Master the 400 101 ccie CCIE Routing and Switching (v5.0) content and be ready for exam day success quickly with this Exambible 400 101 dumps free practice test. We guarantee it!We make it a reality and give you real passleader 400 101 questions in our Cisco 400 101 ccie braindumps.Latest 100% VALID Cisco passleader 400 101 Exam Questions Dumps at below page. You can use our Cisco ccie 400 101 dumps braindumps and pass your exam.
2026 New 400-101 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-101/
Q1. Which two statements are true about an EVPL? (Choose two.)
A. It has a high degree of transparency.
B. It does not allow for service multiplexing.
C. The EVPL service is also referred to as E-line.
D. It is a point-to-point Ethernet connection between a pair of UNIs.
Answer: C,D
Explanation:
Following the MEF approach, the services that comprise the Metro Ethernet (ME) solution can be classified into the following two general categories:
. Point-to-point (PtP) — A single point-to-point Ethernet circuit provisioned between two User Network Interfaces (UNIs).
. Multipoint-to-multipoint (MPtMP) — A single multipoint-to-multipoint Ethernet circuit provisioned between two or more UNIs. When there are only two UNIs in the circuit, more UNIs can be added to the same Ethernet virtual connection if required, which distinguishes this from the point-to-point type. In the MEF terminology, this maps to the following Ethernet service types:
. Ethernet Line Service Type (E-Line) — Point-to-point Ethernet service
. Ethernet LAN Service Type (E-LAN) — Multipoint-to-multipoint Ethernet service
Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/HA_Clusters/HA_C lusters/HA_ME3_6.pdf
Q2. Which timer expiration can lead to an EIGRP route becoming stuck in active?
A. hello
B. active
C. query
D. hold
Answer: B
Explanation:
As noted above, when a route goes into the active state, the router queries its neighbors to find a path to the pertinent network. At this point, the router starts a three minute active timer by which time it must receive replies from all queried neighbors. If a neighbor has feasible successors for the route, it will recalculate its own local distance to the network and report this back. However, if a neighbor does not have a feasible successor, it also goes into active state. In some cases, multiple routers along multiple query paths will go into active state as routers continue to query for the desired route. In most cases, this process will yield responses from all queried routers and the sought after route will transition back into the passive state within the three minute SIA query timer. In the case that none of the queried routers can provide a feasible successor, the route is cleared. In some cases, a response is not received between two neighbor routers because of link failures, congestion or some other adverse condition in either the network or on the queried router, and the three minute active timer expires on the router originating the query. When this happens, the querying router that did not receive a response logs a “DUAL-3-SIA” or “stuck-in-active” error for the route and then drops and restarts its adjacency with the non-responding router
Reference: http://www.packetdesign.com/resources/technical-briefs/diagnosing-eigrp-stuck-active
Q3. Which VPN technology requires the use of an external key server?
A. GETVPN
B. GDOI
C. SSL
D. DMVPN
E. IPsec F. L2TPv3
Answer: A
Explanation:
A GETVPN deployment has primarily three components, Key Server (KS), Group Member (GM), and Group Domain of Interpretation (GDOI) protocol. GMs do encrypt/decrypt the traffic and KS distribute the encryption key to all the group members. The KS decides on one single data encryption key for a given life time. Since all GMs use the same key, any GM can decrypt the traffic encrypted by any other GM. GDOI protocol is used between the GM and KS for group key and group SA management. Minimum one KS is required for a GETVPN deployment.
Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/deployment_guide_c07_554713.html
Q4. Refer to the exhibit.
Which device role could have generated this debug output?
A. an NHS only
B. an NHC only
C. an NHS or an NHC
D. a DMVPN hub router
Answer: B
Explanation:
NHRP works off a server/client relationship, where the NHRP clients (let’s call them next hop clients/NHCs) register with their next hop server (NHS), it’s the responsibility of the NHS to track all of its NHCs this is done with registration request and reply packets. Here we see a registration request, which can only be sent by an NHC.
Q5. When you configure the ip pmtu command under an L2TPv3 pseudowire class, which two things can happen when a packet exceeds the L2TP path MTU? (Choose two.)
A. The router drops the packet.
B. The router always fragments the packet after L2TP/IP encapsulation.
C. The router drops the packet and sends an ICMP unreachable message back to the sender only if the DF bit is set to 1.
D. The router always fragments the packet before L2TP/IP encapsulation.
E. The router fragments the packet after L2TP/IP encapsulation only if the DF bit is set to 0.
F. The router fragments the packet before L2TP/IP encapsulation only if the DF bit is set to
0.
Answer: C,F
Explanation:
If you enable the ip pmtu command in the pseudowire class, the L2TPv3 control channel participates in the path MTU discovery. When you enable this feature, the following processing is performed:
– ICMP unreachable messages sent back to the L2TPv3 router are deciphered and the tunnel MTU is updated accordingly. In order to receive ICMP unreachable messages for fragmentation errors, the DF bit in the tunnel header is set according to the DF bit value received from the CE, or statically if the ip dfbit set option is enabled. The tunnel MTU is periodically reset to the default value based on a periodic timer.
– ICMP unreachable messages are sent back to the clients on the CE side. ICMP unreachable messages are sent to the CE whenever IP packets arrive on the CE-PE interface and have a packet size greater than the tunnel MTU. A Layer 2 header calculationis performed before the ICMP unreachable message is sent to the CE.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/l2tpv325.html
Q6. Which statement about OSPF multiaccess segments is true?
A. The designated router is elected first.
B. The designated and backup designated routers are elected at the same time.
C. The router that sent the first hello message is elected first.
D. The backup designated router is elected first.
Answer: D
Explanation:
According to the RFC, the BDR is actually elected first, followed by the DR. The RFC explains why: “The reason behind the election algorithm’s complexity is the desire for an orderly transition from Backup Designated Router to Designated Router, when the current Designated Router fails. This orderly transition is ensured through the introduction of hysteresis: no new Backup Designated Router can be chosen until the old Backup accepts its new Designated Router responsibilities. The above procedure may elect the same router to be both Designated Router and Backup Designated Router, although that router will never be the calculating router (Router X) itself.”
Reference: http://www.ietf.org/rfc/rfc2328.txt – Page 76
Q7. Refer to the exhibit.
You must complete the configuration on R1 so that a maximum of three links can be used and fragmentation is supported.
Which additional configuration accomplishes this task?
A. interface Multilink19
ip address 192.168.1.1 255.255.255.0
ppp multilink
ppp multilink group 19
ppp multilink links minimum 1
ppp multilink links maximum 3
ppp multilink interleave
B. interface Multilink19
ip address 192.168.1.1 255.255.255.0
ppp multilink
ppp multilink group 19
ppp multilink links maximum 3
ppp multilink fragment delay 20
C. interface Multilink19
ip address 192.168.1.1 255.255.255.0
ppp multilink
ppp multilink group 19
ppp multilink links maximum 3
ppp multilink fragment delay 20
ppp multilink interleave
D. interface Multilink19
ip address 192.168.1.1 255.255.255.252
ppp multilink
ppp multilink group 19
ppp multilink links maximum 3
ppp multilink interleave
Answer: A
Explanation:
The “ppp multilink interleave” command is needed to enable link fragmentation and Interleaving (LFI). The Cisco IOS Link Fragmentation and Interleaving (LFI) feature uses Multilink PPP (MLP). MLP provides a method of splitting, recombining, and sequencing datagrams across multiple logical data links. MLP allows packets to be fragmented and the fragments to be sent at the same time over multiple point-to-point links to the same remote address.
ppp multilink links maximum
To limit the maximum number of links that Multilink PPP (MLP) can dial for dynamic allocation, use the ppp multilink links maximum command in interface configuration mode.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcflfi.html
Q8. Which three values can you use to configure an ERSPAN destination session? (Choose three.)
A. VLAN ID
B. source IP address
C. destination IP address
D. ID number
E. VRF
F. session name
Answer: B,D,E
Q9. Which two statements about the ipv6 ospf authentication command are true? (Choose two.)
A. The command is required if you implement the IPsec AH header.
B. The command configures an SPI.
C. The command is required if you implement the IPsec TLV.
D. The command can be used in conjunction with the SPI authentication algorithm.
E. The command must be configured under the OSPFv3 process.
Answer: A,B
Explanation:
OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP extension headers can be used to provide authentication and confidentiality to OSPFv3. To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be applied alone or in combination with the AH, and when ESP is used, both encryption and authentication are provided. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html
Q10. Refer to the exhibit.
What will be the IP MTU of tunnel 0?
A. 1500
B. 1524
C. 1476
D. 1452
E. 1548
Answer: C
Explanation:
In the case of the GRE tunnel interface, the IP maximum transmission unit (MTU) is 24 bytes less than the IP MTU of the real outgoing interface. For an Ethernet outgoing interface that means the IP MTU on the tunnel interface would be 1500 minus 24, or 1476 bytes.
Reference: A spoke site that is connected to Router-A cannot reach a spoke site that is connected to Router-B, but both spoke sites can reach the hub. What is the likely cause of this issue http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/13725-56.html