CCIE Routing and Switching Written

Here you have the best Cisco 400-101 practice exam questions

  • You have 1985 total questions across 397 pages (5 per page)
  • These questions were last updated on March 13, 2026
  • This site is not affiliated with or endorsed by Cisco.
Question 1 of 1985
Which three conditions can cause excessive unicast flooding? (Choose three.)
Answer

Suggested Answer

The suggested answer is A, B, E.

Causes of Flooding -
The very cause of flooding is that destination MAC address of the packet is not in the L2 forwarding table of the switch. In this case the packet will be flooded out of all forwarding ports in its VLAN (except the port it was received on). Below case studies display most common reasons for destination MAC address not being known to the switch.
"Pass Any Exam. Any Time." - www.actualtests.com 4

Cause 1: Asymmetric Routing -
Large amounts of flooded traffic might saturate low-bandwidth links causing network performance issues or complete connectivity outage to devices connected across such low-bandwidth links.
Cause 2: Spanning-Tree Protocol Topology Changes
Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology Change Notification (TCN). TCN is designed to correct forwarding tables after the forwarding topology has changed. This is necessary to avoid a connectivity outage, as after a topology change some destinations previously accessible via particular ports might become accessible via different ports. TCN operates by shortening the forwarding table aging time, such that if the address is not relearned, it will age out and flooding will occur.
TCNs are triggered by a port that is transitioning to or from the forwarding state. After the TCN, even if the particular destination MAC address has aged out, flooding should not happen for long in most cases since the address will be relearned. The issue might arise when TCNs are occurring repeatedly with short intervals. The switches will constantly be fast-aging their forwarding tables so flooding will be nearly constant.
Normally, a TCN is rare in a well-configured network. When the port on a switch goes up or down, there is eventually a TCN once the STP state of the port is changing to or from forwarding. When the port is flapping, repetitive TCNs and flooding occurs.
Cause 3: Forwarding Table Overflow
Another possible cause of flooding can be overflow of the switch forwarding table. In this case, new addresses cannot be learned and packets destined to such addresses are flooded until some space becomes available in the forwarding table. New addresses will then be learned. This is possible but rare, since most modern switches have large enough forwarding tables to accommodate MAC addresses for most designs.
Forwarding table exhaustion can also be caused by an attack on the network where one host starts generating frames each sourced with different MAC address.
This will tie up all the forwarding table resources. Once the forwarding tables become saturated, other traffic will be flooded because new learning cannot occur.
This kind of attack can be detected by examining the switch forwarding table. Most of the MAC addresses will point to the same port or group of ports. Such attacks can be prevented by limiting the number of MAC addresses learned on untrusted ports by using the port security feature.
Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series- switches/23563-143.html#causes
Question 2 of 1985
Which congestion-avoidance or congestion-management technique can cause global synchronization?
"Pass Any Exam. Any Time." - www.actualtests.com 5
Answer

Suggested Answer

The suggested answer is A.

Tail Drop -
Tail drop treats all traffic equally and does not differentiate between classes of service. Queues fill during periods of congestion. When the output queue is full and tail drop is in effect, packets are dropped until the congestion is eliminated and the queue is no longer full.

Weighted Random Early Detection -
WRED avoids the globalization problems that occur when tail drop is used as the congestion avoidance mechanism on the router. Global synchronization occurs as waves of congestion crest only to be followed by troughs during which the transmission link is not fully utilized. Global synchronization of TCP hosts, for example, can occur because packets are dropped all at once. Global synchronization manifests when multiple TCP hosts reduce their transmission rates in response to packet dropping, then increase their transmission rates once again when the congestion is reduced.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfconav.html#wp1 002048
Question 3 of 1985
Refer to the exhibit.
Exam 400-101: Question 3 - Image 1
Which statement about the output is true?
Answer

Suggested Answer

The suggested answer is A.

We can see that the connection is initiated by the Source IP address shown as 144.254.10.206. We also see that the destination protocol (DstP) shows 01BB, which is in hex and translates to 443 in decimal. SSL/HTTPS uses port 443.
"Pass Any Exam. Any Time." - www.actualtests.com 9
Question 4 of 1985
What is the cause of ignores and overruns on an interface, when the overall traffic rate of the interface is low?
Answer

Suggested Answer

The suggested answer is D.

Micro-bursting is a phenomenon where rapid bursts of data packets are sent in quick succession, leading to periods of full line-rate transmission that can overflow packet buffers of the network stack, both in network endpoints and routers and switches inside the network. Symptoms of micro bursts will manifest in the form of ignores and/ or overruns (also shown as accumulated in "input error" counter within show interface output). This is indicative of receive ring and corresponding packet buffer being overwhelmed due to data bursts coming in over extremely short period of time (microseconds). You will never see a sustained data traffic within show interface's "input rate" counter as they are averaging bits per second (bps) over 5 minutes by default (way too long to account for microbursts). You can understand microbursts from a scenario where a 3-lane highway merging into a single lane at rush hour the capacity burst cannot exceed the total available bandwidth (i.e. single lane), but it can saturate it for a period of time.
Reference: http://ccieordie.com/?tag=micro-burst
Question 5 of 1985
Which implementation can cause packet loss when the network includes asymmetric routing paths?
Answer

Suggested Answer

The suggested answer is C.

When administrators use Unicast RPF in strict mode, the packet must be received on the interface that the router would use to forward the return packet. Unicast
RPF configured in strict mode may drop legitimate traffic that is received on an interface that was not the router's choice for sending return traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the network.
Reference: http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html

About the Cisco 400-101 Certification Exam

About the Exam

The Cisco 400-101 (CCIE Routing and Switching Written) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 1985 practice questions across 397 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our 400-101 questions are regularly updated to reflect the latest exam objectives.