Latest Cisco CCIE 400-101 Real Exam Download 201-210

Ensurepass

QUESTION 201

Refer to the exhibit. A network engineer is trying to configure a router as a zone-based firewall and needs to allow DHCP traffic to and from the router on the outside interface. After applying the configuration to the router, he notices that his configuration is not working.

What is wrong with the configuration?

 

clip_image002

 

A.

The UDP ports in access list 111 and access list 112 are incorrect.

B.

The wrong action has been configured on the policy map.

C.

The zone pair configuration is incorrect.

D.

The inside and outside references are incorrect.

 

Answer: A

 

 

QUESTION 202

Refer to the exhibit. The multicast sender and both multicast receivers are in the same VLAN. Multicast receiver 1 can receive the multicast stream from the multicast sender, but multicast receiver 2 cannot receive this stream. While troubleshooting IGMP, it is noticed that the IGMP report from receiver 2 is received by switch 2 but not by switch 1.

Which action will solve this issue?

 

clip_image003

 

A.

Enable PIM on the SVI of the VLAN on switch DSW1 or switch DSW2.

B.

Add a straight connection between switch SW1 and switch SW2.

C.

Enable IGMPv3 membership reports on multicast receiver 2.

D.

Configure a rendezvous point on distribution switch DSW1 and distribution switch DSW2.

 

Answer: A

 

 

QUESTION 203

Refer to the exhibit. A network engineer enables a new port channel between two switches. Both switches are configured for spanning-tree MST. What is causing the dispute message to appear on one of the switches?

 

clip_image005

 

A.

The switch received an IEEE 802.1D BPDU on that port.

B.

The BPDU that is received from the peer is inferior, with the designated role and state as learning

or forwarding.

C.

The peer switch has been configured with a different VLAN instance mapping.

D.

The switch has received a malformed BPDU.

 

Answer: B

 

 

QUESTION 204

Which two Cisco IOS features can be used to defend against spoofing attacks? (Choose two.)

 

A.

auth-proxy

B.

lock-and-key ACL

C.

IP Source Guard

D.

TCP Intercept

E.

CAR

F.

uRPF

G.

reflexive ACL

 

Answer: CF

 

 

QUESTION 205

For which IP SLA test type is an IP SLA responder required on the target device?

 

A.

Path-echo

B.

Path-jitter

C.

An IP SLA responder is not required for any of these probes.

D.

Udp-echo

E.

Tcp-connect

F.

HTTP

 

Answer: C

 

 

QUESTION 206

Which action has the same effect as disabling spanning tree on a single switch port?

 

A.

Enable the PortFast feature on the interface

B.

Enable the BPDU guard feature on the interface?

C.

Enable the BPDU filter feature on the interface?

D.

Enable loop guard on the interface

 

Answer: C

 

 

QUESTION 207

On which port type would you configure STP PortFast BPDU guard?

 

A.

root ports

B.

designated ports

C.

host ports

D.

alternate ports

 

Answer: C

 

 

QUESTION 208

Refer to the exhibit. Which statement is correct?

 

clip_image007

 

A.

Setting the priority of this switch to 16384 for VLAN 1 would cause it to become the secondary root bridge.

B.

IEEE 802.1s spanning tree is being used.

C.

Spanning-tree PortFast should not be enabled on GigabitEthernet2/1.

D.

The spanning-tree timers are not set to their default values.

 

Answer: C

 

 

QUESTION 209

Refer to the exhibit. EIGRP has been configured on all routers in this network.

Which EIGRP neighbor will R5 consider as the successor for network 192.168.1.0/24?

 

clip_image008

 

A.

R3 will be the successor for 192.168.1.0/24.?

B.

R4 will be the successor for 192.168.1.0/24.?

C.

R2 will be the successor for 192.168.1.0/24.?

D.

There is not enough information to determine which neighbor will be considered as successor.

E.

R3 and R4 will both be a successor for 192.168.1.0/24.

 

Answer: C

 

 

QUESTION 210

Which statement is correct about IPv6 RA guard?

 

A.

In host mode, all RA and router redirect messages are allowed on the port.

B.

The RA guard feature is supported only in the egress direction; it is not supported in the ingress direction.

C.

The RA guard feature is not supported on auxiliary VLANs and private VLANs.

D.

The RA guard feature compares configuration information on the Layer 2 device with the information

in the received RA frame.

 

Answer: D

 

Download Latest CISCO CCIE 400-101 Real Free Tests ,help you to pass exam 100%.

Download FREE CCIE 400-101 Demo
FREE Ensurepass CCIE Certification Exam Questions and Answers
FREE Ensurepass Cisco Certification Exam Questions and Answers

 

 

Leave a Reply