QUESTION 411
Refer to the exhibit. If the route to 10.1.1.1 is removed from the R2 routing table, which server becomes the master NTP server?
A. |
R2 |
B. |
The NTP server at 10.3.3.3 |
C. |
The NTP server at 10.4.4.4 |
D. |
The NTP server with the lowest stratum number |
Correct Answer: D
Explanation:
NTP uses a concept called “stratum” that defines how many NTP hops away a device is from an authoritative time source. For example, a device with stratum 1 is a very accurate device and might have an atomic clock attached to it. Another NTP server that is using this stratum 1 server to sync its own time would be a stratum 2 device because it’s one NTP hop further away from the source. When you configure multiple NTP servers, the client will prefer the NTP server with the lowest stratum value.
Reference: https://networklessons.com/network-services/cisco-network-time-protocol-ntp/
QUESTION 412
Refer to the exhibit. If the remaining configuration uses default values, what is the expected output of the show mls qos queue-set command?
A. |
|
B. |
|
C. |
|
D. |
Correct Answer: A
Explanation:
mls qos queue-set output qset-idthreshold queue-id drop-threshold1 drop-threshold2 reserved- threshold maximum-threshold
Configure the WTD thresholds, guarantee the availability of buffers, and configure the maximum memory allocation for the queue-set (four egress queues per port).
By default, the WTD thresholds for queues 1, 3, and 4 are set to 100 percent. The thresholds for queue 2 are set to 200 percent. The reserved thresholds for queues 1, 2, 3, and 4 are set to 50 percent. The maximum thresholds for all queues are set to 400 percent.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swqos.html
QUESTION 413
Which two fields reside in the initial CHAP challenge packet? (Choose two.)
A. |
the authentication name of the challenger |
B. |
a random hash value generated by the device |
C. |
the hashed packet type ID |
D. |
the packet type ID in clear text |
Correct Answer: AD
Explanation:
When a caller A dials in to an access server B, The Access server sends across the link an initial Type 1 authentication packet called a Challenge. This Challenge packet contains a randomly generated number, an ID sequence number to identify the challenge (sent in clear text) and the authentication name of the challenger.
Reference: http://www.rhyshaden.com/ppp.htm
QUESTION 414
Which two Cisco IOS AAA features are available with the local database? (Choose two.)
A. |
command authorization |
B. |
network access authorization |
C. |
network accounting |
D. |
network access authentication |
Correct Answer: AD
Explanation:
Configuring the Local Database
This section describes how to manage users in the local database. You can use the local database for CLI access authentication, privileged mode authentication, command authorization, network access authentication, and VPN authentication and authorization. You cannot use the local database for network access authorization. The local database does not support accounting.
Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/aaa.html
QUESTION 415
Which three options are best practices for implementing a DMVPN? (Choose three.)
A. |
Use IPsec in tunnel mode. |
B. |
Implement Dead Peer Detection to detect communication loss. |
C. |
Configure AES for encryption of transported data. |
D. |
Configure SHA-1 for encryption of transported data. |
E. |
Deploy IPsec hardware acceleration to minimize router memory overhead. |
F. |
Configure QoS services only on the head-end router. |
Correct Answer: ABC
Explanation:
Best Practices Summary for Hub-and-Spoke Deployment Model
This section describes the best practices for a dual DMVPN cloud topology with the hub-and- spoke deployment, supporting IP multicast (IPmc) traffic including routing protocols.
The following are general best practices:
Configure Triple DES (3DES) or AES for encryption of transported data (exports of encryption algorithms to certain countries may be prohibited by law).
Implement Dead Peer Detection (DPD) on the spokes to detect loss of communication between peers.
Deploy hardware-acceleration of IPsec to minimize router CPU overhead, to support traffic with low latency and jitter requirements, and for the highest performance for cost.
Keep IPsec packet fragmentation to a minimum on the customer network by setting MTU size or using Path MTU Discovery (PMTUD).
Use Digital Certificates/Public Key Infrastructure (PKI) for scalable tunnel authentication.
Configure a routing protocol (for example, EIGRP, BGP or OSPF) with route summarization for dynamic routing.
Set up QoS service policies as appropriate on headend and branch router interfaces to help alleviate interface congestion issues and to attempt to keep higher priority traffic from being dropped during times of congestion.
Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG/DMVPN_1.html
QUESTION 416
What are the three primary components of NetFlow? (Choose three.)
A. |
Flow caching |
B. |
A flow collector |
C. |
The data analyzer |
D. |
Flow sequence numbers |
E. |
Cisco Express Forwarding |
F. |
Multicast |
Correct Answer: ABC
Explanation:
NetFlow includes three key components that perform the following capabilities:
Flow caching analyzes and collects IP data flows entering router or switch interfaces and prepares data for export. It enables the accumulation of data on flows with unique characteristics, such as IP addresses, application, and CoS.
FlowCollector and Data Analysis captures exported data from multiple routers and filters and aggregates the data according to customer policies, and then stores this summarized or aggregated data. Users can leverage Cisco NetFlow collector as a flow collector, or they can opt for a variety of third-party partner products. A Graphical user interface displays and analyzes NetFlow data collected from FlowCollector files. This allows users to complete near-real-time visualization or trending analysis of recorded and aggregated flow data. Users can specify the router and aggregation scheme and desired time interval.
Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/product_data_sheet0900aecd80173f71.html
QUESTION 417
Which option is the result if two adjacent routers are configured for OSPF with different process IDs?
A. |
The routers are unable to establish an adjacency. |
B. |
The routers establish an adjacency, but route exchange fails. |
C. |
The routers establish an adjacency and exchange routes, but the routes are unreachable. |
D. |
The routers establish an adjacency and exchange routes, and the routes are reachable. |
Correct Answer: D
QUESTION 418
Refer to the exhibit. Which two options are possible states for the interface configured with the given OSPFv3 authentication? (Choose two.)
A. |
GOING UP |
B. |
DOWN |
C. |
UNCONFIGURED |
D. |
GOING DOWN |
Correct Answer: AB
Explanation:
To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you. The secure socket API is used by applications to secure traffic. The API needs to allow the application to open, listen, and close secure sockets. The binding between the application and the secure socket layer also allows the secure socket layer to inform the application of changes to the socket, such as connection open and close events. The secure socket API is able to identify the socket; that is, it can identify the local and remote addresses, masks, ports, and protocol that carry the traffic requiring security.
Each interface has a secure socket state, which can be one of the following:
OSPFv3 will not send or accept packets while in the DOWN state.
Referene: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html
QUESTION 419
Which two statements about BGP best-path selection are true? (Choose two.)
A. |
The route with the highest local preference is preferred. |
B. |
The weight attribute is advertised to peers. |
C. |
The route with the lowest MED is preferred. |
D. |
A route that originates from iBGP peers is preferred. |
E. |
A route that originates from a router with a higher BGP router ID is preferred. |
F. |
The lowest weight advertised is preferred. |
Correct Answer: AC
QUESTION 420
Which two advantages does CoPP have over receive path ACLs? (Choose two.)
A. |
Only CoPP applies to IP packets and non-IP packets. |
B. |
Only CoPP applies to receive destination IP packets. |
C. |
A single instance of CoPP can be applied to all packets to the router, while rACLs require multiple instances. |
D. |
Only CoPP can rate-limit packets. |
Correct Answer: AD
Explanation:
Control Plane Policing – CoPP is the Cisco IOS-wide route processor protection mechanism. As illustrated in Figure 2, and similar to rACLs, CoPP is deployed once to the punt path of the router.
However, unlike rACLs that only apply to receive destination IP packets, CoPP applies to all packets that punt to the route processor for handling. CoPP therefore covers not only receive destination IP packets, it also exceptions IP packets and non-IP packets. In addition, CoPP is implemented using the Modular QoS CLI (MQC) framework for policy construction. In this way, in addition to simply permit and deny functions, specific packets may be permitted but rate-limited. This behavior substantially improves the ability to define an effective CoPP policy. (Note: that
“Control Plane Policing” is something of a misnomer because CoPP generally protects the punt path to the route processor and not solely the control plane.)
Reference: http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html
Free VCE & PDF File for Cisco 400-101 Exam Questions
Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …
100-105 Dumps VCE PDF
200-105 Dumps VCE PDF
300-101 Dumps VCE PDF
300-115 Dumps VCE PDF
300-135 Dumps VCE PDF
300-320 Dumps VCE PDF
400-101 Dumps VCE PDF
640-911 Dumps VCE PDF
640-916 Dumps VCE PDF
70-410 Dumps VCE PDF
70-411 Dumps VCE PDF
70-412 Dumps VCE PDF
70-413 Dumps VCE PDF
70-414 Dumps VCE PDF
70-417 Dumps VCE PDF
70-461 Dumps VCE PDF
70-462 Dumps VCE PDF
70-463 Dumps VCE PDF
70-464 Dumps VCE PDF
70-465 Dumps VCE PDF
70-480 Dumps VCE PDF
70-483 Dumps VCE PDF
70-486 Dumps VCE PDF
70-487 Dumps VCE PDF
220-901 Dumps VCE PDF
220-902 Dumps VCE PDF
N10-006 Dumps VCE PDF
SY0-401 Dumps VCE PDF