Breathing of 400-101 download materials and discount pack for Cisco certification for customers, Real Success Guaranteed with Updated 400-101 pdf dumps vce Materials. 100% PASS CCIE Routing and Switching (v5.0) exam Today!

2016 Jun 400-101 Study Guide Questions:

Q441. Which two statements about logging are true? (Choose two.) 

A. Log messages are sent to the console port by default. 

B. Log messages are displayed in a Telnet session by default. 

C. Interface status changes are logged at the Notification level. 

D. Interface status changes are logged at the Informational level. 

E. System restart messages are logged at the Critical level. 

F. Reload requests are logged at the Notification level. 

Answer: A,C 


By default, switches send the output from system messages and debug privileged EXEC commands to a logging process. The logging process controls the distribution of logging messages to various destinations, such as the logging buffer, terminal lines, or a UNIX syslog server, depending on your configuration. The process also sends messages to the console. 

Table 29-3 Message Logging Level Keywords 

Level Keyword 



Syslog Definition 


System unstable 



Immediate action needed 



Critical conditions 



Error conditions



Warning conditions 



Normal but significant condition 



Informational messages only 



Debugging messages 


The software generates four other categories of messages: 

. Error messages about software or hardware malfunctions, displayed at levels warnings through emergencies. These types of messages mean that the functionality of the switch is affected. For information on how to recover from these malfunctions, see the system message guide for this release. 

. Output from the debug commands, displayed at the debugging level. Debug commands are typically used only by the Technical Assistance Center. 

Interface up or down transitions and system restart messages, displayed at the notifications level. This message is only for information; switch functionality is not affected. 

. Reload requests and low-process stack messages, displayed at the informational level. This message is only for information; switch functionality is not affected. 



Q442. What is the maximum number of classes that MQC can support in a single policy map? 

A. 512 

B. 256 

C. 128 

D. 64 

Answer: B 

Q443. Which additional feature must be enabled on a switch to allow PIM snooping to function correctly? 

A. IGMP snooping 

B. port security 

C. storm control 

D. dynamic ARP inspection 

Answer: A 

400-101 free question

Most recent passed 400-101:

Q444. Refer to the exhibit. 

IPv6 SLAAC clients that are connected to the router are unable to acquire IPv6 addresses. What is the reason for this issue? 

A. Router advertisements are not sent by the router. 

B. Duplicate address detection is disabled but is required on multiaccess networks. 

C. The interface is configured to support DHCPv6 clients only. 

D. The configured interface MTU is too low for IPv6 to be operational. 

Answer: A 

Q445. In a network where a Layer 2 switch interconnects several routers, which feature restricts multicast packets for each IP multicast group to only those mulicast router ports that have downstream receivers joined to that group? 

A. PIM snooping 

B. IGMP snooping 

C. IGMP filter 

D. IGMP proxy 

Answer: A 


In networks where a Layer 2 switch interconnects several routers, such as an Internet exchange point (IXP), the switch floods IP multicast packets on all multicast router ports by default, even if there are no multicast receivers downstream. With PIM snooping enabled, the switch restricts multicast packets for each IP multicast group to only those multicast router ports that have downstream receivers joined to that group. When you enable PIM snooping, the switch learns which multicast router ports need to receive the multicast traffic within a specific VLAN by listening to the PIM hello messages, PIM join and prune messages, and bidirectional PIM designated forwarder-election messages. 


Q446. Which two statements are true about an EVPL? (Choose two.) 

A. It has a high degree of transparency. 

B. It does not allow for service multiplexing. 

C. The EVPL service is also referred to as E-line. 

D. It is a point-to-point Ethernet connection between a pair of UNIs. 

Answer: C,D 


Following the MEF approach, the services that comprise the Metro Ethernet (ME) solution can be classified into the following two general categories: 

. Point-to-point (PtP) — A single point-to-point Ethernet circuit provisioned between two User Network Interfaces (UNIs). 

. Multipoint-to-multipoint (MPtMP) — A single multipoint-to-multipoint Ethernet circuit provisioned between two or more UNIs. When there are only two UNIs in the circuit, more UNIs can be added to the same Ethernet virtual connection if required, which distinguishes this from the point-to-point type. In the MEF terminology, this maps to the following Ethernet service types: 

. Ethernet Line Service Type (E-Line) — Point-to-point Ethernet service 

. Ethernet LAN Service Type (E-LAN) — Multipoint-to-multipoint Ethernet service 

Reference: lusters/HA_ME3_6.pdf 

400-101 free exam

Certified 400-101 error:

Q447. Which two statements are true about IPv6 multicast? (Choose two.) 

A. Receivers interested in IPv6 multicast traffic use IGMPv6 to signal their interest in the IPv6 multicast group. 

B. The PIM router with the lowest IPv6 address becomes the DR for the LAN. 

C. An IPv6 multicast address is an IPv6 address that has a prefix of FF00::/8. 

D. The IPv6 all-routers multicast group is FF02:0:0:0:0:0:0:2. 

Answer: C,D 


Multicast addresses in IPv6 have the prefix ff00::/8. 

Well-known IPv6 multicast addresses 




All nodes on the local network segment 


All routers on the local network segment 


Q448. Which VPN technology requires the use of an external key server? 





E. IPsec F. L2TPv3 

Answer: A 


A GETVPN deployment has primarily three components, Key Server (KS), Group Member (GM), and Group Domain of Interpretation (GDOI) protocol. GMs do encrypt/decrypt the traffic and KS distribute the encryption key to all the group members. The KS decides on one single data encryption key for a given life time. Since all GMs use the same key, any GM can decrypt the traffic encrypted by any other GM. GDOI protocol is used between the GM and KS for group key and group SA management. Minimum one KS is required for a GETVPN deployment. 


Q449. Which technology can create a filter for an embedded packet capture? 

A. Control plane policing 

B. Access lists 


D. Traffic shaping 

Answer: B 


A filter can be applied to limit the capture to desired traffic. Define an Access Control List (ACL) within config mode and apply the filter to the buffer: 

ip access-list extended BUF-FILTER 

permit ip host host 

permit ip host host 

monitor capture buffer BUF filter access-list BUF-FILTER 


Q450. What is a key advantage of Cisco GET VPN over DMVPN? 

A. Cisco GET VPN provides zero-touch deployment of IPSEC VPNs. 

B. Cisco GET VPN supports certificate authentication for tunnel establishment. 

C. Cisco GET VPN has a better anti-replay mechanism. 

D. Cisco GET VPN does not require a secondary overlay routing infrastructure. 

Answer: D 


DMVPN requires overlaying a secondary routing infrastructure through the tunnels, which results in suboptimal routing while the dynamic tunnels are built. The overlay routing topology also reduces the inherent scalability of the underlying IP VPN network topology. Traditional point-to-point IPsec tunneling solutions suffer from multicast replication issues because multicast replication must be performed before tunnel encapsulation and encryption at the IPsec CE (customer edge) router closest to the multicast source. Multicast replication cannot be performed in the provider network because encapsulated multicasts appear to the core network as unicast data. Cisco’s Group Encrypted Transport VPN (GET VPN) introduces the concept of a trusted group to eliminate point-to-point tunnels and their associated overlay routing. All group members (GMs) share a common security association (SA), also known as a group SA. This enables GMs to decrypt traffic that was encrypted by any other GM. (Note that IPsec CE acts as a GM.) In GET VPN networks, there is no need to negotiate point-to- point IPsec tunnels between the members of a group, because GET VPN is “tunnel-less.” 

Reference: Group Encrypted Transport VPN (Get VPN) Design and Implementation Guide PDF