Pass4sure ccie 400 101 dumps Questions are updated and all 400 101 pdf answers are verified by experts. Once you have completely prepared with our ccie 400 101 exam prep kits you will be ready for the real 400 101 dumps exam without a problem. We have Replace Cisco 400 101 dumps dumps study guide. PASSED ccie 400 101 dumps First attempt! Here What I Did.
2026 New 400-101 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/400-101/
Q1. Which three statements about bridge assurance are true? (Choose three.)
A. Bridge assurance must be enabled on both ends of a link.
B. Bridge assurance can be enabled on one end of a link or on both ends.
C. Bridge assurance is enabled on STP point-to-point links only.
D. Bridge assurance is enabled on STP multipoint links only.
E. If a bridge assurance port fails to receive a BPDU after a timeout, the port is put into a blocking state.
F. If a bridge assurance port fails to receive a BPDU after a timeout, the port is put into an error disabled state.
Answer: A,C,E
Explanation:
Bridge Assurance is enabled by default and can only be disabled globally. Also, Bridge Assurance can be enabled only on spanning tree network ports that are point-to-point links.
Finally, both ends of the link must have Bridge Assurance enabled.
With Bridge Assurance enabled, BPDUs are sent out on all operational network ports, including alternate and backup ports, for each hello time period. If the port does not receive a BPDU for a specified period, the port moves into the blocking state and is not used in the root port calculation. Once that port receives a BPDU, it resumes the normal spanning tree transitions.
Reference:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guid e/cli/CLIConfigurationGuide/SpanningEnhanced.html
Q2. Which three statements about EVCs are true? (Choose three.)
A. Spanning Tree must use MST mode on EVC ports.
B. PAGP is supported on EVC ports.
C. Spanning Tree must use RSTP mode on EVC ports.
D. LACP is supported on EVC ports.
E. Layer 2 multicast framing is supported.
F. Bridge domain routing is required.
Answer: A,B,D
Explanation:
EVC support requires the following:
–The spanning tree mode must be MST.
–The dot1ad global configuration mode command must be configured.
These Layer 2 port-based features can run with EVC configured on a port:
–PAGP
–LACP
–UDLD
–LLDP
–CDP
–MSTP
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/ethernet_virtual_connection.html
Q3. Which two statements about IP SLAs are true? (Choose two.)
A. They are Layer 2 transport independent.
B. Statistics are collected and stored in the RIB.
C. Data for the delay performance metric can be collected both one-way and round-trip.
D. Data can be collected with a physical probe.
E. They are used primarily in the distribution layer.
Answer: A,E
Q4. Which type of port would have root guard enabled on it?
A. A root port
B. An alternate port
C. A blocked port
D. A designated port
Answer: D
Explanation:
The root guard feature provides a way to enforce the root bridge placement in the network. The root guard ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.
Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10588-74.html
Q5. Refer to the exhibit.
Which action will solve the error state of this interface when connecting a host behind a Cisco IP phone?
A. Configure dot1x-port control auto on this interface
B. Enable errdisable recovery for security violation errors
C. Enable port security on this interface
D. Configure multidomain authentication on this interface
Answer: D
Explanation:
In single-host mode, a security violation is triggered when more than one device are detected on the data vlan. In multidomain authentication mode, a security violation is triggered when more than one device are detected on the data or voice VLAN. Here we see that single host mode is being used, not multidomain mode.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/50sg/configuration/guide/Wrapper-46SG/dot1x.html#wp1309041
Q6. What is the most secure way to store ISAKMP/IPSec preshared keys in Cisco IOS?
A. Use the service password-encryption command.
B. Encrypt the ISAKMP preshared key in secure type 5 format.
C. Encrypt the ISAKMP preshared key in secure type 7 format.
D. Encrypt the ISAKMP preshared key in secure type 6 format.
Answer: D
Explanation:
Using the Encrypted Preshared Key feature, you can securely store plain text passwords in type 6 format in NVRAM using a command-line interface (CLI). Type 6 passwords are encrypted. Although the encrypted passwords can be seen or retrieved, it is difficult to decrypt them to find out the actual password. This is currently the most secure way to store keys.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ikevpn/configuration/xe-3s/asr1000/sec-ike-for-ipsec-vpns-xe-3s-asr1000-book/sec-encrypt-preshare.html
Q7. Which three factors does Cisco PfR use to calculate the best exit path? (Choose three.)
A. quality of service
B. packet size
C. delay
D. loss
E. reachability
F. administrative distance
Answer: C,D,E
Explanation:
Cisco PfR selects an egress or ingress WAN path based on parameters that affect application performance, including reachability, delay, cost, jitter, and Mean Opinion Score (MOS).
Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/performance-routing-pfr/product_data_sheet0900aecd806c4ee4.html
Q8. Which statement about the RPF interface in a BIDIR-PIM network is true?
A. In a BIDIR-PIM network, the RPF interface is always the interface that is used to reach the PIM rendezvous point.
B. In a BIDIR-PIM network, the RPF interface can be the interface that is used to reach the PIM rendezvous point or the interface that is used to reach the source.
C. In a BIDIR-PIM network, the RPF interface is always the interface that is used to reach the source.
D. There is no RPF interface concept in BIDIR-PIM networks.
Answer: A
Explanation:
RPF stands for "Reverse Path Forwarding". The RPF Interface of a router with respect to an address is the interface that the MRIB indicates should be used to reach that address. In the case of a BIDIR-PIM multicast group, the RPF interface is determined by looking up the Rendezvous Point Address in the MRIB. The RPF information determines the interface of the router that would be used to send packets towards the Rendezvous Point Link for the group.
Reference: https://tools.ietf.org/html/rfc5015
Q9. What is the range of addresses that is used for IPv4-mapped IPv6 addresses?
A. 2001. db9. . /32
B. 2001. db8. . /32
C. 2002. . /16
D. . . ffff. /16
E. . . ffff. 0. 0/96
Answer: E
Explanation:
IPv4-Mapped Addresses FFFF:0:0/96 are the IPv4-mapped addresses [RFC4291]. Addresses within this block should not appear on the public Internet.
Reference: https://tools.ietf.org/html/rfc5156
Q10. DRAG DROP
Drag and drop the multiprotocol BGP feature on the left to the corresponding description on the right.
Answer: