[Lead2pass Official] 2017 Exam 400-101 Dumps From Lead2pass Cover All New 400-101 New Questions (341-360)

Lead2pass 2017 September New Cisco 400-101 Exam Dumps!

100% Free Download! 100% Pass Guaranteed!

Lead2pass is constantly updating 400-101 exam dumps. We will provide our customers with the latest and the most accurate exam questions and answers that cover a comprehensive knowledge point, which will help you easily prepare for 400-101 exam and successfully pass your exam. You just need to spend 20-30 hours on studying the exam dumps.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-101.html

QUESTION 341
Refer to the exhibit. Routers A and B are the edge devices at two different sites such as shown. The two edge devices use public addresses on their WAN interfaces and the both sites use RFC 1918 for all other addresses. If routers A and B have established an IPsec tunnel, which statement about the network environment must be true?

 

A.    Router A1 and router B1 are using NAT translation to allow private-address traffic to traverse the tunnel
B.    Router A and router B are using BGP to share routes between the two sites
C.    The tunnel terminates on the ISP routes
D.    Each site is capable of routing private addressing over the IPsec tunnel

Answer: D

QUESTION 342
Which STP feature can protect the network environment from loops in case of software failure?

A.    Root Guard
B.    BPDU Guard
C.    Bridge Assurance
D.    PortFast

Answer: C
Explanation:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/spanning_tree_features.html#79584
You can use Bridge Assurance to protect against certain problems that can cause bridging loops in the network. Specifically, you use Bridge Assurance to protect against a unidirectional link failure or other software failure and a device that continues to forward data traffic when it is no longer running the spanning tree algorithm.

QUESTION 343
Refer to the exhibit. Routers A and B are the edge devices at two different sites as shown.
If routers A and B have established an IPsec tunnel, which two statements about the network environment must be true? (Choose two)

 

A.    The connection could have been authenticated with 802.1x
B.    The connection could have authenticated with a pre-shared key
C.    RFC 1918 addresses are in use on the WAN interfaces on router A and router B
D.    The connection could have been authenticated with MD5
E.    Public IP addresses are in use on the WAN interfaces on router A and router B

Answer: BE

QUESTION 344
Refer to the exhibit, multiple hosts on the 10.2.2.0/24 network are sending traffic to the web server, Which configuration can you apply to R2 so that traffic from host 1 uses the path R2-R1-R3 to reach the web server, without affecting other hosts?

 

A.    access-list 1 permit 10.2.2.0 0.0.0.255
B.    interface FastEthernet2/0 ip policy route-map POLICY-ROUTE
C.    access-list 1 permit 10.2.2.3 255.255.255.255
D.    access-list 1 permit 10.2.2.3 0.0.0.0
E.    access-list 1 permit 10.2.2.4 0.0.0.0
F.    ip local policy route-map POLICY-ROUTE

Answer: D

QUESTION 345
A floating static route pointing to an interface appears in the routing table even when the interface is down. Which action can you take to correct the problem?

A.    Correct the DHCP-provided route on the DHCP server
B.    Remove the permanent option form the static route
C.    Correct the administrative distance
D.    Configure the floating static route to point to another route in the routing table

Answer: B

QUESTION 346
When multiple AAA authentication methods are specified in a method list and all working normally, how is the user authenticated?

A.    The user is authenticated against all provided authentication sources and granted the most restricted set of access privileges
B.    The user is authenticated against the first listed authentication source only
C.    The user is authenticated against the provided authentication sources in order until a match is found
D.    The user is authenticated against all provided authentication sources and granted the least restricted set of access privileges

Answer: B

QUESTION 347
Which feature must be enabled prior to enabling the IGMP Snooping Querier?

A.    PIM-SM
B.    SSM
C.    IP helper
D.    IGMP Snooping

Answer: D

QUESTION 348
Which protocol enables routers in an MPLS environment to use labels to move traffic?

A.    FTP
B.    POP
C.    LLDP
D.    PPP
E.    L2TP
F.    LDP

Answer: F

QUESTION 349
Which PIM feature allows the same multicast group address to be reused in different administrative domains?

A.    Proxy Registering
B.    IP Multicast Helper
C.    IP Multicast Boundary
D.    CGMP

Answer: C
Explanation:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/12-4t/imc-pim-12-4t-book/imc_basic_cfg.html

QUESTION 350
Which two IP packet types always traverse to the route processor CPU? (Choose two)

A.    Data-plane packets
B.    Forwarding-plane packets
C.    Control-plane packets
D.    Services-plane packets
E.    Management-plane packets

Answer: CE

QUESTION 351
Which route types are redistributed from OSPF into BGP by default?

A.    All route types
B.    External routes only
C.    Inter-area routes only
D.    Intra-area routes only
E.    Intra-area routes and inter-area routes

Answer: E

QUESTION 352
Which feature forces a new Diffie-Hellman key exchange each time data is transmitted over a IPsec tunnel?

A.    PFS
B.    rsa-encr authentication
C.    rsa-sig authentication
D.    802.1x
E.    CRACK authentication

Answer: A

QUESTION 353
Refer to the exhibit. Which device role could have generated this debug output?

 

A.    an NHS only
B.    an NHC only
C.    an NHS or an NHC
D.    a DMVPN hub router

Answer: B

QUESTION 354
Which statement about the NHRP network ID is true?

A.    It is sent from the spoke to the hub to identify the spoke as a member of the same NHRP domain.
B.    It is sent from the hub to the spoke to identify the hub as a member of the same NHRP domain.
C.    It is sent between spokes to identify the spokes as members of the same NHRP domain.
D.    It is a locally significant ID used to define the NHRP domain for an interface.

Answer: D

QUESTION 355
You are configuring a DMVPN spoke to use IPsec over a physical interface that is located within a VRF. For which three configuration sections must you specify the VRF name? (Choose three.)

A.    the ISAKMP profile
B.    the crypto keyring
C.    the IPsec profile
D.    the IPsec transform set
E.    the tunnel interface
F.    the physical interface

Answer: BEF

QUESTION 356
Which IPv6 prefix is used for 6to4 tunnel addresses?

A.    2001. . /23
B.    2002. . /16
C.    3ffe. . /16
D.    5f00. . /8
E.    2001. . /32

Answer: B

QUESTION 357
When you configure the ip pmtu command under an L2TPv3 pseudowire class, which two things can happen when a packet exceeds the L2TP path MTU? (Choose two.)

A.    The router drops the packet.
B.    The router always fragments the packet after L2TP/IP encapsulation.
C.    The router drops the packet and sends an ICMP unreachable message back to the sender only if
the DF bit is set to 1.
D.    The router always fragments the packet before L2TP/IP encapsulation.
E.    The router fragments the packet after L2TP/IP encapsulation only if the DF bit is set to 0.
F.    The router fragments the packet before L2TP/IP encapsulation only if the DF bit is set to 0.

Answer: CF

QUESTION 358
Which two parameters does the Tunnel Mode Auto Selection feature select automatically? (Choose two.)

A.    the tunneling protocol
B.    the transport protocol
C.    the ISAKMP profile
D.    the transform-set
E.    the tunnel peer

Answer: AB

QUESTION 359
By default, how does a GET VPN group member router handle traffic when it is unable to register to a key server?

A.    All traffic is queued until registration is successful or the queue is full.
B.    All traffic is forwarded through the router unencrypted.
C.    All traffic is forwarded through the router encrypted.
D.    All traffic through the router is dropped.

Answer: B

QUESTION 360
Which two protocols are not protected in an edge router by using control plane policing? (Choose two.)

A.    SMTP
B.    RPC
C.    SSH
D.    Telnet

Answer: AB

More free Lead2pass 400-101 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDZ0lrZUFjNWtFYlk

Lead2pass is no doubt your best choice. Using the Cisco 400-101 exam dumps can let you improve the efficiency of your studying so that it can help you save much more time.

2017 Cisco 400-101 (All 969 Q&As) exam dumps (PDF&VCE) from Lead2pass:

https://www.lead2pass.com/400-101.html [100% Exam Pass Guaranteed]

Comments are closed.