[Free] 2019(Nov) EnsurePass Cisco 400-101 Dumps with VCE and PDF 211-220

Get Full Version of the Exam

Question No.211



Correct Answer:


Question No.212

Under Cisco IOS Software, which two features are supported in RADIUS Change of Authorization requests? (Choose two.)

  1. session identification

  2. session reauthentication

  3. session termination

  4. host termination

Correct Answer: AC


CoA requests, as described in RFC 5176, are used in a pushed model to allow for session identification, host reauthentication, and session termination. The model comprises one request (CoA-Request) and two possible response codes.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15- sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html

Question No.213

Which two tunneling techniques determine the IPv4 destination address on a per-packet basis?

(Choose two.)

  1. 6to4 tunneling

  2. ISATAP tunneling

  3. manual tunneling

  4. GRE tunneling

Correct Answer: AB


Tunnel Configuration Parameters by Tunneling Type Tunneling Type

Tunnel Configuration Parameter Tunnel Mode

Tunnel Source Tunnel Destination

Interface Prefix or Address Manual


An IPv4 address, or a reference to an interface on which IPv4 is configured. An IPv4 address.

An IPv6 address.


gre ip

An IPv4 address. An IPv6 address. IPv4-compatible ipv6ip auto-tunnel

Not required. These are all point-to-multipoint tunneling types. The IPv4 destination address is calculated, on a per-packet basis, from the IPv6 destination.

Not required. The interface address is generated as ::tunnel-source/96. 6to4

ipv6ip 6to4

An IPv6 address. The prefix must embed the tunnel source IPv4 address ISATAP

ipv6ip isatap

An IPv6 prefix in modified eui-64 format. The IPv6 address is generated from the prefix and the tunnel source IPv4 address.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/ip6- tunnel.html

Question No.214

Which command do you use to connect a dense-mode domain to a sparse-mode multicast domain?

  1. none, because there is no such command

  2. ip pim spt-threshold infinity

  3. ip pim register dense-mode

  4. ip pim dense-mode proxy-register

Correct Answer: D


For IP PIM multicast, Cisco recommends Sparse-Mode over Dense-Mode. In the midst of our network migration, we have a new network operating in Sparse-Mode with Anycast rendezvous point (RP) but our existing network is still operating in Dense-Mode. To bridge two different modes across both PIM domains, we should use the ip pim dense-mode proxy-register command

on the interface leading toward the bordering dense mode region. This configuration will enable the border router to register traffic from the dense mode region (which has no concept of registration) with the RP in the sparse mode domain.

Reference: http://networkerslog.blogspot.com/2010/12/bridging-dense-mode-pim-to-sparse- mode.html

Question No.215



Correct Answer:


Question No.216

Assume that the following MAC addresses are used for the bridge ID MAC address by four different switches in a network. Which switch will be elected as the spanning-tree root bridge?

  1. SwitchA uses MAC 1000.AA-AA-AA-AA-AA-AA.

  2. SwitchB uses MAC 2000.BB-BB-BB-BB-BB-BB.

  3. SwitchC uses MAC 3000.CC-CC-CC-CC-CC-CC.

  4. SwitchD uses MAC 4000.DD-DD-DD-DD-DD-DD.

Correct Answer: A


The switch with the highest switch priority (the lowest numerical priority value) is elected as the root switch. If all switches are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the root switch.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12- 2_53_se/configuration/guide/2960scg/swstp.html

Question No.217

Refer to the exhibit. A tunnel is configured between R3 to R4 sourced with their loopback interfaces. The ip pim sparse-dense mode command is configured on the tunnel interfaces and multicast-routing is enabled on R3 and R4. The IP backbone is not configured for multicast

routing. The RPF check has failed toward the multicast source. Which two conditions could have caused the failure? (Choose two.)


  1. The route back to the RP is through a different interface than tunnel 0.

  2. The backbone devices can only route unicast traffic.

  3. The route back to the RP is through the same tunnel interface.

  4. A static route that points the RP to GigabitEthernet1/0 is configured.

Correct Answer: AD


For a successful RPF verification of multicast traffic flowing over the shared tree (*,G) from RP, an ip mroute rp-address nexthop command needs to be configured for the RP address, that points to the tunnel interface.

A very similar scenario can be found at the reference link below:

Reference: http://www.cisco.com/c/en/us/support/docs/ip/ip-multicast/43584-mcast-over-gre.html

Question No.218

Which option is the most effective action to avoid packet loss due to microbursts?

  1. Implement larger buffers.

  2. Install a faster CPU.

  3. Install a faster network interface.

  4. Configure a larger tx-ring size.

Correct Answer: A


You can#39;t avoid or prevent them as such without modifying the sending host#39;s application/network stack so it smoothes out the bursts. However, you can manage microbursts by tuning the size of receive buffers / rings to absorb occasional microbursts.

Question No.219

Refer to the exhibit. Which statement is true about the downward bit?


  1. It forces the CE router to use a backup link instead of sending traffic via MPLS VPN.

  2. It informs the PE router that the LSA metric has been recently decreased to 1 and that partial SPF calculation cannot be delayed.

  3. It forces the CE router to install the LSA with the downward bit set into its routing table as a discard route.

  4. It informs the PE router that the LSA was already redistributed into BGP by another PE router and that the LSA must not be redistributed into BGP again.

Correct Answer: D


From RFC 4577, specifically section

When a type 3 LSA is sent from a PE router to a CE router, the DN bit [OSPF-DN] in the LSA Options field MUST be set. This is used to ensure that if any CE router sends this type 3 LSA to a PE router, the PE router will not redistribute it further.

When a PE router needs to distribute to a CE router a route that comes from a site outside the latter#39;s OSPF domain, the PE router presents itself as an ASBR (Autonomous System Border Router), and distributes the route in a type 5 LSA. The DN bit [OSPF-DN] MUST be set in these LSAs to ensure that they will be ignored by any other PE routers that receive them.

Question No.220

What is the destination multicast MAC address for BPDUs on the native VLAN, for a switch that is running 802.1D?

A. 0185.C400.0000

  1. 0100.0CCC.CCCC

  2. 0100.0CCC.CCCD D. 0180.C200.0000

Correct Answer: D


If the native vlan is 1:

A STP BPDU for VLAN 1 will be sent untagged to MAC 0180.c200.0000 (this is the common spanning tree)

A PVST BPDU for VLAN 1 will be sent untagged to MAC 0100.0ccc.cccd

A PVST BPDU for all other vlans will be sent with a 802.1Q tag to MAC 0100.0ccc.cccd (with a PVID = to the VLAN)

If the native vlan is not 1:

A STP BPDU for VLAN 1 will be sent untagged (on the native vlan) to MAC 0180.c200.0000 (this

is the common spanning tree)

A PVST BPDU for VLAN1 will be sent with a 802.1Q tag to MAC 0100.0ccc.cccd (with a PVID=1)A PVST BPDU for the native vlan will be sent untagged to MAC 0100.0ccc.cccd (with a PVID=native vlan)

A PVST BPDU for all other vlans will be sent with a 802.1Q tag to MAC 0100.0ccc.cccd (with a PVID = to the VLAN)

Get Full Version of the Exam
400-101 Dumps
400-101 VCE and PDF