Master the 400 101 ccie CCIE Routing and Switching (v5.0) content and be ready for exam day success quickly with this Ucertify ccie 400 101 latest exam. We guarantee it!We make it a reality and give you real 400 101 dumps questions in our Cisco cisco 400 101 braindumps.Latest 100% VALID Cisco cisco 400 101 Exam Questions Dumps at below page. You can use our Cisco 400 101 dumps braindumps and pass your exam.


2026 New 400-101 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-101/

Q1. Which three statements about IPsec VTIs are true? (Choose three.) 

A. IPsec sessions require static mapping to a physical interface. 

B. They can send and receive multicast traffic. 

C. They can send and receive traffic over multiple paths. 

D. They support IP routing and ACLs. 

E. They can send and receive unicast traffic. 

F. They support stateful failover. 

Answer: B,D,E 

Q2. What is the destination MAC address of a BPDU frame? 

A. 01-80-C2-00-00-00 

B. 01-00-5E-00-00-00 

C. FF-FF-FF-FF-FF-FF 

D. 01-80-C6-00-00-01 

Answer:

Explanation: 

The root-bridge election process begins by having every switch in the domain believe it is the root and claiming it throughout the network by means of Bridge Protocol Data Units (BPDU). BPDUs are Layer 2 frames multicast to a well-known MAC address in case of IEEE STP (01-80-C2-00-00-00) or vendor-assigned addresses, in other cases. 

Reference: http://www.ciscopress.com/articles/article.asp?p=1016582 

Q3. Which OSPF feature supports LSA rate limiting in milliseconds to provide faster convergence? 

A. LSA throttling 

B. incremental SPF 

C. fast hello 

D. SPF tuning 

Answer:

Explanation: 

The OSPF Link-State Advertisement (LSA) Throttling feature provides a dynamic mechanism to slow down link-state advertisement (LSA) updates in OSPF during times of network instability. It also allows faster Open Shortest Path First (OSPF) convergence by providing LSA rate limiting in milliseconds. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fsolsath.html 

Q4. Which two BGP path attributes are visible in Wireshark? (Choose two.) 

A. weight 

B. AS path 

C. local preference 

D. route maps 

Answer: B,C 

Q5. Which option is the default maximum age of the MAC address table? 

A. 300 seconds 

B. 500 seconds 

C. 1200 seconds 

D. 3600 seconds 

Answer:

Explanation: 

To configure the maximum aging time for entries in the Layer 2 table, use the mac-address-table aging-time command in global configuration mode. 

Syntax Description 

seconds 

MAC address table entry maximum age. Valid values are 0, and from 5 to 1000000 seconds. Aging time is counted from the last time that the switch detected the MAC address. The default value is 300 seconds. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/lanswitch/command/reference/lsw_book/lsw_m1. html 

Q6. Which two statements about PBR route maps are true? (Choose two.) 

A. They can use extended ACLs to identify traffic. 

B. They can route unicast traffic without interface-level classification. 

C. They can be applied to both ingress and egress traffic. 

D. They can classify traffic based on prefix-lists. 

E. They can set the metric and IP precedence bits. 

Answer: A,B 

Q7. DRAG DROP 

Drag and drop each EIGRP element on the left to the corresponding definition on the right. 

Answer:  

Q8. DRAG DROP 

Drag and drop the BGP attribute on the left to the correct category on the right. 

Answer:  

Q9. Which component of the BGP ORF can you use to permit and deny routing updates? 

A. match 

B. action 

C. AFI 

D. SAFI 

E. ORF type 

Answer:

Q10. Which two options are EIGRP route authentication encryption modes? (Choose two.) 

A. MD5 

B. HMAC-SHA-256bit 

C. ESP-AES 

D. HMAC-AES 

Answer: A,B 

Explanation: 

Packets exchanged between neighbors must be authenticated to ensure that a device accepts packets only from devices that have the same preshared authentication key. Enhanced Interior Gateway Routing Protocol (EIGRP) authentication is configurable on a per-interface basis; this means that packets exchanged between neighbors connected through an interface are authenticated. EIGRP supports message digest algorithm 5 (MD5) authentication to prevent the introduction of unauthorized information from unapproved sources. MD5 authentication is defined in RFC 1321. EIGRP also supports the Hashed Message Authentication Code-Secure Hash Algorithm-256 (HMAC-SHA-256) authentication method. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-xe-3s-book/ire-sha-256.html