for applications based
on network performance, loadbalancing requirements, or link capacity thresholds. A range policy
applies to all links within a given range, or percentage, of utilization. For example, you can
configure a range policy to evenly distribute traffic over a set of links within a certain percentage of
utilization of each other.
A Cisco PfR traffic load policy, which is also called a utilization policy, enables thespecification of a
maximum threshold on the amount of traffic that a specific link is allowed to carry. Therefore, the
traffic load policy applies to a specific link, not to all links within a given utilization percentage. If
either the exit link or the entrance link goes above the threshold, the link is placed into an
outofpolicy (OOP) state. When a link is placed into an OOP state, PfR attempts to locate an
alternate link for the given class of traffic.
A Cisco PfR cost policy enables the configuration of utilization based on the monetary costof using
a link. For example, a Service Level Agreement (SLA) with an Internet service provider (ISP) might
cause a company to seek the most costeffective utilization of a link through the ISP. There are
several billing calculation models that can be used to implement a Cisco PfR cost policy.
Reference:
cost.html#GUID-0C694C5C-5970-4DC0-9E97-329FB8C4625A

Cisco 400-101 Exam
QUESTION NO: 395
Which of the following services are typically provided by an IaaS vendor? (Select 2 choices.)
A.
operating systems
B.
database platforms
C.
software applications
D.
network infrastructure
E.
computing and storage resources
F.
software development platforms
Answer: D,E
Explanation:
Computing and storage resources as well as network infrastructure are typically providedby an
Infrastructure as a Service (IaaS) vendor. The customer is responsible for everything else,
including operating systems, software development platforms, database platforms, and software
applications. With IaaS, the customer has a great deal of control and flexibility. However, IaaS
places a larger management burden on the customer than the other cloudbased services do.
A Platform as a Service (PaaS) vendor provides the same services as an IaaS vendor does.
In addition, a PaaS vendor also provides operating systems, software developmentplatforms, and
development to a cloudbased solution. However, a PaaS customer must use whatever software
platforms, and database platforms, as well as any underlying hardware infrastructure.
A Software as a Service (SaaS) vendor typically provides a complete software applicationpackage

to customers. For example, a company might contract with an SaaS vendor to provide hosted
email services. The software application, the operating system on which the application runs, the
hardware on which the operating system runs, and the network infrastructure on which the
hardware communicates are maintained by the SaaS vendor, thereby lowering the management
burden for the customer. Access to the software application is often provided through a web
browser interface.

Cisco 400-101 Exam
Reference:
45/123-cloud1.html
QUESTION NO: 396
You want to move several company functions to the cloud, including software development and
CRM. You decide to use a PaaS provider.
Which of the following will you most likely have to provide and manage? (Select the best answer.)
A.
the CRM application
B.
the operating system
C.
the networking infrastructure
D.
the software development platform
E.
the computing and storage resources
Answer: A
Explanation:
You will most likely have to provide and manage the customer relationship management (CRM)
application. A PaaS vendor provides operating systems, software development platforms, and
database platforms, as well as the underlying network infrastructure and the raw computing and
storage resources. PaaS is often used by companies that want to migrate their application
An Infrastructure as a Service (IaaS) vendor provides computing and storage resources aswell as

Cisco 400-101 Exam
the network infrastructure. The customer is responsible for everything else, including operating
systems, software development platforms, database platforms, and software applications. With
IaaS, the customer has a great deal of control and flexibility.
However, IaaS places a larger management burden on the customer than the other cloudbased
services do. If you were to use an IaaS vendor, you would have to provide and manage the CRM
application, the operating system, and the software development platform.
A Software as a Service (SaaS) vendor typically provides a complete software applicationpackage

to customers. For example, a company might contract with a SaaS vendor to provide hosted email
services. The software application, the operating system on which the application runs, the
hardware on which the operating system runs, and the network infrastructure on which the
hardware communicates are maintained by the SaaS vendor, thereby lowering the management
burden for the customer. Access to the software application is often provided through a web
browser interface. If you were to use a SaaS vendor, you would not have to provide or manage
anything? however, you would have to use whatever platforms and CRM applications that the
SaaS vendor has available.
Reference:
45/123-cloud1.html
QUESTION NO: 397
In Cisco ACI, what is an EPG? (Select the best answer.)
A.
a collection of VRF instances or IP address spaces
B.
a collection of endpoints that provide a similar function
C.
a collection of groups, their connections, and related policies
D.
a collection of rules and policies that define how endpoints can communicate
Answer: B

Cisco 400-101 Exam
Explanation:
In Cisco application centric infrastructure (ACI), an endpoint group (EPG) is a collection

ofendpoints that provide a similar function, such as an application tier or a set of services. The
endpoints within an EPG are defined by network interface card (NIC), virtual NIC (vNIC), port
group, IP address, or Domain Name System (DNS) name.
A context is a collection of VPN routing and forwarding (VRF) instances or IP addressspaces.

Each customer, or tenant, can have one or more contexts. Endpoints and EPGs define the
application within each context.
A contract is a collection of rules and policies that define how endpoints and EPGs
cancommunicate. For example, a contract can be created so that a web server can be accessed
only by Hypertext Transfer Protocol (HTTP) or HTTP Secure (HTTPS).
An Application Network Profile (ANP) is a collection of EPGs, their connections, and

relatedpolicies. To create an ANP, you should perform the following steps:
1.Create EPGs.
2.Create policies that define connectivity rules.
3.Create contracts between EPGs by applying policies.
Reference:
QUESTION NO: 398
Which nodes are available in a two-node OpenStack architecture? (Select 2 choices.)
A.
the compute node
B.
the controller node
C.
the network node
D.
the server node

Cisco 400-101 Exam
Answer: A,B
Explanation:
The compute node and the controller node are available in a two-node OpenStack architecture.
OpenStack is an opensource cloud computing platform. Each OpenStack modular component is
responsible for a particular function, and each component has a code name. The following list
contains several of the most popular OpenStack components:
usage billing
The compute node in a twonode OpenStack architecture consists of the following services:
-Nova Hypervisor
-Kernelbased Virtual Machine (KVM) or Quick Emulator (QEMU)
-Nova Networking
-Ceilometer Agent
The controller node in a twonode OpenStack architecture consists of the following services:
-Keystone
-Glance
-Nova Management
-Horizon
-Cinder
-Swift
-Ceilometer Core
Cisco 400-101 Exam
A threenode OpenStack architecture adds the network node and offloads networking functionality
to the Neutron component. The network node consists of several Neutron services:
The compute node in a threenode OpenStack architecture removes Nova Networking and adds
the Neutron Layer 2 Agent and the Neutron ML2 PlugIn. The controller node in a threenode
OpenStack architecture adds the Neutron Server and the Neutron ML2 PlugIn.
Reference:
QUESTION NO: 399
Which of the following statements are correct regarding NETCONF? (Select 2 choices.)
A.
NETCONF is an opensource cloudcomputing platform.
B.
NETCONF is a connectionless protocol.
C.
NETCONF is a standardsbased protocol.
D.
NETCONF uses XML as the data modeling language.
E.
NETCONF uses YANG as the data modeling language.
Answer: C,E
Explanation:
Network Configuration Protocol (NETCONF) is a standardsbased protocol that uses YANG as the
data modeling language. NETCONF, which is described in Request for Comments (RFC) 6241,
provides the ability to automate the configuration of network devices. YANG, which is defined in
Cisco 400-101 Exam
RFC 6020, is a hierarchical data modeling language that can model configuration and state data
for NETCONF.
NETCONF does not use Extensible Markup Language (XML) as the data modeling language?
NETCONF uses XML as its data encoding method. YANG data that is used by NETCONF is
encoded in an XML format.
NETCONF is not a connectionless protocol. Rather, it is a connectionoriented protocol that

requires a persistent, reliable connection. NETCONF connections must also provide
confidentiality, integrity, authentication, and replay protection. Secure Shell (SSH) is the
mandatory transport protocol for NETCONF.
NETCONF is not an opensource cloudcomputing platform. OpenStack is an opensource

cloudcomputing platform. Each OpenStack modular component is responsible for a particular
function, and each component has a code name. The following list contains several of the most
popular OpenStack components:
usage billing
Reference:
QUESTION NO: 400
Which of the following benefits is provided by fog computing? (Select the best answer.)
A.
It filters data before it goes to the cloud.

Cisco 400-101 Exam
B.
It ensures reliable connectivity to the cloud.
C.
It allows more data to be stored in the cloud.
D.
It allows data to be transmitted to the cloud faster.
Answer: A
Explanation:
Fo computing filters data before it goes to the cloud. Fog computing is a method designedto
alleviate the challenges of processing the data generated by Internet of Things (IoT) devices and
transmitting that data to the cloud. IoT devices, which are often called embedded devices or smart
objects, are typically lowpower, lowmemory devices with limited processing capabilities. These
devices are used in a variety of applications, such as environmental monitoring, healthcare
monitoring, process automation, and location tracking. Many embedded devices can transmit data
wirelessly, and some are capable of transmitting over a wired connection. However, connectivity is
generally unreliable and bandwidth is often constrained.
Io devices are numerous, and they produce a lot of data. For example, an airplanegenerates 10
terabytes (TB) of data for every 30 minutes of flight, and a tagged cow can generate an average of
200 megabytes (MB) of data per year. However, IoT devices often do not have the processing
power to analyze the data, nor do they have the power or bandwidth to transmit a lot of data. Fog
computing addresses these concerns by storing, processing, and filtering IoT data locally, sending
only critical information to the cloud.
Fo computing does not ensure reliable connectivity to the cloud. However, because fogcomputing
handles most of the data locally, security and resiliency of the data are increased.
Fo computing does not allow more data to be stored in the cloud. However, because fogcomputing
processes and filters data before it is sent to the cloud, the cloud storage space can be filled with
relevant data rather than irrelevant, unprocessed data.
Fo computing does not allow data to be transmitted to the cloud faster. However, becausefog
computing selectively chooses only the most relevant data to send to the cloud, more bandwidth is
freed up for data to be sent.
Reference:
https://developer.cisco.com/site/iox/documents/developer-guide/?ref=fog
QUESTION NO: 401

Cisco 400-101 Exam
Which of the following floods LSA information to all other routers on a multiaccess segment?
A.
only the DR
B.
only the BDR
C.
the DR and BDR
D.
all routers in an area
Answer: A
Explanation:
Only the designated router (DR) floods linkstate advertisement (LSA) information to all other
routers on a multiaccess segment. The DR, which is typically the router with the highest Open
Shortest Path First (OSPF) priority, serves as a single point of contact for all OSPF routers on the
multiaccess segment. When a router needs to advertise a linkstate change, it sends the LSA to
the DR. The DR subsequently sends the LSA to all routers on the multiaccess segment.
Although the backup designated router (BDR) establishes adjacencies with all other OSPF routers
on a multiaccess segment, it does not flood LSA information to all other routers on the segment.
The BDR, which is typically the router with the secondhighest priority on the segment, takes over
for the DR if the DR becomes unavailable or is powered down. The DR is not replaced by another
DR, even if a router with a lower OSPF priority is introduced.
All OSPF routers on a multiaccess network segment are required to establish adjacencies with
only the DR and the BDR. As a result, a nonDR router cannot flood LSA information to all other
routers on a multiaccess segment.
Reference:
QUESTION NO: 402
Which of the following commands effectively disables STP on a port? (Select the best answer.)
A.
spanning-tree bpdufilter enable
Cisco 400-101 Exam
B.
spanning-tree bpduguard enable
C.
spanning-tree guard root
D.
spanning-tree guard loop
E.
spanning-tree portfast
Answer: A
Explanation:
The spanning-tree bpdufilter enable command effectively disables Spanning Tree Protocol (STP)
on a port. The spanningtree bpdufilter enable command configures BPDU filtering on a port, which
causes the port to ignore any bridge protocol data units (BPDUs) it receives. Switches send
BPDUs to determine the path cost to the root bridge. The spanning tree algorithm then uses that
information to determine the best path through the network. A port that creates a redundant path
will be blocked. If the best path becomes unavailable, the network topology will be recalculated
and the redundant port will be unblocked.
The spanningtree guard root command does not disable STP on a port; it is used to enable root
guard. Root guard is used to prevent newly introduced switches from being elected the new root.
This allows administrators to maintain control over which switch is the root. When root guard is
applied to a port, the port is permanently configured as a designated port. Normally, a port that
receives a superior BPDU will become the root port. However, if a designated port configured with
root guard receives a superior BPDU, the port transitions to the rootinconsistent state and no data
will flow through that port until it stops receiving superior BPDUs. This prevents other switches
from propagating superior BPDUs throughout the network and becoming the root bridge.
The spanningtree guard loop command does not disable STP on a port; it is used to enable loop
guard. Loop guard places a port into the loopinconsistent state if it stops receiving BPDUs. After
the port starts receiving BPDUs again, loop guard enables the port to transition through the normal
STP states.
The spanningtree portfast command does not disable STP on a port; it is used to enable PortFast.
PortFast reduces convergence time by immediately placing edge ports into the forwarding state.
PortFast is recommended only for host ports, which are ports that connect to IP phones, client
workstations, or servers. Host ports that are not enabled for PortFast can cause a high number of
STP topology changes to occur, thereby causing high CPU utilization on the switch. However,
care should be taken to ensure that PortFast is not enabled on a port that is connected to a switch
or other networking device. If you enable PortFast on such a port, you risk creating switching loops
because the port is permanently in the STP forwarding state.
The spanningtree bpduguard enable command does not disable STP on a port; it is used to
enable BPDU guard. BPDU guard disables ports that erroneously receive BPDUs. BPDU guard is

Cisco 400-101 Exam
applied to host ports that have PortFast enabled. Because PortFast automatically places ports into
a forwarding state, a switch that has been connected to a PortFastenabled port could cause
switching loops. However, when BPDU guard is applied, the receipt of a BPDU on a port with
BPDU guard enabled will result in the port being placed into a disabled state, which prevents loops
from occurring.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/lanswitch/command/lsw-cr-book/lsw-
s2.html#wp4282183511
Select boxes from the left, and drag them to the appropriate cells in the table on the right. Fill all
cells. Each box can be used more than once.
Answer:
Explanation:

Cisco 400-101 Exam
There are five Open Shortest Path First (OSPF) network types:
-Broadcast
-Nonbroadcast
-Point-to-point
-Point-to-multipoint broadcast
-Point-to-multipoint nonbroadcast
Designated router (DR) and backup designated router (BDR) elections are performed on OSPF
broadcast and nonbroadcast networks. To create an OSPF broadcast network, you should issue
the ip ospf network broadcast command. To create a nonbroadcast network, which is also called a
nonbroadcast multiaccess (NBMA) network, you should issue the ip ospf network nonbroadcast
command.
DR and BDR elections are not performed on pointtopoint, pointtomultipoint broadcast, and
pointtomultipoint nonbroadcast networks. To create an OSPF pointtopoint network, you should
issue the ip ospf network pointtopoint command. To create an OSPF pointtomultipoint broadcast
network, you should issue the ip ospf network pointtomultipoint command. To create an OSPF
pointtomultipoint nonbroadcast network, you should issue the ip ospf network pointtomultipoint
nonbroadcast command; the pointtomultipoint nonbroadcast network type is proprietary to Cisco.
Hello packets are used for discovering neighbor routers, establishing adjacencies, and maintaining
neighbor relationships. Therefore, hello packets must be sent between OSPF routers regardless of
the type of network, even over a broadcast network or a pointtopoint network link.
By default, the hello timer is set to 10 seconds and the dead timer is set to 40 seconds on
pointtopoint and broadcast networks. NBMA, pointtomultipoint nonbroadcast, and pointtomultipoint
broadcast networks have a hello timer value of 30 seconds and a dead timer value of 120
seconds. The hello timer is used to specify the amount of time between hello packets. The dead
timer is used to specify the amount of time to wait before declaring a neighbor to be down.
Manual configuration of neighbor routers with the neighbor command is not required on broadcast,
pointtomultipoint broadcast, and pointtopoint networks. Manual configuration of neighbor routers is
required on NBMA and pointtomultipoint nonbroadcast networks. Automatic neighbor discovery
relies on broadcasts and multicasts, which are not allowed on a nonbroadcast network. Manually
configuring neighbor routers with the neighborcommand causes OSPF to send unicast updates.

Cisco 400-101 Exam
If no ip ospf network command has been issued for an interface, the default network type is used.
The default network type depends upon the type of network to which the interface is connected.
The broadcast network type is enabled by default on Ethernet, Token Ring, and Fiber Distributed
Data Interface (FDDI) networks. The nonbroadcast network type is enabled by default on Switched
Multimegabit Data Service (SMDS), Frame Relay, and X.25 networks. The pointtopoint network
type is enabled by default on HighLevel Data Link Control (HDLC) and PointtoPoint Protocol
(PPP) networks.
Reference:
i1.html#wp3564440872
QUESTION NO: 404
Which of the following statements is true regarding how EIGRP and OSPF handle metrics for
summarized routes by default? (Select the best answer.)
A.
EIGRP and OSPF both use the worst metric from among all component routes.
B.
EIGRP and OSPF both use the best metric from among all component routes.
C.
EIGRP uses the worst metric from among all component routes, whereas OSPF uses the best
metric.
D.
EIGRP uses the best metric from among all component routes, whereas OSPF uses the worst
metric.
Answer: B
Explanation:
By default, Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First
(OSPF) both use the best metric from among all component routes. When an EIGRP route is
summarized, EIGRP finds the component route with the best metric, which is the route with the
lowest composite metric value, and uses that metric for the summarized route. Every time a
component route within the summary changes, EIGRP must recalculate whether the summarized
metric has changed. If the topology changes often, processor overhead can increase significantly.
You can set a static metric for a summarized route by issuing the summarymetric command. The
Cisco 400-101 Exam
syntax for the summarymetric command is summarymetric networkaddress subnetmask
[bandwidth delay reliability load mtu] [distanceadministrativedistance].
Prior to IOS version 12.0, Cisco followed the OSPF standard found in Request for Comments
(RFC) 1583, in which OSPF determines the metric of the summarized route by taking the best, or
lowest, metric from among all component routes. For IOS version 12.0 and later, Cisco followed
the OSPF standard found in RFC 2328, in which OSPF determines the metric of the summarized
route by taking the worst, or highest, metric from among all component routes. However,
suboptimal routing can occur on OSPF networks with a mixture of older and newer routers. To
address this problem, Cisco introduced the compatible rfc1583 command, which is issued from
OSPF router configuration mode. By default, routers are configured to be compatible with the RFC
1583 standard, which uses the best component metric for summarized routes.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/iproute_eigrp/command/reference/ire_book/ire_s1.html#
wp1059226
QUESTION NO: 405
You administer the IS-IS network shown in the exhibit above. A DIS has been elected on the
multiaccess segment.

Cisco 400-101 Exam
Which of the following routers will be the DIS after you connect RouterE to the multiaccess
segment? (Select the best answer.)
A.
RouterA
B.
RouterB
C.
RouterC
D.
RouterD
E.
RouterE
Answer: E
Explanation:
RouterE will be the designated intermediate system (DIS) after you connect it to the multiaccess
segment. The Intermediate SystemtoIntermediate System (IS-IS) DIS is analogous to the Open
Shortest Path First (OSPF) designated router (DR). All ISIS routers on the network segment
establish adjacencies with the DIS. The DIS serves as a focal point for the distribution of ISIS
routing information. If the DIS is no longer detected on the network, a new DIS is elected based on
the priority of the remaining routers on the network segment.
The DIS for the multiaccess segment is the router with the highest interface priority. To configure
the priority of an interface, you should issue the isis priority command from interface configuration
mode. The syntax of the isis priority command is isis priorityvalue [level1 | level2], where value is
an integer from 0 through 127. A router with an interface priority of 0 can still become the DIS. If
you do not issue the isis prioritycommand on an interface, the default interface priority is 64.
If interface priority values are equal, the router with the highest Media Access Control (MAC)
address becomes the DIS if the multiaccess segment is a LAN. If the multiaccess segment is a
Frame Relay link, the router with the highest datalink connection identifier (DLCI) becomes the
DIS. If the DLCI is the same at both ends, the router with the higher system ID becomes the DIS.
Every ISIS router is required to have a unique system ID. If two ISIS routers have the same
system ID, an ISIS neighbor relationship will not form.
Unlike the DR in OSPF, the DIS in ISIS can be preempted if a router with a higher priority or a
higher MAC address is connected to the network. In this scenario, all of the routers have the same
interface priority. Therefore, the router with the highest MAC address becomes the DIS. Before
RouterE is connected, RouterD is the DIS because it has the highest MAC address. However,
after RouterE is connected, RouterE becomes the DIS because RouterE has a higher MAC
address than RouterD.

Cisco 400-101 Exam
Neither RouterA, RouterB, nor RouterC will become the DIS unless you increase the interface
priority for that router's interface. Loopback addresses and interface IP addresses are not
considered in the election of the DIS.
Reference:
QUESTION NO: 406
Which of the following statements is true about DiffServ class AF41? (Select the best answer.)
A.
AF41 has a low priority and a low drop probability.
B.
AF41 has a low priority and a high drop probability.
C.
AF41 has a high priority and a low drop probability.
D.
AF41 has a high priority and a high drop probability.
Answer: C
Explanation:
DiffServ class AF41 has a high priority and a low drop probability. AF41 is a Differentiated
Services Code Point (DSCP) value, which is a 6bit header value that identifies the Quality of
Service (QoS) traffic class that is assigned to the packet. DSCP values beginning with AF are
called Assured Forwarding (AF) perhop behaviors (PHBs), which are defined in Request for
Comments (RFC) 2597. AF separates packets into four queue classes and three drop
probabilities. The AF values are specified in the format AFxy, where x is the queue class and y is
the drop probability. The following table displays the AF values with their queue classes and drop
rates:
AF11 has a low priority and a low drop probability. AF13 has a low priority and a high drop
probability. AF43 has a high priority and a high drop probability.

Cisco 400-101 Exam
because (8 x 4) + (2 x 1) = 32 + 2 = 34.
Reference:
dscpvalues.html#assured
QUESTION NO: 407
You issue the show mls qos maps cosdscp command and receive the following output:
An untagged packet arrives on a CoStrusted port. The port is using the default CoS settings.
Which of the following internal DSCP values will the switch use for the packet? (Select the best
answer.)
A.
0
B.
8
C.
24
D.
46
E.
56

Cisco 400-101 Exam
Answer: A
Explanation:
The switch will use an internal Differentiated Services Code Point (DSCP) value of 0 for the
packet. The Class of Service (CoS)toDSCP map is used to generate an internal DSCP value for
packets that arrive on a CoStrusted port. By default, the CoS for untagged packets is set to 0. The
CoStoDSCP map in this scenario indicates that a CoS value of 0 corresponds to a DSCP value of
0.
The CoStoDSCP map in this scenario is the default CoStoDSCP map. You can modify the
CoStoDSCP map by issuing the mls qos map cosdscp dscp1 dscp2 ...dscp8 command. The no
mls qos map cosdscp command causes the switch to use the default CoStoDSCP map.
The CoS field is a Quality of Service (QoS) 3bit marking field, whereas the DSCP is a QoS 6bit
marking field. The following table shows the relationship between CoS and DSCP values:
The first three bits of the DSCP value are the same as the CoS value? the DSCP value just has
three extra 0 bits appended to the end. If you know the CoS value of a packet, you can derive the
default DSCP value by converting the CoS value to binary, appending three 0 bits, and converting
back to decimal.
If the packet in this scenario had a CoS of 1, or if the default CoS for the port were set to a value
of 1, the switch would have used an internal DSCP value of 8. If the packet in this scenario had a
CoS of 3, or if the default CoS for the port were set to a value of 3, the switch would have used an
internal DSCP value of 24. If the packet in this scenario had a CoS of 7, or if the default CoS for
the port were set to a value of 7, the switch would have used an internal DSCP value of 56.
The DSCP value 46 corresponds to a special classification known as DSCP Expedited Forwarding
(EF). DSCP EF, which is defined in Request for Comments (RFC) 2598, indicates a highpriority
packet that should be given queuing priority over other packets but should not be allowed to
completely monopolize the interface. Voice over IP (VoIP) traffic is often assigned to DSCP EF.
Cisco 400-101 Exam
Reference:
www.cisco.com/c/en/us/td/docs/ios/qos/command/reference/qos_book/qos_s4.html#wp1082114
www.cisco.com/c/en/us/td/docs/ios/qos/command/reference/qos_book/qos_m2.html#wp1063877
QUESTION NO: 408
Which of the following command sets correctly configures basic IPv6toIPv4 connectivity for NAT-
PT? (Select the best answer.)
A.
Router(config)#ipv6 nat prefix 2000:ABC::/32Router(config)#ipv6 nat
B.
C.
D.
Router(config)#ipv6 nat prefix 2000:ABC::/32
Router(config)#interface fastethernet 1/1
Router(configif)#ipv6 nat
Router(configif)#interface fastethernet 1/2
E.
F.

Cisco 400-101 Exam
Answer: F
Explanation:
The following command set correctly configures basic IPv6toIPv4 connectivity for Network
Address TranslationProtocol Translation (NATPT):
NAT-PT is used to enable communication between IPv4only hosts and IPv6only hosts by
translating IPv4 packets to IPv6 packets and IPv6 packets to IPv4 packets. To enable NATPT, you
must assign a global NATPT prefix, enable NATPT on the incoming and outgoing interfaces, and
create IPv4toIPv6 and IPv6toIPv4 address mappings. To assign a global NATPT prefix, you
should issue the ipv6 nat prefixipv6prefix/ prefixlength command from global configuration mode,
where prefixlength is always 96. Therefore, the ipv6 nat prefix 2000:ABC::/32 command and the
ipv6 nat prefix 2000:ABC::/64 command are invalid.
To enable NATPT on an interface, you should issue the ipv6 nat command from interface
configuration mode on the incoming and outgoing interfaces. You cannot issue the ipv6 nat
command from global configuration mode.
A NATPT router must contain IPv6toIPv4 and IPv4toIPv6 address mappings so that the router
knows how to correctly translate IPv4 and IPv6 addresses. There are four methods for using
NATPT:
-IPv4mapped NATPT
-Static NATPT
-Dynamic NATPT
-Port Address Translation (PAT)
IPv4mapped NATPT enables IPv6 traffic to be sent to an IPv4 network without requiring that IPv6
destination address mapping be configured. To configure IPv4mapped NATPT, you should issue
the ipv6 nat prefix ipv6prefixv4mapped {accesslistname | ipv6prefix} command from global
Cisco 400-101 Exam
configuration mode or interface configuration mode.
Static NATPT creates static IPv6toIPv4 or IPv4toIPv6 address mappings. To create a static
IPv6toIPv4 address mapping, you should issue the ipv6 nat v6v4 source ipv6address ipv4address
command. To create a static IPv4toIPv6 mapping, you should issue the ipv6 nat v4v6 source
ipv6address ipv4address command.
Dynamic NATPT allocates IPv6toIPv4 or IPv4toIPv6 address mappings from a pool. When a
session is established, a onetoone mapping is created? the mapping is then removed when the
session is finished. To configure dynamic IPv6toIPv4 address mapping, you should issue the ipv6
nat v6v4 source {list accesslistname | routemapmapname} pool poolname command. You should
then create the address pool by issuing the ipv6 nat v6v4 pool poolname startipv4 endipv4
prefixlength prefixlengthcommand. To configure dynamic IPv4toIPv6 address mapping, you should
issue the ipv6 nat v4v6 sourcelist {accesslistnumber | accesslistname} pool poolname command.
You should then create the address pool by issuing the ipv6 nat v4v6 pool poolname startipv6
endipv6 prefixlength prefixlength command.
PAT allows multiple IPv6 addresses to be mapped to one or more IPv4 addresses. To use PAT
with a single IPv4 address, you should issue the ipv6 nat v6v4 source {list accesslistname |
routemap mapname} interface interfacenameoverload command. To use PAT with a pool of IPv4
addresses, you should issue the ipv6 nat v6v4 source {listaccesslistname | routemap mapname}
pool poolnameoverload command. You should then create the address pool by issuing the ipv6
nat v6v4 pool poolname startipv4 endipv4 prefixlength prefixlength command.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/xe-3s/ipv6-xe-36s-book/ip6-
nat-trnsln.html
QUESTION NO: 409
With which of the following ISIS routers can an L2 router establish adjacencies? (Select the best
answer.)
A.
only L1 routers in the same area
B.
only L1 and L2 routers in the same area
C.
only L2 and L1/L2 routers in the same area
D.
only L2 routers in any area

Cisco 400-101 Exam
E.
L1 and L2 routers in any area
F.
L2 and L1/L2 routers in any area
Answer: F
Explanation:
An Intermediate SystemtoIntermediate System (ISIS) Level 2 (L2) router can establish

adjacencies with L2 and Level 1/Level 2 (L1/L2) routers in any area. In ISIS, adjacencies are
established by sending and receiving intermediate systemtointermediate system hello (IIH)
packets at the Data Link layer. Since IIH packets are transmitted at the Data Link layer,
adjacencies can only be formed if routers share a common network segment. Separate
adjacencies are maintained between Level 1 and Level 2 intermediate systems. Level 1 (L1)
routers send only Level 1 IIHs, L2 routers send only Level 2 IIHs, and L1/L2 routers send both
Level 1 and Level 2 IIHs.
When an L2 router receives an IIH packet on its network segment, the router verifies several
details before forming an adjacency:
-Network type
-Routing level
-Maximum transmission unit (MTU) length
-Authentication parameters
First, the L2 router determines whether the IIH packet is configured for the correct network type
and routing level. ISIS recognizes two network types: broadcast and pointtopoint. Broadcast
networks use Level 1 LAN IIHs and Level 2 LAN IIHs. If an interface is configured as a broadcast
link, such as on a LAN, the interface ignores pointtopoint IIHs. Pointtopoint networks use
pointtopoint IIHs. If an interface is configured as a pointtopoint link, it ignores LAN IIHs.
Pointtopoint IIHs indicate the routing level within their type and circuit type fields. An L2 router on a
pointtopoint link accepts only pointtopoint IIHs configured for Level 2 routing.
An adjacency is not established unless the router sending the IIH packet is using the same MTU
length as the receiving router. By default, IIH packets are padded to the full MTU size unless the
no hello padding router configuration command or the no isis hello paddinginterface configuration
command has been issued, in which case only the first five IIH packets are padded.
If authentication is used, an adjacency will not be established unless all IIH packets contain the
same authentication parameters. If the L2 router determines that the IIH packet satisfies all of the
requirements listed above, an adjacency is formed with the neighboring router that sent the
packet, and routing information is shared.
L1 routers form adjacencies only with L1 and L1/L2 routers. L1 routers use the same parameters

Cisco 400-101 Exam
for establishing adjacencies as L2 routers, except L1 routers must also verify that the IIH packet
originates from a router within the same area. An adjacency is not formed unless the sending
router resides in the same area as the L1 router processing the IIH packet.
L1 and L1/L2 routers periodically transmit Level 1 IIH packets onto their network segments. If an
L1 router and a neighboring L1 or L1/L2 router send IIH packets with the same network type, area,
MTU length, and authentication parameters, an adjacency is established between the routers. If
the IIH packet does not meet all of these requirements, it is discarded by the L1 router and an
adjacency is not established.
L2 and L1/L2 routers periodically transmit Level 2 IIH packets onto their network segments. L1
routers examine the IIH packets received from L2 routers to determine the packet type before
establishing an adjacency. All packets not identified as Level 1 IIH packets are discarded by an L1
router, and an adjacency is not formed. No further processing is performed on the Level 2 IIH
packet by the L1 router once the packet has been discarded.
There are two remaining hello packet types: the end system hello (ESH) and the intermediate
system hello (ISH). An ESH is sent by an end system (ES), such as a computer, to announce itself
to other devices on the network segment. An ISH is sent by an intermediate system (IS), such as a
router, to announce itself to other devices on the network segment. ESs discover routers by
listening for ISH packets. ISs discover ESs by listening for ESH packets. The ESH and ISH
packets are part of the End SystemtoIntermediate System (ESIS) routing exchange protocol.
When an ISIS routing level mismatch, authentication mismatch, or MTU mismatch occurs, an ISIS
an ESIS adjacency. For example, if RouterA, an L1 router, is connected to RouterB, a router in
another area, the following output might be displayed on RouterA:
Reference:
QUESTION NO: 410
Which of the following statements best describes the effect of the EIGRP neighbor command on
an interface? (Select the best answer.)
A.
It sends only unicast packets but receives both unicast and multicast packets.
B.
It sends and receives both unicast and multicast packets.

Cisco 400-101 Exam
C.
It sends and receives unicast packets only.
D.
It sends and receives multicast packets only.
Answer: C
Explanation:
The Enhanced Interior Gateway Routing Protocol (EIGRP) neighbor command configures an
interface to send and receive unicast packets only. You can issue the neighbor ipaddress interface
command in router configuration mode to manually establish a static neighbor relationship
between two EIGRP routers. Static neighbor relationships are sometimes required because a
nonbroadcast network or a security requirement is preventing dynamic neighbor discovery.
However, issuing the neighbor command on an interface prevents the interface from sending or
receiving multicast packets. Therefore, it is important to understand the potential effects of the
neighbor command on your company's network before you manually configure an EIGRP
neighbor relationship.
The neighbor command does not configure an EIGRP interface to send and receive multicast
packets. You cannot configure an EIGRP interface to send and receive only multicast packets. For
an EIGRP interface to be capable of sending and receiving both unicast and multicast packets,
EIGRP neighbor relationships must be established dynamically by the routing protocol.
Reference:
www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a008012dac4.shtml#ten
QUESTION NO: 411
You implement MPP by issuing the following commands on Router1:
Router1(config)#controlplane host
Router1(config-cp-host)#management-interface FastEthernet0/1 allow ssh
A.
Fa0/1 accepts normal data traffic.
B.
Fa0/1 accepts only SSH packets.
Cisco 400-101 Exam
C.
Fa0/1 is configured for outofband management.
D.
SSH traffic cannot be received by any other interfaces.
E.
Only SSH packets received by the Fa0/1 interface can be used to remotely manage Router1.
F.
Only SSH packets destined for the IP address of Fa0/1 can be used to remotely manage Router1.
Answer: A,E
Explanation:
Fa0/1 accepts normal data traffic, and only Secure Shell (SSH) packets received by the Fa0/1
interface can be used to remotely manage Router1. The management interface command
configures Management Plane Protection (MPP), which restricts the interfaces and protocols over
which remote administration can be performed. The syntax of the management interface
command is management interface interface allow protocols. Multiple protocols can be specified in
the management interface command; each protocol should be separated by a space. The
following protocols can be used with MPP:
Blocks Extensible Exchange Protocol (BEEP)
File Transfer Protocol (FTP)
Hypertext Transfer Protocol (HTTP)
Secure HTTP (HTTPS)
Simple Network Management Protocol (SNMP)
SSH v1 and v2
Telnet
Trivial FTP (TFTP)
When MPP is configured, only traffic that enters the management interface can be used to
remotely manage the device. Any management traffic from protocols that are not allowed by MPP
will be dropped. If any other interface receives management traffic that is destined for the device,
that traffic will also be dropped. In this scenario, only SSH traffic that enters Fa0/1 can be used to
remotely manage Router1.
Other management protocol traffic that enters Fa0/1 and is destined for Router1 will be dropped.
Management protocol traffic that enters any other interface and is destined for Router1 will also be

Cisco 400-101 Exam
dropped.
It is not sufficient to send the SSH management traffic to the IP address of Fa0/1. SSH traffic
destined for Router1 that does not arrive on Fa0/1 will be dropped.
Interfaces other than those configured for MPP can receive management traffic as long as the
management traffic is destined for another device. Only management traffic arriving on nonMPP
interfaces and destined for the local device is dropped. Management traffic, such as SSH, that is
destined for other devices is forwarded normally.
Fa0/1 is not configured as an outofband management interface. An outofband management

interface accepts only management traffic. Instead, Fa0/1 is configured as an inband management
interface, which is also called a shared management interface. An inband management interface
accepts both management packets and normal data packets. The MPP feature on IOS devices
can only be configured for inband management. The MPP feature on IOS XR high end routers can
be configured for inband or outofband management.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htsecmpp.html
QUESTION NO: 412
In what order will a Rapid-PVST+ switch port pass through the port states? (Select the best
answer.)
A.
blocking, spanning, listening, forwarding
B.
discarding, learning, forwarding
C.
blocking, listening, learning, forwarding
D.
learning, discarding, forwarding
E.
blocking, learning, listening, forwarding
F.
Ports enter the forwarding state immediately
Answer: B
Cisco 400-101 Exam
Explanation:
A Rapid-Per-VLAN Spanning Tree Plus (PVST+) switch port will pass through the following states:
-Discarding
-Learning
-Forwarding
RapidPVST combines the rapid transition of ports by Rapid Spanning Tree Protocol (RSTP) with
the creation of spanning trees for each virtual LAN (VLAN) by PVST+. RSTP improves the slow
transition of a Spanning Tree Protocol (STP) port to the forwarding state, thereby increasing
convergence speed.
STP is used to eliminate loops in a switched network that is designed with redundant paths. There
can be only one active path at any given time between any two endpoints on an Ethernet network.
If multiple paths between the same two endpoints exist at the same time, switching loops can
occur. STP activates and deactivates links dynamically to allow the network to respond to and
reroute traffic around a failed link.
When RSTP is enabled, each port first enters the discarding state, in which a port receives bridge
protocol data units (BPDUs) and directs them to the system module? however, the port neither
sends BPDUs nor forwards any frames. The switch port then transitions to the learning state, in
which it begins to transmit BPDUs and learn addressing information. Finally, a switch port
transitions to the forwarding state, in which the switch port forwards frames. If a switch port
determines at any time during the RSTP state process that a switching loop would be caused by
entering the forwarding state, the switch port again enters the discarding state, in which the switch
receives BPDUs and directs them to the system module but does not send BPDUs or forward
frames.
STP port states are somewhat different from RSTP port states. A switch port will pass through the
following STP states after a switch is turned on:
-Blocking
-Listening
-Learning
-Forwarding
When STP is enabled and a switch is turned on, each port first enters the blocking state, which is
similar to the RSTP discarding state. The switch port then transitions to the listening state, in
which it begins processing BPDUs as it listens for information to determine whether it should
transition to the learning state. After entering the learning state, a switch port begins to transmit
BPDUs and learn addressing information with which to build the switching database. Finally, a
switch port transitions to the forwarding state, in which the switch port forwards frames. If a switch
port determines at any time during the STP state process that a switching loop would be caused
by entering the forwarding state, the switch port enters the disabled state, in which the switch
Cisco 400-101 Exam
receives BPDUs but does not direct them to the system module.
The primary differences between STP and RSTP are the port states and the speed of
convergence. By default, STP takes 50 seconds to converge. By contrast, RSTP takes less than
10 seconds to converge.
Switch ports do not immediately enter the forwarding state when the switch is first turned on,
unless PortFast is enabled on the port. PortFast enables a switch port to go directly to the
forwarding state rather than pass through the normal STP or RSTP states. However, you should
enable PortFast only on switch ports that are connected directly to endpoint workstations?
otherwise, switching loops may occur.
Blocking and listening are valid STP port states but are not valid RSTP port states. Spanning is
not a valid STP or RSTP port state.
Reference:
www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094797.shtml
rapidpvst-mig-config.html
QUESTION NO: 413
Which of the following regular expression characters should be placed at the end of a BGP AS
path filter to indicate the originating AS? (Select the best answer.)
A.
$
B.
^
C.
*
D.
]
E.
.
F.
_

Cisco 400-101 Exam
Answer: A
Explanation:
The dollar sign ($) regular expression character should be placed at the end of a Border Gateway
Protocol (BGP) autonomous system (AS) path filter to indicate the originating AS. Regular
expressions are used to locate character strings that match a particular pattern. AS path filters are
used to permit or deny routes that match the regular expression.
The $ character indicates that the preceding characters should match the end of the string. The
originating router will insert its AS number into the AS path, and subsequent routers will prepend
their AS numbers to the beginning of the AS path string. The last AS number in the AS path is the
originating AS. For example, the ip as-path access-list 1 permit ^111_999$ command permits
paths that originate from AS 999.
The caret (^) character should be placed at the beginning of a BGP AS path filter to indicate the
AS from which the path was learned. The ^ character indicates that the subsequent characters
should match the start of the string. The first number in an AS path indicates the AS from which
the path was learned. For example, the ip aspath accesslist 1 permit ^111_999$ command
permits paths that are learned from AS 111.
ASes are directly connected. For example, the ip aspath accesslist 1 permit ^111_999$ command
indicates that AS 111 and AS 999 should be directly connected.
The period (.) character is used to represent any single character. For example, the ip aspath
accesslist 1 permit ^..._999$ command permits paths that originate from AS 999 and are learned
from any threedigit AS.
The bracket (]) character is used to indicate a set of characters or a range of characters. For
example, the ip aspath accesslist 1 permit ^[09]_999$ command permits paths that originate from
AS 999 and are learned from any AS numbered from 0 through 9, and the ip aspath accesslist 1
permit ^[123]_999$ command permits paths that originate from AS 999 and are learned from AS
1, AS 2, or AS 3.
The asterisk (*) character indicates zero or more sequences of the previous expression. For
example, the expression [09]* indicates a string of zero or more digits. Therefore, the ip aspath
accesslist 1 permit ^111_ [09]*$ command permits paths that are learned from AS 111 and
originate from any AS.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/termserv/configuration/guide/ftersv_c/tcfaapre.htm
l
https://supportforums.cisco.com/t5/other-service-provider-subjects/bgp-regular-expression-as-
path-filter/td-p/1821020
Cisco 400-101 Exam
QUESTION NO: 414
You issue the following commands:
What will occur when a user enters a lowercase y at the prompt? (Select the best answer.)
A.
The configure terminal command will be executed, and the router will be placed into
globalconfiguration mode.
B.
The configure terminal command will not be executed, because the EEM applet requires
anuppercase Y.
C.
The configure terminal command will not be executed, because the EEM applet is missing the set
9_exit_status 0 command.
D.
The configure terminal command will not be executed, because the event cli command should
usethe sync no keywords.
Answer: B
Explanation:
The configure terminal command will not be executed, because the Embedded Event Manager
(EEM) applet requires an uppercase Y. The event cli command configures EEM to monitor
commandline interface (CLI) commands and to trigger the event when a specified pattern is
matched one or more times. The action command indicates the action that should take place.
Actions are sorted based on the alphanumeric label, which is issued after the action keyword. The
action string match command compares two values? if the values match, EEM sets the
$_string_result variable to a value of 1, and if the values do not match, EEM sets the
$_string_result variable to a value of 0. The action if command checks a condition? if the condition
is true, the actions before the action end command are performed, and if the condition is false, the
actions after the action end command are performed.
The action string match command is casesensitive. To force a caseinsensitive comparison, you
can issue the action string match command with the nocase keyword. For example, the action 4

Cisco 400-101 Exam
string match nocase "$answer" "Y" command would accept an uppercase Y or a lowercase y as a
match. Alternatively, you can issue the action string tolower command to store a variable in
lowercase or the action string touppercommand to store a variable in uppercase. For example, the
following command set would store a lowercase y as an uppercase Y, effectively forcing a
caseinsensitive comparison:
When a user enters a lowercase y at the prompt, the string toupper command will store the
answer in $_string_result as an uppercase Y. The strings are compared, and because they match,
the router is placed into global configuration mode.
The EEM applet is not missing the set 9 _exit_status 0 command. The sync yeskeywords are used
with the event cli command to configure synchronous processing. With synchronous processing,
the EEM applet must finish before the CLI command can be executed, and the _exit_status
variable determines whether the CLI command is executed or skipped. If the _exit_status variable
is set to a value of 0 or is not configured, the CLI command will not execute after the EEM applet
is finished; if the _exit_status variable is set to a value of 1, the CLI command will execute after the
EEM applet is finished. Therefore, the set 9 _exit_status 0 command would not cause the
configure terminal command to be executed. If the set 9 _exit_status 1 command were issued in
this scenario, the configure terminal command would be executed after the applet is finished,
regardless of what answer the user provided.
Issuing the sync no keywords in the event cli command would not cause the configure terminal
command to be executed unless the skip no keywords were also issued. The sync no keywords
are used with the event cli command to configure asynchronous processing. With asynchronous
processing, the EEM applet is processed at the same time the CLI command is executed. When
you issue the event cli command with the sync nokeywords, you must also include the skip no or
skip yes keywords to indicate whether the CLI command should be executed or skipped,
respectively. If you were to issue the event cli pattern "configure terminal" sync no skip yes
command in this scenario, the configure terminal command would not be executed unless the user
enters an uppercase Y at the prompt. If you were to issue the event cli pattern "configure terminal"
sync no skip yes command, the configure terminal command would be executed immediately,
regardless of what answer the user provided.
Reference:
a2.html#wp2508208016

Cisco 400-101 Exam
QUESTION NO: 415
You issue the following commands on RouterB:
Which of the following key strings will RouterB use when sending EIGRP packets? (Select the
best answer.)
A.
Boson
B.
ExSim
C.
NetSim
D.
any of the three key strings
Answer: A
Explanation:
RouterB will use the key string Boson when sending Enhanced Interior Gateway Routing Protocol
(EIGRP) packets. EIGRP supports Message Digest 5 (MD5) authentication of routing updates to
prevent a router from receiving routing updates from unauthorized routers. Authentication is
configured on a perinterface basis.
To configure an interface to authenticate EIGRP packets, you should first enter interface
configuration mode by issuing the interfacetype number command from global configuration mode.
Next, you should enable MD5 authentication by issuing the ip authentication mode eigrp
autonomoussystemmd5 command in interface configuration mode. Finally, you should issue the ip
authentication keychain eigrpautonomoussystem keychain command in interface configuration
mode to specify the key chain that should be used. In this scenario, RouterB is configured for
EIGRP autonomous system (AS) 19.
To create a key chain, you should issue the key chain chainname command from global
configuration mode. The chain name is locally significant; it is used only to match a set of keys
with a local router interface. Therefore, key chain names do not have to match between neighbor
routers. In this scenario, RouterB is configured with the key chain name ExSim.
Cisco 400-101 Exam
After you create a key chain, you must specify at least one key number by issuing the keynumber
command in keychain configuration mode, where number is an integer from 0 through
2147483647. If multiple key commands are used to create multiple keys, the numbers do not need
to be sequential. When sending EIGRP packets, the router will use the lowestnumbered key.
Therefore, RouterB will use key 1 when sending EIGRP packets. When receiving EIGRP packets,
the router will use any valid key that is configured on the router. Therefore, RouterB can use any
of the keys when receiving EIGRP packets. However, the key numbers must match on each
router; if a neighbor router uses the key string NetSim, it must also be assigned key number 37.
Each key can have only one authentication string. To specify the authentication string, you should
issue the keystring text command in keychain key configuration mode, where textis a string of up
to 80 casesensitive letters and numbers? the first character cannot be a number.
Reference:
a1.html#wp3605671872
QUESTION NO: 416
You want to mitigate the fragmentation of IP datagrams that are originating from a Cisco router
and are destined for a remote IP network.
Which of the following commands will most likely accomplish your goal? (Select the best answer.)
A.
ip tcp mss 536
B.
ip tcp mss 1460
C.
ip tcp adjust-mss 68
D.
E.
Answer: A
Explanation:
Of the choices provided, the ip tcp mss 536 command will most likely mitigate the fragmentation of

Cisco 400-101 Exam
IP datagrams that are originating from a Cisco router and are destined for a remote IP network. IP
fragmentation occurs when IP datagrams are larger than the receiving host's maximum
transmission unit (MTU). To help mitigate IP fragmentation and thus mitigate the performance
problems associated with it, you can configure a Transmission Control Protocol (TCP) maximum
segment size (MSS) on Cisco routers. The MSS is specified in the TCP SYN packet during the
TCP handshake.
The default TCP MSS setting for a Cisco router that is originating data destined for a remote IP
network is 536 bytes. Issuing the ip tcp mss 536 command configures an MMS of 536 for only
TCP segments originating from the router. By contrast, the ip tcp adjustmssmss value command
configures an MSS value for data that is being forwarded by the router. The smallest MTU that can
be used on an IPv4 network is 576 bytes. The 536byte default value is therefore derived by
subtracting the 20byte TCP header and the 20byte IP header from that MTU value.
It is important to note that some firewall rules are capable of stripping TCP options from a
segment. If a firewall is configured to strip TCP options from a segment, the MSS value that is
applied to a TCP segment by the router will not be used. If you have NetFlow enabled, you can
issue the show ip cache flow command to view statistics that include IP packet size distribution.
The lowest value you can use to enable an MSS for TCP connections that originate from a router
is 68 bytes. To configure an MSS value for TCP segments that originate from a router, you should
issue the ip tcp mssmssvalue command in global configuration mode. By issuing the ip tcp adjust-
mssmss value command (where mssvalue is a value in the range from 500 through 1460) in
interface configuration mode, you can configure an MSS for TCP segments that do not originate
from the router but that are being forwarded by the router. Therefore, the ip tcp adjustmss68
command is invalid.
The highest value you can use to enable an MSS for TCP connections that originate from a router
is 10000 bytes. To configure a 10000byte MSS value, you should issue the ip tcp mss 10000
command in global configuration mode. However, you cannot configure a 10000byte MSS for TCP
segments that are simply being forwarded on a router interface, because the maximum MSS you
can configure for TCP segments that are being forwarded on a router interface is 1460. Therefore,
the ip tcp adjustmss 10000 command is invalid.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/ipaddr/command/reference/fipras_r/1rfip2.html#wp
1103772
QUESTION NO: 417
Which of the following statements are correct regarding traffic shaping? (Select 2 choices.)
A.
Traffic shaping buffers excess traffic.

Cisco 400-101 Exam
B.
Traffic shaping does not smooth traffic.
C.
Traffic shaping drops or remarks excess traffic.
D.
Traffic shaping is applied to only inbound traffic.
E.
Traffic shaping uses a leaky bucket to smooth traffic.
F.
Traffic shaping is applied to inbound and outbound traffic.
Answer: A,E
Explanation:
Traffic shaping buffers excess traffic and uses a leaky bucket to smooth traffic. Traffic shaping is
used to slow down traffic due to congestion, to enforce bandwidth rates, and to send traffic classes
at different rates. To control the rate at which an interface sends packets, traffic shaping uses a
token bucket. Tokens are put into the token bucket at a specified rate, and tokens are removed
from the bucket as bits are sent through the interface. If there are not enough tokens to send a
packet, traffic shaping queues the packet and waits until enough tokens are placed into the
bucket. This generates a "leaky bucket" effect, which smooths traffic into a constant flow rather
than a variable, bursty flow. The shaping parameters can also be configured so that packets can
be sent in excess of the committed information rate (CIR) for a short period of time.
Traffic shaping does not remark excess traffic. Instead, traffic shaping buffers excess traffic and
outofprofile packets in memory until the queue is full and drops traffic only if the queue is full. By
contrast, traffic policing drops or remarks excess traffic and outofprofile packets. Traffic policing is
used to slow down traffic to a value that the medium can support, to monitor bandwidth utilization,
to enforce bandwidth limitations at the service provider edge, and to remark traffic that exceeds
the Service Level Agreement (SLA). Although traffic policing uses a token bucket, it does not
smooth traffic.
Traffic shaping is not applied to inbound traffic; it is applied to only outbound traffic. By contrast,
traffic policing is applied to both inbound and outbound traffic.
Reference:
policevsshape.html
QUESTION NO: 418

Cisco 400-101 Exam
You issue the show ip pim tunnel command on Router1, which is an RP.
Which of the following will appear in the output of the show ip pim tunnelcommand? (Select the
best answer.)
A.
only a PIM encapsulation tunnel interface
B.
only a PIM decapsulation tunnel interface
C.
both a PIM encapsulation tunnel interface and a PIM decapsulation tunnel interface
D.
neither a PIM encapsulation tunnel interface nor a PIM decapsulation tunnel interface
Answer: C
Explanation:
When you issue the show ip pim tunnel command on a rendezvous point (RP), such as Router1,
both a Protocol Independent Multicast (PIM) encapsulation tunnel interface and a PIM
decapsulation tunnel interface will appear, as shown in the following output:
An RP will always have a PIM Encap and a PIM Decap tunnel interface. Additionally, an asterisk
will appear next to the RP IP address. An RP is a wellconnected, centrally located router that is
responsible for keeping track of multicast group membership information. PIM sparse mode
(PIMSM) requires an RP, whereas PIM dense mode (PIMDM) does not. When PIMSM is used,
each multicast receiver must be able to reach the RP through a connected tree of PIMSM routers.
If a router along the path is not configured for PIMSM, multicast receivers will not be able to
register with the RP and multicast traffic will not flow to those receivers.
When you issue the show ip pim tunnel command on a router that is not an RP, only a PIM
encapsulation tunnel interface will appear, as shown in the following output:

Cisco 400-101 Exam
Reference:
QUESTION NO: 419
Which of the following statements are true regarding VPLS? (Select 2 choices.)
A.
The VPLS core uses splithorizon forwarding.
B.
UPE devices are typically connected in a partialmesh topology.
C.
A PW is a physical connection from a UPE device to a CE device.
D.
MAC aging is required for convergence after the failure of an NPE router.
E.
Each EMS in the VPLS network functions as a single broadcast domain.
Answer: A,E
Explanation:
The following statements are true regarding Virtual Private LAN Service (VPLS):
-The VPLS core uses splithorizon forwarding.
-Each Ethernet Multipoint Service (EMS) functions as a single broadcast domain.
VPLS is a Metro Ethernet (ME) technology that is used to implement EMS and Ethernet Relay
Multipoint Service (ERMS) over a Multiprotocol Label Switching (MPLS) network. The VPLS
architecture creates a topology wherein each customer edge (CE) device can function as though it
Cisco 400-101 Exam
were a member of a virtual LAN (VLAN) on a physical switch. This functionality is provided by user
provider edge (UPE) devices that use virtual connections known as pseudowires (PWs) to
interconnect through the service provider (SP) network. The PWs form a fullmesh topology that
creates a virtual switch instance (VSI), which emulates an Institute of Electrical and Electronics
Engineers (IEEE) 802.1 bridge. Each EMS is associated with its VSI, thus creating a level of
separation similar to that which would be obtained with a VLAN on a physical switch.
Because the SP network functions as a Layer 2 switch, many IEEE 802.1 operating standards
apply. For example, broadcast and multicast packets received by a VSI are always flooded
through the network. Additionally, packets destined to unknown Media Access Control (MAC)
addresses are initially flooded through the network until their MAC addresses and associated ports
are correlated. However, unlike a standard IEEE 802.1 bridge, a VSI can use a splithorizon
mechanism instead of a spanning tree algorithm to prevent loops in the network. With splithorizon
forwarding, packets are not transmitted out of the same PW from which they were received.
MAC aging is supported by and performed on a VPLS network. However, a VPLS network is not
required to use MAC aging for convergence after the failure of a network provider edge (NPE)
router. One of the benefits of PWs is the natural resilience provided by the transparency of virtual
connections. In the event of a link or device failure in the SP network, IP convergence
mechanisms can restore connectivity without requiring each UPE to age out or relearn the MAC
addresses it has associated with each PW.
Reference:
https://www.cisco.com/en/US/tech/tk436/tk891/technologies_q_and_a_item09186a00801ed3bf.sht
ml
QUESTION NO: 420
Which of the following does a router consider when measuring a responder's processing time with
IP SLA operations? (Select the best answer.)
A.
ICMP round-trip travel time
B.
ICMP one-way travel time from the transmitter to the responder
C.
ICMP one-way travel time from the responder to the transmitter
D.
responder packet timestamps
E.
responder interface speeds
Cisco 400-101 Exam
F.
responder processor speeds
Answer: D
Explanation:
A router considers responder packet timestamps when measuring a responder's processing time
with IP Service Level Agreement (SLA) operations. IP SLA operations are a suite of tools on Cisco
devices that enable an administrator to analyze and troubleshoot IP networks. To gather more
robust data, the destination router for an IP SLA operation should have an IP SLA responder
enabled. To enable an IP SLA responder, you should issue the ip sla responder command in
global configuration mode on the destination router.
Although an IP SLA responder is not required for normal IP SLA operation, it can account for
packet processing time on a destination router by adding timestamps to a packet when it enters or
leaves a network interface. The IP SLA operations source router then considers the additional
packet timestamps when reporting data about roundtrip times on a network.
A router does not consider Internet Control Message Protocol (ICMP) oneway travel time from the
transmitter to the responder or from the responder to the transmitter when measuring a
responder's processing time with IP SLA operations. Although you can measure network response
time by scheduling the IP SLA ICMP Path Echo operation, the IP SLA ICMP Path Echo operation
does not consider responder processing time.
A router does not consider ICMP roundtrip travel time when measuring a responder's processing
time with IP SLA operations. Although you can measure roundtrip delay on a network using the IP
SLA User Datagram Protocol (UDP) Jitter operation, the IP SLA UDP Jitter operation does not
consider responder processing time.
A router does not consider a responder's interface speeds or a responder's processing speed
when measuring a responder's processing time with IP SLA operations. However, enabling the IP
SLA responder records interface timestamps when packets enter and exit an interface, which
enables IP SLA operations to take into account the amount of time the packet was being
processed on the destination router.
Reference:
2_52_se/configuration/guide/scg/swipsla.html#wp1085032
QUESTION NO: 421
What are the first three criteria used by a BGP router to determine the best path to a destination?

Cisco 400-101 Exam
A.
highest weight, shortest AS path, lowest MED
B.
highest local preference, shortest AS path, highest weight
C.
lowest MED, highest weight, highest local preference
D.
highest weight, highest local preference, locally originated paths
E.
highest local preference, lowest origin type, lowest MED
Answer: D
Explanation:
The first three criteria used by a Border Gateway Protocol (BGP) router to determine the best path
to a destination are highest weight, highest local preference, and locally originated paths. BGP
uses a complex method of selecting the best path to the destination. The following list displays the
criteria used by BGP for path selection:
1.Highest weight
2.Highest local preference
3.Locally originated paths over externally originated paths
4.Shortest AS path
5.Lowest origin type
6.Lowest multi-exit discriminator (MED)
7.External BGP (eBGP) paths over internal BGP (iBGP) paths
8.Lowest Interior Gateway Protocol (IGP) cost
9.Oldest eBGP path
10.Lowest BGP router ID (RID)
When determining the best path, a BGP router first chooses the route with the highest weight.
Weight is a Ciscoproprietary BGP path attribute that is significant only to the local router? it is not
advertised to neighbor routers. To configure the weight value, you should issue the neighbor
{ipaddress | peergroupname} weight weight-value command, where ip address is the IP address
of a neighbor router, peer-group-name is the name of a BGP peer group, and weight value is a
locally significant weight value from 0 through 65535. By default, routes generated by the local
Cisco 400-101 Exam
router are assigned a weight of 32768 and routes learned from another BGP router are assigned a
weight of 0.
When weight values are equal, a BGP router chooses the route with the highest local preference.
The local preference value is advertised to iBGP neighbor routers to influence routing decisions
made by those routers. To configure the local preference, you should issue the bgp default local-
preference number command, where number is a value from 0 through 4294967295.
When local preferences are equal, a BGP router chooses locally originated paths over externally
originated paths. Locally originated paths that have been created by issuing the network or
redistribute command are preferred over locally originated paths that have been created by issuing
the aggregate-address command.
If multiple paths to a destination still exist, a BGP router chooses the route with the shortest AS
path attribute. The AS path attribute contains a list of the AS numbers (ASNs) that a route passes
through.
If multiple paths have the same AS path length, a BGP router chooses the lowest origin type. An
origin type of i, which is used for IGPs, is preferred over an origin type of e, which is used for
Exterior Gateway Protocols (EGPs). These origin types are preferred over an origin type of; which
is used for incomplete routes where the origin is unknown or the route was redistributed into BGP.
If origin types are equal, a BGP router chooses the route with the lowest MED. A MED value is
basically the external metric of a route and is typically used to advertise a preferred path into an
AS with multiple entry points. To configure the MED value, you should issue the defaultmetric
number command, where number is a value from 1 through 4294967295. Routes redistributed into
BGP are assigned this MED value; redistributed connected routes are assigned a MED value of 0
regardless of the defaultmetric setting.
If MED values are equal, a BGP router chooses eBGP routes over iBGP routes. If there are
multiple eBGP paths or, in the absence of eBGP paths, there are multiple iBGP paths, then a BGP
router chooses the route with the lowest IGP metric to the nexthop router. If IGP metrics are equal,
a BGP router chooses the oldest eBGP path, which is typically the most stable path.
Finally, if route ages are equal, a BGP router chooses the path that comes from the router with the
lowest RID. The RID can be manually configured by issuing the bgp routeridcommand. If the RID
is not manually configured, the RID is the highest loopback IP address on the router. If no
loopback address is configured, the RID is the highest IP address from among a router's available
interfaces.
Reference:
www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml
QUESTION NO: 422

Cisco 400-101 Exam
Which of the following IPv6 prefixes is used for multicast addresses? (Select the best answer.)
A.
2000::/3
B.
FC00::/8
C.
FD00::/8
D.
FE80::/10
E.
FF00::/8
F.
::FFFF:0:0/96
Answer: E
Explanation:
The IPv6 prefix FF00::/8 is used for multicast addresses, which are used for onetomany
communication. IPv6 addresses in the FF00::/8 range begin with the characters FF00 through
FFFF. However, certain address ranges are used to indicate the scope of the multicast address.
The following IPv6 multicast scopes are defined:
FF01::/16 -nodelocal
FF02::/16 -linklocal
FF05::/16 -sitelocal
FF08::/16 –organizationlocal
FF0E::/16 –global
hop to hop. Therefore, a router that receives an ND packet with a Hop Limit value of 255 considers

Cisco 400-101 Exam
The IPv6 prefix FE80::/10 is used for linklocal unicast addresses. IPv6 addresses in the FE80::/10
range begin with the characters FE80 through FEBF. Unicast packets are used for onetoone
communication. Linklocal addresses are unique only on the local segment. Therefore, linklocal
addresses are not routable. An IPv6capable host typically creates a unicast linklocal address
automatically at startup. Unicast linklocal addresses are used for neighbor discovery and for
environments in which no router is present to provide a routable IPv6 prefix.
characters FC00 through FDFF. Uniquelocal addresses are not globally routable, but they are
routable within an organization.
The IPv6 prefix ::FFFF:0:0/96 is used for IPv4mapped IPv6 addresses. IPv6 addresses in this
range are typically used for IPv6 over Multiprotocol Label Switching (MPLS). The last 32 bits are
used for the IPv4 address and are sometimes written in dotteddecimal notation. For example, the
IPv4 address 192.168.1.1 would be mapped to the IPv6 address ::FFFF:192.168.1.1.
Reference:
https://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-
firewalls/products-installation-and-configuration-guides-list.html#wp1010923
QUESTION NO: 423
Which of the following are protocols that are used by the control plane? (Select 2 choices.)
A.
SSH and Telnet
B.
TDP and LDP
C.
EIGRP and OSPF
D.
HTTP, HTTPS, and SNMP
E.
FIB and LFIB

Cisco 400-101 Exam
Answer: B,C
Explanation:
The control plane uses label exchange protocols, such as Tag Distribution Protocol (TDP) and
Label Distribution Protocol (LDP), and routing protocols, such as Enhanced Interior Gateway
Routing Protocol (EIGRP), Open Shortest Path First (OSPF), Routing Information Protocol (RIP),
and Intermediate SystemtoIntermediate System (ISIS). Both TDP and LDP assign labels to Interior
Gateway Protocol (IGP) routes in a routing table. LDP is a newer standard that includes features
of the Ciscoproprietary TDP. The control plane can be protected by using Control Plane Policing
(CoPP).
Cisco routers are separated into three planes: the management plane, the control plane, and the
data plane. The control plane is responsible for exchanging routing and label information, the data
plane is responsible for forwarding packets, and the management plane is responsible for device
management and coordination among the three planes.
The Forwarding Information Base (FIB) and the Label Forwarding Information Base (LFIB) are not
protocols. The Forwarding Information Base (FIB), which is part of the data plane, is built from
information in the routing table. When the routing table is updated, the nexthop information in the
FIB is also updated. Multiprotocol Label Switching (MPLS) label information is stored in the LFIB
table; the data plane then uses that information to forward the packets to the correct destination.
Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), Simple Network Management
Protocol (SNMP), Secure Shell (SSH), and Telnet are not used by the control plane. These
protocols are used by the management plane. However, these protocols must pass through the
control plane to reach the management plane; therefore, they are also protected by CoPP.
Reference:
https://www.cisco.com/networkers/nw04/presos/docs/RST-3605.pdf
https://www.cisco.com/c/en/us/about/security-center/copp-best-practices.html
https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htsecmpp.html#wp1066641
Drag the VTP feature on the left to the VTP version that supports it on the right. Features can be
used more than once.

Cisco 400-101 Exam
Answer:
Explanation:
VLAN Trunking Protocol (VTP) version 2 supports the configuration of up to 1,000 virtual LANs
(VLANs) and supports authentication. VTP version 3 improves on VTP version 2 by increasing the
number of supported VLANs to 4,095, which is the same range specified in the Institute of

Cisco 400-101 Exam
Electrical and Electronics Engineers (IEEE) 802.1Q standard. Additionally, VTP version 3 adds
support for configuring authentication passwords as hidden passwords. VTP version 2 supports
cleartext passwords only.
There are also several fundamental changes to the way VTP version 3 works when compared to
VTP version 2. For example, VTP version 2 relies on a configuration revision number to determine
whether the VLAN configuration should be modified on a switch. By contrast, VTP version 3 uses
configuration revision numbers and a primary server system to determine which configurations
should be changed and which devices are allowed to implement changes. The intended purpose
of the primary server is to mitigate accidental overwrites of the VLAN database. However, because
VTP version 2 does not support primary servers, Cisco recommends that VTP version 2 devices
that are to be connected to a VTP version 3 network be placed into VTP client mode.
VTP version 3 is backward compatible with VTP version 2 and can therefore support normal
VLANs. When a switch configured with VTP version 3 receives a VTP version 2 advertisement on
a port, it sends VTP version 2 messages on that port and VTP version 3 messages on the other
ports.
VTP version 3 improves on VTP version 2 by adding support for private VLANs (PVLANs). In
addition, VTP version 3 adds support for databases other than VLAN databases, such as Multiple
Spanning Tree (MST) databases.
Reference:
switches/solution_guide_c78_508010.html
QUESTION NO: 425
A backtoback serial connection exists between RouterA and RouterB.
You issue the show controllers serial 0/0 command on RouterB and receive the following partial
output:
Which router or routers provide clocking? (Select the best answer.)

Cisco 400-101 Exam
A.
RouterA
B.
RouterB
C.
both RouterA and RouterB
D.
neither RouterA nor RouterB
Answer: A
Explanation:
RouterA provides clocking. When two routers are connected by a serial cable, one end is
connected to the data communications equipment (DCE) end of the cable, and the other end is
connected to the data terminal equipment (DTE) end of the cable. The device connected to the
DCE end of the serial cable must provide clocking to establish the data communication speed for
the link, and the device connected to the DTE end of the serial cable accepts the clocking
provided by the DCE device.
The output of the show controllers serial 0/0 command indicates that RouterB is the DTE device,
which does not provide clocking. Therefore, RouterA must be the DCE device and, consequently,
must provide clocking.
To configure the clock rate on a DCE device, you should issue the clock rate command. When
issuing the clock rate command, you should specify the parameter in bits per second. Thus, if you
were to issue the clock rate 64000 command, you would configure the interface to operate at 64
Kbps.
Reference:
https://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/7923-ppp-back.html
https://www.cisco.com/c/en/us/td/docs/ios/12_2/interface/command/reference/finter_r/irfshoap.htm
l
QUESTION NO: 426
Which of the following statements is true regarding the use of the network command with OSPFv3
and EIGRPv6? (Select the best answer.)
A.

Cisco 400-101 Exam
The network command is required with OSPFv3 but is not required with EIGRPv6.
B.
The network command is required with EIGRPv6 but is not required with OSPFv3.
C.
The network command is required with both OSPFv3 and EIGRPv6.
D.
The network command is required with neither OSPFv3 nor EIGRPv6.
Answer: D
Explanation:
The network command is required with neither Open Shortest Path First version 3 (OSPFv3) nor
Enhanced Interior Gateway Routing Protocol version 6 (EIGRPv6), because OSPFv3 and
EIGRPv6 are configured directly on each participating interface. The networkcommand is required
only with OSPFv2 and EIGRP for IPv4.
OSPFv3 is also referred to as OSPF for IPv6. To enable OSPFv3 on an interface, you should
issue the ipv6 ospf processidarea areaid command in interface configuration mode. If an IPv4
address is not configured, you must also issue the routerid id command in router configuration
mode to manually configure a router ID before the OSPF routing process will start. The router ID is
a 32bit value similar to an IPv4 address that uniquely identifies a router. To enter router
configuration mode for OSPFv3, you should issue the ipv6 router ospfprocessid command in
global configuration mode.
EIGRPv6 is also referred to as EIGRP for IPv6. To enable EIGRPv6 on an interface, you should
issue the ipv6 eigrp asnumber command in interface configuration mode. To enable EIGRPv6 on
a router, you should issue the ipv6 router eigrp asnumber command in global configuration mode,
where asnumber is the autonomous system number (ASN), then issue the no shutdown command
in router configuration mode to start the routing process. If no IPv4 addresses are configured on
the router, you must also issue the routerid id command in router configuration mode to manually
configure a router ID.
Reference:
eigrp.html
e=enUS&tab=Cisco
QUESTION NO: 427

Cisco 400-101 Exam
You administer the OSPF network shown in the diagram above. The reference bandwidth has
been changed to 1000 on every router in the network.
What is the cost of the route from RouterA to RouterC? (Select the best answer.)
A.
2
B.
3
C.
11
D.
12
E.
20
Answer: B
Explanation:
In this scenario, the cost of the route from RouterA to RouterC is 3. In an Open Shortest Path First
(OSPF) network, a cost is associated with every link on the network. The OSPF routing process
on each router calculates the optimal route to other routers in the network based on the sum of the
link costs to those routers. The route with the lowest cost is considered the best. If there is more
than one route with the same cost, then the OSPF routing process will use load balancing to
distribute traffic evenly among the routes. The cost of each link and the optimal route from

Cisco 400-101 Exam
RouterA to RouterC are shown in the following exhibit:
The cost of a link is based on the interface bandwidth and the reference bandwidth, as indicated
by the following formula:
cost = reference bandwidth / interface bandwidth
The default reference bandwidth is 100 Mbps. If a bandwidth has not been configured on an
interface, the OSPF process will use the default value for the interface type. For example, a
100Mbps Fast Ethernet interface has a default interface bandwidth of 100. The minimum
supported cost for an OSPF interface is 1, and any values that calculate to less than 1 are
rounded up to 1. Therefore, any link with an interface bandwidth greater than or equal to 100 Mbps
will result in a cost of 1 by default. In this scenario, the reference bandwidth is 1000 Mbps. Thus a
FastEthernet interface will have a cost of 10, and a 1Gbps GigabitEthernet interface will have a
cost of 1.
An OSPF process uses cost values to generate its shortest path first (SPF) tree and then to
determine the optimal routes to all known networks. Because the minimum cost value is 1, the
reference bandwidth should be a value greater than or equal to the bandwidth of the fastest routed
link in the administrative domain. If the reference bandwidth is less than the fastest routed link on
the network, a situation can arise where the costs of two interfaces are the same even though their
link speeds are different. For example, if the reference bandwidth in this scenario were reset to its
default value, the cost of every link would have a value of 1. Because all links would then appear
to have the same cost, the OSPF routing process would not be able to distinguish between the
FastEthernet and GigabitEthernet links in the network. The OSPF process would then perform
equalcost load balancing to distribute packets evenly among the available paths. This distribution
would cause some packets in this example to take suboptimal routes to their destinations.
You can issue the autocost command from router configuration mode to change the reference
bandwidth for an OSPF routing process. The syntax for the autocost command is autocost
Cisco 400-101 Exam
reference-bandwidth ref-bw, where ref-bw is an integer between 1 and 4294967. Alternatively, you
can manually configure a cost at the interface level by issuing the ip ospf cost command.
Reference:
QUESTION NO: 428
Which of the following information does a Type 2 LSA contain? (Select the best answer.)
A.
subnet information for an entire area
B.
external routes redistributed into OSPF
C.
the router ID and the IP addresses for a single router
D.
subnet and router information for all the routers on a segment
Answer: D
Explanation:
A Type 2 linkstate advertisement (LSA) contains subnet and router information for all the routers
on a segment. Type 2 LSAs, which are also called network LSAs, are generated by only the
designated router (DR) to each of the segments connected to the DR. These LSAs are not
propagated outside the area in which they originate? they are flooded only within the local area.
A Type 1 LSA contains the router ID and the IP addresses for a single router. Type 1 LSAs, which
are also called router LSAs, are generated by all Open Shortest Path First (OSPF) routers on a
segment. Like Type 2 LSAs, Type 1 LSAs are not propagated outside the area in which they
originate; they are flooded only within the local area.
A Type 3 LSA contains subnet information for an entire area. Type 3 LSAs, which are also called
network summary LSAs, are generated by area border routers (ABRs). Unlike Type 1 and Type 2
LSAs, Type 3 LSAs are advertised between areas throughout an autonomous system (AS) except
into totally stubby areas.
A Type 5 LSA contains external routes redistributed into OSPF. Type 5 LSAs, which are also
called ASexternal LSAs, are generated by autonomous system boundary routers (ASBRs).
Therefore, Type 5 LSAs are advertised throughout an AS except into stub areas, totally stubby

Cisco 400-101 Exam
areas, and notsostubby areas (NSSAs).
Reference:
os/unicast/configuration/guide/l3_cli_nxos/l3_ospf.html#wp1243056
g.html#wp1046958
QUESTION NO: 429
Which of the following terms refers to a method that is used to pass IPv6 traffic over an IPv4-only
network? (Select the best answer.)
A.
6to4 tunneling
B.
4to6 tunneling
C.
NAT64
D.
dual stacks
Answer: A
Explanation:
To pass IPv6 traffic over a network that supports only IPv4, a tunneling method is required, such
as 6to4 tunneling. The 6to4 tunneling method encapsulates an IPv6 packet inside an IPv4 header.
Routers on the IPv4only network recognize only the IPv4 header information? the IPv6 packet is
simply carried as the data payload of the IPv4 packet.
The 4to6 tunneling method is the reverse of the 6to4 tunneling method. Routers on the IPv6only
network recognize only the IPv6 header information. Therefore, IPv4 packets must be
encapsulated inside an IPv6 header so that they can pass over the IPv6only network.
Network Address Translation 64 (NAT64) enables communication between IPv4only hosts and
IPv6only hosts. NAT64 translates IPv4 packets to IPv6 packets and translates IPv6 packets to
IPv4 packets. However, a NAT64 router must contain address mappings so that the router can
correctly translate IPv4 and IPv6 addresses. NAT64 supports stateless and stateful address
translation. When performing stateless translation, NAT64 uses algorithms to create a onetoone

Cisco 400-101 Exam
relationship between IPv6 addresses on the inside network and IPv4 addresses on the outside
network. When performing stateful translation, NAT64 maps multiple IPv6 addresses to a single
IPv4 address and keeps track of the state of each connection. Static mappings can also be
applied manually.
Dual stacks are used so that a host or router can use IPv4 and IPv6 simultaneously. Dualstack
devices are configured with an IPv4 address and an IPv6 address; thus a dualstack device can
communicate directly with both IPv4 and IPv6 devices without requiring protocol translation.
However, a network infrastructure capable of routing both IPv4 and IPv6 traffic is required.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/interface/configuration/xe-3s/ir-xe-3s-book/ip6-
6to4-tunls-xe.html
QUESTION NO: 430
You administer the network shown above. You issue the show running-config command on
RouterA and receive the following partial output:

Cisco 400-101 Exam
A.
RouterA will not advertise any routes to RouterB.
B.
RouterA will advertise only the route to 192.168.1.0/24 to RouterB.
C.
RouterA will advertise the routes to 192.168.0.0/24 and 192.168.1.0/24 to RouterB.
D.
RouterB will not advertise any routes to RouterD.
E.
RouterB will advertise only the route to 192.168.0.0/24 to RouterD.
F.
RouterB will advertise only the route to 192.168.1.0/24 to RouterD.
G.
RouterB will advertise the routes to 192.168.0.0/24 and 192.168.1.0/24 to RouterD.
Answer: C,F
Explanation:
RouterA will advertise the routes to 192.168.0.0/24 and 192.168.1.0/24 to RouterB, and RouterB
will advertise only the route to 192.168.1.0/24 to RouterD. RouterB will advertise both routes to
RouterC because RouterB and RouterC are in the same autonomous system (AS). The neighbor
10.1.1.2 routemap map1 out command applies route map map1 to modify outgoing routes from
RouterA. Because the routemap map1 permit 20 command overrides the implicit deny rule for
map1, the route map will not restrict which routes are advertised from RouterA to RouterB.
Cisco 400-101 Exam
Additionally, map1 is configured to only apply the noexport community attribute to routes that
match access list 1. Routes that do not match access list 1 are advertised without the attribute.
Because route map map1 is configured to apply the noexport community attribute to only the
routes that pass access list 1, the noexport community attribute will affect only the route to
192.168.0.0/24.
The neighbor 10.1.1.2 remoteas 200 command specifies that RouterB, which is in AS 200, is an
external Border Gateway Protocol (eBGP) neighbor of RouterA. The neighbor 10.1.1.2
sendcommunity command configures RouterA to send community attribute settings to RouterB.
The community attribute is an optional, transitive Border Gateway Protocol (BGP) attribute that is
not required to be supported by all BGP implementations. Additionally, BGP implementations that
do not support the community attribute are not required to pass the attribute to other routers. By
default, Cisco routers do not pass community attributes to BGP neighbors. The community
attribute can be modified in a route map by issuing the set community command with one of the
following four keywords:
-loca-las -prevents advertising outside the AS, or in confederation scenarios, outside the sub-AS
internet-advertises the route to any router
The set community no-export command configures the BGP community attribute to inform
neighbor routers to not export the route to eBGP peers. Therefore, RouterB will not advertise the
route to 192.168.0.0/24 outside of AS 200. Because RouterD is in AS 300, RouterB will not
advertise the 192.168.0.0/24 route to RouterD. RouterB will advertise both routes to RouterC,
which is in AS 200. The community attribute does not modify how RouterA advertises the routes; it
modifies how neighbor routers advertise the routes received from RouterA.
Reference:
toc.html#communityattribute
toc.html#sec3
n1.html#wp2607806244
QUESTION NO: 431
Two switches are connected by an LACP EtherChannel bundle.

Cisco 400-101 Exam
Which criterion is considered first in order to determine which ports should become active? (Select
the best answer.)
A.
the port number of each switch port
B.
the port priority of each switch port
C.
the MAC address of each switch
D.
the system priority of each switch
Answer: D
Explanation:
The system priority of each switch is considered first in order to determine which ports in a Link
Aggregation Control Protocol (LACP) EtherChannel bundle should become active. The lacp
systempriority command configures a switch with an LACP system priority. The system priority
value can be from 1 through 65535; if no priority value is defined, the default system priority value
of 32768 is used. The switch with the lowest system priority makes the decisions regarding which
ports are active on the EtherChannel. If two switches have the same priority, the switch with the
lowest Media Access Control (MAC) address makes the decisions regarding which ports are
active on the EtherChannel.
The decisionmaking switch then determines which ports will become active. The lacp
portpriorityvalue command configures an LACP interface with a port priority, which is used to
determine which interfaces are active interfaces and which interfaces are standby interfaces. The
value parameter is a value from 1 through 65535; if no priority value is defined, the default port
priority value of 32768 is used. Ports with lower priority values are used as active interfaces before
ports with higher priority values. If multiple ports have the same priority value, ports with lower port
numbers are used before ports with higher port numbers.
Reference:
QUESTION NO: 432
Which of the following is true regarding VRRP? (Select the best answer.)

Cisco 400-101 Exam
A.
VRRP enables the simultaneous use of multiple gateway routers.
B.
VRRP has one master virtual router and multiple backup virtual routers.
C.
VRRP has one active router and one standby router.
D.
VRRP has one virtual gateway and multiple active virtual forwarders.
Answer: B
Explanation:
Virtual Router Redundancy Protocol (VRRP) has one master virtual router and multiple backup
virtual routers. VRRP enables a group of routers to appear like a single default gateway. VRRP
uses the IP address of a physical interface on the master virtual router, which is the router in the
group with the highest VRRP priority. The other routers in the group are backup virtual routers. If
the master virtual router fails, the backup virtual router with the highest priority will assume the role
of the master virtual router, thereby providing uninterrupted service for the network. When the
original master virtual router comes back online, it reestablishes its role as the master virtual
router. Because only one master virtual router is used for a VRRP group, VRRP cannot
simultaneously use multiple gateway routers in a loadbalancing configuration.
Gateway Load Balancing Protocol (GLBP), not VRRP, has one active virtual gateway (AVG) and
up to four active virtual forwarders (AVFs). The AVG is the router in the group with the highest
GLBP priority value, or the highest IP address if multiple routers are configured with the highest
priority value. The other routers in the GLBP group are configured as primary or secondary AVFs.
Up to four primary AVFs can be configured in a GLBP group, and the primary AVFs can
participate in forwarding traffic. Consequently, multiple routers can be used simultaneously to
provide load balancing for the GLBP group.
Hot Standby Router Protocol (HSRP), not VRRP, has one active router and one standby router.
Similar to GLBP, HSRP can be used to provide backup router coverage if the primary gateway
becomes unavailable. Multiple routers are assigned to an HSRP group, and the routers function as
a single gateway. The active router is the router in the group with the highest HSRP priority value,
and the standby router is the router with the secondhighest HSRP priority value. Other routers in
the HSRP group are in the listen state. If the active router fails, the standby router assumes the
active router role and a new standby router is elected.
Reference:
https://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html#wp1027184
https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9234-
hsrpguidetoc.html#hsrpop

Cisco 400-101 Exam
book/fhp-vrrp.html
QUESTION NO: 433
You are configuring 802.1X authentication on the FastEthernet 0/1 port on a switch named
SwitchA. You want to ensure that any hosts connected to the port are authenticated by using
802.1X before the hosts can transmit data through the switch.
Which of the following command sequences should you issue on SwitchA? (Select the best
answer.)
A.
SwitchA#configure terminalSwitchA(config)#aaa newmodel
SwitchA(config)#aaa authentication dot1x default group radius
SwitchA(config)#dot1x systemauthcontrol
SwitchA(configif)#dot1x portcontrol forceauthorized
B.
SwitchA(configif)#dot1x portcontrol forceunauthorized
C.
SwitchA(configif)#dot1x portcontrol auto
D.

Cisco 400-101 Exam
SwitchA(configif)#dot1x portcontrol all
Answer: C
Explanation:
You should issue the following command sequence on SwitchA to ensure that hosts connected to
the FastEthernet 0/1 port are authenticated by using 802.1X before the hosts are allowed to send
traffic through the switch:
SwitchA#configure terminal
SwitchA(config)#aaa newmodel
SwitchA(configif)#dot1x portcontrol auto
You can enable 802.1X portbased authentication on Cisco switches to ensure that only
authenticated users can send traffic through the switch. Before a user is authenticated, the only
traffic allowed through the switch port is Extensible Authentication Protocol over LANs (EAPOL),
Spanning Tree Protocol (STP), and Cisco Discovery Protocol (CDP) traffic. This ensures that the
host is not able to send traffic through the port until authentication occurs.
To configure 802.1X authentication on a switch, you should first enable Authentication,

Authorization, and Accounting (AAA) authentication on the switch by issuing the aaa newmodel
command in global configuration mode. A Remote Authentication DialIn User Service (RADIUS)
server must exist on the network in order to support AAA authentication. After configuring AAA
authentication on the switch, you should issue the aaa authentication dot1x default group radius
command to configure the switch to use the RADIUS servers for authentication.
You should enable 802.1X on the switch after you have configured AAA authentication on the
switch. You can enable 802.1X by issuing the dot1x system authcontrol command. This command
globally enables 802.1X on the switch. You should then configure each interface that will use
802.1X. In this scenario, you want to configure interface FastEthernet 0/1, so you should issue the
interface fastethernet 0/1 command to enter interface configuration mode. After entering interface
configuration mode, you should issue the dot1x portcontrol {forceauthorized | forceunauthorized |
auto} command. The auto keyword enables 802.1X authentication on the port? consequently, the
authentication process occurs between the switch and a connected host. If the host is configured
with 802.1X authentication, the host will be authenticated and will be able to send traffic through
the switch.
Cisco 400-101 Exam
If the host is not configured with 802.1X authentication, the authentication process will fail and the
host will be unable to send traffic through the port. The force authorized keyword of the dot1x
portcontrol command configures the port to authorize any host that connects to the port? no
802.1X authentication process will take place. Any host connected to the port will be able to send
traffic through the switch. The force unauthorized keyword configures the port to never allow
authentication for a connected host. No authentication will take place, and the host will be unable
to send traffic through the port.
The command sequence that contains the dot1x portcontrol all command does not configure
802.1X authentication on the FastEthernet 0/1 port on SwitchA. The dot1x portcontrol command
does not include an all parameter. Issuing this command would result in an error being displayed.
Reference:
2_25_se/configuration/guide/3750scg/sw8021x.html#wp1025133
QUESTION NO: 434
You issue the show running-config command on a Cisco 3700 series router named RouterA and
receive the following partial output:
RouterA begins to receive VoIP and FTP packets.
A.

Cisco 400-101 Exam
The VoIP packets will be sent before the FTP packets.
B.
The FTP packets will be sent before the VoIP packets.
C.
Smaller packets will be sent before larger packets.
D.
Larger packets will be sent before smaller packets.
E.
Packets will be sent in the order they are received.
Answer: E
Explanation:
Packets will be sent in the order they are received. In this scenario, class-based weighted fair
queuing (CBWFQ) and low latency queuing (LLQ) are used, as indicated by the priority and
bandwidth commands. However, only the class-default class can use weighted fair queuing
(WFQ)? the other classes can use only firstinfirstout (FIFO) queuing within the class. With FIFO
queuing, the first packet received is the first packet transmitted.
A traffic class can be prioritized over other traffic classes, but traffic within that class is processed
in the order in which the traffic is received, without regard for packet size, protocol, or IP
precedence. For example, Voice over IP (VoIP) packets might be transmitted ahead of File
Transfer Protocol (FTP) packets, and FTP packets might be transmitted ahead of VoIP packets.
Similarly, smaller packets might be transmitted ahead of larger packets, and larger packets might
be transmitted ahead of smaller packets.
Reference:
https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/22833-qos-
faq.html#qc
QUESTION NO: 435
You issue the following commands on a router:
line console 0
exec-timeout 1 30
How long will the console session to the router remain established without input before the session
Cisco 400-101 Exam
is automatically disconnected? (Select the best answer.)
A.
30 seconds
B.
60 seconds
C.
90 seconds
D.
30 minutes
E.
60 minutes
F.
90 minutes
Answer: C
Explanation:
The console session to the router will remain established without input for 90 seconds before the
session is automatically disconnected. The syntax of the exectimeoutcommand is
exectimeoutminutes [seconds]. Therefore, the exectimeout 1 30command configures the router to
automatically disconnect idle sessions after one minute and 30 seconds, which is equal to 90
seconds. If the exectimeout command has not been issued, an idle session will remain established
for 10 minutes without input. Issuing the no exectimeout command or the exectimeout 0 0
command causes a session to never time out due to inactivity; therefore, the no exectimeout
command does not restore the default setting of 10 minutes.
To configure an idle timeout of 30 seconds, you could issue the exectimeout 0 30command. To
configure an idle timeout of 60 seconds, you could issue the exectimeout 1 command. To
configure an idle timeout of 30 minutes, you could issue the exectimeout 30 command. To
configure an idle timeout of 60 minutes, you could issue the exectimeout 60 command. To
configure an idle timeout of 90 minutes, you could issue the exectimeout 90 command.
Reference:
xml/ios/fundamentals/command/cf_command_ref/D_through_E.html#wp1304810105
QUESTION NO: 436

Cisco 400-101 Exam
By default, what will happen when you reboot a Cisco router if the startup configuration in NVRAM
has become corrupted? (Select the best answer.)
A.
The startup configuration will be loaded from flash memory.
B.
The startup configuration will be loaded from a TFTP server.
C.
A generic startup configuration will be loaded from ROM.
D.
The System Configuration Dialog will start.
Answer: D
Explanation:
By default, if the startup configuration on a Cisco router has become corrupted, the System
Configuration Dialog will start when you reboot the router. The System Configuration Dialog
enables you to set basic configuration parameters, such as the host name, enable password,
enable secret password, virtual terminal (VTY) password, and IP addressing information for
interfaces.
The startup configuration is stored in nonvolatile random access memory (NVRAM) and is not lost
when the router is rebooted or loses power. However, the startup configuration will not be loaded
from NVRAM if it is corrupted. The router will start the System Configuration Dialog if any of the
following conditions are met:
-The startup configuration has been removed by issuing the erase startupconfig command.
-The startup configuration file has become corrupted.
-Bit 6 of the configuration register is set, which specifies that the router should ignore the contents
of NVRAM.
If the last four bits of the configuration register are set to a value of 0 or 1, and an RXBOOT image
is installed on the router, you can use streamlined Setup mode. Streamlined Setup is faster than
standard Setup because streamlined Setup prompts you to configure only interface parameters,
not global router parameters.
You can issue the showstartupconfig command to display the configuration that will be loaded
when a router is started or rebooted. To copy the currently running configuration to the startup
configuration, you should issue the copy runningconfig startupconfigcommand from privileged
EXEC mode.
A router will not load a startup configuration file from flash memory. The Cisco IOS is normally
located in flash memory. During a reboot, if the flash memory is empty or the file system is corrupt,
Cisco 400-101 Exam
you will receive an error message stating boot: cannot open "flash:". The router will then load a
limited version of the IOS from readonly memory (ROM).
A router will only load a configuration file from a Trivial File Transfer Protocol (TFTP) server if the
service config, boot host, or boot network commands have been issued? by default, these
commands are disabled.
ROM does not contain a generic startup configuration file that can be loaded by a router during a
reboot. The following processes occur when a router is started:
1.The router performs poweron self test (POST) checks.
2.The bootstrap program is loaded and executed.
3.The bootstrap program loads an IOS image from flash memory, a TFTP server, or ROM.
4.The IOS loads a configuration file from NVRAM; if no configuration file is present, the router
starts theSystem Configuration Dialog.
5. The router is placed in user EXEC mode.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf002.html#w
p1001707
Select the items on the left, and place them in the corresponding fields in the table on the right. Fill
all fields. Some items might be used more than once, and some items will not be used at all.

Cisco 400-101 Exam
Answer:
Explanation:
Hot Standby Router Protocol (HSRP) is a First Hop Redundancy Protocol (FHRP) that enables
multiple routers to act as a single gateway. The HSRP virtual IP address can be configured as the
default gateway address for client devices. Multiple routers can be assigned to an HSRP group,
but each group has only one active router and one standby router. The active router is the router
in the group with the highest HSRP priority value, and the standby router is the router with the
second highest HSRP priority value. Other routers in the HSRP group are in the listen state. If the
active router fails, the standby router assumes the active router role and a new standby router is
elected.
HSRP version 1 (HSRPv1) supports only 256 groups, numbered from 0 through 255. HSRPv2
improves upon HSRPv1 by increasing the number of groups to 4,096. HSRPv6, which is also
called HSRP for IPv6, further improves HSRPv2 by adding support for IPv6. The default HSRP
group value for all HSRP versions is 0.
HSRPv1 and HSRPv2 use User Datagram Protocol (UDP) port number 1985. HSRPv6 uses UDP
port number 2029.
Multicast addresses are used to send Hello packets to group members. By default, Hello packets
are sent by the active router every three seconds. Only the standby router monitors the active
router's Hello packets. If the standby router does not receive a Hello packet from the active router
for the duration configured in the Hold time, the standby router takes over the role of the active
router. By default, the Hold time is set to 10 seconds. HSRPv1 uses multicast address 224.0.0.2.
HSRPv2 uses multicast address 224.0.0.102. HSRPv6 uses multicast address FF02::66.
Cisco 400-101 Exam
Although each router has a unique Media Access Control (MAC) address, the routers in an HSRP
group will share a virtual MAC address. HSRPv1 uses the virtual MAC address 0000.0C07.ACxx,
where xx is the group number in hexadecimal format. Therefore, an HSRPv1 router could have a
virtual MAC address from 0000.0C07.AC00 through 0000.0C07.ACFF. HSRPv2 uses the virtual
MAC address 0000.0C9F.Fxxx, where xxx is the group number in hexadecimal format. Therefore,
an HSRPv2 router could have a virtual MAC address from 0000.0C9F.F000 through
0000.0C9F.FFFF. HSRPv6 uses the virtual MAC address 0005.73A0.0xxx, where xxx is the group
number in hexadecimal format. Therefore, an HSRPv6 router could have a virtual MAC address
from 0005.73A0.0000 through 0005.73A0.0FFF.
Reference:
2_55_se/configuration/guide/3750escg/swhsrp.html
https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9281-3.html#q34
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-sy/fhp-15-sy-
book/HSRP-for-IPv6.html
QUESTION NO: 438
Two routers have been set up to establish a VPN tunnel. Both routers support GRE and IPSec,
and both routers are configured with IPv4 and IPv6 addresses. You issue the tunnel mode auto
command on both routers.
A.
GRE will be used for the tunneling protocol, and IPv4 will be used for the transport protocol.
B.
GRE will be used for the tunneling protocol, and IPv6 will be used for the transport protocol.
C.
IPSec will be used for the tunneling protocol, and IPv4 will be used for the transport protocol.
D.
IPSec will be used for the tunneling protocol, and IPv6 will be used for the transport protocol.
E.
The tunnel will not establish, because one router must be configured statically.
Answer: E

Cisco 400-101 Exam
Explanation:
The tunnel will not establish, because one router, the initiator, must be configured statically. The
tunnel mode auto command enables the Tunnel Mode Auto Selection feature, which simplifies the
configuration of a virtual private network (VPN) tunnel. When Tunnel Mode Auto Selection is
configured, the responder will apply the tunneling protocol and transport protocol that is
established by the initiator.
To configure a router to use Generic Routing Encapsulation (GRE) for the tunneling protocol and
IPv4 for the transport protocol, you should issue the tunnel mode gre ipcommand. To configure a
router to use GRE for the tunneling protocol and IPv6 for the transport protocol, you should issue
the tunnel mode gre ipv6 command. To configure a router to use IP Security (IPSec) for the
tunneling protocol and IPv4 for the transport protocol, you should issue the tunnel mode ipsec ipv4
command. To configure a router to use IPSec for the tunneling protocol and IPv6 for the transport
protocol, you should issue the tunnel mode ipsec ipv6 command.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-
for-vpns-w-ipsec-xe-3s-book/sec-ipsec-virt-
tunnl.html#concept_D55B0B7783A441BBB576E9F85693DF39
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-
t2.html#wp3291311677
Drag each protocol on the left to the seed metric that is assigned by default when routes are
redistributed from another routing protocol into that protocol.
Answer:

Cisco 400-101 Exam
Explanation:
A default seed metric with the value of infinity is assigned to routes that are redistributed into
Enhanced Interior Gateway Routing Protocol (EIGRP) from another routing protocol. Routes with
an infinite metric are ignored by EIGRP and are not entered into the routing table. Because EIGRP
uses a complex metric based on bandwidth, delay, reliability, and load, the metric value used by
the redistributing protocol cannot be automatically converted into a metric that EIGRP
understands. Therefore, EIGRP requires that the metric be defined for all redistributed routes
before those routes are entered into the routing table.
A default seed metric of infinity is also assigned to routes that are redistributed into Routing
Information Protocol (RIP) from another routing protocol. Like EIGRP, RIP requires that the metric
be defined for all redistributed routes before those routes are entered into the routing table. RIP
uses hop count as a metric. Valid hop count values are from 1 through 15; a value of 16 is
considered to be infinite. The hop count metric increases by 1 for each router along the path.
Cisco recommends that you set a low value for the hop count metric for redistributed routes.
A default seed metric of 0 is assigned to routes that are redistributed into Intermediate
SystemtoIntermediate System (ISIS) from another routing protocol. ISIS uses a cost metric
assigned to each participating interface. ISIS prefers routes with the lowest cost. Routes
redistributed into ISIS are designated as Level 2 routes unless otherwise specified.
A default seed metric of 1 is assigned to Border Gateway Protocol (BGP) routes that are
redistributed into Open Shortest Path First (OSPF), and a default seed metric of 20 is assigned to
routes that are redistributed into OSPF from another internal gateway protocol (IGP). By default,
all routes redistributed into OSPF are designated as Type 2 external (E2) routes. E2 routes have a
metric that remains constant throughout the routing domain. Alternatively, routes redistributed into
OSPF can be designated as Type 1 external (E1) routes. With E1 routes, the internal cost of the
route is added to the initial metric assigned during redistribution.

Cisco 400-101 Exam
Routes that are redistributed into BGP are set to the same metric value that is used by the IGP.
However, Cisco does not recommend redistributing IGP routes into BGP, because doing so can
cause instability.
Reference:
QUESTION NO: 440
You issue the show ip route command on RouterE and receive the following output:
Which of the following statements are accurate about the route to 192.0.3.0/24? (Select 2
choices.)
A.
The link cost is 66.
B.
The link cost is 110.
C.
The AD is 66.
D.
The AD is 110.
E.
The bandwidth of the link is 66 Kbps.
F.
The bandwidth of the link is 110 Kbps.
Answer: A,D

Cisco 400-101 Exam
Explanation:
The administrative distance (AD) of the route in the scenario is 110, and the link cost is 66. In the
output of the show ip route command, the first number within the brackets indicates the AD. When
multiple routes to a network exist and each route uses a different routing protocol, a router prefers
the routing protocol with the lowest AD. The following list contains the most commonly used ADs:
The AD of the route in this scenario is 110, the same as the default distance for an Open Shortest
Path First (OSPF) route. AD for a routing protocol can be manually configured by issuing the
distance command in router configuration mode. For example, to change the AD of OSPF process
ID 1 from 110 to 80, you could issue the following commands:
RouterE(config)#router ospf 1
RouterE(config-router)#distance 80
The second number within the brackets indicates the metric. Because this is an OSPF link, as
indicated by the O at the start of the route statement, the second number within the brackets
indicates the cost metric. Therefore, the cost of the link in this scenario is 66. When two OSPF
paths exist to the same destination, the router will choose the OSPF path with the lowest cost.
OSPF calculates cost based on the bandwidth of an interface: the higher the bandwidth, the lower
the cost. To calculate the cost, divide 100,000,000 by the bandwidth in bits per second. Thus a
100Mbps link would have a cost of 1, a 10Mbps link would have a cost of 10, a T1 line would have
a cost of 64 (100,000,000 / 1,544,000), and a 64Kbps line would have a cost of 1,562.
As the hops between a router and a destination increase, the cost increases by the bandwidth
calculation of the additional links. Therefore, the route in this scenario is the cost of the
FastEthernet link between RouterE and RouterC added to the cost of the T1 link between RouterC
and RouterB added to the cost of the FastEthernet link between RouterB and the 192.0.3.0/24
Cisco 400-101 Exam
network. Therefore, the cost for RouterE to reach the 192.0.3.0/24 network is 1 + 64 + 1, or 66.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfindp2.html#
wp1022511
QUESTION NO: 441
Which of the following variables is typically the limiting factor when maximizing throughput?
A.
rwin
B.
BW
C.
BDP
D.
RTT
Answer: A
Explanation:
The rwin variable, which is used to indicate the Transmission Control Protocol (TCP) receive
window size, is typically the limiting factor when maximizing throughput. In order to achieve
maximum throughput, you should set the TCP receive window size to a value equal to or greater
than the bandwidth delay product (BDP), which is the maximum amount of data that can exist on a
network path at any given time.
To calculate BDP, you should use the formula BW x RTT = BDP, where BW is the bandwidth and
RTT is the roundtrip time, also known as latency. When you are calculating BDP, it is important to
ensure that the unit measurements match for each variable. For example, BW is typically
measured in bits per second, whereas RTT is typically measured in milliseconds. Therefore, you
should convert the RTT value to seconds before multiplying the values. For example, a Fast
Ethernet link with a latency of 40 milliseconds (ms) would have a BDP of 4 Mb:
100 Mbps x 0.040 seconds = 4 Mb
The BDP measurement will match the measurement that is used for the BW variable. In this
example, the BDP is expressed in megabits. If you need to convert from bits (lowercase b) to

Cisco 400-101 Exam
bytes (uppercase B), you should divide by 8. Conversely, if the bandwidth is expressed in bytes
and you need to convert to bits, you should multiply by 8.
Neither BDP, BW, nor RTT is typically the limiting factor when maximizing throughput. However,
when rwin is set to a value higher than BDP, bandwidth and latency become limiting factors.
Reference:
https://www.cisco.com/application/pdf/en/us/guest/tech/tk277/c1482/ccmigration_09186a00801b1
259.pdf#page=26
https://www.cisco.com/c/en/us/td/docs/nsite/enterprise/wan/wan_optimization/wan_opt_sg/chap06
.html#wp1053392
QUESTION NO: 442
You issue the monitor session 1 source interface FastEthernet1/0 command on SwitchA.
A.
The FastEthernet1/0 interface cannot be a SPAN destination port.
B.
The FastEthernet1/0 interface cannot be a SPAN source port.
C.
The FastEthernet1/0 interface will pass only SPANrelated traffic.
D.
The FastEthernet1/0 interface can coexist with SPAN source VLANs.
E.
Up to 256 SPAN ports can be configured on SwitchA.
Answer: A
Explanation:
The FastEthernet1/0 interface cannot be a Switched Port Analyzer (SPAN) destination port if you
issue the monitor session 1 source interface FastEthernet1/0 command on SwitchA, because the
command configures the FastEthernet1/0 interface as a SPAN source port. SPAN enables you to
monitor traffic on a single switch by configuring one or more ports in one or more virtual LANs
(VLANs) on the switch as the source port and a single port on the switch as the destination port.
Traffic that arrives on the source ports is copied to the destination port for analysis.

Cisco 400-101 Exam
The FastEthernet1/0 interface will pass all traffic. However, if you were to configure the interface
as a SPAN destination port, the FastEthernet1/0 interface would only be required to pass
SPANrelated traffic and would no longer behave as a normal switch port. If you were to issue the
show interfaces FastEthernet1/0 command on SwitchA after configuring that interface as a SPAN
destination port, you would see the following partial output:
SwitchA#show interfaces FastEthernet1/0
FastEthernet1/0 is up, line protocol is down (monitoring)
The line protocol is down (monitoring) syntax in the output above indicates that the
FastEthernet1/0 port is a SPAN destination port.
The FastEthernet1/0 interface can be and is a SPAN source port in this scenario. To configure the
interface as a SPAN destination interface, you should issue the monitor session 1 destination
interface FastEthernet1/0 command. However, a destination interface cannot be simultaneously
configured as a source interface.
The FastEthernet1/0 interface cannot coexist with SPAN source VLANs. When using basic SPAN,
you can configure source ports as either a range of physical ports or a VLAN. However, you
cannot use a mixture of physical ports and VLANs as source ports for the same SPAN instance.
Only 64 SPAN ports can be configured on SwitchA. Although multiple SPAN ports can be
configured as SPAN source ports, only one SPAN session can send traffic to a destination
interface. You cannot add a second destination interface to a SPAN session, nor can you
configure a destination interface in a second SPAN session.
Reference:
m1.html#wp3062797913
m1.html#wp2103230147
QUESTION NO: 443
Which of the following is used to discover IPv6 hosts that want to receive multicast traffic? (Select
the best answer.)
A.
IGMPv3
B.
MLD
Cisco 400-101 Exam
C.
MSDP
D.
uRPF
Answer: B
Explanation:
Multicast Listener Discovery (MLD) is used to discover IPv6 hosts that want to receive multicast
traffic. MLD is similar to Internet Group Management Protocol (IGMP) in that both are used to
manage multicast group membership information. However, neither IGMP version 2 (IGMPv2) nor
IGMPv3 supports IPv6. IPv6 routers are MLD queriers, and IPv6 hosts are MLD receivers. An
MLD host sends a report message to the MLD querier on the subnet to indicate that the host
wants to receive multicast traffic. MLD messages are sent with a timetolive (TTL) value of 1, which
means that an MLD message is sent only to the next hop.
IGMPv3 improves upon IGMPv2 by adding support for SSM. Thus an IGMPv3 host can specify
the source addresses from which it will accept multicast traffic. If the receivers specifically require
SSM, you can enable IGMPv3 multicast with SSM by issuing the ip pim ssm command, the ip pim
{sparsemode | sparsedensemode} command, and the ip igmp version 3 command. Conversely, an
IGMPv2 host cannot use SSM to specify the source address from which it will accept multicast
traffic. Therefore, you should issue the ip pim {sparsemode | sparsedensemode | densemode}
command to enable IGMPv2 multicast on a router; sparsemode interfaces must also be configured
with the ip pim rpaddress command. IGMPv2 does not require the ip igmp version 2 command,
because IGMPv2 is used by default.
The ip pim rpaddress command statically configures the address of the rendezvous point (RP) on
the router. The ip pim sparsemode command enables Protocol Independent Multicast sparse
mode (PIMSM) on an interface. PIMSM adds an interface to the multicast table either when a
downstream router sends a join message on that interface or when a member of the multicast
group is directly connected to the interface. Otherwise, multicast traffic will not be sent by using
the PIMSM interface.
Multicast Source Discovery Protocol (MSDP) can be used to share multicast source information
between multiple PIMSM domains. To communicate across domains, MSDP relies on Border
Gateway Protocol (BGP) or multiprotocol BGP (MBGP). However, MSDP does not work with
IPv6? therefore, MSDP is not used to discover IPv6 hosts that want to receive multicast traffic.
Unicast Reverse Path Forwarding (uRPF) checks the source IP address of a packet to determine
whether the packet arrived on the best path back to the source based on routing table information.
If the IP address information is spoofed, the uRPF check will fail and the packet will be dropped.
Therefore, uRPF mitigates spoofing attacks. However, uRPF is not used to discover IPv6 hosts
that want to receive multicast traffic.
Reference:

Cisco 400-101 Exam
os/multicast/configuration/guide/n7k_multic_cli_5x/mld.html
001
064
QUESTION NO: 444
Another administrator has configured NetFlow for your company's network. You want to verify that
the FastEthernet 0/0 interface on RouterA is being used to monitor inbound flows.
A.
show flow exporter
B.
show flow-sampler
C.
show ip flow export
D.
show ip flow interface
Answer: D
Explanation:
You should issue the show ip flow interface command to verify that the FastEthernet 0/0 interface
on RouterA is being used to monitor inbound flows. NetFlow is a Cisco feature that can be used to
monitor traffic on a network. For example, NetFlow can be used to identify causes of network
congestion, slow network performance, and high bandwidth utilization. NetFlow can also be used
to monitor the amount of bandwidth that is being allocated to a Class of Service (CoS). NetFlow
considers a flow to be a sequence of IP packets on a network that have the same source address,
the same destination address, and the same inbound interface.
The show ip flow interface command verifies basic NetFlow configuration for all interfaces on a
device. When you configure an interface to capture NetFlow traffic, you must specify whether
ingress or egress traffic should be captured. In the sample output below, you can see that NetFlow
is configured with flow monitors that monitor inbound flows on the FastEthernet 0/0 interface and
outbound flows on the FastEthernet 0/1 interface:

Cisco 400-101 Exam
You should not issue the show flow exporter command to verify that the FastEthernet 0/0 interface
on RouterA is being used to monitor inbound flows. The show flow exporter command is a Flexible
NetFlow command that can be used to display statistical and current status information about a
Flexible NetFlow exporter. Flexible NetFlow is an enhancement to NetFlow that enables a broader
range of traffic matching and inspection. The following is sample output from the show flow
exporter command:
You should not issue the show flowsampler command to verify that the FastEthernet 0/0 interface
on RouterA is being used to monitor inbound flows. The show flowsampler command enables you
to view information about a flow sampler map? you can issue either the show flowsampler
command or the show flowsamplerflowsamplermap command, where flowsamplermap is the
name you assigned to the flow sampler map. The following is sample output from the show
flowsampler command:
Sampler: BSN, id : 1, packets matched : 5, mode : random sampling mode
In the sample output above, the BSN sampler, which has an ID of 1, has matched five packets in
random sampling mode.
You should not issue the show ip flow export command to verify that the FastEthernet 0/0 interface
on RouterA is being used to monitor inbound flows. The show ip flow export command is used to
verify the NetFlow export format version and the IP address and port numbers of any configured
NetFlow collectors. In the sample output below, you can see that NetFlow data is exported using
the version 9 format and that two collectors have been configured. One collector has an IP
address of 1.2.3.4 and is listening on User Datagram Protocol (UDP) port 9999, whereas the other
collector has an IP address of 4.3.2.1 and is listening on Stream Control Transmission Protocol
(SCTP) port 8888:
Cisco 400-101 Exam
Reference:
QUESTION NO: 445
Which of the following actions should you perform in order to drop unencrypted traffic sent from an
unregistered group member? (Select the best answer.)
A.
Enable the Fail-Close feature.
B.
Disable the Fail-Close feature.
C.
Enable SAR.
D.
Disable SAR.
E.
All unencrypted traffic sent from an unregistered group member is dropped by default, so no action
is necessary.
Answer: A
Explanation:
You should enable the FailClose feature in order to drop unencrypted traffic sent from an
unregistered group member. By default, all traffic is sent unencrypted from an unregistered group
member. Upon registration, the group member downloads the IP Security (IPSec) policy and
encryption keys from the key server. The traffic encryption key (TEK) is used to encrypt data

Cisco 400-101 Exam
between Group Encrypted Transport (GET) virtual private network (VPN) group members. The key
encryption key (KEK) is used to encrypt data between the key server and the group members.
IPSec security association (SA) before it expires. The KEK protects the rekey message, which
contains new encryption keys that the group members should use, thereby securing the control
plane.
GET VPN is a connectionless, nontunneling VPN technology based on the Group Domain of
Interpretation (GDOI) standard proposed in Request for Comments (RFC) 3547. Nontunneling
VPNs such as GET VPN can be used on a variety of networks, including IP, Frame Relay,
Multiprotocol Label Switching (MPLS), and Asynchronous Transfer Mode (ATM) networks.
Although GET VPN does not use tunneling, it does rely upon Internet Key Exchange (IKE) and
IPSec SAs.
You should not disable the FailClose feature. If you do, you will cause an unregistered group
member to send unencrypted traffic.
You need not enable or disable Synchronous Antireplay (SAR). SAR provides antireplay
protection for GET VPN group members. The key server keeps track of time by maintaining a
pseudotime clock. Group members regularly synchronize to the pseudotime on the key server. If
an intercepted message is replayed, the replayed message will likely fall outside the pseudotime
window. A group member will detect the pseudotime discrepancy and will therefore reject the
replayed message.
Reference:
vpn.html#GUID-E847B018-8EF2-4016-8910-BB20CB339324
QUESTION NO: 446
You have issued the following commands on RouterA:
Pseudowire-class boson
ip pmtu
RouterA receives a packet that is larger than the path MTU and that has a DF bit set to 0.
Which of the following will RouterA do? (Select 2 choices.)
A.
RouterA will forward the packet.
B.
Cisco 400-101 Exam
RouterA will drop the packet.
C.
RouterA will return an ICMP unreachable message to the sender.
D.
RouterA will fragment the packet before L2TP/IP encapsulation occurs.
E.
RouterA will fragment the packet after L2TP/IP encapsulation has occurred.
Answer: A,D
Explanation:
When RouterA receives a packet that is larger than the path maximum transmission unit (MTU)
and that has a Don't Fragment (DF) bit set to 0, RouterA will fragment the packet before Layer 2
Tunneling Protocol (L2TP)/IP encapsulation has occurred and then forward the packet. The ip
pmtu command enables path MTU discovery (PMTUD) so that fragmentation issues can be
avoided on the service provider backbone.
With PMTUD, the DF bit is copied from the IP header to the Layer 2 encapsulation header. If an IP
packet is larger than the MTU of any interface on the path, the packet is dropped or fragmented
based on the DF bit. If the DF bit is set to 0, the packet is fragmented before encapsulation occurs
and is then forwarded. If the DF bit is set to 1, the packet is dropped and the router will return an
Internet Control Message Protocol (ICMP) unreachable message to the sender.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/l2tpv30s.html#wp1065029
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/l2tpv30s.html#wp1065029
QUESTION NO: 447
In which of the following locations does BGP PIC store an alternate path? (Select the best
answer.)
A.
only in the RIB
B.
only in the FIB
C.
only in CEF
Cisco 400-101 Exam
D.
only in the RIB and the FIB
E.
in the RIB, in the FIB, and in CEF
Answer: E
Explanation:
Border Gateway Protocol (BGP) Prefix-Independent Convergence (PIC) improves convergence by

creating and storing an alternate path in the Routing Information Base (RIB), in the Forwarding
Information Base (FIB), and in Cisco Express Forwarding (CEF). As soon as a failure is detected,
BGP uses the alternate path.
BGP PIC is capable of improving convergence for both core and edge failures on IPv4, IPv6, and
Multiprotocol Label Switching (MPLS) networks. Bidirectional Forwarding Detection (BFD) must be
enabled on directly connected neighbors in order to detect link failures.
Reference:
k/BGP.html
QUESTION NO: 448
Which of the following command sets should you issue on RouterA to set the next hop to
192.168.1.1 only for packets that are destined to the 10.17.88.0/24 network or sent from
172.16.223.82? (Select the best answer.)
A.
RouterA(config)#accesslist 101 permit ip host 172.16.223.82 10.17.88.0 0.0.0.255
B.

Cisco 400-101 Exam
C.
D.
Answer: C
Explanation:
You should issue the following command set on RouterA to set the next hop to 192.168.1.1 only
for packets that are destined to the 10.17.88.0/24 network or sent from 172.16.223.82:
Route maps are conditional statements that determine whether a packet is processed normally or
modified. A route map can be divided into a series of sequences that are processed in sequential
order. If a route matches all the match criteria in a sequence, the route is permitted or denied
based on the permit or deny keywords in the routemapcommand and any set conditions are
applied. If a route does not match all the matchcriteria in any sequence, the route is discarded.
In this scenario, the routemap map1 permit 10 command creates a route map named map1. The
permit10 keywords indicate that any route satisfying all the matchstatements in route map
sequence number 10 will be redistributed. In this sequence, there is only one match statement,

Cisco 400-101 Exam
match ip address 101, which indicates that packets that match the IP addresses in access list 101
will be processed by the route map.
Access list 101 contains two accesslist commands. The accesslist 101 permit ip any 10.17.88.0
0.0.0.255 command indicates that IP packets from anywhere destined to the 10.17.88.0/24
network are processed by the route map. The accesslist 101 permit ip host 172.16.223.82 any
command indicates that IP packets from 172.16.223.82 destined for anywhere are also processed
by the route map. Packets have to match only one of these accesslist statements in order to be
processed by the route map.
The set command is used to define or alter a route attribute for packets that match the route map
criteria. In this scenario, the set nexthop 192.168.1.1 command sets the next hop to 192.168.1.1
for the packets that match access list 101.
You should not issue the following command set on RouterA:
This command set incorrectly specifies the accesslist statements. If you were to issue the
accesslist 101 permit ip 10.17.88.0 0.0.0.255 any command and the accesslist 101 permit ip any
host 172.16.223.82command, packets that are sent from the 10.17.88.0/24 network or destined to
172.16.223.82 would be modified so that the next hop is 192.168.1.1.
You should not issue the following command set on RouterA:
RouterA(config)#accesslist 101 permit ip host 172.16.223.82 10.17.88.0 0.0.0.255
This command set incorrectly combines the accesslist statements into a single statement. If you
were to issue the accesslist 101 permit ip host 172.16.223.82 10.17.88.0 0.0.0.255 command,
packets that are sent from 172.16.223.82 and destined for the 10.17.88.0/24 network would be
modified so that the next hop is 192.168.1.1. Packets sent from 172.16.223.82 to other
destinations would not be modified, nor would packets sent from other hosts destined for the
10.17.88.0/24 network be modified. You should not issue the following command set on RouterA:

Cisco 400-101 Exam
This command set also incorrectly combines the accesslist statements into a single statement. If
you were to issue the accesslist 101 permit ip 10.17.88.0 0.0.0.255 host 172.16.223.82 command,
packets that are sent from the 10.17.88.0/24 network and destined for 172.16.223.82 would be
modified so that the next hop is 192.168.1.1. Packets sent from the 10.17.88.0/24 network to other
destinations would not be modified, nor would packets sent from other networks destined for
172.16.223.82 be modified.
Reference:
a2.html#wp4698537840
CCIE Routing and Switching v5.0 Certification Guide, Volume 1, Chapter 11, Configuring
Route Maps with the routemap Command, pp. 638-640
QUESTION NO: 449
Which of the following actions should a nonroot switch take when it receives a TCN BPDU?
(Select 2 choices.)
A.
send TC BPDUs to all ports
B.
send TC BPDUs to the root port
C.
send TCN BPDUs to all ports
D.
send TCN BPDUs to the root port
E.
send a TCA BPDU to the root port
F.
send a TCA BPDU to the port that received the TCN

Cisco 400-101 Exam
G.
reduce the aging time for MAC addresses to the max_age value
H.
reduce the aging time for MAC addresses to the forward_delay value
Answer: D,F
Explanation:
A nonroot switch should send topology change notification (TCN) bridge protocol data units
(BPDUs) to the root port and send a topology change acknowledgment (TCA) BPDU to the port
that received the TCN. When a switch needs to signal that a topology change has occurred, it will
send TCN BPDUs on its root port every two seconds, which is the default hello_time value. The
designated bridge will forward the TCN BPDU to its root port? additionally, it will send a TCA
BPDU back to the switch that sent the TCN. This process will continue until the root bridge
receives the TCN.
When the root bridge receives the TCN, it will send BPDUs with the TC bit set. By default, the root
bridge will set the TC bit for 35 seconds, which is the default max_age timer of 20 seconds plus
the default forward_delay value of 15 seconds. The TC BPDUs will be propagated throughout the
spanningtree topology.
When a switch receives a TC BPDU, the switch will reduce the aging time for Media Access
Control (MAC) addresses to the forward_delay value. By default, the MAC address table aging
time is 300 seconds? when a switch receives a TC BPDU, the aging time is reduced to the
forward_delay value, which is 15 seconds by default.
Reference:
www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/12013-17.html#topic2
QUESTION NO: 450
Which of the following is a characteristic of the BFD Echo function? (Select the best answer.)
A.
It can decrease roundtrip jitter.
B.
It can be enabled only with Asynchronous mode.
C.
It requires fewer packets for failure detection.

Cisco 400-101 Exam
D.
It supports more BFD sessions than Demand mode supports.
Answer: A
Explanation:
The Bidirectional Forwarding Detection (BFD) Echo function can decrease roundtrip jitter. BFD is a
detection protocol that is designed to detect forwarding path failures in less than one second.
Additionally, BFD is designed to work regardless of media type, encapsulation, or routing protocol,
providing network administrators with a uniform forwarding failure detection method across a
network. BFD supports Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing
Protocol (EIGRP), Border Gateway Protocol (BGP), and Intermediate SystemtoIntermediate
System (IS-IS).
BFD has two operating modes: Asynchronous mode and Demand mode. The Echo function can
be used with either mode, not just with Asynchronous mode.
Asynchronous mode systems periodically send BFD Control packets. If Control packets are not
received from a neighbor in a timely fashion, the neighbor is assumed to be down. The advantage
of Asynchronous mode is that it requires half as many packets as the Echo function does in order
to detect a failure.
Demand mode systems assume that there is an external method of verifying connectivity. When
Demand mode is enabled on a system, the system can ask neighbors to stop sending BFD
Control packets except when absolutely necessary. The advantage of Demand mode is that it
supports more BFD sessions than Asynchronous mode or the Echo function supports; however,
the relative lack of Control packets sent by Demand mode can cause failure detection to be
slower.
Reference:
QUESTION NO: 451
Which of the following statements are true regarding DMVPNs? (Select 2 choices.)
A.
NHRP mappings are created on the spokes when the hub registers with the spokes.
B.
NHRP mappings are created on the hub when the spokes register with the hub.
C.

Cisco 400-101 Exam
The hub must have a static physical IP address.
D.
The hub must have a dynamic physical IP address.
E.
Each spoke must have a static physical IP address.
F.
Each spoke must have a dynamic physical IP address.
Answer: B,C
Explanation:
Next Hop Resolution Protocol (NHRP) mappings are created on the hub when the spokes register
with the hub, and the hub must have a static physical IP address. NHRP dynamically learns IP
addresses of spoke routers in a hubandspoke Dynamic Multipoint virtual private network (DMVPN)
environment, which uses Generic Routing Encapsulation (GRE) tunneling.
The hub router, also called a Next Hop Server (NHS), must have a static physical IP address.
When configuring a spoke router, also called a Next Hop Client (NHC), you must know the tunnel
IP address as well as the physical IP address. If the NHS were addressed dynamically, the
configuration of the NHC would be incorrect as soon as the NHS address changes.
When an NHC registers with the NHS, the NHS creates an NHRP mapping for the NHC that maps
the spoke's physical IP address with the spoke's tunnel address. Because the NHC initiates
registration with the NHS, the NHC can be addressed either statically or dynamically. The NHS
does not have to register with the NHCs? the NHS addresses must be configured manually on
each NHC.
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-
dmvpn.html
QUESTION NO: 452
Which of the following OSPF area types do not generate a default summary route by default?
(Select 2 choices.)
A.
stub
B.

Cisco 400-101 Exam
totally stubby
C.
NSSA
D.
normal
Answer: C,D
Explanation:
Normal areas and notsostubby areas (NSSAs) do not generate a default summary route by
default. To generate a default route on an Open Shortest Path First (OSPF) router in a normal
area, issue the defaultinformation originate always command. To generate a default route on an
OSPF area border router (ABR) in an NSSA, issue the area areaidnssa default
informationoriginate command.
Stub and totally stubby areas generate a summary route with the linkstate ID 0.0.0.0. External
routes are not propagated inside stub and totally stubby areas? therefore, these area types need a
default route to reach external destinations. When a stub area or a totally stubby area is converted
to a normal area or an NSSA, the default route will not remain? you must configure these areas to
generate a default summary route.
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/6208-
nssa.html#defaultnssa
QUESTION NO: 453
RouterA and RouterB are connected by their FastEthernet 0/0 interfaces, are configured for
EIGRP AS 30, and are configured with the appropriate network commands.
RouterA(config-router)#passive-interface FastEthernet 0/0

Cisco 400-101 Exam
A.
RouterA will neither send routes to nor receive routes from RouterB.
B.
RouterA will receive routes from RouterB but will not advertise routes to RouterB.
C.
RouterA will advertise routes to RouterB but will not receive routes from RouterB.
D.
RouterA will send routes to and receive routes from RouterB.
Answer: A
Explanation:
RouterA will neither send routes to nor receive routes from RouterB. The passiveinterface
command disables Enhanced Interior Gateway Routing Protocol (EIGRP) on the specified
interface because the interface no longer sends or receives EIGRP routing information. The
passiveinterface command cannot be used to discriminate between incoming and outgoing routing
protocol information. To configure a router to filter only inbound or outbound EIGRP routing
updates, you should issue the distributelistcommand with the appropriate keywords.
RouterA will receive routes from RouterB but will not advertise routes to RouterB if you issue the
following commands on RouterA:
RouterA(config)#accesslist 33 deny any
RouterA(configrouter)#distributelist 33 out FastEthernet 0/0
The accesslist 33 deny any command creates standard IP access list 33 and denies any network
included in a routing update when applied to a distribute list. The distributelistcommand applies
access list 33 only to outbound EIGRP routing updates on FastEthernet 0/0. The distribute list
does not affect inbound routing updates received from RouterB on FastEthernet 0/0.
RouterA will advertise routes to RouterB but will not receive routes from RouterB if you issue the
following commands on RouterA:
RouterA(config)#accesslist 33 deny any
RouterA(configrouter)#distributelist 33 in FastEthernet 0/0
The distributelist command applies access list 33 only to inbound EIGRP routing updates on
FastEthernet 0/0. The distribute list does not affect outbound routing updates sent to RouterB on
Cisco 400-101 Exam
FastEthernet 0/0.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfindep.html#wp100
1252
QUESTION NO: 454
Which of the following is a reason to use NPTv6 for IPv6 address translation? (Select the best
answer.)
A.
to statefully translate IPv6 addresses
B.
to implement IPv6 many-to-one translation
C.
to preserve end-to-end reachability at the Network layer
D.
to ensure that Transport layer headers are properly rewritten
E.
to translate IPv6 addresses to IPv4 addresses and back
Answer: C
Explanation:
You should use Network Prefix Translation version 6 (NPTv6) to preserve endtoend reachability at
the Network layer when configuring IPv6 address translation. As the name implies, NPTv6 enables
the translation of inside IPv6 prefixes to outside IPv6 prefixes at the Internet edge. NPTv6 creates
a onetoone relationship between addresses on each side of the translating device in order to
maintain endtoend reachability at the Network layer. NPTv6 does not modify the interface identifier
portion of an IPv6 address.
NPTv6 does not rewrite Transport layer headers. However, NPTv6 can rewrite IPv6
pseudoheaders in order to ensure the integrity of Transport layer datagrams. NPTv6 generates the
same Transport layer IPv6 pseudoheader checksum as the Internet checksum algorithm.
Therefore, NPTv6 is said to be checksumneutral. Transport layer IPv6 checksums are typically
calculated by using source address and destination address information contained in the IPv6
packet's pseudoheader. When address translation occurs, those source address and destination
address values can change, which could in turn invalidate the checksum and create an integrity

Cisco 400-101 Exam
problem.
To ensure that the checksum does not change, NPTv6 makes a compensatory change to another
area of the header that is also used in the checksum calculation.
NPTv6 performs stateless translation of global unicast IPv6 prefixes. Therefore, NPTv6 does not
implement stateful translation technologies, such as port mapping and the modification of
Transport layer headers, that are found in other Network Address Translation (NAT) protocols. As
a result, NPTv6 does not provide some of the perceived LANconcealing benefits of other NAT
protocols.
NPTv6 does not perform manytoone translation. Manytoone translation is a feature of IPv4 Port
Address Translation (PAT), which is typically used to translate many inside local addresses to a
single global outside address. Network Address Port Translation 66 (NAPT66) is a stateful NAT
protocol that supports port mapping for IPv6 networks.
NPTv6 does not translate IPv6 addresses to IPv4 addresses and back. To translate from an IPv6
network to an IPv4 network, you should use NAT64. To translate from an IPv4 network to an IPv6
network, you should use NAT46. For bidirectional translation between IPv4 and IPv6 networks,
you could use NATProtocol Translation (NATPT).
Reference:
QUESTION NO: 455
Which of the following statements are true regarding PVLANs? (Select 2 choices.)
A.
Primary VLANs must be configured as isolated or community VLANs.
B.
A VTPv2 switch must be configured for transparent mode to support PVLANs.
C.
Promiscuous ports can service multiple primary VLANs.
D.
Community VLANs can communicate with both community and isolated VLANs.
E.
Routers, firewalls, and gateways should be connected to promiscuous ports.
F.
Protected ports can send traffic only to other protected ports.

Cisco 400-101 Exam
Answer: B,E
Explanation:
To support private virtual LANs (PVLANs), a VLAN Trunking Protocol version 2 (VTPv2) switch
must be configured for transparent mode. Additionally, when PVLANs are used, routers, firewalls,
and gateways should be connected to promiscuous ports. PVLANs can be configured on a switch
to help isolate traffic within a virtual LAN (VLAN). PVLANs include a primary VLAN and one or
more secondary VLANs. The primary VLAN can communicate with any of the secondary VLANs,
but the secondary VLANs can be configured to communicate only with the primary VLAN or to
communicate with the primary VLAN and specific secondary VLANs. Secondary VLANs can be
configured as isolated or community VLANs.
After configuring the PVLAN, you can configure ports to participate in the PVLAN. When
configuring a port to participate in a PVLAN, you must configure the port by issuing the switchport
mode privatevlan {promiscuous | host} command. The promiscuouskeyword configures the port to
communicate with any secondary VLAN. Consequently, devices that should be reachable from
any secondary VLAN should be connected to promiscuous ports. For example, a router, a firewall,
or a gateway that any host should be able to reach should be connected to a promiscuous port. By
contrast, devices connected to isolated or community VLANs should be connected to host ports,
which are configured by using the host keyword.
Primary VLANs in a PVLAN configuration cannot be configured as isolated or community VLANs.

Only secondary VLANs can be configured as isolated or community VLANs. The primary VLAN
must be able to associate with any of the secondary VLANs in the PVLAN configuration. You can
configure primary VLANs by issuing the privatevlan primarycommand, and you can configure
secondary VLANs by issuing the privatevlan {isolated| community} command.
A promiscuous port cannot service multiple primary VLANs. A promiscuous port can service only
one primary VLAN. However, a promiscuous port can service multiple secondary VLANs? all
secondary VLANs on a switch can communicate with a promiscuous port on the switch.
A secondary VLAN that is configured as a community VLAN cannot communicate with hosts that
are connected to isolated ports. Devices connected to a community VLAN can communicate with
other devices on the community VLAN as well as with the primary VLAN. However, no devices on
the community VLAN can communicate with a device that is connected to an isolated port.
Devices connected to an isolated port are only able to communicate with the PVLAN.
Protected ports are a feature of PVLAN Edge. Unlike normal PVLANs, PVLAN Edge does not
provide isolation between ports on different switches. Traffic cannot be sent between PVLAN Edge
protected ports? however, traffic can be sent between a protected port and an unprotected port.
Reference:
2_25_sea/configuration/guide/3560scg/swpvlan.html
https://www.cisco.com/en/US/tech/tk389/tk814/tk841/tsd_technology_support_sub-
protocol_home.html

Cisco 400-101 Exam
QUESTION NO: 456
Which of the following can be monitored by the EEM IOSWDSysMon core event publisher?
A.
abnormal stop events
B.
memory utilization
C.
syslog messages
D.
timed events
E.
counter thresholds
Answer: B
Explanation:
Memory utilization can be monitored by the Embedded Event Monitor (EEM) Watchdog System
Monitor (IOSWDSysMon) core event publisher. Watchdog System Monitor can also be configured
to monitor CPU utilization.
EEM consists of three components: the EEM server, event publishers, and event subscribers.
EEM event detectors are event publishers; EEM policies are event subscribers. When an event is
detected, EEM can perform various actions, such as generating a Simple Network Management
Protocol (SNMP) trap or reloading the router.
Abnormal stop events are monitored by the system manager event detector. Syslog messages are
monitored by the syslog event detector. Timed events are monitored by the timer event detector.
Counter thresholds are monitored by the counter event detector. All of these event detectors are
considered to be EEM core event publishers.
Reference:

Cisco 400-101 Exam
QUESTION NO: 457
Which of the following are characteristics of GLBP? (Select 2 choices.)
A.
One router is elected as the active router, and another router is elected as the standby router.
B.
One router is elected as the master router, and all other routers are placed in the backup state.
C.
All routers in a GLBP group can participate by forwarding a portion of the traffic.
D.
In a GLBP group, only one AVG and only one AVF can be assigned.
E.
In a GLBP group, only one AVG can be assigned but multiple AVFs can be assigned.F. In a GLBP
group, multiple AVGs can be assigned but only one AVF can be assigned.
Answer: C,E
Explanation:
The following are characteristics of Gateway Load Balancing Protocol (GLBP):
-All routers in a GLBP group can participate by forwarding a portion of the traffic.
-Only one active virtual gateway (AVG) can be assigned in a GLBP group, but multiple active
virtualforwarders (AVFs) can be assigned in a GLBP group.
GLBP is a Ciscoproprietary protocol used to provide router redundancy and load balancing. GLBP
enables you to configure multiple routers into a GLBP group; the routers in the group receive
traffic sent to a virtual IP address that is configured for the group. Each GLBP group contains an
AVG that is elected based on which router is configured with the highest priority value or the
highest IP address value if multiple routers are configured with the highest priority value.
The other routers in the GLBP group are configured as primary or secondary AVFs. The AVG
assigns a virtual Media Access Control (MAC) address to up to four primary AVFs; all other
routers in the group are considered secondary AVFs and are placed in the listen state. The virtual
MAC address is always 0007.b400.xxyy, where xx is the GLBP group number and yy is the AVF
number.
When the AVG receives Address Resolution Protocol (ARP) requests that are sent to the virtual IP
address for the GLBP group, the AVG responds with different virtual MAC addresses. This
provides load balancing, because each of the primary AVFs will participate by forwarding a portion
of the traffic sent to the virtual IP address. If one of the AVFs fails, the AVG assigns the AVF role
Cisco 400-101 Exam
to another router in the group. If the AVG fails, the AVF with the highest priority becomes the AVG;
by default, preemption is disabled.
Additionally, you can control the percentage of traffic that is sent to a specific gateway by
configuring weighted load balancing. By default GLBP uses a roundrobin technique to load
balance between routers. If you configure weighted load balancing, GLBP can send a higher
percentage of traffic to a single GLBP group member based on the weight values assigned to the
interfaces of that member.
The election of an active router and a standby router are characteristics of Hot Standby Router
Protocol (HSRP), not GLBP. Like GLBP, HSRP provides router redundancy. However, only one
router in an HSRP group is active at any time. If the active router becomes unavailable, the
standby router becomes the active router.
The election of a master router and the placement of all other routers in the group into the backup
state are characteristics of Virtual Router Redundancy Protocol (VRRP). Like GLBP and HSRP,
VRRP provides router redundancy. However, similar to HSRP, only one router is active at any
time. If the master router becomes unavailable, one of the backup routers becomes the master
router.
A GLBP group can contain only one AVG. All other routers in the group are configured as AVFs;
multiple AVFs can be configured in a GLBP group.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fs_glbp2.html#wp1024997
QUESTION NO: 458
Which of the following DSCP values has a binary value of 101110? (Select the best answer.)
A.
AF11
B.
AF23
C.
AF42
D.
CS1
E.
CS5

Cisco 400-101 Exam
F.
EF
Answer: F
Explanation:
The Differentiated Services Code Point (DSCP) value EF has a binary value of 101110, which is
equal to a decimal value of 46. DSCP values are sixbit header values that identify the Quality of
Service (QoS) traffic class that is assigned to the packet. The Expedited Forwarding (EF) per-hop
behavior (PHB), which is defined in Request for Comments (RFC) 2598, indicates a high-priority
packet that should be given queuing priority over other packets but should not be allowed to
completely monopolize the interface. Voice over IP (VoIP) traffic is often assigned a DSCP value
of EF.
DSCP values beginning with CS are called Class Selector (CS) PHBs, which are defined in RFC
2475. CS values are backward compatible with three-bit IP precedence values; the first three bits
of the DSCP value correspond to the IP precedence value, and the last three bits of the DSCP
value are set to 0. Packets with higher CS values are given queuing priority over packets with
lower CS values. The following table displays the CS values with their binary values, decimal
values, and IP precedence category names:
DSCP values beginning with AF are called Assured Forwarding (AF) PHBs, which are defined in
RFC 2597. AF separates packets into four queue classes and three drop priorities. The AF values
are specified in the format AFxy, where x is the queue class and y is the drop priority. The
following table displays the AF values with their queue classes and drop rates:
to the drop priority, and the sixth bit is always set to 0. To quickly convert AF values to decimal
because (8 x 4) + (2 x 2) = 32 + 4 = 36.
Cisco 400-101 Exam
Reference:
dscpvalues.html#expeditedforwarding
QUESTION NO: 459
You administer the network in the topology diagram.
All routers are running EIGRP. All interface delay values are set to their defaults. On each active
interface, the ip route cache command and the no ip routecache cef command have been
configured.
The variance 2 command has been issued on RouterA.
An IP address of 192.168.51.50 has been assigned to the FastEthernet 1/0 interface on RouterC.
You issue the show ip route 192.168.51.50 command on RouterA and receive the following output:

Cisco 400-101 Exam
Which of the following is indicated by the asterisk in the output? (Select the best answer.)
A.
The path through RouterB is the active path for a new flow.
B.
The path through RouterB is the active path for a new packet.
C.
The path through RouterB is the active path for the next flow and the next packet.
D.
The path through RouterB is down, so the traffic can only flow through RouterD.
E.
The path through RouterD is the active path for a new flow.
F.
The path through RouterD is the active path for a new packet.
G.
The path through RouterD is the active path for the next flow and the next packet.
H.
The path through RouterD is down, so the traffic can flow through only RouterB.
Answer: E
Explanation:
The asterisk in the output of the show ip route 192.168.51.50 command indicates that the path
through RouterD, which is connected to RouterA's Serial 0/0 interface, is the active path for a new
destinationbased flow to 192.168.51.50. RouterA is performing per-destination load balancing,
which is a type of load balancing that decides where to send packets based on the destination
address of the packet. Therefore, the path of the network flow, which is a sequence of packets, is
decided based on the destination address.
Per-destination load balancing typically occurs when fast switching is enabled on a router. In this

Cisco 400-101 Exam
scenario, the ip routecache command has been issued on each active interface on RouterA. In
addition, Cisco Express Forwarding (CEF), which can be configured to use either per-destination
load balancing or perpacket load balancing, has been disabled on each interface. Therefore,
RouterA is fastswitching packets.
When an asterisk appears in the output of the show ip route ip address command on a router that
is performing perdestination load balancing, it is an indicator that the next flow to the destination
specified by ipaddress will flow over the path indicated by the asterisk. Therefore, the following line
of output indicates that traffic to the destination of 192.168.51.50 will flow through RouterD
because RouterD is connected to RouterA's Serial 0/0 interface:
* 192.168.1.2, from 192.168.1.2, 00:00:16 ago, via Serial0/0
In this scenario, Enhanced Interior Gateway Routing Protocol (EIGRP) on RouterA is performing
unequalcost load balancing of traffic to the destination network of 192.168.51.0 by sending some
traffic over RouterB and some traffic over RouterD. Packets for a different destination address on
the same network as 192.168.51.50 in this scenario might flow over RouterB instead.
You can determine the number of destinations that are likely to flow over RouterB as compared to
RouterD by examining the Traffic share count line of the output from the show ip route
192.168.51.50 command. In this scenario, 120 per-destination flows will flow over RouterD for
every 97 per-destination flows that flow over RouterB. This number can also be represented as a
traffic flow ratio of 97:120. A Cisco router calculates the traffic flow for a load-balanced path by
dividing each path's metric into the largest metric and rounding down to the nearest integer. That
integer becomes the traffic share count value for that path. You can influence the traffic flow ratio
of load-balanced paths by adjusting the delay values of interfaces along the paths.
Neither the path through RouterB nor the path through RouterD is load balancing packets,
because RouterA is not process switching packets. However, if process switching were enabled,
RouterA would load balance the path to the 192.168.51.0/24 network by varying the packets sent
over each path instead of varying the destination based flows. Although perpacket load balancing
guarantees that an equal amount of traffic will traverse each link, packets could arrive out of order
at their destinations.
Neither the path through RouterB nor the path through RouterD is down. When a path learned by
a dynamic routing protocol goes down, the path is removed from the routing table. For example, if
the path through RouterD were down in this scenario, the output of the show ip route
192.168.51.50 command on RouterA would display only the path through RouterB, as shown in
the following output:

Cisco 400-101 Exam
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5212-46.html#topic1
eigrp/16406-eigrp-toc.html#loadbalancing
QUESTION NO: 460
Which of the following statements are true regarding EIGRP metric calculations and bandwidth
usage? (Select 2 choices.)
A.
By default, EIGRP bandwidth usage is limited to 75 percent of the configured interface bandwidth.
B.
EIGRP uses the minimum bandwidth on the path to a destination and the total delay in the
calculation of metric weights.
C.
EIGRP uses the maximum bandwidth on the path to a destination and the next-hop delay in the
calculation of metric weights.
D.
The percentage of bandwidth utilized by EIGRP processes cannot be changed.
E.
Modifying bandwidth is preferred over modifying delay for influencing path selection.
F.
Modifying delay is preferred over modifying bandwidth for influencing path selection.
Answer: B,F
Explanation:
Enhanced Interior Gateway Routing Protocol (EIGRP) uses the minimum bandwidth on the path to
a destination and the total delay in the calculation of metric weights, or K values. In addition,
modifying delay is preferred over modifying bandwidth for influencing path selection. The metric
weights command adjusts K values, which EIGRP uses to calculate the feasible distance (FD) and
the advertised distance (AD)? the AD is also called the reported distance (RD). By default, EIGRP
uses the K values that are related to bandwidth and delay, and the other values are set to 0. The K
values must match between two routers for a neighbor relationship to be established between the
routers. Modifying K values can cause undesired effects on the network, such as allowing low-
bandwidth connections to be used for load balancing. Therefore, Cisco recommends leaving the K
values at their default settings.
Cisco 400-101 Exam
Modifying delay is preferred over modifying bandwidth for influencing EIGRP path selection for the
following reasons:
-Modifying bandwidth can adversely affect other features, such as Quality of Service (QoS).
-Modifying bandwidth can prevent neighbors from receiving hello packets.
-Changes to the delay metric are propagated to all downstream routers.
By default, EIGRP traffic bandwidth usage is limited to 50 percent of the configured interface
bandwidth, not 75 percent. However, this percentage can be adjusted with the ip bandwidth-
percent eigrp as-number percentage command, where as-number is the EIGRP autonomous
system (AS) number and percentage is the percentage of traffic, if the actual bandwidth of a link is
something other than the configured bandwidth. For example, if the actual bandwidth of a link is
256 Kbps but the configured bandwidth has been set to 512 Kbps for the purpose of altering the
route metric calculations, you might want to lower the bandwidth percentage to prevent
overutilization by EIGRP packets. The configured interface bandwidth need not match the actual
interface bandwidth in order for metric values to be calculated; the calculations will be made with
the minimum bandwidth, regardless of what that value has been set to.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/12-4t/ire-12-4t-
book/Configuring_EIGRP.html#GUID-86D573E5-F921-45E2-8062-C2EDEAFC7656
eigrp/13673-14.html
Select the Metro Ethernet services from the ledt, and place them on the corresponding definition
on the right.
Answer:

Cisco 400-101 Exam
Explanation:
Metro Ethernet services connect geographically disparate networks over a service provider
network. Ethernet virtual connections (EVCs) are created between two User Network Interfaces
(UNIs). An EVC associates two or more UNIs. A UNI is the demarcation point at which the service
provider's responsibility ends and the customer's responsibility begins. Bandwidth profiles can be
established per EVC or per UNI.
There are two types of Metro Ethernet services: ELine services and ELAN services. ELine
services are pointtopoint Ethernet services. ELAN services are multipointtomultipoint Ethernet
services. Pointtomultipoint EVCs are not used for Metro Ethernet.
An Ethernet private line (EPL) is a pointtopoint portbased ELine service that maps Layer 2 traffic
directly onto a timedivision multiplexing (TDM) circuit. EPL supports alltoone bundling but not
service multiplexing. Generally, if a UNI is configured for service multiplexing, alltoone bundling
must be disabled, and conversely, if a UNI is configured for alltoone bundling, service multiplexing
must be disabled.
Ethernet wire service (EWS) is a pointtopoint portbased ELine service that connects Layer 2
Customer Edge (CE) bridges. EWS typically tunnels traffic through the service provider network
over an 802.1Q or QinQ tunnel.
Ethernet relay service (ERS) is a pointtopoint VLANbased ELine service that connects Layer 3 CE
routers and is typically used as an alternative to Frame Relay or Asynchronous Transfer Mode
(ATM). An ERS is sometimes referred to as an Ethernet virtual private line (EVPL).
Ethernet multipoint service (EMS) is a multipointtomultipoint portbased ELAN service that

connects Layer 2 CE bridges. EMS functions similarly to EWS but allows for multipoint EVCs.
Ethernet relay multipoint service (ERMS) is a multipointtomultipoint VLANbased ELAN service that
connects Layer 3 CE routers. ERMS functions similarly to ERS but allows for multipoint EVCs.
Cisco 400-101 Exam
Reference:
QUESTION NO: 462
You administer the BGP network in the following exhibit:
Between which routers can the cost community attribute be passed? (Select the best answer.)
A.
between all of the routers in this scenario
B.
between none of the routers in this scenario
C.
only between RouterA and RouterB
D.
only between RouterA and RouterC

Cisco 400-101 Exam
Answer: C
Explanation:
The Border Gateway Protocol (BGP) cost community attribute can be passed only between
RouterA and RouterB. The cost community, which is a nontransitive extended community, is
passed only between internal BGP (iBGP) and confederation peers? it is not sent to external BGP
(eBGP) peers. When multiple equalcost paths exist, the path with the lowest cost community
number is preferred.
To configure the cost community attribute in a route map, you should issue the set extcommunity
costcommunityidcostvalue command from routemap configuration mode. The community ID,
which is defined by the communityid variable, is a value from 0 through 255. The cost, which is
defined by the costvalue variable, is a value from 0 through 4294967295, with a default value of
half of the maximum, or 2147483647. If two paths have the same cost, the path with the lowest
community ID will be preferred.
When aggregate routes or multipaths are used and several component routes use the same
community ID, the highest cost is applied to the aggregate or multipath route. If one or more of the
component routes do not carry the cost community attribute or are configured with different
community IDs, the default value of 2147483647 is applied to the aggregate or multipath route.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/s_bgpcc.html
QUESTION NO: 463
Which of the following OSPFv3 LSA types is an intraareaprefix LSA? (Select the best answer.)
A.
Type 3
B.
Type 4
C.
Type 5
D.
Type 8
E.
Type 9

Cisco 400-101 Exam
Answer: E
Explanation:
Open Shortest Path First version 3 (OSPFv3) Type 9 linkstate advertisements (LSAs) are
intraareaprefix LSAs. OSPFv3 Type 9 LSAs carry IPv6 prefix information, much like OSPF version
2 (OSPFv2) Type 1 and Type 2 LSAs carry IPv4 prefix information. In OSPFv3, Type 1 and Type
2 LSAs no longer carry route prefixes. LSAs carry only routing information; they do not contain a
full network topology. Both Type 9 LSAs and Type 8 LSAs are new in OSPFv3.
OSPFv3 Type 8 LSAs are link LSAs. Type 8 LSAs are used to advertise the router's linklocal IPv6
address, prefix, and option information. These LSAs are never flooded outside the local link.
OSPFv3 Type 3 LSAs are interareaprefix LSAs for area border routers (ABRs). Type 3 LSAs are
used to advertise internal networks to other areas. Like Type 9 LSAs, Type 3 LSAs also carry IPv6
prefix information.
OSPFv3 Type 4 LSAs are interarearouter LSAs for autonomous system boundary routers
(ASBRs). Type 4 LSAs are used to advertise the location of an ASBR so that routers can
determine the best nexthop path to an external network.
OSPFv3 Type 5 LSAs are autonomous system (AS)external LSAs. Type 5 LSAs are used to
advertise external routes that are redistributed into OSPF.
Reference:
e=enUS&tab=Cisco
QUESTION NO: 464
Which of the following tunneling methods does Cisco recommend that you use for connecting
several isolated IPv6 domains using point-to-multipoint links over an IPv4 backbone? (Select the
best answer.)
A.
6to4
B.
IPv4-compatible
C.
ISATAP
D.
GRE

Cisco 400-101 Exam
E.
manual tunneling
Answer: A
Explanation:
Cisco recommends that you use the 6to4 tunneling method for connecting several isolated IPv6
domains using pointtomultipoint links over an IPv4 backbone. Each site must connect to the IPv4
backbone and must have a unique IPv4 address. The IPv6 address for a 6to4 tunnel interface
begins with 2002::/16, and the 32 bits following the 2002::/16 prefix correspond to the unique IPv4
address of the tunnel source. Because 6to4 tunneling is an automatic tunneling method, you do
not have to configure each tunnel destination individually.
Although the IPv4compatible tunneling method is an automatic, pointtomultipoint tunneling

method, Cisco does not recommend that you use IPv4compatible tunnels for connecting several
isolated IPv6 domains over an IPv4 backbone. The IPv4compatible tunneling method has been
deprecated in favor of the IntraSite Automatic Tunnel Addressing Protocol (ISATAP) tunneling
method.
Although the ISATAP tunneling method is an automatic, pointtomultipoint tunneling method, Cisco
does not recommend that you use ISATAP for connecting several isolated IPv6 domains over an
IPv4 backbone. Instead, Cisco recommends that you use ISATAP for encapsulating and tunneling
IPv6 packets within a single IPv6 domain, not between IPv6 domains.
Cisco does not recommend that you use the Generic Routing Encapsulation (GRE) tunneling
method for connecting several isolated IPv6 domains using pointtomultipoint links over an IPv4
backbone. GRE tunnels are pointtopoint tunnels, not pointtomultipoint tunnels. Unlike other
tunneling methods, GRE tunnels are designed to tunnel any Layer 3 passenger protocol through
an IP transport network. For example, you could use a GRE tunnel to carry Connectionless
Network Service (CLNS) traffic to connect two Intermediate SystemtoIntermediate System version
6 (ISISv6) networks over an IPv4 backbone. Additionally, GRE tunnels support IPv6 multicasting,
as do 6over4 tunnels.
Cisco does not recommend that you use manual tunneling for connecting several isolated IPv6
domains using pointtomultipoint links over an IPv4 backbone. Manual tunnels are pointtopoint
tunnels, not pointtomultipoint tunnels, and are equivalent to a permanent link between IPv6
domains over an IPv4 backbone.
Manual tunnels can carry IPv6 packets only? they cannot carry CLNS or other Layer 3 protocols.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_4/interface/configuration/guide/inb_tun.html#wp1045
782

Cisco 400-101 Exam
QUESTION NO: 465
You connect to a Cisco OSPF router by using an SSH session that you initiated from a host in a
hotel business center. The host has an IP address of 192.168.55.55. You have enabled debugging
output on the router so that you can troubleshoot a neighbor relationship issue. However, no
debug messages appear in the SSH client's display window.
Which of the following commands are you most likely to issue to solve the problem? (Select the
best answer.)
A.
debug ip ospf events
B.
show debug ip ospf events
C.
terminal monitor
D.
logging host 192.168.55.55
Answer: C
Explanation:
You are most likely to issue the terminal monitor command so that debug messages appear in the
Secure Shell (SSH) client's display window. System messages and debug output are sent to the
console session by default. When you connect to a virtual terminal (vty) session, such as an SSH
session, you can issue the terminal monitor command within that session to direct system
messages and debug output to the session's display. However, the effects of the terminal monitor
command are localized to the specific, established session in which the command was issued.
Therefore, when you disconnect from the SSH session in this scenario, system messages and
debug output will no longer be sent to vty sessions.
You should not issue the logging host 192.168.55.55 command. The logging hosthostipaddress
command configures a Cisco device to permanently send system messages and debug output to
the remote host at the IP address specified by hostipaddress; the command is not localized to an
established vty session. In this scenario, you have initiated the SSH session from a host in a hotel
business center that has been assigned the Request for Comments (RFC) 1918 IP address
192.168.55.55, which is a private IP address and not publicly routable on the Internet. Additionally,
a hotel business center is not a secure environment. Therefore, if you issued the logging host
192.168.55.55 command in this scenario, system messages and debug output could be sent to an
incorrect host.
You do not need to issue the debug ip ospf events command, because that command has already
been issued in this scenario. Cisco debug commands enable an administrator to view traffic and
information in real time, as it happens on the device. In this scenario, you have already enabled
debugging to troubleshoot an Open Shortest Path First (OSPF) neighbor relationship. The output
Cisco 400-101 Exam
of debug commands is sent to the console by default. You cannot issue a debug command to
redirect output to a vty session or remote host.
You should not issue the show debug ip ospf events command, because that command contains
invalid syntax. Cisco debug commands typically generate their own output. Cisco show
commands, on the other hand, can be issued to view a device's configuration, routing table
contents, firmware version, or other information.
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/command/reference/ffun_r/frf003.html#w
p1019329
QUESTION NO: 466
Which of the following routing protocols does not support MD5 authentication for secure route
updates? (Select the best answer.)
A.
BGP
B.
EIGRP
C.
IS-IS
D.
OSPF
E.
RIPv1
F.
RIPv2
Answer: E
Explanation:
Routing Information Protocol version 1 (RIPv1) does not support Message Digest 5 (MD5) or any
other type of authentication for secure route updates. Routing protocol spoofing can inject false
routes into routing tables, which can influence path selection through a routed network. You can
mitigate routing table modification by implementing routing protocol authentication and filtering.
Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), RIP version 2 (RIPv2),

Cisco 400-101 Exam
Enhanced Interior Gateway Routing Protocol (EIGRP), and Intermediate SystemtoIntermediate
System (ISIS) all support MD5 authentication for secure route updates. RIPv2, OSPF, and ISIS
also support plaintext authentication? EIGRP and BGP do not support plaintext authentication.
To ensure that routes are updated securely, you can disable all dynamic routing protocols and use
static routes. However, static routes work well only on small, reliable networks. Static routes are
not scalable, because changes made on one router are not propagated to the other routers on the
network; each router must be modified manually.
Reference:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/SAFE_RG/SAFE_rg/chap2.ht
ml#wp1053315
https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13719-50.html
QUESTION NO: 467
Which of the following protocols will be affected when you enable turbo flooding? (Select the best
answer.)
A.
UDP but not TCP
B.
TCP but not UDP
C.
both TCP and UDP
D.
neither TCP nor UDP
Answer: A
Explanation:
User Datagram Protocol (UDP) will be affected when you enable turbo flooding, but Transmission
Control Protocol (TCP) will remain unaffected. Turbo flooding is a Cisco feature that speeds up
flooding of UDP datagrams using the spanningtree algorithm. To enable turbo flooding, you should
issue the following commands:
ip forwardprotocol turbo-flood
ip forward-protocol spanning-tree
Cisco 400-101 Exam
Turbo flooding is supported on the following interface types:
Advanced Research Projects Agency (ARPA)encapsulated Ethernet
Fiber Distributed Data Interface (FDDI)
HighLevel Data Link Control (HDLC)encapsulated Serial
Reference:
i1.html#wp4079755394
QUESTION NO: 468
Which of the following queues has different default WTD threshold values than the other queues?
A.
queue 1
B.
queue 2
C.
queue 3
D.
queue 4
Answer: B
Explanation:
Queue 2 has different default weighted tail-drop (WTD) thresholds than the other queues: queue
1, queue 3, and queue 4 all use the same threshold values. When Quality of Service (QoS) is
enabled, WTD is enabled and uses the default threshold values. The following table displays the
default threshold values for WTD:
The two drop thresholds are expressed as a percentage of the allocated memory of the queue.
Cisco 400-101 Exam
The reserved threshold is the percentage of allocated memory that is guaranteed for the queue.
The maximum threshold is the maximum queue memory before packets are dropped.
To configure the WTD thresholds, you should issue the mls qos queueset output threshold
command. The syntax of the mls qos queueset output threshold command is mls qos queueset
output qsetidthreshold [queueid] dropthreshold1 dropthreshold2 reservedthreshold
maximumthreshold.
Reference:
0_2_EX/qos/command_reference/b_qos_152ex_2960-x_cr/b_qos_152ex_2960-
x_cr_chapter_011.html#wp5865016930
QUESTION NO: 469
You are creating an account for a new administrator. The administrator should only be allowed to
configure IP addresses and view the running configuration.
Which of the following actions should you perform? (Select the best answer.)
A.
Create an ACL so that the administrator has access to the proper commands.
B.
Configure the administrator's user account with a privilege level of 1.
C.
D.
E.
Create a rolebased CLI view, and associate it with the administrator's user account.
Answer: E
Explanation:
You should create a rolebased commandline interface (CLI) view and associate it with the
administrator's user account. Like privilege levels, rolebased CLI views limit the IOS commands
that a user can access. However, rolebased CLI views provide administrators with greater detail
and flexibility in restricting command access.
Before you can create rolebased CLI views, you must first ensure that Authentication,
Cisco 400-101 Exam
Authorization, and Accounting (AAA) is enabled on the router by issuing the aaa newmodel
command. You should then enable the root view by using the enable viewcommand. The root view
contains commands equivalent to privilege level 15. Before you can configure any other CLI views,
you must enable the root view.
To create a rolebased CLI view, you should issue the parser viewviewname command, which
specifies the view name and places the device into parser view configuration mode. Prior to
specifying any commands for the view, you must secure the view with a password by issuing the
secretpassword command. After you have secured the view, you can issue one or more
commands that allow or restrict access to parts of the IOS. The basic syntax of the commands
command is commandsparsermode {include | includeexclusive | exclude} [all] [command]. The
parsermode variable is used to indicate the mode in which the command exists. For example, the
exec keyword indicates privileged EXEC mode, and the configure keyword indicates global
configuration mode. The includekeyword indicates that the command should be added to this
view. The exclude keyword indicates that the command should be denied to this view. The
includeexclusivekeyword indicates that the command should be added to this view but not to any
other superviews that might include this view? a superview is a view that consists of one or more
rolebased CLI views. The all keyword indicates that all subcommands that begin with the specified
command keywords should be included.
After you have created a view, you can apply it to a user account by issuing the username
nameviewviewnamepassword password command. You can also test the view by issuing the
enable viewviewname command and issuing the password that you specified with the password
password keywords. Commands that are not available for the user's view will not appear in the
command list in contextsensitive help. Attempting to issue a command that is not included in a
user's view will display an error message just as if the command did not exist on the router, as
shown in the following output:
Router>enable view NEWADMIN
Password:
Router#configure terminal
% Invalid input detected at '^' marker.
Privilege levels can be also used to limit access to CLI commands. However, you are limited to 16
privilege levels, some of which are used by default by the IOS. For example, privilege level 0
includes only the disable, enable, exit, help, and logout commands. Each privilege level contains a
list of commands that are available at that level. Users assigned to a privilege level have access to
all of the commands at that privilege level and all lower privilege levels. Changing the commands
that are available to a privilege level might provide access to a user who should not be allowed
access to the command, or it might restrict access to another user who should be allowed access
to the command.
Configuring the administrator's user account with a privilege level of 1 will not enable the

Cisco 400-101 Exam
administrator to configure IP addresses and to view the running configuration. Privilege level 1
allows a user to issue any command that is available at the user EXEC > prompt.
Configuring the administrator's user account with a privilege level of 6 will not enable the
administrator to configure IP addresses and to view the running configuration unless you have first
configured privilege level 6 with the proper commands. By default, no commands are assigned to
privilege level 6.
Configuring the administrator's user account with a privilege level of 15 will enable the
administrator to configure IP addresses and to view the running configuration. However, it will also
provide access to all other commands that are available at the privileged EXEC #prompt. This will
provide more access to the IOS than you want the administrator to have.
Access control lists (ACLs) can be used to limit administrative access to a router. However, you
cannot limit access to particular IOS commands by using an ACL.
Reference:
https://search.cisco.com/search?query=Cisco%20IOS%20Securing%20User%20Services%20Co
nfiguration%20Guide&locale=enUS&tab=Cisco
https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-
control-system-tacacs-/23383-showrun.html
QUESTION NO: 470
What is the default timer setting for the IGMPv2 group membership timeout? (Select the best
answer.)
A.
one second
B.
10 seconds
C.
255 seconds
D.
260 seconds
Answer: D
Explanation:
The Internet Group Management Protocol version 2 (IGMPv2) group membership timeout is set to
Cisco 400-101 Exam
a value of 260 seconds by default. The group membership timeout is the amount of time a router
will wait before deciding that a group has no multicast sources or hosts on the network. To
configure the group membership timeout, issue the ip igmp grouptimeoutseconds command.
The IGMPv2 last member query response interval is set to a value of one second by default. The
last member query is the amount of time a router will wait after receiving a leave message from
the last group member before sending a response and deleting the group. To configure the last
member query response interval, issue the ip igmp lastmemberqueryresponsetime seconds
command.
The IGMPv2 query max response time is set to a value of 10 seconds by default. The query max
response time is the maximum response time advertised in IGMP queries. To configure the query
max response time, issue the ip igmp querymaxresponsetime secondscommand.
The IGMPv2 querier timeout, which is also referred to as the other querier present interval, is set
to a value of 255 seconds by default. The querier timeout is the number of seconds that a router
will wait after the querier has stopped transmitting before the router will take over the querier role.
To configure the querier timeout, issue the ip igmp querytimeoutseconds command or the ip igmp
queriertimeoutseconds command.
Reference:
QUESTION NO: 471
By default, how often are MAC addresses flushed from the CAM table? (Select the best answer.)
A.
after three minutes of no activity from that address
B.
after five minutes of no activity from that address
C.
after 10 minutes of no activity from that address
D.
after 300 minutes of no activity from that address
Answer: B
Explanation:
By default, Media Access Control (MAC) addresses are flushed from the Content Addressable

Cisco 400-101 Exam
Memory (CAM) table after five minutes of inactivity from that address. The CAM table provides a
list of known hardware addresses and their associated ports on the switch. After the integrity of a
frame has been verified, the switch searches the CAM table for an entry that matches the frame's
destination MAC address. If the frame's destination MAC address is not found in the table, the
switch forwards the frame to all its ports, except the port from which it received the frame. If the
destination MAC address is found in the table, the switch forwards the frame to the appropriate
port. The source MAC address is also recorded if it did not previously exist in the CAM table.
By default, MAC addresses are flushed from the CAM table after 300 seconds of no activity from
that address, not 300 minutes. The mac-address-table aging-time seconds command can be used
to change the frequency with which MAC addresses are flushed from the CAM table. In order to
have MAC addresses flushed from the CAM table after three minutes of inactivity, you should
issue the macaddresstable agingtime 180 command. Likewise, you should issue the
macaddresstable agingtime 600 command for the addresses to be flushed after 10 minutes of
inactivity.
Reference:
m1.html#wp2315701254
QUESTION NO: 472
You issue the show spanning-tree inconsistentports command on a switch and notice that
interface Gi 1/3 is in a rootinconsistent state.
Which of the following is the most likely reason for the inconsistent port? (Select the best answer.)
A.
Gi 1/3 is configured with root guard and has received an inferior BPDU.
B.
Gi 1/3 is configured with root guard and has received a superior BPDU.
C.
Gi 1/3 is configured with loop guard and has received an inferior BPDU.
D.
Gi 1/3 is configured with loop guard and has received a superior BPDU.
E.
Gi 1/3 is configured with BPDU guard and has started receiving BPDUs.
F.
Gi 1/3 is configured with BPDU guard and has stopped receiving BPDUs.

Cisco 400-101 Exam
Answer: B
Explanation:
The most likely reason for the inconsistent port is that Gi 1/3 is configured with root guard and has
received a superior bridge protocol data unit (BPDU). Root guard is used to prevent a port from
becoming a root port. When a port receives a superior BPDU, it will normally attempt to become a
root port. However, a root guard port that receives a superior BPDU will be put into the
BPDUs. A root guard port that receives an inferior BPDU will not be marked as inconsistent.
The loop guard feature prevents nondesignated ports from inadvertently forming Layer 2 switching
loops if the steady flow of BPDUs is interrupted; it is only used on interfaces that Spanning Tree
Protocol (STP) considers to be pointtopoint links. A port that is configured with loop guard will not
be placed in the rootinconsistent state when it receives a superior or inferior BPDU; it will be put
into the loopinconsistent state when it stops receiving BPDUs altogether. After the port starts
receiving BPDUs again, loop guard enables the port to transition through the normal STP states.
BPDU guard is used to define the edge of the STP domain by ensuring that access mode ports do
not receive BPDUs. When a port that is configured with BPDU guard receives a BPDU, BPDU
guard immediately puts the port into the errdisable state and shuts down the port. The port must
then be manually reenabled, or it can be recovered automatically through the errdisable timeout
function. A port configured with BPDU guard will not be put into the rootinconsistent state.
Reference:
QUESTION NO: 473
Which of the following LSA types is not accepted by an OSPF stub area? (Select the best
answer.)
A.
Type 1
B.
Type 2
C.
Type 3
D.
Type 4
E.
Cisco 400-101 Exam
Type 5
Answer: E
Explanation:
An Open Shortest Path First (OSPF) stub area does not accept Type 5 link-state advertisements
(LSAs), which advertise external summary routes. A stub area is connected to the backbone area
or transit area by the area border router (ABR). Type 5 LSAs that are received by the ABR are
converted to a default route, and this default route is distributed to the internal routers in the stub
area. Therefore, routers inside the stub area will send all packets destined for another area to the
ABR.
An OSPF stub area will accept Type 1, 2, 3, and 4 LSAs. Type 1 and 2 LSAs are intraarea routes
that carry IPv4 prefix information. All OSPF area types accept Type 1 and 2 LSAs.
Type 3 and Type 4 LSAs are interarea routes that are advertised between areas. Totally stubby
areas do not accept Type 3, 4, or 5 LSAs. These LSAs are replaced by a default route at the ABR.
As a result, routing tables are kept small within the totally stubby area.
The backbone area, Area 0, accepts all LSAs. All OSPF areas must directly connect to the
backbone area or must traverse a virtual link to the backbone area. An ordinary area, which is also
called a standard area, also accepts all LSAs.
A not-s-ostubby area (NSSA) is basically a stub area that contains one or more autonomous
system boundary routers (ASBRs). Like stub areas, NSSAs do not accept Type 5 LSAs. External
routes from the ASBR are converted to Type 7 LSAs and tunneled through the NSSA to the ABR,
where they are converted back to Type 5 LSAs.
Reference:
QUESTION NO: 474

Cisco 400-101 Exam
You administer the networks shown above. RouterA is connected to network A, RouterB is
connected to network B, and so on. RouterB and RouterD are iBGP peers of RouterC; RouterE
and RouterF are eBGP peers of RouterC. RouterA and RouterC are OSPF neighbors.
RouterC, which is not configured as a route reflector, receives routes from all of the other routers
on the network. You have issued the network command on each router to advertise their
respective networks. You have also issued the redistribute command on RouterC to redistribute
the OSPF routes from RouterA into BGP.
Routes to which of the following networks will RouterC advertise to RouterF? (Select the best
answer.)
A.
only network C
B.
only networks B, C, and D
C.
only networks A, B, C, and D
D.
only networks A, B, C, D, and E
E.
networks A, B, C, D, E, and F
Cisco 400-101 Exam
Answer: D
Explanation:
RouterC will advertise only networks A, B, C, D, and E to RouterF. RouterC and RouterF are
external Border Gateway Protocol (eBGP) peers, which are BGP routers that belong to different
autonomous systems (ASes). An eBGP peer advertises the following routes to another eBGP
peer:
-Routes learned through internal BGP (iBGP)
The only route that RouterC will not advertise to RouterF is network F, because RouterC originally
learned of the route from RouterF. When RouterF advertises network F to RouterC, RouterF adds
the AS number (ASN) to the AS_PATH. Routes with an AS_PATH that contains the ASN of a BGP
peer are not advertised back to that peer.
If RouterF were in AS 100, RouterF and RouterC would be iBGP peers. The BGP split horizon rule
states that routes learned through iBGP are not advertised to iBGP peers. Therefore, an iBGP
peer advertises the following routes to another iBGP peer:
Because iBGP routes are not advertised to iBGP peers, one of the following actions must be taken
to enable routers running iBGP to communicate:
-Configure a full mesh.
-Configure a confederation.
-Configure a route reflector.
A full mesh configuration enables each router to learn each iBGP route independently without
passing through a neighbor. However, a full mesh configuration requires the most administrative
effort to configure. A confederation enables an AS to be divided into discrete units, each of which
acts like a separate AS. Within each confederation, the routers must be fully meshed unless a
route reflector is established. A route reflector can be used to pass iBGP routes between iBGP

Cisco 400-101 Exam
routers, eliminating the need for a full mesh configuration. However, it is important to note that
route reflectors advertise best paths only to route reflector clients. Additionally, if multiple paths
exist, a route reflector will always advertise the exit point that is closest to the route reflector.
Reference:
CCIE Routing and Switching v5.0 Certification Guide, Volume 2, Chapter 1, Injecting
Routes/Prefixes into the BGP Table, pp. 18-40
QUESTION NO: 475
You are connecting host computers to a switch with 10/100/1000Mbps Gigabit Ethernet ports. All
of the ports are configured to autonegotiate speed and duplex settings.
Which of the following will cause a mismatch condition? (Select the best answer.)
A.
connecting a NIC that is configured for halfduplex, 100Mbps operation
B.
connecting a NIC that is configured for fullduplex, 100Mbps operation
C.
connecting a NIC that is configured for fullduplex, 1000Mbps operation
D.
connecting a NIC that is configured to autonegotiate duplex and speed settings
Answer: B
Explanation:
Connecting a network interface card (NIC) that is configured for fullduplex, 100Mbps operation will
cause a mismatch condition because the duplex modes on the NIC and on the port will be
different. A NIC that has been manually configured to use fullduplex or halfduplex mode does not
respond to a port that is attempting to autonegotiate duplex settings. When the autonegotiating
port receives no reply, it will use the default duplex settings for that speed. If the port detects that it
should transmit at 10 Mbps or 100 Mbps, the port will default to halfduplex mode? if the port
detects that it should transmit at 1000 Mbps, the port will default to fullduplex mode.
You can detect a duplex mismatch by monitoring a switch for %CDP-4-DUPLEXMISMATCH error
messages. Additionally, you can issue the show interfacesinterface command, which displays
counter information. If you see an abnormal increase in frame check sequence (FCS) errors and
alignment errors on a halfduplex port, you should suspect a duplex mismatch. An abnormal

Cisco 400-101 Exam
increase in FCS errors and runts on a fullduplex port is also an indicator of a duplex mismatch.
Connecting a NIC that is configured for halfduplex, 100Mbps operation will not cause a mismatch
condition.
The port will detect that it should transmit at 100 Mbps; therefore, it will default to halfduplex mode.
Configuring both switch ports for halfduplex mode would enable only one port to send data at a
time; however, communication could still occur, albeit slowly.
Connecting a NIC that is configured for fullduplex, 1000Mbps operation will not cause a mismatch
condition. The port will detect that it should transmit at 1000 Mbps; therefore, it will default to
fullduplex mode.
Connecting a NIC that is configured to autonegotiate duplex and speed settings will not cause a
mismatch condition. When both sides of a link autonegotiate speed settings, they will select the
highest speed common to both of them. When both sides of a link autonegotiate duplex settings,
they will negotiate fullduplex mode if both ports support fullduplex operation. If either side of the
link does not support fullduplex operation, the ports will negotiate halfduplex mode.
Reference:
46.html#ustand
QUESTION NO: 476
Which of the following statements are correct regarding EIGRP queries? (Select 2 choices.)
A.
EIGRP queries can propagate across ASes.
B.
EIGRP queries can be contained by disabling route summarization.
C.
EIGRP queries do not require replies.
D.
EIGRP queries can be contained by creating stub routers.
E.
EIGRP queries prevent routers from becoming SIA.

Cisco 400-101 Exam
Answer: A,D
Explanation:
Enhanced Interior Gateway Routing Protocol (EIGRP) queries can propagate across autonomous
systems (ASes), and they can be contained by creating stub routers. When a router loses a route
to a destination network and no feasible successor exists, the router floods EIGRP query packets
to its neighbors. If a neighbor has a route to the destination network, it replies with the route.
However, if a neighbor does not have a route to the destination network, it queries its neighbors,
and those neighbors query their neighbors, even across ASes. The network cannot converge until
all queries have been answered.
Limiting EIGRP queries increases scalability by preventing queries and replies from consuming
bandwidth and processor resources. You can display which routers have not yet replied to a query
by issuing the show ip eigrp topology active command, as shown in the following output:
Stub routers advertise only a specified set of routes. A hub router detects that a router is a stub
router by examining the TypeLengthValue (TLV) field within EIGRP hello packets sent by the
router. The hub router will specify in its neighbor table that the router is a stub router and will no
longer send query packets to that stub router, thereby limiting how far EIGRP queries spread
throughout a network. To create an EIGRP stub router, you should issue the eigrp stub command.
EIGRP queries cannot be contained by disabling route summarization? they are contained by
enabling route summarization. By default, automatic route summarization is enabled, but you can
disable it by issuing the no autosummary command; issuing the autosummary command
reenables automatic summarization. You can enable manual route summarization on a
perinterface basis by issuing the ip summaryaddress eigrp asnumberaddressmask command in
interface configuration mode. Enabling manual summarization is not the same as disabling
automatic summarization. When automatic summarization is disabled, routes are not summarized
unless the ip summaryaddress eigrp command is issued. Similarly, you cannot disable automatic
summarization by issuing the ip summaryaddress eigrp command; you must issue the no
autosummary command to disable automatic summarization.
EIGRP queries require replies; the network will not converge until every neighbor has sent a reply
to the queries. If a neighbor router does not respond in a timely fashion, the querying router will
become stuck in active (SIA) and the neighbor router will be removed from the querying router's
neighbor table. Therefore, EIGRP queries do not prevent routers from becoming SIA; EIGRP
queries cause routers to become SIA.
Reference:

Cisco 400-101 Exam
f6f.html
QUESTION NO: 477
Which of the following methods can a router use to discover an Anycast RP? (Select the best
answer.)
A.
only static configuration
B.
only AutoRP
C.
only BSR
D.
only AutoRP and BSR
E.
static configuration, AutoRP, and BSR
Answer: E
Explanation:
A router can use static configuration, AutoRP, and BootStrap Router (BSR) to discover an Anycast
rendezvous point (RP). Anycast RP enables multiple RPs to provide redundancy and loadsharing
capabilities. Each multicast receiver will use the closest RP. If an Anycast RP fails or is added, the
Protocol Independent Multicast (PIM) network will converge as quickly as IP routing converges.
Anycast RPs share information by using Multicast Source Discovery Protocol (MSDP). Each of the
Anycast RPs must be configured as MSDP peers of one another, and all the Anycast RPs must
have the same IP address on a loopback interface. Downstream routers must be configured with
the shared loopback address of the Anycast RPs, either statically by using the ip pim rpaddress
command or dynamically by using AutoRP or BSR.
Reference:

Cisco 400-101 Exam
QUESTION NO: 478
Which of the following multicast addresses is used for RP-Discovery messages? (Select the best
answer.)
A.
224.0.0.2
B.
224.0.0.13
C.
224.0.0.102
D.
224.0.1.39
E.
224.0.1.40
Answer: E
Explanation:
The multicast address 224.0.1.40 is used for RP-Discovery messages, which are sent by AutoRP
mapping agents to advertise the authoritative rendezvous point (RP) for a multicast group. AutoRP
dynamically determines the RP for a multicast group so that RPs need not be manually
configured. AutoRP uses a mapping agent to learn which routers are advertised as candidate RPs
for each multicast group. The candidate list is then advertised to client routers.
The multicast address 224.0.1.39 is used for RP-Announce messages, which are sent by each
candidate RP to advertise its eligibility to become an RP. The RP-Announce messages are
received by the mapping agent, which maps the candidate RPs to multicast groups. If multiple
routers are advertised as candidate RPs for a multicast group, the router with the highest IP
address is used as the RP for that group.
The multicast address 224.0.0.2 is the allrouters address. This address is used by Protocol
Independent Multicast version 1 (PIMv1) to send status messages, such as query messages. The
allrouters address is also used by Internet Group Management Protocol (IGMP).
The multicast address 224.0.0.13 is the allPIMrouters address. This address is used by PIMv2 to
send status messages, such as hello messages, prune messages, and assert messages. The
allPIMrouters address is also used by the BootStrap Router (BSR) feature to dynamically assign
RPs to multicast groups. Other PIMv2 message types include the Register message, the
RegisterStop message, and the Join/Prune message.
The multicast address 224.0.0.102 is used for Gateway Load Balancing Protocol (GLBP) hello
messages. GLBP is a Ciscoproprietary protocol that was developed to resolve some of the
shortcomings of other router redundancy protocols, such as HSRP and Virtual Router
Cisco 400-101 Exam
Redundancy Protocol (VRRP). By default, hello messages are sent among GLBP group members
every three seconds.
Reference:
CCIE Routing and Switching v5.0 Certification Guide, Volume 2, Chapter 8, Anycast RP with
MSDP, pp.
365-367
029236
QUESTION NO: 479
Which of the following is a difference between uRPF strict mode and loose mode? (Select the best
answer.)
A.
Strict mode checks for a return path to a source address, and loose mode does not.
B.
Strict mode forwards packets only from the best path, but loose mode forwards packets from any
valid path.
C.
Loose mode forwards packets even if a valid path does not exist in the routing table, and strict
modedoes not.
D.
Strict mode can be used to mitigate DDoS attacks, and loose mode cannot.
Answer: B
Explanation:
In strict mode, unicast Reverse Path Forwarding (uRPF) forwards packets only if they are received
from the best path back to the source device, but loose mode forwards packets if they are
received from any valid path back to the source device. uRPF is a means of verifying that packets
arriving on a router interface are from valid sources. When you enable uRPF in strict mode, the
router checks packets upon arrival at an interface to determine whether those packets arrived
through the best path to the source. If a packet did not arrive from the best path, the packet is
dropped. Because strict mode forwards only packets that are valid on the arrival interface,
implementing uRPF in strict mode can cause legitimate traffic to be dropped in asymmetric routing
configurations.

Cisco 400-101 Exam
For uRPF to be used in either strict or loose mode, Cisco Express Forwarding (CEF) must be
enabled. The router uses the information in the Forwarding Information Base (FIB) to perform the
reverse lookup in strict mode. In loose mode, the router checks to see if the source address of the
packet exists in the FIB and is a valid forwarding entry. The FIB is generated by CEF.
There are two network addresses that uRPF always allows to pass even though they might not be
present in the FIB: 0.0.0.0 and 255.255.255.255. Not allowing those addresses to pass would
cause problems with both Bootstrap Protocol (BOOTP) and Dynamic Host Configuration Protocol
(DHCP).
When you enable uRPF in loose mode, the router checks packets upon arrival at an interface to
determine whether those packets arrived from a valid path that is listed in the router's unicast
routing table, even if the valid path is not the path upon which the packet was received. Loose
mode enables uRPF to detect and drop packets from nonroutable IP addresses and addresses
that are routed to a null interface.
Both loose mode and strict mode can be used to mitigate Distributed Denial of Service (DDoS)
attacks.
Because uRPF checks for spoofed addresses, packets from spoofed addresses are likely to be
dropped.
Neither strict mode nor loose mode will forward a packet if the path upon which the packet arrived
is not listed as a valid path in the unicast routing table. In both modes, packets that do not arrive
on a valid interface will be dropped.
Reference:
https://www.cisco.com/c/en/us/about/security-center/unicast-reverse-path-forwarding.html
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/srpf_gsr.html#wp1053391
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_urpf/configuration/xe-3s/sec-data-
urpf-xe-3s-book/sec-unicast-rpf-loose-mode.html#GUID-FFFA94D5-EEFB-4215-9EE1-
DB37CD01C2CA
QUESTION NO: 480
Which of the following CHAP packets contains a Code field that is set to a value of 4? (Select the
best answer.)
A.
Challenge
B.
Failure

Cisco 400-101 Exam
C.
Response
D.
Success
Answer: B
Explanation:
A Challenge Handshake Authentication Protocol (CHAP) Failure packet contains a Code field that
is set to a value of 4. A CHAP packet consists of the following fields:
-A oneoctet Code field
-A oneoctet Identifier field, which helps to match challenges to responses
-A twooctet Length field,which indicates the length of the packet
-One or more fields that are determined by the Code field
A Challenge packet has a Code field that is set to a value of 1. It also has the following additional
fields:
-A oneoctet ValueSize field, which indicates the length of the Value field
-A variablelength ChallengeValue field, which contains a variable, unique stream of octets
-A variablelength Name field, which identifies the name of the transmitting device
A Response packet has a Code field that is set to a value of 2. It also has the following additional
fields:
-A oneoctet ValueSize field, which indicates the length of the Response Value field
-A variablelength Response Value field, which contains a concatenated oneway hash of the ID,
the secret key, and the Challenge Value
-A variablelength Name field, which identifies the name of the transmitting device
A Success packet has a Code field that is set to a value of 3. In addition to the standard fields, the
Success packet and the Failure packet have a variablelength Message field, which displays a
success or failure message, typically in humanreadable ASCII characters.
Reference:
ppp-chap.html

Cisco 400-101 Exam
QUESTION NO: 481
Which of the following should you enable to configure lower-priority packets to be dropped if
network congestion is detected? (Select the best answer.)
A.
RED
B.
WRED
C.
CAC
D.
FIFO
Answer: B
Explanation:
You should enable weighted random early detection (WRED) to configure lowerpriority packets to
be dropped if network congestion is detected. WRED is a congestion avoidance method that
selectively drops packets when output queues reach a predefined threshold. When the average
queue depth exceeds the minimum threshold for a designated service level, WRED begins to drop
packets that match that service level. If the queue depth continues to grow, WRED progressively
drops more packets that match the designated service level. When the average queue depth
reaches the maximum threshold for a designated service level, all packets that match that service
level are dropped. Because WRED drops packets based on their IP precedence value if network
congestion is detected, lowpriority packets are dropped before highpriority packets are dropped.
Similarly, random early detection (RED) is a congestion avoidance method that drops packets if
network congestion is detected. However, RED does not use IP precedence to determine the
priority of packets. Before the queue becomes full, RED randomly drops packets based on a mark
probability denominator. The mark probability denominator is the fraction of packets that should be
dropped when a queue reaches its minimum threshold. Because RED does not selectively drop
packets, highpriority packets have the same probability of being dropped as low-priority packets if
network congestion is detected. As the average size of the queue increases, RED will randomly
drop packets at an increasingly faster rate.
You should not enable Call Admission Control (CAC) to configure lower-priority packets to be
dropped if network congestion is detected. CAC is a Quality of Service (QoS) mechanism that
ensures that existing voice traffic is not negatively impacted by the addition of new voice traffic to
Cisco 400-101 Exam
the network. CAC is used to limit the number of concurrent calls that are permitted across a
configured link. CAC verifies that sufficient bandwidth is available on a link prior to the initiation of
a new voice call, and if sufficient bandwidth is not available, CAC denies the call and presents the
initiator with a fast busy signal.
You should not enable firstinfirstout (FIFO) to configure lower-priority packets to be dropped if
network congestion is detected. FIFO is a basic queuing method that offers no packet prioritization
or congestion avoidance. As the name implies, packets are processed in the order they are
received, without any regard to their IP precedence. Because there is no congestion avoidance in
a FIFO queue, all packets destined for a full FIFO queue are dropped until the existing packets are
processed and additional space is freed in the queue.
Reference:
https://search.cisco.com/search?query=Cisco%20IOS%20Quality%20of%20Service%20Configura
QUESTION NO: 482
You administer the network shown in the exhibit above. You enable root guard by issuing the
spanning-tree guard root command in interface configuration mode for the Fa0/0 interfaces of S2
and S3.
Which of the following statements best describes what will occur if the link between S1 and S2 is
broken? (Select the best answer.)
A.

Cisco 400-101 Exam
Traffic will follow its normal path from Host2 to S1.
B.
The Fa0/0 port on both switches will be put into the root-inconsistent state.
C.
Only Fa0/0 on S2 will be put into the root-inconsistent state.
D.
Only Fa0/0 on S3 will be put into the root-inconsistent state.
E.
STP will be disabled.
Answer: C
Explanation:
If the link between S1 and S2 is broken, the Fa0/0 port on S2 will be placed into the root-
inconsistent state. Root guard is typically used to prevent a designated port from becoming a root
port, thereby influencing which bridge will become the root bridge on the network. When root
guard is applied to a port, the port is permanently configured as a designated port. Normally, a
port that receives a superior bridge protocol data unit (BPDU) will become the root port. However,
if a port configured with root guard receives a superior BPDU, the port transitions to the
BPDUs. As a result, root guard can be used to influence the placement of the root bridge on a
network by preventing other switches from propagating superior BPDUs throughout the network
and becoming the root bridge.
When the root bridge detects the broken link, it will send out BPDUs to reconverge the network
topology. Since root guard was enabled on Fa0/0 on S2, the interface will be placed into the
rootinconsistent state when it receives superior BPDUs from Fa0/0 on S3. Thus root guard
prevents Fa0/0 on S2 from being selected as a root port. The port will remain in the
rootinconsistent state until it stops receiving superior BPDUs from Fa0/0 on S3.
Fa0/0 on S3 will not be placed into the rootinconsistent state, because it will not receive superior
BPDUs from S2. S3 will continue to receive superior BPDUs from S1.
Traffic would not follow its normal path from Host2 to the root bridge if the link between S1 and S2
were broken. When the link between S1 and S2 is up, traffic from Host2 travels from S4 to S2 to
S1. This is based on the root path cost. The root path cost is an accumulation of path costs from
bridge to bridge. A Fast Ethernet link has a path cost of 19. There are two 100Mbps paths, so the
root path cost from S4 to S2 to S1 equals 38. The root path cost from S4 to S3 to S1 also equals
38. If the root path cost is identical, the bridge ID is used to determine the path. In this scenario,
S2 has a priority of 32768, as does S3. However, the Media Access Control (MAC) address for
S2, 000000000002, is lower than the MAC address for S3, 000000000003, making S2 the
designated bridge. If the link between S1 and S2 breaks, the path for traffic coming from Host2 will
be rerouted from its normal path to the S4 to S3 to S1 path.

Cisco 400-101 Exam
Spanning Tree Protocol (STP) would not be disabled if the link between S1 and S2 were to break.
It is STP that reconverges the network topology to reroute traffic after a link in the root path
becomes disabled.
Reference:
QUESTION NO: 483
You administer a router that contains five routes to the same network: an eBGP route, an ISIS
route, a RIP route, an OSPF route, and an internal EIGRP route. The default ADs are used.
Which route does the router prefer? (Select the best answer.)
A.
the eBGP route
B.
the ISIS route
C.
the RIP route
D.
the OSPF route
E.
the EIGRP route
Answer: A
Explanation:
The router prefers the external Border Gateway Protocol (eBGP) route. When multiple routes to a
network exist and each route uses a different routing protocol, a router prefers the routing protocol
with the lowest administrative distance (AD). The following list contains the most commonly used
ADs:

Cisco 400-101 Exam
If the eBGP route were to fail, the internal Enhanced Interior Gateway Routing Protocol (EIGRP)
route would be preferred, because EIGRP has an AD of 90. If the EIGRP route were also to fail,
the Open Shortest Path First (OSPF) route would be preferred, because OSPF has an AD of 110.
If the OSPF route were also to fail, the Intermediate SystemtoIntermediate System (ISIS) route
would be preferred, because ISIS has an AD of 115. The Routing Information Protocol (RIP) route
would not be used unless all of the other links were to fail, because RIP has an AD of 120.
configuration mode. For example, to change the AD of RIP from 120 to 80, you should issue the
following commands:
If you were to modify the AD of RIP by issuing the distance command, the RIP route would be
preferred before the EIGRP route but after the eBGP route.
You can view the AD of the best route to a network by issuing the show ip routecommand. The AD
is the first number inside the brackets in the output. For example, the following router output
shows an OSPF route with an AD of 160:
Router#show ip route
Gateway of last resort is 10.19.54.20 to network 10.140.0.0
O E2 172.150.0.0 [160/5] via 10.19.54.6, 0:01:00, Ethernet2
Reference:

Cisco 400-101 Exam
distance.html
QUESTION NO: 484
RouterA receives several routes to the 192.168.1.0/26 network. Each of the routes is received
from a different routing protocol.
Which of the following routes is installed in the routing table? (Select the best answer.)
A.
the route with the longest prefix length
B.
the route with the shortest prefix length
C.
the route with the highest AD
D.
the route with the lowest AD
E.
the route with the highest metric
F.
the route with the lowest metric
Answer: D
Explanation:
The route with the lowest administrative distance (AD) is installed in the routing table. The
following list contains the most commonly used ADs:

Cisco 400-101 Exam
When multiple routes to a network exist and each route uses a different routing protocol, a router
prefers the routing protocol with the lowest AD. Therefore, if a router received local routes to
192.168.1.0/26 from Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path
First (OSPF), and Routing Information Protocol (RIP), the EIGRP routes would be installed in the
routing table and used to route packets? the OSPF and RIP routes would be maintained in the
OSPF and RIP databases, respectively, until they are needed.
configuration mode. For example, to change the AD of OSPF process ID 1 from 110 to 80, you
could issue the following commands:
RouterA(config)#router ospf 1
RouterA(config-router)#distance 80
When multiple routes to a network exist and each route uses a different routing protocol, metrics
cannot be used to determine the routes that are installed in the routing table. The metrics used by
each routing protocol are dissimilar and cannot be compared. Metrics can only be used to
compare routes from the same routing protocol. When a routing protocol contains multiple routes
to the same destination network, a router prefers the route with the lowest metric.
Because all of the routes in this scenario are to the 192.168.1.0/26 network, all of the routes have
the same prefix length. Prefix lengths are used to determine which route a packet will take when
multiple routes to overlapping networks exist. When multiple routes to overlapping networks exist,
a router will prefer the most specific route, which is the route with the longest prefix match.
Reference:
eigrp/8651-21.html

Cisco 400-101 Exam
QUESTION NO: 485
Which of the following EEM policy components determines whether the default action will be
performed? (Select the best answer.)
A.
event register keyword
B.
namespace import
C.
body
D.
exit status
Answer: D
Explanation:
The exit status component of the Embedded Event Manager (EEM) policy determines whether the
default action will be performed. An EEM policy can be written as an applet in the commandline
interface (CLI) or in Tool Command Language (Tcl). EEM policies contain instructions on what
action should take place if a defined event occurs. An EEM policy can consist of the following six
components:
Event register keyword
Environmental must defines
Namespace import
Entry status
Body
Exit status
remaining four components are all optional. The event register keyword describes, registers, and
schedules the event that is to be detected by the policy. The body contains the instructions
regarding the actions to be carried out. The environmental must defines component determines
whether required environmental variables have been defined before recovery actions are taken.
The entry status determines whether another policy has been previously run for the defined event.
The namespace import component contains code libraries.

Cisco 400-101 Exam
Reference:
QUESTION NO: 486
Which of the following statements is true regarding Cisco IOS EPC? (Select the best answer.)
A.
Each capture point can be associated with multiple capture buffers.
B.
Multiple capture points can be active on a single interface.
C.
The buffer type and sampling interval are the only settings you can adjust when creating a capture
buffer.
D.
The packet data contains a timestamp indicating when the packet was added to the buffer.
Answer: B
Explanation:
Multiple capture points can be active on a single interface. Cisco IOS Embedded Packet Capture
(EPC) is a feature that you can implement to assist with tracing packets and troubleshooting
issues with packet flow in and out of Cisco devices. To implement Cisco IOS EPC, you must
perform the following steps:
1.Create a capture buffer.
2.Create a capture point.
3.Associate the capture point with the capture buffer.
4.Enable the capture point.
The buffer type and sampling interval are not the only settings you can adjust when creating a
capture buffer; you can also adjust several other items, including the buffer size and the packet
capture rate. Specifying the sampling interval and the buffer type will allow for the maximum
number of pertinent packets to be stored in the buffer. To configure a capture buffer, you should
issue the monitor capture bufferbuffername [clear | exportexportlocation |
filteraccesslistipaccesslist | limit {allownthpaknthpacket | duration seconds |
Cisco 400-101 Exam
packetcounttotalpackets | packetspersec packets} | [maxsize elementsize] [sizebuffersize] [circular
| linear]] command from global configuration mode.
The capture buffer contains packet data and metadata. The packet data does not contain a
timestamp indicating when the packet was added to the buffer; the timestamp is contained within
the metadata. In addition, the metadata contains information regarding the direction of
transmission of the packet, the switch path, and the encapsulation type.
To create a capture point, you should issue the monitor capture point {ip | ipv6}
{cefcapturepointname interfacename interfacetype {both | in | out} | processswitched
create multiple capture points with unique names and parameters on a single interface.
associatecapturepointname capturebuffername command from global configuration mode. Each
capture point can be associated with only one capture buffer. Finally, to enable the capture point
so that it can begin to capture packet data, you should issue the monitor capture point start
{capturepointname | all} command.
Reference:
packet-capture.html#GUID-1A08B87D-D022-4F41-A0CB-B30938EB9EF8
Drag the characteristics from the left that apply to IS-IS, and place them in the column on the right.
Not all characteristics will be used.

Cisco 400-101 Exam
Answer:
Explanation:

Cisco 400-101 Exam
Intermediate SystemtoIntermediate System (ISIS) works with both IP and Connectionless Network
Protocol (CLNP). ISIS encapsulates its data at the Data Link layer and can therefore be used with
both IP and
CLNP; however, it does not support Internetwork Packet Exchange (IPX). Because ISIS is an
Open Systems Interconnection (OSI) standard, ISIS uses 0xFE and 0xFEFE in the Layer 2 header
to identify the Layer 3 protocol as OSI. ISIS is specified in International Organization for
Standardization (ISO) 10589.
ISIS is a linkstate routing protocol. Routers that use a linkstate routing protocol maintain a
complete topology of the network by flooding the state of each router's links across the entire
network until each of the routers has information about all of the other routers in the autonomous
system (AS). ISIS uses the following Data Link layer multicast addresses to send hello packets
and linkstate information:
0900.2B00.0005 -All Intermediate Systems
0900.2B00.0004 -All End Systems
IS-IS does not have a designated router (DR) or a backup designated router (BDR). ISIS uses a
designated intermediate system (DIS) in a broadcast multiaccess network. All ISIS routers on the
network segment establish adjacencies with the DIS. The DIS serves as a focal point for the
distribution of ISIS routing information. ISIS supports preemption; once elected, the DIS must
relinquish its duties if another router with a higher priority joins the network. If the DIS is no longer
detected on the network, a new DIS is elected based on the priority of the remaining routers on the
network segment. If a new DIS cannot be elected based solely on router priority, the highest
Media Access Control (MAC) address is used. If there is still a tie, the highest system ID is the
Cisco 400-101 Exam
deciding factor. Every ISIS router is required to have a unique system ID.
ISIS can perform route summarization. Summarization helps to reduce the size of the routing
table. You can issue the summaryaddress command to configure ISIS to summarize routes.
Reference:
https://www.cisco.com/c/en/us/products/index.html
QUESTION NO: 488
Which of the following statements is true regarding a microburst? (Select the best answer.)
A.
Reducing the buffer size will decrease the negative effects of a microburst.
B.
A microburst is a small increase in traffic over a long period of time.
C.
A microburst can result in tail drops.
D.
Microbursts typically result from the traffic sent from a single source.
Answer: C
Explanation:
A microburst can result in tail drops. Tail drop is the default congestion avoidance mechanism on
Cisco routers. Interface congestion occurs when a device receives packets faster than it can send
them. When congestion exists, the excess packets are stored in a buffer until the interface can
transmit them. When the buffer becomes full, the device drops all packets on the congested
interface until there is room in the buffer.
A microburst is a significant increase in traffic over a very short period of time and typically occurs
when multiple systems send traffic to the same destination. If the combined traffic exceeds the
interface bandwidth and the buffer becomes full, packets are dropped. Therefore, reducing the
buffer size will increase, not decrease, the negative effects of a microburst; increasing the size of
the buffer is the most effective way of avoiding packet loss due to a microburst. You can also
configure some Cisco devices to send a notification whenever a microburst is detected.
Reference:
https://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/white-
Cisco 400-101 Exam
paper-c11-733020.html#_Toc401129774
Select the LISP components from the left, and drag them to the corresponding description on the
right.
Answer:
Explanation:
Route Locator (RLOC) addresses are the IP addresses and prefixes that identify different routers
in the IP network. Locator Identity Separation Protocol (LISP) splits the device identity and its
location into separate numbering spaces. The Endpoint Identifier (EID) contains the locally
relevant device identity and is used for endsite addressing. The RLOC contains the globally routed
location of the device and is used to forward traffic between different networks.
The MapServer (MS) is a LISP device that stores the registered EID prefixes? the MS contains the
mapping database of EID-to-RLOC mappings. The MapResolver (MR) receives MapRequest
queries from LISP site Ingress Tunnel Routers (ITRs) when they attempt to populate the local
Cisco 400-101 Exam
mapcache of resolved EID-to-RLOC mappings. An ITR receives packets from internal hosts and
forwards them to external sites. Egress Tunnel Routers (ETRs) receive packets from external sites
and forward them to internal hosts. If an edge device is both an ITR and an ETR, it is often called
an xTR.
LISP tunnels are dynamically configured and do not require preconfigured endpoints. One
advantage of LISP is its ability to offer mobility and scalability to a network. Endpoints can be
relocated within a network and retain their configurations, including IP addressing, easing
management tasks related to mobile endpoint devices. LISP is designed to communicate with
networks that are not using LISP. Enhanced Interior Gateway Routing Protocol (EIGRP) Over the
Top (OTP) uses LISP as the data plane protocol to create a single contiguous EIGRP routing
domain between sites over a service provider network.
Reference:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DCI/5-
0/LISPmobility/DCI_LISP_Host_Mobility/LISPmobile_2.html#wp1277848
QUESTION NO: 490
Which of the following connects more than two UNIs and enables each UNI to communicate with
every other UNI in the configuration? (Select the best answer.)
A.
E-LAN
B.
EPL
C.
E-Tree
D.
EVPL
Answer: A
Explanation:
An ELAN service connects more than two User Network Interfaces (UNIs) and enables each UNI
to communicate with every other UNI in the configuration. An ELAN is a multipointtomultipoint
Ethernet virtual connection (EVC). A UNI is the physical demarcation between a service provider
and a subscriber. ELAN services fully mesh two or more UNIs and follow a specific set of rules for
delivering service frames to a UNI. Each UNI in an ELAN can communicate with any other UNI in
the ELAN. ELANs typically have a distance limitation of 50 miles (80 kilometers). Layer 2 Virtual
Cisco 400-101 Exam
Private Networks (L2VPNs) and multipoint L2VPNs are examples of ELANs.
Both Ethernet private line (EPL) and Ethernet virtual private line (EVPL) are Eline services. Eline
services are Ethernet pointtopoint EVC services that can be used to connect two UNIs. Therefore,
an Eline does not connect more than two UNIs. The difference between an EPL and an EVPL is
that an EVPL is capable of service multiplexing. In addition, an EPL requires full service frame
transparency. An EVPL does not.
An ETree is a pointtomultipoint EVC that resembles a hubandspoke configuration. Therefore, an

ETree does not enable each UNI to communicate with every other UNI in the configuration. An
ETree service connects more than one UNI to a single root UNI or leaf UNI. Root UNIs can send
data to any leaf UNI. However, a leaf UNI can send traffic only to a root UNI. ETrees are typically
used to provide Internet access to multiple sites.
Reference:
https://www.cisco.com/c/en/us/td/docs/net_mgmt/active_network_abstraction/3-
7/service_activation/user/guide/anansaug/tech_overview.html#wp1106296
QUESTION NO: 491
Which of the following potential BGP enhancements were documented in the BGP Add-Paths
proposal? (Select the best answer.)
A.
possible modifications to the best-path algorithm
B.
possible software upgrades for PE routers
C.
possible addition of a session between a route reflector and its client
D.
possible addition of a four-octet Path Identifier
Answer: D
Explanation:
The BGP Add-Paths proposal proposed the possible addition of a four-octet Path Identifier to
Network Layer Reachability Information (NLRI) in order to enable Border Gateway Protocol (BGP)
to distribute multiple paths. BGP as it is typically deployed has no mechanism for distributing paths
that are not considered the best path between speakers.

Cisco 400-101 Exam
Observations about the possible addition of a session between a router reflector and its client
were documented in Request for Comments (RFC) 6774, which discusses the distribution of
diverse BGP paths. Specifically, RFC 6774 observed that BGP as it is typically deployed has no
mechanism for distributing paths that are not considered the best path between speakers.
However, the possible addition of a session between a route reflector and its client could enable a
BGP router to distribute alternate paths.
Neither the AddPaths proposal nor RFC 6774 document possible modifications to the bestpath
algorithm or software upgrades for provider edge (PE) routers. Although RFC 6774 does discuss a
possible means of distributing paths other than the best path, the means by which BGP
determines the best path to a destination were not changed. Therefore, no software upgrade is
required.
Reference:
QUESTION NO: 492
Which of the following statements best describes holddown timers? (Select the best answer.)
A.
Holddown timers prevent switching loops.
B.
Holddown timers prevent routing loops by advertising a route as unreachable to all devices.
C.
Holddown timers prevent routing loops by advertising a route as unreachable to the interface
fromwhich the route was received.
D.
Holddown timers prevent routers from advertising a route through the same interface from which
theroute was learned.
E.
Holddown timers suppress information regarding a better path to a route for a specified period
oftime.
F.
Holddown timers synchronize VLAN configuration information between switches.
Answer: E
Explanation:

Cisco 400-101 Exam
Holddown timers prevent routing loops by suppressing information regarding a better path to a
route for a specified period of time. When a router receives a routing update stating that a route is
unreachable, the router waits a specified amount of time before accepting routes advertised by
other sources.
route was learned. Thus split horizon prevents routing loops. By default, split horizon is enabled on
all interfaces except those on which Frame Relay encapsulation or Switched Multimegabit Data
Service (SMDS) encapsulation is enabled.
advertising a route as unreachable. However, route poisoning immediately sends the
advertisements to all interfaces, not just to the source interface.
information between switches. For switches to synchronize information over VTP, the following
-VTP domain name
-VTP password
-VTP version
Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfigrp.html#w
p1017437
QUESTION NO: 493
Which of the following statements are correct regarding cloudbased services? (Select 2 choices.)
A.
IaaS requires the lowest management burden but provides the least flexibility.

Cisco 400-101 Exam
B.
PaaS requires the lowest management burden but provides the least flexibility.
C.
SaaS requires the lowest management burden but provides the least flexibility.
D.
IaaS requires the greatest management burden but provides the most flexibility.
E.
PaaS requires the greatest management burden but provides the most flexibility.
F.
SaaS requires the greatest management burden but provides the most flexibility.
Answer: C,D
Explanation:
Of the three major cloudbased services, Software as a Service (SaaS) requires the lowest
management burden but provides the least flexibility. By contrast, Infrastructure as a Service
(IaaS) requires the greatest management burden but provides the most flexibility.
An SaaS vendor typically provides a complete software application package to customers. For
example, a company might contract with an SaaS vendor to provide hosted email services. The
software application, the operating system on which the application runs, the hardware on which
the operating system runs, and the network infrastructure on which the hardware communicates
are maintained by the SaaS vendor, thereby lowering the management burden for the customer.
Access to the software application is often provided through a web browser interface.
An IaaS vendor provides computing and storage resources as well as the network infrastructure.
The customer is responsible for everything else, including operating systems, software
development platforms, database platforms, and software applications. With IaaS, the customer
has a great deal of control and flexibility. However, IaaS places a larger management burden on
the customer than the other cloudbased services do.
A Platform as a Service (PaaS) vendor provides the same services as an IaaS vendor does. In
addition, a PaaS vendor also provides operating systems, software development platforms, and
Reference:
45/123-cloud1.html

Cisco 400-101 Exam
QUESTION NO: 494
In Cisco ACI, what is a context? (Select the best answer.)
A.
a collection of VRF instances or IP address spaces
B.
a collection of endpoints that provide a similar function
C.
a collection of groups, their connections, and related policies
D.
a collection of rules and policies that define how endpoints can communicate
Answer: A
Explanation:
In Cisco Application Centric Infrastructure (ACI), a context is a collection of VPN routing and
forwarding (VRF) instances or IP address spaces. Each customer, or tenant, can have one or
more contexts. Endpoints and endpoint groups (EPGs) define the application within each context.
A contract is a collection of rules and policies that define how endpoints and EPGs can
communicate. For example, a contract can be created so that a web server can be accessed only
by Hypertext Transfer Protocol (HTTP) or HTTP Secure (HTTPS).
1.Create EPGs.
2.Create policies that define connectivity rules.
3.Create contracts between EPGs by applying policies.

Cisco 400-101 Exam
Reference:
QUESTION NO: 495
Which of the following is best described as a cloud-computing platform? (Select the best answer.)
A.
KVM
B.
Xen
C.
DevOps
D.
OpenStack
Answer: D
Explanation:
OpenStack is best described as a cloud-computing platform. Each OpenStack modular component

is responsible for a particular function, and each component has a code name. The following list
contains several of the most popular OpenStack components:
Nova -OpenStack Compute: manages pools of computer resources
Neutron -OpenStack Networking: manages networking and addressing
Cinder -OpenStack Block Storage: manages blocklevel storage devices
Glance -OpenStack Image: manages disk and server images
Swift -OpenStack Object Storage: manages redundant storage systems
Keystone -OpenStack Identity: is responsible for authentication
Horizon -OpenStack Dashboard: provides a graphical user interface (GUI)
usage billing
Kernel-based Virtual Machine (KVM) and Xen are best described as hypervisors, not
cloudcomputing platforms. A hypervisor is used to create and run virtual machines (VMs). A Type1
Cisco 400-101 Exam
hypervisor, which is also called a native hypervisor or a baremetal hypervisor, runs directly on the
host computer's hardware. KVM, Xen, HyperV, and VMware ESX/ESXi are Type1 hypervisors. A
Type2 hypervisor, which is also called a hosted hypervisor, runs within an operating system on the
host computer. VMware Workstation, Parallels Desktop for Mac, and Quick Emulator (QEMU) are
Type2 hypervisors.
DevOps is best described as a practice or methodology of agile production, delivery,

management, operation, and maintenance. These practices can be applied to both software
development and information technology administration. DevOps can help increase the speed and
reliability of software development, testing, and deployment.
Reference:
QUESTION NO: 496
Which of the following statements best describes the term LLN? (Select the best answer.)
A.
An LLN is a Type1 hypervisor.
B.
An LLN connects embedded devices.
C.
LLN is a data modeling language for NETCONF.
D.
LLN is an OpenStack component.
E.
LLN is an agile software methodology.
Answer: B
Explanation:
A Lowpower and Lossy Network (LLN), which is also called an Internet of Things (IoT) network,
connects embedded devices. Embedded devices, or smart objects, are typically lowpower,
lowmemory devices with limited processing capabilities. These devices are used in a variety of
applications, such as environmental monitoring, healthcare monitoring, process automation, and
location tracking. Many embedded devices can transmit data wirelessly, and some are capable of
transmitting over a wired connection. However, connectivity is generally unreliable and bandwidth
is often constrained.

Cisco 400-101 Exam
An LLN is not a Type1 hypervisor. A hypervisor is used to create and run virtual machines (VMs).
A Type1 hypervisor, which is also called a native hypervisor or a baremetal hypervisor, runs
directly on the host computer's hardware. Kernelbased Virtual Machine (KVM), Xen, HyperV, and
VMware ESX/ESXi are Type1 hypervisors. A Type2 hypervisor, which is also called a hosted
hypervisor, runs within an operating system on the host computer. VMware Workstation, Parallels
Desktop for Mac, and Quick Emulator (QEMU) are Type2 hypervisors.
LLN is not a data modeling language for Network Configuration Protocol (NETCONF). NETCONF
uses YANG as a data modeling language. NETCONF, which is described in Request for
Comments (RFC) 6241, provides the ability to automate the configuration of network devices.
YANG, which is defined in RFC 6020, is a hierarchical data modeling language that can model
configuration and state data for NETCONF.
LLN is not an OpenStack component. OpenStack is an opensource cloudcomputing platform.

Each OpenStack modular component is responsible for a particular function, and each component
has a code name. The following list contains several of the most popular OpenStack components:
-Cinder -OpenStack Block Storage: manages block-level storage devices
-Ceilometer –OpenStack Telemetry: provides counter-based tracking that can be used for
LLN is not an agile software methodology. DevOps is best described as a practice or methodology
of agile production, delivery, management, operation, and maintenance. These practices can be
applied to both software development and information technology administration. DevOps can
help increase the speed and reliability of software development, testing, and deployment.
Reference:
https://datatracker.ietf.org/wg/roll/charter/
QUESTION NO: 497
Which of the following configuration management tools are written in Ruby? (Select 2 choices.)

Cisco 400-101 Exam
A.
Ansible
B.
Chef
C.
Puppet
D.
Salt
Answer: B,C
Explanation:
Puppet and Chef are configuration management tools that are written in Ruby. By contrast,
Ansible and Salt are configuration management tools that are written in Python. Configuration
management tools are used to automate the installation, configuration, and maintenance of
multiple computer systems, including the software that runs on those systems. The capabilities of
Puppet and Chef are aligned more closely with the needs of application developers, whereas the
capabilities of Ansible and Salt are aligned more closely with the needs of system administrators.
used.
Puppet operates on Linux distributions, UNIXlike systems, and Microsoft Windows. Puppet uses a
client/ server architecture; managed nodes running the Puppet Agent application can receive
configurations from a master server running Puppet Server. Modules are written in Ruby or by
using a Rubylike Puppet language.
Like Puppet, Chef operates on Linux distributions, UNIXlike systems, and Microsoft Windows.
Chef can use a client/server architecture or a standalone client configuration. Configuration
information is contained within cookbooks that are written in Ruby and are stored on a Chef
Server. Managed nodes running the Chef Client can pull cookbooks from the server. Standalone
clients that do not have access to a server can run chefsolo and pull cookbooks from a local
directory or from a tar.gz archive on the Internet.
Salt also operates on Linux distributions, UNIXlike systems, and Microsoft Windows. Salt can use
a client/ server architecture by installing Salt master software on the server and Salt minion
software on managed nodes. Masters and minions communicate by using ZeroMQ. Salt can also
be used without installing Salt minion software by using Salt Secure Shell (SSH). However, Salt
SSH is much slower than ZeroMQ.
Configuration information is stored primarily in state modules that are typically written in YAML;
however, Python or Python Domain Specific Language (PyDSL) can also be used for complex
configuration scripts.
Like the other configuration management software packages, Ansible also operates on Linux
distributions, Unixlike systems, and Microsoft Windows. However, unlike the other configuration
Cisco 400-101 Exam
management software packages, Ansible does not use agent software on managed nodes.
Configurations are stored on the Ansible server in playbooks that are written in YAML. Managed
nodes can download scripted modules from an Ansible server by using SSH.
Reference:
QUESTION NO: 498
Which of the following formats is used by Ansible playbooks and Salt state files? (Select the best
answer.)
A.
HTML
B.
XML
C.
YAML
D.
YANG
Answer: C
Explanation:
YAML is used by Ansible playbooks and Salt state files. Ansible and Salt are configuration
management tools that are used to automate the installation, configuration, and maintenance of
multiple computer systems, including the software that runs on those systems. Other configuration
management tools include Puppet and Chef.
Neither Hypertext Markup Language (HTML), Extensible Markup Language (XML), nor YANG is
used by Ansible playbooks and Salt state files. YANG, which is defined in Request for Comments
(RFC) 6020, is a hierarchical data modeling language that can model configuration and state data
for NETCONF. The YANG data can be encoded in an XML format.
Salt is written in Python and operates on Linux distributions, UNIXlike systems, and Microsoft
Windows. Salt can use a client/server architecture by installing Salt master software on the server
and Salt minion software on managed nodes. Masters and minions communicate by using
ZeroMQ. Salt can also be used without installing Salt minion software by using Salt Secure Shell

Cisco 400-101 Exam
(SSH). However, Salt SSH is much slower than ZeroMQ. Configuration information is stored
primarily in state modules that are typically written in YAML; however, Python or Python Domain
Specific Language (PyDSL) can also be used for complex configuration scripts.
Microsoft Windows. However, unlike the other configuration management software packages,
Ansible does not use agent software on managed nodes. Configurations are stored on the Ansible
server in playbooks. Managed nodes can download scripted modules from an Ansible server by
using SSH.
Puppet is written in Ruby and operates on Linux distributions, UNIXlike systems, and Microsoft
Windows.
Puppet uses a client/server architecture; managed nodes running the Puppet Agent application
can receive configurations from a master server running Puppet Server. Modules are written in
Ruby or by using a Rubylike Puppet language.
a Chef Server.
Reference:
http://docs.ansible.com/ansible/latest/playbooks_intro.html
https://docs.saltstack.com/en/latest/topics/yaml/

Cisco 400-101 Questions & Answers

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco 400-101 Questions & Answers

Uploaded by

Copyright:

Available Formats

Cisco 400-101 Questions & Answers

QUESTION NO: 2 DRAG DROP

"Everything is under control" - www.pass4sure.com 3

"Everything is under control" - www.pass4sure.com 4

IETF: RFC 4271: A Border Gateway Protocol 4 (BGP4): 5. Path Attributes

"Everything is under control" - www.pass4sure.com 6

The variance is set to the default value on RouterA.

Which of the following statements is correct? (Select the best answer.)

"Everything is under control" - www.pass4sure.com 7

Cisco: Introduction to EIGRP

"Everything is under control" - www.pass4sure.com 8

- RouterA to RouterE to RouterC • RouterA to RouterB to RouterC

- RouterA to RouterE to RouterC

- RouterA to RouterD to RouterC

- RouterA to RouterB to RouterC

- RouterA to RouterE to RouterC

- RouterA to RouterD to RouterC

- RouterA to RouterB to RouterC

- RouterA to RouterE to RouterC

- RouterA to RouterD to RouterC

cost = reference bandwidth / interface bandwidth

"Everything is under control" - www.pass4sure.com 10

QUESTION NO: 6 DRAG DROP

"Everything is under control" - www.pass4sure.com 11

"Everything is under control" - www.pass4sure.com 12

"Everything is under control" - www.pass4sure.com 13

"Everything is under control" - www.pass4sure.com 14

Cisco: Configuring STP: SpanningTree Topology and BPDUs

Cisco: Spanning Tree Protocol Root Guard Enhancement

"Everything is under control" - www.pass4sure.com 15

Cisco: TACACS+ and RADIUS Comparison: Compare TACACS+ and RADIUS

"Everything is under control" - www.pass4sure.com 16

The adaptive cutthrough switching method provides a balance between store-and-forward

"Everything is under control" - www.pass4sure.com 18

- Dynamic Host Configuration Protocol (DHCP) packets allowed by DHCP snooping

- Traffic that matches entries in the IP source binding table

"Everything is under control" - www.pass4sure.com 20

Cisco: Implementing OSPF for IPv6

IETF: RFC 2328: OSPF Version 2

FastEthernet0/0 is up, line protocol is up

IPv6 is enabled, linklocal address is FE80::11AA:22BB:33CC:44DD

No global unicast address is configured

Joined group address(es):

"Everything is under control" - www.pass4sure.com 22

Cisco: Advances in EIGRP (PDF)

"Everything is under control" - www.pass4sure.com 24

A NET is a hexadecimal address that consists of the following three parts:

- The network service access point (NSAP) selector, or NSEL

"Everything is under control" - www.pass4sure.com 26

"Everything is under control" - www.pass4sure.com 27

Cisco: Implementing Quality of Service Policies with DSCP: Expedited Forwarding

QUESTION NO: 18 DRAG DROP

"Everything is under control" - www.pass4sure.com 29

A DHCPNAK packet is the opposite of a DHCPACK packet. A DHCPNAK packet is a broadcast

Cisco: Configuring DHCP

IETF: RFC 2131: Dynamic Host Configuration Protocol

"Everything is under control" - www.pass4sure.com 31

- Port Address Translation (PAT)

Cisco: Multicast over IPSec VPN Design Guide: Overview

RouterA and RouterB are connected routers.

System Id Interface SNPA State Holdtime ….. Type Protocol

RouterB Et0/0 0000.0000.000b Up 23 L1 IS-IS