Académique Documents
Professionnel Documents
Culture Documents
201q
Number: JN0-643
Passing Score: 800
Time Limit: 120 min
File Version: 18.5
Modified by DD 3-25-2014 - corrected some of the answers in the dump provided by Gaber
I changed the answers for Q 17, 19, 31, 165, 167, 168, 169, 170, 177, 179
A lot of the questions are missing exhibits or seem to have an exhibit not associated with the question.
QUESTION 1
A user complains about connectivity problems from their IP address (10.1.1.87) to a server (10.65.1.100).
A. mroute
B. traceoptions
C. ping
D. clear bgp neighbor
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 2
Port authentication falls back to Captive Portal.
In which two scenarios would the port authentication move back to 802.1X? (Choose two.)
A. if any MAC RADIUS request packet is received on the interface and if there are no sessions in authenticated/authenticating state
B. if Captive Portal is deactivated on the interface
C. if the user gets logged out
D. if the EAP packet is received on the interface and if there are no sessions in authenticated/authenticating state
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A. OSPFv2
B. BGPv4
C. ES-ISv1
D. OSPFv3
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 4
A Layer 2 forwarding loop occurred on your network during a scheduled maintenance period. You must prevent this behavior in the future.
Which protocol should you enable on the EX Series switch to address this condition in the future?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 5
You have implemented 802.1X authentication in your Layer 2 network and you have only a single RADIUS server. You are asked to ensure that if the RADIUS
server becomes unreachable or fails, users connected to the ge-0/0/0 port are still able to reach the Internet using a predefined guest VLAN.
A. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail vlan guest
B. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 server-fail vlan-name guest
C. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 auth-fail assign-vlan guest
D. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail assign guest Juniper JN0-643 Exam
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Server fail fallback allows you to specify how end devices connected to the switch are supported if the RADIUS authentication server
becomes unavailable or sends a RADIUS access-reject message.
Juniper Networks EX Series Ethernet Switches use authentication to implement access control in an enterprise network. If 802.1X,
MAC RADIUS, or captive portal authentication are configured on the interface, end devices are evaluated at the initial connection by an
authentication (RADIUS) server. If the end device is configured on the authentication server, the device is granted access to the LAN
Configure an interface to move an end device to a specified VLAN if a RADIUS server timeout occurs (in this case, the VLAN name is
vlan1):
[edit protocols dot1x authenticator]
user@switch# set interface ge-0/0/1 server-fail vlan-name vlan1
QUESTION 6
Which option is a valid IPv6 multicast address?
A. fe80::205:8640:471:3200/64
B. ::172.16.0.5/126
C. ff03:365:ba::23
D. ff01:cgfc:345:22::226:8ff:fee4:bf6f
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A. EAP-TLS
B. LAN-PEAP
C. RSA-EAP
D. EAP-TTLS
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
With EAP-TTLS, you do not need to create a new infrastructure of user certificates. User authentication is performed against the same
security database that is already in use on the corporate LAN; for example, SQL or LDAP databases, or token systems.
The routing of the inner authentication request is handled either by means of standard Steel-Belted Radius Carrier authentication
request routing, or by means of a directed realm. If your EAP-TTLS tunnel ends at a dedicated server, and you want all the inner
authentication requests to be performed by other servers, use standard request routing so the proxy realm target can be determined in
a standard fashion (that is, the decoration of the username revealed by inner authentication). If your EAP-TTLS tunnel and inner
authentication are handled by the same server, you can use a directed realm to specify which authentication methods handle the inner
authentication.
QUESTION 8
Which protocol reachability is advertised by OSPFv2?
A. IPv4
B. IPv5
C. IPv6
D. ISO
Explanation/Reference:
Explanation:
QUESTION 9
You are AS 6573.
Which AS path regular expression matches only routes originated in your AS?
A. "6573.*"
B. ".*"
C. "{"
D. "^$"
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Junos OS supports two general types of packet classification: behavior aggregate (BA) classification and multifield classification:
BA classification, or CoS value traffic classification, refers to a method of packet classification that uses a CoS configuration to set the
forwarding class or PLP of a packet based on the CoS value in the IP packet header. The CoS value examined for BA classification
purposes can be the Differentiated Services code point (DSCP) value, DSCP IPv6 value, IP precedence value, MPLS EXP bits, and
A. next-hop
B. MED
C. origin
D. AS-path
E. local preference
Explanation/Reference:
Explanation:
A. Configure your access switch with a load-balancing policy and apply it under [edit protocols rstp].
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A. Context identifier
B. Region name
C. VLANs
D. Revision
E. Configuration manifest
Explanation/Reference:
Explanation:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A promiscuous access port carries untagged traffic and can be a member of only one primary VLAN. Traffic that ingresses on a
promiscuous access port is forwarded to the ports of the secondary VLANs that are members of the primary VLAN that the
promiscuous access port is a member of. This traffic carries the appropriate secondary VLAN tags when it egresses from the
secondary VLAN ports if the secondary VLAN port is a trunk port.
QUESTION 15
During the BGP route-resolution process, the Junos OS must calculate the appropriate next-hop based on the BGP protocol next-hop attribute.
Which two routing tables are checked during this process in a default Junos configuration? (Choose two.)
A. inet.0
B. inet.1
C. inet.2
D. inet.3
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Border Gateway Protocol (BGP) uses different tables to resolve protocol next-hop for different applications. In a normal BGP
application like IPv4, the prefix is learned in the default table inet.0. BGP will try to resolve its protocol next-hop in the table inet.3 first;
if fails, it will resolve in the table inet.0. However, in L3VPN and L2VPN applications, BGP will resolve its protocol next-hop in the table
inet.3 only.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Which three statements about the advertisements for this link in the Type 1 (Router) LSA generated by R1 are true? (Choose three.)
QUESTION 18
What is the significance of the multicast address range 224.0.0.1 through 224.0.0.254?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A. RSVP
B. Multicast Routing
C. VPLS
D. Class of Service
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Resource Reservation Protocol - Traffic Engineering is an extension of the resource reservation protocol (RSVP) for traffic engineering. It supports
the reservation of resources across an IP network. Applications running on IP end systems can use RSVP to indicate to other nodes the nature (bandwidth, jitter,
maximum burst, and so forth) of the packet streams they want to receive. RSVP runs on both IPv4 and IPv6.
QUESTION 20
You notice that a number of IGMP leave group messages are passing through a BMA network and are impacting the network's performance.
What would you do to resolve this issue without affecting multicast traffic?
Correct Answer: B
Section: (none)
Explanation
QUESTION 21
A network administrator is configuring CoS on a switch and assigns forwarding classes call-sig and critical to the same queue number per the configuration below:
class-of-service {
forwarding-classes {
Based on the configuration, which option prioritizes call-sig traffic over critical traffic?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Set the packet loss priority to high, which means that means that packets are more susceptible to being dropped.
An individual device interface has multiple queues assigned to store packets temporarily before transmission. To determine the order
in which to service the queues, the device uses a round-robin scheduling method based on priority and the queue's weighted round-
robin (WRR) credits. Junos OS schedulers allow you to define the priority, bandwidth, delay buffer size, rate control status, and RED
drop profiles to be applied to a particular queue for packet transmission.
You configure schedulers to assign resources, priorities, and drop profiles to output queues. By default, only queues 0 and 3 have
resources assigned.
QUESTION 22
A Layer 2 transparent firewall separates two OSPFv3 routers.
For the two OSPFv3 routers to form an adjacency, which protocol must be permitted on the firewall?
A. IPv4 protocol 89
B. IPv6 protocol 89
C. TCP port 89
D. UDP port 89
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The IPv6 AllSPFRouters multicast address is FF02::5, and the AllDRouters multicast address is FF02::6. Both have link-local scope.
You can easily see the similarity in the last bits with the OSPFv2 addresses of 224.0.0.5 and 224.0.0.6.
QUESTION 23
In MSTP, which two factors determine the root bridge in each region? (Choose two.)
A. The switch with the higher priority becomes the root bridge.
B. The switch with the lower priority becomes the root bridge.
C. The switch with the lower MAC address becomes the root bridge when priorities are tied.
D. The switch with the higher MAC address becomes the root bridge when priorities are tied.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 24
Which two LSA types are only generated by an ABR router? (Choose two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Explanation/Reference:
Explanation:
Why did the IP spoof feature fail to prevent the spoofed packets from being forwarded?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/configuration-statement/router-id-edit-routing-options.html
QUESTION 28
You are setting up a new switch in your network that is using MSTP. You have configured all access ports as edge ports, and you want to make sure that the
access ports can never transition to nonedge ports.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
bpdu-block-on-edge
Syntax
bpdu-block-on-edge;
Hierarchy Level
[edit logical-systems logical-system-name protocols (mstp | rstp | vstp)],[edit logical-systems logical-system-name routing-instances routing-
instance-name protocols (mstp | rstp | vstp)],[edit protocols (mstp | rstp | vstp)],[edit routing-instances routing-instance-name protocols (mstp | rstp |
vstp)]
Release Information
Statement introduced in Junos OS Release 9.4.
Support for logical systems added in Junos OS Release 9.6.
Description
Enable BPDU blocking on the edge ports of a virtual switch.
QUESTION 29
When using PIM-SM in ASM mode, which two events trigger the creation of a shortest-path tree? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
In order to have the multicast traffic sent down the shared tree, the RP must register with the multicast source. Please note that the receivers can join the shared
QUESTION 30
A coffee shop offering free Internet service to customers wants to implement the following security policies:
1. Every customer must agree to a set of terms and conditions before accessing the Internet.
2. Log out customers that are logged in for more than one hour.
3. Log out customers that are idle for more than 5 minutes.
4. Authenticate employee desktop computers with known hardware addresses in the office of the coffee shop to access the Internet without the above restrictions.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 31
What is an IP multicast routing protocol?
A. RSVP
B. OSPF
C. PIM
D. CDP
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Was C/D
QUESTION 32
Which version of BGP would an enterprise use to peer with an ISP?
A. Confederation BGP
B. External BGP
C. Internal BGP
D. Labeled-Unicast
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Regions are an important concept because they address many of the challenges inherent in large routed networks. By
dividing the network into regions, service providers can increase the scale of their networks and improve convergence
times. Regions essentially partition the network into sections or zones, which can be OSPF areas or IS-IS levels within a single autonomous system (AS), or each
region can be an AS using a separate IGP.
The characteristics of a multi-region network are quite similar to a multi-area OSPF network, multilevel IS-IS network, or BGP AS, but the regions don’t exchange
routing information as would a typical area or level. No IGP routing information, LDP signaling, or RSVP signaling is exchanged between regions. Rather, regions
are connected by and communicate with BGP labeled unicast.
Like these other concepts, the primary advantage of regions is reducing the number of entries in the routing and forwarding tables of individual routers. This
simplifies the network, enabling greater scale and faster convergence.
LDP and RSVP label-switched paths are contained within a region, reducing the amount of LDP and RSVP state network-wide. Lowering the amount of resources
required by each node prolongs the life span of each node as the network continues to grow.
Regions also simplify network integration and troubleshooting. Network integrations and expansions do not require compatible IGPs or compatible LDP/RSVP
implementations between networks. The new network or region only needs
BGP labeled unicast compatibility with the existing network. Troubleshooting a multi-region network is simplified because problems are more likely to be contained
within a single region rather than spread across multiple regions.
In a multi-region network, BGP-LU is essential to enabling inter-region end-to-end routing, as it provides the communication and connectivity between multiple
regions. Defined in RFC 31071, it enables BGP to advertise unicast routes with an MPLS label binding (a prefix and label). To accomplish this, BGP-LU leverages
QUESTION 33
You are setting up a new switch in your network that is using MSTP. You want to make sure that any port connected to a host starts forwarding traffic immediately.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 34
You have been asked to implement 802.1X in your network and to ensure that all authorized users continue to be permitted should the RADIUS server fail.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
With Juniper switches you can be rest assured that even if your radius server fails, Your network would still be up. Users would still be able login into the network
using a phenomenal feature called Switch Cache . If radius server fails, switch can use cache to authenticate the dot1x clients. use-cache—If the RADIUS servers
time out during reauthentication, previously authenticated supplicants are reauthenticated, but LAN access is denied for new supplicants. Configuration: set
protocols dot1x authenticator authentication-profile-name auth set protocols dot1x authenticator interface ge-0/0/0.0 supplicant multiple set protocols dot1x
authenticator interface ge-0/0/0.0 retries 4 set protocols dot1x authenticator interface ge-0/0/0.0 reauthentication 30 set protocols dot1x authenticator interface ge-
0/0/0.0 server-timeout 20 set protocols dot1x authenticator interface ge-0/0/0.0 server-fail use-cache set access radius-server 10.130.38.11 secret "x.x.x.x" set
access profile auth auth
QUESTION 35
How does an administrator block IGMP reports for the 239.0.0.0/8 group range?
A. Create a routing policy and apply it to IGMP using the group-policy feature.
B. Create a routing policy and apply it to IGMP using the report-policy feature.
C. Create a routing policy and apply it to IGMP as export.
D. Create a routing policy and apply it to IGMP as import.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 36
You have been asked to implement a private VLAN with two community VLANs. This private VLAN must span multiple switches in your Layer 2 network.
Which two statements about this deployment are true? (Choose two.)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.juniper.net/techpubs/en_US/junos10.4/topics/concept/private-vlans-ex-series.html
QUESTION 37
Which configuration parameter causes a router to ignore router ID and peer ID from the BGP route
selection algorithm?
A. multihop
B. as-path loops
C. multipath
D. next-hop self
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 38
If your WAN-edge router is multihomed to different ISPs, which two BGP attributes would you modify to affect outbound traffic? (Choose two.)
A. MED
B. Origin
C. Local preference
D. Community
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 39
A medium-sized enterprise has some devices that are 802.1X capable and some that are not. Any device that fails authentication must be provided limited access
through a VLAN called NONAUTH.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 40
When using PIM-SM in SSM mode, which event triggers the creation of a shortest-path tree?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
PIM SSM is simpler than PIM sparse mode because only the one-to-many model is supported. Initial commercial multicast Internet applications are likely to be
available to subscribers (that is, receivers that issue join messages) from only a single source (a special case of SSM covers the need for a backup source).
PIM SSM therefore forms a subset of PIM sparse mode. PIM SSM builds shortest-path trees (SPTs) rooted at the source immediately because in SSM, the router
closest to the interested receiver host is informed of the unicast IP address of the source for the multicast traffic. That is, PIM SSM bypasses the RP connection
stage through shared distribution trees, as in PIM sparse mode, and goes directly to the source-based distribution tree.
QUESTION 41
Which statement regarding LLDP update messages is correct?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 42
When 802.1X, MAC-RADIUS, and Captive Portal are enabled on an interface, which authentication sequence occurs?
Explanation/Reference:
Explanation:
QUESTION 43
You are troubleshooting a problem on interface ge-0/0/3.
Correct Answer: C
Section: (none)
Explanation/Reference:
Explanation:
Note: Because the Packet Forwarding Engine removes Layer 2 header information before sending packets to the Routing Engine:
The monitor traffic command cannot apply match conditions to inbound traffic.
The monitor traffic interface command also cannot apply match conditions for Layer 3 and Layer 4 packet data, resulting in the match pipe option (| match) for this
command for Layer 3 and Layer 4 packets not working either. Therefore, ensure that you specify match conditions as described in this command summary.
The 802.1Q VLAN tag information included in the Layer 2 header is removed from all inbound traffic packets. Because the monitor traffic interface ae[ x] command
for aggregated Ethernet interfaces (such as ae0) only shows inbound traffic data, the command does not show VLAN tag information in the output.
QUESTION 44
Which CoS component helps with TCP global synchronization problems?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 46
You are configuring BGP peering with a neighboring AS. Multiple physical links exist between your edge router and the neighboring edge router, and you want a
configuration that supports the highest degree of redundancy.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 47
An OSPF router is an ABR but not an ASBR.
Which three types of LSAs would you expect this router to generate? (Choose three.)
Explanation/Reference:
Explanation:
QUESTION 48
-- Exhibit --
local {
address 192.168.3.1;
auto-rp discovery;
static {
address 192.168.5.1;
-- Exhibit --
Router R1 in the exhibit is receiving auto-RP announce messages specifying an RP of 192.168.10.1 and BSR messages specifying an RP-set with an RP of
192.168.50.1.
Which address will R1 use as the RP for traffic destined to the 224.1.1.1 multicast group?
A. 192.168.3.1
B. 192.168.5.1
C. 192.168.10.1
D. 192.168.50.1
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 49
-- Exhibit
In the exhibit, customers connected to Area 3 must have access to external prefixes received from
the data center connected to the router in Area 1. These configurations are currently applied to the routers in Area 1:
{master:0}[edit]
no-nssa-abr;
area 0.0.0.1 {
interface ge-1/1/1.100;
{master:0}[edit]
area 0.0.0.1 {
stub no-summaries;
interface ge-1/1/1.100;
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 50
-- Exhibit --
AS path: 100 ?
-- Exhibit --
Referring to the output in the exhibit, why does the router prefer the path toward interface ge- 0/0/0.0 for the 20.0.0.0/8 route?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 51
-- Exhibit --
Group: 239.1.1.1
Source: 10.255.70.15
Flags: sparse,spt
Interface: Pseudo-GMP
fe-0/0/0.0 fe-0/0/1.0 fe-0/0/3.0
Interface: mt-1/1/0.32768
-- Exhibit --
Referring to the exhibit, which two statements are true? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 52
-- Exhibit --
transmission
transmission
ge-0/0/0.0 171 3 0
-- Exhibit --
A. VSTP
B. MSTP
C. RSTP
D. PVST
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 53
-- Exhibit
Given the topology in the exhibit, which two statements related to the Q-in-Q tunneling implementation are true? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 54
-- Exhibit
You are implementing Q-in-Q tunneling to connect R1 and R2 using the configurations shown in the exhibit.
What must be changed on Switch_A to allow both Dot1q-tunneling VLANs and non-Dot1q- tunneling VLANs on the same trunk interface?
Correct Answer: C
Section: (none)
Explanation
http://packetcorner.wordpress.com/category/switching/q-in-q/
QUESTION 55
-- Exhibit
-- Exhibit --
In the exhibit, Host2 is the only host currently joining group 231.1.1.1, but S1 is still flooding the traffic to all hosts on VLAN 100.
What feature can be configured on S1 to limit the multicast flooding of traffic to only interested hosts on VLAN 100?
A. Multicast scoping
B. IGMP snooping
C. Multicast VLAN registration
D. IGMP immediate leave
Correct Answer: B
Section: (none)
Explanation/Reference:
Explanation:
Internet Group Management Protocol (IGMP) snooping constrains the flooding of IPv4 multicast traffic on VLANs on a switch. When IGMP snooping is enabled on
a VLAN, a Juniper Networks EX Series Ethernet Switch examines IGMP messages between hosts and multicast routers and learns which hosts are interested in
receiving traffic for a multicast group. Based on what it learns, the switch then forwards multicast traffic only to those interfaces in the VLAN that are connected to
interested receivers instead of flooding the traffic to all interfaces.
QUESTION 56
-- Exhibit --
{master:0}[edit]
vlan 100;
{master:0}[edit]
Context ID : 1
Root ID : 32868.50:c5:8d:ae:94:80
Message age : 0
Local parameters
Bridge ID : 32868.50:c5:8d:ae:94:80
Extended system ID : 1
Internal instance ID : 0
{master:0}[edit]
{master:0}[edit]
user@switch#
-- Exhibit --
Based on the output shown in the exhibit, why is VSTP not working for VLAN 100?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 57
-- Exhibit
A. R6-R5
B. R6-R7-R4-R5
C. R6-R4-R5
D. R6-R4-R3-R2-R5
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
{master:0}[edit]
interface ge-0/0/16.0 {
vlan phones;
{master:0}[edit]
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members internet;
{master:0}[edit]
user@switch# show vlans
hr {
vlan-id 513;
vlan-id 15;
phones {
vlan-id 25;
servers {
vlan-id 30;
{master:0}[edit]
description uplink;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ hr internet ];
-- Exhibit --
You have recently implemented a Layer 2 network designed to support VoIP. Users have reported that they cannot use their IP phones to make calls.
Based on the switch configuration shown in the exhibit, which command will resolve this issue?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 59
-- Exhibit
Based on the SPF calculation in the exhibit, what is the shortest path to reach R3 from R1?
A. R2-R3
B. R2-R5-R4
C. R3
D. R2-R4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 60
-- Exhibit --
Mar 16 18:39:15.802763 bgp_process_caps:2561: NOTIFICATION sent to 172.14.10.2 (External AS 2): code 2 (Open Message Error) subcode 7 (unsupported
capability) value 1
Mar 16 18:39:15.802969
Mar 16 18:39:15.803113 BGP SEND Notification code 2 (Open Message Error) subcode 7 (unsupported capability)
-- Exhibit --
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 61
-- Exhibit
In the exhibit, which statement about the ABR between Area 8 and Area 2 is true?
Correct Answer: D
Section: (none)
Explanation
QUESTION 62
-- Exhibit --
Drop profiles:
Drop profiles:
CoS information:
Direction : Output
Priority Limit
% bps % usec
0 best-effort 1 10000000 r 0
low exact
1 expedited-forwarding 1 10000000 1 0
high none
139)
Traffic statistics:
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
-- Exhibit --
Based on the configuration in the exhibit, why are you seeing drops in the best-effort queue on the SRX Series platform?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 63
-- Exhibit --
user@router# show
group ext-peer2 {
type external;
peer-as 1;
neighbor 192.168.2.1;
inet.0 0 0 0 0 0 0
inet6.0 0 0 0 0 0 0
192.168.2.1 1 0 0 0 0 14 Idle
-- Exhibit --
Looking at the output in the exhibit, why is the BGP neighbor not in Established state?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 64
-- Exhibit --
authenticator {
authentication-profile-name dot1x;
interface {
supplicant single;
ge-0/0/1.0 {
supplicant single-secure;
ge-0/0/2.0 {
supplicant multiple;
{master:0}[edit]
radius-server {
172.27.14.226 {
port 1812;
profile dot1x {
authentication-order radius;
authentication-server 172.27.14.226;
accounting-server 172.27.14.226;
accounting {
order radius;
immediate-update;
{master:0}[edit]
user@SwitchA#
-- Exhibit --
Referring to the exhibit, which three statements describe correct behavior of Switch A? (Choose three.)
A. Switch A allows complete access to all users connected to port ge-0/0/2 that log in with their correct user credentials.
B. Switch A allows complete access to all users connected to port ge-0/0/0 that log in with their correct user credentials.
C. Switch A allows complete access to the second user that connects to port ge-0/0/1 with its correct credentials only after the first user logs out.
D. Switch A allows complete access to all users connected to port ge-0/0/0 without authentication after the first user has logged in with its correct user credentials.
E. Switch A allows complete access to all users connected to port ge-0/0/1 that securely log in using HTTPS with their correct user credentials.
Explanation/Reference:
Explanation:
Mar 16 17:48:06.145257 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area 0.0.0.1)
Mar 16 17:48:13.013555 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state QUIET->GEN_PENDING
Mar 16 17:48:13.013661 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.1 lsa-id 192.168.2.1
Mar 16 17:48:13.017494 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state GEN_PENDING->QUIET
Mar 16 17:48:13.017636 OSPF built router LSA, area 0.0.0.1, link count 2
Mar 16 17:48:13.017954 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)
Mar 16 17:48:13.018111 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128
Mar 16 17:48:13.018900 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)
Mar 16 17:48:13.019032 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128
Mar 16 17:48:13.432025 OSPF packet ignoreD. area mismatch (0.0.0.0) from 172.14.10.2 on intf ge-0/0/1.0 area 0.0.0.1
Mar 16 17:48:13.432135 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)
Mar 16 17:48:13.432346 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128
-- Exhibit --
Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 66
Click the Exhibit button.
A customer is trying to configure a router to peer using EBGP to a neighbor. As shown in the exhibit, two links are being used for this configuration. The goal of this
configuration is to load- balance traffic across both EBGP links.
A. {master:0}[edit]
user@router# show protocols bgp
group External {
multihop;
local-address 192.168.2.1;
peer-as 65532;
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 67
-- Exhibit
In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them into
Area 1 using an export policy. You do not want any of the RIP routes to be in the routing table of R
Which two solutions meet this requirement? (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 68
-- Exhibit
In the exhibit, a customer wants to configure an EBGP connection to two different routers in a neighboring autonomous system. The goal of this configuration is to
use per-prefix load balancing across both EBGP links.
A. {master:0}[edit]
user@router# show protocols bgp
group External {
multihop;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
B. {master:0}[edit]
user@router# show protocols bgp
group External {
multipath;
peer-as 65532;
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 69
-- Exhibit --
Referring to the exhibit, R4 in AS 100 is sending routes 20.0.0.0/8 and 10.0.0.0/8. R3 sees the routes but R5 does not.
What must be configured on the R3 router for the R5 router to install the routes?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 70
-- Exhibit
You are asked to configure an OSPF virtual link that connects remote Area 4 to the backbone.
Referring to the exhibit, what are two requirements for an OSPF virtual link to operate correctly? (Choose two.)
A. A virtual link configuration on the ABR between Areas 0 and 1 must include transit area 1.
B. The interface of the transit area must be of type vt.
C. A virtual link configuration on the ABR between Areas 0 and 1 must be the interface address of the neighbor on the far end.
D. A virtual link configuration on the ABR between Areas 0 and 1 must be the router ID (RID) of the neighbor on the far end.
Correct Answer: AD
Explanation/Reference:
Explanation:
QUESTION 71
-- Exhibit
-- Exhibit --
In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them into Area 1 using an export policy. You want to summarize the RIP
routes into Area 0 with the most specific prefix.
A. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
area-range 200.1.1.0/29;
interface ge-0/0/1.0;
interface ge-0/0/2.0;
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 72
-- Exhibit --
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 10 8 0 0 0 0
inet6.0 4 3 0 0 0 0
inet6.0: 3/4/4/0
inet6.0: 0/0/0/0
user@router>
-- Exhibit --
Examine the output of the show bgp summary command shown in the exhibit.
A. 10.0.3.5
B. 172.16.0.6
C. 2001:ffff::3:5
D. 2001:ffff:3:5
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 73
-- Exhibit --
ge-0/0/2.0
Role: Authenticator
Number of retries: 3
Reauthentication: Enabled
user@SwitchA>
-- Exhibit --
Host 1, Host 2, and Host 3 are connected to Switch A on interface ge-0/0/2. Host 1 and Host 2 do not support 802.1X. They can authenticate and connect to the
Internet. Host 3 was added and it supports 802.1X; however, it is unable to authenticate.
Referring to the exhibit, how do you allow Host 3 to authenticate to the network but maintain secure access?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 74
-- Exhibit --
Group: 224.1.1.1
Source: *
RP: 192.168.1.1
Flags: sparse,rptree,wildcard
Downstream neighbors:
Interface: so-0/0/0.0
10.0.1.2 State: Join Flags: SRW Timeout: 176
Group: 224.1.1.1
Source: 10.0.5.2
Flags: sparse,spt
Downstream neighbors:
Interface: so-0/0/0.0
-- Exhibit --
The CLI output shown in the exhibit was taken from the RP in a PIM-SM network.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 75
MetriC. 2, Bidirectional
MetriC. 1, Bidirectional
MetriC. 1, Bidirectional
-- Exhibit --
A. ID 10.1.1.0
B. ID 10.0.3.4
C. ID 10.0.3.3
D. ID 10.0.2.4
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 76
-- Exhibit --
{master:0}[edit]
classifiers {
inet-precedence normal-traffic {
forwarding-class best-effort {
code-point-aliases {
inet-precedence {
my1 000;
my2 001;
cs1 010;
cs2 011;
cs3 100;
cs4 101;
cs5 111;
cs6 111;
-- Exhibit --
In the exhibit, you see a configuration for CoS. Incoming traffic with specific IP precedence bits should be mapped to a forwarding class named best-effort. A
classifier named normal-traffic is defined.
A. Include the option q-pic-large-buffer under the chassis hierarchy to accommodate the new code points.
B. Apply classifier normal traffic to the interface hierarchy under the class-of-service stanza.
C. Configure a rewrite marker on the ingress Gigabit Ethernet interface.
D. Add code point values for the expedited-forwarding forwarding class as well as the best-effort forwarding class.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 77
-- Exhibit --
65550;
group ibgp {
type internal;
neighbor 10.0.3.5;
group ibgpv6 {
type internal;
local-address 2001:ffff::3:4;
neighbor 2001:ffff::3:5;
group as65010 {
family inet {
unicast;
family inet6 {
unicast;
export as65010-out;
peer-as 65010;
neighbor 172.16.0.6;
policy-statement as65010-out {
term locally-originated {
metric 7000;
term from-as65222 {
term transit-as701 {
then {
metric 6;
then accept;
user@router>
-- Exhibit --
What caused the accidental advertisement of internal networks to your EBGP peer?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 78
-- Exhibit --
[edit]
mask 255.255.248.0
mask 255.255.248.0
mask 255.255.248.0
-- Exhibit --
As shown in the exhibit, a router is receiving three external LSAs for the prefix 71.23.48.0.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 79
-- Exhibit
In the exhibit, the 10.100/16 prefix is introduced at autonomous system 1 (AS1) and propagated through to AS3. Router A in AS3 receives two different paths to
these prefixes, one through AS2 and the other through AS4. No BGP attributes have been altered.
A. The route with the lowest interface address for the EBGP peering session
B. The route with the lowest local preference
C. The route to the EBGP peer that has the lowest RID
D. The route from the EBGP peer that arrived first
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 80
-- Exhibit --
[edit]
router-id 1.1.1.1;
[edit]
area 0.0.0.0 {
interface ge-0/0/7.0;
router-id 2.2.2.2;
[edit]
area 0.0.0.0 {
interface ge-0/0/8.0 {
priority 200;
[edit]
router-id 222.255.255.255;
[edit]
area 0.0.0.0 {
interface ge-0/0/8.0;
[edit]
[edit]
area 0.0.0.0 {
interface ge-0/0/6.0 {
priority 0;
-- Exhibit --
All four routers in the exhibit are in the same broadcast domain. The routers were powered on at the same time.
Based on the configurations, which devices are the DR and the BDR?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 81
-- Exhibit --
2 assured-forw 0 0 0
...
-- Exhibit --
You recently deployed an SRX Series Gateway in your network. It uses the default class of service configuration.
Based on the output in the exhibit, what reason explains the packet drops in Queue 1?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 82
-- Exhibit --
Mar 16 19:12:58.292522
Mar 16 19:12:58.293573
Mar 16 19:12:58.297528
Mar 16 19:12:58.298185
Mar 16 19:12:58.301834
Mar 16 19:12:58.302034 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received 19 octets 0 updates 0 routes
Mar 16 19:12:58.304594
Mar 16 19:12:58.304848 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received 23 octets 1 update 0 routes
Mar 16 19:13:22.968586
Mar 16 19:13:26.901339
Mar 16 19:13:26.901543 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received 19 octets 0 updates 0 routes
Mar 16 19:13:51.348180
Mar 16 19:13:53.844160
Mar 16 19:13:53.844392 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received 19 octets 0 updates 0 routes
-- Exhibit --
Looking at the traceoptions output, what is the current keepalive timer set for in BGP?
A. 1 second
B. 10 seconds
C. 30 seconds
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 83
-- Exhibit
-- Exhibit --
As shown in the exhibit, a legacy IP phone is attached to Switch-1. The phone does not support LLDP-MED, but does allow configuration using DHCP. Existing
network CoS policies dictate that VoIP traffic must use VLAN 10.
Which two actions put VoIP traffic onto VLAN 10? (Choose two.)
Correct Answer: BD
Explanation/Reference:
Explanation:
QUESTION 84
-- Exhibit
-- Exhibit
Click the Exhibit button.
Which statement about the non-ABR router in Area 2 in the exhibit is true?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 85
-- Exhibit
-- Exhibit --
Referring to the exhibit, you want to configure Switch-1 to allow a user on interface ge-0/0/10 to accommodate both voice and data traffic. Your phones and your
switches are LLDP-MED capable.
What is the minimal configuration that allows LLDP-MED to autoconfigure your phone's voice VLAN?
A. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan
Exam. Any
set interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set
protocols lldp-med interface ge-0/0/10.0
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 86
-- Exhibit
-- Exhibit --
A. best-effort
B. expedited-forwarding
C. network-control
D. assured-forwarding
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 87
-- Exhibit
-- Exhibit --
In the exhibit, the routers in the network have a default PIM sparse mode configuration. R2 shows that R1 is the RPF next hop for the source, and R3 is the RPF
next hop for the RP. Host1 is currently receiving multicast traffic for group 231.1.1.1. Host2 has come online and is attempting to join group 232.1.1.1. R2 has just
received an IGMP message with the source and group addresses.
Which step happens next so that Host2 can join the multicast group?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://network-technologies.metaswitch.com/multicast//what-is-pim.aspx
PIM Sparse Mode (PIM-SM) is a multicast routing protocol designed on the assumption that recipients for any particular multicast group will be sparsely
distributed throughout the network. In other words, it is assumed that most subnets in the network will not want any given multicast packet. In order to receive
multicast data, routers must explicitly tell their upstream neighbors about their interest in particular groups and sources. Routers use PIM Join and Prune messages
to join and leave multicast distribution trees.
QUESTION 88
-- Exhibit
-- Exhibit --
What is the correct VLAN configuration for Q-in-Q tunneling on Provider Bridge A?
A. interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members test;
}
}
}
}
}
vlans {
test {
vlan-id 200;
interface {
ge-0/0/0.0;
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
B. interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members test;
}
Correct Answer: A
Explanation/Reference:
Explanation:
QUESTION 89
-- Exhibit
-- Exhibit --
In the topology shown in the exhibit, which two BGP attributes can AS1 manipulate to influence the path that AS4 takes to reach prefixes originated by AS1?
(Choose two.)
A. Local Preference
B. AS Path
C. Origin
D. MED
Correct Answer: BC
Section: (none)
Explanation
QUESTION 90
-- Exhibit
-- Exhibit --
Traffic flows through your network, as shown in the exhibit. You have configured a rewrite rule on R1 to mark HTTP traffic with a specific DSCP value.
What must you do to ensure that the HTTP traffic preserves its DSCP value as it leaves your CoS domain?
A. Use behavior aggregate classifiers mapping the HTTP traffic to the specific DSCP value on R1 and R2.
B. Use rewrite rules mapping the HTTP traffic to the specific DSCP value on R2 and R3.
C. Use a rewrite rule mapping the HTTP traffic to the specific DSCP value on R3.
D. Use the default settings already in place on the device.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 91
-- Exhibit
-- Exhibit --
In the exhibit, Switch A is an EX4200. VLAN10 is receiving tagged as well as untagged traffic from different ports. The administrator wants to mirror all tagged and
untagged traffic entering VLAN10 to analyzer port ge-0/0/10. All VLAN tags must be preserved for traffic that is mirrored to the analyzer port.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 92
-- Exhibit --
Mar 16 17:18:28.751729 ospf_set_lsdb_state: Network LSA 172.14.10.1 adv-rtr 192.168.2.1 state QUIET->GEN_PENDING
Mar 16 17:18:28.751801 OSPF trigger network LSA build for interface ge-0/0/1.0 area 0.0.0.0
Mar 16 17:18:28.751931 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.0 lsa-id 192.168.2.1
Mar 16 17:18:28.752190 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.0)
Mar 16 17:18:28.752315 mask 255.255.255.224, hello_ivl 10, opts 0x2, prio 128
Mar 16 17:18:28.763796 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.0)
Mar 16 17:18:28.764140 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128
-- Exhibit --
Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 93
-- Exhibit
As shown in the exhibit, the 10.10/16 prefix is redistributed into OSPF through R2 and R5. R2 is advertising the prefix with a Type 1 metric of 100 and R5 is
advertising the prefix with a Type 2 metric of 10.
A. R6-R5
B. R6-R4-R5
C. R6-R4-R5-R2
D. R6-R4-R3-R2
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 94
-- Exhibit
A. A port on switch 3 or switch 4 towards the CST root (switch 6) is blocking traffic.
B. A total of 64 MST instances for MST region A and region B can be configured.
C. MSTI BPDUs are exchanged between MST regions and the CST root bridge.
D. IST BPDUs are exchanged only between switches 1 and 2, and between switches 6 and 7.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 95
-- Exhibit --
{master:0}[edit]
Adj count: 0
Your company is integrating another OSPF area into your existing OSPF infrastructure. You created a virtual link that spans Area 2 and connects Area 3 to the
backbone area.
A. The interface configured for the virtual link is incorrect. It should be a vt and not a vl interface.
B. No designated router (DR) has been elected.
C. The backup route to Area 2 has not been configured.
D. The wrong transit area is configured.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 96
-- Exhibit
-- Exhibit --
In the exhibit, an EBGP session is currently established between R1 and R2. R2 changes its import policy to accept 10 of the routes it previously denied from R1.
Which BGP capability must be negotiated on the BGP session for R2 to install the routes accepted by the new policy?
A. route refresh
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Route-Refresh Capabilities Overview
NSM supports BGP route-refresh. This feature provides a soft reset mechanism that allows the dynamic exchange of route refresh requests and routing
information between BGP peers and the subsequent re-advertisement of the outbound or inbound routing table.
Routing policies for a BGP peer using route-maps might impact inbound or outbound routing table updates because whenever a route policy change occurs, the
new policy takes effect only after the BGP session is reset. A BGP session can be cleared through a hard or soft reset.
A soft reset allows the application of a new or changed policy without clearing an active BGP session. The route-refresh feature allows a soft reset to occur on a
per-neighbor basis and does not require preconfiguration or extra memory.
A dynamic inbound soft reset generates inbound updates from a neighbor. An outbound soft reset sends a new set of updates to a neighbor. Outbound resets do
not require preconfiguration or routing table update storage.
The route-refresh feature requires that both BGP peers advertise route-refresh feature support in the OPEN message. If the route-refresh method is successfully
negotiated, either BGP peer can use the route-refresh feature to request full routing information from the other end.
QUESTION 97
-- Exhibit --
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
inet6.0 1 0 0 0 0 0
inet6.0: 0/0/0/0
inet6.0: 0/0/0/0
AS path: I
group ibgpv6 {
type internal;
local-address 2001:ffff::3:5;
cluster 10.0.3.4;
neighbor 2001:ffff::3:3;
neighbor 2001:ffff::3:4;
neighbor 2001:ffff::9:7;
user@router>
-- Exhibit --
You are using an IBGP route reflector within your network. Your route reflector has received the 2001:1:2::/64 prefix, but it is not advertising the prefix to its cluster
members. After examining the route reflector, you notice the output shown in the exhibit.
Which configuration statement causes the route reflector to transmit the route to its IBGP peers?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 98
-- Exhibit --
{master:0}[edit]
classifiers {
inet-precedence normal-traffic {
forwarding-class best-effort {
code-point-aliases {
inet-precedence {
my1 000;
my2 001;
scheduler-maps {
one {
schedulers {
special {
priority strict-high;
normal {
priority low;
-- Exhibit --
The configuration in the exhibit shows incoming traffic with specific IP precedence bits that should be mapped to a forwarding class named best-effort.
Correct Answer: A
Explanation/Reference:
Explanation:
QUESTION 99
-- Exhibit
-- Exhibit --
Based on the exhibit, why is R2 marking the routes coming from AS 200 as hidden?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 100
-- Exhibit --
rib-groups {
foo {
interface all;
-- Exhibit --
Based on the configuration in the exhibit, which routing table is used for IPv4 multicast RPF checks?
A. inet.0
B. inet.2
C. foo.inet.0
D. inet.8
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Mar 16 17:54:51.930726 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area 0.0.0.0)
Mar 16 17:54:56.152721 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state QUIET->GEN_PENDING
Mar 16 17:54:56.153271 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.0 lsa-id 192.168.2.1
Mar 16 17:54:56.157854 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state GEN_PENDING->QUIET
Mar 16 17:54:56.157971 OSPF built router LSA, area 0.0.0.0, link count 2
Mar 16 17:54:56.158300 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.0)
Mar 16 17:54:56.158435 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128
Mar 16 17:54:56.159276 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.0)
Mar 16 17:54:56.159401 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128
Mar 16 17:54:58.237416 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.0)
Mar 16 17:54:58.237698 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128
-- Exhibit --
Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 102
-- Exhibit
-- Exhibit --
Referring to the exhibit and based on the output below from Sw-1 and Sw-2, which statement is true?
MSTP information
Context identifier : 0
Revision : 1
0 0-9,11-19,21-4094
1 10
2 20
MSTP information
Context identifier : 0
Revision : 1
0 0-9,11-14,16-19,21-4094
1 10,15
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 103
-- Exhibit --
Adj count: 1
-- Exhibit --
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
New Questions
QUESTION 104
Click the Exhibit button.
Which statement is true about the IPv6 network shown in the exhibit?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 105
Click the Exhibit button.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 106
Which statement is true regarding OSPF multi-area adjacencies?
Explanation/Reference:
Explanation:
Support for OSPFv3 was introduced in Junos OS Release 9.4. As defined in RFC 5185, OSPF Multi-Area Adjacency, the ABRs
establish multiple adjacencies belonging to different areas over the same logical interface. Each multiarea adjacency is announced as
a point-to-point unnumbered link in the configured area by the routers connected to the link. For each area, one of the logical interfaces
is treated as primary, and the remaining interfaces that are configured for the area are designated as secondary.
QUESTION 107
Click the Exhibit button.
??????
Referring to the exhibit, which two statements are correct? (Choose two.)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 108
Which statement is true about using an OSPF import policy?
A. Import policies are not allowed in OSPF, applying the policy will do nothing.
B. Applying an import policy to OSPF may block normal LSA flooding.
C. Import policies are allowed only for external route types.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
OSPF import policy allows you to prevent external routes from being added to the routing tables of OSPF neighbors. The import policy
does not impact the OSPF database. This means that the import policy has no impact on the link-state advertisements. The filtering is
done only on external routes in OSPF. The intra-area and interarea routes are not considered for filtering. The default action is to
accept the route when the route does not match the policy.
QUESTION 109
Which statement is true regarding the SPF algorithm?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 110
Click the Exhibit button.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 111
mask 255.255.255.0
Referring to the exhibit, which statement is true regarding the OSPF network LSA?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Sep 19 00:22:13. 420315 OSPF packet ignored: MTU mismatch from 11.0.0.2 on intf ge-0/0/2.0 area 0.0.0.0
Sep 19 00:22:14. 475671 OSPF periodic xmit from 14.0.0.1 to 224.0.0.5 (IFL 75 area 0.0.0.0)
Sep 19 00:22:14. 855490 OSPF periodic xmit from 12.0.0.1 to 224.0.0.5 (IFL 84 area 0.0.0.0)
Sep 19 00:22:14. 857304 OSPF packet ignored: no matching interface from 12.0.0.1, IFL 85
Sep 19 00:22:17. 386726 OSPF packet ignored: MTU mismatch from 11.0.0.2 on intf ge-0/0/2. 0 area 0.0.0.0
Sep 19 00:22:20. 856108 OSPF rcvd Hello 10.0.0.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 75 area 0.0.0.0)
Sep 19 00:22:20. 856299 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128
Sep 19 00:22:21. 752438 OSPF packet ignored: MTU mismatch from 11.0.0.2 on intf ge-0/0/2. 0 area 0.0.0.0
Sep 19 00:22:22. 013285 OSPF packet ignored: area mismatch (0.0.0.1) from 12.0.0.2 on intf ge- 0/0/4.0 area 0.0.0.0
Sep 19 00:22:22. 013749 OSPF rcvd Hello 12.0.0.2 -> 224.0.0.5 (ge-0/0/4.0 IFL 84 area 0.0.0.0)
Sep 19 00:22:22. 013944 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128
Sep 19 00:22:22. 016909 OSPF packet ignored: no matching interface from 12.0.0.2, IFL 85
Sep 19 00:22:22. 434956 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0) absorbed
Sep 19 00:22:23. 045916 OSPF periodic xmit from 12.0.0.1 to 224.0.0.5 (IFL 84 area 0.0.0.0)
Sep 19 00:22:23. 047959 OSPF packet ignored: no matching interface from 12.0.0.1, IFL 85
Sep 19 00:22:23. 309957 OSPF periodic xmit from 11.0.0.1 to 224.0.0.5 (IFL 83 area 0.0.0.0)
Sep 19 00:22:23. 528614 OSPF periodic xmit from 14.0.0.1 to 224.0.0.5 (IFL 75 area 0.0.0.0)
Sep 19 00:22:25. 772835 OSPF packet ignored: MTU mismatch from 11.0.0.2 on intf ge-0/0/2. 0 area 0.0.0.0
Sep 19 00:22:29. 950015 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0) absorbed
Sep 19 00:22:30. 713279 OSPF packet ignored: subnet mismatch from 10.0.0.2 on intf ge-0/0/1.0 area 0.0.0.0
Sep 19 00:22:30. 713432 OSPF rcvd Hello 10.0.0.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 75 area 0.0.0.0)
Sep 19 00:22:30. 713622 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128
Referring to the exhibit, what is preventing the OSPF adjacency on interface ge-0/0/4 from forming?
A. area mismatch
B. subnet mismatch
C. MTU mismatch
D. authentication mismatch
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 113
Referring to the exhibit, you are asked to prevent the 184.16.1.0/24 route from entering the backbone.
A. On router R1, issue the set protocols ospf area 3 nssa area-range 184.16.1.0/24 restrict command.
B. On router R3, issue the set protocols ospf area 0 area-range 184.16.1.0/24 restrict command.
C. On router R3, issue the set protocols ospf area 3 area-range 184.16.1.0/24 restrict command.
D. On router R3, issue the set protocols ospf area 3 nssa area-range 184.16.1.0/24 restrict command.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
exact—(Optional) Summarization of a route is advertised only when an exact match is made with the configured summary range.
mask-length—Number of significant bits in the network mask.
network—IP address. You can specify one or more IP addresses.
override-metric metric—(Optional) Override the metric for the IP address range and configure a specific metric value.
restrict—(Optional) Do not advertise the configured summary. This hides all routes that are contained within the summary, effectively
creating a route filter.
QUESTION 114
Click the Exhibit button.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
In this example, Device R1 and Device R2 are the routing devices at each end of the virtual link, with Device R1 physically connected
to the backbone, as shown in Figure 1. You configure the following virtual link settings:
neighbor-id—Specifies the IP address of the routing device at the other end of the virtual link. In this example, Device R1 has a router
ID of 192.168.0.5, and Device R2 has a router ID of 192.168.0.3.
transit-area—Specifies the area identifier through which the virtual link transits. In this example, area 0.0.0.3 is not connected to the
backbone, so you configure a virtual link session between area 0.0.0.3 and the backbone area through area 0.0.0.2. Area 0.0.0.2 is the
transit area.
QUESTION 115
Click the Exhibit button.
user@area-1-abr# show
area 0.0.0.1 {
nssa {
default-lsa {
default-metric 10;
metric-type 2;
type-7;
no-summaries;
interface so-0/1/1. 0;
A. The ABR will generate a Type 3 summary default route into the NSSA.
B. The ASBR will generate a Type 7 default route into the NSSA.
C. The type-7 parameter allows interoperability with newer versions of the Junos OS.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
nssa—Specifies an OSPF NSSA. You must include the nssa statement on all routing devices in area 9 because this area only has
external connections to static routes.
no-summaries—Prevents the ABR from advertising summary routes into the NSSA. If configured in combination with the default-metric
statement, the NSSA only allows routes internal to the area and advertises the default route into the area. External routes and
destinations to other areas are no longer summarized or allowed into the NSSA. Only the ABR requires this additional configuration
because it is the only routing device within the NSSA that creates Type 3 LSAs used to receive and send traffic from outside the area.
default-metric—Specifies that the ABR generate a default route with a specified metric into the NSSA. This default route enables
packet forwarding from the NSSA to external destinations. You configure this option only on the ABR. The ABR does not automatically
generate a default route when attached to an NSSA. You must explicitly configure this option for the ABR to generate a default route.
metric-type—(Optional) Specifies the external metric type for the default LSA, which can be either Type 1 or Type 2. When OSPF
exports route information from external ASs, it includes a cost, or external metric, in the route. The difference between the two metrics
is how OSPF calculates the cost of the route. Type 1 external metrics are equivalent to the link-state metric, where the cost is equal to
the sum of the internal costs plus the external cost. Type 2 external metrics use only the external cost assigned by the AS boundary
router. By default, OSPF uses the Type 2 external metric.
type-7—(Optional) Floods Type 7 default LSAs into the NSSA if the no-summaries statement is configured. By default, when the no-
summaries statement is configured, a Type 3 LSA is injected into NSSAs for Junos OS release 5.0 and later.
To support backward compatibility with earlier Junos OS releases, include the type-7 statement.
To disable exporting Type 7 LSAs into the NSSA by include the no-nssa-abr statement on the routing device that performs the
QUESTION 116
Click the Exhibit button.
Referring to the exhibit, you are asked to verify certain routing information within your OSPFv3 routing domain. You must review the prefixes learned from R3.
Which two LSA types from the output shown in the exhibit must be reviewed? (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
OSPFv3 LSA Types
Each LSA begins with a standard 20-byte LSA header. Each LSA describes a piece of OSPF routing domain. All LSAs are flooded
throughout the OSPF routing domain. The flooding is reliable, ensuring all routers have the same collection of LSAs. This collection of
LSAs is called link-state database (LSDB). From the LSDB, each router constructs the shortest-path tree with itself as the root. This
yields a routing table.
LSA Header:
This header contains enough information to uniquely identify each LSA. The LS Type, Link State ID and the Advertising Router field
are used to uniquely identify an LSA.
Different instances of the same LSA could be present. The most recent instance could be identified using LS Age, LS Sequence
number and LS Checksum fields present in the LSA Header.
LS Type:
The LS Type field indicates the function performed by the LSA. The high-order 3 bits encode generic properties of the LSA, while low-
order bits indicates the LSA's specific functionality.
S1
Description
0
0
Link-local flooding
0
1
Area scope flooding
1
0
AS scope flooding
1
1
Reserved
LS Type
Description
1
0x2001
Router LSA
2
0x2002
Network LSA
4
0x2004
Inter-Area Router LSA
5
0x4005
AS-external LSA
6
0x2006
Group Membership LSA
7
0x2007
Type-7 (NSSA) LSA
8
0x0008
Link LSA
9
0x2009
Intra-Area Prefix LSA
Router LSA:
Each OSPF router originates Router LSAs indicating the state and cost of the router's interfaces to the area. Router LSAs are flooded
throughout the single area only.
The Router LSA indicates if the router is an ASBR or an ABR or if it is one end-point of a virtual link. These LSAs have no address
information.
Network LSA:
Network LSAs are originated by the DR for a broadcast or NBMA network in the area which supports two or more routers. The LSA
describes all routers connected to the link, including the DR. The LSA's Link State ID field is set to the Interface ID that the DR has
been using in Hello packets. No address information is carried in the Network LSA.
These LSAs are IPv6 equivalent of IPv4's Type-3 Summary LSAs. These LSAs are originated by the ABR to specify IPv6 prefixes that
belong to other areas. A separate LSA is originated for each address prefix.
For Stub areas, the Inter-area Prefix LSA is used to describe a default route. The prefix length of the default route is set to 0.
These LSAs are IPv6 equivalent of IPv4's Type-4 Summary LSAs. Originated by the ABR, the Inter-Area Router LSA describes the
route to the ASBR. Each LSA describes a route to a single router.
AS-External LSA:
These LSAs are IPv6 equivalent of IPv4's Type-5 External LSAs. These LSAs are originated by ASBRs describing the destinations
external to the AS. Each LSA describe a route to a single IPv6 prefix external to the AS.
AS-External LSAs can be used to describe a default route. Default routes are used when no specific route exists for a destination.
A router originates a separate Link LSA for each link it is attached to. These LSAs have link-local flooding scope and are never flooded
beyond a link that they are associated with. These LSAs have three purposes-
- notify the link-local address of the router's interface to the routers attached to the link
- inform other routers attached to the link of the list of IPv6 prefixes to associate with the link
- allow the router to assert the collection of Option bits to associate with the Network LSA that will be originated for the link
A router uses Intra-Area Prefix LSA to advertise IPv6 prefixes that are associated with
a) the router itself (in IPv4, this was carried in Router LSA)
b) an attached stub network segment (in IPv4, this was carried in Router LSA)
c) an attached transit network segment (in IPv4, this was carried in Network LSA)
A router can originate multiple Intra-Area Prefix LSAs for each router or transit network; each LSA is distinguished by its Link State ID.
Options field:
The 24-bit Options field is included in Hello and DBD packets, and Router, Network and Inter-area Router LSAs. It enables OSPF
routers to support optional capabilities, and to communicate their capabilities to other OSPF routers in the network
QUESTION 117
Click the Exhibit button.
???????
ISP-A is advertising the 200.0.3.0/24 route to R1. R1 is advertising this BGP route to R2 but the route is hidden on R2.
A. The route is unusable because the next hop is not reachable from R2.
B. The route is unusable because it has not been verified.
C. The route is hidden because R1 is changing the next hop to 192.168.16.1.
D. The route is hidden because R2 has a more preferred route.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 118
Click the Exhibit button.
Address: 0x934c688
Source: 172.27.0.5
State:
Age: 3:22
Accepted
Localpref: 100
Referring to the exhibit, which two statements are true? (Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Accepted
Nexthop: 192.168.4.101
Localpref: 100
Accepted
Nexthop: 192.168.4.101
Localpref: 100
Accepted
Nexthop: 192.168.4.101
Localpref: 100
Accepted
Nexthop: 192.168.4.101
Localpref: 100
Referring to the exhibit, which AS path regular expression will match only the 10.16.1.0/24 and 10.16.2.0/24 routes?
A. .* (222|111) . *
B. .+ (222|111) . *
C. .(222|111) . *
D. .(. 222|. 111) . *
Correct Answer: C
Explanation/Reference:
Explanation:
?????????
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 121
Which set of BGP attributes is preferred by the Junos OS?
A. MED: 100
AS path: 50 50 50
Local preference: 50
Origin: I
B. MED: 50
AS path: 50 50 50
Local preference: 1
Origin: E
C. MED: 100
AS path: 50 50 50 50
Local preference: 50
Origin: I
D. MED: 50
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Referring to the information shown in the exhibit, where would you apply a policy containing the parameter local-preference 110 to accomplish this task?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 123
Click the Exhibit button.
????????
Referring to the exhibit, you want router A to have an EBGP peering with router C. They are both connected through router B, which does not have BGP running,
and has static routes configured.
What must be configured in the EBGP peer groups on routers A and C to make this connection possible?
A. MED
B. multihop
C. multipath
D. next-hop
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
[edit policy-options]
[edit policy-options]
user@R1# show
policy-statement prefer-for-inbound {
term prepend {
then {
as-path-prepend "100 100";
accept;
}
}
}
[edit policy-options]
user@R2# show
term local-pref {
then {
local-preference 110;
accept;
}
}
}
[edit policy-options]
user@R1# show
policy-statement prefer-for-inbound {
term local-pref {
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
[edit policy-options]
user@R2# show
policy-statement prefer-for-inbound {
term prepend {
then {
as-path-prepend "65503 65503";
accept;
}
}
}
QUESTION 125
Click the Exhibit button.
????????????????
R1 is connected to both R2 and R3 and you want to load-balance outbound traffic. You have provided the configuration shown in the exhibit; however, after
checking the links you notice that the traffic is not load-balancing.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
You are the administrator for the network shown in the exhibit. R1 receives the 196.15.4.0/24 route from routers R2, R3, and R4. Local preference values have not
been modified in this network. You are asked to ensure that R1 prefers the path through AS 3149 for traffic destined to 196.15.4.0/24.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
With “bgp always-compare-med” enabled, BGP will compare MED values even if they come from different ASes, although to reach this
step the AS_PATHs must have the same length. You should use this command throughout the AS or you risk creating routing loops.
QUESTION 128
Click the Exhibit button.
What happens if the multicast source connected to R1 starts sending multicast traffic towards R1?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
On Juniper Networks routers, data packets are encapsulated and de-encapsulated into tunnels by means of hardware and not the
software running on the router processor. The hardware used to create tunnel interfaces on M Series and T Series routers is a Tunnel
Services PIC. If Juniper Networks M Series Multiservice Edge Routers and Juniper Networks T Series Core Routers are configured as
rendezvous points or IP version 4 (IPv4) PIM sparse-mode DRs connected to a source, a Tunnel Services PIC is required. Juniper
Networks MX Series Ethernet Services Routers do not require Tunnel Services PICs. However, on MX Series routers, you must enable
tunnel services with the tunnel-services statement on one or more online FPC and PIC combinations at the [edit chassis fpc number
pic number] hierarchy level.
In PIM sparse mode, the source DR takes the initial multicast packets and encapsulates them in PIM register messages. The source
DR then unicasts the packets to the PIM sparse-mode RP router, where the PIM register message is de-encapsulated.
When a router is configured as a PIM sparse-mode RP router (by specifying an address using the address statement at the [edit
protocols pim rp local] hierarchy level) and a Tunnel PIC is present on the router, a PIM register de-encapsulation interface, or pd
interface, is automatically created. The pd interface receives PIM register messages and de-encapsulates them by means of the
hardware.
QUESTION 129
Which two statements are true about MSDP mesh groups? (Choose two.)
Correct Answer: AB
Explanation/Reference:
Explanation:
MSDP mesh groups are groups of peers configured in a full-mesh topology that limits the flooding of source-active messages to
neighboring peers.
Every mesh group member must have a peer connection with every other mesh group member. When a source-active message is
received from a mesh group member, the source-active message is always accepted but is not flooded to other members of the same
mesh group.
However, the source-active message is flooded to non-mesh group peers or members of other mesh groups.
***Exhibit is Missing***
Referring to the exhibit, the RPs are set up for anycast. Multicast traffic is currently flowing from the source to the receivers.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 131
A. 224.0.0.22
B. 224.0.0.13
C. 224.0.0.1
D. 224.0.0.2
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 132
Click the Exhibit button.
***Exhibit is Missing***
Your company has PIM running on some critical routers in your network, but another engineer has requested that you configure a PIM policy to prevent R2 from
becoming a PIM neighbor of R1 by dropping the hello packets.
Referring to the exhibit, which three commands are necessary for preventing R2 from becoming a PIM neighbor of R1? (Choose three.)
Explanation/Reference:
Explanation:
The following example filters PIM join and prune messages for group addresses 224.0.1.2 and 225.1.1.1.
user@host# set policy-options policy-statement block-groups term t1 from route-filter 224.0.1.2/32 exactuser@host# set policy-
options policy-statement block-groups term t1 from route-filter 225.1.1.1/32 exactuser@host# set policy-options policy-
statement block-groups term t1 then rejectuser@host# set policy-options policy-statement block-groups term last then accept
Which command allows you to configure the Junos device as a non-RP router for PIM?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Because the PIM mode you choose determines the PIM configuration properties, you first must decide whether PIM operates in
bidirectional, sparse, dense, or sparse-dense mode in your network. Each mode has distinct operating advantages in different network
environments.
In sparse mode, routers must join and leave multicast groups explicitly. Upstream routers do not forward multicast traffic to a
downstream router unless the downstream router has sent an explicit request (by means of a join message) to the rendezvous point
(RP) router to receive this traffic.
A. hello-interval
B. join-timer
C. leave-timer
D. max-age
E. leaveall-timer
Explanation/Reference:
Explanation:
The join timer controls the amount of time the router waits to accept a registration request.
The leave timer controls the period of time that the router waits in the Leave state before changing to the unregistered state.
The leaveall timer controls the frequency with which the LeaveAll messages are communicated.
The default MVRP timer values are 200 ms for the join timer, 1000 ms for the leave timer, and 10000 ms for the leaveall timer.
QUESTION 135
Click the Exhibit button.
***Exhibit is Missing***
Referring to the exhibit, a customer noticed that the 802. 1Q-tunneled packets received on SwitchB are being dropped. What is causing this problem?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 136
You are a service provider and have multiple customers in a building. You are installing a new switch that can host all of your customers. However, you would like
to ensure that one customer cannot see or broadcast to another customer. You would also like to have them use a common gateway IP address from the building.
A. VLAN
B. private VLAN
C. filter-based VLAN
D. Layer 2 tunneling
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 137
What are three types of PVLAN broadcast domains? (Choose three.)
A. primary VLAN
B. dynamic VLAN
C. isolated VLAN
D. community VLAN
E. S-VLAN
Explanation/Reference:
Explanation:
QUESTION 138
Click the Exhibit button.
{master:0}[edit]
v1 {
vlan-id 1;
interface {
ge-0/0/1.0;
v2 {
vlan-id 2;
interface {
ge-0/0/2. 0;
v3 {
vlan-id 3;
interface {
{master:0}[edit]
unit 0 {
family ethernet-switching {
port-mode trunk;
{master:0}[edit]
default
None
v1 1
ge-0/0/10*, ge-0/0/3.0*
v2 2
ge-0/0/2.0*, ge-0/0/3.0*
v3 3
ge-0/0/1.0*, ge-0/0/3.0*
Referring to the exhibit, what would explain interface ge-0/0/3.0 being active in VLANs v1, v2, and v3?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 139
Click the Exhibit button.
***Exhibit is Missing***
Referring to the exhibit, you are asked to ensure that CE1 can communicate with CE2 using VLAN 150. Which configuration meets this requirement on S1?
A. {master:0}[edit vlans]
user@S1# show
customer-a {
vlan-id 200;
dot1q-tunneling {
customer-vlans 150;
}
}
B. {master:0}[edit vlans]
user@S1# show
customer-a {
vlan-id 150;
interface {
ge-0/0/0. 0;
ge-0/0/1.0;
}
dot1q-tunneling {
customer-vlans 200;
}
}
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21686
QUESTION 140
Click the Exhibit button.
***Exhibit is Missing***
You are asked to separate the human resources group from the finance group on the company network even though they share the same VLAN.
After review, you realize that the PVLAN implementation will not work correctly.
Referring to the exhibit, which three commands must be included to resolve the problem? (Choose three.)
Explanation/Reference:
Explanation:
no-local-switching
Specify that access ports in this VLAN domain do not forward packets to each other. You use this statement with primary VLANs and
isolated secondary VLANs.
A PVLAN is designated the primary VLAN, and other VLANs are nested inside that VLAN as secondary VLANs. The types of PVLAN
broadcast domains are:
Primary VLAN—VLAN used to forward frames downstream to isolated and community VLANs.
Isolated VLAN—(When a PVLAN is configured on only one switch) A secondary VLAN that receives packets only from the primary
VLAN and forwards frames upstream to the primary VLAN.
Inter-switch isolated VLAN—(When a PVLAN is configured to span multiple switches) A secondary (internal) VLAN that is used to
forward isolated VLAN traffic from one switch to another through pvlan-trunk ports.
Community VLAN—A secondary VLAN that transports frames among community interfaces within the same community and forwards
QUESTION 141
Click the Exhibit button.
***Exhibit is Missing***
You have implemented a firewall-based VLAN filter to map traffic from subnet 192. 168. 40. 0/24 to a VLAN named vlan_40. However, you have not been
successful in getting the traffic mapped correctly.
Referring to the exhibit, which three commands are required to accomplish this behavior? (Choose three.)
Explanation/Reference:
Explanation:
http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/firewall-filter-ex-series-configuring.html
QUESTION 142
Click the Exhibit button.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Which three parameters must match on all devices within the same region? (Choose three.)
A. region name
B. hello timer
C. maximum age
D. revision level
E. VLAN mapping table
Explanation/Reference:
Explanation:
QUESTION 144
You are asked to implement VSTP on all devices in your Layer 2 network.
Explanation/Reference:
Explanation:
\
Context identifier : 0
Revision : 1
0 0, 4-4094
1 1-3
A network engineer has configured MSTP on several switches for loop protection. You must verify the work and ensure that the appropriate parameters match on
all switches.
Which operational command provides the required output shown in the exhibit?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 146
Click the Exhibit button.
configuration-name region1;
msti 1 {
bridge-priority 16k;
msti 2 {
bridge-priority 8k;
configuration-name region1;
bridge-priority 8k;
msti 1 {
bridge-priority 16k;
msti 2 {
bridge-priority 8k;
Referring to the exhibit, a customer observes that the MSTP instance between SwitchA and SwitchB is not converging correctly.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 147
Your company makes extensive use of VSTP in your network for loop protection. The network is at the VSTP VLAN limit and must protect additional VLANs.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 148
You are asked to set up 802.1X port authentication for all access ports on your EX Series switch.
You have a device that does not support 802.1X supplicants and you must ensure this device is authenticated.
You must also ensure that no unnecessary delay occurs when authenticating this device.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 149
Your company recently implemented Layer 2 authentication and access control to secure users accessing the corporate network. You implemented 802.1X, MAC
RADIUS, and a captive portal to support a variety of hosts on the network.
Senior management is concerned that valid users might be authenticated incorrectly on the network and they ask you questions about how these different access
technologies are used simultaneously.
A. MAC addresses that are part of a MAC address whitelist or a static MAC list are authenticated before any other authentication protocol is invoked.
B. Captive portal is a supported fallback option for 802.1X.
C. If the authentication server fails to respond to access requests and both a server-fail and guest VLAN are configured correctly, the server-fail VLAN takes
precedence over the guest VLAN.
D. Captive portal can only be configured on Layer 3 interfaces.
E. If a port is configured with 802.1X and the host does not respond to EAP requests, no other authentication protocol can authenticate the host.
Explanation/Reference:
Explanation:
QUESTION 150
In your 802.1X-enabled network, a RADIUS server fails to respond or authenticate a device.
Explanation/Reference:
Explanation:
QUESTION 151
Click the Exhibit button.
A contractor needs to connect a laptop to your company network, but your company has no wireless access and each office has only a single network port for an
employee laptop.
You have an IP phone with a data port available and you have access to the switch connected to it.
Referring to the exhibit, which three commands will allow access? (Choose three.)
A. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 mac-radius
B. set interfaces ge-0/0/16. 0 family ethernet-switching port-mode trunk
C. set interfaces ge-0/0/16. 0 family ethernet-switching vlan members contractor
D. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 supplicant multiple
E. set interfaces ge-0/0/16. 0 family ethernet-switching vlan members all
Explanation/Reference:
Explanation:
QUESTION 152
Click the Exhibit button.
Role: Authenticator
Number of retries: 3
Reauthentication: Enabled
802.1X authentication was recently configured on your ge-0/0/15 port. You issue the command shown in the exhibit.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 153
user@switch# show
authenticator {
authentication-profile-name my-profile;
static {
interface ge-0/0/12. 0;
interface {
ge-0/0/12. 0 {
supplicant multiple;
server-fail deny;
ge-1/0/14. 0 {
reauthentication 120;
ge-1/0/15. 0 {
supplicant multiple;
mac-radius {
restrict;
reauthentication 120;
You just added a device on port ge-0/0/12 with the MAC address 00:21:cc:ba:c7:59. All access ports on this device are members of VLAN v20. The RADIUS server
is currently not reachable.
Referring to the configuration shown in the exhibit, what happens to traffic sent from this device?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 154
Which two statements about the voice VLAN feature are correct? (Choose two.)
A. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on an access port.
B. It can be used to assign VoIP traffic into a CoS forwarding class.
C. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on a trunk port.
D. It can be used to apply a policer to VoIP traffic.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Voice VLAN feature in EX-series switches enables access ports to accept both data (untagged) and voice (tagged) traffic and
To assign differentiated priority to Voice traffic, it is recommended that class of service (CoS) is configured prior to enabling the voice
VLAN feature. Typically, voice traffic is treated with a higher priority than common user traffic. Without differentiated treatment through
CoS, all traffic, regardless of the type, is subject to the same delay during times of congestion.
The voice VLAN should only be enabled on access ports on which IP phones are actually connected.
Utilize Link Layer Discovery Protocol Media Endpoint Discovery (LLDP-MED) to provide the voice VLAN ID and 802.1p values to the
attached IP phones. This dynamic method associates each IP phone with the appropriate voice VLAN and assigns the necessary
802.1p values, which are used by CoS, to differentiate service for voice traffic within a network.
QUESTION 155
NetBIOS snooping information is stored in which database on EX Series switches?
A. RADIUS database
B. LLDP neighbor database
C. MAC table database
D. routing table database
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The NetBIOS snooping-enabled switch extracts the host details from the NetBIOS name registration packet and stores the details in
the LLDP neighbor database.
QUESTION 156
Which three PoE power allocation methods are supported on EX Series switches? (Choose three.)
Explanation/Reference:
Explanation:
QUESTION 157
A security camera is connected to an EX Series switch. You are asked to ensure power to the PoE port is maintained if the power budget is exceeded.
Correct Answer: CD
Section: (none)
Explanation
By default, PoE ports on EX Series switches are set to low power priority. You can configure
a PoE port to have a high power priority setting. If a situation arises where there is not
sufficient power for all the PoE ports, the available power is directed to the higher priority
ports, while power to the lower priority ports is shut down as needed.
Among PoE interfaces that have the same assigned priority, power priority is determined
by the port number, with lower-numbered ports having higher priority.
QUESTION 158
You are troubleshooting an LLDP neighbor and cannot see the IP address of the neighboring EX Series switch.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Neighbour Information:
Chassis type : Network address
System capabilities
Supported : Bridge Telephone
Enabled : Bridge
Management Info
Type : IPv4
Address : 0.0.0.0
Port ID : 1
Subtype : 1
Interface Subtype : ifIndex(2)
OID : 1.3.6.1.2.1.31.1.1.1.1.1
Media endpoint class: Class III Device
Organization Info
OUI : 0.18.15
Subtype : 1
Index : 1
Info : 036CA00010
Organization Info
OUI : 0.18.15
Subtype : 1
Index : 2
Info : 002303
Organization Info
OUI : 0.18.15
Subtype : 2
Index : 3
Info : 014001AE
Organization Info
Organization Info
OUI : 0.18.15
Subtype : 6
Index : 5
Info : 62313064303162325F392E62696E
Organization Info
OUI : 0.18.15
Subtype : 7
Index : 6
Info : 61313064303162325F392E62696E
Organization Info
OUI : 0.18.15
Subtype : 8
Index : 7
Info : 30374E353130313033343234
Organization Info
OUI : 0.18.15
Subtype : 9
Index : 8
Info : 4176617961
Organization Info
OUI : 0.18.15
Subtype : 10
Index : 9
Info : 34363130
Organization Info
OUI : 0.18.15
Subtype : 1
Index : 10
Info : 000028003C
Organization Info
OUI : 0.18.15
Subtype : 3
Organization Info
OUI : 0.18.15
Subtype : 4
Index : 12
Info : 000000000000000000000000
Organization Info
OUI : 0.18.15
Subtype : 5
Index : 13
Info : 00000000
Organization Info
OUI : 0.18.15
Subtype : 6
Index : 14
Info : 00000000
Organization Info
OUI : 0.18.15
Subtype : 7
Index : 15
Info : 01
QUESTION 159
On SRX Series devices, in which order does CoS process ingress packets?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A. access port
B. tagged access port
C. trunk port
D. designated port
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 161
You are asked to implement CoS on an EX Series switch. You attempt to configure the priority for the voice and data queue schedulers to medium-high and
medium-low priority, respectively.
However, you notice that the only parameters available for the priority is strict high and low.
Why are strict high and low the only available parameters for configuration?
A. The loss priority for the queues must first be set to medium-low and medium-high, respectively.
B. The switch only supports the strict high and low queue priorities.
C. The shared buffer feature must be configured prior to configuring scheduler priority.
D. The scheduler must be applied to an interface prior to configuring scheduler priority.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Priority scheduling is accomplished through a procedure in which the scheduler examines the priority of the queue. Juniper Networks
Junos operating system (Junos OS) supports two levels of transmission priority:
On EX Series switches other than EX4300 switches, a queue from a set of queues is selected based on the shaped deficit weighted
round robin (SDWRR) algorithm, which operates within the set. On EX4300 switches, the weighted deficit round-robin (WDRR)
algorithm is used to select a queue from a set of queues.
Strict-high—A strict-high priority queue receives preferential treatment over a low-priority queue. Unlimited bandwidth is assigned to a
strict-high priority queue. On EX Series switches other than EX4300 switches, queues are scheduled according to the queue number,
starting with the highest queue, 7, with decreasing priority down through queue 0. Traffic in higher-numbered queues is always
scheduled prior to traffic in lower-numbered queues. In other words, if there are two high-priority queues, the queue with the higher
queue number is processed first. On EX4300 switches, you can configure multiple strict-high priority queues on an interface and an
EX4300 switch processes these queues in a round-robin method.
Packets in low-priority queues are transmitted only when strict-high priority queues are empty. .
QUESTION 162
You are asked to configure a CoS weighted tail drop profile on your EX Series switch that causes all traffic in the best effort queue to drop when the queue is 90
percent full.
A. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
drop-probability 100;
}
}
B. [edit class-of-service]
drop-profiles {
be_dropp {
interpolate {
fill-level 90;
drop-probability 100;
}
C. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
}
}
D. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
drop-probability 90;
}
}
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Field Name
Field Description
Drop profile
Name of a drop profile.
Type
Type of drop profile:
discrete (default)
interpolated (EX8200 switches only)
Index
Internal index of this drop profile.
Fill Level
Percentage fullness of a queue.
Drop probability
Drop probability at this fill level.
A. transmit-rate percent 75
B. buffer-size percent 75
C. shaping-rate percent 75
D. shared-buffer percent 75
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A. dscp 0
B. loss-priority high
C. ip-precedence 0
D. loss-priority low
Correct Answer: B
Section: (none)
Explanation/Reference:
Explanation:
A. IP protocol number 89
B. TCP port 179
C. UDP port 179
D. IP protocol number 6
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 166
Which statement is true about default BGP route redistribution behavior?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A. DIS
B. RP
C. DR
D. BSR
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Answer was A
Network applications that can function with unicast but are better suited for multicast include collaborative groupware,
teleconferencing, periodic or “push” data delivery (stock quotes, sports scores, magazines, newspapers, and
advertisements), server or website replication, and distributed interactive simulation (DIS) such as war simulations or virtual
reality. Any IP network concerned with reducing network resource overhead for one-to-many or many-to-many data or
multimedia applications with multiple receivers benefits from multicast
Should be D
In actual application, many receivers with multiple SPTs are involved in a multicast traffic flow. To illustrate the process, we track the
multicast traffic from the RP router to one receiver. In such a case, the RP router begins sending multicast packets down the RPT
toward the receiver’s DR for delivery to the interested receivers. When the receiver’s DR receives the first packet from the RPT, the DR
sends a PIM join message toward the source DR to start building an SPT back to the source. When the source DR receives the PIM
join message from the receiver’s DR, it starts sending traffic down all SPTs. When the first multicast packet is received by the
receiver’s DR, the receiver’s DR sends a PIM prune message to the RP router to stop duplicate packets from being sent through the
RPT. In turn, the RP router stops sending multicast packets to the receiver’s DR, and sends a PIM prune message for this source over
QUESTION 168
Which statement is true about MVRP?
A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maps multiple independent spanning-tree instances onto one physical topology.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Was A should be B
Multiple VLAN Registration Protocol (MVRP) is used to manage dynamic VLAN registration in Carrier Ethernet network. You can use
MVRP on MX Series routers or on EX Series switches.
MVRP is disabled by default on MX Series routers and EX Series switches.
QUESTION 169
Which statement is true about LLDP?
A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maintains a separate spanning-tree instance for each VLAN.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
LLDP (Link Layer Discovery Protocol) is defined in IEEE 802.1AB as a layer 2 protocol which facilitates network and neighbor
discovery. Neighbor discovery is made possible through advertisements sent by each network device participating in LLDP.
Advertisements are sent by LLDP-enabled devices to identify themselves and to announce their capabilities to neighboring devices.
LLDP is somewhat comparable in purpose to Cisco’s CDP. LLDP will operate on both Layer 2 and Layer 3 interfaces. Also for
operability of the protocol, it doesn't matter whether the port is a trunk port or an access port as the LLDP frames are untagged. This
behavior helps the protocol build the network topology regardless of specific configuration parameters assigned to the port
QUESTION 170
Which CoS feature avoids congestion in a device by limiting traffic on ingress interfaces?
A. rewrite rule
B. scheduler
C. drop profile
D. policer
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Answer was A
Rewrite Rules
Rewrite rules change the marking of packets based on the forwarding class and loss priority combination as they egress the router.By default, J-series routers will
not change the DSCP/precedence fields of forwarded packets.
Depending on the protocol, the DSCP, IP Precedence, MPLS EXP, 802.1p, DSCP for IPv6 traffic, and Frame Relay discard eligible (DE) bits can be modified.It is
also possible to apply more than one classifier to the same egress queue/drop priority combination whenever the egress packet stacks more than one protocol.For
example, packets exiting a VLAN tagged interface can have both their DSCP and 802.1p bits changed simultaneously.Not every packet encapsulation allows all
possible rewrites.For example, the 802.1p bits can be changed only when the egress packet is a VLAN tagged packet, and the Frame Relay DE bit can only be set
(or unset) for Frame Relay packets.
Configuration consists of defining the bit values to be written (or alias name if an alias has been defined) for each particular forwarding class and drop priority
combination.
But should be D
QUESTION 171
R1 and R2 are ASBRs in the same area, each with an equal cost external path to the same external network prefix. R1 advertises an external route into OSPF with
a Type 1 metric. R2 advertises an external route into OSPF with a Type 2 metric.
A. R1's route is preferred because Type 1 metrics take into account the external cost only.
B. R1's route is preferred because Type 1 metrics take into account the internal and external cost.
C. R2's route is preferred because Type 2 metrics take into account the internal and external cost.
D. R2's route is preferred because Type 2 metrics take into account the external cost only.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The configured metric determines the method used to compute the cost to a destination:
The Type 1 external metric is equivalent to the link-state metric. The path cost uses the advertised external path cost and the path cost
to the AS boundary router (the route is equal to the sum of all internal costs and the external cost).
The Type 2 external metric uses the cost assigned by the AS boundary router (the route is equal to the external cost alone). By default,
OSPF uses the Type 2 external metric.
QUESTION 172
Click the Exhibit button.
A. Type 3 LSA
B. Type 4 LSA
C. Type 5 LSA
D. Type 7 LSA
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 173
Click the Exhibit button.
user@R2# show
area 0.0.0.6 {
nssa {
interface ge-1/1/4;
Referring to the exhibit, which two statements are correct? (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 174
Click the Exhibit button.
A. Type 7 LSA
B. Type 2 LSA
C. Type 5 LSA
D. Type 1 LSA
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 175
You are asked to configure graceful restart in your network.
Which OSPF LSA type would you expect to see in the LSDB?
A. Type 8
B. Type 9
C. Type 10
D. Type 11
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
user@R2# show
area 0.0.0.3 {
interface ge-0/1/1.0;
A. R2 is an ABR and will send a Type 7 LSA 0/0 route down into the nonbackbone area.
B. R2 is an ABR and will send a Type 3 LSA 0/0 route down into the nonbackbone area.
C. R2 will not send a Type 3 LSA 0/0 route into the nonbackbone area.
D. R2 will add a metric cost of 10 to the existing metric of a 0/0 route it receives from the backbone area and then send it into the nonbackbone area in a Type 5
LSA.
Correct Answer: B
Explanation/Reference:
Explanation:
QUESTION 177
Click the Exhibit button.
Which two configurations result in the output shown in the exhibit? (Choose two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Set the reference bandwidth used in calculating the default interface cost. The cost is calculated using the following formula:
cost = ref-bandwidth/bandwidth
QUESTION 178
Click the Exhibit button.
Given that all BGP attributes are at their default, how would you accomplish this task?
Correct Answer: B
Section: (none)
Explanation
QUESTION 179
Click the Exhibit button.
On AS1, which two attributes are used to influence inbound traffic from the other ASs shown in the exhibit? (Choose two.)
A. AS path
B. MED
C. local preference
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 180
Click the Exhibit button.
policy-statement LB {
term 1 {
then {
load-balance per-packet;
Two routers are joined by redundant BGP connections. You want to load-balance traffic across these links, and have configured the policy shown in the exhibit on
each device.
Which configuration, applied on each device, correctly applies the policy to accomplish this task?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
* 10.200.17.0/24 Self I
* 10.200.19.0/24 Self I
Referring to the exhibit, which three actions would summarize these routes to a BGP peer? (Choose three.)
Explanation/Reference:
Explanation:
QUESTION 182
Click the Exhibit button.
AS4 is using the default path to get to AS1. This path is not modified by any of the ASs shown in the exhibit. AS1 wants to influence this path so that traffic from
AS4 comes through AS3.
A. AS1
B. AS2
C. AS3
D. AS4
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 183
Click the Exhibit button.
Group: 224.50.50.50
Source: *
RP: 10.100.100.10
Flags: sparse,rptree,wildcard
Uptime: 00:00:10
Downstream neighbors:
Group: 224.50.50.50
Source: 10.100.10.10
Flags: sparse,spt
Uptime: 00:00:10
Downstream neighbors:
Interface: ge-0/0/2. 0
Referring to the output shown in the exhibit, which three statements are true about the PIM implementation on R1? (Choose three.)
Explanation/Reference:
Source: 10.100.10.10
Flags: sparse,spt
QUESTION 184
Which two statements are true about the configuration shown below? (Choose two.)
user@router# show
ssm-groups 227.0.0.0/24;
asm-override-ssm;
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
***Exhibit is Missing***
Referring to the exhibit, USER1 wants to only receive multicast traffic for group 225.0.0.1 and USER2 wants to only receive multicast traffic for group 225.0.0.2.
Both users are connected to an EX Series switch and are receiving unwanted multicast traffic.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 186
You are configuring PIM-SM for your network, and want to use a statically configured RP.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.juniper.net/techpubs/en_US/junos13.3/topics/topic-map/mcast-static-rp.html
Correct Answer: AD
Section: (none)
Explanation
http://www.juniper.net/techpubs/en_US/junos13.2/topics/concept/l2pt-qfx-series.html
QUESTION 189
Two PCs are attached to a hub, which is attached to port ge-0/0/0 on your EX Series switch. You must separate the incoming traffic from the PCs into two VLANs.
Explanation/Reference:
Explanation:
QUESTION 190
You are asked to implement a filter-based VLAN assignment. You have created the firewall filter and must apply this filter to the incoming interface.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 191
Click the Exhibit button.
{master:0}[edit]
v200 {
vlan-id 200;
interface {
ge-0/0/7. 0;
ge-0/0/8. 0;
dot1q-tunneling {
customer-vlans [ 11 12 ];
all {
drop-threshold 800;
shutdown-threshold 700;
Referring to the exhibit, you are attempting to configure L2PT for VLAN v200 but the configuration will not commit.
Which three configuration statements would resolve the problem? (Choose three.)
Explanation/Reference:
Explanation:
[edit]
user@switch# commit
error: Trunk interface <ge-0/0/10.0> can not be member of both dot1q-tunneling enabled vlan <cust-1>, and a non dot1q-tunneled vlan <v11> when dot1q-tunneling
ethernet-type is not <0x8100>
When you try to commit your 802.1Q tunneling configuration, you receive the error shown in the exhibit.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
'vlan all'
Cannot configure VSTP on all VLANs when more than 253 VLANs are configured. Configure vstp vlan-group along with STP or RSTP to cover all VLANs
[edit protocols]
'vstp'
What are two reasons for the commit error shown in the exhibit? (Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 194
Which two statements are correct about MSTP? (Choose two.)
Explanation/Reference:
Explanation:
Context ID : 0
Root cost : 0
Hop count : 19
Message age : 0
Local parameters
Internal instance ID : 0
Local parameters
Extended system ID : 0
Internal instance ID : 1
Hop count : 19
Local parameters
Extended system ID : 0
Internal instance ID : 2
Referring to the exhibit, which two statements are correct about the MSTP configuration? (Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 196
Click the Exhibit button.
Context ID : 0
...
Local parameters
Extended system ID : 0
Internal instance ID : 1
Local parameters
Extended system ID : 0
Internal instance ID : 2
MSTP information
Context identifier : 0
Revision : 1
0 0,400-4094
1 1-199
2 200-399
Context ID : 0
...
Local parameters
Extended system ID : 0
Internal instance ID : 1
Local parameters
Extended system ID : 0
Internal instance ID : 2
MSTP information
Context identifier : 0
Revision : 10
0 0,400-4094
1 1-199
2 200-399
A colleague recently implemented MSTP in your Layer 2 network and is having trouble determining why it is not working properly. You are asked to review the
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 197
You are asked to set up 802.1X port authentication for all access ports on your EX Series switch. You must ensure that only one user is allowed to authenticate per
port and all other attempts are denied.
A. single mode
B. single-secure mode
C. default mode
D. multiple mode
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
802.1x Port-Based Network Access Control (PNAC) authentication on EX Series switches provides three types of authentication to
meet the access needs of your enterprise LAN:
Authenticate the first end device (supplicant) on an authenticator port, and allow all others also connecting to have access.
Authenticate only one end device on an authenticator port at one time.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Server fail fallback allows you to specify how end devices connected to the switch are supported if the RADIUS authentication server
becomes unavailable or sends a RADIUS access-reject message.
802.1X and MAC RADIUS authentication work by using an authenticator port access entity (the EX Series switch) to block all traffic
to and from an end device at the interface until the end device's credentials are presented and matched on the authentication server
(a RADIUS server). When the end device has been authenticated, the switch stops blocking and opens the interface to the end device.
When you set up 802.1X or MAC RADIUS authentication on the switch, you specify a primary authentication server and one or more
backup authentication servers. If the primary authentication server cannot be reached by the switch and the secondary authentication
servers are also unreachable, a RADIUS server timeout occurs. Because the authentication server grants or denies access to the end
devices awaiting authentication, the switch does not receive access instructions for end devices attempting access to the LAN and
normal authentication cannot be completed. Server fail fallback allows you to configure authentication alternatives that permit the
switch to take appropriate actions toward end devices awaiting authentication or reauthentication.
Guest VLANs can be configured on switches that are using 802.1X authentication to provide limited access—typically only to the
Internet—for:
Corporate guests
QUESTION 199
Click the Exhibit button.
radius_server {
10.1.1.252 {
port 1812;
profile radius_server {
authentication-order password;
radius {
authentication-server 10.1.1.252;
ge-0/0/17. 0 {
supplicant multiple;
Sales_VLAN {
vlan-id 123;
unit 0 {
family ethernet-switching {
port-mode access;
You are asked to place employees that are in the sales group into their own VLAN called Sales_VLAN with a VLAN ID of 123 on port ge-0/0/17. The VLAN must be
assigned dynamically. After trying an initial configuration, you see that users in the sales group are not assigned to the Sales_VLAN.
Referring to the exhibit, which two configuration statements are needed on the EX Series switch to
resolve this problem? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Which configuration statement will authenticate the device against an authentication server?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To permit hosts that are not 802.1X-enabled to access the LAN, you can configure MAC RADIUS authentication on the switch
interfaces to which the non-802.1X-enabled hosts are connected. When MAC RADIUS authentication is configured, the switch will
attempt to authenticate the host with the RADIUS server using the host’s MAC address.
IEEE 802.1X Port-Based Network Access Control (PNAC) authenticates and permits devices access to a LAN if the devices can
communicate with the switch using the 802.1X protocol (are 802.1X-enabled). To permit non-802.1X-enabled end devices to access
the LAN, you can configure MAC RADIUS authentication on the interfaces to which the end devices are connected. When the MAC
address of the end device appears on the interface, the switch consults the RADIUS server to check whether it is a permitted MAC
address. If the MAC address of the end device is configured as permitted on the RADIUS server, the switch opens LAN access to the
end device.
You can configure both MAC RADIUS authentication and 802.1X authentication methods on an interface configured for multiple
supplicants. Additionally, if an interface is only connected to a non-802.1X-enabled host, you can enable MAC RADIUS and not enable
802.1X authentication using the mac-radius restrict option, and thus avoid the delay that occurs while the switch determines that the
device is does not respond to EAP messages
QUESTION 201
An emergency Class 3 IP phone is connected to an EX Series switch. You want to ensure that the IP phone does not have any problems if PoE power demands on
the switch are greater than the PoE power budget.
A. You must connect the IP phone into one of the ports from ge-0/0/0 to ge-0/0/7.
B. Set the power class on the PoE interface to 3.
C. Set the PoE priority to high.
D. Enable the guard-band parameter.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Sets the priority of individual ports. When it is not possible to maintain power to all connected ports, lower-priority ports are powered off
before higher priority ports. When a new device is connected on a higher-priority port, a lower-priority port will be powered off
automatically if available power is insufficient to power on the higher-priority port. Note that for ports with the same priority
configuration, ports on the left are given higher priority than the ports on the right.