[Free] 2019(Nov) EnsurePass Cisco 400-101 Dumps with VCE and PDF 21-30

Get Full Version of the Exam

Question No.21

Refer to the exhibit. Why is the router not accessible via Telnet on the GigabitEthernet0 management interface?


  1. The wrong port is being used in the telnet-acl access list.

  2. The subnet mask is incorrect in the telnet-acl access list.

  3. The log keyword needs to be removed from the telnet-acl access list..

  4. The access class needs to have the vrf-also keyword added.

Correct Answer: D


The correct command should be quot;access-class telnet-acl in vrf-alsoquot;. If you do not specify the vrf- also keyword, incoming Telnet connections from interfaces that are part of a VRF are rejected.

Question No.22

Refer to the exhibit. This is the configuration of the ASBR of area 110.Which option explains why the remote ABR should not translate the type 7 LSA for the prefix into a type 5 LSA?


  1. The remote ABR translates all type 7 LSA into type 5 LSA, regardless of any option configured in the ASBR.

  2. The ASBR sets the forwarding address to which instructs the ABR not to translate the LSA into a type 5 LSA.

  3. The ASBR originates a type 7 LSA with age equal to MAXAGE 3600.

  4. The ABR clears the P bit in the header of the type 7 LSA for

Correct Answer: D


When external routing information is imported into an NSSA, LSA Type 7 is generated by the ASBR and it is flooded within that area only. To further distribute the external information, type 7 LSA is translated into type 5 LSA at the NSSA border. The P-bit in LSA Type 7 field indicates whether the type 7 LSA should be translated. This P-bit is automatically set by the NSSA ABR (also the Forwarding Address (FA) is copied from Type 7 LSA). The P-bit is not set only when the NSSA ASBR and NSSA ABR are the same router for the area . If bit P = 0, then the NSSA ABR must not translate this LSA into Type 5.

he nssa-only keyword instructs the device to instigate Type-7 LSA with cleared P-bit, thereby, preventing LSA translation to Type 5 on NSSA ABR device. NotE. If a router is attached to another AS and is also an NSSA ABR, it may originate a both a type-5 and a type-7 LSA for the same network. The type-5 LSA will be flooded to the backbone and the type-7 will be flooded into the NSSA. If this is the case, the P-bit must be reset (P=0) in the type-7 LSA so the type-7 LSA isn#39;t again translated into a type-5 LSA by another NSSA ABR.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-e/iro- 15-e-book/iro-ospfv3-nssa-cfg.html

Question No.23

Which two functions are performed by the DR in OSPF? (Choose two.)

  1. The DR originates the network LSA on behalf of the network.

  2. The DR is responsible for the flooding throughout one OSPF area.

  3. The DR forms adjacencies with all other OSPF routers on the network, in order to synchronize the LSDB across the adjacencies.

  4. The DR is responsible for originating the type 4 LSAs into one area.

Correct Answer: AC


The DR originates the network LSA (LSA Type 2) which lists all the routers on the segment it is adjacent to -gt; A is correct.

Types 2 are ooded within its area only; does not cross ABR -gt; B is incorrect.

The broadcast and non-broadcast network types elect a DR/BDR. They form adjacencies to all other OSPF routers on the network and help synchronize the Link State Database (LSDB) across the adjacencies -gt; C is correct.

LSAs Type 4 are originated by the ABR to describe an ASBR to routers in other areas so that routers in other areas know how to get to external routes through that ASBR -gt; D is incorrect.

Question No.24

Which field is specific to the OPSFv3 packet header, as opposed to the OSPFv2 packet header?

  1. checksum

  2. router ID

  3. AuType

  4. instance ID

Correct Answer: D


In OSPFv3, Instance ID is a new field that is used to have multiple OSPF process#39; instance per link. By default it is 0 and for any additional instance it is increased, instance ID has local link significance only. OSPFv3 routers will only become neighbors if the instanceIDs match. It is thus possible to have multiple routers on a broadcast domain and all run Ospfv3 but not all of them becoming neighbors.

Reference: https://supportforums.cisco.com/document/97766/comparing-ospfv3-ospfv2-routing- protocol

Question No.25

Refer to the exhibit. Why is the neighbor relationship between R1 amp; R2 and R1 amp; R3 an L2-type neighborship?


  1. because the area ID on R1 is different as compared to the area ID of R2 and R3

  2. because the circuit type on those three routers is L1/L2

  3. because the network type between R1, R2, and R3 is point-to-point

  4. because the hello interval is not the same on those three routers

Correct Answer: A


With IS-IS, an individual router is in only one area, and the border between areas is on the link that connects two routers that are in different areas. A Level 2 router may have neighbors in the same or in different areas, and it has a Level 2 link-state database with all information for inter- area routing. Level 2 routers know about other areas but will not have Level 1 information from its own area.

Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a3e6f.shtml

Question No.26

What is the cause of ignores and overruns on an interface, when the overall traffic rate of the interface is low?

  1. a hardware failure of the interface

  2. a software bug

  3. a bad cable

  4. microbursts of traffic

Correct Answer: D


Micro-bursting is a phenomenon where rapid bursts of data packets are sent in quick succession, leading to periods of full line-rate transmission that can overflow packet buffers of the network stack, both in network endpoints and routers and switches inside the network. Symptoms of micro bursts will manifest in the form of ignores and/ or overruns (also shown as accumulated in quot;input

errorquot; counter within show interface output). This is indicative of receive ring and corresponding packet buffer being overwhelmed due to data bursts coming in over extremely short period of time (microseconds). You will never see a sustained data traffic within show interface#39;s quot;input ratequot; counter as they are averaging bits per second (bps) over 5 minutes by default (way too long to account for microbursts). You can understand microbursts from a scenario where a 3-lane highway merging into a single lane at rush hour – the capacity burst cannot exceed the total available bandwidth (i.e. single lane), but it can saturate it for a period of time.

Reference: http://ccieordie.com/?tag=micro-burst

Question No.27

Refer to the exhibit. If a port is configured as shown and receives an untagged frame, of which VLAN will the untagged frame be a member?


  1. VLAN 1

  2. VLAN 2

  3. VLAN 3

  4. VLAN 4

Correct Answer: B Explanation: When typing:

Switch(config-if)#switchport mode ?

access Set trunking mode to ACCESS unconditionally

dynamic Set trunking mode to dynamically negotiate access or trunk mode trunk Set trunking mode to TRUNK unconditionally


Switch(config-if)#switchport mode dynamic ?

auto Set trunking mode dynamic negotiation parameter to AUTO

desirable Set trunking mode dynamic negotiation parameter to DESIRABLE So if we configure Fa0/1 as dynamic auto mode, it will not initiate any negotitation but waiting for the other end negotiate to be a trunk with DTP. If the other end does not ask it to become a trunk then it will become an access port. Therefore when using the quot;show interface fastEthernet0/1 switchportquot; command we will see two output lines quot;Administrative Mode. dynamic autoquot; and quot;Operational Mode. static accessquot;

Note. To set this port to VLAN 2 as the output above just use one additional command. switchport access vlan 2.

Now back to our question, from the output we see that Fa0/1 is operating as an access port on VLAN 2 so if it receive untagged frame it will suppose that frame is coming from VLAN 2.

Question No.28

Which two statements about the function of the stub feature in EIGRP are true? (Choose two.)

  1. It stops the stub router from sending queries to peers.

  2. It stops the hub router from sending queries to the stub router.

  3. It stops the stub router from propagating dynamically learned EIGRP prefixes to the hub routers.

  4. It stops the hub router from propagating dynamically learned EIGRP prefixes to the stub routers.

Correct Answer: BC


When using the EIGRP Stub Routing feature, you need to configure the distribution and remote routers to use EIGRP, and to configure only the remote router as a stub. Only specified routes are propagated from the remote (stub) router. The router responds to queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message quot;inaccessible.quot; A router that is configured as a stub will send a special peer information packet to all neighboring routers to report its status as a stub router. Without the stub feature, even after the routes that are sent from the distribution router to the remote router have been filtered or summarized, a problem might occur. If a route is lost somewhere in the corporate network, EIGRP could send a query to the distribution router, which in turn will send a query to the remote router even if routes are being summarized. If there is a problem communicating over the WAN link between the distribution router and the remote router, an EIGRP stuck in active (SIA) condition could occur and cause instability elsewhere in the network. The EIGRP Stub Routing feature allows a network administrator to prevent queries from being sent to the remote router.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/eigrpstb.html

Question No.29

Refer to the exhibit. You discover that only 1.5 Mb/s of web traffic can pass during times of congestion on the given network. Which two options are possible reasons for this limitation? (Choose two.)


  1. The web traffic class has too little bandwidth reservation.

  2. Video traffic is using too much bandwidth.

  3. The service-policy is on the wrong interface.

  4. The service-policy is going in the wrong direction.

  5. The NAT policy is adding too much overhead.

Correct Answer: AB


In this example, the web traffic will fall into the default class, which is only 15 percent of the 10Mbps Internet connection (1.5Mbps). Meanwhile, video traffic is allowed 50% of the 10 Mbps.

Question No.30

In GETVPN, which key is used to secure the control plane?

  1. Traffic Encryption Key (TEK)

  2. content encryption key (CEK)

  3. message encryption key (MEK)

  4. Key Encryption Key (KEK).

Correct Answer: D


GDOI introduces two different encryption keys. One key secures the GET VPN control plane; the other key secures the data traffic. The key used to secure the control plane is commonly called

the Key Encryption Key (KEK), and the key used to encrypt data traffic is known as Traffic Encryption Key (TEK).

Reference: Group Encrypted Transport VPN (Get VPN) Design and Implementation Guide PDF

Get Full Version of the Exam
400-101 Dumps
400-101 VCE and PDF

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by WordPress