Cause all that matters here is passing the Cisco ccie 400 101 exam. Cause all that you need is a high score of 400 101 dumps CCIE Routing and Switching (v5.0) exam. The only one thing you need to do is downloading Examcollection ccie 400 101 dumps exam study guides now. We will not let you down with our money-back guarantee.


2026 New 400-101 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-101/

Q1. Which two protocols are not protected in an edge router by using control plane policing? (Choose two.) 

A. SMTP 

B. RPC 

C. SSH 

D. Telnet 

Answer: A,B 

Explanation: 

A CoPP policy can limit a number of different packet types that are forwarded to the control plane. Traffic destined for the switch CPU includes: 

. Address Resolution Protocol (ARP) 

. First-hop redundancy protocol packets 

. Layer 2 control packets 

. Management packets (telnet, Secure Shell [SSH] Protocol, Simple Network Management Protocol [SNMP]) <--- C and D are not correct. 

. Multicast control packets 

. Routing protocol packets 

. Packets with IP options 

. Packets with time to live (TTL) set to 1 

. Packets that require ACL logging 

. Packets that require an initial lookup (first packet in a flow: FIB miss) 

. Packets that have don't support hardware switching/routing 

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_553261.html 

Q2. Which three modes are valid PfR monitoring modes of operation? (Choose three.) 

A. route monitor mode (based on BGP route changes) 

B. RMON mode (based on RMONv1 and RMONv2 data) 

C. passive mode (based on NetFlow data) 

D. active mode (based on Cisco IP SLA probes) 

E. fast mode (based on Cisco IP SLA probes) 

F. passive mode (based on Cisco IP SLA probes) 

Answer: C,D,E 

Explanation: 

Modes are: 

Mode monitor passive 

Passive monitoring is the act of PfR gathering information on user packets assembled into flows by Netflow. Passive monitoring is typically only recommended in Internet edge deployments because active probing is ineffective because of security policies that block probing. PfR, when enabled, automatically enables Netflow on the managed interfaces on the Border Routers. By aggregating this information on the Border Routers and periodically reporting the collected data to the Master Controller, the network prefixes and applications in use can automatically be learned. 

Mode monitor active 

Active monitoring is the act of generating Cisco IOS IP Service Level Agreements (SLAs) probes to generate test traffic for the purpose of obtaining information regarding the characteristics of the WAN links. PfR can either implicitly generates active probes when passive monitoring has identified destination hosts, or the network manager can explicitly configured probes in the PfR configuration. When jitter probes are used (common use case), Target Discovery is used to learn the respond address and to automatically generate the probes. 

Mode monitor Fast 

This mode generates active probes through all exists continuously at the configured probe frequency. This differs from either active or both modes in that these modes only generate probes through alternate paths (exits) in the event the current path is out-of-policy. 

Reference: http://docwiki.cisco.com/wiki/PfR:Technology_Overview#Mode_monitor_passive 

Q3. Which two tasks are required for configuring SNMP to send traps on a Cisco IOS device? (Choose two.) 

A. Create access controls for an SNMP community. 

B. Configure SNMP notifications. 

C. Configure the SNMP agent. 

D. Configure SNMP status monitoring and troubleshooting. 

E. Configure SNMP server group names. 

F. Configure the SNMP server engine ID. 

Answer: A,B 

Explanation: 

The best current practices recommend applying Access Control Lists (ACLs) to community strings and ensuring that the requests community strings are not identical to notifications community strings. Access lists provide further protection when used in combination with other protective measures. This example sets up ACL to community string: 

access-list 1 permit 1.1.1.1 snmp-server community string1 ro 1 

. SNMP Notifications 

A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications do not require that requests be sent from the SNMP manager. Unsolicited (asynchronous) notifications can be generated as traps or inform requests. Traps are messages alerting the SNMP manager to a condition on the network. Inform requests (informs) are traps that include a request for confirmation of receipt from the SNMP manager. Notifications can indicate improper user authentication, restarts, the closing of a connection, loss of connection to a neighbor router, or other significant events. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.h tml#wp1007320 

Q4. What is the preferred method to improve neighbor loss detection in EIGRP? 

A. EIGRP natively detects neighbor down immediately, and no additional feature or configuration is required. 

B. BFD should be used on interfaces that support it for rapid neighbor loss detection. 

C. Fast hellos (subsecond) are preferred for EIGRP, so that it learns rapidly through its own mechanisms. 

D. Fast hellos (one-second hellos) are preferred for EIGRP, so that it learns rapidly through its own mechanisms. 

Answer:

Explanation: 

Bi-directional Forwarding Detection (BFD) provides rapid failure detection times between forwarding engines, while maintaining low overhead. It also provides a single, standardized method of link/device/protocol failure detection at any protocol layer and over any media. 

Reference: “Bidirectional Forwarding Detection for EIGRP” 

http://www.cisco.com/en/US/technologies/tk648/tk365/tk207/technologies_white_paper090 0aecd80243fe7.html 

Q5. Which two statements about ERSPAN are true? (Choose two.) 

A. It supports jumbo frames of up to 9202 bytes. 

B. It adds a 50-byte header to copied Layer 2 Ethernet frames. 

C. It supports packet fragmentation and reassembles the packets. 

D. It adds a 4-byte header to copied Layer 2 Ethernet frames. 

E. Source sessions on an individual switch can use different origin IP addresses. 

Answer: A,B 

Q6. A network engineer is extending a LAN segment between two geographically separated data centers. Which enhancement to a spanning-tree design prevents unnecessary traffic from crossing the extended LAN segment? 

A. Modify the spanning-tree priorities to dictate the traffic flow. 

B. Create a Layer 3 transit VLAN to segment the traffic between the sites. 

C. Use VTP pruning on the trunk interfaces. 

D. Configure manual trunk pruning between the two locations. 

Answer:

Q7. Refer to the exhibit. 

Which additional information must you specify in this configuration to capture NetFlow traffic? 

A. ingress or egress traffic 

B. the number of cache entries 

C. the flow cache active timeout 

D. the flow cache inactive timeout 

Answer:

Explanation: 

Configuring NetFlow 

Perform the following task to enable NetFlow on an interface. SUMMARY STEPS 

1. enable 

2. configure terminal 

3. interface type number 

4. ip flow {ingress | egress} 

5. exit 

6. Repeat Steps 3 through 5 to enable NetFlow on other interfaces. 

7. end 

DETAILED STEPS 

Command or Action 

Purpose 

Step 1 

enable 

Example: 

Router> enable Enables privileged EXEC mode. . 

Enter your password if prompted. 

Step 2 

configure terminal Example: 

........

Example: 

Router(config)# interface ethernet 0/0 

Specifies the interface that you want to enable NetFlow on and enters interface configuration mode. 

Step 4 

ip flow {ingress | egress} 

Example: 

Router(config-if)# ip flow ingress 

Enables NetFlow on the interface. 

. ingress—Captures traffic that is being received by the interface 

. egress—Captures traffic that is being transmitted by the interface 

Step 5 

exit 

Example: 

Router(config-if)# exit 

(Optional) Exits interface configuration mode and enters global configuration mode. 

Note 

You need to use this command only if you want to enable NetFlow on another interface. 

Step 6 

Repeat Steps 3 through 5 to enable NetFlow on other interfaces. 

This step is optional. 

Step 7 

end 

Example: 

Router(config-if)# end Exits the current configuration mode and returns to privileged EXEC mod 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/netflow/configuration/guide/12_2sr/nf_12_2sr_boo k/cfg_nflow_data_expt.html 

Q8. Which two statements about proxy ARP are true? (Choose two.) 

A. It is supported on networks without ARP. 

B. It allows machines to spoof packets. 

C. It must be used on a network with the host on a different subnet. 

D. It requires larger ARP tables. 

E. It reduces the amount of ARP traffic. 

Answer: B,D 

Explanation: 

Disadvantages of Proxy ARP 

Hosts have no idea of the physical details of their network and assume it to be a flat network in which they can reach any destination simply by sending an ARP request. But using ARP for everything has disadvantages. These are some of the disadvantages: 

It increases the amount of ARP traffic on your segment. 

Hosts need larger ARP tables in order to handle IP-to-MAC address mappings. 

Security can be undermined. A machine can claim to be another in order to intercept packets, an act called "spoofing." 

It does not work for networks that do not use ARP for address resolution. 

It does not generalize to all network topologies. For example, more than one router that connects two physical networks. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/13718-5.html 

Q9. Which two statements about redistribution are true? (Choose two.) 

A. EIGRP requires the route to have a default metric defined. 

B. EIGRP and OSPF use their router IDs to prevent loops. 

C. When OSPF is redistributed into IS-IS, the default metric must be configured under the IS-IS process. 

D. When traffic is redistributed into OSPF, the subnets command is needed to redistribute classful subnets. 

E. The default seed metric for OSPF redistributed routes is 30. 

Answer: A,B 

Q10. Refer to the exhibit. 

If EIGRP is configured between two routers as shown in this output, which statement about their EIGRP relationship is true? 

A. The routers will establish an EIGRP relationship successfully. 

B. The routers are using different authentication key-strings. 

C. The reliability metric is enabled. 

D. The delay metric is disabled. 

Answer:

Explanation: 

The 5 K values used in EIGRP are: 

K1 = Bandwidth modifier 

K2 = Load modifier 

K3 = Delay modifier 

K4 = Reliability modifier 

K5 = Additional Reliability modifier 

However, by default, only K1 and K3 are used (bandwidth and delay). In this output we see that K1, K3, and K4 (Reliability) are all set.