Limited Time Discount Offer 30% Off - Ends in 02:00:00


Cisco CCIE 400-101 Exam - CCIE Routing and Switching Written

Download Free Cisco 400-101 Exam Questions

Questions & Answers for Cisco 400-101

Showing 1-15 of 995 Questions

Question #1 - Topic 1

Drag and drop the Cisco IOS XE subpackage on the left to the function it performs on the

Question #2 - Topic 1

Which statement about MSS is true?

A. It is negotiated between sender and receiver.

B. It is sent in all TCP packets.

C. It is 20 bytes lower than MTU by default.

D. It is sent in SYN packets.

E. It is 28 bytes lower than MTU by default.

The maximum segment size (MSS) is a parameter of the Options field of the TCP header
that specifies the largest amount of data, specified in octets, that a computer or
communications device can receive in a single TCP segment. It does not count the TCP
header or the IP header. The IP datagram containing a TCP segment may be self-
contained within a single packet, or it may be reconstructed from several fragmented
pieces; either way, the MSS limit applies to the total amount of data contained in the final,
reconstructed TCP segment.
The default TCP Maximum Segment Size is 536. Where a host wishes to set the maximum
segment size to a value other than the default, the maximum segment size is specified as a
TCP option, initially in the TCP SYN packet during the TCP handshake. The value cannot
be changed after the connection is established.

Question #3 - Topic 1

Which statement is true regarding the UDP checksum?

A. It is used for congestion control.

B. It cannot be all zeros.

C. It is used by some Internet worms to hide their propagation.

D. It is computed based on the IP pseudo-header.

The method used to compute the checksum is defined in RFC 768:
Checksum is the 16-bit one's complement of the one's complement sum of a pseudo
header of information from the IP header, the UDP header, and the data, padded with zero
octets at the end (if necessary) to make a multiple of two octets.
In other words, all 16-bit words are summed using one's complement arithmetic. Add the
16-bit values up. Each time a carry-out (17th bit) is produced, swing that bit around and
add it back into the least significant bit. The sum is then one's complemented to yield the
value of the UDP checksum field.
If the checksum calculation results in the value zero (all 16 bits 0) it should be sent as the
one's complement (all 1s).

Question #4 - Topic 1

Refer to the exhibit.

Your network is suffering excessive output drops. Which two actions can you take to
resolve the problem? (Choose two.)

A. Install a switch with larger buffers.

B. Configure a different queue set.

C. Reconfigure the switch buffers.

D. Configure the server application to use TCP.

E. Update the server operating system.

Installing a switch with larger buffers and correctly configuring the buffers can solve output
queue problems.
For each queue we need to configure the assigned buffers. The buffer is like the storage
space for the interface and we have to divide it among the different queues. This is how to
do it:
mls qos queue-set output <queue set> buffers Q1 Q2 Q3 Q4
In this example, there is nothing hitting queue 2 or queue 3 so they are not being utilized.

Question #5 - Topic 1

Drag and drop the fragmentation characteristics on the left to the corresponding protocol on
the right.

Question #6 - Topic 1

Which two packet types does an RTP session consist of? (Choose two.)







An RTP session is established for each multimedia stream. A session consists of an IP
address with a pair of ports for RTP and RTCP. For example, audio and video streams use
separate RTP sessions, enabling a receiver to deselect a particular stream. The ports
which form a session are negotiated using other protocols such as RTSP (using SDP in the
setup method) and SIP. According to the specification, an RTP port should be even and the
RTCP port is the next higher odd port number.

Question #7 - Topic 1

Which two mechanisms can be used to eliminate Cisco Express Forwarding polarization?
(Choose two.)

A. alternating cost links

B. the unique-ID/universal-ID algorithm

C. Cisco Express Forwarding antipolarization

D. different hashing inputs at each layer of the network

This document describes how Cisco Express Forwarding (CEF) polarization can cause
suboptimal use of redundant paths to a destination network. CEF polarization is the effect
when a hash algorithm chooses a particular path and the redundant paths remain
completely unused.
How to Avoid CEF Polarization
✑ Alternate between default (SIP and DIP) and full (SIP + DIP + Layer4 ports)
hashing inputs configuration at each layer of the network.
✑ Alternate between an even and odd number of ECMP links at each layer of the
network.The CEF load-balancing does not depend on how the protocol routes are
inserted in the routing table. Therefore, the OSPF routes exhibit the same behavior
as EIGRP. In a hierarchical network where there are several routers that perform
load-sharing in a row, they all use same algorithm to load-share.
The hash algorithm load-balances this way by default:
1: 1
2: 7-8
3: 1-1-1
4: 1-1-1-2
5: 1-1-1-1-1
6: 1-2-2-2-2-2
7: 1-1-1-1-1-1-1
8: 1-1-1-2-2-2-2-2
The number before the colon represents the number of equal-cost paths. The number after
the colon represents the proportion of traffic which is forwarded per path.
This means that:
✑ For two equal cost paths, load-sharing is 46.666%-53.333%, not 50%-50%.
✑ For three equal cost paths, load-sharing is 33.33%-33.33%-33.33% (as expected).
✑ For four equal cost paths, load-sharing is 20%-20%-20%-40% and not 25%-25%-
This illustrates that, when there is even number of ECMP links, the traffic is not load-
✑ Cisco IOS introduced a concept called unique-ID/universal-ID which helps avoid
CEF polarization. This algorithm, called the universal algorithm (the default in
current Cisco IOS versions), adds a 32-bit router-specific value to the hash
function (called the universal ID - this is a randomly generated value at the time of
the switch boot up that can can be manually controlled). This seeds the hash
function on each router with a unique ID, which ensures that the same

Question #8 - Topic 1

What is a cause for unicast flooding?

A. Unicast flooding occurs when multicast traffic arrives on a Layer 2 switch that has directly connected multicast receivers.

B. When PIM snooping is not enabled, unicast flooding occurs on the switch that interconnects the PIM-enabled routers.

C. A man-in-the-middle attack can cause the ARP cache of an end host to have the wrong MAC address. Instead of having the MAC address of the default gateway, it has a MAC address of the man-in-the-middle. This causes all traffic to be unicast flooded through the man-in-the-middle, which can then sniff all packets.

D. Forwarding table overflow prevents new MAC addresses from being learned, and packets destined to those MAC addresses are flooded until space becomes available in the forwarding table.

Causes of Flooding
The very cause of flooding is that destination MAC address of the packet is not in the L2
forwarding table of the switch. In this case the packet will be flooded out of all forwarding
ports in its VLAN (except the port it was received on). Below case studies display most
common reasons for destination MAC address not being known to the switch.
Cause 1: Asymmetric Routing
Large amounts of flooded traffic might saturate low-bandwidth links causing network
performance issues or complete connectivity outage to devices connected across such
low-bandwidth links
Cause 2: Spanning-Tree Protocol Topology Changes
Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology
Change Notification (TCN). TCN is designed to correct forwarding tables after the
forwarding topology has changed. This is necessary to avoid a connectivity outage, as after
a topology change some destinations previously accessible via particular ports might
become accessible via different ports. TCN operates by shortening the forwarding table
aging time, such that if the address is not relearned, it will age out and flooding will occur
Cause 3: Forwarding Table Overflow
Another possible cause of flooding can be overflow of the switch forwarding table. In this
case, new addresses cannot be learned and packets destined to such addresses are
flooded until some space becomes available in the forwarding table. New addresses will
then be learned. This is possible but rare, since most modern switches have large enough
forwarding tables to accommodate MAC addresses for most designs.

Question #9 - Topic 1

Which option is the most effective action to avoid packet loss due to microbursts?

A. Implement larger buffers.

B. Install a faster CPU.

C. Install a faster network interface.

D. Configure a larger tx-ring size.

You can't avoid or prevent them as such without modifying the sending host's
application/network stack so it smoothes out the bursts. However, you can manage
microbursts by tuning the size of receive buffers / rings to absorb occasional microbursts.

Question #10 - Topic 1

Refer to the exhibit.

While troubleshooting high CPU utilization of a Cisco Catalyst 4500 Series Switch, you
notice the error message that is shown in the exhibit in the log file.
What can be the cause of this issue, and how can it be prevented?

A. The hardware routing table is full. Redistribute from BGP into IGP.

B. The software routing table is full. Redistribute from BGP into IGP.

C. The hardware routing table is full. Reduce the number of routes in the routing table.

D. The software routing table is full. Reduce the number of routes in the routing table.

Error MessageC4K_L3HWFORWARDING-2-FWDCAMFULL:L3 routing table is full.
Switching to software forwarding.
The hardware routing table is full; forwarding takes place in the software instead. The
switch performance might be degraded.
Recommended Action: Reduce the size of the routing table. Enter the ip cef command to
return to hardware forwarding.

Question #11 - Topic 1

Which two solutions can reduce UDP latency? (Choose two.)

A. fast retransmission

B. fast recovery

C. fast start

D. low-latency queuing

E. IP service level agreements

F. congestion-avoidance algorithm

IP SLA uses active traffic monitoring, which generates traffic in a continuous, reliable, and
predictable manner to measure network performance. IP SLA sends data across the
network to measure performance between multiple network locations or across multiple
network paths. It simulates network data and IP services, and collects network
performance information in real time. This information is collected:
✑ Response times
✑ One-way latency, jitter (interpacket delay variance)
✑ Packet loss
✑ Network resource availability
LLQ uses the priority command. The priority command allows you to set up classes based
on a variety of criteria (not just User Datagram Ports (UDP) ports) and assign priority to
them, and is available for use on serial interfaces and ATM permanent virtual circuits
(PVCs). A similar command, the ip rtp priority command, allows you to stipulate priority
flows based only on UDP port numbers.
Note: All the other answer choices can be used to improve TCP performance, but not UDP.

Question #12 - Topic 1

Drag and drop the argument of the ip cef load-sharing algorithm command on the left to the
function it performs on the right.

Question #13 - Topic 1

A TCP/IP host is able to transmit small amounts of data (typically less than 1500 bytes), but
attempts to transmit larger amounts of data hang and then time out. What is the cause of
this problem?

A. A link is flapping between two intermediate devices.

B. The processor of an intermediate router is averaging 90 percent utilization.

C. A port on the switch that is connected to the TCP/IP host is duplicating traffic and sending it to a port that has a sniffer attached.

D. There is a PMTUD failure in the network path.

Sometimes, over some IP paths, a TCP/IP node can send small amounts of data (typically
less than 1500 bytes) with no difficulty, but transmission attempts with larger amounts of
data hang, then time out. Often this is observed as a unidirectional problem in that large
data transfers succeed in one direction but fail in the other direction. This problem is likely
caused by the TCP MSS value, PMTUD failure, different LAN media types, or defective

Question #14 - Topic 1

Which two statements about packet fragmentation on an IPv6 network are true? (Choose

A. The fragment header is 64 bits long.

B. The identification field is 32 bits long.

C. The fragment header is 32 bits long.

D. The identification field is 64 bits long.

E. The MTU must be a minimum of 1280 bytes.

F. The fragment header is 48 bits long.

The fragment header is shown below, being 64 bits total with a 32 bit identification field:


Question #15 - Topic 1

Which two options are interface requirements for turbo flooding? (Choose two.)

A. The interface is Ethernet.

B. The interface is configured for ARPA encapsulation.

C. The interface is PPP.

D. The interface is configured for GRE encapsulation.

E. The interface is configured for 802.1Q encapsulation.

In the switch, the majority of packets are forwarded in hardware; most packets do not go
through the switch CPU. For those packets that do go to the CPU, you can speed up
spanning tree-based UDP flooding by a factor of about four to five times by using turbo-
flooding. This feature is supported over Ethernet interfaces configured for ARPA


Exam-Labs Special Discount
You save

Enter Your Email Address to Receive Your 30% Discount Code


Exam-Labs Special Discount
You save

Use Discount Code:

A confirmation link was sent to your e-mail.

Please check your mailbox for a message from [email protected] and follow the directions.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

  • Realistic exam simulation and exam editor with preview functions
  • Whole exam in a single file with several different question types
  • Customizable exam-taking mode & detailed score reports