gives you everything youll want to prepare to the Cisco 400-101 actual exam. The Cisco 400-101 practice questions and answers are researched and produced by our specialized IT specialists. Pass4sures Cisco Cisco exam demos will help you obtain certified as well as save your time and money. All of us provide a new discounted price pertaining to all the Cisco exam products. So start off right absent and get the particular Cisco certification as before long as achievable.

2017 Apr 400-101 simulations

Q101. Which two Cisco IOS AAA features are available with the local database? (Choose two.) 

A. command authorization 

B. network access authorization 

C. network accounting 

D. network access authentication 

Answer: A,D 


Configuring the Local Database 

This section describes how to manage users in the local database. You can use the local database for CLI access authentication, privileged mode authentication, command authorization, network access authentication, and VPN authentication and authorization. You cannot use the local database for network access authorization. The local database does not support accounting. 

Reference: tml 

Q102. Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency is not forming. Which two options are possible reasons that prevent OSPFv3 to form between these two routers? (Choose two.) 

A. mismatch of subnet masks 

B. mismatch of network types 

C. mismatch of authentication types 

D. mismatch of instance IDs 

E. mismatch of area types 

Answer: D,E 


An OSPFv3 interface must have a compatible configuration with a remote interface before the two can be considered neighbors. The two OSPFv3 interfaces must match the following criteria: 

. Hello interval 

. Dead interval 

. Area ID 

. Optional capabilities 

The OSPFv3 header includes an instance ID field to identify that OSPFv3 packet for a particular OSPFv3 instance. You can assign the OSPFv3 instance. The interface drops all OSPFv3 packets that do not have a matching OSPFv3 instance ID in the packet header. 


Q103. Which statement is true about conditional advertisements? 

A. Conditional advertisements create routes when a predefined condition is met. 

B. Conditional advertisements create routes when a predefined condition is not met. 

C. Conditional advertisements delete routes when a predefined condition is met. 

D. Conditional advertisements create routes and withhold them until a predefined condition is met. 

E. Conditional advertisements do not create routes, they only withhold them until a predefined condition is met. 



The Border Gateway Protocol (BGP) conditional advertisement feature provides additional control of route advertisement, depending on the existence of other prefixes in the BGP table. Normally, routes are propagated regardless of the existence of a different path. The BGP conditional advertisement feature uses the non-exist-map and the advertise-map keywords of the neighbor advertise-map command in order to track routes by the route prefix. If a route prefix is not present in output of the non-exist-map command, then the route specified by the advertise-map command is announced. This feature is useful for multihomed networks, in which some prefixes are advertised to one of the providers only if information from the other provider is not present (this indicates a failure in the peering session or partial reachability). 


Q104. Which regular expression will match prefixes from the AS 200 that is directly connected to our AS? 

A. ^$ 

B. ^200) 

C. _200$ 

D. _200_ 

E. ^200_ 



Table 2 

Commonly Used Regular Expressions 





Locally originated routes 


Learned from autonomous system 100 


Originated in autonomous system 100 


Any instance of autonomous system 100 


Directly connected autonomous system paths 

Reference: ok/tsv_reg_express.html 

Q105. Refer to the exhibit. 

You are bringing a new MPLS router online and have configured only what is shown to bring LDP up. Assume that the peer has been configured in a similar manner. You verify the LDP peer state and see that there are no neighbors. What will the output of show mpls ldp discovery show? 

A. Interfaces: 

Ethernet0/0 (ldp): xmit 

B. Interfaces: 

Ethernet0/0 (ldp): xmit/recv 

LDP Id:; IP addr: 

C. Interfaces: 

Ethernet0/0 (ldp): xmit/recv 

LDP Id:; no route 

D. Interfaces: 

Ethernet0/0 (ldp): xmit/recv 

LDP Id:; no route 


Updated 400-101 test questions:

Q106. Which two are features of DMVPN? (Choose two.) 

A. It does not support spoke routers behind dynamic NAT. 

B. It requires IPsec encryption. 

C. It only supports remote peers with statically assigned addresses. 

D. It supports multicast traffic. 

E. It offers configuration reduction. 

Answer: D,E 


DMVPN Hub-and-spoke deployment model: In this traditional topology, remote sites (spokes) are aggregated into a headend VPN device at the corporate headquarters (hub). Traffic from any remote site to other remote sites would need to pass through the headend device. Cisco DMVPN supports dynamic routing, QoS, and IP Multicast while significantly reducing the configuration effort. 


Q107. Refer to the exhibit. 

Which statement is true? 

A. The output shows an IPv6 multicast address with link-local scope. 

B. The output shows an IPv6 multicast address that is used for unique local sources only. 

C. The output shows an IPv6 multicast address that can be used for BIDIR-PIM only. 

D. The output shows an IPv6 multicast address with embedded RP. 


Q108. How is the MRU for a multilink bundle determined? 

A. It is negotiated by LCP. 

B. It is manually configured on the multilink bundle. 

C. It is manually configured on all physical interfaces of a multilink bundle. 

D. It is negotiated by NCP. 

E. It is negotiated by IPCP. 


Q109. Which two statements about the ipv6 ospf authentication command are true? (Choose two.) 

A. The command is required if you implement the IPsec AH header. 

B. The command configures an SPI. 

C. The command is required if you implement the IPsec TLV. 

D. The command can be used in conjunction with the SPI authentication algorithm. 

E. The command must be configured under the OSPFv3 process. 

Answer: A,B 


OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP extension headers can be used to provide authentication and confidentiality to OSPFv3. To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be applied alone or in combination with the AH, and when ESP is used, both encryption and authentication are provided. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you. 


Q110. How does having an EIGRP feasible successor speed up convergence? 

A. EIGRP sends queries only if there is a feasible successor, which decreases the number of routers that are involved in convergence. 

B. EIGRP sends queries only if there is not a feasible successor, which causes less control traffic to compete with data. 

C. EIGRP immediately installs the loop-free alternative path in the RIB. 

D. EIGRP preinstalls the feasible successor in the RIB in all cases, which causes traffic to switch more quickly. 



Feasible Successor 

. A next-hop router that serves as backup to the current successor. 

. The condition is that the said router’s AD (or RD) is less than the FD of the current successor route. 

. Once the feasible successor is selected, they are placed in the topology table. If a change in topology occurs which requires a new route, DUAL looks for the feasible successor and uses it as new route immediately, resulting in fast convergence.