This page was exported from 100% Free Lead2pass Exam Dumps Download [ http://www.pass4surevip.com ] Export date:Mon Oct 21 13:17:33 2019 / +0000 GMT ___________________________________________________ Title: [Lead2pass Official] 2017 Lead2pass New Updated 400-101 Exam Questions (341-360) --------------------------------------------------- Lead2pass 2017 September New Cisco 400-101 Exam Dumps! 100% Free Download! 100% Pass Guaranteed! Lead2pass is constantly updating 400-101 exam dumps. We will provide our customers with the latest and the most accurate exam questions and answers that cover a comprehensive knowledge point, which will help you easily prepare for 400-101 exam and successfully pass your exam. You just need to spend 20-30 hours on studying the exam dumps. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/400-101.html QUESTION 341Refer to the exhibit. Routers A and B are the edge devices at two different sites such as shown. The two edge devices use public addresses on their WAN interfaces and the both sites use RFC 1918 for all other addresses. If routers A and B have established an IPsec tunnel, which statement about the network environment must be true?   A.    Router A1 and router B1 are using NAT translation to allow private-address traffic to traverse the tunnelB.    Router A and router B are using BGP to share routes between the two sitesC.    The tunnel terminates on the ISP routesD.    Each site is capable of routing private addressing over the IPsec tunnelAnswer: D QUESTION 342Which STP feature can protect the network environment from loops in case of software failure? A.    Root GuardB.    BPDU GuardC.    Bridge AssuranceD.    PortFast Answer: CExplanation:http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/spanning_tree_features.html#79584You can use Bridge Assurance to protect against certain problems that can cause bridging loops in the network. Specifically, you use Bridge Assurance to protect against a unidirectional link failure or other software failure and a device that continues to forward data traffic when it is no longer running the spanning tree algorithm. QUESTION 343Refer to the exhibit. Routers A and B are the edge devices at two different sites as shown. If routers A and B have established an IPsec tunnel, which two statements about the network environment must be true? (Choose two)   A.    The connection could have been authenticated with 802.1xB.    The connection could have authenticated with a pre-shared keyC.    RFC 1918 addresses are in use on the WAN interfaces on router A and router BD.    The connection could have been authenticated with MD5E.    Public IP addresses are in use on the WAN interfaces on router A and router B Answer: BE QUESTION 344Refer to the exhibit, multiple hosts on the 10.2.2.0/24 network are sending traffic to the web server, Which configuration can you apply to R2 so that traffic from host 1 uses the path R2-R1-R3 to reach the web server, without affecting other hosts?   A.    access-list 1 permit 10.2.2.0 0.0.0.255B.    interface FastEthernet2/0 ip policy route-map POLICY-ROUTEC.    access-list 1 permit 10.2.2.3 255.255.255.255D.    access-list 1 permit 10.2.2.3 0.0.0.0E.    access-list 1 permit 10.2.2.4 0.0.0.0F.    ip local policy route-map POLICY-ROUTE Answer: D QUESTION 345A floating static route pointing to an interface appears in the routing table even when the interface is down. Which action can you take to correct the problem? A.    Correct the DHCP-provided route on the DHCP serverB.    Remove the permanent option form the static routeC.    Correct the administrative distanceD.    Configure the floating static route to point to another route in the routing table Answer: B QUESTION 346When multiple AAA authentication methods are specified in a method list and all working normally, how is the user authenticated? A.    The user is authenticated against all provided authentication sources and granted the most restricted set of access privilegesB.    The user is authenticated against the first listed authentication source onlyC.    The user is authenticated against the provided authentication sources in order until a match is foundD.    The user is authenticated against all provided authentication sources and granted the least restricted set of access privileges Answer: B QUESTION 347Which feature must be enabled prior to enabling the IGMP Snooping Querier? A.    PIM-SMB.    SSMC.    IP helperD.    IGMP Snooping Answer: D QUESTION 348Which protocol enables routers in an MPLS environment to use labels to move traffic? A.    FTPB.    POPC.    LLDPD.    PPPE.    L2TPF.    LDP Answer: F QUESTION 349Which PIM feature allows the same multicast group address to be reused in different administrative domains? A.    Proxy RegisteringB.    IP Multicast HelperC.    IP Multicast BoundaryD.    CGMP Answer: CExplanation:http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/12-4t/imc-pim-12-4t-book/imc_basic_cfg.html QUESTION 350Which two IP packet types always traverse to the route processor CPU? (Choose two) A.    Data-plane packetsB.    Forwarding-plane packetsC.    Control-plane packetsD.    Services-plane packetsE.    Management-plane packets Answer: CE QUESTION 351Which route types are redistributed from OSPF into BGP by default? A.    All route typesB.    External routes onlyC.    Inter-area routes onlyD.    Intra-area routes onlyE.    Intra-area routes and inter-area routes Answer: E QUESTION 352Which feature forces a new Diffie-Hellman key exchange each time data is transmitted over a IPsec tunnel? A.    PFSB.    rsa-encr authenticationC.    rsa-sig authenticationD.    802.1xE.    CRACK authentication Answer: A QUESTION 353Refer to the exhibit. Which device role could have generated this debug output?   A.    an NHS onlyB.    an NHC onlyC.    an NHS or an NHCD.    a DMVPN hub router Answer: B QUESTION 354Which statement about the NHRP network ID is true? A.    It is sent from the spoke to the hub to identify the spoke as a member of the same NHRP domain.B.    It is sent from the hub to the spoke to identify the hub as a member of the same NHRP domain.C.    It is sent between spokes to identify the spokes as members of the same NHRP domain.D.    It is a locally significant ID used to define the NHRP domain for an interface. Answer: D QUESTION 355You are configuring a DMVPN spoke to use IPsec over a physical interface that is located within a VRF. For which three configuration sections must you specify the VRF name? (Choose three.) A.    the ISAKMP profileB.    the crypto keyringC.    the IPsec profileD.    the IPsec transform setE.    the tunnel interfaceF.    the physical interface Answer: BEF QUESTION 356Which IPv6 prefix is used for 6to4 tunnel addresses? A.    2001. . /23B.    2002. . /16C.    3ffe. . /16D.    5f00. . /8E.    2001. . /32 Answer: B QUESTION 357When you configure the ip pmtu command under an L2TPv3 pseudowire class, which two things can happen when a packet exceeds the L2TP path MTU? (Choose two.) A.    The router drops the packet.B.    The router always fragments the packet after L2TP/IP encapsulation.C.    The router drops the packet and sends an ICMP unreachable message back to the sender only if the DF bit is set to 1.D.    The router always fragments the packet before L2TP/IP encapsulation.E.    The router fragments the packet after L2TP/IP encapsulation only if the DF bit is set to 0.F.    The router fragments the packet before L2TP/IP encapsulation only if the DF bit is set to 0. Answer: CF QUESTION 358Which two parameters does the Tunnel Mode Auto Selection feature select automatically? (Choose two.) A.    the tunneling protocolB.    the transport protocolC.    the ISAKMP profileD.    the transform-setE.    the tunnel peer Answer: AB QUESTION 359By default, how does a GET VPN group member router handle traffic when it is unable to register to a key server? A.    All traffic is queued until registration is successful or the queue is full.B.    All traffic is forwarded through the router unencrypted.C.    All traffic is forwarded through the router encrypted.D.    All traffic through the router is dropped. Answer: B QUESTION 360Which two protocols are not protected in an edge router by using control plane policing? (Choose two.) A.    SMTPB.    RPCC.    SSHD.    Telnet Answer: AB More free Lead2pass 400-101 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDZ0lrZUFjNWtFYlk Lead2pass is no doubt your best choice. Using the Cisco 400-101 exam dumps can let you improve the efficiency of your studying so that it can help you save much more time. 2017 Cisco 400-101 (All 969 Q&As) exam dumps (PDF&VCE) from Lead2pass: https://www.lead2pass.com/400-101.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-09-22 05:59:27 Post date GMT: 2017-09-22 05:59:27 Post modified date: 2017-09-22 05:59:27 Post modified date GMT: 2017-09-22 05:59:27 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com