Download Cisco.PracticeDumps.400-101.2017-11-05.2e.352q.vcex

Download Exam

File Info

Exam CCIE Routing and Switching Written Exam v5.1
Number 400-101
File Name Cisco.PracticeDumps.400-101.2017-11-05.2e.352q.vcex
Size 1.33 Mb
Posted November 05, 2017
Downloads 39
Download Cisco.PracticeDumps.400-101.2017-11-05.2e.352q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%


Demo Questions

Question 1

Which two options are causes of out-of-order packets? (Choose two.)

  • A: a routing loop
  • B: a router in the packet flow path that is intermittently dropping packets
  • C: high latency
  • D: packets in a flow traversing multiple paths through the network
  • E: some packets in a flow being process-switched and others being interrupt-switched on a transit router

Correct Answer: DE

In traditional packet forwarding systems, using different paths have varying latencies that cause out of order packets, eventually resulting in far lower performance for the network application. Also, if some packets are process switched quickly by the routing engine of the router while others are interrupt switched (which takes more time) then it could result in out of order packets. The other options would cause packet drops or latency, but not out of order packets.

Question 2

A TCP/IP host is able to transmit small amounts of data (typically less than 1500 bytes), but attempts to transmit larger amounts of data hang and then time out. 
What is the cause of this problem?

  • A: A link is flapping between two intermediate devices.
  • B: The processor of an intermediate router is averaging 90 percent utilization.
  • C: A port on the switch that is connected to the TCP/IP host is duplicating traffic and sending it to a port that has a sniffer attached.
  • D: There is a PMTUD failure in the network path.

Correct Answer: D

Sometimes, over some IP paths, a TCP/IP node can send small amounts of data (typically less than 1500 bytes) with no difficulty, but transmission attempts with larger amounts of data hang, then time out. Often this is observed as a unidirectional problem in that large data transfers succeed in one direction but fail in the other direction. This problem is likely caused by the TCP MSS value, PMTUD failure, different LAN media types, or defective links. 
Reference. networking/13709-38.html

Question 3

Which three conditions can cause excessive unicast flooding? (Choose three.)

  • A: Asymmetric routing
  • B: Repeated TCNs
  • C: The use of HSRP
  • D: Frames sent to FFFF.FFFF.FFFF
  • E: MAC forwarding table overflow
  • F: The use of Unicast Reverse Path Forwarding

Correct Answer: ABE

Causes of Flooding 
The very cause of flooding is that destination MAC address of the packet is not in the L2 forwarding table of the switch. In this case the packet will be flooded out of all forwarding ports in its VLAN (except the port it was received on). Below case studies display most common reasons for destination MAC address not being known to the switch. 
Cause 1: Asymmetric Routing
Large amounts of flooded traffic might saturate low-bandwidth links causing network performance issues or complete connectivity outage to devices connected across such low-bandwidth links. 
Cause 2: Spanning-Tree Protocol Topology Changes
Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology Change Notification (TCN). TCN is designed to correct forwarding tables after the forwarding topology has changed. This is necessary to avoid a connectivity outage, as after a topology change some destinations previously accessible via particular ports might become accessible via different ports. TCN operates by shortening the forwarding table aging time, such that if the address is not relearned, it will age out and flooding will occur. 
TCNs are triggered by a port that is transitioning to or from the forwarding state. After the TCN, even if the particular destination MAC address has aged out, flooding should not happen for long in most cases since the address will be relearned. The issue might arise when TCNs are occurring repeatedly with short intervals. The switches will constantly be fast-aging their forwarding tables so flooding will be nearly constant. 
Normally, a TCN is rare in a well-configured network. When the port on a switch goes up or down, there is eventually a TCN once the STP state of the port is changing to or from forwarding. When the port is flapping, repetitive TCNs and flooding occurs. 
Cause 3: Forwarding Table Overflow
Another possible cause of flooding can be overflow of the switch forwarding table. In this case, new addresses cannot be learned and packets destined to such addresses are flooded until some space becomes available in the forwarding table. New addresses will then be learned. This is possible but rare, since most modern switches have large enough forwarding tables to accommodate MAC addresses for most designs. 
Forwarding table exhaustion can also be caused by an attack on the network where one host starts generating frames each sourced with different MAC address. This will tie up all the forwarding table resources. Once the forwarding tables become saturated, other traffic will be flooded because new learning cannot occur. This kind of attack can be detected by examining the switch forwarding table. Most of the MAC addresses will point to the same port or group of ports. Such attacks can be prevented by limiting the number of MAC addresses learned on untrusted ports by using the port security feature. 
Reference. switches/23563-143.html#causes

Question 4

Which congestion-avoidance or congestion-management technique can cause global synchronization?

  • A: Tail drop
  • B: Random early detection
  • C: Weighted random early detection
  • D: Weighted fair queuing

Correct Answer: A

Tail Drop 
Tail drop treats all traffic equally and does not differentiate between classes of service. Queues fill during periods of congestion. When the output queue is full and tail drop is in effect, packets are dropped until the congestion is eliminated and the queue is no longer full. 
Weighted Random Early Detection 
WRED avoids the globalization problems that occur when tail drop is used as the congestion avoidance mechanism on the router. Global synchronization occurs as waves of congestion crest only to be followed by troughs during which the transmission link is not fully utilized. Global synchronization of TCP hosts, for example, can occur because packets are dropped all at once. Global synchronization manifests when multiple TCP hosts reduce their transmission rates in response to packet dropping, then increase their transmission rates once again when the congestion is reduced. 
Reference. 002048

Question 5

Which two options are reasons for TCP starvation? (Choose two.)

  • A: The use of tail drop
  • B: The use of WRED
  • C: Mixing TCP and UDP traffic in the same traffic class
  • D: The use of TCP congestion control

Correct Answer: CD

It is a general best practice to not mix TCP-based traffic with UDP-based traffic (especially Streaming-Video) within a single service-provider class because of the behaviors of these protocols during periods of congestion. Specifically, TCP transmitters throttle back flows when drops are detected. Although some UDP applications have application-level windowing, flow control, and retransmission capabilities, most UDP transmitters are completely oblivious to drops and, thus, never lower transmission rates because of dropping. When TCP flows are combined with UDP flows within a single service-provider class and the class experiences congestion, TCP flows continually lower their transmission rates, potentially giving up their bandwidth to UDP flows that are oblivious to drops. This effect is called TCP starvation/UDP dominance. 
TCP starvation/UDP dominance likely occurs if (TCP-based) Mission-Critical Data is assigned to the same service-provider class as (UDP-based) Streaming-Video and the class experiences sustained congestion. Even if WRED or other TCP congestion control mechanisms are enabled on the service-provider class, the same behavior would be observed because WRED (for the most part) manages congestion only on TCP-based flows. 
Reference. SRND-Book/VPNQoS.html

Question 6

What is the cause of ignores and overruns on an interface, when the overall traffic rate of the interface is low?

  • A: a hardware failure of the interface
  • B: a software bug
  • C: a bad cable
  • D: microbursts of traffic

Correct Answer: D

Micro-bursting is a phenomenon where rapid bursts of data packets are sent in quick succession, leading to periods of full line-rate transmission that can overflow packet buffers of the network stack, both in network endpoints and routers and switches inside the network. Symptoms of micro bursts will manifest in the form of ignores and/ or overruns (also shown as accumulated in "input error" counter within show interface output). This is indicative of receive ring and corresponding packet buffer being overwhelmed due to data bursts coming in over extremely short period of time (microseconds). You will never see a sustained data traffic within show interface's "input rate" counter as they are averaging bits per second (bps) over 5 minutes by default (way too long to account for microbursts). You can understand microbursts from a scenario where a 3-lane highway merging into a single lane at rush hour  the capacity burst cannot exceed the total available bandwidth (i.e. single lane), but it can saturate it for a period of time. 

Question 7

Which statement about MSS is true?

  • A: It is negotiated between sender and receiver.
  • B: It is sent in all TCP packets.
  • C: It is 20 bytes lower than MTU by default.
  • D: It is sent in SYN packets.
  • E: It is 28 bytes lower than MTU by default.

Correct Answer: D

The maximum segment size (MSS) is a parameter of the Options field of the TCP header that specifies the largest amount of data, specified in octets, that a computer or communications device can receive in a single TCP segment. It does not count the TCP header or the IP header. The IP datagram containing a TCP segment may be self-contained within a single packet, or it may be reconstructed from several fragmented pieces; either way, the MSS limit applies to the total amount of data contained in the final, reconstructed TCP segment. The default TCP Maximum Segment Size is 536. Where a host wishes to set the maximum segment size to a value other than the default, the maximum segment size is specified as a TCP option, initially in the TCP SYN packet during the TCP handshake. The value cannot be changed after the connection is established. 

Question 8

Which two methods change the IP MTU value for an interface? (Choose two.)

  • A: Configure the default MTU.
  • B: Configure the IP system MTU.
  • C: Configure the interface MTU.
  • D: Configure the interface IP MTU.

Correct Answer: CD

An IOS device configured for IP+MPLS routing uses three different Maximum Transmission Unit (MTU) values: The hardware MTU configured with the mtu interface configuration command The hardware MTU specifies the maximum packet length the interface can support ... or at least that's the theory behind it. In reality, longer packets can be sent (assuming the hardware interface chipset doesn't complain); therefore you can configure MPLS MTU to be larger than the interface MTU and still have a working network. Oversized packets might not be received correctly if the interface uses fixed-length buffers; platforms with scatter/gather architecture (also called particle buffers) usually survive incoming oversized packets.
IP MTU is used to determine whether am IP packet forwarded through an interface has to be fragmented. It has to be lower or equal to hardware MTU (and this limitation is enforced). If it equals the HW MTU, its value does not appear in the running configuration and it tracks the changes in HW MTU. For example, if you configure ip mtu 1300 on a Serial interface, it will appear in the running configuration as long as the hardware MTU is not equal to 1300 (and will not change as the HW MTU changes). However, as soon as the mtu 1300 is configured, the ip mtu 1300 command disappears from the configuration and the IP MTU yet again tracks the HW MTU. Reference.

Question 9

Which implementation can cause packet loss when the network includes asymmetric routing paths?

  • A: the use of ECMP routing
  • B: the use of penultimate hop popping
  • C: the use of Unicast RPF
  • D: disabling Cisco Express Forwarding

Correct Answer: C

When administrators use Unicast RPF in strict mode, the packet must be received on the interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may drop legitimate traffic that is received on an interface that was not the router's choice for sending return traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the network. 

Question 10

Which two mechanisms can be used to eliminate Cisco Express Forwarding polarization? (Choose two.)

  • A: alternating cost links
  • B: the unique-ID/universal-ID algorithm
  • C: Cisco Express Forwarding antipolarization
  • D: different hashing inputs at each layer of the network

Correct Answer: BD

This document describes how Cisco Express Forwarding (CEF) polarization can cause suboptimal use of redundant paths to a destination network. CEF polarization is the effect when a hash algorithm chooses a particular path and the redundant paths remain completely unused. 
How to Avoid CEF Polarization 
1: 12: 7-83: 1-1-14: 1-1-1-25: 1-1-1-1-16: 1-2-2-2-2-27: 1-1-1-1-1-1-18: 1-1-1-2-2-2-2-2
The number before the colon represents the number of equal-cost paths. The number after the colon represents the proportion of traffic which is forwarded per path.This means that:
This illustrates that, when there is even number of ECMP links, the traffic is not load-balanced. Reference. technote-cef-00.html





You can buy ProfExam with a 20% discount!


Use ProfExam Simulator to open VCEX and EXAM files