Download New Updated (July) Cisco 400-101 Actual Test 371-380

Ensurepass

 

QUESTION 371

Refer to the exhibit. Which LISP component do routers in the public IP network use to forward traffic between the two networks?

 

clip_image002

 

A.

EID

B.

RLOC

C.

map server

D.

map resolver

 

Correct Answer: B

Explanation:

Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/15-mt/irl-15-mt-book/irl-overview.html

 

 

QUESTION 372

Refer to the exhibit. Which device role could have generated this debug output?

 

clip_image004

 

A.

an NHS only

B.

an NHC only

C.

an NHS or an NHC

D.

a DMVPN hub router

 

Correct Answer: B

Explanation:

NHRP works off a server/client relationship, where the NHRP clients (let’s call them next hop clients/NHCs) register with their next hop server (NHS), it’s the responsibility of the NHS to track all of its NHCs this is done with registration request and reply packets. Here we see a registration request, which can only be sent by an NHC.

 

 

QUESTION 373

Which statement about the NHRP network ID is true?

 

A.

It is sent from the spoke to the hub to identify the spoke as a member of the same NHRP domain.

B.

It is sent from the hub to the spoke to identify the hub as a member of the same NHRP domain.

C.

It is sent between spokes to identify the spokes as members of the same NHRP domain.

D.

It is a locally significant ID used to define the NHRP domain for an interface.

 

Correct Answer: D

Explanation:

The NHRP network ID is used to define the NHRP domain for an NHRP interface and differentiate between multiple NHRP domains or networks, when two or more NHRP domains (GRE tunnel interfaces) are available on the same NHRP node (router). The NHRP network ID is used to help keep two NHRP networks (clouds) separate from each other when both are configured on the same router.

The NHRP network ID is a local only parameter. It is significant only to the local router and it is not transmitted in NHRP packets to other NHRP nodes. For this reason the actual value of the NHRP network ID configured on a router need not match the same NHRP network ID on another router where both of these routers are in the same NHRP domain. As NHRP packets arrive on a GRE interface, they are assigned to the local NHRP domain in the NHRP network ID that is configured on that interface.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html

 

 

QUESTION 374

You are configuring a DMVPN spoke to use IPsec over a physical interface that is located within a VRF. For which three configuration sections must you specify the VRF name? (Choose three.)

 

A.

the ISAKMP profile

B.

the crypto keyring

C.

the IPsec profile

D.

the IPsec transform set

E.

the tunnel interface

F.

the physical interface

 

Correct Answer: BEF

Explanation:

ip vrf forwardingvrf-name

 

Example:

Router(config-if)# ip vrf forwarding green

Associates a virtual private network (VPN) routing and forwarding (VRF) instance with an interface or subinterface.

 

vrf-name is the name assigned to a VRF.

Router(config-if)# tunnel vrfvrf-name

Example:

Router(config-if)# tunnel vrf finance1

Associates a VPN routing and forwarding (VRF) instance with a specific tunnel destination.

vrf-name is the name assigned to a VRF.

Router(config)# crypto keyringkeyring-name [vrf fvrf-name] Defines a crypto keyring to be used during IKE authentication and enters keyring configuration mode.

 

keyring-name–Name of the crypto keyring.

fvrf-name–(Optional) Front door virtual routing and forwarding (FVRF) name to which the keyring will be referenced. fvrf-name must match the FVRF name that was defined during virtual routing and forwarding (VRF) configuration

 

 

QUESTION 375

Which IPv6 prefix is used for 6to4 tunnel addresses?

 

A.

2001. . /23

B.

2002. . /16

C.

3ffe. . /16

D.

5f00. . /8

E.

2001. . /32

 

Correct Answer: B

Explanation:

6to4 works by taking advantage of a reserved IPv6 prefix, 2002::/16. A 6to4 tunnel interface automatically converts the 32 bits in its IPv6 address following this prefix to a global unicast IPv4 address for transport across an IPv4 network such as the public Internet.

Reference: http://packetlife.net/blog/2010/mar/15/6to4-ipv6-tunneling/

 

 

QUESTION 376

When you configure the ip pmtu command under an L2TPv3 pseudowire class, which two things can happen when a packet exceeds the L2TP path MTU? (Choose two.)

 

A.

The router drops the packet.

B.

The router always fragments the packet after L2TP/IP encapsulation.

C.

The router drops the packet and sends an ICMP unreachable message back to the sender only if the DF bit is set to 1.

D.

The router always fragments the packet before L2TP/IP encapsulation.

E.

The router fragments the packet after L2TP/IP encapsulation only if the DF bit is set to 0.

F.

The router fragments the packet before L2TP/IP encapsulation only if the DF bit is set to 0.

 

Correct Answer: CF

Explanation:

If you enable the ip pmtu command in the pseudowire class, the L2TPv3 control channel participates in the path MTU discovery. When you enable this feature, the following processing is performed:

 

ICMP unreachable messages sent back to the L2TPv3 router are deciphered and the tunnel MTU is updated accordingly. In order to receive ICMP unreachable messages for fragmentation errors, the DF bit in the tunnel header is set according to the DF bit value received from the CE, or statically if the ip dfbit set option is enabled. The tunnel MTU is periodically reset to the default value based on a periodic timer.

 

ICMP unreachable messages are sent back to the clients on the CE side. ICMP unreachable messages are sent to the CE whenever IP packets arrive on the CE-PE interface and have a packet size greater than the tunnel MTU. A Layer 2 header calculation is performed before the ICMP unreachable message is sent to the CE.

 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/l2tpv325.html

 

 

QUESTION 377

Which two parameters does the Tunnel Mode Auto Selection feature select automatically? (Choose two.)

 

A.

the tunneling protocol

B.

the transport protocol

C.

the ISAKMP profile

D.

the transform-set

E.

the tunnel peer

 

Correct Answer: AB

Explanation:

The Tunnel Mode Auto Selection feature eases the configuration and spares you about knowing the responder’s details. This feature automatically applies the tunneling protocol (GRE or IPsec) and transport protocol (IPv4 or IPv6) on the virtual template as soon as the IKE profile creates the virtual access interface. This feature is useful on dual stack hubs aggregating multivendor remote access, such as Cisco AnyConnect VPN Client, Microsoft Windows7 Client, and so on.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-ipsec-virt-tunnl.html

 

 

QUESTION 378

By default, how does a GET VPN group member router handle traffic when it is unable to register to a key server?

 

A.

All traffic is queued until registration is successful or the queue is full.

B.

All traffic is forwarded through the router unencrypted.

C.

All traffic is forwarded through the router encrypted.

D.

All traffic through the router is dropped.

 

Correct Answer: B

Explanation:

In the basic GETVPN configuration, the traffic passing through group members will be sent in clear until it registers with the Key Server. This is because the crypto ACL is configured on the KS and GM will get that information only after the registration is successful. This means for a short period of time the traffic can go out unencrypted after a GM is booted up or the existing GETVPN session is cleared manually. This mode is called “fail open” and it is the default behavior. This behavior can be turned off by configuring “Fail Close” mode on the GMs.

Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/deployment_guide_c07_554713.html

 

 

QUESTION 379

DRAG DROP

clip_image006

 

Correct Answer:

clip_image008

 

 

 

QUESTION 380

MPLS LDP IGP synchronization is configured on a link. The OSPF adjacency on that link is UP but MPLS LDP synchronization is not achieved. Which statement about this scenario is true?

 

A.

The router excludes the link from its OSPF LSA type 1.

B.

The router flushes its own router LSA.

C.

The router advertises the link in its router LSA with max-metric.

D.

The router advertises an LSA type 2 for this link, with the metric set to max-metric.

E.

The router advertises the link and OSPF adjacency as it would when the synchronization is achieved.

 

Correct Answer: C

Explanation:

To enable LDP-IGP Synchronization on each interface that belon
gs to an OSPF or IS-IS process, enter the mpls ldp sync command. If you do not want some of the interfaces to have LDP-IGP Synchronization enabled, issue the no mpls ldp igp sync command on those interfaces. If the LDP peer is reachable, the IGP waits indefinitely (by default) for synchronization to be achieved. To limit the length of time the IGP session must wait, enter the mpls ldp igp sync holddown command. If the LDP peer is not reachable, the IGP establishes the adjacency to enable the LDP session to be established.

When an IGP adjacency is established on a link but LDP-IGP Synchronization is not yet achieved or is lost, the IGP advertises the max-metric on that link.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fsldpsyn.html

 

Free VCE & PDF File for Cisco 400-101 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

This entry was posted in 400-101 Real Tests (July) and tagged , , , , , , . Bookmark the permalink.