Want to Pass 400-101 Exam In Next HOURS? Get it now →
April 20, 2017

Renewal 400-101 exam cost Guide

Q21. What are the three primary components of NetFlow? (Choose three.) 

A. Flow caching 

B. A flow collector 

C. The data analyzer 

D. Flow sequence numbers 

E. Cisco Express Forwarding 

F. Multicast 

Answer: A,B,C 


NetFlow includes three key components that perform the following capabilities: 

. Flow caching analyzes and collects IP data flows entering router or switch interfaces and prepares data for export. It enables the accumulation of data on flows with unique characteristics, such as IP addresses, application, and CoS. 

. FlowCollector and Data Analysis captures exported data from multiple routers and filters and aggregates the data according to customer policies, and then stores this summarized or aggregated data. Users can leverage Cisco NetFlow collector as a flow collector, or they can opt for a variety of third-party partner products. A Graphical user interface displays and analyzes NetFlow data collected from FlowCollector files. This allows users to complete near-real-time visualization or trending analysis of recorded and aggregated flow data. Users can specify the router and aggregation scheme and desired time interval. 

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/product_data_sheet0900aecd80173f71.html 


Drag and drop each policy command on the left to the function it performs on the right. 


Q23. Which ICMP message type is used to assist path MTU discovery? 

A. destination unreachable 

B. redirect message 

C. source quench 

D. time exceeded 


Q24. Which two issues is TCP Sequence Number Randomization designed to prevent? (Choose two.) 

A. DDOS attacks 

B. OS fingerprinting 

C. man-in-the-middle attacks 

D. ARP poisoning 

E. Smurf attack 

Answer: B,C 

Q25. Which statement describes the function of rekey messages? 

A. They prevent unencrypted traffic from passing through a group member before registration. 

B. They refresh IPsec SAs when the key is about to expire. 

C. They trigger a rekey from the server when configuring the rekey ACL. 

D. They authenticate traffic passing through a particular group member. 



Rekey messages are used to refresh IPsec SAs. When the IPsec SAs or the rekey SAs are about to expire, one single rekey message for a particular group is generated on the key server. No new IKE sessions are created for the rekey message distribution. The rekey messages are distributed by the key server over an existing IKE SA. Rekeying can use multicast or unicast messages. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-xe-3s-book/sec-get-vpn.html 


Drag and drop the DMVPN command on the left to the corresponding function on the right. 


Q27. Which two options are signaling protocols that are used in MPLS? (Choose two.) 







Answer: A,B 


* Signaling is the means by which LSRs all along the path know that they are a part of a given LSP. It is a signaling function by which the LSR knows that the internal transit path for the LSP depicted goes from Interface 2 to Interface 4. 

* Label distribution is the means by which an LSR tells an upstream LSR what label value to use for a particular LSP. 

There are four protocols that can perform the label distribution function: 

* Label Distribution Protocol (LDP) 

* Resource Reservation Protocol with Traffic Engineering Extensions (RSVP-TE) 

* Constraint-Based Routed LDP (CR-LDP) 

* Multiprotocol BGP 

LDP and RSVP-TE are the two most commonly used label distribution protocols 

Reference: http://www.networkworld.com/article/2237487/cisco-subnet/understanding-mpls-label-distribution.html 

Q28. Refer to the exhibit. 

Which two are causes of output queue drops on FastEthernet0/0? (Choose two.) 

A. an oversubscribed input service policy on FastEthernet0/0 

B. a duplex mismatch on FastEthernet0/0 

C. a bad cable connected to FastEthernet0/0 

D. an oversubscribed output service policy on FastEthernet0/0 

E. The router trying to send more than 100 Mb/s out of FastEthernet0/0 

Answer: D,E 


Output drops are caused by a congested interface. For example, the traffic rate on the outgoing interface cannot accept all packets that should be sent out, or a service policy is applied that is oversubscribed. The ultimate solution to resolve the problem is to increase the line speed. However, there are ways to prevent, decrease, or control output drops when you do not want to increase the line speed. You can prevent output drops only if output drops are a consequence of short bursts of data. If output drops are caused by a constant high-rate flow, you cannot prevent the drops. However, you can control them. 

Reference: http://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/6343-queue-drops.html 

Q29. Refer to the exhibit. 

Which statement is true? 

A. This is an MPLS TE point-to-multipoint LSP in an MPLS network. 

B. This is an MPLS TE multipoint-to-point LSP in an MPLS network. 

C. This is a point-to-multipoint LSP in an MPLS network. 

D. This is a multipoint-to-multipoint LSP in an MPLS network. 



Same example of this provided on slide 24 at the reference link below: 

Reference: “mVPN Deployment Models” Cisco Live Presentation 

http://d2zmdbbm9feqrf.cloudfront.net/2014/eur/pdf/BRKIPM-2011.pdf, slide 24 

Q30. Which LSA type is associated with the default route in a totally stubby area? 

A. interarea-prefix LSA for ABRs (Type 3) 

B. autonomous system external LSA (Type 5) 

C. router LSA (Type 1) 

D. interarea-router LSAs for ASBRs (Type 4) 


see more free 400-101 exam dumps