Want to know Pass4sure 400-101 Exam practice test features? Want to lear more about Cisco CCIE Routing and Switching (v5.0) certification experience? Study Tested Cisco 400-101 answers to Renewal 400-101 questions at Pass4sure. Gat a success with an absolute guarantee to pass Cisco 400-101 (CCIE Routing and Switching (v5.0)) test on your first attempt.

2016 Jul actualtest 400-101:

Q91. Refer to the exhibit. 

How can Router X in AS70000 peer with Router Y in AS65000, in case Router Y supports only 2-byte ASNs? 

A. Router X should be configured with a remove-private-as command, because this will establish the peering session with a random private 2-byte ASN. 

B. It is not possible. Router Y must be upgraded to an image that supports 4-byte ASN. 

C. Router Y should be configured with a 4-byte AS using the local-as command. 

D. Router X should be configured with a 2-byte AS using the local-as command. 

Answer: D 


Since router Y does not support 4-byte ASN,s it will not understand any AS numbers larger than 65535, so router X should use the local-as command on the peering statement to router Y to so that it sends in a 2-byte ASN to router Y. 

Q92. What is the function of an EIGRP sequence TLV packet? 

A. to acknowledge a set of sequence numbers during the startup update process 

B. to list the peers that should listen to the next multicast packet during the reliable multicast process 

C. to list the peers that should not listen to the next multicast packet during the reliable multicast process 

D. to define the initial sequence number when bringing up a new peer 

Answer: C 


EIGRP sends updates and other information between routers using multicast packets to For example in the topology below, R1 made a change in the topology and it needs to send updates to R2 & R3. It sends multicast packets to EIGRP multicast address Both R2 & R3 can receive the updates and acknowledge back to R1 using unicast. Simple, right? But what if R1 sends out updates, only R2 replies but R3 never does? In the case a router sends out a multicast packet that must be reliable delivered (like in this case), an EIGRP process will wait until the RTO (retransmission timeout) period has passed before beginning a recovery action. This period is calculated from the SRTT (smooth round-trip time). After R1 sends out updates it will wait for this period to expire. Then it makes a list of all the neighbors from which it did not receive an Acknowledgement (ACK). Next it sends out a packet telling these routers stop listening to multicast until they are been notified that it is safe again. Finally the router will begin sending unicast packets with the information to the routers that didn’t answer, continuing until they are caught up. In our example the process will be like this: 

1. R1 sends out updates to 

2. R2 responds but R3 does not 

3. R1 waits for the RTO period to expire 

4. R1 then sends out an unreliable-multicast packet, called a sequence TLV (Type-Length-Value) packet, which tells R3 not to listen to multicast packets any more 

5. R1 continues sending any other muticast traffic it has and delivering all traffic, using unicast to R3, until it acknowledges all the packets 

6. Once R3 has caught up, R1 will send another sequence TLV, telling R3 to begin listening to multicast again. The sequence TLV packet contains a list of the nodes that should not listen to multicast packets while the recovery takes place. But notice that the TLV packet in step 6 does not contain any nodes in the list. 

Note. In the case R3 still does not reply in step 4, R1 will attempt to retransmit the unicast 16 times or continue to retransmit until the hold time for the neighbor in question expires. After this time, R1 will declare a retransmission limit exceeded error and will reset the neighbor. 

(Reference: EIGRP for IP: Basic Operation and Configuration) 

Q93. EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy rollover from an old key to a new key. Which two statements are true regarding the usage of multiple authentication keys? (Choose two.) 

A. Received packets are authenticated by the key with the smallest key ID. 

B. Sent packets are authenticated by all valid keys, which means that each packet is replicated as many times as the number of existing valid keys. 

C. Received packets are authenticated by any valid key that is chosen. 

D. Sent packets are authenticated by the key with the smallest key ID. 

Answer: C,D 


Suppose two routers are connected with each other via Fa0/0 interfaces and they are configured to authenticate via MD5. Below is a simple configuration on both routers so that they will work: 

Router1(config)#key chain KeyChainR1 

Router1(config-keychain)#key 1 

Router1(config-keychain-key)#key-string FirstKey 

Router1(config-keychain-key)#key 2 

Router1(config-keychain-key)#key-string SecondKey 

Router2(config)#key chain KeyChainR2 

Router2(config-keychain)#key 1 

Router2(config-keychain-key)#key-string FirstKey 

Router2(config-keychain-key)#key 2 

Router2(config-keychain-key)#key-string SecondKey 

Apply these key chains to R1 & R2: 

Router1(config)#interface fastEthernet 0/0 

Router1(config-if)#ip authentication mode eigrp 1 md5 

Router1(config-if)#ip authentication key-chain eigrp 1 KeyChainR1 

Router2(config)#interface fastEthernet 0/0 

Router2(config-if)#ip authentication mode eigrp 1 md5 

Router2(config-if)#ip authentication key-chain eigrp 1 KeyChainR2 

There are some rules to configure MD5 authentication with EIGRP: 

+ The key chain names on two routers do not have to match (in this case the name “KeyChainR1 & “KeyChainR2 do not match) 

+ The key number and key-string on the two potential neighbors must match (for example “key 1 & “key-string FirstKey” must match on “key 1” & “key-string FirstKey” of neighboring router) Also some facts about MD5 authentication with EIGRP 

+ When sending EIGRP messages the lowest valid key number is used -> D is correct. 

+ When receving EIGRP messages all currently configured valid keys are verified but the lowest valid one will be used -> Although answer C does not totally mention like that but it is the most suitable answer because A and B are totally wrong. Answer A is not correct because we need valid key to authenticate. As mentioned above, although answer C is not totally correct but it puts some light on why 

answer B is not correct: each packet is NOT “replicated as many times as the number of existing valid keys”. All currently configured valid keys are verified but the lowest valid one will be used. 

Q94. Which cache aggregation scheme is supported by NetFlow ToS-based router aggregation? 

A. prefix-port 

B. AS 

C. protocol port 

D. destination prefix 

Answer: A 

Q95. Refer to the exhibit. 

A PE router is configured with a policy map that contains the policer shown. The policy map is configured in the inbound direction of an interface facing a CE router. If the PE router 

receives 12Mb/s of traffic with the CoS value set to 7 on a 100-Mb/s interface from the CE router, what value of MPLS EXP is set when this traffic goes through the policer shown? 

A. 0 

B. 6 

C. 7 

D. 8 

Answer: B 


Here, the policer is set where the conforming traffic is set to 10 percent of the 100 Mbps interface, so anything more than 10 Mbps will be placed into the exceeding traffic class, the traffic EXP value will be changed from 7 to 6 per the configuration. 

400-101 free practice questions

Avant-garde ccie written 400-101:

Q96. Which statement about the overload bit in IS-IS is true? 

A. The IS-IS adjacencies on the links for which the overload bit is set are brought down. 

B. Routers running SPF ignore LSPs with the overload bit set and hence avoid blackholing traffic. 

C. A router setting the overload bit becomes unreachable to all other routers in the IS-IS area. 

D. The overload bit in IS-IS is used only for external prefixes. 

Answer: B 


The OL bit is used to prevent unintentional blackholing of packets in BGP transit networks. Due to the nature of these protocols, IS-IS and OSPF converge must faster than BGP. Thus there is a possibility that while the IGP has converged, IBGP is still learning the routes. In that case if other IBGP routers start sending traffic towards this IBGP router that has not yet completely converged it will start dropping traffic. This is because it isnt yet aware of the complete BGP routes. OL bit comes handy in such situations. When a new IBGP neighbor is added or a router restarts, the IS-IS OL bit is set. Since directly connected (including loopbacks) addresses on an “overloaded” router are considered by other routers, IBGP can be bought up and can begin exchanging routes. Other routers will not use this router for transit traffic and will route the packets out through an alternate path. Once BGP has converged, the OL bit is cleared and this router can begin forwarding transit traffic. 

Reference: https://routingfreak.wordpress.com/category/ospf-vs-is-is/ 

Q97. Like OSPFv2, OSPFv3 supports virtual links. Which two statements are true about the IPv6 address of a virtual neighbor? (Choose two.) 

A. It is the link-local address, and it is discovered by examining the hello packets received from the virtual neighbor. 

B. It is the link-local address, and it is discovered by examining link LSA received by the virtual neighbor. 

C. It is the global scope address, and it is discovered by examining the router LSAs received by the virtual neighbor. 

D. Only prefixes with the LA-bit not set can be used as a virtual neighbor address. 

E. It is the global scope address, and it is discovered by examining the intra-area-prefix-LSAs received by the virtual neighbor. 

F. Only prefixes with the LA-bit set can be used as a virtual neighbor address. 

Answer: E,F 


OSPF for IPv6 assumes that each router has been assigned link-local unicast addresses on each of the router's attached physical links. On all OSPF interfaces except virtual links, OSPF packets are sent using the interface's associated link-local unicast address as the source address. A router learns the link-local addresses of all other routers attached to its links and uses these addresses as next-hop information during packet forwarding. On virtual links, a global scope IPv6 address MUST be used as the source address for OSPF protocol packets. The collection of intra-area-prefix-LSAs originated by the virtual neighbor is examined, with the virtual neighbor's IP address being set to the first prefix encountered with the LA-bit set. 

Reference: https://tools.ietf.org/html/rfc5340 

Q98. Which Layer 2 tunneling technique eliminates the need for pseudowires? 


B. L2TPv3 

C. AToM 


Answer: A 

Q99. Which two statements are true about OTV? (Choose two.) 

A. It relies on flooding to propagate MAC address reachability information. 

B. It uses a full mesh of point-to-multipoint tunnels to prevent head-end replication of multicast traffic. 

C. It can work over any transport that can forward IP packets. 

D. It supports automatic detection of multihoming. 

Answer: C,D 


The overlay nature of OTV allows it to work over any transport as long as this transport can forward IP packets. Any optimizations performed for IP in the transport will benefit the OTV encapsulated traffic. As part of the OTV control protocol, automatic detection of multihoming is included. This feature enables the multihoming of sites without requiring additional configuration or protocols 

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white_paper_c11-574984.html 

Q100. Refer to the exhibit. 

Which device role could have generated this debug output? 

A. an NHS only 

B. an NHC only 

C. an NHS or an NHC 

D. a DMVPN hub router 

Answer: B 


NHRP works off a server/client relationship, where the NHRP clients (let’s call them next hop clients/NHCs) register with their next hop server (NHS), it’s the responsibility of the NHS to track all of its NHCs this is done with registration request and reply packets. Here we see a registration request, which can only be sent by an NHC.