It is impossible to pass Cisco ccie 400 101 exam without any help in the short term. Come to Pass4sure soon and find the most advanced, correct and guaranteed Cisco cisco 400 101 practice questions. You will get a surprising result by our Refresh CCIE Routing and Switching (v5.0) practice guides.


2026 New 400-101 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-101/

Q1. Which technology can MSDP SA filters use to filter traffic? 

A. route maps 

B. community lists 

C. prefix lists 

D. class maps 

Answer:

Q2. Refer to the exhibit. 

Which two options are possible states for the interface configured with the given OSPFv3 

authentication? (Choose two.) 

A. GOING UP 

B. DOWN 

C. UNCONFIGURED 

D. GOING DOWN 

Answer: A,B 

Explanation: 

To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you. The secure socket API is used by applications to secure traffic. The API needs to allow the application to open, listen, and close secure sockets. The binding between the application and the secure socket layer also allows the secure socket layer to inform the application of changes to the socket, such as connection open and close events. The secure socket API is able to identify the socket; that is, it can identify the local and remote addresses, masks, ports, and protocol that carry the traffic requiring security. Each interface has a secure socket state, which can be one of the following: 

. NULL: Do not create a secure socket for the interface if authentication is configured for the area. 

. DOWN: IPsec has been configured for the interface (or the area that contains the interface), but OSPFv3 either has not requested IPsec to create a secure socket for this interface, or there is an error condition. 

. GOING UP: OSPFv3 has requested a secure socket from IPsec and is waiting for a CRYPTO_SS_SOCKET_UP message from IPsec. 

. UP: OSPFv3 has received a CRYPTO_SS_SOCKET_UP message from IPsec. 

. CLOSING: The secure socket for the interface has been closed. A new socket may be opened for the interface, in which case the current secure socket makes the transition to the DOWN state. Otherwise, the interface will become UNCONFIGURED. 

. UNCONFIGURED. Authentication is not configured on the interface. 

OSPFv3 will not send or accept packets while in the DOWN state. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html 

Q3. Which three statements are true about PPP CHAP authentication? (Choose three.) 

A. PPP encapsulation must be enabled globally. 

B. The LCP phase must be complete and in closed state. 

C. The hostname used by a router for CHAP authentication cannot be changed. 

D. PPP encapsulation must be enabled on the interface. 

E. The LCP phase must be complete and in open state. 

F. By default, the router uses its hostname to identify itself to the peer. 

Answer: D,E,F 

Explanation: 

Point-to-Point Protocol (PPP) authentication issues are one of the most common causes for dialup link failures. This document provides some troubleshooting procedures for PPP authentication issues. 

Prerequisites 

. Enable PPP encapsulation 

. The PPP authentication phase does not begin until the Link Control Protocol (LCP) phase is complete and is in the open state. If debug ppp negotiation does not indicate that LCP is open, troubleshoot this issue before proceeding. 

Note. By default, the router uses its hostname to identify itself to the peer. However, this CHAP username can be changed through the ppp chap hostname command. 

Reference: http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/25647-understanding-ppp-chap.html 

Q4. DRAG DROP 

Drag and drop each GET VPN feature on the left to the corresponding function it performs on the right. 

Answer:  

Q5. Which two statements about PIM-DM are true? (Choose two.) 

A. It forwards multicast packets on a source tree. 

B. It requires an RP. 

C. It forwards multicast packets on a shared distribution tree. 

D. It floods multicast packets to neighbors that have requested the data. 

E. It floods multicast packets throughout the network. 

F. It forwards multicast packets to neighbors that have requested the data. 

Answer: A,E 

Q6. Refer to the exhibit. 

Which technology does the use of bi-directional BPDUs on all ports in the topology support? 

A. RSTP 

B. MST 

C. Bridge Assurance 

D. Loop Guard 

E. Root Guard 

F. UDLD 

Answer:

Explanation: 

Spanning Tree Bridge Assurance 

. Turns STP into a bidirectional protocol 

. Ensures spanning tree fails “closed” rather than “open” 

. If port type is “network” send BPDU regardless of state 

. If network port stops receiving BPDU it’s put in BA-inconsistent state 

Bridge Assurance (BA) can help protect against bridging loops where a port becomes designated because it has stopped receiving BPDUs. This is similar to the function of loop guard. 

Reference: http://lostintransit.se/tag/convergence/ 

Q7. Which two statements about Inverse ARP are true? (Choose two.) 

A. It uses the same operation code as ARP. 

B. It uses the same packet format as ARP. 

C. It uses ARP stuffing. 

D. It supports static mapping. 

E. It translates Layer 2 addresses to Layer 3 addresses. 

F. It translates Layer 3 addresses to Layer 2 addresses. 

Answer: B,E 

Explanation: 

Inverse Address Resolution Protocol (Inverse ARP or InARP) is used to obtain Network Layer addresses (for example, IP addresses) of other nodes from Data Link Layer (Layer 2) addresses. It is primarily used in Frame Relay (DLCI) and ATM networks, in which Layer 2 addresses of virtual circuits are sometimes obtained from Layer 2 signaling, and the corresponding Layer 3 addresses must be available before those virtual circuits can be used. 

Since ARP translates Layer 3 addresses to Layer 2 addresses, InARP may be described as its inverse. In addition, InARP is implemented as a protocol extension to ARP: it uses the same packet format as ARP, but different operation codes. 

Reference: http://en.wikipedia.org/wiki/Address_Resolution_Protocol 

Q8. Refer to the exhibit. 

Which two route types are advertised by a router with this configuration? (Choose two.) 

A. connected 

B. external 

C. summary 

D. static 

E. redistributed 

Answer: A,C 

Q9. DRAG DROP 

Drag and drop the SNMP element on the left to the corresponding definition on the right. 

Answer:  

Q10. What is the function of an EIGRP sequence TLV packet? 

A. to acknowledge a set of sequence numbers during the startup update process 

B. to list the peers that should listen to the next multicast packet during the reliable multicast process 

C. to list the peers that should not listen to the next multicast packet during the reliable multicast process 

D. to define the initial sequence number when bringing up a new peer 

Answer:

Explanation: 

EIGRP sends updates and other information between routers using multicast packets to 224.0.0.10. For example in the topology below, R1 made a change in the topology and it needs to send updates to R2 & R3. It sends multicast packets to EIGRP multicast address 224.0.0.10. Both R2 & R3 can receive the updates and acknowledge back to R1 using unicast. Simple, right? But what if R1 sends out updates, only R2 replies but R3 never does? In the case a router sends out a multicast packet that must be reliable delivered (like in this case), an EIGRP process will wait until the RTO (retransmission timeout) period has passed before beginning a recovery action. This period is calculated from the SRTT (smooth round-trip time). After R1 sends out updates it will wait for this period to expire. Then it makes a list of all the neighbors from which it did not receive an Acknowledgement (ACK). Next it sends out a packet telling these routers stop listening to multicast until they are been notified that it is safe again. Finally the router will begin sending unicast packets with the information to the routers that didn’t answer, continuing until they are caught up. In our example the process will be like this: 

1. R1 sends out updates to 224.0.0.10 

2. R2 responds but R3 does not 

3. R1 waits for the RTO period to expire 

4. R1 then sends out an unreliable-multicast packet, called a sequence TLV (Type-Length-Value) packet, which tells R3 not to listen to multicast packets any more 

5. R1 continues sending any other muticast traffic it has and delivering all traffic, using unicast to R3, until it acknowledges all the packets 

6. Once R3 has caught up, R1 will send another sequence TLV, telling R3 to begin listening to multicast again. The sequence TLV packet contains a list of the nodes that should not listen to multicast packets while the recovery takes place. But notice that the TLV packet in step 6 does not contain any nodes in the list. 

Note. In the case R3 still does not reply in step 4, R1 will attempt to retransmit the unicast 16 times or continue to retransmit until the hold time for the neighbor in question expires. After this time, R1 will declare a retransmission limit exceeded error and will reset the neighbor. 

(Reference: EIGRP for IP: Basic Operation and Configuration)