Refer to the exhibit.
Which configuration is missing that would enable SSH access on a router that is running Cisco IOS XE
Software?
A.
int Gig0/0/0
management-interface
B.
class-map ssh-class
match access-group protect-ssh
policy-map control-plane-in
class ssh-class
police 80000 conform transmit exceed drop
control-plane
service-policy input control-plane-in
C.
control-plane host
management-interface GigabitEthernet0/0/0 allow ssh
D.
interface Gig0/0/0
ip access-group protect-ssh in
it is a example of control plan access control. Need to define the interface for management interface before it can receive the management trffic
Hahaha, passed 400-101 yesterday! It takes almost 4 months to prepare for it.
Hard process but good result!
Just come here to share my exam experience, want to help more people to pass!
By the way, 2017 400-101 exam add many new questions, share some with you:
QUESTION 1055
Which three configuration settings must match for switches to be in the same MST region? (Choose three)
A. password
B. domain name
C. VLAN names
D. revision number
E. VLAN-to-instance assignment
F. region name
Answer: DEF
QUESTION 1056
What are three valid HSRP states? (Choose three)
A. listen
B. learning
C. full
D. established
E. speak
F. IN IT
Answer: AEF
QUESTION 1057
Drag and Drop Question
Answer:
QUESTION 1058
Refer to the exhibit, Router A must reach router X.
Which option describes how router A decides which interface to use to forward packets ?
A. Router A relies on FIB to select the desired interface
B. Router A does per-packet load-balance across the two interfaces
C. Router A does per-flow load-balance across the two interfaces
D. Router A relies on RIB select the desired interface
Answer: D
QUESTION 1059
Which action must you take to configure encryption for a dynamic VPN?
A. Configure an FQDN peer in ftie crypto pgfile.
B. Configure an FQDN identity in the crypto keyring
C. Configure an FQDN in the crypto keyring
D. Configure an FQDN on the router.
Answer: A
QUESTION 1060
Which feature can segregate routing tables on a single device?
A. BGP
B. VRF-lite
C. OSPFv3
D. MPLS
Answer: B
QUESTION 1061
Which PIM mode can forward traffic by using only (*. G) routing table entries?
A. dense mode
B. sparse-dense mode
C. sparse mode
D. bidrirectional mode
Answer: C
QUESTION 1062
You are configuring CoS-to-DSCP mappings with three requirements:
– AF13 must be marked with COS 1.
– AF22 must be marked with COS 2.
– EF must be marked with COS5.
Which configuration command can you use to implement the requirements?
A. mls qos map cos-dscp 0 14 20 24 32 46 48 56
B. mls qos map cos-dscp 0 10 18 24 32 46 48 56
C. mls qos map cos-dscp 0 12 18 24 32 40 46 56
D. mls qos map cos-dscp 0 12 18 24 32 46 48 56
Answer: A
Passed 400-101 Exam yesterday!almost 15 new questions!
following are some new questions i got:
QUESTION 610
Which two statements about MLD snooping are true?
A. MLD protocol messages can be sent in both IGMPv4 and ICMPv4 formats.
B. It supports private VLANs.
C. It limits the Layer 2 multicast traffic that is generate by routing protocols.
D. PFC modes support MLD version 2 only.
E. The MLD snooping querier requires the VLAN interface to be configured with an 1Pv6 address.
Answer: BE
QUESTION 611
Which 1Pv6 tunneling mechanism requires a service provider to nude one of its own native 1Pv6 blocks to guarantee that its 1Pv6 hosts will be reachable?
A. 6rd tunneling
B. Automatic 6to4 tunneling
C. manual ipv6ip tunneling
D. NAT-PT tunneling
E. Automatic 4to6 tunneling
F. ISATAP tunneling
Answer: F
QUESTION 612
Refer to the exhibit. After you applied this configuration to R1 and R 2 they failed to form an ISIS adjacency.
Which reason for the problem is most likely true?
A. The network statements are mismatched
B. The IP subnets are mismatched
C. T he bandwidth is mismatched
D. The MTUs are mismatched
Answer: D
QUESTION 613
Which two statements about cisco Express Forwarding are time? (Choose two)
A. Adjacency tables and Cisco Express Forwarding tables require packet switching.
B. Cisco Express Forwarding tables contain forwarding information on and adjacency tables contain
reachability information.
C. Adjacency tables and Cisco Express forwarding tables can be separately.
D. Changing MAC header rewrite strings requires cache validation.
E. Cisco Express Forwarding tables contain reach ability information and adjacency tables contain
forwarding information.
Answer: CE
QUESTION 614
0n which three options can Cisco PfR base its traffic routing? (Choose three)
A. Time of day
B. Network performance
C. Router lOS version
D. User-defined link capacity thresholds.
E. An access list with perm it or deny statements.
F. Load-balancing requirements.
Answer: BDF
QUESTION 615
Which three statements about BGP soft reconfiguration are true? (Choose three)
A. Outbound soft reconfiguration requires additional configuration on the BGP neighbor
B. Inbound soft reconfiguration requires additional memory
C. Outbound soft reconfiguration requires additional memory
D. Inbound soft reconfiguration stores an additional copy of the received from a neighbor before routing policies take effect
E. Inbound soft reconfiguration requires additional memory
F. Outbound soft reconfiguration stores an additional copy of the routes advertised to a neighbor before routing policies take effect
Answer: BEF
QUESTION 616
What mechanism should you choose to prevent unicast flooding?
A. Make sure that all end systems are connected to the network with a single physical connection.
B. Use control plane policing (CPP) to limit unicast flooding.
C. Configure the ARP cache timers to be longer than the switch forwarding cache (CAM) timers.
D. Configure the switch forwarding cache (CAM) timers to be longer than the ARP cache timers.
Answer: D
QUESTION 617
Refer to the exhibit. Which two statements about the device configuration are true? (Choose two.)
A. The device has control-plane protection enabled.
B. The device implicitly allows Tel net connections.
C. The GigabitEthemet0/1 interface of the device allows incoming SSH and SNMP connections.
D. The device has management-plane protection enabled.
E. The device allows SSH connections to its loopback interface.
Answer: CD
QUESTION 618
What are the two requirements for BGP to install a classful network into the BGP routing table? (Choose two.)
A. Synchronization is disabled.
B. The AS contains the entire classful network.
C. Auto-summary is enabled.
D. A classful network is statement with a classful mask is in the routing table.
E. A classful network statement with a lower administrative distance ~he routing table.
F. Synchronization is enabled.
Answer: CD
QUESTION 619
Which authentication types does OSPF support?
A. Null (or no authentication), clear text and MD5.
B. Clear text only
C. MD5only
D. MD5 and clear text
E. Null( or no authentication) and clear text
Answer: A
400-101 new questions full version:
https://drive.google.com/drive/folders/0B75b5xYLjSSNZWpRdXBrR0RYaTQ?usp=sharing
Passed 400-251 exam today! Studied 2017 Latest 400-251 PDF and VCE Dumps: https://www.braindump2go.com/400-251.html (470Q&As Version), 15 new questions, got 12 in advance, thnx god!
Following are some new questions i got in my test:
QUESTION
Which two statements about Cisco AMP for Web Security are true? (Choose two)
A. It can detect and block malware and other anomalous traffic before it passes through the Web gateway.
B. It can identify anomalous traffic passing through the Web gateway by comparing it to an established baseline of expected activity
C. It can perform file analysis by sandboxing known malware and comparing unknown files to a local repository of threats
D. It continues monitoring files after they pass the Web gateway
E. It can prevent malicious data exfiltration by blocking critical files from exiting through the Web gateway
F. It can perform reputation-based evaluation and blocking by uploading of incoming files to a cloud-based threat intelligence network
Answer: DF
QUESTION
Which two statements about a wireless access point configured with the guest-mode command are true? (Choose two)
A. If one device on a network is configured in guest mode, clients can use the guest mode SSID to connect to any device on the same network
B. It supports associations by clients that perform passive scans
C. It allows associated clients to transmit packets using its SSID
D. It can support more than one guest-mode SSID
E. It allows clients configured without SSID to associate
Answer: DE
QUESTION
What are the major components of a Firepower health monitor alert?
A. A health monitor, one or more alert responses, and a remediation policy
B. One or more health modules, one more alert responses, and one or more alert actions
C. The severity level, one or more alert responses, and a remediation policy
D. One or more health modules, the severity level, and an alert response
E. One health module and one or more alert responses
Answer: D
QUESTION
Which statement about managing Cisco ISE Guest Services is true?
A. Only a Super Admin or System Admin can delete the default Sponsor portal
B. ISE administrators can view and set a guest’s password to a custom value in the sponsor portal
C. ISE administrators can access the Sponsor portal only if they have valid Sponsor accounts
D. By default, an ISE administrator can manage only the guest accounts he or she created in the Sponsor portal
E. Only ISE administrators from an external identity store can be members of a Sponsor group
F. ISE administrator can access the Sponsor portal only from the Guest Access menu
Answer: D
QUESTION
Which two statements about 6to4 tunneling are true?
A. It provides a /48 address block
B. The prefix address of the tunnel is determined by the IPv6 configuration to the interface
C. It supports static and BGPv4 routing
D. It supports managed NAT along the path of the tunnel
E. It provides a /128 address block
F. It supports mutihoming
Answer: AC