[Free] Download New Latest (November) Cisco 400-201 Actual Tests 251-260

Ensurepass

QUESTION 251

Which two statements best describe the signalling requirements of virtual circuit setup of VPLS and exchange of reachability information (MAC addresses)?

 

A.

Cisco VPLS does not require the exchange of reachability (MAC addresses) information via a signaling protocol. This information is learned from the data plane using standard address learning, aging, and filtering mechanisms defined for Ethernet bridging.

B.

Cisco VPLS uses directed LDP as a signalling protocol to exchange reachability (MAC addresses) information to avoid maintanance of ARP cache.

C.

In Cisco VPLS the virtual circuit setup uses Multi-Protocol BGP as autodiscovery and signaling mechanism. Using BGP allows BPDUs to be propagated across VPLS in a scaleable fashion.

D.

In Cisco VPLS the virtual circuit setup uses the same LDP signaling mechanism defined for point-to-point services. Using a directed LDP session, each provider edge advertises a virtual circuit label mapping that is used as part of the label stack imposed on the Ethernet frames by the ingress provider edge during packet forwarding.

 

Correct Answer: AD

 

 

QUESTION 252

Which two options best describe the purpose of session ID and cookie field in a L2TPv3 packet?

 

A.

The session ID is a 32-bit locally significant field used to identify the call on the destination or egress tunnel endport. The session ID will be negotiated by the control connection or statically defined if using the L2TP v3 data plane only.

B.

The cookie is a variable length (with a maximum of eight bytes),word-aligned optional field. The control connection can negotiate this as an additional level of guarantee beyond the regular session ID lookup to make sure that a data message has been directed to the correct session or that any recently reused session ID will not be misdirected.

C.

The cookie is a 32-bit locally significant field used to identify the call on the destination or egress tunnel endpoint. The cookie will be negotiated by the control connection or statically defined if using the L2TPv3 data plane only

D.

The session ID is a variable length (with a maximum of eight bytes), word-aligned optional field. The control connection can negotiate this as an additional level of guarantee beyond the regular cookie lookup to make sure that a data message has been directed to the correct session or that any recently reused cookie will not be misdirected.

Correct Answer: AB

Explanation:

Session ID:

The 32-bit nonzero session ID carried in the data message header is used to associate incoming data messages with a particular local attachment circuit. Note that one L2TPv3 session corresponds to one pseudowire.

 

Cookie:

Following the session ID is an optional variable length random cookie value (maximum 64 bits). This cookie value can be used in addition to the session ID and adds an extra level of assurance that the incoming data messages are correctly associated with the local attachment circuit. Furthermore, a randomly chosen cookie provides protection against blind insertion attacks. That is, an attacker would find it very difficult, if not impossible, to insert packets into a data stream (pseudowire) if the attacker is unable to sniff packets transiting the network between peer LCCEs. This is because of the difficulty of guessing the correct cookie value (0 to 264 if the cookie is 64 bits in length).

 

 

QUESTION 253

Which two statements about VPLS are true? (Choose two.)

 

A.

There is a full mesh of pseudo wires.

B.

There is a partial mesh of pseudo wires.

C.

Only L2TPv3 can be used for pseudo wire establishment.

D.

There is split-horizon to avoid loops.

 

Correct Answer: AD

 

 

QUESTION 254

What is the main difference between the information displayed on the dspload and the dsptrkutl screens?

 

A.

The dspload screen is for all trunks; the dsptrkutl screen is for one trunk.

B.

The dspload screen shows the expected traffic; the dsptrkutl screen shows actual traffic.

C.

The information on the dspload screen never changes; the dsptrkutl screen is dynamic

D.

The dspload screen shows historical information; the dsptrkutl screen shows current information.

 

Correct Answer: B

Explanation:

Displays both the used and available bandwidth (both in the transmit and receive directions) for each trunk at the specified node. The “transmit” direction is from the node specified and to the node at the other end of the trunk. In the screen display, the numbers of disabled trunks appear in dim, reverse video on the screen.

 

dsptrkutl

Displays dynamic utilization information for a specified trunk. The trunk must be upped and added to use this command. The following lists the trunk utilization and terminated connection parameters included in the display. The parameter values are updated according to the specified or default interval and the screen remains displayed until the DEL key is depressed. Disabled trunks have their trunk number displayed in dim, reverse video on the screen.

 

 

 

 

QUESTION 255

With the DSCP value fo “101110”, what does the “11” in bits DS1 and DS2 indicate?

 

A.

CS (Class Selector Value)

B.

Queue Depth

C.

PHB (Per-Hop Behavior)

D.

IP Precedence

E.

Drop Probability

F.

AF Class

 

Correct Answer: E

 

 

QUESTION 256

Refer to the exhibit. Inbound Infrastructure ACLs are configured to protect the SP network. Which three types of traffic should be filtered in the infrastructure ACLs? (Choose three.)

 

clip_image002

 

A.

traffic from a source with an IP address that is within 239.255.0.0/16

B.

FTP traffic destined for internal routers

C.

IPsec traffic that at an internal router

D.

traffic from a source with an IP address that is within 162.238.0.0/16

E.

EBGP traffic that peers with edge routers

 

Correct Answer: ABD

Explanation:

With the use of the protocols and addresses identified, the infrastructure ACL can be built to permit the protocols and protect the addresses. In addition to direct protection, th
e ACL also provides a first line of defense against certain types of invalid traffic on the Internet:  RFC 1918 space must be denied. (RFC1918 describes a set of network ranges set aside for so-called “private” use.)  Packets with a source address that fall under special-use address space, as defined in RFC 3330, must be denied.  Anti-spoof filters must be applied. (Your address space must never be the source of packets from outside your AS.)

 

 

QUESTION 257

Which of the following statements about MD5 Routing Updates authentication is valid? (Choose two.)

 

A.

The MD5 algorithm inputs the routing updates of arbitrary length and outputs a 128-bit hash

B.

The MD5 algorithm inputs the routing updates of every 64bit length and outputs an 8-bit hash

C.

Multiple keys are supported

D.

Routing updates packets are delivered in encrypted messages

E.

Shared secret keys are delivered in encrypted messages

 

Correct Answer: AC

 

 

QUESTION 258

Which of the following descriptions about uRPF loose mode is correct? (Choose two).

 

A.

It is typically used on point-to-point interfaces where the same interface is used for both directions of packet flows; if the source address has a return route in the FIB table, it is then checked against the adjacency table to ensure the same interface receiving the packet is the same interface used for the return path.

B.

If a packet fails the uRPF loose mode check, the packet is then transmitted and creates a log message.

C.

It is typically used on multipoint interfaces or on routers where asymmetrical routing is used (packets are received on one interface but the return path is not on the same interface); loose mode verifies a source address by looking in forwarding information base(FIB).

D.

If a packet fails the uRPF loose mode check, the packet is then dropped.

 

Correct Answer: CD

Explanation:

When administrators use Unicast RPF in strict mode, the packet must be received on the interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may drop legitimate traffic that is received on an interface that was not the router’s choice for sending return traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the network.

 

When administrators use Unicast RPF in loose mode, the source address must appear in the routing table.

 

Administrators can change this behavior using the allow-default option, which allows the use of the default route in the source verification process. Additionally, a packet that contains a source address for which the return route points to the Null 0 interface will be dropped. An access list may also be specified that permits or denies certain source addresses in Unicast RPF loose mode.

Care must be taken to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain asymmetric routing paths.

 

 

QUESTION 259

Referring to the exhibit, if RTP header compression is used on the link, the header’s overhead on the voice packet will be reduced by what percent?

 

clip_image004

 

A.

from 50% to 25%

B.

from 50% to 20%

C.

from 70% to 20%

D.

from 70% to 33%

 

Correct Answer: D

 

 

QUESTION 260

What is the relationship between the Domain Name System (DNS) and LDAP?

 

A.

All the root DNS servers maintain information in a distributed LDAP tree.

B.

DNS clients access DNS information by making LDAP queries to DNS servers.

C.

An LDAP DN attribute is a Domain Name.

D.

It is currently recommended to express DN as a sequence of Domain components.

 

Correct Answer: D

 

Free VCE & PDF File for Cisco 400-201 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

Tags: