jncis-ent - gratis exam · jncis-ent number : jn0-343 passing score : 800 time limit : 120 min file...

JNCIS-ENT

Number: JN0-343Passing Score: 800Time Limit: 120 minFile Version: 1.0

http://www.gratisexam.com/

Juniper Networks Certified Internet Specialist - Enterprise Routing& Switching

JNCIS-ENT (EXAM: JN0-343)

Sections1. Layer 2 Switching and VLANs2. Spanning Tree3. Layer 2 Security4. Protocol Independent Routing5. Open Shortest Path First (OSPF)6. Intermediate System to Intermediate System (IS-IS)7. Border Gateway Protocol (BGP)8. Tunnels9. High Availability

Exam

QUESTION 1You are using redundant trunk groups (RTG) on your network. Which two statements accurately describeRTG? (Choose two.)

A. RTG interfaces pass BPDU packets.B. Aggregate Ethernet (AE) interfaces cannot be part of an RTG.C. RTG is used as an alternative to STP/RSTP.D. RTG connects an access switch to two aggregation switches.

Correct Answer: CDSection: High AvailabilityExplanation

Explanation/Reference:In a typical enterprise network comprised of distribution and access layers, a redundant trunk link provides asimple solution for network recovery when a trunk port on a Juniper Networks EX Series Ethernet Switch goesdown. In that case, traffic is routed to another trunk port, keeping network convergence time to a minimum. Youcan configure a maximum of 16 redundant trunk groups on a standalone switch or on a Virtual Chassis.

To configure a redundant trunk link, create a redundant trunk group. The redundant trunk group is configuredon the access switch, and contains two links: a primary or active link, and a secondary link. If the active linkfails, the secondary link automatically starts forwarding data traffic without waiting for normal spanning-treeprotocol convergence.

Data traffic is forwarded only on the active link. Data traffic on the secondary link is dropped and shown asdropped packets when you issue the operational mode command show interfaces xe- xe-fpc/pic/port extensive.

While data traffic is blocked on the secondary link, Layer 2 control traffic is still permitted. For example, anLLDP session can be run between two switches on the secondary link.

Rapid Spanning Tree Protocol (RSTP) is enabled by default on EX Series switches to create a loop-freetopology, but an interface is not allowed to be in both a redundant trunk group and in a spanning-tree protocoltopology at the same time. You must disable RSTP on an interface if a redundant trunk group is configured onthat interface.

QUESTION 2Which two packet types are handled solely by the RE within an EX4200? (Choose two.)

A. OSPF hellosB. DHCP relayC. STP BPDUsD. IP multicast traffic

Correct Answer: ACSection: Layer 2 Switching and VLANsExplanation

Explanation/Reference:

QUESTION 3Which statement is correct regarding the VLAN factory-default configuration on an EX Series switch?

A. The default configuration assigns the default VLAN to use ID 0.

B. The default configuration assigns the default VLAN to use ID 10.C. The default configuration assigns all switch ports to the default VLAN.D. The default configuration assigns the management port only to the default VLAN.

Correct Answer: CSection: Layer 2 Switching and VLANsExplanation

Explanation/Reference:When you power on smaller Juniper EX models (or an individual EX4200 that isn’t part of a Virtual Chassisunit), bridging is enabled on all the interfaces (ports) on the switch, and all the ports are part of a preconfiguredVLAN named default.

QUESTION 4Under which hierarchy do you configure OSPF?

A. [edit protocols ospf]

B. [edit routing-options]

C. [edit routing-protocols]

D. [edit protocols igp]

Correct Answer: ASection: Open Shortest Path First (OSPF)Explanation

Explanation/Reference:The configuration of an OSPF network on a Juniper Networks router is an extremely straightforwardtask. The router simply needs to know which interfaces are assigned to which OSPFareas. All configuration is accomplished within the [edit protocols ospf] hierarchy.

QUESTION 5You add a GRE tunnel to transport packets between two routers. After implementing this, you notice anincrease in the number of dropped packets. While looking at packet captures, you notice that the do-not-fragment (DF) bit is set in the IP header of all the dropped packets.

What would cause this changed behavior?

A. The GRE tunnel has a lower MTU than the physical interface.B. GRE tunnels do not support fragmentation.C. GRE tunnels do not support the DF bit.D. The GRE tunnel has a higher MTU than the physical interface.

Correct Answer: ASection: TunnelsExplanation


QUESTION 6Which three statements are correct about a Junos firewall filter? (Choose three.)


A. It examines each packet individually.B. It tracks connections and allows you to specify an action to take on all packets within a flow.C. It requires you to configure the Junos operating system to explicitly allow traffic in both directions for each

connection that you want to permit.D. It permits the initial connection and then automatically permits bidirectional communications for this

connection.E. It is stateless in nature and is used by the software to control traffic passing through the device.

Correct Answer: ACESection: Layer 2 SecurityExplanation

Explanation/Reference:Although we understand the general function of a packet filter in examining a packet’s headers, it is importantto comprehend how the filter is implemented on a Juniper Networks router. The firewall filter utilizes thefunctionality of the custom-designed Internet Processor ASIC. Our discussion of a packet’s flow throughthe Packet Forwarding Engine in Chapter 1, “The Components of a Juniper Networks Router,” detailed that theInternet Processor ASIC receives only the notification cell to perform its route lookup. This cell contains theLayer 3 and Layer 4 header information required by the filter, but it does not hold any information about thepacket’s data. While this lack of data keeps the router from performing stateful firewall activities, realize thatstateful monitoring is not the role your router should perform in the network.

QUESTION 7Which type of port must be an 802.1Q tagged port?

A. accessB. LAGC. LACPD. trunk

Correct Answer: DSection: Layer 2 Switching and VLANsExplanation


QUESTION 8You want to allow RIP routes to be redistributed by an ASBR into the connected OSPF area, but you do notwant to recieve external routes from other OSPF areas.

Which OSPF area type would be used to satisfy the requirement?

A. transit areaB. stub areaC. totally stubby areaD. not-so-stubby area

Correct Answer: DSection: Open Shortest Path First (OSPF)Explanation

Explanation/Reference:Explanation:

QUESTION 9What is a difference between a generated route and an aggregated route?

A. Generated routes have a higher preference by default.B. Generated routes use a next hop of discard.C. Generated routes have a lower preference by default.D. Generated routes use a next hop of a contributing route.

Correct Answer: DSection: Protocol Independent RoutingExplanation

Explanation/Reference:Generated routes are used as the route of last resort. A packet is forwarded to the route of last resort when therouting tables have no information about how to reach that packet’s destination. One use of route generation isto generate a default route to use if the routing table contains a route from a peer on a neighboring backbone.

A generated route becomes active when it has one or more contributing routes. A contributing route is an activeroute that is a more specific match for the generated destination. For example, for the destination 128.100.0.0/16, routes to 128.100.192.0/19 and 128.100.67.0/24 are contributing routes, but routesto 128.0.0.0./8, 128.0.0.0/16, and 128.100.0.0/16 are not.

A route can contribute only to a single generated route. However, an active generated route can recursivelycontribute to a less specific matching generated route. For example, a generated route to the destination 128.100.0.0/16 can contribute to a generated route to 128.96.0.0/13.

By default, when generated routes are installed in the routing table, the next hop is chosen from theprimary contributing route.

QUESTION 10Two routers have established a peering using EBGP over a single T1 link.

How often will the routing table be synchronized between the two routers?

A. every 30 minutesB. when an update message is receivedC. every 30 secondsD. when a notification message is received

Correct Answer: BSection: Border Gateway Protocol (BGP)Explanation

Explanation/Reference:Routing information is sent and withdrawn in BGP using the Update message. If needed, each messagecontains information previously advertised by the local router that is no longer valid. The same message mayalso contain new information advertised to the remote peer. Each Update contains a single set of BGPattributes and all routes using those attributes. This format reduces the total number of packets routers sendbetween BGP peers when exchanging routing knowledge.

QUESTION 11You have enabled VRRP. You want to prevent preemptive behavior.

Which two actions must you perform? (Choose two.)

A. Use an IP address that is not assigned to a router interface.B. Use the IP address of one of the routers as the virtual address.C. Disable preemption with the no-preempt command.D. Set both routers to the same priority value.

Correct Answer: ACSection: High AvailabilityExplanation


QUESTION 12Which two statements describe STP and RSTP interoperability? (Choose two.)

A. STP protocol discards any RSTP BPDUs it receives.B. STP protocol accepts RSTP BPDUs but will not respond.C. RSTP accepts STP BPDUs and responds with STP BPDUs.D. RSTP discards STP BPDUs.

Correct Answer: ACSection: Spanning TreeExplanation


QUESTION 13Which feature allows you to drop unknown unicast traffic when exceeding a specified level?

A. MAC limitingB. IP source guardC. storm controlD. broadcast control

Correct Answer: CSection: Layer 2 SecurityExplanation

Explanation/Reference:A traffic storm is generated when messages are broadcast on a network and each message prompts areceiving node to respond by broadcasting its own messages on the network. This, in turn, prompts furtherresponses, creating a snowball effect. The LAN is suddenly flooded with packets, creating unnecessary trafficthat leads to poor network performance or even a complete loss of network service. Storm control enablesthe switch to monitor traffic levels and to drop br oadcast, multicast, and unknown unicast packetswhen a specified traffic level—called the storm control level—is exceeded, thus preventing packetsfrom proliferating and degrading the LAN. As an alt ernative to having the switch drop packets, you canconfigure it to shut down interfaces or temporarily disable interfaces when the storm control level isexceeded.

QUESTION 14You are configuring DHCP snooping to improve security on your network.

Which configuration enables DHCP snooping on the VLAN?

A. ethernet-switching-options { secure-access-port { vlan default { examine-dhcp; } }}

B. ethernet-switching-options { secure-access-port { vlan default { no-examine-dhcp; } }}

C. ethernet-switching-options { secure-access-port { vlan default { no-dhcp-trusted; } }}

D. ethernet-switching-options { secure-access-port { vlan default { dhcp-trusted; } }}

Correct Answer: ASection: Layer 2 SecurityExplanation

Explanation/Reference:To quickly configure DHCP snooping enter the following commands and paste them into the switch terminalwindow:

[edit ethernet-switching-options secure-access-port]

set interface ge-0/0/8 dhcp-trustedset vlan default examine-dhcp

QUESTION 15Layer 2 interfaces can be assigned to operate in which two modes? (Choose two.)

A. routeB. accessC. trunkD. distribution

Correct Answer: BCSection: Layer 2 Switching and VLANsExplanation


QUESTION 16Which three types of firewall filters are supported by Juniper Networks EX Series Ethernet switches? (Choosethree.)

A. a VLAN-based firewall filter applied to Layer 3 in the ingress and egress directionsB. a router-based firewall filter applied to Layer 2 routed interfaces in the ingress and egress directionsC. a router-based firewall filter applied to Layer 3 routed interfaces in the ingress and egress directionsD. a port-based firewall applied to Layer 2 switch ports in the ingress and egress directionE. a VLAN-based firewall applied to Layer 2 VLANs in the ingress and egress directions

Correct Answer: CDESection: Layer 2 SecurityExplanation


QUESTION 17Your customer wants to connect a VoIP phone to interface ge-0/0/5 on an EX4200 switch in VLAN 20 andconnect a PC to the VoIP phone. The PC should be part of VLAN 30.

Which two commands will implement this solution? (Choose two.)

A. set interface ge-0/0/5.0 family ethernet-switching vlan members vlan-30

B. set ethernet-switching-options voip interface ge-0/0/5.0 vlan 20

C. set interface ge-0/0/5.0 family ethernet-switching vlan members vlan-20

D. set ethernet-switching-options voip interface ge-0/0/5.0 vlan 30

Correct Answer: ABSection: Layer 2 Switching and VLANsExplanation


QUESTION 18You review the current LSA database and you suspect that your LSA database contains stale or invaliddatabase entries. You need to verify that your router is receiving LSAs from other routers in your network.

Which action would you take to correct this problem?

A. Purge the LSDB.B. Increase the max-age attribute for the LSDB.C. Decrease the max-age attribute for the LSDB.D. Disable and enable the interfaces.


Explanation/Reference:The clear ospf database command supports an optional purge switch. By including the purge switch,

you force the local router to set all LSAs in its database to the max age. These LSAs are then refloodedaccording to the OSPF specification, which states that a router must regenerate any LSA that it has set to maxage, regardless of whether the LSA was generated by the local router. All routers receive the newly floodedmax age LSAs; the router that originated a given LSA is forced to refresh that LSA when it receives a copy ofthat LSA with an indication that it has reached the max age. This procedure tends to eliminate stale or bogusdatabase entries without having to wait for the normal aging-out process, which can take as long as an hour.

QUESTION 19Which three statements are correct about the processing order of firewall filters on a Junos device? (Choosethree.)

A. A router-based firewall filter applied to an RVI applies to switched packets in the same VLAN.B. A port-based firewall filter applied to an RVI does not apply to switched packets in the same VLAN.C. A router-based firewall filter applied to an RVI does not apply to switched packets in the same VLAN.D. The egress processing order is router, VLAN, port.E. The ingress processing order is port, VLAN, router.

Correct Answer: CDESection: Layer 2 SecurityExplanation


QUESTION 20Which Junos platform provides Ethernet Switching Services?

A. M SeriesB. T SeriesC. EX SeriesD. MAG Series


Explanation/Reference:EX Series Ethernet Switches address the access, aggregation, and core layer switching requirements of microbranch, branch office, campus and data center environments, providing a foundation for the fast, secure andreliable delivery of applications that support strategic business processes. EX Series enterprise Ethernetswitches deliver operational efficiency, business continuity, and agility, enabling customers to invest ininnovative initiatives that increase revenue and help them gain a competitive advantage.

Each line in the EX Series Ethernet Switch family—including the EX2200, EX2500, EX3200, EX3300, EX4200,EX4500, EX6200 and EX8200—is designed to address increasing demands for high availability (HA) andunified communications within high-performance enterprise networks.

In an enterprise campus and branch application, the EX Series Ethernet switches—as part of Juniper's SimplyConnected portfolio—work with Juniper wireless and security solutions to create a standards-based networkfoundation that is well-aligned and flexible enough to deliver all enterprise applications—everything from fileservices to IP telephony, messaging, presence, video conferencing, and Web services.

In the data center, the EX Series Ethernet switches are well suited to meeting the challenges of servervirtualization and distributed applications. By implementing Juniper's 3-2-1 data center architecture, the EXSeries Ethernet switches enable enterprises to not only improve performance but also to increase operationalefficiency.

Juniper's unique Virtual Chassis technology, available on the EX3300, EX4200, EX4500 and EX8200 lines,allows multiple interconnected devices to operate—and be managed—as a single, logical device, furtherreducing operational expenses and eliminating the need for protocols such as Spanning Tree.

The EX2200, EX3200, EX3300, EX4200, EX4500, EX6200, and EX8200 lines all run the same Junos operatingsystem as other Juniper router and security solutions, ensuring consistent and predictable behavior and sharedfeature implementation across the entire network infrastructure.

QUESTION 21You are setting up EX4200 switches in a Virtual Chassis configuration to deliver high availability.

Which two actions would improve availability? (Choose two.)

A. Enable graceful Routing Engine switchover.B. Set the mastership priority value of all switches to 255.C. Distribute all uplink ports across the REs.D. Distribute uplink ports across the various line cards in the VC.

Correct Answer: ADSection: Layer 2 Switching and VLANsExplanation


QUESTION 22Which command shows the state of OSPF adjacencies?

A. show protocol ospf

B. show interfaces ospf neighbor

C. show ospf neighbor

D. show port ospf neighbor

Correct Answer: CSection: Open Shortest Path First (OSPF)Explanation

Explanation/Reference:Use the show ospf neighbor command to see who the OSPF neighbors are:

user@router> show ospf neighbor Address Interface State ID Pri Dead 10.0.1.1 fe-0/0/1.0 Full 192.168.18.1 128 34 10.0.0.2 fe-1/0/1.0 Full 192.168.17.1 128 34

QUESTION 23Which three statements are correct about an AE interface? (Choose three.)

A. It can be configured as either active or passive.B. It always load balances traffic equally.C. It can support LACP.D. It is referred to as a LAG.E. It can be configured as active only.

Correct Answer: ACD

Section: Layer 2 Switching and VLANsExplanation


QUESTION 24Router R2 is having adjacency problems with Router R1. Router R2 is stuck in ExStart state.

What is causing the problem?

A. There is a physical and data link layer problem between R1 and R2.B. There is a misconfigured IP address on the R2 interface.C. The hello and dead intervals on R2 do not match R1.D. The interface MTU setting on R2 does not match R1.


Explanation/Reference:The problem occurs most frequently when attempting to run OSPF between a Juniper router and anothervendor's router. The problem occurs when the maximum transmission un it (MTU) settings forneighboring router interfaces don't match. If the router with the higher MTU sends a packet larger that theMTU set on the neighboring router, the neighboring router ignores the packet.

QUESTION 25You want to configure a tunnel between two routers, and run the IS-IS routing protocol through the tunnel.

Which tunnel meets this requirement?

A. GREB. IP-IPC. IPsecD. NGMVPN

Correct Answer: ASection: TunnelsExplanation


QUESTION 26Which two requirements are needed to load balance traffic per flow? (Choose two.)

A. a destination with equal cost pathsB. a properly applied policy with an action to load-balance per-packetC. a properly applied policy with an action to load-balance per-flowD. a destination with multiple active routes

Correct Answer: ABSection: Protocol Independent RoutingExplanation


QUESTION 27Which two statements are correct about the voice VLAN feature? (Choose two.)

A. The voice VLAN feature enables access ports to accept both tagged and untagged traffic.B. The voice VLAN feature requires access ports to accept untagged traffic only.C. The voice VLAN feature always uses the same VLAN as the data VLAND. The voice VLAN feature is used with CoS to differentiate traffic.



QUESTION 28You are analyzing packet captures on your network. You observe an OSPF Type 7 LSA.

In which area type did this packet originate?

A. backboneB. stubC. totally stubbyD. not-so-stubby area



QUESTION 29Router A and Router B are on the same network segment and in the same OSPF area. Router A receives anLSA header from Router B that is not currently in its own database.

Which OSPF packet type does Router A send to Router B?

A. Type 1B. Type 2C. Type 3D. Type 4



QUESTION 30Which three statements are true of GRE tunnels? (Choose three.)

A. The local tunnel endpoint must have a valid route to the remote endpoint.

B. GRE tunnels must authenticate at both ends of the tunnel.C. Tunnel endpoints must have a route that directs traffic into a tunnel.D. The "gr" interface can only route packets that are IP protocol packets.E. All intermediary devices must have a route to the tunnel endpoints.

Correct Answer: ACESection: TunnelsExplanation


QUESTION 31You have a traditional 3-tier network design.

What are two functions of the aggregation layer? (Choose two.)

A. It functions as the gateway to the WAN edge.B. It connects access layer switches.C. It provides inter-VLAN routing.D. It facilitates device access.

Correct Answer: BCSection: Layer 2 Switching and VLANsExplanation


QUESTION 32What is the default next-hop behavior for aggregate routes?

A. discardB. resolveC. rejectD. direct

Correct Answer: CSection: Protocol Independent RoutingExplanation

Explanation/Reference:Route aggregation allows you to combine groups of routes with common addresses into a single entry in therouting table. This decreases the size of the routing table as well as the number of route advertisements sent bythe routing device.

An aggregate route becomes active when it has one or more contributing routes. A contributing route is anactive route that is a more specific match for the aggregate destination. For example, for the aggregatedestination 128.100.0.0/16, routes to 128.100.192.0/19 and 128.100.67.0/24 are contributingroutes, but routes to 128.0.0.0/8 and 128.0.0.0/16 are not.

A route can contribute only to a single aggregate route. However, an active aggregate route can recursivelycontribute to a less specific matching aggregate route. For example, an aggregate route to the destination 128.100.0.0/16 can contribute to an aggregate route to 128.96.0.0/13.

When an aggregate route becomes active, it is installed in the routing table with the following information:

Reject next hop—If a more-specific packet does not match a more-specific route, the packet isrejected and an ICMP unreachable message is sent to the packet’s originator .Metric value as configured with the aggregate statement.Preference value that results from the policy filter on the primary contributor, if a filter is specified.AS path as configured in the aggregate statement, if any. Otherwise, the path is computed by aggregatingthe paths of all contributing routes.Community as configured in the aggregate statement, if any is specified.

QUESTION 33Which configuration will cause IPv4 interface routes from inet.0 to appear in the myinstance routinginstance?

A. routing-options { interface-routes { rib-group inet myribgroup; } rib-groups { myribgroup { import-rib [ inet.0 myinstance.inet.0 ]; } }}

B. routing-options { interface-routes { rib-group inet myribgroup; } rib-groups { myribgroup { export-rib inet.0; import-rib myinstance.inet.0; } }}

C. routing-options { interface-routes { import into myinstance.inet.0; }}

D. routing-options { rib-groups { interface-routes { import-rib [ inet.0 myinstance.inet.0 ]; } }}

Correct Answer: ASection: Protocol Independent RoutingExplanation

Explanation/Reference:import-rib [ routing-table-names ];

Specify the name of the routing table into which Junos OS should import routing information. The first routingtable name you enter is the primary routing table. Any additional names you enter identify secondary routingtables. When a protocol imports routes, it imports them into the primary and any secondary routing tables. If theprimary route is deleted, the secondary route also is deleted. For IPv4 import routing tables, the primary routingtable must be inet.0 or routing-instance-name.inet.0. For IPv6 import routing tables, the primaryrouting table must be inet6.0.

In Junos OS Release 9.5 and later, you can configure an IPv4 import routing table that includes both IPv4 andIPv6 routing tables. Including both types of routing tables permits you, for example, to populate an IPv6 routingtable with IPv6 addresses that are compatible with IPv4. In releases prior to Junos OS Release 9.5, you couldconfigure an import routing table with only either IPv4 or IPv6 routing tables

QUESTION 34Which statement is true regarding the minimum-interval configuration shown below?

user@router# show ospf

area 0.0.0.0 { interface ge-0/0/1.0 { bfd-liveness-detection { minimum-interval 300; } }}

A. It is the minimum hold time before BFD informs OSPF that the BFD session has been torn down.B. It enables minimum transmit and receive intervals for 300 ms.C. It enables minimum transmit and receive intervals for 300 seconds.D. It is the minimum amount of time that the BFD session must remain alive before changing state.

Correct Answer: BSection: Open Shortest Path First (OSPF)Explanation

Explanation/Reference:Configure the minimum interval after which the local routing device transmits hello packets to a neighborwith which it has established a BFD session. Optionally, instead of using this statement, you can configure theminimum transmit interval using the minimum-interval statement at the [edit protocols pim interfaceinterface-name bfd-liveness-detection] hierarchy level.

QUESTION 35Which three networks are default Martian addresses? (Choose three.)

A. 172.16.0.0/12 orlongerB. 127.0.0.0/8 orlongerC. 192.0.0.0/24 orlongerD. 10.0.0.0/8 orlongerE. 0.0.0.0/8 orlonger

Correct Answer: BCESection: Protocol Independent RoutingExplanation

Explanation/Reference:Martian addresses are host or network addresses about which all routing information is ignored. Theycommonly are sent by improperly configured systems on the network and have destination addresses that areobviously invalid.

In IPv4, the following are the default martian addresses:

0.0.0.0/8127.0.0.0/8128.0.0.0/16191.255.0.0/16

192.0.0.0/24223.255.255.0/24240.0.0.0/4

QUESTION 36What is the purpose of MAC limiting?

A. MAC limiting limits the size of the CAM table and accelerates the aging of MAC addresses.B. MAC limiting sets a maximum rate on addresses learned over a period of time to minimize possible

congestion caused by flooding.C. MAC limiting limits the number of source MAC addresses that may be learned on an interface and protects

it from MAC spoofing.D. MAC limiting on a Layer 3 interface prevents a duplicate MAC address for a single IP address.

Correct Answer: CSection: Layer 2 SecurityExplanation

Explanation/Reference:MAC limiting sets a limit on the number of MAC addresses that can be learned on a single Layer 2 accessinterface or on all the Layer 2 access interfaces on the switch, or on a specific VLAN. Junos operating system(Junos OS) provides two MAC limiting methods:

Maximum number of MAC addresses—You configure the maximum number of dynamic MAC addressesallowed per interface or per VLAN. When the limit is exceeded, incoming packets with new MAC addressesare treated as specified by the MAC limit configuration. The incoming packets with new MAC addresses canbe ignored, dropped, logged, or the interface can be shut down or temporarily disabled. Static MACaddresses do not count toward the limit you specify for dynamic MAC addresses.

You can also configure the learned MAC addresses on an interface to persist across restarts of the switchby enabling persistent MAC learning; see Understanding Persistent MAC Learning (Sticky MAC). AllowedMAC—You configure specific “allowed” MAC addresses for the access interface. Any MAC address that isnot in the list of configured addresses is not learned and the switch logs the message. Allowed MAC bindsMAC addresses to a VLAN so that the address does not get registered outside the VLAN. If an allowedMAC setting conflicts with a dynamic MAC setting, the allowed MAC setting takes precedence.

QUESTION 37Which two adjacencies are allowed to form when configuring IS-IS? (Choose two.)

A. a Level 1 router in Area 5 connected to a Level 2 router in Area 5B. a Level 1 router in Area 4 connected to a Level 1 router in Area 2C. a Level 2 router in Area 4 connected to a Level 2 router in Area 8D. a Level 1 router in Area 3 connected to a Level 1 router in Area 3

Correct Answer: CDSection: Intermediate System to Intermediate System (IS-IS)Explanation


QUESTION 38A router is configured to use standard metrics. The router has a single link to a Level 2 IS-IS neighbor.

What is the maximum metric for that link?

A. 63

B. 254C. 1023D. 65534

Correct Answer: ASection: Intermediate System to Intermediate System (IS-IS)Explanation

Explanation/Reference:All IS-IS routes have a cost, which is a routing metric that is used in the IS-IS link-state calculation. The cost isan arbitrary, dimensionless integer that can be from 1 through 63, or from 1 through 224–1 (16,777,215) if youare using wide metrics. The default metric value is 10 (with the exception of the lo0 interface, which has adefault metric of 0). To modify the default value, include the metric statement:

metric metric;

QUESTION 39You want STP to behave similar to RSTP.

Which three configuration settings under the [edit protocols stp] hierarchy on an EX Series switchallow this? (Choose three.)

A. max-age

B. bridge-priority

C. edge

D. forwarding-delay

E. hello-time

Correct Answer: ADESection: Spanning TreeExplanation

Explanation/Reference:protocols { stp { bpdu-block-on-edge; bridge-priority priority; disable; forward-delay seconds; hello-time seconds; interface (all | interface-name) { arp-on-stp; bpdu-timeout-action { block; log; } cost cost; disable; edge; mode mode; no-root-port; priority priority; } max-age seconds; traceoptions {file filename <files number > <size size> <no-stamp | world-readable | no-world-readable>; flag flag; }

rstp { bpdu-block-on-edge; bridge-priority priority; disable; forward-delay seconds; hello-time seconds; interface (all | interface-name) { arp-on-stp; bpdu-timeout-action { block; log; } cost cost; disable; edge; mode mode; no-root-port; priority priority; } max-age seconds; traceoptions { file filename <files number > <size size> <no-stamp | no-world-readable| world-readable>; flag flag; })

QUESTION 40What describes the action of the qualified-next-hop parameter in a configuration?

A. It performs a recursive lookup on the destination network to confirm that the route is reachable.B. It allows for the configuration of independent preferences for static routes to the same destination.C. It periodically pings the next hop to validate its existence thereby assigning the static route to the forwarding

table.D. It verifies the maximum hop count limit before validating the static route.

Correct Answer: BSection: Protocol Independent RoutingExplanation

Explanation/Reference:qualified next hop - A next hop for a static route that allows a second next hop for the same static route tohave different metric and preference properties than the original.

QUESTION 41You are configuring a firewall filter and need to select a terminating action.

What are three terminating actions? (Choose three.)

A. rejectB. allowC. acceptD. discardE. drop

Correct Answer: ACDSection: Layer 2 SecurityExplanation

Explanation/Reference:A terminating action halts all evaluation of a firewall filter for a particular IP packet. The router performsthe specified action and no further terms are examined. Three actions exist within this category: accept,discard, and reject.

The router forwards IP packets through a filter when the accept action is used. The opposite function, packetdrop, is performed when either the discard or reject action is configured. The difference between discardand reject is in the response of the router to the dropping of the packet.

When a packet is dropped as a result of the discard action, the router accomplishes this task silently. This isgenerally a good option when your filter is used to protect against potential intruders. The reject action promptsthe router to return an administratively-prohibited ICMP error message back to the source address in thepacket’s header. If your goal is to keep unauthorized traffic out of your network, you might not want to inform apotential intruder that you use firewall filters to block traffic.

To assist you, the JUNOS software provides the ability to return other ICMP error messages back to the IPsource when you use reject. These alternative messages may be useful if a suspected hacker is monitoringICMP return messages for helpful information. In many cases, the default error message is a clear sign to ahacker that a firewall filter has been reached.

QUESTION 42A company's Junos-based router has two EBGP peers and receives two BGP update messages with thefollowing information:

Peer A - AS path [ 65001 64513 12 ] ; MED 67 ; origin value 1Peer B - AS path [ 65002 64513 12 ] ; MED 70 ; origin value 2

Assuming default values, how will the company router react to these updates?

A. The path through Peer A will be preferred for all traffic to that destination.B. The path through Peer B will be preferred for all traffic to that destination.C. The paths will be load balanced to that destination based on a Layer 3 hash.D. The company router marks the routes as hidden to that destination because the MED exceeds 63.

Correct Answer: ASection: Border Gateway Protocol (BGP)Explanation


QUESTION 43You have been asked to configure a route to 192.168.0.0/16 that will only be active under the followingcriteria:

- There is an active route to 192.168.100.0/24.- The 192.168.100.0/24 route came from the protocol OSPF.

Which type of route accomplishes this task?

A. staticB. generateC. aggregateD. null

Correct Answer: B

Section: Protocol Independent RoutingExplanation


Topic 4, Volume D

QUESTION 44What are two BGP session types? (Choose two.)

A. internalB. insideC. outsideD. external

Correct Answer: ADSection: Border Gateway Protocol (BGP)Explanation

Explanation/Reference:External BGP Sessions

When two BGP routers are in different AS networks, the session between them is considered an externalBGP (EBGP) connection. By default, an EBGP connection is formed between directly connected peers. Thisrequirement is enforced by setting the time-to-live (TTL) of the IP packet to 1, thereby not permitting anintermediate router to forward the BGP packet. Once the EBGP session is established, the two peers canbegin to exchange routing knowledge with each other. All active BGP routes learned from other EBGP sessionsare advertised. In addition, all active BGP routes learned from internal BGP peers are advertised.

Internal BGP Sessions


The connection of two BGP routers within the same AS is called an internal BGP (IBGP) connection.Unlike the EBGP variety, there is no requirement for physical connectivity between IBGP peers. The TTL of theBGP packets is set to 64 to allow for connectivity across an AS. In fact, a great majority of IBGP sessions arebetween routers that are not directly connected.

QUESTION 45You are asked to configure a port to support both tagged and untagged traffic. You want to make the trunk portge-0/0/0 and also accept untagged traffic for the data VLAN.

Which configuration will satisfy the requirement?

A. set interfaces ge-0/0/0 unit 0 vlan members data

B. set interfaces ge-0/0/0 unit 0 untagged-vlan data

C. set interfaces ge-0/0/0 unit 0 native-vlan-id data

D. set interfaces ge-0/0/0 unit 0 default-vlan data

Correct Answer: CSection: Layer 2 Switching and VLANs

Explanation


QUESTION 46You want to enable an Ethernet Link Aggregation Group (LAG) on an EX Series switch.

Which commands enable this?

A. [edit chassis]

user@switch# set aggregated-devices ethernet device-count 1

[edit interfaces]

user@switch# set ae1 aggregated-ether-options minimum-links 1 user@switch# set ae1 aggregated-ether-options link-speed 10g user@switch# set ae1 unit 0 family inet address 192.168.1.0/24 user@switch# set xe-0/1/0 ether-options 802.3ad ae1user@switch# set xe-1/1/0 ether-options 802.3ad ae1

B. [edit chassis]

user@switch# set chassis aggregated-devices ethernet device-count 2

[edit interfaces]

user@switch# set interface ae0 aggregated-ether-options minimum-links 1 user@switch# set interface ae0 aggregated-ether-options link-speed 10g user@switch# set interface ae0 unit 0 family inet address 192.168.1.0/24 user@switch# set interface xe-0/1/0 ether-options 802.3ad ae0 fast user@switch# set interface xe-1/1/0 ether-options 802.3ad ae0 fast

C. [edit chassis]

user@switch# set chassis aggregated-devices ethernet device-count 1

[edit interfaces]

user@switch# set interface ae0 aggregated-ether-options minimum-links 1 user@switch# set interface ae0 aggregated-ether-options link-speed 10g user@switch# set interface ae0 unit 0 family inet address 192.168.1.0/24 user@switch# set interface xe-0/1/0 ether-options 802.3ad ae0 fast user@switch# set interface xe-1/1/0 ether-options 802.3ad ae0 fast

D. [edit chassis]

user@switch# set aggregated-devices ethernet device-count 2

[edit interfaces]

user@switch# set ae1 aggregated-ether-options minimum-links 1 user@switch# set ae1 aggregated-ether-options link-speed 10g user@switch# set ae1 unit 0 family inet address 192.168.1.0/24 user@switch# set xe-0/1/0 ether-options 802.3ad ae1user@switch# set xe-1/1/0 ether-options 802.3ad ae1



QUESTION 47Which statement describes a routing instance on a Junos device?

A. A routing instance provides separation of processing resources.B. A routing instance provides control plane separation.C. A routing instance virtualizes a Junos-based device, enabling it to run multiple copies of the Junos OS on

the same system.D. A routing instance is a unique collection of routing tables, interfaces, and routing protocol parameters.


Explanation/Reference:routing instance - A collection of routing tables, interfaces, and routing protocol parameters. The set ofinterfaces belongs to the routing tables and the routing protocol parameters control the information in therouting tables.

QUESTION 48Which statement is true regarding redundant trunk groups (RTGs)?

A. STP and RTG can be used on the same interface.B. An aggregated interface can be a member of an RTG.C. Members of an RTG must carry different VLANs.D. An RTG can contain up to 16 member links.

Correct Answer: BSection: Layer 2 Switching and VLANsExplanation


QUESTION 49You have implemented per-packet load balancing.

Which command would you use to verify that the load balancing is active?

A. show route | match load-balancing

B. show route | display forwarding-table

C. show route load-balancing

D. show route forwarding-table


Explanation/Reference:user@Merlot> show route forwarding-table matching 192.168.80/24

Routing table:: inetInternet:Destination Type RtRef Nexthop Type Index NhRef Netif192.168.80.1/32 user 0 ulst 30 14 10.222.10.0 ucst 20 19 so-0/0/0.0

10.20.20.0 ucst 26 22 so-0/0/3.0

QUESTION 50A GRE tunnel is configured between Router1 and Router2 across the Internet. Performance on the GRE tunnelis slow and Router1 is receiving ICMP messages from Router2.

What is the cause of this problem?

A. The do-not-fragment (DF) bit has not been set on Router2.B. The do-not-fragment (DF) bit has not been set on Router1.C. There is a duplex setting mismatch on the GRE tunnel.D. The maximum segment size (MSS) setting has not been configured correctly for the GRE tunnel.

Correct Answer: DSection: TunnelsExplanation


QUESTION 51You would like the network attached to the ge-0/0/1.0 interface to be advertised into OSPF, but you alsowant to prevent OSPF adjacencies from being formed on ge-0/0/1.0.

Which command will satisfy this requirement?

A. [edit protocols]

user@R1# set ospf area 1 interface ge-0/0/1.0 passive

B. [edit protocols]

user@R1# set ospf area 1 interface ge-0/0/1.0 secondary

C. [edit protocols]

user@R1# set ospf area 1 interface ge-0/0/1.0 flood-reduction

D. [edit protocols]

user@R1# set ospf area 1 interface ge-0/0/1.0 disable



QUESTION 52You have an EX Series switch. You want to provide inter-VLAN routing between VLAN A and VLAN B.

Which two steps must you perform? (Choose two.)

A. Assign a VLAN ID to the Layer 3 VLAN interface.B. Assign at least one Layer 3 address to each VLAN.C. Assign interfaces configured as family ethernet-switching to VLAN A and VLAN B.D. Assign interfaces configured as family inet to VLAN A and VLAN B.

Correct Answer: BC

Section: Layer 2 Switching and VLANsExplanation


QUESTION 53Which two put ge-0/0/0 and ge-0/0/1 into the VLAN data? (Choose two.)

A. set interfaces interface-range data-ports member ge-0/0/0 set interfaces interface-range data-ports member ge-0/0/1 set interfaces interface-range data-ports unit 0 family ethernet-switching vlanmembers data

B. set interfaces ge-0/0/0-1 unit 0 family ethernet-switching vlan members data

C. set interfaces ge-0/0/0 to ge-0/0/1 unit 0 family ethernet-switching vlanmembers data

D. set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members data set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members data



QUESTION 54Your router has formed two BGP peering relationships and received a route to 64.60.10.0/24 from eachpeer. The router has verified the next-hop address can be reached for both peers.

What is the next step to determine which path is selected for the routing table?

A. Prefer the lowest origin value.B. Prefer the shortest AS-path length.C. Prefer the lowest local-preference value.D. Prefer the highest local-preference value.

Correct Answer: DSection: Border Gateway Protocol (BGP)Explanation


QUESTION 55Which two statements describe benefits of the Virtual Chassis? (Choose two.)

A. Virtual Chassis offers control plane redundancy, which allows the use of NSR.B. Virtual Chassis is an open standard to allow cross-vendor compatibility.C. Virtual Chassis can be implemented on all Junos-based devices.D. Virtual Chassis allows you to manage multiple switches as a single entity and potentially eliminate using

STP.

Correct Answer: ADSection: High AvailabilityExplanation


QUESTION 56Which three statements are default BGP advertisement rules? (Choose three.)

A. IBGP peers advertise routes received from EBGP peers to other IBGP peers.B. EBGP peers advertise routes learned from IBGP or EBGP peers to other EBGP peers.C. IBGP peers do not advertise routes received from IBGP peers to other IBGP peers.D. EBGP peers do not advertise routes learned from IBGP or EBGP peers to other EBGP peers.E. IBGP peers advertise routes received from IBGP peers to other IBGP peers.

Correct Answer: ABCSection: Border Gateway Protocol (BGP)Explanation


QUESTION 57You want to limit the times a user can move their laptop from one switch port to another using MAC movelimiting.

Which three statements are true? (Choose three.)

A. You can limit movement per VLAN rather than per port.B. You can send the offending MAC address to a quarantined VLAN.C. The switch can lockout the offending user's Active Directory account.D. You can automatically send logs of the event.E. The switch can automatically shutdown a port.

Correct Answer: ADESection: Layer 2 Switching and VLANsExplanation


QUESTION 58A network administrator has just received a new EX Series switch to replace a router and Layer 2 switch. Thenetwork administrator has configured all of the Layer 2 parameters, however users are reporting that they canonly reach devices within their own VLAN.

What would solve the problem?

A. The network administrator must configure inter-VLAN routing.B. The network administrator must administratively enable the VLAN.C. The network administrator needs to clear the ARP table.D. The network administrator needs to clear the bridge table.

Correct Answer: ASection: Layer 2 Switching and VLANsExplanation


Explanation:

QUESTION 59Which two new port roles does RSTP introduce? (Choose two.)

A. backupB. forwardingC. alternateD. designated

Correct Answer: ACSection: Spanning TreeExplanation

Explanation/Reference:An RSTP domain running on an EX-series switch has the following components:

A root port, which is the “best path” to the root device.A designated port, indicating that the switch is the designated bridge for the other switch connecting to thisport.An alternate port, which provides an alternate root port.A backup port, which provides an alternate designated port.

QUESTION 60Your network consists of three OSPF routers as shown below:

R1 -- R2 -- R3

You run the show ospf neighbor command on R2. The output shows no data in the output for OSPFneighbors.

Which three actions will troubleshoot the adjacency problem for Router R2? (Choose three.)

A. Verify the physical and data link layer connectivity on Routers R1, R2, and R3.B. Look for incorrect settings for MTU on Routers R1 and R3.C. Look for mismatched configurations on Routers R1, R2, and R3 for IP subnet/mask, area number, and area

type.D. Verify Router R1 and R3 to see if they are stuck in 2-way state.E. Look for mismatched configurations on Routers R1, R2, and R3 for authentication, hello/dead interval, and

network type.

Correct Answer: ACESection: Open Shortest Path First (OSPF)Explanation


QUESTION 61A network administrator would like to prevent certain network addresses from being part of the routing table.

Which Junos feature would be used to accomplish this task?

A. prefix listsB. Martian addressesC. route maps

D. static routes



QUESTION 62You are analyzing a packet capture from your network running OSPF. You see a Type 2 LSA.

Which type of router originated the packet?

A. ABRB. DRC. ASBRD. BDR


Explanation/Reference:The DR on a broadcast segment sends a network LSA (Type 2) to list the operational OSPF routers on thesegment. The Type 2 LSA also has an area-flooding scope, so it propagates no further than the ABR. The Link-State ID field in the LSA header is populated with the IP interface address of the DR.

QUESTION 63Which BGP configuration parameter allows the router to wait for the peer to initiate the open request?

A. hold-time

B. passive

C. accept-remote-nexthop

D. out-delay


Explanation/Reference:You can stop the initiation of a BGP session by configuring the passive option at the global, group, orneighbor level of the BGP configuration hierarchy. This command forces the local router to wait for theestablishment of the TCP and BGP connections from its remote peer.

QUESTION 64You want to enable nonstop active routing (NSR).

Which two commands must you use? (Choose two.)

A. set routing-options nonstop-routing

B. set routing-options graceful-restart

C. set chassis redundancy graceful-switchover

D. set routing-options graceful-switchover

Correct Answer: AC

Section: High AvailabilityExplanation


QUESTION 65Which protocol provides redundancy in a LAN environment through the use of master and backup routers?

A. BGPB. BFDC. VRRPD. RIP

Correct Answer: CSection: High AvailabilityExplanation

Explanation/Reference:For Ethernet, Fast Ethernet, Gigabit Ethernet, 10-Gigabit Ethernet, and logical interfaces, you can configure theVirtual Router Redundancy Protocol (VRRP) or VRRP for IPv6. VRRP enables hosts on a LAN to make use ofredundant routing platforms on that LAN without requiring more than the static configuration of a single defaultroute on the hosts. The VRRP routing platforms share the IP address corresponding to the default routeconfigured on the hosts. At any time, one of the VRRP routing platforms is the master (active) and the othersare backups. If the master fails, one of the backup routers becomes the new master router, providing a virtualdefault routing platform and enabling traffic on the LAN to be routed without relying on a single routing platform.Using VRRP, a backup router can take over a failed default router within a few seconds. This is done withminimum VRRP traffic and without any interaction with the hosts.

Routers running VRRP dynamically elect master and backup routers. You can also force assignment of masterand backup routers using priorities from 1 through 255, with 255 being the highest priority. In VRRP operation,the default master router sends advertisements to backup routers at regular intervals. The default interval is 1second. If a backup router does not receive an advertisement for a set period, the backup router with the nexthighest priority takes over as master and begins forwarding packets.

VRRP for IPv6 provides a much faster switchover to an alternate default router than IPv6 Neighbor Discovery(ND) procedures. Typical deployments use only one backup router.

QUESTION 66Which two statements describe the behavior of Dynamic ARP Inspection? (Choose two.)

A. Dynamic ARP Inspection is disabled by default.B. Dynamic ARP Inspection is enabled on individual ports.C. Dynamic ARP Inspection is enabled by default.D. Dynamic ARP Inspection is enabled on individual VLANs.

Correct Answer: ADSection: Layer 2 SecurityExplanation


QUESTION 67What are two characteristics of an OSPF link-state update? (Choose two.)

A. A link-state update can be sent directly after an adjacency is formed.

B. A link-state update can only contain a single link-state advertisement (LSA).C. A link-state update is sent in response to a link-state request.D. A link-state update is used to determine which router is in charge of the database exchange.

Correct Answer: ACSection: Open Shortest Path First (OSPF)Explanation


QUESTION 68Which two common scenarios will prevent an IS-IS adjacency from forming? (Choose two.)

A. The interface MTU value is set lower than 1492.B. An IP address is not configured on the lo0 interface.C. There are mismatched Level 1 areas.D. There are mismatched Level 2 areas.

Correct Answer: ACSection: Intermediate System to Intermediate System (IS-IS)Explanation


QUESTION 69Several routers share a common LAN segment in area 224 and have formed adjacencies using IS-IS. Onerouter is elected as the designated intermediate system (DIS).

To which multicast address will the peers send their hello packets?

A. 224.0.0.5

B. 224.0.0.6

C. 01:80:C2:00:00:14

D. 49.0001.0224.0000.0015.00

Correct Answer: CSection: Intermediate System to Intermediate System (IS-IS)Explanation


QUESTION 70You want to configure a static route to become available when the primary route fails.

Which parameter accomplishes this in the Junos OS?

A. secondary

B. qualified-next-hop

C. backup-route

D. resolve

Correct Answer: B

Section: Protocol Independent RoutingExplanation


QUESTION 71You are running several EX4200 switches in a Virtual Chassis configuration. You want to determine whichswitch will become the master of the Virtual Chassis after the switches are rebooted.

Which three criteria play a role in determining this? (Choose three.)

A. switch priorityB. member IDC. MAC addressD. prior master/backup statusE. serial number

Correct Answer: ACDSection: High AvailabilityExplanation


QUESTION 72When is MAC limiting performed on a frame from an unknown source MAC address?

A. when the ingress PFE sends header information to REB. when the ingress PFE performs a MAC address lookupC. when the PFE adds the MAC address to the bridge tableD. when the RE adds the MAC address to the bridge table



QUESTION 73You have just configured a static route for management traffic, however you would like to prevent the routefrom being redistributed into a dynamic routing protocol.

Which command should be added to accomplish this?

A. passive

B. reject

C. no-install

D. no-advertise



Explanation:

QUESTION 74When analyzing BGP packets, you notice that specific path attributes are always present.

Which two attributes are seen in every update packet? (Choose two.)

A. AS pathB. local preferenceC. originD. originator ID

Correct Answer: ACSection: Border Gateway Protocol (BGP)Explanation


QUESTION 75You are creating an RVI.

Which configuration is correct?

A. user@switch# show interfaces...vlan { unit 100 { family ether-switching; }}

user@switch# show vlans...vlan1000 { vlan-id 100; l3-interface vlan.1000; address 66.47.110.26/24;}

B. user@switch# show interfaces

ge-1/0/1 { unit 0 { family inet { address 66.36.10.126/24; } }}

user@switch# show vlans

vlan1000 { vlan-id 100; l3-interface ge-1/0/1.0;}

C. user@switch# show interfaces...vlan { unit 1000 { family inet {

address 66.57.100.26/24; } }}


vlan1000 { vlan-id 100; l3-interface vlan.1000;}

D. user@switch# show interfaces

ge-1/0/1 { unit 100 { family inet { address 66.36.10.126/24; vlan-id 100; } }}


vlan1000 { vlan-id 100; l3-interface ge-1/0/1.0;}


Explanation/Reference:To do inter-vlan routing using routed VLAN interfaces (RVI) complete the steps below.

Step1:Create a layer 2 vlan: root# set vlans <vlan-name> vlan-id <vlan-id (1..4095)>

Step 2:Create a logical layer 3 vlan interface: root# set interfaces vlan unit <unit# (0..16385)> family inet address <ipaddress/mask>

Step 3:Link the layer 2 vlan to the layer 3 vlan interface: root# set vlans <vlan-name> l3-interface vlan.<unit# mentioned above>

QUESTION 76Which OSPF reference bandwidth setting would give a 1-Gbps link a metric of 10?

A. 10B. 1000C. 10,000,000D. 10,000,000,000

Correct Answer: DSection: Open Shortest Path First (OSPF)

Explanation


QUESTION 77What are two considerations for determining the master router in VRRP? (Choose two.)

A. The router with a lower priority value.B. The router with a higher priority value.C. The router with the lowest IP address configured in the VRRP group.D. Any router that has the no-preempt configuration option set.

Correct Answer: BDSection: High AvailabilityExplanation


QUESTION 78Which routing protocol is used for peering between autonomous systems?

A. OSPFB. IS-ISC. static routesD. BGP

Correct Answer: DSection: Border Gateway Protocol (BGP)Explanation


QUESTION 79Which two commands will display the link speed of ge-0/0/0? (Choose two.)

A. show interfaces ge-0/0/0 | match "Speed"

B. show interfaces ge-0/0/0.0 statistics

C. show interfaces terse ge-0/0/0 extensive

D. show interfaces ge-0/0/0 brief



QUESTION 80What are two types of PVLAN broadcast domains? (Choose two).

A. primary VLANB. community VLAN

C. broadcast VLAND. trunk VLAN

Correct Answer: ABSection: Layer 2 SecurityExplanation


QUESTION 81What are two purposes of MAC move limiting? (Choose two.)

A. to prevent users from changing switch ports without approvalB. to prevent Layer 2 loopsC. to prevent users from moving to an unauthorized VLAND. to prevent MAC spoofing

Correct Answer: BDSection: Layer 2 SecurityExplanation


QUESTION 82[edit routing-options]

user@R1# show

static { route 172.29.130.0/17 next-hop 172.30.25.1; route 172.29.13.0/24 { next-hop 172.30.25.1; no-readvertise; } route 172.29.16.0/12 next-hop 172.30.25.1; route 172.29.20.0/24 next-hop 172.30.25.1;}

[edit protocols ospf]

user@R1# show

export Export_OSPF;area 0.0.0.0 { interface ge-0/0/2.0; interface ge-0/0/3.0; interface lo0.0;}

[edit policy-options]

user@R1# show

policy-statement Export_OSPF { term match-static-routes { from { protocol static; route-filter 172.29.0.0/16 orlonger;

} then accept; }}

Referring to the exhibit, there is an OSPF policy to redistribute static routes.

Which routes will be propagated to OSPF neighbors?

A. 172.29.130.0/17172.29.13.0/24172.20.16.0/12

B. 172.29.13.0/24172.29.20.0/24

C. 172.29.130.0/17172.29.13.0/24

D. 172.29.130.0/17172.29.20.0/24



QUESTION 83user@R1# show interfaces

ge-0/0/8 { unit 0 { family inet { address 172.25.100.2/24 { vrrp-group 10 { virtual-address 172.25.100.1; priority 200; } } } }}

Two routers, R1 and R2, are part of a VRRP master and backup design.

Referring to the exhibit, which two statements are correct about this VRRP deployment? (Choose two.)

A. The address 172.25.100.2 is only reachable on R1.

B. The address 172.25.100.1 is only reachable on R1.

C. The address 172.25.100.2 will only be reachable on the master of VRRP group 10.

D. The address 172.25.100.1 will only be reachable on the master of VRRP group 10.

Correct Answer: ADSection: High AvailabilityExplanation


QUESTION 84interfaces { ge-1/1/0 { unit 0 { family inet { address 10.200.12.1/30; } } } lo0 { unit 0 { family inet { address 10.200.1.1/32; } } }}routing-options { static { route 10.200.1.2/32 next-hop 10.200.12.2; } autonomous-system 65001;}protocols { bgp { group 65002 { local-address 10.200.1.1; neighbor 10.200.1.2 { peer-as 65002; } } }}

Referring to the exhibit, you are configuring an EBGP peering using the loopback address between two routers.

Which parameter is needed to complete the configuration?

A. multipath

B. passive

C. multihop

D. local-as

Correct Answer: CSection: Border Gateway Protocol (BGP)Explanation


QUESTION 85user@router> show configuration | no-more

...

interfaces { ge-0/0/0 { unit 0 { family inet { address 10.210.12.131/27;

} } } ge-0/0/1 { unit 0 { family inet { filter { input fbf; } address 10.210.14.1/24; } } }}firewall { filter fbf { term 1 { then { routing-instance fbf; } } }}routing-instances { fbf { instance-type forwarding; routing-options { static { route 0.0.0.0/0 next-hop 10.210.12.129; } } }}

user@router> show route

inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

10.210.12.128/27 *[Direct/0] 3d 23:21:02> via ge-0/0/0.010.210.12.131/32 *[Local/0] 3d 23:21:17Local via ge-0/0/0.010.210.14.0/24 *[Direct/0] 00:00:07> via ge-0/0/1.010.210.14.1/32 *[Local/0] 00:00:07Local via ge-0/0/1.0

What is causing the behavior shown in the exhibit?

A. The software is ignoring the fbf routing instance because it uses a reserved name.B. The software is ignoring the default route in the fbf routing instance because there is no default route in the

main routing instance.C. The software is not able to find an interface on the router configured with the 10.210.12.129 address.

D. The software is not able to resolve the next hop of the default route in the fbf routing instance.



QUESTION 86

The switches shown in the exhibit were just powered on.

What is required to ensure that both of Switch B's ports are in a forwarding state?

A. Configure the bridge priority to 4k on Switch B.B. Configure Switch B's ports to all be edge ports.C. Configure uplinkfast on both of Switch B's ports.D. Configure uplinkfast on Switch A and Switch D.



QUESTION 87Router A.

interfaces { ge-0/0/0 { unit 0 { family inet { address 192.168.1.20/24 { vrrp-group 27 { virtual-address 192.168.1.20; priority 255; authentication-type simple; authentication-key <juniper123>; } } } } }

}

Router B.

interfaces { ge-4/2/0 { unit 0 { family inet { address 192.168.1.19/24 { vrrp-group 27 { virtual-address 192.168.1.20; priority 200; authentication-type simple; authentication-key <juniper123>; } } } } }}

Referring to the exhibit, Router B comes up first and preemption is not enabled. Router A assumes mastershipfor the virtual IP. Why does Router A assume a mastership role for the IP?

A. Router A's interface IP address and the virtual IP address match.B. Router A is configured with a higher priority.C. Router B is configured with a lower priority.D. Router B has a lower primary IP address for the interface.

Correct Answer: ASection: High AvailabilityExplanation


QUESTION 88Click the Exhibit button.

An IP tunnel connects two routers over the Internet as shown in the exhibit.

Which two statements are correct? (Choose two.)

A. A tunnel interface can serve as a next hop for static routes or participate in the network's IGP.B. Routing protocols will always prefer a tunnel over a physical link because the tunnel is a one- hop link with

the lowest cost path.C. You can ensure the IP tunnel serves as the backup path through administrative settings such as cost and

route preference.D. IP tunnels are subject to the same simple firewall rules as the direct link between the two routers,because

the original IP header contents are open for the transit devices to see.

Correct Answer: ACSection: TunnelsExplanation


QUESTION 89SITE1:

routing-options { autonomous-system 65001;}protocols { bgp { group 65002 { neighbor 10.200.12.1 { peer-as 65002; } } }}

SITE2:

routing-options { autonomous-system 65002;}protocols { bgp { group 65001 { neighbor 10.200.12.2 { peer-as 65003; } } }}

Referring to the exhibit, SITE1 is configuring an EBGP peering with SITE2. SITE2 configured the incorrect peerAS during a maintenance window and now is unable to change the configuration until the next maintenancewindow.

Which configuration would you use on SITE1 to establish the EBGP peering?

A. protocols { bgp { group 65002 { passive; neighbor 10.200.12.2 { peer-as 65002; } } }}

B. protocols { bgp { group 65002 { accept-remote-nexthop; neighbor 10.200.12.2 { peer-as 65002; } } }}

C. protocols { bgp { group 65002 { local-as 65003; neighbor 10.200.12.2 { peer-as 65002; } } }}

D. protocols { bgp { group 65002 { as-override; neighbor 10.200.12.2 { peer-as 65002; } } }}



QUESTION 90[edit protocols rstp]

user@switch# show

bridge-priority 32k;max-age 20;hello-timer 2;forward-delay 15;interface ge-0/0/11.0 { disable;}interface ge-0/0/12.0 { cost 20000; mode point-to-point;}interface ge-0/0/13.0 { priority 128; mode shared;}interface ge-0/0/14.0 { edge;}bpdu-block-on-edge;

The exhibit shows the RSTP configuration for your EX Series switch. The switch begins receiving BPDUs on aport and disables that port.

Which port is disabled?

A. ge-0/0/11.0

B. ge-0/0/12.0

C. ge-0/0/13.0

D. ge-0/0/14.0



QUESTION 91

Your current network is using Switch-1 and Switch-2 as a Layer 3 core pair. You change the EX series switchcore into a VC and configure the links between the switches to be a LAG.

Assuming that Switch-3 is operating at Layer 2 only, which two protocols would be removed from this portion ofthe network? (Choose two.)

A. GRESB. BFDC. VRRPD. STP

Correct Answer: CDSection: Layer 2 Switching and VLANsExplanation


Explanation:

QUESTION 92[edit protocols bgp]

user@router# show

import in-protocol-level;export out-protocol-level;group ISPs { type external; import in-group-level; export out-group-level; neighbor 172.25.100.1 { import in-neighbor-level; peer-as 65505; } neighbor 172.25.200.1 { export out-neighbor-level; peer-as 65500; }}

Referring to the exhibit, which import policy is applied to routes received from neighbor 172.25.200.1?

A. policy in-protocol-level

B. policy in-group-level

C. policy in-neighbor-level

D. policy out-neighbor-level



QUESTION 93[edit interfaces]

user@switch# show

ge-0/0/6 { unit 0 { family ethernet-switching { port-mode access; vlan { members vlan100; } } }}

ge-0/0/7 { unit 0 { family ethernet-switching { port-mode access; vlan { members vlan100; } }

}}

[edit ethernet-swtiching-options]

user@switch# show

secure-access-port { interface ge-0/0/6.0 { mac-limit 1 action drop; } vlan 100 { mac-move-limit 1 action drop; }}

Referring to the exhibit, what will the mac-move-limit command on ge-0/0/6 do?

A. Packets will be dropped if the switch detects the same source MAC address on interface ge-0/0/6 andge-0/0/7.

B. Packets will be dropped if the switch detects the same source MAC address on two separate interfaces in VLAN 100.

C. Packets will be dropped and the event will be logged if the switch detects the same source MAC address ontwo separate interfaces in VLAN 100.

D. Packets will be dropped and the event will be logged if the switch detects the same source MAC addresson ge-0/0/6 and ge-0/0/7.



QUESTION 94

A network administrator has connected four switches as shown in the exhibit. The switches are at their factory-default configurations and the administrator powers on all of the switches at the same time.

Which switch will become the root bridge?

A. Switch AB. Switch BC. Switch CD. Switch D

Correct Answer: CSection: Spanning TreeExplanation


QUESTION 95ethernet-switching-options { secure-access-port { interface ge-0/0/0.0 { mac-limit 2 action shutdown; no-dhcp-trusted; } } storm-control { interface all; } }}

You have configured a MAC limit on your switch.

Referring to the exhibit, when the MAC limit is exceeded, when will the port recover?

A. After 30 secondsB. After the administrator enters the set ethernet-switching port-error clear command

C. After 300 secondsD. After the administrator enters the clear ethernet-switching port-error command

Correct Answer: DSection: Layer 2 SecurityExplanation

Explanation/Reference:clear ethernet-switching port-error

DescriptionClear all MAC limiting, MAC move limiting, and storm control errors from all the Ethernet switching interfaces onthe switch or from the specified interface, and restore the interfaces or the specified interface to service.

Options

none — Clear all MAC limiting, MAC move limiting, and storm control errors from all the Ethernet switchinginterfaces on the switch and restore these interfaces to service.

interface interface-name — (Optional) Clear all MAC limiting, MAC move limiting, and storm control errors fromthe specified interface and restore the interface to service.

Sample Output

user@switch> clear ethernet-switching port-error

QUESTION 96[edit]

user@router# show interfaces

ge-0/0/1 { unit 0 { family ethernet-switching { port-mode access; vlan { members data; } } }}

[edit]

user@router# show ethernet-switching-options

voip { interface ge-0/0/1.0 { vlan voice; forwarding-class assured-forwarding; }}

[edit]

user@router# show vlans

data { vlan-id 10;}voice { vlan-id 20;}

Given the configuration in the exhibit, which VLAN or VLANs would be tagged VLANs?

A. The voice VLAN and the data VLANB. Only the voice VLANC. Both VLANs are untaggedD. The data VLAN

Correct Answer: BSection: Layer 2 Switching and VLANsExplanation


QUESTION 97protocols { bgp { export exp-rt; group int { type internal; local-address 192.168.1.1;

neighbor 192.168.1.2; neighbor 192.168.1.3; } group ext { type external; peer-as 65002; neighbor 172.16.1.2; } } } policy-options { policy-statement exp-rt { term 1 { from { route-filter 200.200.200.0/24 orlonger; } then { community add no-export; accept; } } } }}

Referring to the exhibit, route 200.200.200.0/24 is exported into BGP and the peering routers use defaultBGP policies.

Which statement describes the advertisement for the 200.200.200.0/24 route?

A. The route will only be advertised intra-AS.B. The route will only be advertised inter-AS.C. The route will be advertised both intra-AS and inter-AS.D. The route will not be advertised both intra-AS and inter-AS.

Correct Answer: ASection: Border Gateway Protocol (BGP)Explanation


QUESTION 98

Referring to the exhibit, a packet sent from User A to User B will be forwarded out interface 0/0/23 usingwhich source MAC address?

A. Source MAC of user AB. Source MAC of user BC. Source MAC associated with IP address 10.10.10.1

D. Source MAC associated with IP address 10.10.20.1



QUESTION 99

If all OSPF routers shown in the exhibit boot at the same time, which router will be elected as the designatedrouter?

A. R1B. R2C. R3D. R4



QUESTION 100

Referring to the exhibit, a packet destined to 172.129.3.5 is sent from ISP X towards R1.

Which statement describes how R1 handles the packet?

A. It sends ICMP network unreachable messages back to the source.B. It forwards the packet towards Network A.C. It silently drops the packet and does not send a message back to the source.D. It forwards the packet towards Network C.

Correct Answer: ASection: Protocol Independent RoutingExplanation


QUESTION 101

Referring to the exhibit, note that R5 is exporting the 172.168.1.0/24 route into OSPF. Which LSA type does R2send to R4?

A. Type 7B. Type 5C. Type 3D. Type 1



QUESTION 102

Referring to the exhibit, R1, R2, and R3 boot at the same time. Several minutes later, R4 boots.

After R4 has been online for 40 seconds, which router will be the OSPF designated router?

A. R1B. R2C. R3D. R4



QUESTION 103routing-options { router-id 10.10.1.2;}

policy-options { policy-statement loadbalance { term 1 { from { route-filter 100.100.0.0/16 exact;

} then { load-balance per-packet; } } }}

Referring to the exhibit, you have configured a load balancing policy and the router has an equal cost path fortraffic to 10.100.0.0/16.

What must you do to complete the load balancing configuration?

A. Apply the policy as an export policy under the [edit forwarding-options] hierarchy.

B. Apply the policy as an import policy under the [edit forwarding-options] hierarchy.

C. Apply the policy as an export policy under the [edit routing-options forwarding-table]hierarchy.

D. Apply the policy as an import policy under the [edit routing-options forwarding-table]hierarchy.

Correct Answer: CSection: Protocol Independent RoutingExplanation


QUESTION 104

All OSPF routers shown in the exhibit booted at the same time, and the network has stabilized.

How many adjacencies does R1 have?

A. 0B. 1C. 2D. 3



QUESTION 105

You have two routers, R1 and R2, running OSPF in area 0. Router R1 is having problems with forming andadjacency with Router R2.

Referring to the exhibit, which statement is correct about the OSPF configuration in the Router R1 trace output?

A. Router R1 has the wrong OSPF area configured.B. Router R2 has the wrong OSPF area configured.C. Router R1 has the wrong interface configured for OSPF.D. Router R2 has the wrong interface configured for OSPF.



QUESTION 106user@Switch-1# run show dhcp snooping binding

DHCP Snooping Information:

MAC address IP address Lease (seconds) Type VLAN Interface

00:26:88:02:74:89 172.28.1.4 - static default ge-0/0/9.000:26:88:02:74:86 172.28.1.2 86113 dynamic default ge-0/0/6.000:26:88:02:74:87 172.28.1.3 86378 dynamic default ge-0/0/7.0

DHCP snooping is implemented on an EX Series switch. The results display a static MAC to IP binding oninterface ge-0/0/9 as shown in the exhibit.

Which statement is correct?

A. MAC address 00:26:88:02:74:89 is a static MAC address configured for a host attached to interfacege-0/0/9.

B. MAC address 00:26:88:02:74:89 is a static MAC address to IP address binding in the DHCP server.

C. MAC address 00:26:88:02:74:89 is a static MAC address to IP address configured on the L3 interfacege-0/0/9.

D. MAC address 00:26:88:02:74:89 is a static address assigned using the command set interfacege-0/0/9.0 mac-allowed 00:26:88:02:74:89.



QUESTION 107policy-statement load-balance { from { route-filter 172.24.0.0/24 exact; route-filter 172.24.1.0/24 exact; } then { load-balance per-packet; }}

Referring to the exhibit, which command or set of commands completes the configuration that will load balancepackets to destinations 172.24.0.0 and 172.24.0.1?

A. set forwarding-options load-balance

B. set routing-options forwarding-table export load-balance

C. set protocols ospf area 0.0.0.0 policy load-balance

D. set protocols ospf area 0.0.0.0 load-balance

E. set forwarding-options export policy load-balance

F. set forwarding-options load-balance



QUESTION 108[edit]

user@router# show routing-options

graceful-restart { disable;}

[edit]

user@router# show protocols bgp

graceful-restart;group my-group {

type internal; local-address 192.168.1.1; neighbor 192.168.1.2; neighbor 192.168.2.2 { graceful-restart { disable; } }}

Which statement is true based on the graceful restart (GR) configuration?

A. GR has been disabled globally for all protocols including BGP.B. GR is enabled for all BGP neighbors.C. GR is enabled only for BGP neighbor 192.168.1.2.

D. GR is not supported with BGP.


Explanation/Reference: Graceful restart allows a routing device undergoing a restart to inform its adjacent neighbors and peers of itscondition. Graceful restart is disabled by default.

To configure the duration of the BGP graceful restart period, include the restart-time statement at the [editprotocols bgp graceful-restart] hierarchy level. To set the length of time the router waits to receivemessages from restarting neighbors before declaring them down, include the stale-routes-time statement atthe [edit protocols bgp graceful-restart] hierarchy level.

For graceful restart to function properly, graceful restart must be enabled at the [edit routing-instanceinstance-name routing-options] or [edit routing-options] hierarchy level as well as in theprotocol level.

For example:

protocols { bgp { group ext { graceful-restart; } }}routing-options { graceful-restart;}

Graceful restart is enabled both at the [edit routing-options] hierarchy level, as well as at the routingprotocol level. If graceful restart is not configured in both sections, the peer might have its route removed after arestart, which is not the intended behavior.

QUESTION 109Click the Exhibit button.

Referring to the exhibit, you want to avoid using STP and the LAG is configured on ae0.

Which function would you use to prevent a Layer 2 loop?

A. VRRPB. RTGC. LACPD. GRES

Correct Answer: BSection: Spanning TreeExplanation


QUESTION 110

Referring to the exhibit, which interfaces will receive a packet sent to MAC address00:05:85:7F:EB:80 from the user with IP address 10.10.10.10?

A. 0/0/3 and 0/0/22

B. 0/0/9 and 0/0/23

C. 0/0/3, 0/0/9, 0/0/22, and 0/0/23

D. 0/0/1, 0/0/3, 0/0/9, 0/0/22, and 0/0/23




jncis-ent - gratis exam · jncis-ent number : jn0-343 passing score : 800 time limit : 120 min file...

Documents