Top Tips Of 400-101 braindumps

Q151. In the DiffServ model, which class represents the lowest priority with the highest drop probability? 

A. AF11 

B. AF13 

C. AF41 

D. AF43 

Answer: B 

Explanation: 

Assured Forwarding (AF) Behavior Group 

Class 1 

Class 2 

Class 3 

Class 4 

Low Drop 

AF11 (DSCP 10) 

AF21 (DSCP 18) 

AF31 (DSCP 26) 

AF41 (DSCP 34) 

Med Drop 

AF12 (DSCP 12) 

AF22 (DSCP 20) 

AF32 (DSCP 28) 

AF42 (DSCP 36) 

High Drop 

AF13 (DSCP 14) 

AF23 (DSCP 22) 

AF33 (DSCP 30) 

AF43 (DSCP 38) 

Reference: http://en.wikipedia.org/wiki/Differentiated_services 

Q152. Refer to the exhibit. 

A Cisco Catalyst 6500 Series Switch experiences high CPU utilization. What can be the cause of this issue, and how can it be prevented? 

A. The hardware routing table is full. Redistribute from BGP into IGP. 

B. The software routing table is full. Redistribute from BGP into IGP. 

C. The hardware routing table is full. Reduce the number of routes in the routing table. 

D. The software routing table is full. Reduce the number of routes in the routing table. 

Answer: C 

Explanation: 

FIB TCAM Exception - If you try to install more routes than are possible into the FIB TCAM you will see the following error message in the logs: 

CFIB-SP-STBY-7-CFIB_EXCEPTION : FIB TCAM exception, Some entries will be software switched 

%CFIB-SP-7-CFIB_EXCEPTION : FIB TCAM exception, Some entries will be software switched. 

%CFIB-SP-STBY-7-CFIB_EXCEPTION : FIB TCAM exception, Some entries will be software switched. 

This error message is received when the amount of available space in the TCAM is exceeded. This results in high CPU. This is a FIB TCAM limitation. Once TCAM is full, a flag will be set and FIB TCAM exception is received. This stops from adding new routes to the TCAM. Therefore, everything will be software switched. The removal of routes does not help resume hardware switching. Once the TCAM enters the exception state, the system must be reloaded to get out of that state. You can view if you have hit a FIB TCAM exception with the following command: 

6500-2#sh mls cef exception status 

Current IPv4 FIB exception state = TRUE 

Current IPv6 FIB exception state = FALSE 

Current MPLS FIB exception state = FALSE 

When the exception state is TRUE, the FIB TCAM has hit an exception. 

The maximum routes that can be installed in TCAM is increased by the mls cef maximum-routes command. 

Reference: https://supportforums.cisco.com/document/59926/troubleshooting-high-cpu-6500-sup720 

Q153. Which technology can MSDP SA filters use to filter traffic? 

A. route maps 

B. community lists 

C. prefix lists 

D. class maps 

Answer: A 

Q154. Which BGP feature allows BGP routing tables to be refreshed without impacting established BGP sessions? 

A. BGP synchronization 

B. soft reconfiguration 

C. confederations 

D. hard reset 

Answer: B 

Explanation: 

Clearing a BGP session using a hard reset invalidates the cache and results in a negative impact on the operation of networks as the information in the cache becomes unavailable. Soft reset is recommended because it allows routing tables to be reconfigured and activated without clearing the BGP session. Soft reset is done on a per-neighbor basis. 

Reference: http://www.cisco.com/en/US/products/ps6599/products_data_sheet09186a0080087b3a.ht ml 

Q155. Refer to the exhibit. 

Which configuration can you implement on PE-1 to allow CE-1 to receive delegated IPv6 prefixes? 

A) 

B) 

C) 

D) 

E) 

A. Exhibit A 

B. Exhibit B 

C. Exhibit C 

D. Exhibit D 

E. Exhibit E 

Answer: A 

Q156. Refer to the exhibit. 

For which reason could a BGP-speaking device in autonomous system 65534 be prevented from installing the given route in its BGP table? 

A. The AS number of the BGP is specified in the given AS_PATH. 

B. The origin of the given route is unknown. 

C. BGP is designed only for publicly routed addresses. 

D. The AS_PATH for the specified prefix exceeds the maximum number of ASs allowed. 

E. BGP does not allow the AS number 65535. 

Answer: A 

Explanation: 

BGP is considered to be a 'Path Vector' routing protocol rather than a distance vector routing protocol since it utilises a list of AS numbers to describe the path that a packet should take. This list is called the AS_PATH. Loops are prevented because if a BGP speaking router sees it's own AS in the AS_PATH of a route it rejects the route. 

Q157. Which statement is true about trunking? 

A. Cisco switches that run PVST+ do not transmit BPDUs on nonnative VLANs when using a dot1q trunk. 

B. When removing VLAN 1 from a trunk, management traffic such as CDP is no longer passed in that VLAN. 

C. DTP only supports autonegotiation on 802.1q and does not support autonegotiation for ISL. 

D. DTP is a point-to-point protocol. 

Answer: D 

Explanation: 

Ethernet trunk interfaces support different trunking modes. You can set an interface as trunking or nontrunking or to negotiate trunking with the neighboring interface. To autonegotiate trunking, the interfaces must be in the same VTP domain. Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which is a Point-to-Point Protocol. However, some internetworking devices might forward DTP frames improperly, which could cause misconfigurations. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swvlan.html 

Q158. Which authentication method does OSPFv3 use to secure communication between neighbors? 

A. plaintext 

B. MD5 HMAC 

C. PKI 

D. IPSec 

Answer: D 

Explanation: 

In order to ensure that OSPFv3 packets are not altered and re-sent to the device, causing the device to behave in a way not desired by its system administrators, OSPFv3 packets must be authenticated. OSPFv3 uses the IPsec secure socket API to add authentication to OSPFv3 packets. This API supports IPv6. OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html 

Q159. Refer to the exhibit. 

Which statement is true about the downward bit? 

A. It forces the CE router to use a backup link instead of sending traffic via MPLS VPN. 

B. It informs the PE router that the LSA metric has been recently decreased to 1 and that partial SPF calculation cannot be delayed. 

C. It forces the CE router to install the LSA with the downward bit set into its routing table as a discard route. 

D. It informs the PE router that the LSA was already redistributed into BGP by another PE router and that the LSA must not be redistributed into BGP again. 

Answer: D 

Explanation: 

From RFC 4577, specifically section 4.2.5.1 

When a type 3 LSA is sent from a PE router to a CE router, the DN bit [OSPF-DN] in the LSA Options field MUST be set. This is used to ensure that if any CE router sends this type 3 LSA to a PE router, the PE router will not redistribute it further. 

When a PE router needs to distribute to a CE router a route that comes from a site outside the latter’s OSPF domain, the PE router presents itself as an ASBR (Autonomous System Border Router), and distributes the route in a type 5 LSA. The DN bit [OSPF-DN] MUST be set in these LSAs to ensure that they will be ignored by any other PE routers that receive them. 

Q160. Which two statements about IPsec VTI implementation are true? (Choose two.) 

A. The IKE SA can be bound to the VTI and the crypto map. 

B. The transform set can be configured only in tunnel mode. 

C. SVTIs support only a single IPsec SA. 

D. SVTIs support IPv4 packets that carry IPv6 packets. 

Answer: B,C