It is more faster and easier to pass the Cisco ccie 400 101 exam by using Tested Cisco CCIE Routing and Switching (v5.0) questuins and answers. Immediate access to the Update ccie 400 101 Exam and find the same core area 400 101 vce questions with professionally verified answers, then PASS your exam with a high score now.

Q361. Which statement is true regarding the UDP checksum? 

A. It is used for congestion control. 

B. It cannot be all zeros. 

C. It is used by some Internet worms to hide their propagation. 

D. It is computed based on the IP pseudo-header. 



The method used to compute the checksum is defined in RFC 768: “Checksum is the 16-bit one's complement of the one's complement sum of a pseudo header of information from the IP header, the UDP header, and the data, padded with zero octets at the end (if necessary) to make a multiple of two octets.” In other words, all 16-bit words are summed using one's complement arithmetic. Add the 16-bit values up. Each time a carry-out (17th bit) is produced, swing that bit around and add it back into the least significant bit. The sum is then one's complemented to yield the value of the UDP checksum field. If the checksum calculation results in the value zero (all 16 bits 0) it should be sent as the one's complement (all 1s). 


Q362. What are the three HDLC operating modes? (Choose three.) 

A. normal response 

B. asynchronous balanced 

C. synchronous response 

D. asynchronous response 

E. normal balanced 

F. synchronous balanced 

Answer: A,B,D 

Q363. Which three statements are functions that are performed by IKE phase 1? (Choose three.) 

A. It builds a secure tunnel to negotiate IKE phase 1 parameters. 

B. It establishes IPsec security associations. 

C. It authenticates the identities of the IPsec peers. 

D. It protects the IKE exchange by negotiating a matching IKE SA policy. 

E. It protects the identities of IPsec peers. 

F. It negotiates IPsec SA parameters. 

Answer: C,D,E 


The basic purpose of IKE phase 1 is to authenticate the IPSec peers and to set up a secure channel between the peers to enable IKE exchanges. IKE phase 1 performs the following functions: 

. Authenticates and protects the identities of the IPSec peers 

. Negotiates a matching IKE SA policy between peers to protect the IKE exchange 

. Performs an authenticated Diffie-Hellman exchange with the end result of having matching shared secret keys 

. Sets up a secure tunnel to negotiate IKE phase 2 parameters 


Q364. Which two statements about the MAC address table space are true? (Choose two.) 

A. You can disable learning on a VLAN to reduce table-space requirements. 

B. When you disable learning on a VLAN with an SVI, IP packet flooding in the Layer 2 domain is also disabled. 

C. Unicast, multicast, and broadcast MAC address filtering is configured globally and disabled by default. 

D. The default setting for static MAC addresses to age out of the MAC address table is 300 seconds. 

E. Turning off MAC learning on VLANs 900 through 1005 disables learning on VLANs 900 through 1001. 

Answer: A,E 


Drag and drop the multiprotocol BGP feature on the left to the corresponding description on the right. 


Q366. Which statement about shaped round robin queuing is true? 

A. Queues with higher configured weights are serviced first. 

B. The device waits a period of time, set by the configured weight, before servicing the next queue. 

C. The device services a single queue completely before moving on to the next queue. 

D. Shaped mode is available on both the ingress and egress queues. 



SRR is scheduling service for specifying the rate at which packets are dequeued. With SRR there are two modes, shaped and shared. Shaped mode is only available on the egress queues SRR differs from typical WRR. With WRR queues are serviced based on the weight. Q1 is serviced for weight 1 period of time, Q2 is served for weight 2 period of time, and so forth. 

The servicing mechanism works by moving from queue to queue and services them for the weighted amount of time. With SRR weights are still followed; however, SRR services Q1, moves to Q2, then Q3 and Q4 in a different way. It does not wait at and service each queue for a weighted amount of time before moving on to the next queue. Instead, SRR makes several rapid passes at the queues; in each pass, each queue might or might not be serviced. For each given pass, the more highly weighted queues are more likely to be serviced than the lower priority queues. 


Q367. Which three statements about DMVPN are true? (Choose three.) 

A. It facilitates zero-touch configuration for addition of new spokes. 

B. It supports dynamically addressed spokes using DHCP. 

C. It features automatic IPsec triggering for building an IPsec tunnel. 

D. It requires uses of IPsec to build the DMVPN cloud. 

E. Spokes can build tunnels to other spokes and exchange traffic directly. 

F. It supports server load balancing on the spokes. 

Answer: A,C,E 

Q368. Which two statements about OSPFv3 are true? (Choose two.) 

A. It supports unicast address families for IPv4 and IPv6. 

B. It supports unicast address families for IPv6 only. 

C. It supports only one address family per instance. 

D. It supports the use of a cluster ID for loop prevention. 

E. It supports multicast address families for IPv4 and IPv6. 

F. It supports multicast address families for IPv6 only. 

Answer: A,C 

Q369. Which two options are EIGRP route authentication encryption modes? (Choose two.) 

A. MD5 

B. HMAC-SHA-256bit 



Answer: A,B 


Packets exchanged between neighbors must be authenticated to ensure that a device accepts packets only from devices that have the same preshared authentication key. Enhanced Interior Gateway Routing Protocol (EIGRP) authentication is configurable on a per-interface basis; this means that packets exchanged between neighbors connected through an interface are authenticated. EIGRP supports message digest algorithm 5 (MD5) authentication to prevent the introduction of unauthorized information from unapproved sources. MD5 authentication is defined in RFC 1321. EIGRP also supports the Hashed Message Authentication Code-Secure Hash Algorithm-256 (HMAC-SHA-256) authentication method. 


Q370. Refer to the exhibit. 

A tunnel is configured between R3 to R4 sourced with their loopback interfaces. The ip pim sparse-dense mode command is configured on the tunnel interfaces and multicast-routing is enabled on R3 and R4. The IP backbone is not configured for multicast routing. 

The RPF check has failed toward the multicast source. 

Which two conditions could have caused the failure? (Choose two.) 

A. The route back to the RP is through a different interface than tunnel 0. 

B. The backbone devices can only route unicast traffic. 

C. The route back to the RP is through the same tunnel interface. 

D. A static route that points the RP to GigabitEthernet1/0 is configured. 

Answer: A,D 


.For a successful RPF verification of multicast traffic flowing over the shared tree (*,G) from RP, an ip mroute rp-address nexthop command needs to be configured for the RP address, that points to the tunnel interface. 

A very similar scenario can be found at the reference link below: