Do you want to pass the 400-101 Examsavior exam? What are the new questions of the latest 400-101 exam? Examsavior 400-101 VCE dumps and 400-101 PDF dumps will tell you all about the 400-101 Examsavior exam.Here are the Examsavior newest and covered all new added questions and answers, which will help you 100% passing 400-101 Examsavior exam.Hurry up and get the free exam from here!
NOW FREE DOWNLOAD
QUESTION 461
Refer to the exhibit.
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12D5.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
What happens to packets when traffic in the icmp-class class exceeds the policed amount?
A. Packets are discarded and a message is logged.
B. Packets are discarded and a trap is sent to any servers that are configured to receive traps.
C. Packets are discarded silently.
D. Packets are discarded and an inform is sent to any servers that are configured to receive informs.
Correct Answer: C
Section: Infrastructure Security
Explanation
Explanation/Reference:
Explanation:
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12D6.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
In this case, the service policy is set to output, which drops the traffic silently per above.
Reference. http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/15-mt/qos- plcshp-15-mt-book/qos-plcshp-ctrl-pln-plc.html
QUESTION 462
Which option is the Cisco recommended method to secure access to the console port?
A. Configure the activation-character command.
B. Configure a very short timeout (less than 100 milliseconds) for the port.
C. Set the privilege level to a value less than 15.
D. Configure an ACL.
Correct Answer: A
Section: Infrastructure Security
Explanation
Explanation/Reference:
Explanation:
The activation-character command defines a session activation character. Entering this character at a vacant terminal begins a terminal session. The defaultactivation character is the Return key.
To secure the console port, you should change this character to a different one as most people simply hit the enter key when trying to access the console.
QUESTION 463
DRAG DROP
Drag and drop each SNMP security model and level on the left to the corresponding mode of authentication on the right.
Select and Place:
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12D7.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Correct Answer:
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12D8.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Section: Infrastructure Security
Explanation
Explanation/Reference:
QUESTION 464
Which two Cisco IOS AAA features are available with the local database? (Choose two.)
A. command authorization
B. network access authorization
C. network accounting
D. network access authentication
Correct Answer: AD
Section: Infrastructure Security
Explanation
Explanation/Reference:
Explanation:
Configuring the Local DatabaseThis section describes how to manage users in the local database. You can use the local database for CLI access authentication, privileged mode authentication,
command authorization, network access authentication, and VPN authentication and authorization. You cannot use the local database for network access
authorization. The local database does not support accounting.
Reference.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/aaa.html
QUESTION 465
Which two features are used for inspection when IPv6 address glean is enabled? (Choose two.)
A. DHCP messages
B. ND messages
C. ICMPv6 messages
D. UDP messages
E. TCP messages
Correct Answer: AB
Section: Infrastructure Security
Explanation
Explanation/Reference:
Explanation:
IPv6 address glean is the foundation for many other IPv6 features that depend on an accurate binding table. It inspects ND and DHCP messages on a link to
glean addresses, and then populates the binding table with these addresses. This feature also enforces address ownership and limits the number of addresses
any given node is allowed to claim.
Reference. http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-s/ip6f- 15-s-book/ip6-snooping.html
QUESTION 466
Which two statements about the protected ports feature and the private VLAN feature are true? (Choose two.)
A. The protected ports feature is limited to the local switch.
B. The protected ports feature can isolate traffic between two “protected” ports on different switches.
C. The private VLAN feature is limited to the local switch.
D. The private VLAN feature prevents interhost communication within a VLAN across one or more switches.
Correct Answer: AD
Section: Infrastructure Security
ExplanationExplanation/Reference:
Explanation:
Protected Ports (PVLAN Edge)
In some network environments, there is a requirement for no traffic to be seen or forwarded between host(s) on the same LAN segment, thereby preventing
interhost communications. The PVLAN edge feature provisions this isolation by creating a firewall-like barrier, thereby blocking any unicast, broadcast, or multicast
traffic among the protected ports on the switch. Note that the significance of the protected port feature is limited to the local switch, and there is no provision in the
PVLAN edge feature to isolate traffic between two “protected” ports located on different switches. For this purpose, the PVLAN feature can be used.
Reference. http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=2
QUESTION 467
DRAG DROP
Drag and drop the TACACS+ configuration command on the left to the correct function it performs on the right.
Select and Place:
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12E9.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Correct Answer:
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12EA.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Section: Infrastructure Security
Explanation
Explanation/Reference:
QUESTION 468
Refer to the exhibit.
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12EB.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Which two configuration changes enable the user admin to log in to the device? (Choose two.)
A. Configure the login authentication to be case-insensitive.
B. Configure the user admin with a password and appropriate privileges.
C. Configure the login authentication to be case-sensitive.
D. Modify the configuration to use a named group.
E. Configure additional login authentication under the terminal lines.
Correct Answer: AB
Section: Infrastructure Security
Explanation
Explanation/Reference:
Explanation:
Usernames and passwords are case-sensitive. Users attempting to log in with an incorrectly cased username or password will be rejected. If users are unable to
log into the router with their specific passwords, reconfigure the username and password on the router.
Reference: http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases- 110/45843-configpasswords.html
QUESTION 469
Which two advantages does CoPP have over receive path ACLs? (Choose two.)
A. Only CoPP applies to IP packets and non-IP packets.B. Only CoPP applies to receive destination IP packets.
C. A single instance of CoPP can be applied to all packets to the router, while rACLs require multiple instances.
D. Only CoPP can rate-limit packets.
Correct Answer: AD
Section: Infrastructure Security
Explanation
Explanation/Reference:
Explanation:
Control Plane Policing CoPP is the Cisco IOS-wide route processor protection mechanism. As illustrated in Figure 2, and similar to rACLs, CoPP is deployed once
to the punt path of the router. However, unlike rACLs that only apply to receive destination IP packets, CoPP applies to all packets that punt to the route processor
for handling. CoPP therefore covers not only receive destination IP packets, it also exceptions IP packets and non-IP packets. In addition, CoPP is implemented
using the Modular QoS CLI (MQC) framework for policy construction. In this way, in addition to simply permit and deny functions, specific packets may be
permitted but rate-limited. This behavior substantially improves the ability to define an effective CoPP policy. (Note: that “Control Plane Policing” is something of a
misnomer because CoPP generally protects the punt path to the route processor and not solely the control plane.)
Reference: http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html
QUESTION 470
Which command drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum
value, and also causes the Security Violation counter to increment?
A. switchport port-security violation protect
B. switchport port-security violation drop
C. switchport port-security violation shutdown
D. switchport port-security violation restrict
Correct Answer: D
Section: Infrastructure Security
Explanation
Explanation/Reference:
Explanation:
When configuring port security violation modes, note the following information:
protect–Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
restrict–Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and
causes the SecurityViolation counter to increment.
shutdown–Puts the interface into the error-disabled state immediately and sends an SNMP trap notification.Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12- 2SX/configuration/guide/book/port_sec.html
QUESTION 471
Refer to the exhibit.
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12EC.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Which configuration is missing that would enable SSH access on a router that is running Cisco IOS XE Software?
A. int Gig0/0/0
management-interface
B. class-map ssh-class
match access-group protect-ssh
policy-map control-plane-in
class ssh-class
police 80000 conform transmit exceed drop
control-plane
service-policy input control-plane-in
C. control-plane host
management-interface GigabitEthernet0/0/0 allow ssh
D. interface Gig0/0/0
ip access-group protect-ssh in
Correct Answer: C
Section: Infrastructure Services
ExplanationExplanation/Reference:
Explanation:
The feature Management Plane Protection (MPP) allows an administrator to restrict on which interfaces management traffic can be received by a device. This
allows the administrator additional control over a device and how the device is accessed.
This example shows how to enable the MPP in order to only allow SSH and HTTPS on the GigabitEthernet0/1 interface:
!
control-plane host
management-interface GigabitEthernet 0/1 allow ssh https
!
Reference. http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
QUESTION 472
Which three modes are valid PfR monitoring modes of operation? (Choose three.)
A. route monitor mode (based on BGP route changes)
B. RMON mode (based on RMONv1 and RMONv2 data)
C. passive mode (based on NetFlow data)
D. active mode (based on Cisco IP SLA probes)
E. fast mode (based on Cisco IP SLA probes)
F. passive mode (based on Cisco IP SLA probes)
Correct Answer: CDE
Section: Infrastructure Services
Explanation
Explanation/Reference:
Explanation:
Modes are:
Mode monitor passive
Passive monitoring is the act of PfR gathering information on user packets assembled into flows by Netflow. Passive monitoring is typically only recommended in
Internet edge deployments because active probing is ineffective because of security policies that block probing. PfR, when enabled, automatically enables Netflow
on the managed interfaces on the Border Routers. By aggregating this information on the Border Routers and periodically reporting the collected data to the
Master Controller, the network prefixes and applications in use can automatically be learned.
Mode monitor active
Active monitoring is the act of generating Cisco IOS IP Service Level Agreements (SLAs) probes to generate test traffic for the purpose of obtaining information
regarding the characteristics of the WAN links. PfR can either implicitly generates active probes when passive monitoring has identified destination hosts, or the
network manager can explicitly configured probes in the PfR configuration. When jitter probes are used (common use case), Target Discovery is used to learn the
respond address and to automatically generate the probes.Mode monitor Fast
This mode generates active probes through all exists continuously at the configured probe frequency. This differs from either active or both modes in that these
modes only generate probes through alternate paths (exits) in the event the current path is out-of-policy.
Reference. http://docwiki.cisco.com/wiki/PfR:Technology_Overview#Mode_monitor_passive
QUESTION 473
Refer to the exhibit.
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12ED.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Which statement is true?A. The Cisco PfR state is UP; however, the external interface Et0/1 of border router 10.1.1.1 has exceeded the maximum available bandwidth threshold.
B. The Cisco PfR state is UP; however, an issue is preventing the border router from establishing a TCP session to the master controller.
C. The Cisco PfR state is UP and is able to monitor traffic flows; however, MD5 authentication has not been successful between the master controller and the
border routers.
D. The Cisco PfR State is UP; however, the receive capacity was not configured for inbound traffic.
E. The Cisco PfR state is UP, and the link utilization out-of-policy threshold is set to 90 percent for traffic exiting the external links.
Correct Answer: E
Section: Infrastructure Services
Explanation
Explanation/Reference:
Explanation:
All three interfaces show as UP, and the capacity is set to 500 kbps, with the max threshold set to 450 kbps (90% of 500kbps).
QUESTION 474
In the DiffServ model, which class represents the highest priority with the highest drop probability?
A. AF11
B. AF13
C. AF41
D. AF43
Correct Answer: D
Section: Infrastructure Services
Explanation
Explanation/Reference:
Explanation:
AF43– Assured forwarding, high drop probability, Class 4 DSCP, and Flash-override precedence.
Table of AF Classes and Drop Priority
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12EE.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Reference. https://www.informit.com/library/content.aspx?
b=CCIE_Practical_Studies_II&seqNum=56
QUESTION 475
Refer to the exhibit.
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12EF.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Which statement about this IP SLA is true?
A. The SLA must also have a schedule configured before it will start.
B. The TTL of the SLA packets is 10.
C. The SLA has a timeout of 3.6 seconds.
D. The SLA has a lifetime of 5 seconds.
Correct Answer: ASection: Infrastructure Services
Explanation
Explanation/Reference:
Explanation:
When you configure an IP SLAs operation, you must schedule the operation to begin capturing statistics and collecting error information. You can schedule an
operation to start immediately or to start at a certain month, day, and hour. You can use the pending option to set the operation to start at a later time. The pending
option is an internal state of the operation that is visible through SNMP. The pending state is also used when an operation is a reaction (threshold) operation
waiting to be triggered. You can schedule a single IP SLAs operation or a group of operations at one time. We can see in this output that the IP SLA is still in a
pending trigger state.
Reference. http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12- 2/44sg/configuration/guide/Wrapper-44SG/swipsla.html
QUESTION 476
Which three actions are required when configuring NAT-PT? (Choose three.)
A. Enable NAT-PT globally.
B. Specify an IPv4-to-IPv6 translation.
C. Specify an IPv6-to-IPv4 translation.
D. Specify a ::/96 prefix that will map to an IPv4 address.
E. Specify a ::/48 prefix that will map to a MAC address.
F. Specify a ::/32 prefix that will map to an IPv6 address.
Correct Answer: BCD
Section: Infrastructure Services
Explanation
Explanation/Reference:
Explanation:
The detailed steps on configuring NAY-PT is found at the reference link below:
Reference.
http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/ip6- nat_trnsln.html
QUESTION 477
Refer to the exhibit.
![2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE](http://sugarexam.com/wp-content/uploads/2016/08/wps12F0.tmp_.jpg "2016NEW Cisco.CCIE.(400-101)EXAM] CCIE Routing and Switching EXAM A PART20 (461-480) VCE DUMPS FOR FREE DOWNLOAD WITH 100%PASS ENSURE")
Which statement about this COS-DSCP mapping is true?
A. COS 3 is mapped to the expedited forwarding DSCP.
B. COS 16 is mapped to DSCP 2.
C. The default COS is mapped to DSCP 32.
D. This mapping is the default COS-DSCP mapping on Cisco switches.
Correct Answer: A
Section: Infrastructure Services
Explanation
Explanation/Reference:
Explanation:
Here we see that COS 3 is mapped to DSCP 46, which is the Expedited forwarding class:
The Expedited Forwarding (EF) model is used to provide resources to latency (delay) sensitive real- time, interactive traffic. The EF model uses one marking —
DSCP 46.
QUESTION 478
Which three statements about implementing a NAT application layer gateway in a network are true? (Choose three.)
A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used.
B. It maintains granular security over application-specific data.
C. It allows synchronization between multiple streams of data between two hosts.
D. Application layer gateway is used only in VoIP/SIP deployments.
E. Client applications require additional configuration to use an application layer gateway.
F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network.
Correct Answer: ABC
Section: Infrastructure Services
ExplanationExplanation/Reference:
Explanation:
An application-level gateway (ALG), also known as an application-layer gateway, is an application that translates the IP address information inside the payload of
an application packet. An ALG is used to interpret the application-layer protocol and perform firewall and Network Address Translation (NAT) actions. These
actions can be one or more of the following depending on your configuration of the firewall and NAT:
Allow client applications to use dynamic TCP or UDP ports to communicate with the server application.
Recognize application-specific commands and offer granular security control over them. Synchronize multiple streams or sessions of data between two hosts
that are exchanging data.
Translate the network-layer address information that is available in the application payload
Reference. http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe- 3s/asr1000/nat-xe-3s-asr1k-book/fw-msrpc-supp.html
QUESTION 479
Refer to the exhibit.
At which location will the benefit of this configuration be observed?
A. on Router A and its upstream routers
B. on Router A and its downstream routers
C. on Router A only
D. on Router A and all of its ARP neighbors
Correct Answer: B
Section: Infrastructure Services
Explanation
Explanation/Reference:
Explanation:
The following example shows how to configure the router (and downstream routers) to drop all options packets that enter the network:
Router(config)# ip options drop
Reference. http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/sel_drop.html
QUESTION 480
Which statement about shaped round robin queuing is true?A. Queues with higher configured weights are serviced first.
B. The device waits a period of time, set by the configured weight, before servicing the next queue.
C. The device services a single queue completely before moving on to the next queue.
D. Shaped mode is available on both the ingress and egress queues.
Correct Answer: A
Section: Infrastructure Services
Explanation
Explanation/Reference:
Explanation:
SRR is scheduling service for specifying the rate at which packets are dequeued. With SRR there are two modes, shaped and shared. Shaped mode is only
available on the egress queues
SRR differs from typical WRR. With WRR queues are serviced based on the weight. Q1 is serviced for weight 1 period of time, Q2 is served for weight 2 period of
time, and so forth. The servicing mechanism works by moving from queue to queue and services them for the weighted amount of time. With SRR weights are still
followed; however, SRR services Q1, moves to Q2, then Q3 and Q4 in a different way. It does not wait at and service each queue for a weighted amount of time
before moving on to the next queue. Instead, SRR makes several rapid passes at the queues; in each pass, each queue might or might not be serviced. For each
given pass, the more highly weighted queues are more likely to be serviced than the lower priority queues.
Reference. http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3560-e-series- switches/prod_qas0900aecd805bacc7.html
Latest online browsing the 400-101 exam!
400-101 PDF dumps & 400-101 VCE dumps: http://examsavior.com/400-101
 |  |  |  |  | |
|---|---|---|---|---|---|
Test King
|
Pass4sure
|
Actual Tests
|
Other Brands
| ||
| Customer Reviews |  |  |  |  |  |
$89.99
|
$124.99
|
$125.99
|
$189.00
|
$29.99~$49.99
| |
| Up-To-Dated |  |  |  |  |  |
| Real Questions & Answers |  |  |  |  |  |
| Correct All Error |  |  |  |  |  |
| Premium VCE Dumps |  |  |  |  |  |
| Free VCE Simulator |  |  |  |  |  |
| Unlimited After One Time Purchasing |  |  |  |  |  |
| Instant Download |  |  |  |  |  |
| Printable PDF Dumps |  |  |  |  |  |
| 100% Pass Guarantee |  |  |  |  |  |
| 100% Money Back |  |  |  |  |  |
100% Pass:http://examsavior.com/
No comments:
Post a Comment