[Free] 2019(Nov) EnsurePass Cisco 400-101 Dumps with VCE and PDF 141-150

Get Full Version of the Exam

Question No.141



Correct Answer:


Question No.142

EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy rollover from an old key to a new key. Which two statements are true regarding the usage of multiple authentication keys? (Choose two.)

  1. Received packets are authenticated by the key with the smallest key ID.

  2. Sent packets are authenticated by all valid keys, which means that each packet is replicated as many times as the number of existing valid keys.

  3. Received packets are authenticated by any valid key that is chosen.

  4. Sent packets are authenticated by the key with the smallest key ID.

Correct Answer: CD


Suppose two routers are connected with each other via Fa0/0 interfaces and they are configured to authenticate via MD5. Below is a simple configuration on both routers so that they will work: Router1(config)#key chain KeyChainR1

Router1(config-keychain)#key 1

Router1(config-keychain- key)#key-string FirstKey Router1(config-keychain-key)#key 2

Router1(config-keychain-key)#key-string SecondKey Router2(config)#key chain KeyChainR2 Router2(config-keychain)#key 1

Router2(config-keychain- key)#key-string FirstKey Router2(config-keychain-key)#key 2

Router2(config-keychain-key)#key-string SecondKey Apply these key chains to R1 amp; R2: Router1(config)#interface fastEthernet 0/0 Router1(config-if)#ip authentication mode eigrp 1 md5

Router1(config-if)#ip authentication key-chain eigrp 1 KeyChainR1 Router2(config)#interface fastEthernet 0/0

Router2(config-if)#ip authentication mode eigrp 1 md5 Router2(config-if)#ip authentication key-chain eigrp 1 KeyChainR2 There are some rules to configure MD5 authentication with EIGRP:

The key chain names on two routers do not have to match (in this case the name quot;KeyChainR1

amp; quot;KeyChainR2 do not match) The key number and key-string on the two potential neighbors must match (for example quot;key 1 amp; quot;key-string FirstKeyquot; must match on quot;key 1 amp; quot;key-string FirstKeyquot; of neighboring router)

Also some facts about MD5 authentication with EIGRP When sending EIGRP messages the lowest valid key number is used -gt; D is correct. When receving EIGRP messages all currently configured valid keys are verified but the lowest valid one will be used -gt; Although answer C does not totally mention like that but it is the most suitable answer because A and B are totally wrong. Answer A is not correct because we need valid key to authenticate.

As mentioned above, although answer C is not totally correct but it puts some light on why

answer B is not correct: each packet is NOT quot;replicated as many times as the number of existing valid keysquot;. All currently configured valid keys are verified but the lowest valid one will be used.

Question No.143

Which option is the default maximum age of the MAC address table?

  1. 300 seconds

  2. 500 seconds

  3. 1200 seconds

  4. 3600 seconds

Correct Answer: A


To configure the maximum aging time for entries in the Layer 2 table, use the mac-address-table aging-time command in global configuration mode.

Syntax Description seconds

MAC address table entry maximum age. Valid values are 0, and from 5 to 1000000 seconds. Aging time is counted from the last time that the switch detected the MAC address. The default value is 300 seconds.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/lanswitch/command/reference/lsw_book/lsw_m1.html

Question No.144

Which attribute is not part of the BGP extended community when a PE creates a VPN-IPv4 route while running OSPF between PE-CE?

  1. OSPF domain identifier

  2. OSPF route type

  3. OSPF router ID

  4. MED

  5. OSPF network type Correct Answer: E Explanation:

By process of elimination, from RFC 4577:

For every address prefix that was installed in the VRF by one of its associated OSPF instances, the PE must create a VPN-IPv4 route in BGP. Each such route will have some of the following Extended Communities attributes:

The OSPF Domain Identifier Extended Communities attribute. If the OSPF instance that installed the route has a non-NULL primary Domain Identifier, this MUST be present; if that OSPF instance has only a NULL Domain Identifier, it MAY be omitted.

OSPF Route Type Extended Communities Attribute. This attribute MUST be present. It is encoded with a two-byte type field, and its type is 0306.

OSPF Router ID Extended Communities Attribute. This OPTIONAL attribute specifies the OSPF Router ID of the system that is identified in the BGP Next Hop attribute. More precisely, it specifies the OSPF Router Id of the PE in the OSPF instance that installed the route into the VRF from which this route was exported.

MED (Multi_EXIT_DISC attribute). By default, this SHOULD be set to the value of the OSPF distance associated with the route, plus 1.

Reference: https://tools.ietf.org/html/rfc4577

Question No.145

Which implementation can cause packet loss when the network includes asymmetric routing


  1. the use of ECMP routing

  2. the use of penultimate hop popping

  3. the use of Unicast RPF

  4. disabling Cisco Express Forwarding

Correct Answer: C


When administrators use Unicast RPF in strict mode, the packet must be received on the interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may drop legitimate traffic that is received on an interface that was not the router#39;s choice for sending return traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the network.

Reference: http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html

Question No.146

Which statement about the RPF interface in a BIDIR-PIM network is true?

  1. In a BIDIR-PIM network, the RPF interface is always the interface that is used to reach the PIM rendezvous point.

  2. In a BIDIR-PIM network, the RPF interface can be the interface that is used to reach the PIM rendezvous point or the interface that is used to reach the source.

  3. In a BIDIR-PIM network, the RPF interface is always the interface that is used to reach the source.

  4. There is no RPF interface concept in BIDIR-PIM networks.

Correct Answer: A


RPF stands for quot;Reverse Path Forwardingquot;. The RPF Interface of a router with respect to an address is the interface that the MRIB indicates should be used to reach that address. In the case of a BIDIR-PIM multicast group, the RPF interface is determined by looking up the Rendezvous Point Address in the MRIB. The RPF information determines the interface of the router that would be used to send packets towards the Rendezvous Point Link for the group.

Reference: https://tools.ietf.org/html/rfc5015

Question No.147

Refer to the exhibit. While configuring AAA with a local database, users can log in via Telnet, but receive the message quot;error in authenticationquot; when they try to go into enable mode. Which action can solve this problem?


  1. Configure authorization to allow the enable command.

  2. Use aaa authentication login default enable to allow authentication when using the enable command.

  3. Verify whether an enable password has been configured.

  4. Use aaa authentication enable default enable to allow authentication when using the enable command.

Correct Answer: C


If a different enable password is configured, it will override the privilege level 15 of that user and force the existing password to be used for enable access.

Question No.148

Which statement is true regarding the UDP checksum?

  1. It is used for congestion control.

  2. It cannot be all zeros.

  3. It is used by some Internet worms to hide their propagation.

  4. It is computed based on the IP pseudo-header.

Correct Answer: D


The method used to compute the checksum is defined in RFC 768:

quot;Checksum is the 16-bit one#39;s complement of the one#39;s complement sum of a pseudo header of information from the IP header, the UDP header, and the data, padded with zero octets at the end (if necessary) to make a multiple of two octets.quot;

In other words, all 16-bit words are summed using one#39;s complement arithmetic. Add the 16-bit values up. Each time a carry-out (17th bit) is produced, swing that bit around and add it back into the least significant bit. The sum is then one#39;s complemented to yield the value of the UDP checksum field.

If the checksum calculation results in the value zero (all 16 bits 0) it should be sent as the one#39;s complement (all 1s).

Reference: http://en.wikipedia.org/wiki/User_Datagram_Protocol

Question No.149

What can PfR passive monitoring mode measure for TCP flows?

  1. only delay

  2. delay and packet loss

  3. delay and reachability

  4. delay, packet loss, and throughput

  5. delay, packet loss, throughput, and reachability

Correct Answer: E


Passive monitoring metrics include the following:


Delay: Cisco PfR measures the average delay of TCP flows for a given prefix or traffic class. Delay is the measurement of the round-trip response time (RTT) between the transmission of a TCP synchronization message and receipt of the TCP acknowledgement.


Packet loss: Cisco PfR measures packet loss by tracking TCP sequence numbers for each TCP flow; it tracks the highest TCP sequence number. If it receives a subsequent packet with a lower sequence number, PfR increments the packet-loss counter. Packet loss is measured in packets per million.


Reachability: Cisco PfR measures reachability by tracking TCP synchronization messages that have been sent repeatedly without receiving a TCP acknowledgement.


Throughput: Cisco PfR measures TCP throughput by measuring the total number of bytes and packets for each interesting traffic class or prefix for a given interval of time.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/performance- routing-pfr/product_data_sheet0900aecd806c4ee4.html

Question No.150

Which two configuration changes should be made on the OTP interface of an EIGRP OTP route reflector? (Choose two.)

  1. passive-interface

  2. no split-horizon

  3. no next-hop-self

  4. hello-interval 60, hold-time 180

Correct Answer: BC


The EIGRP Over the Top feature enables a single end-to-end Enhanced Interior Gateway Routing Protocol (EIGRP) routing domain that is transparent to the underlying public or private WAN transport that is used for connecting disparate EIGRP customer sites. When an enterprise extends its connectivity across multiple sites through a private or a public WAN connection, the service provider mandates that the enterprise use an additional routing protocol, typically the Border Gateway Protocol (BGP), over the WAN links to ensure end-to-end routing. The use of an additional protocol causes additional complexities for the enterprise, such as additional routing processes and sustained interaction between EIGRP and the routing protocol to ensure connectivity, for the enterprise. With the EIGRP Over the Top feature, routing is consolidated into a single protocol (EIGRP) across the WAN.

Perform this task to configure a customer edge (CE) device in a network to function as an EIGRP Route Reflector:

  1. enable

  2. configure terminal

  3. router eigrp virtual-name

  4. address-family ipv4 unicast autonomous-system as-number

  5. af-interface interface-type interface-number

  6. no next-hop-self

  7. no split-horizon

  8. exit

  9. remote-neighbors source interface-type interface-number unicast-listen lisp-encap

  10. network ip-address

  11. end

    Note. Use no next-hop-self to instructs EIGRP to use the received next hop and not the local outbound interface address as the next hop to be advertised to neighboring devices. If no next- hop-self is not configured, the data traffic will flow through the EIGRP Route Reflector.

    Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire- xe-3s-book/ire-eigrp-over-the-top.html

    Get Full Version of the Exam
    400-101 Dumps
    400-101 VCE and PDF

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com