Your success in Cisco cisco 400 101 is our sole target and we develop all our 400 101 ccie braindumps in a way that facilitates the attainment of this target. Not only is our ccie 400 101 study material the best you can find, it is also the most detailed and the most updated. 400 101 dumps Practice Exams for Cisco CCIE Routing and Switching 400 101 ccie are written to the highest standards of technical accuracy.


2026 New 400-101 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-101/

Q1. DRAG DROP 

Drag each traceroute text character on the left to its meaning on the right. 

Answer:  

Q2. Which two BGP attributes are optional, non-transitive attributes? (Choose two.) 

A. AS path 

B. local preference 

C. MED 

D. weight 

E. cluster list 

Answer: C,E 

Q3. Which two statements about IPv4 and IPv6 networks are true? (Choose two.) 

A. In IPv6, hosts perform fragmentation. 

B. IPv6 uses a UDP checksum to verify packet integrity. 

C. In IPv6, routers perform fragmentation. 

D. In IPv4, fragmentation is performed by the source of the packet. 

E. IPv4 uses an optional checksum at the transport layer. 

F. IPv6 uses a required checksum at the network layer. 

Answer: A,B 

Q4. Refer to the exhibit. 

With these configurations for R1 and R2, which statement about PPP authentication is true? 

A. Authentication fails because R1 is missing a username and password. 

B. R2 responds with the correct authentication credentials. 

C. R2 requires authentication from R1. 

D. R1 requires authentication from R2. 

Answer:

Explanation: 

Only R2 is configured with the “PPP authentication PAP” command so it requires authentication from R1, but R1 does not require authentication from R2. 

Q5. Which two configuration changes should be made on the OTP interface of an EIGRP OTP route reflector? (Choose two.) 

A. passive-interface 

B. no split-horizon 

C. no next-hop-self 

D. hello-interval 60, hold-time 180 

Answer: B,C 

Explanation: 

The EIGRP Over the Top feature enables a single end-to-end Enhanced Interior Gateway Routing Protocol (EIGRP) routing domain that is transparent to the underlying public or private WAN transport that is used for connecting disparate EIGRP customer sites. When an enterprise extends its connectivity across multiple sites through a private or a public WAN connection, the service provider mandates that the enterprise use an additional routing protocol, typically the Border Gateway Protocol (BGP), over the WAN links to ensure end-to-end routing. The use of an additional protocol causes additional complexities for the enterprise, such as additional routing processes and sustained interaction between EIGRP and the routing protocol to ensure connectivity, for the enterprise. With the EIGRP Over the Top feature, routing is consolidated into a single protocol (EIGRP) across the WAN. 

Perform this task to configure a customer edge (CE) device in a network to function as an EIGRP Route Reflector: 

1. enable 

2. configure terminal 

3. router eigrp virtual-name 

4. address-family ipv4 unicast autonomous-system as-number 

5. af-interface interface-type interface-number 

6. no next-hop-self 

7. no split-horizon 

8. exit 

9. remote-neighbors source interface-type interface-number unicast-listen lisp-encap 

10. network ip-address 

11. end 

Note. Use no next-hop-self to instruct EIGRP to use the received next hop and not the local outbound interface address as the next hop to be advertised to neighboring devices. If no next-hop-self is not configured, the data traffic will flow through the EIGRP Route Reflector. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-xe-3s-book/ire-eigrp-over-the-top.html 

Q6. In the DiffServ model, which class represents the lowest priority with the highest drop probability? 

A. AF11 

B. AF13 

C. AF41 

D. AF43 

Answer:

Explanation: 

Assured Forwarding (AF) Behavior Group 

Class 1 

Class 2 

Class 3 

Class 4 

Low Drop 

AF11 (DSCP 10) 

AF21 (DSCP 18) 

AF31 (DSCP 26) 

AF41 (DSCP 34) 

Med Drop 

AF12 (DSCP 12) 

AF22 (DSCP 20) 

AF32 (DSCP 28) 

AF42 (DSCP 36) 

High Drop 

AF13 (DSCP 14) 

AF23 (DSCP 22) 

AF33 (DSCP 30) 

AF43 (DSCP 38) 

Reference: http://en.wikipedia.org/wiki/Differentiated_services 

Q7. Which two statements about the function of a PIM designated router are true? (Choose two.) 

A. It forwards multicast traffic from the source into the PIM network. 

B. It registers directly connected sources to the PIM rendezvous point. 

C. It sends PIM Join/Prune messages for directly connected receivers. 

D. It sends IGMP queries. 

E. It sends PIM asserts on the interfaces of the outgoing interface list. 

Answer: B,C 

Explanation: 

In PIM ASM and SSM modes, the software chooses a designated router (DR) from the routers on each network segment. The DR is responsible for forwarding multicast data for specified groups and sources on that segment. In ASM mode, the DR is responsible for unicasting PIM register packets to the RP. When a DR receives an IGMP membership report from a directly connected receiver, the shortest path is formed to the RP, which may or may not go through the DR. The result is a shared tree that connects all sources transmitting on the same multicast group to all receivers of that group. In SSM mode, the DR triggers (*, G) or (S, G) PIM join messages toward the RP or the source. The path from the receiver to the source is determined hop by hop. The source must be known to the receiver or the DR. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/multicast/configuration/guide/n7k_multic_cli_5x/pim.html#wp1054047 

Q8. Which two advantages does CoPP have over receive path ACLs? (Choose two.) 

A. Only CoPP applies to IP packets and non-IP packets. 

B. Only CoPP applies to receive destination IP packets. 

C. A single instance of CoPP can be applied to all packets to the router, while rACLs require multiple instances. 

D. Only CoPP can rate-limit packets. 

Answer: A,D 

Explanation: 

Control Plane Policing – CoPP is the Cisco IOS-wide route processor protection mechanism. As illustrated in Figure 2, and similar to rACLs, CoPP is deployed once to the punt path of the router. However, unlike rACLs that only apply to receive destination IP packets, CoPP applies to all packets that punt to the route processor for handling. CoPP therefore covers not only receive destination IP packets, it also exceptions IP packets and non-IP packets. In addition, CoPP is implemented using the Modular QoS CLI (MQC) framework for policy construction. In this way, in addition to simply permit and deny functions, specific packets may be permitted but rate-limited. This behavior substantially improves the ability to define an effective CoPP policy. (Note: that “Control Plane Policing” is something of a misnomer because CoPP generally protects the punt path to the route processor and not solely the control plane.) 

Reference: http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html 

Q9. Which statement is true when using a VLAN ID from the extended VLAN range (1006–4094)? 

A. VLANs in the extended VLAN range can be used with VTPv2 in either client or server mode. 

B. VLANs in the extended VLAN range can only be used as private VLANs. 

C. STP is disabled by default on extended-range VLANs. 

D. VLANs in the extended VLAN range cannot be pruned. 

Answer:

Explanation: 

Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that device only (not on all switches in the VTP domain). VTP pruning takes effect several seconds after you enable it. VTP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs higher than 1005) are also pruning-ineligible. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_13_ea1/configuration/guide/3550scg/swvtp.html#wpxref48156 

Q10. Which statement describes the function of rekey messages? 

A. They prevent unencrypted traffic from passing through a group member before registration. 

B. They refresh IPsec SAs when the key is about to expire. 

C. They trigger a rekey from the server when configuring the rekey ACL. 

D. They authenticate traffic passing through a particular group member. 

Answer:

Explanation: 

Rekey messages are used to refresh IPsec SAs. When the IPsec SAs or the rekey SAs are about to expire, one single rekey message for a particular group is generated on the key server. No new IKE sessions are created for the rekey message distribution. The rekey messages are distributed by the key server over an existing IKE SA. Rekeying can use multicast or unicast messages. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-xe-3s-book/sec-get-vpn.html