Download New Updated (July) Cisco 400-101 Actual Test 331-340

Ensurepass

 

QUESTION 331

Refer to the exhibit. A spoke site that is connected to Router-A cannot reach a spoke site that is connected to Router- B, but both spoke sites can reach the hub. What is the likely cause of this issue?

 

clip_image002

 

A.

There is a router doing PAT at site B.

B.

There is a router doing PAT at site A.

C.

NHRP is learning the IP address of the remote spoke site as a /32 address rather than a /24 address.

D.

There is a routing issue, as NHRP registration is working.

 

Correct Answer: B

Explanation:

If one spoke is behind one NAT device and another different spoke is behind another NAT device, and Peer Address Translation (PAT) is the type of
NAT used on both NAT devices, then a session initiated between the two spokes cannot be established.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/sec_secure_connectivity/configuration/guide/convert/sec_dmvpn_xe_3s_book/sec_dmvpn_dt_spokes_b_nat_xe.html

 

 

QUESTION 332

Which three statements are functions that are performed by IKE phase 1? (Choose three.)

 

A.

It builds a secure tunnel to negotiate IKE phase 1 parameters.

B.

It establishes IPsec security associations.

C.

It authenticates the identities of the IPsec peers.

D.

It protects the IKE exchange by negotiating a matching IKE SA policy.

E.

It protects the identities of IPsec peers.

F.

It negotiates IPsec SA parameters.

 

Correct Answer: CDE

Explanation:

The basic purpose of IKE phase 1 is to authenticate the IPSec peers and to set up a secure channel between the peers to enable IKE exchanges. IKE phase 1 performs the following functions:

Reference: http://www.ciscopress.com/articles/article.asp?p=25474&seqNum=7

 

 

QUESTION 333

The session status for an IPsec tunnel with IPv6-in-IPv4 is down with the error message IKE message from 10.10.1.1 failed its sanity check or is malformed. Which statement describes a possible cause of this error?

 

A.

There is a verification failure on the IPsec packet.

B.

The SA has expired or has been cleared.

C.

The pre-shared keys on the peers are mismatched.

D.

There is a failure due to a transform set mismatch.

E.

An incorrect packet was sent by an IPsec peer.

 

Correct Answer: C

Explanation:

IKE Message from X.X.X.X Failed its Sanity Check or is Malformed

This debug error appears if the pre-shared keys on the peers do not match. In order to fix this issue, check the pre-shared keys on both sides.

1d00H:%CRPTO-4-IKMP_BAD_MESSAGE. IKE message from 150.150.150.1 failed its sanity check or is malformed

Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#ike

QUESTION 334

Which three statements describe the characteristics of a VPLS architecture? (Choose three.)

 

A.

It forwards Ethernet frames.

B.

It maps MAC address destinations to IP next hops.

C.

It supports MAC address aging.

D.

It replicates broadcast and multicast frames to multiple ports.

E.

It conveys MAC address reachability information in a separate control protocol.

F.

It can suppress the flooding of traffic.

 

Correct Answer: ACD

Explanation:

As a VPLS forwards Ethernet frames at Layer 2, the operation of VPLS is exactly the same as that found within IEEE 802.1 bridges in that VPLS will self learn source MAC address to port associations, and frames are forwarded based upon the destination MAC address. Like other 802.1 bridges, MAC address aging is supported.

Reference: http://www.cisco.com/en/US/products/hw/routers/ps368/products_white_paper09186a00801f6084.shtml

 

 

QUESTION 335

A GRE tunnel is down with the error message %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error. Which two options describe possible causes of the error? (Choose two.)

 

A.

Incorrect destination IP addresses are configured on the tunnel.

B.

There is link flapping on the tunnel.

C.

There is instability in the network due to route flapping.

D.

The tunnel mode and tunnel IP address are misconfigured.

E.

The tunnel destination is being routed out of the tunnel interface.

 

Correct Answer: CE

Explanation:

The %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error message means that the generic routing encapsulation (GRE) tunnel router has discovered a recursive routing problem. This condition is usually due to one of these causes:

Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/22327-gre-flap.html

 

 

QUESTION 336

Which mechanism does Cisco recommend for CE router interfaces that face the service provider for an EVPL circuit with multiple EVCs and multiple traffic classes?

 

A.

HCBWFQ

B.

LLQ

C.

tail drop

D.

WRED

 

Correct Answer: A

Explanation:

In a simple handoff, packets may be discarded in the service provider network, either because of congestion on a link without an appropriate QoS policy or because of a policer QoS configuration on the service provider network that serves to rate limit traffic accessing the WAN core. To address these issues, QoS on the CE device is applied at a per-port level. A QoS service policy is configured on the outside Ethernet interface, and this parent policy includes a shaper that then references a second or subordinate (child) policy that enables queueing within the shaped rate. This is called a hierarchical CBWFQ (HCBWFQ) configuration.

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/Ethernet_Access_for_ NG_MAN_WAN_V3-1_external.html

 

 

QUESTION 337

Refer to the exhibit. Which two statements about the VPN solution are true? (Choose two.)

 

clip_image004

 

A.

Customer A and customer B will exchange routes with each other.

B.

R3 will advertise routes received from R1 to R2.

C.

Customer C will communicate with customer A and B.

D.

Communication between sites in VPN1 and VPN2 will be blocked.

E.

R1 and R2 will receive VPN routes advertised by R3.

 

Correct Answer: CE

Explanation:

+ VPN1 exports 10:1 while VPN3 imports 10:1 so VPN3 can learn routes of VPN1.

+ VNP1 imports 10:1 while VNP3 export 10:1 so VNP1 can learn routes of VPN3.

-> Customer A can communicate with Customer C

 

+ VPN2 exports 20:1 while VPN3 imports 20:1 so VPN3 can learn routes of VPN2.

+ VPN2 imports 20:1 while VPN3 exports 20:1 so VPN2 can learn routes of VPN3.

-> Customer B can communicate with Customer C

 

Therefore answer C is correct.

Also answer E is correct because R1 & R2 import R3 routes.

Answer A is not correct because Customer A & Customer B do not import routes which are exported by other router. Customer A & B can only see Customer C.

Answer B is not correct because a router never exports what it has learned through importation. It only exports its own routes.

Answer D is correct because two VPN1 and VPN2 cannot see each other. Maybe in this question there are three correct answers.

 

 

QUESTION 338

Which Carrier Ethernet service supports the multiplexing of multiple point-to-point EVCs across as a single UNI?

 

A.

EPL

B.

EVPL

C.

EMS

D.

ERMS

 

Correct Answer: B

Explanation:

Ethernet Relay Service (ERS or EVPL)

An Ethernet Virtual Circuit (EVC) is used to logically connect endpoints, but multiple EVCs could exist per single UNI. Each EVC is distinguished by 802.1q VLAN tag identification. The ERS network acts as if the Ethernet frames have crossed a switched network, and certain control traffic is not carried between ends of the EVC. ERS is analogous to Frame Relay where the CE-VLAN tag plays the role of a Data-Link Connection Identifier (DLCI). The MEF term for this service is EVPL.

Reference: http://www.cisco.com/c/en/us/td/docs/net_mgmt/ip_solution_center/5-1/carrier_ethernet/user/guide/l2vpn51book/concepts.html

 

 

QUESTION 339

What is the purpose of Route Target Constraint?

 

A.

to avoid using route reflectors in MPLS VPN networks

B.

to avoid using multiple route distinguishers per VPN in MPLS VPN networks

C.

to be able to implement VPLS with BGP signaling

D.

to avoid sending unnecessary BGP VPNv4 or VPNv6 updates to the PE router

E.

to avoid BGP having to perform route refreshes

 

Correct Answer: D

Explanation:

Some service providers have a very large number of routing updates being sent from RRs to PEs, using considerable resources. A PE does not need routing updates for VRFs that are not on the PE; therefore, the PE determines that many routing updates it receives are “unwanted.” The PE can filter out the unwanted updates using Route Target Constraint.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/iproute_bgp/configuration/guide/2_xe/irg_xe_book/irg_rt_filter_xe.html.

 

 

 

QUESTION 340

Refer to the exhibit. Which statement is true?

 

clip_image006

 

A.

This is an MPLS TE point-to-multipoint LSP in an MPLS network.

B.

This is an MPLS TE multipoint-to-point LSP in an MPLS network.

C.

This is a point-to-multipoint LSP in an MPLS network.

D.

This is a multipoint-to-multipoint LSP in an MPLS network.

 

Correct Answer: D

Explanation:

Same example of this provided on slide 24 at the reference link below:

Reference: “mVPN Deployment Models” Cisco Live Presentation

http://d2zmdbbm9feqrf.cloudfront.net/2014/eur/pdf/BRKIPM-2011.pdf, slide 24

 

Free VCE & PDF File for Cisco 400-101 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

This entry was posted in 400-101 Real Tests (July) and tagged , , , , , , . Bookmark the permalink.