Juniper - Actualtest.jn0 643.vv2014!11!11.by - dd.201q

Juniper.Actualtest.JN0-643.v2014-11-11.by-DD.
201q
Number: JN0-643
Passing Score: 800
Time Limit: 120 min
File Version: 18.5
Exam Code: JN0-643
Exam Name: Enterprise Routing and Switching, Professional (JNCIP-ENT)
Modified by DD 3-25-2014 - corrected some of the answers in the dump provided by Gaber
I changed the answers for Q 17, 19, 31, 165, 167, 168, 169, 170, 177, 179
A lot of the questions are missing exhibits or seem to have an exhibit not associated with the question.
Missing exhibits Q 107, 116, 117, 120,123,125,130,132,135, 139,140, 141, 185
www.vceplus.com - Website designed to help IT pros advance their careers.

Wrong exhibits Q 124, 178

Exam A
QUESTION 1
A user complains about connectivity problems from their IP address (10.1.1.87) to a server (10.65.1.100).
Which Junos command can help verify connectivity in the network?
A. mroute
B. traceoptions
C. ping
D. clear bgp neighbor
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 2
Port authentication falls back to Captive Portal.
In which two scenarios would the port authentication move back to 802.1X? (Choose two.)
A. if any MAC RADIUS request packet is received on the interface and if there are no sessions in authenticated/authenticating state
B. if Captive Portal is deactivated on the interface
C. if the user gets logged out
D. if the EAP packet is received on the interface and if there are no sessions in authenticated/authenticating state
Correct Answer: BD
Section: (none)
Explanation
Explanation:
Fallback of Authentication Methods

You can configure multiple authentication methods on a single interface to enable fallback to another method if one method fails.
If an interface is configured in multiple supplicant mode, all end devices connecting through the interface must use either captive portal

or a combination of 802.1X and MAC RADIUS, captive portal cannot be mixed with 802.1X or MAC RADIUS. Therefore, if there is
already an end device on the interface that was authenticated through 802.1X or MAC RADIUS authentication, then additional end
devices authenticating do not fall back to captive portal. If only 802.1X authentication or MAC RADIUS authentication is configured,
some end devices can be authenticated using 802.1X and others can still be authenticated using MAC RADIUS.
Fallback of authentication methods occurs in the following order:
802.1X authentication—If 802.1X is configured on the interface, the switch sends EAPoL requests to the end device and attempts to
authenticate the end device through 802.1X authentication. If the end device does not respond to the EAP requests, the switch checks
whether MAC RADIUS authentication is configured on the interface.
MAC RADIUS authentication—If MAC RADIUS authentication is configured on the interface, the switch sends the MAC RADIUS
address of the end device to the authentication server. If MAC RADIUS authentication is not configured, the switch checks whether
captive portal is configured on the interface.
Captive portal authentication—If captive portal is configured on the interface, the switch attempts to authenticate using this method
after attempting any other configured authentication methods. If an end device is authenticated on the interface using captive portal,
this becomes the active authentication method on the interface. When captive portal is the active authentication method, the switch
falls back to 802.1X authentication if there are no sessions in the authenticated state and if the interface receives an EAP packet.
QUESTION 3
A network routes IPv4 traffic only. You want to add IPv6 to the network, but you must use a single IGP for both IPv4 and IPv6 traffic.
Which protocol meets this requirement?
A. OSPFv2
B. BGPv4
C. ES-ISv1
D. OSPFv3
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 4
A Layer 2 forwarding loop occurred on your network during a scheduled maintenance period. You must prevent this behavior in the future.
Which protocol should you enable on the EX Series switch to address this condition in the future?

A. DVMRP
B. L2TPv3
C. STP
D. RSVP
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 5
You have implemented 802.1X authentication in your Layer 2 network and you have only a single RADIUS server. You are asked to ensure that if the RADIUS
server becomes unreachable or fails, users connected to the ge-0/0/0 port are still able to reach the Internet using a predefined guest VLAN.
Which command allows this access?
A. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail vlan guest
B. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 server-fail vlan-name guest
C. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 auth-fail assign-vlan guest
D. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail assign guest Juniper JN0-643 Exam
Correct Answer: B
Section: (none)
Explanation
Explanation:
Server fail fallback allows you to specify how end devices connected to the switch are supported if the RADIUS authentication server
becomes unavailable or sends a RADIUS access-reject message.
Juniper Networks EX Series Ethernet Switches use authentication to implement access control in an enterprise network. If 802.1X,
MAC RADIUS, or captive portal authentication are configured on the interface, end devices are evaluated at the initial connection by an
authentication (RADIUS) server. If the end device is configured on the authentication server, the device is granted access to the LAN

and the EX Series switch opens the interface to permit access.
A RADIUS server timeout occurs if no RADIUS authentication servers are reachable when an end device logs in and attempts to
access the LAN. Server fail fallback allows you to specify one of four actions to be taken toward end devices awaiting authentication
when the server is timed out:
Permit authentication, allowing traffic to flow from the end device through the interface as if the end device were successfully
authenticated by the RADIUS server.
Deny authentication, preventing traffic from flowing from the end device through the interface. This is the default.
Move the end device to a specified VLAN. (The VLAN must already exist on the switch.)
Sustain authenticated end devices that already have LAN access and deny unauthenticated end devices. If the RADIUS servers time
out during reauthentication, previously authenticated end devices are reauthenticated and new users are denied LAN access.
Server fail fallback is triggered most often during reauthentication when the already configured and in-use RADIUS server becomes
inaccessible. However, server fail fallback can also be triggered by an end device’s first attempt at authentication through the RADIUS
server.
Server fail fallback allows you to specify that an end device be moved to a specified VLAN if the switch receives a RADIUS access-
reject message. The configured VLAN name overrides any attributes sent by the server.
Configure an interface to move an end device to a specified VLAN if a RADIUS server timeout occurs (in this case, the VLAN name is
vlan1):
[edit protocols dot1x authenticator]
user@switch# set interface ge-0/0/1 server-fail vlan-name vlan1
QUESTION 6
Which option is a valid IPv6 multicast address?
A. fe80::205:8640:471:3200/64
B. ::172.16.0.5/126
C. ff03:365:ba::23
D. ff01:cgfc:345:22::226:8ff:fee4:bf6f
Correct Answer: C
Section: (none)
Explanation
Explanation:

QUESTION 7
A company is deploying a new 802.1X port-based security infrastructure to allow users to access resources through wired Ethernet ports. However they recently
deployed an RSA token-based system for users to connect remotely. The network administrator wants to reuse the same security database for 802.1X port-based
security.
Which 802.1X authentication protocol is required?
A. EAP-TLS
B. LAN-PEAP
C. RSA-EAP
D. EAP-TTLS
Correct Answer: D
Section: (none)
Explanation
Explanation:
With EAP-TTLS, you do not need to create a new infrastructure of user certificates. User authentication is performed against the same
security database that is already in use on the corporate LAN; for example, SQL or LDAP databases, or token systems.
The routing of the inner authentication request is handled either by means of standard Steel-Belted Radius Carrier authentication
request routing, or by means of a directed realm. If your EAP-TTLS tunnel ends at a dedicated server, and you want all the inner
authentication requests to be performed by other servers, use standard request routing so the proxy realm target can be determined in
a standard fashion (that is, the decoration of the username revealed by inner authentication). If your EAP-TTLS tunnel and inner
authentication are handled by the same server, you can use a directed realm to specify which authentication methods handle the inner
authentication.
QUESTION 8
Which protocol reachability is advertised by OSPFv2?
A. IPv4
B. IPv5
C. IPv6
D. ISO

Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 9
You are AS 6573.
Which AS path regular expression matches only routes originated in your AS?
A. "6573.*"
B. ".*"
C. "{"
D. "^$"
Correct Answer: D
Section: (none)
Explanation
Explanation:

QUESTION 10
Voice traffic is coming in on UDP port 17689. This traffic must be classified into the expedited- forwarding forwarding class.
Which type of classifier is needed?
A. code point alias

B. rewrite marker
C. multifield
D. behavior aggregate
Correct Answer: C
Section: (none)
Explanation
Explanation:
The Junos OS supports two general types of packet classification: behavior aggregate (BA) classification and multifield classification:
BA classification, or CoS value traffic classification, refers to a method of packet classification that uses a CoS configuration to set the
forwarding class or PLP of a packet based on the CoS value in the IP packet header. The CoS value examined for BA classification
purposes can be the Differentiated Services code point (DSCP) value, DSCP IPv6 value, IP precedence value, MPLS EXP bits, and

IEEE 802.1p value. The default classifier is based on the IP precedence value.
Multifield classification refers to a method of packet classification that uses a standard stateless firewall filter to set the forwarding class
or PLP for packets entering or exiting the interface based on multiple fields in the IP packet. You can configure multifield classifier that
specifies match conditions based on CoS values (such as DSCP value, IP precedence value, MPLS EXP bits, or IEEE 802.1p bits),
other packet values (such as IP address fields, the IP protocol type field, or the port number in the UDP or TCP pseudoheader field), or
a combination. Use multifield classification instead of BA classification when you need to classify packets based on information in the
packet other than the CoS values only.
With multifield classification, a firewall filter term can specify the packet classification actions for matching packets though the use of
the forwarding-class class-name or loss-priority (high | medium-high | medium-low | low) nonterminating actions in the term’s then
clause.
QUESTION 11
Which three attributes must a BGP update contain? (Choose three.)
A. next-hop
B. MED
C. origin
D. AS-path
E. local preference
Correct Answer: ACD

Section: (none)
Explanation
Explanation:

QUESTION 12
You must configure your access switch with more than 3000 VLANs and you want the ability to load-balance across them.
Which spanning-tree approach has the least impact on control-plane performance?
A. Configure your access switch with a load-balancing policy and apply it under [edit protocols rstp].

B. Configure your access switch for Rapid-PVST+.
C. Configure your access switch for MSTP, incorporating the use of MSTIs.
D. Configure your access switch for both VSTP and RSTP.
Correct Answer: C
Section: (none)
Explanation
Explanation:

QUESTION 13
You are implementing MSTP in your network.

Which three values must match on all switches within the MST region? (Choose three)
A. Context identifier
B. Region name
C. VLANs
D. Revision
E. Configuration manifest
Correct Answer: BCD

Section: (none)
Explanation
Explanation:
Configuring MSTP Regions

When enabling MSTP, you define one or more MSTP regions. An MSTP region defines a logical domain where MSTIs can be
administered independently of MSTIs in other regions, setting the boundary for Bridge Protocol Data Units (BPDUs) sent by one MSTI.
An MSTP region is a group of switches that is defined by three parameters:
Region name—User-defined alphanumeric name for the region.
Revision level—User-defined value that identifies the region.
Mapping table—Numerical digest of VLAN-to-instance mappings.
An MSTP region can support up to 64 MST instances, and each MSTI can support from 1 to 4094 VLANs. When you define a region,
MSTP automatically creates an internal spanning-tree instance (IST instance 0) that provides the root switch for the region and
includes all currently configured VLANs that are not specifically assigned to a user-defined Multiple Spanning-Tree Instance (MSTI). An
MSTI includes all static VLANs that you specifically add to it. The switch places any dynamically created VLANs in the IST instance by
default, unless you explicitly map them to another MSTI. Once you assign a
QUESTION 14
You have been asked to implement a private VLAN with two community VLANs. This private VLAN will be confined to a single switch in your Layer 2 network. This
private VLAN, along with other VLANs configured on the switch, will require gateway services provided through a connected router.
Which statement about this deployment is true?
A. All isolated ports must be configured as trunk ports.

B. A minimum of one promiscuous trunk port is required.

C. Both community VLANs must have an assigned VLAN IDs.
D. A minimum of one private VLAN trunk port is required.
Correct Answer: B
Section: (none)
Explanation
Explanation:
A promiscuous access port carries untagged traffic and can be a member of only one primary VLAN. Traffic that ingresses on a
promiscuous access port is forwarded to the ports of the secondary VLANs that are members of the primary VLAN that the
promiscuous access port is a member of. This traffic carries the appropriate secondary VLAN tags when it egresses from the
secondary VLAN ports if the secondary VLAN port is a trunk port.
QUESTION 15
During the BGP route-resolution process, the Junos OS must calculate the appropriate next-hop based on the BGP protocol next-hop attribute.
Which two routing tables are checked during this process in a default Junos configuration? (Choose two.)
A. inet.0
B. inet.1
C. inet.2
D. inet.3
Correct Answer: AD
Section: (none)
Explanation
Explanation:
The Border Gateway Protocol (BGP) uses different tables to resolve protocol next-hop for different applications. In a normal BGP
application like IPv4, the prefix is learned in the default table inet.0. BGP will try to resolve its protocol next-hop in the table inet.3 first;
if fails, it will resolve in the table inet.0. However, in L3VPN and L2VPN applications, BGP will resolve its protocol next-hop in the table
inet.3 only.

QUESTION 16
You have a requirement for a device to provide 20 W of power over Ethernet.
What meets this requirement?
A. Bond two standard PoE ports together to achieve 30.8 W of power.

B. Install an external redundant power supply in the switch to increase the total power load.
C. Select a switch that has PoE+ support.
D. Enable LLDP-MED to transfer power from other switches.
Correct Answer: C
Section: (none)
Explanation
Explanation:

QUESTION 17
R1 has an OSPF adjacency with R2 over a point-to-point link.
Which three statements about the advertisements for this link in the Type 1 (Router) LSA generated by R1 are true? (Choose three.)
A. It has a value in the link ID field with R2's interface IP address.

B. It has a value in the link ID field with R2's router ID.
C. It has a link-type of point-to-point (Type 1).
D. It has a link-type of Transit (Type 2).
E. It has a link-type of stub (Type 3).
Correct Answer: BCE

Section: (none)
Explanation

Explanation:
Answer was B, D and E
The OSPF Router LSA [LSA Type 1]

In the extensive ospf database output link type-field, such as (3), is followed by comments for explanation.
Each point-to-point link is advertised as two links: one stub and the other point-to-point. This is because on a pt-to-pt link, an OSPF
router alwasys forms an adjacency with its peer over an unnumbered connection. Hence, the link ID = the neighbor's router ID
QUESTION 18
What is the significance of the multicast address range 224.0.0.1 through 224.0.0.254?
A. They have link-local scope.

B. They have administrative region scope.
C. They are reserved for future use.
D. They have a scope of two or more hops from a router.
Correct Answer: A
Section: (none)
Explanation
Explanation:
There are two well-known scopes:

IPv4 local scope—This scope comprises addresses in the range 239.255.0.0/16. The local scope is the minimal enclosing scope and
is not further divisible. Although the exact extent of a local scope is site-dependent, locally scoped regions must not span any other
scope boundary and must be contained completely within or be equal to any larger scope. If scope regions overlap in an area, the area
of overlap must be within the local scope.
IPv4 organization local scope—This scope comprises 239.192.0.0/14. It is the space from which an organization allocates subranges
when defining scopes for private use.
The ranges 239.0.0.0/10, 239.64.0.0/10, and 239.128.0.0/10 are unassigned and available for expansion of this space.
Two other scope classes already exist in IPv4 multicast space: the statically assigned link-local scope, which is 224.0.0.0/24, and the
static global scope allocations, which contain various addresses.

QUESTION 19
You must prioritize VoIP packets on your network. Which feature will accomplish this goal?
A. RSVP
B. Multicast Routing
C. VPLS
D. Class of Service
Correct Answer: AD
Section: (none)
Explanation
Explanation:
Answer was C/D
Resource Reservation Protocol - Traffic Engineering is an extension of the resource reservation protocol (RSVP) for traffic engineering. It supports
the reservation of resources across an IP network. Applications running on IP end systems can use RSVP to indicate to other nodes the nature (bandwidth, jitter,
maximum burst, and so forth) of the packet streams they want to receive. RSVP runs on both IPv4 and IPv6.
QUESTION 20
You notice that a number of IGMP leave group messages are passing through a BMA network and are impacting the network's performance.
What would you do to resolve this issue without affecting multicast traffic?
A. Apply an import policy to control leave group messages.

B. Suppress group-specific queries.
C. Suppress generic IGMP queries.
D. Enable promiscuous-mode in IGMP.
Correct Answer: B
Section: (none)
Explanation

Explanation:
http://network-technologies.metaswitch.com/multicast//what-is-igmp-mld.aspx
Responding To Group Membership Queries

IGMPv1 and IGMPv2 use a Report suppression technique to avoid a 'storm' of responses to an IGMP Query message. When a host receives a Query, it starts a
randomized timer for each group that it is a member of. When this timer pops, the host sends an IGMP Report message addressed to that group. Any other hosts
that are members of the group also receive the message, at which point they cancel their timer for the group.
This mechanism ensures that, under most circumstances, a single IGMP Report message is sent for each multicast group in response to a single Query.
IGMPv3 removed the need for this, by packing multiple group memberships in a single Report message to reduce the number of packets sent.
Improving Group Membership Latency
When a host joins a new multicast group on an interface, it immediately sends an unsolicited IGMP Report message for that group.
IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report
message. Receipt of this message causes the Querier possibly to reduce the remaining lifetime of its state for the group, and to send a group-specific IGMP Query
message to the multicast group.
The Leave Group message is not used with IGMPv3, as its source address filtering mechanism provides the same functionality
QUESTION 21
A network administrator is configuring CoS on a switch and assigns forwarding classes call-sig and critical to the same queue number per the configuration below:
class-of-service {
forwarding-classes {
class best-effort queue-num 0;

class bulk-data queue-num 1;
class critical queue-num 3;
class voice queue-num 6;
class call-sig queue-num 3;
Based on the configuration, which option prioritizes call-sig traffic over critical traffic?
A. Assign call-sig and critical to different schedulers.

B. Assign call-sig and critical to different scheduler maps.

C. Assign a loss priority of high to the packets in the critical forwarding class and configure drop profiles in the scheduler configuration.
D. Assign a loss priority of high to the packets in the critical forwarding class and set priority high in the scheduler configuration.
Correct Answer: C
Section: (none)
Explanation
Explanation:
Set the packet loss priority to high, which means that means that packets are more susceptible to being dropped.
An individual device interface has multiple queues assigned to store packets temporarily before transmission. To determine the order
in which to service the queues, the device uses a round-robin scheduling method based on priority and the queue's weighted round-
robin (WRR) credits. Junos OS schedulers allow you to define the priority, bandwidth, delay buffer size, rate control status, and RED
drop profiles to be applied to a particular queue for packet transmission.
You configure schedulers to assign resources, priorities, and drop profiles to output queues. By default, only queues 0 and 3 have
resources assigned.
QUESTION 22
A Layer 2 transparent firewall separates two OSPFv3 routers.
For the two OSPFv3 routers to form an adjacency, which protocol must be permitted on the firewall?
A. IPv4 protocol 89
B. IPv6 protocol 89
C. TCP port 89
D. UDP port 89
Correct Answer: B
Section: (none)
Explanation
Explanation:

OSPFv3 Messages
OSPFv2 and OSPFv3 both have the same protocol number of 89, although OSPFv3, being an IPv6 protocol, more accurately has a
Next Header value of 89. And like OSPFv2, OSPFv3 uses multicast whenever possible.
The IPv6 AllSPFRouters multicast address is FF02::5, and the AllDRouters multicast address is FF02::6. Both have link-local scope.
You can easily see the similarity in the last bits with the OSPFv2 addresses of 224.0.0.5 and 224.0.0.6.
QUESTION 23
In MSTP, which two factors determine the root bridge in each region? (Choose two.)
A. The switch with the higher priority becomes the root bridge.
B. The switch with the lower priority becomes the root bridge.
C. The switch with the lower MAC address becomes the root bridge when priorities are tied.
D. The switch with the higher MAC address becomes the root bridge when priorities are tied.
Correct Answer: BC
Section: (none)
Explanation
Explanation:
QUESTION 24
Which two LSA types are only generated by an ABR router? (Choose two.)
A. ASBR summary LSA (Type 4)

B. ASBR LSA (Type 5)
C. Summary LSA (Type 3)
D. Router LSA (Type 1)
Correct Answer: AC
Section: (none)
Explanation
Explanation:

QUESTION 25
Which two statements about MVRP on EX Series switches are true? (Choose two.)
A. MVRP can add VLANs on access interfaces.

B. MVRP can add VLANs on trunk interfaces.
C. MVRP adds VLANs on MVRP-enabled interfaces by default.
D. MVRP is in transparent mode on MVRP-enabled interfaces by default.

Correct Answer: BC
Section: (none)
Explanation
Explanation:
How MVRP Works

The VLAN registration information sent by MVRP protocol data units (PDUs) includes the current VLANs membership—that is, which
routers are members of which VLANs—and which router interfaces are in which VLAN. MVRP shares all information in the PDU with
all routers participating in MVRP in the switching network.
MVRP stays synchronized using these PDUs. The routers in the network participating in MVRP receive these PDUs during state
changes and update their MVRP states accordingly. MVRP timers dictate when PDUs can be sent and when routers receiving MVRP
PDUs can update their MVRP information.
VLAN information is distributed as part of the MVRP message exchange process and can be used to dynamically create VLANs, which
are VLANs created on one switch and propagated to other routers as part of the MVRP message exchange process. Dynamic VLAN
creation using MVRP is enabled by default but can be disabled
QUESTION 26
A company's security policy does not allow outside computers or smart phones into their work areas. All company-provided computers are strictly controlled using
802.1X authentication on all of
their switches. All computers obtain DHCP IP addresses from centralized servers and all switches have IP spoofing enabled. However, one of the computers was
able to send IP spoofed packets.
Why did the IP spoof feature fail to prevent the spoofed packets from being forwarded?
A. The IP source guard database timeout was set too low.

B. The DHCP snooping feature was not enabled on any of the switches.
C. IP source guard does not prevent IP spoof attacks; you need to configure the Dynamic ARP Inspection feature.
D. 802.1X feature was not enabled on the port that was directly connected to the infected computer.
Correct Answer: B
Section: (none)
Explanation
Explanation:

DHCP snooping enables the switch to monitor and control DHCP messages received from untrusted devices connected to the switch.
When DHCP snooping is enabled, the system snoops the DHCP messages to view DHCP lease information and build and maintain a
database of valid IP address to MAC address (IP-MAC) bindings called the DHCP snooping database. Only clients with valid bindings
are allowed access to the network.
QUESTION 27
What is a valid router ID configuration for OSPFv3 in the Junos OS?
A. set routing-options router-id 2001:1:2::1

B. set protocols ospf3 router-id fe80:223:2887:ab31::1
C. set routing-options router-id 224.1.0.1
D. set protocols ospf3 router-id 10.8.3.9
Correct Answer: C
Section: (none)
Explanation
Explanation:
http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/configuration-statement/router-id-edit-routing-options.html
QUESTION 28
You are setting up a new switch in your network that is using MSTP. You have configured all access ports as edge ports, and you want to make sure that the
access ports can never transition to nonedge ports.
How can you meet this requirement?
A. Configure the interfaces as shared.

B. Configure the hello-time option as zero.
C. Configure the interfaces as a no-root-port.
D. Configure bpdu-block-on-edge.
Correct Answer: D
Section: (none)
Explanation
Explanation:

Description
Configure bridge protocol data unit (BPDU) protection on all edge ports of a switch. When the bpdu-block-on-edge statement is
configured and the interface encounters an incompatible BPDU, the interface shuts down.
If the disable-timeout statement is included in the BPDU configuration, the interface is automatically reenabled after the timer expires.
Otherwise, you must use the operational mode command clear ethernet-switching bpdu-error to unblock and reenable the interface.
bpdu-block-on-edge
Syntax
bpdu-block-on-edge;
Hierarchy Level
[edit logical-systems logical-system-name protocols (mstp | rstp | vstp)],[edit logical-systems logical-system-name routing-instances routing-
instance-name protocols (mstp | rstp | vstp)],[edit protocols (mstp | rstp | vstp)],[edit routing-instances routing-instance-name protocols (mstp | rstp |
vstp)]
Release Information
Statement introduced in Junos OS Release 9.4.
Support for logical systems added in Junos OS Release 9.6.
Description
Enable BPDU blocking on the edge ports of a virtual switch.
QUESTION 29
When using PIM-SM in ASM mode, which two events trigger the creation of a shortest-path tree? (Choose two.)
A. Multicast traffic received at the receiver's designated router (DR).

B. PIM join received at the receiver's designated router (DR).
C. PIM join received at the source designated router (DR).
D. PIM registers received by the rendezvous point (RP).
Correct Answer: AD
Section: (none)
Explanation
Explanation:
In order to have the multicast traffic sent down the shared tree, the RP must register with the multicast source. Please note that the receivers can join the shared

tree before the source register with the RP. There is no process of order operation here. But for this example we will start by registering the source with the RP as
frequently the multicast source may begin sending traffic before any receivers join the group. In order for the source to register with the RP, the RP must build a
SPT (source path tree) to the source but in order to do that the RP must somehow know that the source exist so PIM SM makes uses of the PIM register and PIM
Register stop messages to implement a source registration process to accomplish the task.
PIM register message are sent by the first-hop DR (that is the DR directly connected to the source) to the RP.
QUESTION 30
A coffee shop offering free Internet service to customers wants to implement the following security policies:
1. Every customer must agree to a set of terms and conditions before accessing the Internet.
2. Log out customers that are logged in for more than one hour.
3. Log out customers that are idle for more than 5 minutes.
4. Authenticate employee desktop computers with known hardware addresses in the office of the coffee shop to access the Internet without the above restrictions.
The following configuration has been applied to the switch:
- set access radius-server 172.16.14.26 port 1812

- set access radius-server 172.16.14.26 secret Am@zingC00f33
- set access profile dot1x authentication-order radius
- set access profile dot1x radius authentication-server 172.27.14.226
What would you add to implement these policies?
A. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple

set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius
set protocols dot1x authenticator authentication-profile-name dot1x
set services captive-portal authentication-profile-name dot1x
set services captive-portal interface ge-0/0/12.0
set services captive-portal secure-authentication https
set services captive-portal custom-options header-message "Welcome to Our Coffee Shop"
set services captive-portal custom-options banner-message "Terms and Conditions of Use"
B. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple
C. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple

set services captive-portal interface ge-0/0/12.0 idle-timeout 300
set services captive-portal interface ge-0/0/12.0 user-timeout 3600
D. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple
set protocols dot1x authenticator interface ge-0/0/12.0 idle-timeout 300
set protocols dot1x authenticator interface ge-0/0/12.0 user-timeout 3600
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 31
What is an IP multicast routing protocol?
A. RSVP
B. OSPF
C. PIM
D. CDP
Correct Answer: BC
Section: (none)
Explanation

Explanation:
Was C/D
CDP not routing protocol
QUESTION 32
Which version of BGP would an enterprise use to peer with an ISP?
A. Confederation BGP
B. External BGP
C. Internal BGP
D. Labeled-Unicast
Correct Answer: C
Section: (none)
Explanation
Explanation:
Regions are an important concept because they address many of the challenges inherent in large routed networks. By
dividing the network into regions, service providers can increase the scale of their networks and improve convergence
times. Regions essentially partition the network into sections or zones, which can be OSPF areas or IS-IS levels within a single autonomous system (AS), or each
region can be an AS using a separate IGP.
The characteristics of a multi-region network are quite similar to a multi-area OSPF network, multilevel IS-IS network, or BGP AS, but the regions don’t exchange
routing information as would a typical area or level. No IGP routing information, LDP signaling, or RSVP signaling is exchanged between regions. Rather, regions
are connected by and communicate with BGP labeled unicast.
Like these other concepts, the primary advantage of regions is reducing the number of entries in the routing and forwarding tables of individual routers. This
simplifies the network, enabling greater scale and faster convergence.
LDP and RSVP label-switched paths are contained within a region, reducing the amount of LDP and RSVP state network-wide. Lowering the amount of resources
required by each node prolongs the life span of each node as the network continues to grow.
Regions also simplify network integration and troubleshooting. Network integrations and expansions do not require compatible IGPs or compatible LDP/RSVP
implementations between networks. The new network or region only needs
BGP labeled unicast compatibility with the existing network. Troubleshooting a multi-region network is simplified because problems are more likely to be contained
within a single region rather than spread across multiple regions.
In a multi-region network, BGP-LU is essential to enabling inter-region end-to-end routing, as it provides the communication and connectivity between multiple
regions. Defined in RFC 31071, it enables BGP to advertise unicast routes with an MPLS label binding (a prefix and label). To accomplish this, BGP-LU leverages

Multiprotocol Border
Gateway Protocol (MP-BGP) and subsequent address family identifier (SAFI) 4 which indicates that the network layer reachability information (NLRI) contains a
label mapping. BGP-LU has long been used for inter-AS VPN services such as “carrier’s carrier” and is now being applied to intra-AS in a similar way to achieve
massive scaling.
QUESTION 33
You are setting up a new switch in your network that is using MSTP. You want to make sure that any port connected to a host starts forwarding traffic immediately.
How can you meet this requirement?
A. Configure the interfaces as point-to-point.

B. Configure the interfaces as edge.
C. Configure the forward-delay option as zero.
D. Configure the interfaces as shared.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 34
You have been asked to implement 802.1X in your network and to ensure that all authorized users continue to be permitted should the RADIUS server fail.
Which solution will satisfy this requirement?
A. Implement the persistent MAC feature with the override option.

B. Implement the server fail fallback feature with the use-cache option.
C. Implement the persistent MAC feature with the use-cache option.
D. Implement the server fail fallback feature with the override option.
Correct Answer: B
Section: (none)
Explanation

Explanation:
With Juniper switches you can be rest assured that even if your radius server fails, Your network would still be up. Users would still be able login into the network
using a phenomenal feature called Switch Cache . If radius server fails, switch can use cache to authenticate the dot1x clients. use-cache—If the RADIUS servers
time out during reauthentication, previously authenticated supplicants are reauthenticated, but LAN access is denied for new supplicants. Configuration: set
protocols dot1x authenticator authentication-profile-name auth set protocols dot1x authenticator interface ge-0/0/0.0 supplicant multiple set protocols dot1x
authenticator interface ge-0/0/0.0 retries 4 set protocols dot1x authenticator interface ge-0/0/0.0 reauthentication 30 set protocols dot1x authenticator interface ge-
0/0/0.0 server-timeout 20 set protocols dot1x authenticator interface ge-0/0/0.0 server-fail use-cache set access radius-server 10.130.38.11 secret "x.x.x.x" set
access profile auth auth
QUESTION 35
How does an administrator block IGMP reports for the 239.0.0.0/8 group range?
A. Create a routing policy and apply it to IGMP using the group-policy feature.
B. Create a routing policy and apply it to IGMP using the report-policy feature.
C. Create a routing policy and apply it to IGMP as export.
D. Create a routing policy and apply it to IGMP as import.
Correct Answer: A
Section: (none)
Explanation
Explanation:
Filtering Unwanted IGMP Reports at the IGMP Interface Level

Suppose you need to limit the subnets that can join a certain multicast group. The group-policy statement enables you to filter unwanted IGMP reports at the
interface level. When this statement is enabled on a router running IGMP version 2 (IGMPv2) or version 3 (IGMPv3), after the router receives an IGMP report, the
router compares the group against the specified group policy and performs the action configured in that policy (for example, rejects the report if the policy matches
the defined address or network).
You define the policy to match only IGMP group addresses (for IGMPv2) by using the policy's route-filter statement to match the group address. You define the
policy to match IGMP (source, group) addresses (for IGMPv3) by using the policy's route-filter statement to match the group address and the policy's source-
address-filter statement to match the source address.
To filter unwanted IGMP reports:
Configure an IGMPv2 policy.
[edit policy-statement reject_policy_v2]user@host# set from route-filter 224.1.1.1/32 exact user@host# set from route-filter 239.0.0.0/8
orlongeruser@host# set then reject
Configure an IGMPv3 policy.
[edit policy-statement reject_policy_v3]user@host# set from route-filter 224.1.1.1/32 exact user@host# set from route-filter 239.0.0.0/8

orlongeruser@host# set from source-address-filter 10.0.0.0/8 orlonger user@host# set from source-address-filter 127.0.0.0/8
orlongeruser@host# set then reject
Apply the policies to the IGMP interfaces on which you prefer not to receive specific group or (source, group) reports. In this example, ge-0/0/0.1 is running
IGMPv2, and ge-0/1/1.0 is running IGMPv3.
[edit protocols igmp]user@host# set interface ge-0/0/0.1 group-policy reject_policy_v2user@host# set interface ge-0/1/1.0 group-policy
reject_policy_v3
Verify the operation of the filter by checking the Rejected Report field in the output of the show igmp statistics command
QUESTION 36
You have been asked to implement a private VLAN with two community VLANs. This private VLAN must span multiple switches in your Layer 2 network.
Which two statements about this deployment are true? (Choose two.)
A. All isolated ports must be configured as trunk ports.

B. A minimum of one promiscuous trunk port is required.
C. Both community VLANs must have assigned VLAN IDs.
D. A minimum of one private VLAN trunk port is required.
Correct Answer: CD
Section: (none)
Explanation
Explanation:
http://www.juniper.net/techpubs/en_US/junos10.4/topics/concept/private-vlans-ex-series.html
PVLAN Ethernet Switch Ports

PVLANs can have the following types of switch ports:
Promiscuous port—An upstream (trunk) port that is connected to the routers or shared resources. These ports have Layer 2 connectivity to all the other ports on
the switch, including the isolated ports.
Community port—An access port that belongs to a community. These ports have Layer 2 connectivity with other ports in the same community.
Isolated port—An access port that is isolated from the other ports on the switch. Isolated ports have Layer 2 connectivity only with promiscuous ports and PVLAN
trunk ports. An isolated port cannot communicate with another isolated port even if they are members of the same isolated VLAN (or inter-switch isolated VLAN)
domain. Typically, a server (such as a mail server or a backup server) is connected on this type of port.
PVLAN trunk port—A trunk port that connects two switches when a PVLAN is configured spanning those switches. The PVLAN trunk port is a member of all the
VLANs within the PVLAN (that is, the primary VLAN, the community VLANs, and the inter-switch isolated VLAN). It can communicate with all ports other than the
isolated ports.

The membership of the PVLAN trunk port in the inter-switch isolated VLAN is “egress-only”. Incoming traffic on the PVLAN trunk port will never get assigned to the
inter-switch isolated VLAN. The communication between a PVLAN trunk port and an isolated port is unidirectional. An isolated port can forward packets to a
PVLAN trunk port, but a PVLAN trunk port cannot forward packets to an isolated port.
QUESTION 37
Which configuration parameter causes a router to ignore router ID and peer ID from the BGP route
selection algorithm?
A. multihop
B. as-path loops
C. multipath
D. next-hop self
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 38
If your WAN-edge router is multihomed to different ISPs, which two BGP attributes would you modify to affect outbound traffic? (Choose two.)
A. MED
B. Origin
C. Local preference
D. Community
Correct Answer: BC
Section: (none)
Explanation
Explanation:
QUESTION 39
A medium-sized enterprise has some devices that are 802.1X capable and some that are not. Any device that fails authentication must be provided limited access
through a VLAN called NONAUTH.

How do you provide this access?
A. Configure NONAUTH VLAN as the guest VLAN.

B. Configure NONAUTH VLAN as the server-reject VLAN.
C. Configure NONAUTH VLAN as the guest VLAN and the server-reject VLAN.
D. Configure a separate VLAN for each type of user: 802.1X and non-802.1X.
Correct Answer: C
Section: (none)
Explanation
Explanation:
How 802.1X Authentication Works

802.1X authentication works by using an Authenticator Port Access Entity (the switch) to block all traffic to and from a supplicant (end device) at the port
until the supplicant's credentials are presented and matched on the Authentication server (a RADIUS server). When authenticated, the switch stops blocking
traffic and opens the port to the supplicant.
802.1X Features Overview

802.1X features on Juniper Networks EX Series Ethernet Switches are:
Guest VLAN—Provides limited access to a LAN, typically just to the Internet, for end devices that are not 802.1X enabled when MAC RADIUS authentication has
not been configured on the switch interfaces to which the hosts are connected .
Server-reject VLAN—Provides limited access to a LAN, typically just to the Internet, for end devices that are 802.1X enabled but have sent the wrong credentials.
Server-fail VLAN—Provides limited access to a LAN, typically just to the internet, for 802.1X end devices during a RADIUS server timeout.
Dynamic VLAN—Enables an end device, after authentication, to be a member of a VLAN dynamically.
Private VLAN—Enables configuration of 802.1X authentication on interfaces that are members of private VLANs (PVLANs).
Dynamic changes to a user session—Allows the switch administrator to terminate an already authenticated session. This feature is based on support of the
RADIUS Disconnect Message defined in RFC 3576.
Support for VoIP—Supports IP telephones. If the phone is 802.1X-enabled, it is authenticated like any other supplicant. If the phone is not 802.1X-enabled, but has
another 802.1X-compatible device connected to its data port, that device is authenticated, and then VoIP traffic can flow to and from the phone (providing that the
interface is configured in single mode and not in single-secure mode).
QUESTION 40
When using PIM-SM in SSM mode, which event triggers the creation of a shortest-path tree?
A. Multicast traffic received at the receiver's designated router (DR).

B. An IGMPv3 report received at the receiver's designated router (DR).
C. Multicast traffic received at the rendezvous point (RP).
D. An IGMPv3 report received at the source's designated router (DR).
Correct Answer: B
Section: (none)
Explanation
Explanation:
PIM SSM is simpler than PIM sparse mode because only the one-to-many model is supported. Initial commercial multicast Internet applications are likely to be
available to subscribers (that is, receivers that issue join messages) from only a single source (a special case of SSM covers the need for a backup source).
PIM SSM therefore forms a subset of PIM sparse mode. PIM SSM builds shortest-path trees (SPTs) rooted at the source immediately because in SSM, the router
closest to the interested receiver host is informed of the unicast IP address of the source for the multicast traffic. That is, PIM SSM bypasses the RP connection
stage through shared distribution trees, as in PIM sparse mode, and goes directly to the source-based distribution tree.
QUESTION 41
Which statement regarding LLDP update messages is correct?
A. Updates can be secured using the MD5 algorithm.

B. Updates are advertised every 60 seconds by default.
C. Updates require bidirectional communication.
D. Updates can be triggered by local changes.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 42
When 802.1X, MAC-RADIUS, and Captive Portal are enabled on an interface, which authentication sequence occurs?
A. The authentication sequence is based on the order of the configuration.

B. If MAC-RADIUS is rejected, Captive Portal will start. If Captive portal is timed out, 802.1X will start.
C. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is timed out by the RADIUS server, then Captive Portal will start.
D. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is rejected by the RADIUS server, then Captive Portal will start.

Correct Answer: D
Section: (none)
Explanation
Explanation:
How 802.1X Authentication Works

802.1X authentication works by using an Authenticator Port Access Entity (the switch) to block all traffic to and from a supplicant (end device) at the port
until the supplicant's credentials are presented and matched on the Authentication server (a RADIUS server). When authenticated, the switch stops blocking
traffic and opens the port to the supplicant.
802.1X Features Overview

802.1X features on Juniper Networks EX Series Ethernet Switches are:
Guest VLAN—Provides limited access to a LAN, typically just to the Internet, for end devices that are not 802.1X enabled when MAC RADIUS authentication has
not been configured on the switch interfaces to which the hosts are connected .
Server-reject VLAN—Provides limited access to a LAN, typically just to the Internet, for end devices that are 802.1X enabled but have sent the wrong credentials.
Server-fail VLAN—Provides limited access to a LAN, typically just to the internet, for 802.1X end devices during a RADIUS server timeout.
Dynamic VLAN—Enables an end device, after authentication, to be a member of a VLAN dynamically.
Private VLAN—Enables configuration of 802.1X authentication on interfaces that are members of private VLANs (PVLANs).
Dynamic changes to a user session—Allows the switch administrator to terminate an already authenticated session. This feature is based on support of the
RADIUS Disconnect Message defined in RFC 3576.
Support for VoIP—Supports IP telephones. If the phone is 802.1X-enabled, it is authenticated like any other supplicant. If the phone is not 802.1X-enabled, but has
another 802.1X-compatible device connected to its data port, that device is authenticated, and then VoIP traffic can flow to and from the phone (providing that the
interface is configured in single mode and not in single-secure mode).
QUESTION 43
You are troubleshooting a problem on interface ge-0/0/3.
Which command shows statistics in real time?
A. show interfaces statistics

B. monitor interface statistics ge-0/0/3
C. monitor interface traffic
D. monitor traffic interface ge-0/0/3
Correct Answer: C
Section: (none)

Explanation
Explanation:
monitor traffic interface
Note: Because the Packet Forwarding Engine removes Layer 2 header information before sending packets to the Routing Engine:
The monitor traffic command cannot apply match conditions to inbound traffic.
The monitor traffic interface command also cannot apply match conditions for Layer 3 and Layer 4 packet data, resulting in the match pipe option (| match) for this
command for Layer 3 and Layer 4 packets not working either. Therefore, ensure that you specify match conditions as described in this command summary.
The 802.1Q VLAN tag information included in the Layer 2 header is removed from all inbound traffic packets. Because the monitor traffic interface ae[ x] command
for aggregated Ethernet interfaces (such as ae0) only shows inbound traffic data, the command does not show VLAN tag information in the output.
QUESTION 44
Which CoS component helps with TCP global synchronization problems?
A. WRR with rewrite rules

B. WRED with drop profiles
C. tail drop profiles with a behavior aggregate classifier
D. exact term with a scheduler
Correct Answer: B
Section: (none)
Explanation
Explanation:

QUESTION 45

You want to control bursts of HTTP traffic entering your SRX Series Gateway. To support varying requirements, interfaces ge-0/0/0 through ge-0/0/3 should each
be rate-limited separately, using the same parameters.
What is the correct way to meet these requirements?
A. Configure a single policer and apply it directly on the appropriate interfaces.

B. Configure four policers and apply each one directly on the appropriate interface.
C. Configure a policer and reference it in a firewall filter that uses the interface-specific option;
apply the filter to the appropriate interfaces.
D. Configure four policers and reference them all in a firewall filter; apply the filter to the appropriate interfaces.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 46
You are configuring BGP peering with a neighboring AS. Multiple physical links exist between your edge router and the neighboring edge router, and you want a
configuration that supports the highest degree of redundancy.
How can you implement this scenario?
A. Configure multiple peerings between the routers' physical interfaces.

B. Use the multipath feature.
C. Configure multiple peerings between the routers' logical interfaces.
D. Use the multihop feature.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 47
An OSPF router is an ABR but not an ASBR.
Which three types of LSAs would you expect this router to generate? (Choose three.)

A. Type 1 LSA
B. Type 3 LSA
C. Type 4 LSA
D. Type 5 LSA
E. Type 6 LSA
Correct Answer: ABC

Section: (none)
Explanation
Explanation:
QUESTION 48
-- Exhibit --
user@R1> show configuration protocols pim rp
local {
address 192.168.3.1;
auto-rp discovery;
static {
address 192.168.5.1;
user@R1> show route 192.168.0.0/16
inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.2.1/32 *[Direct/0] 3w4d 04:58:14

> via lo0.0
192.168.5.1/32 *[OSPF/10] 00:52:25, metric 1
> via lt-0/0/0.0
192.168.10.1/32 *[OSPF/10] 00:48:06, metric 1
> via lt-0/0/0.2
192.168.50.1/32 *[OSPF/10] 00:48:06, metric 1
> via lt-0/0/0.4
-- Exhibit --
Click the Exhibit button.
Router R1 in the exhibit is receiving auto-RP announce messages specifying an RP of 192.168.10.1 and BSR messages specifying an RP-set with an RP of
192.168.50.1.
Which address will R1 use as the RP for traffic destined to the 224.1.1.1 multicast group?
A. 192.168.3.1
B. 192.168.5.1
C. 192.168.10.1
D. 192.168.50.1
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 49
-- Exhibit

-- Exhibit --
In the exhibit, customers connected to Area 3 must have access to external prefixes received from
the data center connected to the router in Area 1. These configurations are currently applied to the routers in Area 1:
{master:0}[edit]
user@Area-1-ABR# show protocols ospf
no-nssa-abr;
area 0.0.0.1 {

nssa;
interface ge-1/1/1.100;
{master:0}[edit]
user@Area-1-External# show protocols ospf
area 0.0.0.1 {
stub no-summaries;
What must you change for these configurations to work?
A. Configure the ABR router in Area 1 to support a virtual link.

B. Delete no-summary-lsa from the ABR router in Area 1.
C. Configure the external router in Area 1 for NSSA.
D. Configure the ABR in Area 1 for a default LSA with a default-metric of 10 and no-summaries.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 50
-- Exhibit --
20.0.0.0/8 *[BGP/170] 01:10:38, localpref 100, from 10.0.0.1

AS path: 100 I
> to 15.0.0.2 via ge-0/0/0.0

[BGP/170] 00:00:59, localpref 100
AS path: 100 ?
> to 35.0.0.2 via ge-0/0/1.0
-- Exhibit --
Referring to the output in the exhibit, why does the router prefer the path toward interface ge- 0/0/0.0 for the 20.0.0.0/8 route?
A. The origin is IGP.

B. The origin is unknown.
C. The AS path is longer.
D. Multihop is enabled.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 51
-- Exhibit --
Group: 239.1.1.1
Source: 10.255.70.15
Flags: sparse,spt
Upstream interface: so-1/0/0.0
Upstream neighbor: 10.111.10.2
Upstream state: Local RP, Join to Source
Keepalive timeout: 344

Downstream neighbors:
Interface: Pseudo-GMP
fe-0/0/0.0 fe-0/0/1.0 fe-0/0/3.0
Interface: so-1/0/0.0 (pruned)
10.111.10.2 State: Prune Flags: SR Timeout: 174
Interface: mt-1/1/0.32768
10.10.47.100 State: Join Flags: S Timeout: Infinity
-- Exhibit --
Referring to the exhibit, which two statements are true? (Choose two.)
A. The router has pruned the RPT.

B. The router has pruned the SPT only.
C. The router has pruned the RPT only.
D. The router has pruned the SPT.
Correct Answer: AD
Section: (none)
Explanation
Explanation:
QUESTION 52
-- Exhibit --
user@switch# run show spanning-tree statistics interface ge-0/0/0
STP interface statistics for VLAN 10
Interface BPDUs sent BPDUs received Next BPDU
transmission

ge-0/0/0.0 170 3 0
STP interface statistics for VLAN 20
Interface BPDUs sent BPDUs received Next BPDU
transmission
ge-0/0/0.0 171 3 0
-- Exhibit --
Based on the exhibit, which spanning-tree protocol is running on ge-0/0/0?
A. VSTP
B. MSTP
C. RSTP
D. PVST
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 53
-- Exhibit

-- Exhibit --
Given the topology in the exhibit, which two statements related to the Q-in-Q tunneling implementation are true? (Choose two.)
A. The ge-0/0/0 interface on Provider Bridge A must be configured as an access port.

B. The ge-0/0/0 interface on Provider Bridge A must be configured as a trunk port.
C. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID 100.
D. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID 200.
Correct Answer: AD
Section: (none)
Explanation
Explanation:
QUESTION 54
-- Exhibit

-- Exhibit --
You are implementing Q-in-Q tunneling to connect R1 and R2 using the configurations shown in the exhibit.
What must be changed on Switch_A to allow both Dot1q-tunneling VLANs and non-Dot1q- tunneling VLANs on the same trunk interface?
A. Change the Dot1q-tunneling Ethertype to 0x9100.

B. Change the Dot1q-tunneling Ethertype to 0x88a8.
C. Change the Dot1q-tunneling Ethertype to 0x8100.
D. Change the Dot1q-tunneling Ethertype to 0x98a8.
Correct Answer: C
Section: (none)
Explanation

Explanation:
http://packetcorner.wordpress.com/category/switching/q-in-q/
QUESTION 55
-- Exhibit
-- Exhibit --
In the exhibit, Host2 is the only host currently joining group 231.1.1.1, but S1 is still flooding the traffic to all hosts on VLAN 100.
What feature can be configured on S1 to limit the multicast flooding of traffic to only interested hosts on VLAN 100?
A. Multicast scoping
B. IGMP snooping
C. Multicast VLAN registration
D. IGMP immediate leave
Correct Answer: B
Section: (none)

Explanation
Explanation:
Internet Group Management Protocol (IGMP) snooping constrains the flooding of IPv4 multicast traffic on VLANs on a switch. When IGMP snooping is enabled on
a VLAN, a Juniper Networks EX Series Ethernet Switch examines IGMP messages between hosts and multicast routers and learns which hosts are interested in
receiving traffic for a multicast group. Based on what it learns, the switch then forwards multicast traffic only to those interfaces in the VLAN that are connected to
interested receivers instead of flooding the traffic to all interfaces.
QUESTION 56
-- Exhibit --
{master:0}[edit]
user@switch# show protocols vstp
vlan 100;
{master:0}[edit]
user@switch# run show spanning-tree bridge
STP bridge parameters
Context ID : 1
Enabled protocol : RSTP
STP bridge parameters for VLAN 100
Root ID : 32868.50:c5:8d:ae:94:80
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
Message age : 0

Number of topology changes : 0
Local parameters
Bridge ID : 32868.50:c5:8d:ae:94:80
Extended system ID : 1
Internal instance ID : 0
{master:0}[edit]
user@switch# run show spanning-tree interface
{master:0}[edit]
user@switch#
-- Exhibit --
Based on the output shown in the exhibit, why is VSTP not working for VLAN 100?
A. No interfaces are assigned to VLAN 100.

B. Your MSTI is misconfigured.
C. RSTP is configured in addition to VSTP.
D. No native VLAN is configured.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 57
-- Exhibit

-- Exhibit --

Referring to the exhibit, what is the correct RPF path toward the multicast source from R6?
A. R6-R5
B. R6-R7-R4-R5
C. R6-R4-R5
D. R6-R4-R3-R2-R5
Correct Answer: A
Section: (none)
Explanation
Explanation:

QUESTION 58
-- Exhibit --
{master:0}[edit]
user@switch# show ethernet-switching-options voip
interface ge-0/0/16.0 {
vlan phones;
{master:0}[edit]
user@switch# show interfaces ge-0/0/16
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members internet;
{master:0}[edit]
user@switch# show vlans
hr {
vlan-id 513;

internet {
vlan-id 15;
phones {
vlan-id 25;
servers {
vlan-id 30;
{master:0}[edit]
description uplink;
unit 0 {
port-mode trunk;
vlan {
members [ hr internet ];
-- Exhibit --

You have recently implemented a Layer 2 network designed to support VoIP. Users have reported that they cannot use their IP phones to make calls.
Based on the switch configuration shown in the exhibit, which command will resolve this issue?
A. set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members phones

B. set interfaces ge-0/0/16 unit 0 family ethernet-switching port-mode trunk
C. set ethernet-switching-options voip interface ge-0/0/23 vlan phones
D. set vlans phones vlan-id 513
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 59
-- Exhibit

-- Exhibit --
Based on the SPF calculation in the exhibit, what is the shortest path to reach R3 from R1?
A. R2-R3
B. R2-R5-R4
C. R3
D. R2-R4
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 60
-- Exhibit --
Mar 16 18:39:15.800390 BGP RECV 172.14.10.2+57785 -> 172.14.10.1+179
Mar 16 18:39:15.800932 BGP RECV message type 1 (Open) length 59
Mar 16 18:39:15.800995 BGP RECV version 4 as 2 holdtime 90 id 192.168.5.1 parmlen 30
Mar 16 18:39:15.801064 BGP RECV MP capability AFI=2, SAFI=1
Mar 16 18:39:15.801112 BGP RECV Refresh capability, code=128
Mar 16 18:39:15.801224 BGP RECV Restart capability, code=64, time=120, flags=
Mar 16 18:39:15.801289 BGP RECV 4 Byte AS-Path capability (65), as_num 2
Mar 16 18:39:15.801705 advertising receiving-speaker only capabilty to neighbor 172.14.10.2 (External AS 2)
Mar 16 18:39:15.801787 bgp_send. sending 59 bytes to 172.14.10.2 (External AS 2)

Mar 16 18:39:15.801845
Mar 16 18:39:15.801845 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785
Mar 16 18:39:15.801933 BGP SEND message type 1 (Open) length 59
Mar 16 18:39:15.801991 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen 30
Mar 16 18:39:15.802054 BGP SEND MP capability AFI=1, SAFI=1
Mar 16 18:39:15.802115 BGP SEND Refresh capability, code=128
Mar 16 18:39:15.802227 BGP SEND Restart capability, code=64, time=120, flags=
Mar 16 18:39:15.802292 BGP SEND 4 Byte AS-Path capability (65), as_num 1
Mar 16 18:39:15.802615 bgp_process_caps: mismatch NLRI with 172.14.10.2 (External AS 2):

peer: <inet6-unicast>(16) us: <inet-unicast>(1)
Mar 16 18:39:15.802763 bgp_process_caps:2561: NOTIFICATION sent to 172.14.10.2 (External AS 2): code 2 (Open Message Error) subcode 7 (unsupported
capability) value 1
Mar 16 18:39:15.802913 bgp_sens: sending 23 bytes to 172.14.10.2 (External AS 2)
Mar 16 18:39:15.802969
Mar 16 18:39:15.802969 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785
Mar 16 18:39:15.803057 BGP SEND message type 3 (Notification) length 23
Mar 16 18:39:15.803113 BGP SEND Notification code 2 (Open Message Error) subcode 7 (unsupported capability)
Mar 16 18:39:15.803179 BGP SEND Data (2 bytes): 00 01
-- Exhibit --

Looking at the traceoptions output in the exhibit, why is the BGP neighbor not in Established state?
A. BGP refresh is not supported.

B. There is a router ID mismatch.
C. IPv6 is not supported on the local peer.
D. The peer AS number is misconfigured.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 61
-- Exhibit

-- Exhibit --
In the exhibit, which statement about the ABR between Area 8 and Area 2 is true?
A. The router has connectivity to all areas.

B. The router has connectivity to Area 8 only.
C. The router has connectivity to Area 2 only.
D. The router has connectivity to all routers in Area 8 and Area 2.
Correct Answer: D
Section: (none)
Explanation

Explanation:
QUESTION 62
-- Exhibit --
user@router> show class-of-service scheduler-map two
Scheduler map: two, Index: 56974

Scheduler: sch-best-effort, Forwarding class: best-effort, Index: 26057
Transmit rate: 1 percent, Rate Limit: exact, Buffer size: remainder,
Buffer Limit: exact, Priority: low
Excess Priority: unspecified
Drop profiles:
Loss priority Protocol Index Name
Low any 1 <default-drop-profile>
Medium low any 1 <default-drop-profile>
Medium high any 1 <default-drop-profile>
High any 1 <default-drop-profile>
Scheduler: sch-expedited-forwarding, Forwarding class:
expedited-forwarding, Index: 10026
Transmit rate: 1 percent, Rate Limit: none, Buffer size: 1 percent,
Buffer Limit: none, Priority: high
Excess Priority: unspecified
Drop profiles:

Loss priority Protocol Index Name
Low any 1 <default-drop-profile>
Medium low any 1 <default-drop-profile>
Medium high any 1 <default-drop-profile>
High any 1 <default-drop-profile>
user@router> show interfaces ge-0/0/1 extensive | find "CoS Information"
CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer
Priority Limit
% bps % usec
0 best-effort 1 10000000 r 0
low exact
1 expedited-forwarding 1 10000000 1 0
high none
Logical interface ge-0/0/1.823 (Index 74) (SNMP ifIndex 506) (Generation
139)
Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.823 ] Encapsulation: ENET2
Traffic statistics:
Input bytes : 1820224529
Output bytes : 6505980

Input packets: 1436371
Output packets: 75905
(... output truncated ...)
user@router> show interfaces ge-0/0/1 extensive | find "Queue Counters"
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 1343970 1343970 7105
1 expedited-fo 53987 53987

2 assured-forw 0 0
3 network-cont 0 0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
Active alarms : None
Active defects : None
(... output truncated ...)
-- Exhibit --
Based on the configuration in the exhibit, why are you seeing drops in the best-effort queue on the SRX Series platform?
A. The drop-profile fill level is set too low.

B. Packets are dropped by a firewall policy.
C. The best-effort queue is being shaped.

D. The scheduler is not being applied correctly.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 63
-- Exhibit --
[edit protocols bgp]
user@router# show
group ext-peer2 {
type external;
peer-as 1;
neighbor 192.168.2.1;
user@router# run show route 192.168.2.1
192.168.2.1/32 *[Static/5] 00:01:56
> to 172.14.10.1 via ge-0/0/1.0
user@router# run show bgp summary
Groups: 1 Peers: 1 Down peers: 1

Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
inet6.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.168.2.1 1 0 0 0 0 14 Idle
-- Exhibit --
Looking at the output in the exhibit, why is the BGP neighbor not in Established state?
A. BGP Refresh is not supported.

B. Multihop is not configured.
C. The peer address is not reachable.
D. Authentication is configured.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 64
-- Exhibit --
user@SwitchA# show protocols dot1x
authenticator {
authentication-profile-name dot1x;
interface {

ge-0/0/0.0 {
supplicant single;
ge-0/0/1.0 {
supplicant single-secure;
ge-0/0/2.0 {
supplicant multiple;
{master:0}[edit]
user@SwitchA# show access
radius-server {
172.27.14.226 {
port 1812;
secret "$9$vqs8xd24Zk.5bs.5QFAtM8X"; ## SECRET-DATA
profile dot1x {
authentication-order radius;

radius {
authentication-server 172.27.14.226;
accounting-server 172.27.14.226;
accounting {
order radius;
immediate-update;
{master:0}[edit]
user@SwitchA#
-- Exhibit --
Referring to the exhibit, which three statements describe correct behavior of Switch A? (Choose three.)
A. Switch A allows complete access to all users connected to port ge-0/0/2 that log in with their correct user credentials.
B. Switch A allows complete access to all users connected to port ge-0/0/0 that log in with their correct user credentials.
C. Switch A allows complete access to the second user that connects to port ge-0/0/1 with its correct credentials only after the first user logs out.
D. Switch A allows complete access to all users connected to port ge-0/0/0 without authentication after the first user has logged in with its correct user credentials.
E. Switch A allows complete access to all users connected to port ge-0/0/1 that securely log in using HTTPS with their correct user credentials.
Correct Answer: ACD

Section: (none)
Explanation
Explanation:

QUESTION 65
-- Exhibit --
Mar 16 17:48:06.145257 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area 0.0.0.1)
Mar 16 17:48:12.404986 ospf_trigger_build_telink_lsas : No peer found
Mar 16 17:48:13.013555 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state QUIET->GEN_PENDING
Mar 16 17:48:13.013661 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.1 lsa-id 192.168.2.1
Mar 16 17:48:13.017494 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state GEN_PENDING->QUIET
Mar 16 17:48:13.017636 OSPF built router LSA, area 0.0.0.1, link count 2
Mar 16 17:48:13.017954 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)
Mar 16 17:48:13.018023 Version 2, length 44, ID 192.168.2.1, area 0.0.0.1
Mar 16 17:48:13.018111 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128
Mar 16 17:48:13.018162 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0
Mar 16 17:48:13.018613 OSPF DR is 192.168.2.1, BDR is 0.0.0.0
Mar 16 17:48:13.432025 OSPF packet ignoreD. area mismatch (0.0.0.0) from 172.14.10.2 on intf ge-0/0/1.0 area 0.0.0.1
Mar 16 17:48:13.432135 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)

Mar 16 17:48:13.432274 checksum 0x8065, authtype 0
Mar 16 17:48:13.432398 dead_ivl 40, DR 172.14.10.2, BDR 0.0.0.0 commit complete
-- Exhibit --
Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?
A. There is an MTU mismatch.

B. There is a network mask mismatch.
C. The routers are in different areas.
D. No BDR has been elected.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 66
A customer is trying to configure a router to peer using EBGP to a neighbor. As shown in the exhibit, two links are being used for this configuration. The goal of this
configuration is to load- balance traffic across both EBGP links.
Which configuration accomplishes this goal?
A. {master:0}[edit]
user@router# show protocols bgp
group External {
multihop;
local-address 192.168.2.1;
peer-as 65532;

neighbor 10.10.2.neighbor 10.20.2.2;
}
{master:0}[edit]
user@router# show routing-options
static {
route 192.168.5.1/32 next-hop 192.168.2.1;
}
autonomous-system 65432;
B. {master:0}[edit]
group External {
multihop;
peer-as 65532;
neighbor 192.168.5.1;
}
{master:0}[edit]
static {
route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ]; }
forwarding-table {
export load-balance;
}
{master:0}[edit]
user@router# show policy-options policy-statement load-balance term balance {
then {
load-balance per-packet;
accept;
}
}
C. {master:0}[edit]
group External {
multi-path;
peer-as 65532;
neighbor 192.168.5.1;
}
{master:0}[edit]

static {
route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ]; }
D. {master:0}[edit]
group External {
multipath;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
{master:0}[edit]
static {
route 192.168.5.1/32 next-hop 192.168.2.1;
}
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 67
-- Exhibit

-- Exhibit --
In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them into
Area 1 using an export policy. You do not want any of the RIP routes to be in the routing table of R
Which two solutions meet this requirement? (Choose two.)
A. On R1, configure an export policy to reject the routes.

B. On R1, configure an import policy to reject the routes.
C. On R1, configure each address as a martian route.
D. On R1, configure the no-nssa-abr option.
Correct Answer: BC
Section: (none)
Explanation
Explanation:
QUESTION 68
-- Exhibit

-- Exhibit --
In the exhibit, a customer wants to configure an EBGP connection to two different routers in a neighboring autonomous system. The goal of this configuration is to
use per-prefix load balancing across both EBGP links.
Which configuration accomplishes this goal?
A. {master:0}[edit]
group External {
multihop;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
B. {master:0}[edit]
group External {
multipath;
peer-as 65532;

neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
C. {master:0}[edit]
group External {
multihop;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
static {
route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];
}
D. {master:0}[edit]
group External {
multihop;
peer-as 65532;
multipath;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
static {
route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];
}
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 69

-- Exhibit
-- Exhibit --
Referring to the exhibit, R4 in AS 100 is sending routes 20.0.0.0/8 and 10.0.0.0/8. R3 sees the routes but R5 does not.
What must be configured on the R3 router for the R5 router to install the routes?
A. Anext-hop self policy

B. As-override toward the R5 router
C. As-loops 2
D. Local-as 100
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 70
-- Exhibit

-- Exhibit --
You are asked to configure an OSPF virtual link that connects remote Area 4 to the backbone.
Referring to the exhibit, what are two requirements for an OSPF virtual link to operate correctly? (Choose two.)
A. A virtual link configuration on the ABR between Areas 0 and 1 must include transit area 1.
B. The interface of the transit area must be of type vt.
C. A virtual link configuration on the ABR between Areas 0 and 1 must be the interface address of the neighbor on the far end.
D. A virtual link configuration on the ABR between Areas 0 and 1 must be the router ID (RID) of the neighbor on the far end.
Correct Answer: AD

Section: (none)
Explanation
Explanation:
QUESTION 71
-- Exhibit
-- Exhibit --
In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them into Area 1 using an export policy. You want to summarize the RIP
routes into Area 0 with the most specific prefix.
Which configuration will accomplish goal?
A. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
area-range 200.1.1.0/29;

interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
}
}
}
B. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
area-range 200.1.1.0/28;
}
}
}
C. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
area-range 200.1.1.0/29;
}
}
}

D. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
area-range 200.1.1.0/28;
interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
}
}
}
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 72
-- Exhibit --
user@router> show bgp summary
inet.0 10 8 0 0 0 0
inet6.0 4 3 0 0 0 0
10.0.3.5 65550 41 52 0 2 17:45 5/5/5/0 0/0/0/0
172.16.0.6 65010 52 42 0 2 31 Establ

inet.0: 3/5/5/0
inet6.0: 3/4/4/0
2001:ffff::3:5 65550 43 44 0 4 17:53 Establ
inet6.0: 0/0/0/0
user@router>
-- Exhibit --
Examine the output of the show bgp summary command shown in the exhibit.
From which BGP peer is the router receiving IPv6 routes?
A. 10.0.3.5
B. 172.16.0.6
C. 2001:ffff::3:5
D. 2001:ffff:3:5
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 73
-- Exhibit --
user@SwitchA> show dot1x interface detail ge-0/0/2.0
ge-0/0/2.0
Role: Authenticator
Administrative state: Auto

Supplicant mode: Multiple
Number of retries: 3
Quiet period. 60 seconds
Transmit period. 30 seconds
Mac Radius: Enabled
Mac Radius Restrict: Enabled
Reauthentication: Enabled
Configured Reauthentication interval: 3600 seconds
Supplicant timeout: 30 seconds
Server timeout: 30 seconds
Maximum EAPOL requests: 2
Guest VLAN member: <not configured>
Number of connected supplicants: 2
user@SwitchA>
-- Exhibit --
Host 1, Host 2, and Host 3 are connected to Switch A on interface ge-0/0/2. Host 1 and Host 2 do not support 802.1X. They can authenticate and connect to the
Internet. Host 3 was added and it supports 802.1X; however, it is unable to authenticate.
Referring to the exhibit, how do you allow Host 3 to authenticate to the network but maintain secure access?
A. Enable fallback authentication for 802.1X.

B. Disable MAC RADIUS Restrict option on ge-0/0/2.
C. Disable MAC RADIUS option on ge-0/0/2.

D. Enable Administrative mode for 802.1X.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 74
-- Exhibit --
user@RP> show pim join extensive
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Group: 224.1.1.1
Source: *
RP: 192.168.1.1
Flags: sparse,rptree,wildcard
Upstream interface: Local
Upstream neighbor: Local
Upstream state: Local RP
Interface: so-0/0/0.0
10.0.1.2 State: Join Flags: SRW Timeout: 176
Group: 224.1.1.1
Source: 10.0.5.2
Flags: sparse,spt

Upstream interface: unknown (no nexthop)
Upstream neighbor: unknown
Upstream state: Local RP
Interface: so-0/0/0.0
10.0.1.2 State: Join Flags: S Timeout: 176
Instance: PIM.master Family: INET6
-- Exhibit --
The CLI output shown in the exhibit was taken from the RP in a PIM-SM network.
Which statement explains the output shown in the exhibit?
A. No tunnel PIC is installed on the RP router.

B. 192.168.1.1 is not a local IP address on the RP router.
C. Multicast traffic is arriving on the so-0/0/0.0 interface.
D. The router does not have a unicast route to 10.0.5.2.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 75

--
OSPF database, Area 0.0.0.0
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *10.0.3.4 10.0.3.4 0x8000000d 30 0x22 0x8d11 132
bits 0x0, link count 9
id 10.1.1.0, data 255.255.255.0, Type Stub (3)
Topology count: 0, Default metric. 1
id 10.0.4.8, data 255.255.255.252, Type Stub (3)
id 10.0.2.10, data 10.0.2.10, Type Transit (2)
id 172.16.0.6, data 172.16.0.5, Type Transit (2)
id 10.0.3.4, data 255.255.255.255, Type Stub (3)
id 10.0.9.7, data 10.0.2.18, Type PointToPoint (1)
id 10.0.2.16, data 255.255.255.252, Type Stub (3)
id 10.0.3.3, data 10.0.2.6, Type PointToPoint (1)

id 10.0.2.4, data 255.255.255.252, Type Stub (3)
Topology default (ID 0)
Type: PointToPoint, Node ID. 10.0.3.3
MetriC. 2, Bidirectional
Type: PointToPoint, Node ID. 10.0.9.7
Type: Transit, Node ID. 172.16.0.6
Type: Transit, Node ID. 10.0.2.10
-- Exhibit --
The exhibit shows the output of an OSPF router LSA.
Which interface ID represents the router's loopback address?
A. ID 10.1.1.0
B. ID 10.0.3.4
C. ID 10.0.3.3
D. ID 10.0.2.4
Correct Answer: B
Section: (none)
Explanation

Explanation:
QUESTION 76
-- Exhibit --
{master:0}[edit]
user@router# show class-of-service
classifiers {
inet-precedence normal-traffic {
forwarding-class best-effort {
loss-priority low code-points [ my1 my2 ];
code-point-aliases {
inet-precedence {
my1 000;
my2 001;
cs1 010;
cs2 011;
cs3 100;
cs4 101;
cs5 111;
cs6 111;

}
-- Exhibit --
In the exhibit, you see a configuration for CoS. Incoming traffic with specific IP precedence bits should be mapped to a forwarding class named best-effort. A
classifier named normal-traffic is defined.
What must you add to complete this configuration?
A. Include the option q-pic-large-buffer under the chassis hierarchy to accommodate the new code points.
B. Apply classifier normal traffic to the interface hierarchy under the class-of-service stanza.
C. Configure a rewrite marker on the ingress Gigabit Ethernet interface.
D. Add code point values for the expedited-forwarding forwarding class as well as the best-effort forwarding class.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 77
-- Exhibit --
user@router> show configuration routing-options autonomous-system
65550;
user@router> show configuration protocols bgp
group ibgp {
type internal;
neighbor 10.0.3.5;

}
group ibgpv6 {
type internal;
local-address 2001:ffff::3:4;
neighbor 2001:ffff::3:5;
group as65010 {
family inet {
unicast;
family inet6 {
unicast;
export as65010-out;
peer-as 65010;
neighbor 172.16.0.6;
user@router> show configuration policy-options
policy-statement as65010-out {
term locally-originated {
from as-path local-only;

then {
metric 7000;
term from-as65222 {
from as-path as65222-orig;
then as-path-prepend "65550 65550 65550 65550";
term transit-as701 {
from as-path transit-as701;
then {
metric 6;
then accept;
as-path local-only "(.*)";
as-path as65222-orig ".* 65222";
as-path transit-as701 ".* 701 .*";
user@router> show route advertising-protocol bgp 172.16.0.6

Prefix Nexthop MED Lclpref AS path
* 10.0.2.0/30 Self 7000 I
* 10.0.2.4/30 Self 7000 I
* 10.0.2.8/30 Self 7000 I
* 10.0.2.16/30 Self 7000 I
* 10.0.3.3/32 Self 7000 I
* 10.0.3.4/32 Self 7000 I
* 10.0.3.5/32 Self 7000 I
* 10.0.4.8/30 Self 7000 I
* 10.0.8.8/30 Self 7000 I
* 10.0.9.9/32 Self 7000 I
* 10.255.255.1/32 Self 7000 I
* 64.142.88.0/24 Self 7000 I
* 130.130.0.0/16 Self 6 65222 46375 701 14203 I
* 131.131.131.0/24 Self 6 65222 46375 701 14203 I
* 132.132.0.0/25 Self 6 65222 46375 701 32934 I
* 133.133.0.0/25 Self 6 65222 46375 701 32934 I
* 134.134.0.0/25 Self 65222 46375 14203 I
* 135.135.0.0/25 Self 65222 46375 14203 14203 I
* 172.16.0.4/30 Self 7000 I

* 172.16.0.12/30 Self 7000 I
* 172.16.200.0/30 172.16.0.6 7000 I
* 192.0.2.0/24 172.16.0.6 7000 I
* 192.168.50.0/24 Self 7000 I
* 192.168.253.0/24 Self 7000 I
* 200.200.0.0/16 172.16.0.6 7000 I
* 200.200.0.1/32 172.16.0.6 7000 I
* 200.200.1.1/32 172.16.0.6 7000 I
* 200.200.200.200/32 172.16.0.6 7000 I
inet6.0: 23 destinations, 28 routes (23 active, 0 holddown, 0 hidden)
* ::172.16.0.4/126 Self 7000 I
* 2001:1:1::/64 Self 7000 I
* 2001:1:2::/64 Self 7000 I
* 2001:ffff::3:3/128 Self 7000 I
* 2001:ffff::3:4/128 Self 7000 I
* 2001:ffff::3:5/128 Self 7000 I
* 2001:ffff::9:7/128 Self 7000 I
user@router>
-- Exhibit --

You are configuring an EBGP peer in a transit environment. You must advertise routes learned from other EBGP peers in your AS. Any routes originated from
within your AS should have a MED of 7000 set. Any routes that originate in AS65222 should be prepended four times. Any routes that transit AS701 should have a
MED set to 6. This scenario results in the unintended advertisement of internal 10.0.0.0/8 networks to your peer.
What caused the accidental advertisement of internal networks to your EBGP peer?
A. Your AS number of 65550 is a private AS number.

B. The BGP group as65010 is configured for both family inet unicast and family inet6 unicast protocol families.
C. The export policy as65010-out is misconfigured.
D. The as-path local-only includes a misconfigured regular expression.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 78
-- Exhibit --
[edit]
user@router# run show ospf database external lsa-id 71.23.48.0 extensive
OSPF AS SCOPE link state database
Extern 71.23.48.0 67.176.255.5 0x80000001 114 0x22 0x171b 36
mask 255.255.248.0
Type: 2, MetriC. 0, Fwd addr: 0.0.0.0, Tag: 0.0.0.0
Aging timer 00:58:06
Installed 00:01:53 ago, expires in 00:58:06, sent 00:01:53 ago

Last changed 00:01:53 ago, Change count: 1
Extern 71.23.48.0 67.176.255.7 0x8000005a 487 0x22 0x587e 36
mask 255.255.248.0
Last changed 2d 19:33:58 ago, Change count: 1
Extern 71.23.48.0 67.176.255.8 0x8000005c 540 0x22 0xf73e 36
mask 255.255.248.0
Last changed 00:08:59 ago, Change count: 3
-- Exhibit --
As shown in the exhibit, a router is receiving three external LSAs for the prefix 71.23.48.0.
Which path is preferred?
A. The path through 67.176.255.5 is preferred.

B. The path through 67.176.255.7 is preferred.
C. The path through 67.176.255.8 is preferred.

D. The paths through 67.176.255.7 and 67.176.255.8 become active to allow load-balancing.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 79
-- Exhibit

-- Exhibit --
In the exhibit, the 10.100/16 prefix is introduced at autonomous system 1 (AS1) and propagated through to AS3. Router A in AS3 receives two different paths to
these prefixes, one through AS2 and the other through AS4. No BGP attributes have been altered.
Which path would router A prefer for the 10.100/16 prefix?
A. The route with the lowest interface address for the EBGP peering session
B. The route with the lowest local preference
C. The route to the EBGP peer that has the lowest RID
D. The route from the EBGP peer that arrived first
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 80
-- Exhibit --
[edit]
user@R1# show routing-options router-id
router-id 1.1.1.1;
[edit]
user@R1# show protocols ospf
area 0.0.0.0 {

[edit]
router-id 2.2.2.2;
[edit]
area 0.0.0.0 {
priority 200;
[edit]
router-id 222.255.255.255;
[edit]
area 0.0.0.0 {
[edit]

router-id 239.255.255.255;
[edit]
area 0.0.0.0 {
priority 0;
-- Exhibit --
All four routers in the exhibit are in the same broadcast domain. The routers were powered on at the same time.
Based on the configurations, which devices are the DR and the BDR?
A. R4 is the DR and R2 is the BDR.

B. R2 is the DR and R3 is the BDR.
C. R2 is the DR and R1 is the BDR.
D. R3 is the DR and R2 is the BDR.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 81
-- Exhibit --

user@router> show interfaces ge-0/0/0 extensive | find "Queue counters"
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 35244 35244 0
1 expedited-fo 258963 59852 199111
2 assured-forw 0 0 0
3 network-cont 1625847 1625847 0
...
-- Exhibit --
You recently deployed an SRX Series Gateway in your network. It uses the default class of service configuration.
Based on the output in the exhibit, what reason explains the packet drops in Queue 1?
A. Interface ge-0/0/0 should be used only for management network operations.

B. Queue 0 has higher priority than Queue 1.
C. A policer is reclassifying all traffic into Queue 1.
D. No bandwidth reservation exists on Queue 1.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 82
-- Exhibit --
Mar 16 19:12:58.291474 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
Mar 16 19:12:58.291624 BGP RECV message type 1 (Open) length 59

Mar 16 19:12:58.291688 BGP RECV version 4 as 2 holdtime 90 id 192.168.2.1 parmlen 30
Mar 16 19:12:58.291752 BGP RECV MP capability AFI=1, SAFI=1
Mar 16 19:12:58.291915 BGP RECV Restart capability, code=64, time=120, flags=
Mar 16 19:12:58.291969 BGP RECV 4 Byte AS-Path capability (65), as_num 2
Mar 16 19:12:58.292385 advertising receiving-speaker only capabilty to neighbor 172.14.10.2 (External AS 2)
Mar 16 19:12:58.292522
Mar 16 19:12:58.292522 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:12:58.292601 BGP SEND message type 1 (Open) length 59
Mar 16 19:12:58.293053 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen 30
Mar 16 19:12:58.293124 BGP SEND MP capability AFI=1, SAFI=1
Mar 16 19:12:58.293284 BGP SEND Restart capability, code=64, time=120, flags=
Mar 16 19:12:58.293336 BGP SEND 4 Byte AS-Path capability (65), as_num 1
Mar 16 19:12:58.293573
Mar 16 19:12:58.293573 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:12:58.293665 BGP SEND message type 4 (KeepAlive) length 19

Mar 16 19:12:58.296781
Mar 16 19:12:58.296781 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
Mar 16 19:12:58.296897 BGP RECV message type 4 (KeepAlive) length 19
Mar 16 19:12:58.297528
Mar 16 19:12:58.297528 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:12:58.298185
Mar 16 19:12:58.298185 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:12:58.298273 BGP SEND message type 2 (Update) length 23
Mar 16 19:12:58.298322 BGP SEND End of RIB. AFI 1 SAFI 1
Mar 16 19:12:58.301834
Mar 16 19:12:58.301834 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
Mar 16 19:12:58.302034 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received 19 octets 0 updates 0 routes
Mar 16 19:12:58.304594
Mar 16 19:12:58.304594 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
Mar 16 19:12:58.304702 BGP RECV message type 2 (Update) length 23
Mar 16 19:12:58.304765 BGP RECV End of RIB. AFI 1 SAFI 1
Mar 16 19:12:58.304848 bgp_read_v4_message: done with 172.14.10.2 (External AS 2) received 23 octets 1 update 0 routes

Mar 16 19:13:22.968586
Mar 16 19:13:22.968586 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:13:26.901339
Mar 16 19:13:26.901339 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
Mar 16 19:13:51.348180
Mar 16 19:13:51.348180 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230
Mar 16 19:13:53.844160
Mar 16 19:13:53.844160 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179
-- Exhibit --
Looking at the traceoptions output, what is the current keepalive timer set for in BGP?
A. 1 second
B. 10 seconds
C. 30 seconds

D. 90 seconds
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 83
-- Exhibit
-- Exhibit --
As shown in the exhibit, a legacy IP phone is attached to Switch-1. The phone does not support LLDP-MED, but does allow configuration using DHCP. Existing
network CoS policies dictate that VoIP traffic must use VLAN 10.
Which two actions put VoIP traffic onto VLAN 10? (Choose two.)
A. Configure protocols cdp on Switch-1.

B. Manually configure the voice VLAN on the IP phone.
C. Configure vlan 1 under forwarding-options bootp.
D. Configure interface ge-0/0/5 under forwarding-options bootp.
Correct Answer: BD

Section: (none)
Explanation
Explanation:
QUESTION 84
-- Exhibit
-- Exhibit
Which statement about the non-ABR router in Area 2 in the exhibit is true?

A. The router has connectivity to all areas.
B. The router has connectivity to Area 2 only.
C. The router has connectivity to Area 2 and Area 0.
D. The router has connectivity to Area 2 and Area 8.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 85
-- Exhibit
-- Exhibit --
Referring to the exhibit, you want to configure Switch-1 to allow a user on interface ge-0/0/10 to accommodate both voice and data traffic. Your phones and your
switches are LLDP-MED capable.
What is the minimal configuration that allows LLDP-MED to autoconfigure your phone's voice VLAN?
A. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan
Exam. Any
set interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set
protocols lldp-med interface ge-0/0/10.0

B. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan set
interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set
protocols lldp interface ge-0/0/10.0
C. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set
ethernet-switching-options voip interface ge-0/0/10.0 forwarding-class assured-forwarding set protocols lldp-med interface ge-0/0/10.0
D. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set
ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp-med interface ge-0/0/10.0
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 86
-- Exhibit
-- Exhibit --
Click the Exhibit button

Site A is sending voice traffic marked with DSCP code EF. SRX A has the default CoS classifier.

Into which forwarding class is SRX A classifying traffic?
A. best-effort
B. expedited-forwarding
C. network-control
D. assured-forwarding
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 87
-- Exhibit
-- Exhibit --
In the exhibit, the routers in the network have a default PIM sparse mode configuration. R2 shows that R1 is the RPF next hop for the source, and R3 is the RPF
next hop for the RP. Host1 is currently receiving multicast traffic for group 231.1.1.1. Host2 has come online and is attempting to join group 232.1.1.1. R2 has just
received an IGMP message with the source and group addresses.
Which step happens next so that Host2 can join the multicast group?

A. R2 sends a PIM join upstream towards R3 to join the shared tree.
B. R2 sends a PIM join upstream towards R3 to join the source tree.
C. R2 sends a PIM join upstream towards R1 to join the shared tree.
D. R2 sends a PIM join upstream towards R1 to join the source tree.
Correct Answer: D
Section: (none)
Explanation
Explanation:
http://network-technologies.metaswitch.com/multicast//what-is-pim.aspx
PIM Sparse Mode (PIM-SM) is a multicast routing protocol designed on the assumption that recipients for any particular multicast group will be sparsely
distributed throughout the network. In other words, it is assumed that most subnets in the network will not want any given multicast packet. In order to receive
multicast data, routers must explicitly tell their upstream neighbors about their interest in particular groups and sources. Routers use PIM Join and Prune messages
to join and leave multicast distribution trees.
QUESTION 88
-- Exhibit
-- Exhibit --

In the exhibit, the provider bridges are using Q-in-Q tunneling to tunnel VLAN 100 traffic over VLAN 200.
What is the correct VLAN configuration for Q-in-Q tunneling on Provider Bridge A?
A. interfaces {
ge-0/0/0 {
unit 0 {
port-mode access;
}
}
}
ge-0/0/10 {
unit 0 {
port-mode trunk;
vlan {
members test;
}
}
}
}
}
vlans {
test {
vlan-id 200;
interface {
ge-0/0/0.0;
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
B. interfaces {
ge-0/0/0 {
unit 0 {
port-mode trunk;
vlan {
members test;
}

}
}
}
ge-0/0/10 {
unit 0 {
port-mode access;
}
}
}
}
vlans {
test {
vlan-id 200;
interface {
ge-0/0/0.0;
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
C. interfaces {
ge-0/0/0 {
unit 0 {
port-mode trunk;
vlan {
members test;
}
}
}
}
ge-0/0/10 {
unit 0 {
port-mode access;
}
}
}
}
vlans {

test {
vlan-id 200;
interface {
ge-0/0/10.0;
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
D. interfaces {
ge-0/0/0 {
unit 0 {
port-mode access;
}
}
}
ge-0/0/10 {
unit 0 {
port-mode trunk;
vlan {
members test;
}
}
}
}
}
vlans {
test {
vlan-id 100;
interface {
ge-0/0/0.0;
}
dot1q-tunneling {
customer-vlans 200;
}
}
}
Correct Answer: A

Section: (none)
Explanation
Explanation:
QUESTION 89
-- Exhibit
-- Exhibit --
In the topology shown in the exhibit, which two BGP attributes can AS1 manipulate to influence the path that AS4 takes to reach prefixes originated by AS1?
(Choose two.)
A. Local Preference
B. AS Path
C. Origin
D. MED
Correct Answer: BC
Section: (none)
Explanation

Explanation:
QUESTION 90
-- Exhibit
-- Exhibit --
Traffic flows through your network, as shown in the exhibit. You have configured a rewrite rule on R1 to mark HTTP traffic with a specific DSCP value.
What must you do to ensure that the HTTP traffic preserves its DSCP value as it leaves your CoS domain?
A. Use behavior aggregate classifiers mapping the HTTP traffic to the specific DSCP value on R1 and R2.
B. Use rewrite rules mapping the HTTP traffic to the specific DSCP value on R2 and R3.
C. Use a rewrite rule mapping the HTTP traffic to the specific DSCP value on R3.
D. Use the default settings already in place on the device.
Correct Answer: D
Section: (none)
Explanation

Explanation:
QUESTION 91
-- Exhibit
-- Exhibit --
In the exhibit, Switch A is an EX4200. VLAN10 is receiving tagged as well as untagged traffic from different ports. The administrator wants to mirror all tagged and
untagged traffic entering VLAN10 to analyzer port ge-0/0/10. All VLAN tags must be preserved for traffic that is mirrored to the analyzer port.
Which configuration will achieve this?
A. set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface xe-1/0/0.0

set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface ge-0/0/2
set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0
B. set ethernet-switching-options analyzer vlan10_analyzer input interface xe-1/0/0.0
set ethernet-switching-options analyzer vlan10_analyzer input interface ge-0/0/2
C. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10
set vlans default interface ge-0/0/10.0
D. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10

set vlans VLAN10 interface ge-0/0/10.0
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 92
-- Exhibit --
Mar 16 17:18:28.751729 ospf_set_lsdb_state: Network LSA 172.14.10.1 adv-rtr 192.168.2.1 state QUIET->GEN_PENDING
Mar 16 17:18:28.751801 OSPF trigger network LSA build for interface ge-0/0/1.0 area 0.0.0.0
-- Exhibit --


B. There is a network mask mismatch.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 93
-- Exhibit

-- Exhibit --
As shown in the exhibit, the 10.10/16 prefix is redistributed into OSPF through R2 and R5. R2 is advertising the prefix with a Type 1 metric of 100 and R5 is
advertising the prefix with a Type 2 metric of 10.
What is the preferred path to reach 10.10/16 from R6?
A. R6-R5
B. R6-R4-R5
C. R6-R4-R5-R2
D. R6-R4-R3-R2
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 94
-- Exhibit

-- Exhibit --

Based on the exhibit, which statement about the Layer 2 topology is true?
A. A port on switch 3 or switch 4 towards the CST root (switch 6) is blocking traffic.
B. A total of 64 MST instances for MST region A and region B can be configured.
C. MSTI BPDUs are exchanged between MST regions and the CST root bridge.
D. IST BPDUs are exchanged only between switches 1 and 2, and between switches 6 and 7.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 95
-- Exhibit --
{master:0}[edit]
user@router# run show ospf interface vl-10.20.10.2 extensive
Interface State Area DR ID BDR ID Nbrs
vl-10.20.10.2 Down 0.0.0.0 0.0.0.0 0.0.0.0 0
Type: Virtual, Address: 0.0.0.0, Mask: 0.0.0.0, MTU: 0, Cost: 1
Transit AreA. 0.0.0.1
Adj count: 0
Hello: 10, Dead. 40, ReXmit: 5, Not Stub
Auth type: None
Protection type: None, No eligible backup
Topology default (ID 0) -> Down, Cost: 0

-- Exhibit --
Your company is integrating another OSPF area into your existing OSPF infrastructure. You created a virtual link that spans Area 2 and connects Area 3 to the
backbone area.
Based on the exhibit, what is preventing the adjacency?
A. The interface configured for the virtual link is incorrect. It should be a vt and not a vl interface.
B. No designated router (DR) has been elected.
C. The backup route to Area 2 has not been configured.
D. The wrong transit area is configured.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 96
-- Exhibit
-- Exhibit --
In the exhibit, an EBGP session is currently established between R1 and R2. R2 changes its import policy to accept 10 of the routes it previously denied from R1.
Which BGP capability must be negotiated on the BGP session for R2 to install the routes accepted by the new policy?
A. route refresh

B. AddPath
C. outbound route filtering (ORF)
D. multiprotocol BGP (MBGP)
Correct Answer: A
Section: (none)
Explanation
Explanation:
Route-Refresh Capabilities Overview
NSM supports BGP route-refresh. This feature provides a soft reset mechanism that allows the dynamic exchange of route refresh requests and routing
information between BGP peers and the subsequent re-advertisement of the outbound or inbound routing table.
Routing policies for a BGP peer using route-maps might impact inbound or outbound routing table updates because whenever a route policy change occurs, the
new policy takes effect only after the BGP session is reset. A BGP session can be cleared through a hard or soft reset.
A soft reset allows the application of a new or changed policy without clearing an active BGP session. The route-refresh feature allows a soft reset to occur on a
per-neighbor basis and does not require preconfiguration or extra memory.
A dynamic inbound soft reset generates inbound updates from a neighbor. An outbound soft reset sends a new set of updates to a neighbor. Outbound resets do
not require preconfiguration or routing table update storage.
The route-refresh feature requires that both BGP peers advertise route-refresh feature support in the OPEN message. If the route-refresh method is successfully
negotiated, either BGP peer can use the route-refresh feature to request full routing information from the other end.
QUESTION 97
-- Exhibit --
user@router> show bgp summary
inet.0 0 0 0 0 0 0
inet6.0 1 0 0 0 0 0
2001:ffff::3:3 65550 43 43 0 0 18:20 Establ

inet6.0: 0/1/1/0
2001:ffff::3:4 65550 42 43 0 0 18:16 Establ
inet6.0: 0/0/0/0
2001:ffff::9:7 65550 42 43 0 0 18:00 Establ
inet6.0: 0/0/0/0
user@router> show route receive-protocol bgp 2001:ffff::3:3
__juniper_private1__.inet.0: 4 destinations, 4 routes (2 active, 0 holddown, 2 hidden)
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
mpls.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
2001:1:2::/64 2001:ffff::3:3 100 I
user@router> show route 2001:1:2::
2001:1:2::/64 *[OSPF3/10] 01:54:11, metric 201
> to fe80::217:cb03:2448:bd00 via fe-0/0/1.804
[BGP/170] 00:18:43, localpref 100, from 2001:ffff::3:3
AS path: I
> to fe80::217:cb03:2448:bd00 via fe-0/0/1.804

user@router> show route advertising-protocol bgp 2001:ffff::9:7
user@router> show configuration protocols bgp
group ibgpv6 {
type internal;
local-address 2001:ffff::3:5;
cluster 10.0.3.4;
user@router>
-- Exhibit --
You are using an IBGP route reflector within your network. Your route reflector has received the 2001:1:2::/64 prefix, but it is not advertising the prefix to its cluster
members. After examining the route reflector, you notice the output shown in the exhibit.
Which configuration statement causes the route reflector to transmit the route to its IBGP peers?
A. set protocols bgp group ibgpv6 advertise-inactive

B. set protocols bgp group ibgpv6 accept-remote-nexthop
C. set protocols bgp group ibgpv6 multipath
D. set protocols bgp group ibgpv6 include-mp-next-hop
Correct Answer: A
Section: (none)
Explanation

Explanation:
QUESTION 98
-- Exhibit --
{master:0}[edit]
user@router# show class-of-service
classifiers {
inet-precedence normal-traffic {
forwarding-class best-effort {
loss-priority low code-points [ my1 my2 ];
code-point-aliases {
inet-precedence {
my1 000;
my2 001;
scheduler-maps {
one {
forwarding-class expedited-forwarding scheduler special;
forwarding-class best-effort scheduler normal;

}
"Pass Any Exam. Any Time." - www.actualtests.com 90

Juniper JN0-643 Exam
}
schedulers {
special {
transmit-rate percent 30;
priority strict-high;
normal {
transmit-rate percent 70;
priority low;
-- Exhibit --
The configuration in the exhibit shows incoming traffic with specific IP precedence bits that should be mapped to a forwarding class named best-effort.
What must you add to complete this configuration?
A. defined behaviors to the interfaces stanza in the class-of-service section

B. rewrite-rules for the best-effort forwarding class
C. a WRED drop-profile for the best-effort scheduler
D. a firewall filter that matches and discards the original code point values
Correct Answer: A

Section: (none)
Explanation
Explanation:
QUESTION 99
-- Exhibit
-- Exhibit --
Based on the exhibit, why is R2 marking the routes coming from AS 200 as hidden?
A. R3 has an import policy filtering all routes.

B. R4 is not configured with a next-hop self policy.
C. R2 does not have a route to the peer ID of R4.
D. AS 200 is configured with the advertise-inactive option.
Correct Answer: C
Section: (none)
Explanation

Explanation:
QUESTION 100
-- Exhibit --
user@router> show configuration routing-options
rib-groups {
foo {
import-rib [ inet.8 inet.2 inet.0 ];
user@router> show configuration protocols pim
rib-group inet foo;
interface all;
-- Exhibit --
Based on the configuration in the exhibit, which routing table is used for IPv4 multicast RPF checks?
A. inet.0
B. inet.2
C. foo.inet.0
D. inet.8
Correct Answer: D
Section: (none)
Explanation
Explanation:

QUESTION 101
-- Exhibit --
Mar 16 17:54:51.930726 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area 0.0.0.0)
Mar 16 17:54:56.152721 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state QUIET->GEN_PENDING
Mar 16 17:54:56.157854 ospf_set_lsdb_state: Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state GEN_PENDING->QUIET
Mar 16 17:54:56.157971 OSPF built router LSA, area 0.0.0.0, link count 2

-- Exhibit --

B. There are duplicate router IDs.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 102
-- Exhibit
-- Exhibit --

Referring to the exhibit and based on the output below from Sw-1 and Sw-2, which statement is true?
Sw-1> show spanning-tree mstp configuration
MSTP information
Context identifier : 0
Region name : juniper
Revision : 1
Configuration digest : 0x9357ebb7a8d74dd5fef4f2bab50531aa
MSTI Member VLANs
0 0-9,11-19,21-4094
1 10
2 20
Sw-2# run show spanning-tree mstp configuration
MSTP information
Region name : juniper
Revision : 1
Configuration digest : 0x387b5f2ea2394b14e091f0921ee7b9a8
MSTI Member VLANs
0 0-9,11-14,16-19,21-4094
1 10,15

2 20
A. There will be only one MSTI 2 root bridge.

B. There will be only one CST root bridge.
C. Sw-1 and Sw-2 are in different MSTP regions.
D. There will be only one CIST root bridge.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 103
-- Exhibit --
Interface State Area DR ID BDR ID Nbrs
em2.0 DR 0.0.0.2 10.94.164.116 10.1.1.1 1
Type: LAN, Address: 11.1.1.2, Mask: 255.255.255.252, MTU: 1500, Cost: 1
DR addr: 11.1.1.2, BDR addr: 11.1.1.1, Priority: 128
Adj count: 1
Hello: 10, DeaD. 40, ReXmit: 5, Stub
Auth type: None
Protection type: None
Topology default (ID 0) -> Cost: 1
-- Exhibit --
Referring to the exhibit, which statement is true?

A. The OSPF cost of the interface is 128.
B. The authentication type of the area is MD5.
C. This interface is part of a stub area.
D. This router is the BDR.
Correct Answer: C
Section: (none)
Explanation
Explanation:
New Questions
QUESTION 104
Which statement is true about the IPv6 network shown in the exhibit?
A. OSPFv2 must be configured to route IPv4 prefixes.

B. Areas 1 and 2 cannot be a stub or NSSA.
C. OSPFv3 can use MD5 authentication.
D. OSPFv3 can route IPv4 prefixes.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 105

Referring to the exhibit, what is the shortest path from R6 to R5?
A. R6, R4, R2, R1, R3, R5

B. R6, R4, R2, R3, R5
C. R6, R4, R5
D. R6, R5
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 106
Which statement is true regarding OSPF multi-area adjacencies?
A. A type 3 (stub) link is advertised for a multi-area adjacency.

B. Configuring a multi-area adjacency allows the corresponding link to be considered an interarea link, so it will be less preferred over an intra-area link.
C. One logical interface will be a primary link, and the other configured as a secondary link; the secondary link will be established as an unnumbered point-to-point
interface.
D. A DR and a BDR will be elected over the secondary interface, because it is not point-to-point.

Correct Answer: C
Section: (none)
Explanation
Explanation:
Support for OSPFv3 was introduced in Junos OS Release 9.4. As defined in RFC 5185, OSPF Multi-Area Adjacency, the ABRs
establish multiple adjacencies belonging to different areas over the same logical interface. Each multiarea adjacency is announced as
a point-to-point unnumbered link in the configured area by the routers connected to the link. For each area, one of the logical interfaces
is treated as primary, and the remaining interfaces that are configured for the area are designated as secondary.
QUESTION 107
??????
Referring to the exhibit, which two statements are correct? (Choose two.)
A. Traffic destined for R2 will be blackholed.

B. Transit traffic will follow the R1-R2-R4 path.
C. Traffic destined for R2 will reach R2.
D. Transit traffic will follow the R1-R3-R4 path.
Correct Answer: CD
Section: (none)
Explanation
Explanation:
QUESTION 108
Which statement is true about using an OSPF import policy?
A. Import policies are not allowed in OSPF, applying the policy will do nothing.
B. Applying an import policy to OSPF may block normal LSA flooding.
C. Import policies are allowed only for external route types.

D. Applying this policy will cause a commit failure.
Correct Answer: C
Section: (none)
Explanation
Explanation:
OSPF import policy allows you to prevent external routes from being added to the routing tables of OSPF neighbors. The import policy
does not impact the OSPF database. This means that the import policy has no impact on the link-state advertisements. The filtering is
done only on external routes in OSPF. The intra-area and interarea routes are not considered for filtering. The default action is to
accept the route when the route does not match the policy.
QUESTION 109
Which statement is true regarding the SPF algorithm?
A. The SPF algorithm is run on a per-domain basis.

B. If you apply an import policy to OSPF, it keeps LSAs from being flooded, and the SPF calculation can be affected.
C. There are two databases used in the calculation, the link-state database and the tree database.
D. The SPF calculation is run on a per-area basis on each router.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 110

Referring to the exhibit, which answer is correct?
A. R2 is the DR and R1 is the BDR.

B. R4 is the DR and R2 is the BDR.
C. R2 is the DR and R3 is the BDR.
D. R3 is the DR and R2 is the BDR.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 111

user@router> show ospf database network extensive
OSPF link state database, area 0.0.0.1
Network 10.222.1.1 192.168.20.1 0x80000002 813 0x2 0x 32
mask 255.255.255.0
attached router 192.168.20.1
attached router 192.168.40.1
Installed 00:13:32 ago, expires in 00:46:27, sent 1w5d 01:07:09 ago
Referring to the exhibit, which statement is true regarding the OSPF network LSA?
A. The ID field value shows the router ID of the advertising router.

B. The ID field is the local interface IP address from which the LSA will be advertised.
C. The options field indicates this is a Type 2 LSA.
D. The output shows that 192.168.20.1 is the designated router.
Correct Answer: D
Section: (none)
Explanation
Explanation:

QUESTION 112
user@router> show log ospf
Sep 19 00:22:13. 420315 OSPF packet ignored: MTU mismatch from 11.0.0.2 on intf ge-0/0/2.0 area 0.0.0.0
Sep 19 00:22:14. 475671 OSPF periodic xmit from 14.0.0.1 to 224.0.0.5 (IFL 75 area 0.0.0.0)
Sep 19 00:22:14. 857304 OSPF packet ignored: no matching interface from 12.0.0.1, IFL 85
Sep 19 00:22:17. 386726 OSPF packet ignored: MTU mismatch from 11.0.0.2 on intf ge-0/0/2. 0 area 0.0.0.0

Sep 19 00:22:20. 855690 OSPF packet ignored: subnet mismatch from 10.0.0.2 on intf ge-0/0/1.0 area 0.0.0.0
Sep 19 00:22:20. 856108 OSPF rcvd Hello 10.0.0.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 75 area 0.0.0.0)
Sep 19 00:22:20. 856177 Version 2, length 44, ID 10.0.0.2, area 0.0.0.0
Sep 19 00:22:20. 856229 checksum 0x0, authtype 0
Sep 19 00:22:20. 856299 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128
Sep 19 00:22:20. 856352 dead_ivl 40, DR 0.0.0.0, BDR 0.0.0.0
Sep 19 00:22:22. 013285 OSPF packet ignored: area mismatch (0.0.0.1) from 12.0.0.2 on intf ge- 0/0/4.0 area 0.0.0.0
Sep 19 00:22:22. 013890 checksum 0xd51e, authtype 0
Sep 19 00:22:22. 434956 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0) absorbed
Sep 19 00:22:29. 950015 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0) absorbed

Sep 19 00:22:30. 713279 OSPF packet ignored: subnet mismatch from 10.0.0.2 on intf ge-0/0/1.0 area 0.0.0.0
Sep 19 00:22:30. 713553 checksum 0x0, authtype 0
Referring to the exhibit, what is preventing the OSPF adjacency on interface ge-0/0/4 from forming?
A. area mismatch
B. subnet mismatch
C. MTU mismatch
D. authentication mismatch
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 113
Referring to the exhibit, you are asked to prevent the 184.16.1.0/24 route from entering the backbone.

Which configuration statements would accomplish the task?
A. On router R1, issue the set protocols ospf area 3 nssa area-range 184.16.1.0/24 restrict command.
B. On router R3, issue the set protocols ospf area 0 area-range 184.16.1.0/24 restrict command.
C. On router R3, issue the set protocols ospf area 3 area-range 184.16.1.0/24 restrict command.
D. On router R3, issue the set protocols ospf area 3 nssa area-range 184.16.1.0/24 restrict command.
Correct Answer: D
Section: (none)
Explanation
Explanation:
exact—(Optional) Summarization of a route is advertised only when an exact match is made with the configured summary range.
mask-length—Number of significant bits in the network mask.
network—IP address. You can specify one or more IP addresses.
override-metric metric—(Optional) Override the metric for the IP address range and configure a specific metric value.
restrict—(Optional) Do not advertise the configured summary. This hides all routes that are contained within the summary, effectively
creating a route filter.
QUESTION 114

You are asked to connect Area 2 to the backbone.
Which configuration would be required on R3?
A. [edit protocols ospf3]

6ad965a4-a28b-4dcc-876d-bc593e6a51ee
user@R3# show
f6d20190-258a-4e72-a98f-bf2e62eeb99c
area 0.0.0.0 {
virtual-link neighbor-id 10.0.10.1 transit-area 0.0.0.1; interface ge-0/0/5. 0;
}
B. [edit protocols ospf]
user@R3# show
area 0.0.0.0 {
virtual-link neighbor-id 192.168.1.2 transit-area 0.0.0.1; interface ge-0/0/5. 0 {
interface-type p2p;
}
}
C. [edit protocols ospf3]

user@R3# show
area 0.0.0.0 {
}
D. [edit protocols ospf3]
user@R3# show
area 0.0.0.1 {
}
Correct Answer: C
Section: (none)
Explanation
Explanation:
In this example, Device R1 and Device R2 are the routing devices at each end of the virtual link, with Device R1 physically connected
to the backbone, as shown in Figure 1. You configure the following virtual link settings:
neighbor-id—Specifies the IP address of the routing device at the other end of the virtual link. In this example, Device R1 has a router
ID of 192.168.0.5, and Device R2 has a router ID of 192.168.0.3.
transit-area—Specifies the area identifier through which the virtual link transits. In this example, area 0.0.0.3 is not connected to the
backbone, so you configure a virtual link session between area 0.0.0.3 and the backbone area through area 0.0.0.2. Area 0.0.0.2 is the
transit area.

Configuration on the local routing device (Device R1):
user@R1#: show routing-optionsrouter-id 192.168.0.5;
area 0.0.0.0 { virtual-link neighbor-id 192.168.0.3 transit-area 0.0.0.2;}

Configuration on the remote ABR (Device R2):
user@R2#: show routing-optionsrouter-id 192.168.0.3;
area 0.0.0.0 { virtual-link neighbor-id 192.168.0.5 transit-area 0.0.0.2;
QUESTION 115
[edit protocols ospf]
user@area-1-abr# show
area 0.0.0.1 {
nssa {
default-lsa {
default-metric 10;
metric-type 2;
type-7;
no-summaries;
interface so-0/1/1. 0;
Referring to the exhibit, which statement is true?
A. The ABR will generate a Type 3 summary default route into the NSSA.
B. The ASBR will generate a Type 7 default route into the NSSA.
C. The type-7 parameter allows interoperability with newer versions of the Junos OS.

D. The only LSA types allowed into the area are Type 1, Type 2, Type 3, and Type 7.
Correct Answer: B
Section: (none)
Explanation
Explanation:
nssa—Specifies an OSPF NSSA. You must include the nssa statement on all routing devices in area 9 because this area only has
external connections to static routes.
no-summaries—Prevents the ABR from advertising summary routes into the NSSA. If configured in combination with the default-metric
statement, the NSSA only allows routes internal to the area and advertises the default route into the area. External routes and
destinations to other areas are no longer summarized or allowed into the NSSA. Only the ABR requires this additional configuration
because it is the only routing device within the NSSA that creates Type 3 LSAs used to receive and send traffic from outside the area.
default-lsa—Configures the ABR to generate a default route into the NSSA.
default-metric—Specifies that the ABR generate a default route with a specified metric into the NSSA. This default route enables
packet forwarding from the NSSA to external destinations. You configure this option only on the ABR. The ABR does not automatically
generate a default route when attached to an NSSA. You must explicitly configure this option for the ABR to generate a default route.
metric-type—(Optional) Specifies the external metric type for the default LSA, which can be either Type 1 or Type 2. When OSPF
exports route information from external ASs, it includes a cost, or external metric, in the route. The difference between the two metrics
is how OSPF calculates the cost of the route. Type 1 external metrics are equivalent to the link-state metric, where the cost is equal to
the sum of the internal costs plus the external cost. Type 2 external metrics use only the external cost assigned by the AS boundary
router. By default, OSPF uses the Type 2 external metric.
type-7—(Optional) Floods Type 7 default LSAs into the NSSA if the no-summaries statement is configured. By default, when the no-
summaries statement is configured, a Type 3 LSA is injected into NSSAs for Junos OS release 5.0 and later.
To support backward compatibility with earlier Junos OS releases, include the type-7 statement.
To disable exporting Type 7 LSAs into the NSSA by include the no-nssa-abr statement on the routing device that performs the

functions of both an ABR and an AS boundary router.
QUESTION 116
Referring to the exhibit, you are asked to verify certain routing information within your OSPFv3 routing domain. You must review the prefixes learned from R3.
Which two LSA types from the output shown in the exhibit must be reviewed? (Choose two.)
A. the Router LSAs from RID 10.0.0.2

B. the Extern LSAs from RID 10.0.0.2
C. the InterArPfx LSAs from RID 10.0.0.2
D. the Network LSAs from RID 10.0.0.2
Correct Answer: BC
Section: (none)
Explanation
Explanation:
OSPFv3 LSA Types
Each LSA begins with a standard 20-byte LSA header. Each LSA describes a piece of OSPF routing domain. All LSAs are flooded
throughout the OSPF routing domain. The flooding is reliable, ensuring all routers have the same collection of LSAs. This collection of
LSAs is called link-state database (LSDB). From the LSDB, each router constructs the shortest-path tree with itself as the root. This
yields a routing table.
LSA Header:
This header contains enough information to uniquely identify each LSA. The LS Type, Link State ID and the Advertising Router field
are used to uniquely identify an LSA.
Different instances of the same LSA could be present. The most recent instance could be identified using LS Age, LS Sequence
number and LS Checksum fields present in the LSA Header.

LS Age: Time in seconds since the LSA was originated.
LS Type: Indicates the function performed by the LSA.
Link State ID: Together with LS Type and Advertising Router, uniquely identifies the LSA in the LSDB
Advertising Router: The Router ID of the router that originated the LSA
LS Sequence Number: detects old or duplicate LSA
LS Checksum: Complete checkcum of the LSA including the LSA Header but excluding the LS Age field
length: The length in bytes of the LSA including 20-bytes for LSA Header
LS Type:
The LS Type field indicates the function performed by the LSA. The high-order 3 bits encode generic properties of the LSA, while low-
order bits indicates the LSA's specific functionality.
U- indicates how a router should handle unknown LSA.

0= treat the LSA as if it had link-local flooding scope
1= Store and flood the LSA
S2 and S1- indicate flooding scope of the LSA

S2
S1
Description
0
0
Link-local flooding
0
1
Area scope flooding
1
0
AS scope flooding
1
1
Reserved
LSA Function Code- defines LSA's specific functionality.
LSA Function Code
LS Type
Description
1
0x2001
Router LSA
2
0x2002
Network LSA

3
0x2003
Inter-Area Prefix LSA
4
0x2004
Inter-Area Router LSA
5
0x4005
AS-external LSA
6
0x2006
Group Membership LSA
7
0x2007
Type-7 (NSSA) LSA
8
0x0008
Link LSA
9
0x2009
Intra-Area Prefix LSA
Router LSA:
Each OSPF router originates Router LSAs indicating the state and cost of the router's interfaces to the area. Router LSAs are flooded
throughout the single area only.

A router may originate one or more Router LSAs, distinguished by their Link State IDs. The receiving router concatenates the Router
LSAs if it receives more than one Router LSA from a single router.
The Router LSA indicates if the router is an ASBR or an ABR or if it is one end-point of a virtual link. These LSAs have no address
information.
Network LSA:
Network LSAs are originated by the DR for a broadcast or NBMA network in the area which supports two or more routers. The LSA
describes all routers connected to the link, including the DR. The LSA's Link State ID field is set to the Interface ID that the DR has
been using in Hello packets. No address information is carried in the Network LSA.
Inter-Area Prefix LSA:
These LSAs are IPv6 equivalent of IPv4's Type-3 Summary LSAs. These LSAs are originated by the ABR to specify IPv6 prefixes that
belong to other areas. A separate LSA is originated for each address prefix.
For Stub areas, the Inter-area Prefix LSA is used to describe a default route. The prefix length of the default route is set to 0.
Inter-Area Router LSA:
These LSAs are IPv6 equivalent of IPv4's Type-4 Summary LSAs. Originated by the ABR, the Inter-Area Router LSA describes the
route to the ASBR. Each LSA describes a route to a single router.
AS-External LSA:
These LSAs are IPv6 equivalent of IPv4's Type-5 External LSAs. These LSAs are originated by ASBRs describing the destinations
external to the AS. Each LSA describe a route to a single IPv6 prefix external to the AS.
AS-External LSAs can be used to describe a default route. Default routes are used when no specific route exists for a destination.

Link LSA:
A router originates a separate Link LSA for each link it is attached to. These LSAs have link-local flooding scope and are never flooded
beyond a link that they are associated with. These LSAs have three purposes-
- notify the link-local address of the router's interface to the routers attached to the link
- inform other routers attached to the link of the list of IPv6 prefixes to associate with the link
- allow the router to assert the collection of Option bits to associate with the Network LSA that will be originated for the link
The Link-State ID is set to the Interface ID of link of the originating router.
Intra-Area Prefix LSA:
A router uses Intra-Area Prefix LSA to advertise IPv6 prefixes that are associated with
a) the router itself (in IPv4, this was carried in Router LSA)
b) an attached stub network segment (in IPv4, this was carried in Router LSA)
c) an attached transit network segment (in IPv4, this was carried in Network LSA)
A router can originate multiple Intra-Area Prefix LSAs for each router or transit network; each LSA is distinguished by its Link State ID.
Options field:
The 24-bit Options field is included in Hello and DBD packets, and Router, Network and Inter-area Router LSAs. It enables OSPF
routers to support optional capabilities, and to communicate their capabilities to other OSPF routers in the network
QUESTION 117
???????
ISP-A is advertising the 200.0.3.0/24 route to R1. R1 is advertising this BGP route to R2 but the route is hidden on R2.

Referring to the exhibit, which statement is correct about the 200.0.3.0/24 route?
A. The route is unusable because the next hop is not reachable from R2.
B. The route is unusable because it has not been verified.
C. The route is hidden because R1 is changing the next hop to 192.168.16.1.
D. The route is hidden because R2 has a more preferred route.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 118
user@router> show route protocol bgp detail
inet6. 0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
4444:4444::/32 (1 entry, 1 announced)
*BGP Preference: 170/-101
Next hop type: Router, Next hop index:
Address: 0x934c688
Next-hop reference count: 2
Source: 172.27.0.5
Next hop: ::172.27.0.5 via ge-0/0/1.0, selected
State:
Local AS: 3 Peer AS: 701
Age: 3:22

Task: BGP_701.172.27.0. 5+52965
Announcement bits (1): 0-KRT
AS path: 701 4 I Aggregator: 4 10.255.1.34
Accepted
Localpref: 100
Router ID: 10.255.1.31
Referring to the exhibit, which two statements are true? (Choose two.)
A. The IPv6 route was learned from an IPv6 BGP neighbor.

B. The IPv6 route was learned from an IPv4 BGP neighbor.
C. The IPv6 destination will use IPv4 as the next hop.
D. The IPv6 destination will use IPv6 as the next hop.
Correct Answer: BD
Section: (none)
Explanation
Explanation:

QUESTION 119
user@router# run show route receive-protocol bgp 192.168.4.101 detail
inet. 0: 18 destinations, 20 routes (18 active, 0 holddown, 0 hidden)
* 10.16.1.0/24 (1 entry, 1 announced)
Accepted
Nexthop: 192.168.4.101
Localpref: 100

AS path: 123 111 I
*10.16.2.0/24 (1 entry, 1 announced)
Accepted
Nexthop: 192.168.4.101
Localpref: 100
AS path: 123 222 312 I
* 10.16.3.0/24 (1 entry, 1 announced)
Accepted
Nexthop: 192.168.4.101
Localpref: 100
AS path: 123 231 222 I
* 10.16.4.0/24 (1 entry, 1 announced)
Accepted
Nexthop: 192.168.4.101
Localpref: 100
AS path: 123 333 111 I
Referring to the exhibit, which AS path regular expression will match only the 10.16.1.0/24 and 10.16.2.0/24 routes?
A. .* (222|111) . *
B. .+ (222|111) . *
C. .(222|111) . *
D. .(. 222|. 111) . *
Correct Answer: C

Section: (none)
Explanation
Explanation:

QUESTION 120
?????????
Referring to the exhibit, R2 is sending a route to R1 with a community value.
Which statement is correct?
A. Routes will be accepted without change in the attributes.

B. All routes will be rejected.
C. Routes will be accepted with the community value removed.
D. Routes will be rejected with the community value removed.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 121
Which set of BGP attributes is preferred by the Junos OS?
A. MED: 100
AS path: 50 50 50
Local preference: 50
Origin: I
B. MED: 50
AS path: 50 50 50
Local preference: 1
Origin: E
C. MED: 100
AS path: 50 50 50 50
Origin: I
D. MED: 50

AS path: 50 50 50
Origin: E
Correct Answer: A
Section: (none)
Explanation
Explanation:

QUESTION 122

R4 receives BGP prefixes for AS 50 from both R2 and R3. You want to ensure that R4 chooses R3 as the preferred path to reach 50. 50. 50/24.
Referring to the information shown in the exhibit, where would you apply a policy containing the parameter local-preference 110 to accomplish this task?
A. on R3, as import from R1

B. on R3, as export towards R4
C. on R2, as import from R1
D. on R2, as export towards R4
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 123
????????
Referring to the exhibit, you want router A to have an EBGP peering with router C. They are both connected through router B, which does not have BGP running,
and has static routes configured.
What must be configured in the EBGP peer groups on routers A and C to make this connection possible?
A. MED
B. multihop
C. multipath
D. next-hop
Correct Answer: B
Section: (none)
Explanation
Explanation:

QUESTION 124
Referring to the exhibit, your AS is connected to ISP-A and ISP-B using BGP. R1 and R2 are advertising your AS's 172.25/16 prefix upstream to both ISPs, and
both ISPs are providing a full BGP route table. You want to influence traffic flow so that traffic towards your network enters through R1.

Which action would meet the requirement?
A. Apply the following as an export policy towards ISP-B:
[edit policy-options]

user@R2# show
policy-statement prefer-for-inbound {
term prepend {
then {
as-path-prepend "100 100";
accept;
}
}
}
B. Apply the following as an export policy towards ISP-A:
user@R1# show
term prepend {
then {
accept;
}
}
}
C. Apply the following as an export policy towards R1 and R3:
user@R2# show
term local-pref {
then {
local-preference 110;
accept;
}
}
}
D. Apply the following as an export policy towards R2 and R3:
user@R1# show
term local-pref {

then {
local-preference 110;
accept;
}
}
}
Correct Answer: A
Section: (none)
Explanation
Explanation:
diagram AS numbers doesn;t match the AS number of 100 in answer; would be
user@R2# show
term prepend {
then {
accept;
}
}
}
QUESTION 125
????????????????
R1 is connected to both R2 and R3 and you want to load-balance outbound traffic. You have provided the configuration shown in the exhibit; however, after
checking the links you notice that the traffic is not load-balancing.
Which configuration must be added?
A. set protocols bgp group external multihop

B. set protocols bgp group external multipath
C. set protocols bgp group external advertise-external
D. set policy-options policy-statement loadbal then accept
Correct Answer: B
Section: (none)
Explanation
Explanation:
The Junos OS BGP multipath feature supports the following applications:

Load balancing across multiple links between two routing devices belonging to different autonomous systems (ASs)
Load balancing across a common subnet or multiple subnets to different routing devices belonging to the same peer AS
Load balancing across multiple links between two routing devices belonging to different external confederation peers
Load balancing across a common subnet or multiple subnets to different routing devices belonging to external confederation peers
In a common scenario for load balancing, a customer is multihomed to multiple routers in a point of presence (POP). The default
behavior is to send all traffic across only one of the available links. Load balancing causes traffic to use two or more of the links.
BGP multipath does not apply to paths that share the same MED-plus-IGP cost, yet differ in IGP cost. Multipath path selection is based
on the IGP cost metric, even if two paths have the same MED-plus-IGP cost.
QUESTION 126
You are asked to create a BGP routing policy that will delete all communities and reject routes with the community 64321:1234.
Which policy will accomplish this task?
A. user@router# show policy-options

policy-statement filter-on-community {
term remove-AS65001 {
from community AS65001-community;
then {
community delete AS65001-community;
}
}
term nothing-with-1234 {
then reject;
}
}

community AS64321-community members 64321:1234;
B. user@router# show policy-options
term remove-all-communities {
then {
community delete all-communities;
}
}
then reject;
}
}
community all-communities members *:*;
C. user@router#show policy-options
then reject;
}
term remove-all-communities {
then {
community delete all-communities;
}
}
}
community all-communities members *:*;
D. user@router#show policy-options
then reject;
}
term remove-AS65001 {
then {
community delete AS65001-community;
}

}
}
Correct Answer: C
Section: (none)
Explanation
Explanation:

QUESTION 127
You are the administrator for the network shown in the exhibit. R1 receives the 196.15.4.0/24 route from routers R2, R3, and R4. Local preference values have not
been modified in this network. You are asked to ensure that R1 prefers the path through AS 3149 for traffic destined to 196.15.4.0/24.
Which two methods will accomplish this task? (Choose two.)
A. Configure a lower local preference on R3.

B. Configure as-path-prepend on R2 and R4.
C. Configure local-as on R3.
D. Configure always-compare-med on R1.
Correct Answer: BD
Section: (none)
Explanation
Explanation:
With “bgp always-compare-med” enabled, BGP will compare MED values even if they come from different ASes, although to reach this
step the AS_PATHs must have the same length. You should use this command throughout the AS or you risk creating routing loops.
QUESTION 128

Referring to the exhibit, the RPT from R3 towards R2 is established.
What happens if the multicast source connected to R1 starts sending multicast traffic towards R1?
A. R1 encapsulates the multicast packets into a PIM register multicast packet.

B. R1 encapsulates the multicast packets into PIM join unicast messages.
C. R1 forwards the multicast packets on the (S, G) tree towards the RP.
D. R1 tunnels the multicast packets in PIM register messages towards the RP.
Correct Answer: D
Section: (none)
Explanation
Explanation:
On Juniper Networks routers, data packets are encapsulated and de-encapsulated into tunnels by means of hardware and not the
software running on the router processor. The hardware used to create tunnel interfaces on M Series and T Series routers is a Tunnel
Services PIC. If Juniper Networks M Series Multiservice Edge Routers and Juniper Networks T Series Core Routers are configured as
rendezvous points or IP version 4 (IPv4) PIM sparse-mode DRs connected to a source, a Tunnel Services PIC is required. Juniper
Networks MX Series Ethernet Services Routers do not require Tunnel Services PICs. However, on MX Series routers, you must enable
tunnel services with the tunnel-services statement on one or more online FPC and PIC combinations at the [edit chassis fpc number
pic number] hierarchy level.
In PIM sparse mode, the source DR takes the initial multicast packets and encapsulates them in PIM register messages. The source
DR then unicasts the packets to the PIM sparse-mode RP router, where the PIM register message is de-encapsulated.
When a router is configured as a PIM sparse-mode RP router (by specifying an address using the address statement at the [edit
protocols pim rp local] hierarchy level) and a Tunnel PIC is present on the router, a PIM register de-encapsulation interface, or pd
interface, is automatically created. The pd interface receives PIM register messages and de-encapsulates them by means of the
hardware.
QUESTION 129
Which two statements are true about MSDP mesh groups? (Choose two.)
A. The MSDP mesh group was originally designed to limit SA flooding.

B. SA messages received from a mesh group member flood these messages to all peers that are not members of this mesh group.
C. SA messages received from a peer not in any mesh group do not flood to all peers.
D. SA messages received from a peer not in any mesh group perform a peer-RPF check and, if successful, flood to all peers (except the advertising router).
Correct Answer: AB

Section: (none)
Explanation
Explanation:
MSDP mesh groups are groups of peers configured in a full-mesh topology that limits the flooding of source-active messages to
neighboring peers.
Every mesh group member must have a peer connection with every other mesh group member. When a source-active message is
received from a mesh group member, the source-active message is always accepted but is not flooded to other members of the same
mesh group.
However, the source-active message is flooded to non-mesh group peers or members of other mesh groups.
By default, standard flooding rules apply if mesh-group is not specified.

QUESTION 130
***Exhibit is Missing***
Referring to the exhibit, the RPs are set up for anycast. Multicast traffic is currently flowing from the source to the receivers.
Which statement is true when RP2 goes down?
A. Multicast traffic is interrupted for receiver 2 until RP2 recovers.

B. Receiver 2 needs to rejoin RP1.
C. Multicast traffic flows uninterrupted.
D. RP1 starts sending multicast traffic to receiver 2.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 131

Which multicast group is used for all PIM routers?
A. 224.0.0.22
B. 224.0.0.13
C. 224.0.0.1
D. 224.0.0.2
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 132
Your company has PIM running on some critical routers in your network, but another engineer has requested that you configure a PIM policy to prevent R2 from
becoming a PIM neighbor of R1 by dropping the hello packets.
Referring to the exhibit, which three commands are necessary for preventing R2 from becoming a PIM neighbor of R1? (Choose three.)
A. set protocols pim interface ge-0/0/1.0 neighbor-policy block-pim

B. set policy-options policy-statement block-pim term 1 from route-filter 227. 2. 2. 2/32 exact
C. set policy-options policy-statement block-pim term 1 from route-filter 10. 10. 10. 2/32 exact
D. set policy-options policy-statement block-pim term 1 then reject
E. set policy-options policy-statement block-pim term 1 from route-filter 10. 10. 10. 1/32 exact
Correct Answer: ACD

Section: (none)
Explanation
Explanation:
The following example filters PIM join and prune messages for group addresses 224.0.1.2 and 225.1.1.1.

In configuration mode, create the policy.
user@host# set policy-options policy-statement block-groups term t1 from route-filter 224.0.1.2/32 exactuser@host# set policy-
options policy-statement block-groups term t1 from route-filter 225.1.1.1/32 exactuser@host# set policy-options policy-
statement block-groups term t1 then rejectuser@host# set policy-options policy-statement block-groups term last then accept
Verify the policy configuration by running the show policy-options command.

user@host# show policy-options
policy-statement block-groups {term t1 {from {route-filter 224.0.1.2/32 exact;route-filter 225.1.1.1/32 exact;then reject;}term last {then
accept;}}
QUESTION 133
Your company asks you to configure multicast routing on a Junos device. They tell you that the router at IP address 192.168.1.4 is the root of the shared multicast
delivery tree.
Which command allows you to configure the Junos device as a non-RP router for PIM?
A. set protocols pim rp local family inet disable

B. set protocols pim rp local address 192.168.1.4
C. set protocols pim rp static address 192.168.1.4
D. set protocols pim rp auto-rp announce
Correct Answer: C
Section: (none)
Explanation
Explanation:
Because the PIM mode you choose determines the PIM configuration properties, you first must decide whether PIM operates in
bidirectional, sparse, dense, or sparse-dense mode in your network. Each mode has distinct operating advantages in different network
environments.
In sparse mode, routers must join and leave multicast groups explicitly. Upstream routers do not forward multicast traffic to a
downstream router unless the downstream router has sent an explicit request (by means of a join message) to the rendezvous point
(RP) router to receive this traffic.

The RP serves as the root of the shared multicast delivery tree and is responsible for forwarding multicast data from different sources
to the receivers.
QUESTION 134
When enabling MVRP for dynamic VLAN registration, which three timers would be configured on an interface? (Choose three.)
A. hello-interval
B. join-timer
C. leave-timer
D. max-age
E. leaveall-timer
Correct Answer: BCE

Section: (none)
Explanation
Explanation:
Configuring Timer Values

The timers in MVRP define the amount of time an interface waits to join or leave MVRP or to send or process the MVRP information
for the router or switch after receiving an MVRP PDU:
The join timer controls the amount of time the router waits to accept a registration request.
The leave timer controls the period of time that the router waits in the Leave state before changing to the unregistered state.
The leaveall timer controls the frequency with which the LeaveAll messages are communicated.
The default MVRP timer values are 200 ms for the join timer, 1000 ms for the leave timer, and 10000 ms for the leaveall timer.
QUESTION 135
Referring to the exhibit, a customer noticed that the 802. 1Q-tunneled packets received on SwitchB are being dropped. What is causing this problem?
A. There is an ether-type mismatch on SwitchA and SwitchB.

B. Customer VLANs are not configured on SwitchB.
C. The SwitchB interface connecting to SwitchA is not a trunk port.
D. Customer VLANs are mismatched on both switches.
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 136
You are a service provider and have multiple customers in a building. You are installing a new switch that can host all of your customers. However, you would like
to ensure that one customer cannot see or broadcast to another customer. You would also like to have them use a common gateway IP address from the building.
What should be used to provide this access?
A. VLAN
B. private VLAN
C. filter-based VLAN
D. Layer 2 tunneling
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 137
What are three types of PVLAN broadcast domains? (Choose three.)
A. primary VLAN
B. dynamic VLAN
C. isolated VLAN
D. community VLAN
E. S-VLAN
Correct Answer: ACD

Section: (none)
Explanation
Explanation:
QUESTION 138
{master:0}[edit]
v1 {
vlan-id 1;
interface {
ge-0/0/1.0;
v2 {
vlan-id 2;
interface {
ge-0/0/2. 0;
v3 {
vlan-id 3;
interface {

ge-0/0/1.0 {
{master:0}[edit]
unit 0 {
port-mode trunk;
{master:0}[edit]
user@switch# run show vlans
Name Tag Interfaces
default
None
v1 1
ge-0/0/10*, ge-0/0/3.0*
v2 2
ge-0/0/2.0*, ge-0/0/3.0*
v3 3
ge-0/0/1.0*, ge-0/0/3.0*
Referring to the exhibit, what would explain interface ge-0/0/3.0 being active in VLANs v1, v2, and v3?

A. You have enabled RSTP for interface ge-0/0/3.0.
B. You have enabled MVRP for interface ge-0/0/3. 0.
C. You have enabled MSTP for interface ge-0/0/3. 0.
D. You have enabled L2PT for interface ge-0/0/3. 0.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 139
Referring to the exhibit, you are asked to ensure that CE1 can communicate with CE2 using VLAN 150. Which configuration meets this requirement on S1?
A. {master:0}[edit vlans]
user@S1# show
customer-a {
vlan-id 200;
dot1q-tunneling {
customer-vlans 150;
}
}
B. {master:0}[edit vlans]
user@S1# show
customer-a {
vlan-id 150;
interface {
ge-0/0/0. 0;
ge-0/0/1.0;
}
dot1q-tunneling {
customer-vlans 200;
}
}

C. {master:0}[edit vlans]
user@S1# show
customer-a {
vlan-id 200;
interface {
ge-0/0/0. 0;
ge-0/0/1.0;
}
dot1q-tunneling {
customer-vlans 150;
}
}
D. {master:0}[edit vlans]
user@S1# show
customer-a {
vlan-id 150;
interface {
ge-0/0/0. 0;
}
}
v200 {
vlan-id 200;
interface {
ge-0/0/1.0;
}
}
Correct Answer: C
Section: (none)
Explanation
Explanation:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21686
QUESTION 140
You are asked to separate the human resources group from the finance group on the company network even though they share the same VLAN.

You consider using PVLANs, and you delegate the task to a junior engineer who submits the configuration shown in the exhibit to accomplish this task.
After review, you realize that the PVLAN implementation will not work correctly.
Referring to the exhibit, which three commands must be included to resolve the problem? (Choose three.)
A. set vlans pvlan no-local-switching

B. set vlans hr-group no-local-switching
C. set vlans finance-group no-local-switching
D. set vlans hr-group primary-vlan pvlan
E. set vlans finance-group primary-vlan pvlan
Correct Answer: ADE

Section: (none)
Explanation
Explanation:
no-local-switching
[edit vlans vlan-name]
Specify that access ports in this VLAN domain do not forward packets to each other. You use this statement with primary VLANs and
isolated secondary VLANs.
A PVLAN is designated the primary VLAN, and other VLANs are nested inside that VLAN as secondary VLANs. The types of PVLAN
broadcast domains are:
Primary VLAN—VLAN used to forward frames downstream to isolated and community VLANs.
Isolated VLAN—(When a PVLAN is configured on only one switch) A secondary VLAN that receives packets only from the primary
VLAN and forwards frames upstream to the primary VLAN.
Inter-switch isolated VLAN—(When a PVLAN is configured to span multiple switches) A secondary (internal) VLAN that is used to
forward isolated VLAN traffic from one switch to another through pvlan-trunk ports.
Community VLAN—A secondary VLAN that transports frames among community interfaces within the same community and forwards

frames upstream to the primary VLAN.
QUESTION 141
You have implemented a firewall-based VLAN filter to map traffic from subnet 192. 168. 40. 0/24 to a VLAN named vlan_40. However, you have not been
successful in getting the traffic mapped correctly.
In addition, all traffic must be passed to the Layer 2 network.
Referring to the exhibit, which three commands are required to accomplish this behavior? (Choose three.)
A. set interfaces ge-0/0/19.0 family ethernet-switching filter output assign_vlan

B. set interfaces ge-0/0/19.0 family ethernet-switching filter input assign_vlan
C. set vlans vlan_40 interface ge-0/0/19.0 mapping policy
D. set vlans vlan_30 interface ge-0/0/19.0 mapping policy
E. set interfaces ge-0/0/20 unit 0 family ethernet-switching port-mode trunk vlan members all
Correct Answer: BCE

Section: (none)
Explanation
Explanation:
http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/firewall-filter-ex-series-configuring.html
QUESTION 142

Referring to the exhibit, which two statements are true regarding the MSTP port role and port state of ge-0/0/0 and ge-0/0/1 on SW1?
A. Port ge-0/0/0 is a root port and ge-0/0/1 is an alternate port.

B. Both ports are designated ports.
C. Both ports are in a forwarding state.
D. Port ge-0/0/0 is a root port and ge-0/0/1 is in a forwarding state.
Correct Answer: BC
Section: (none)
Explanation
Explanation:

QUESTION 143
You are asked to implement MSTP on all devices in your Layer 2 network.
Which three parameters must match on all devices within the same region? (Choose three.)
A. region name
B. hello timer
C. maximum age
D. revision level
E. VLAN mapping table
Correct Answer: ADE

Section: (none)
Explanation
Explanation:
QUESTION 144
You are asked to implement VSTP on all devices in your Layer 2 network.
Which three statements are correct? (Choose three.)
A. VSTP supports up to 256 different spanning-tree topologies.

B. A BPDU is sent for each spanning-tree instance.
C. Each VLAN will be assigned to a unique spanning-tree instance.
D. MSTP can be used in addition to VSTP to account for VLANs outside of the supported range.
E. VSTP can be used to load-balance Layer 2 traffic using VLANs.
Correct Answer: BCE

Section: (none)
Explanation
Explanation:

QUESTION 145

MSTP information
\
Region name : Juniper
Revision : 1
Configuration digest : 0xfdbe318c0ae799ae6dfdae4c882c67ee
MSTI Member VLANs
0 0, 4-4094
1 1-3
A network engineer has configured MSTP on several switches for loop protection. You must verify the work and ensure that the appropriate parameters match on
all switches.
Which operational command provides the required output shown in the exhibit?
A. show spanning-tree interface

B. show spanning-tree mstp configuration
C. show spanning-tree bridge
D. show ethernet-switching interfaces
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 146
user@SwitchA# show protocols mstp
configuration-name region1;

bridge-priority 16k;
msti 1 {
vlan [10 20];
msti 2 {
bridge-priority 8k;
vlan [30 40];
user@SwitchB# show protocols mstp
configuration-name region1;
bridge-priority 8k;
msti 1 {
vlan [10 20];
msti 2 {
bridge-priority 8k;
vlan [30 40 50];
Referring to the exhibit, a customer observes that the MSTP instance between SwitchA and SwitchB is not converging correctly.

What is causing the problem?
A. The bridge priority values of MSTI 2 are the same.

B. There is a VLAN mismatch between the two switches for MSTI 2.
C. There is a bridge priority mismatch.
D. MSTI 1 and MSTI 2 are part of the same the MSTP region.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 147
Your company makes extensive use of VSTP in your network for loop protection. The network is at the VSTP VLAN limit and must protect additional VLANs.
Which command allows you to protect additional VLANs?
A. set protocols mstp interface all

B. set protocols vstp vlan all
C. set protocols vstp vlan-group
D. set protocols rstp
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 148
You are asked to set up 802.1X port authentication for all access ports on your EX Series switch.
You have a device that does not support 802.1X supplicants and you must ensure this device is authenticated.
You must also ensure that no unnecessary delay occurs when authenticating this device.
Which statement is correct?

A. You should enable MAC RADIUS on the interface and use 802.1X multiple mode.
B. You should enable MAC RADIUS on the interface and statically add the MAC address to the 802.1x configuration.
C. You should enable MAC RADIUS on the interface and include the restrict parameter.
D. You should enable MAC RADIUS on the interface and include the disable parameter.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 149
Your company recently implemented Layer 2 authentication and access control to secure users accessing the corporate network. You implemented 802.1X, MAC
RADIUS, and a captive portal to support a variety of hosts on the network.
Senior management is concerned that valid users might be authenticated incorrectly on the network and they ask you questions about how these different access
technologies are used simultaneously.
Which three statements are correct? (Choose three.)
A. MAC addresses that are part of a MAC address whitelist or a static MAC list are authenticated before any other authentication protocol is invoked.
B. Captive portal is a supported fallback option for 802.1X.
C. If the authentication server fails to respond to access requests and both a server-fail and guest VLAN are configured correctly, the server-fail VLAN takes
precedence over the guest VLAN.
D. Captive portal can only be configured on Layer 3 interfaces.
E. If a port is configured with 802.1X and the host does not respond to EAP requests, no other authentication protocol can authenticate the host.
Correct Answer: ABC

Section: (none)
Explanation
Explanation:
QUESTION 150
In your 802.1X-enabled network, a RADIUS server fails to respond or authenticate a device.

On an EX Series switch, what are three supported actions? (Choose three.)
A. Traffic can be allowed.

B. Traffic can be denied.
C. Traffic can be redirected to another subnet.
D. Traffic can be redirected to another VLAN.
E. Traffic can be redirected to another port.
Correct Answer: ABD

Section: (none)
Explanation
Explanation:
QUESTION 151
A contractor needs to connect a laptop to your company network, but your company has no wireless access and each office has only a single network port for an
employee laptop.
You have an IP phone with a data port available and you have access to the switch connected to it.

You can also add the contractor's MAC address to the RADIUS server database.
Referring to the exhibit, which three commands will allow access? (Choose three.)
A. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 mac-radius
B. set interfaces ge-0/0/16. 0 family ethernet-switching port-mode trunk
C. set interfaces ge-0/0/16. 0 family ethernet-switching vlan members contractor
D. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 supplicant multiple
E. set interfaces ge-0/0/16. 0 family ethernet-switching vlan members all
Correct Answer: ACD

Section: (none)
Explanation
Explanation:
QUESTION 152
{master:0u} ser@switch> show dot1x interface ge-0/0/15 detail ge-0/0/15. 0
Role: Authenticator
Administrative state: Auto
Supplicant mode: Multiple
Number of retries: 3
Quiet period: 60 seconds
Transmit period: 30 seconds
Mac Radius: Enabled
Mac Radius Restrict: Enabled
Reauthentication: Enabled

Configured Reauthentication interval: 120 seconds
Supplicant timeout: 30 seconds
Server timeout: 30 seconds
Maximum EAPOL requests: 2
Guest VLAN member: guest
Number of connected supplicants: 0
802.1X authentication was recently configured on your ge-0/0/15 port. You issue the command shown in the exhibit.
Which two statements are correct? (Choose two.)
A. The reauthentication interval is using the default value.

B. Every user that attempts to connect using this port must be authenticated.
C. Only the first user that connects using this port will be authenticated.
D. Users will only be able to authenticate using MAC RADIUS.
Correct Answer: BD
Section: (none)
Explanation
Explanation:
QUESTION 153
{master:0}[edit protocols dot1x]
user@switch# show
authenticator {
authentication-profile-name my-profile;
static {

00:21:cc:ba:c7:00/40 {
interface ge-0/0/12. 0;
interface {
ge-0/0/12. 0 {
server-fail deny;
ge-1/0/14. 0 {
reauthentication 120;
server-fail vlan-name local-only;
ge-1/0/15. 0 {
mac-radius {
restrict;
reauthentication 120;
server-fail vlan-name guest;

}
You just added a device on port ge-0/0/12 with the MAC address 00:21:cc:ba:c7:59. All access ports on this device are members of VLAN v20. The RADIUS server
is currently not reachable.
Referring to the configuration shown in the exhibit, what happens to traffic sent from this device?
A. The traffic is denied.

B. The traffic is accepted and uses the guest VLAN.
C. The traffic is accepted and uses the local-only VLAN.
D. The traffic is accepted and uses the v20 VLAN.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 154
Which two statements about the voice VLAN feature are correct? (Choose two.)
A. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on an access port.
B. It can be used to assign VoIP traffic into a CoS forwarding class.
C. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on a trunk port.
D. It can be used to apply a policer to VoIP traffic.
Correct Answer: AB
Section: (none)
Explanation
Explanation:
The Voice VLAN feature in EX-series switches enables access ports to accept both data (untagged) and voice (tagged) traffic and

separate that traffic into different VLANs.
Before configuring Voice VLAN, there are several things to consider:
To assign differentiated priority to Voice traffic, it is recommended that class of service (CoS) is configured prior to enabling the voice
VLAN feature. Typically, voice traffic is treated with a higher priority than common user traffic. Without differentiated treatment through
CoS, all traffic, regardless of the type, is subject to the same delay during times of congestion.
The voice VLAN should only be enabled on access ports on which IP phones are actually connected.
Utilize Link Layer Discovery Protocol Media Endpoint Discovery (LLDP-MED) to provide the voice VLAN ID and 802.1p values to the
attached IP phones. This dynamic method associates each IP phone with the appropriate voice VLAN and assigns the necessary
802.1p values, which are used by CoS, to differentiate service for voice traffic within a network.
QUESTION 155
NetBIOS snooping information is stored in which database on EX Series switches?
A. RADIUS database
B. LLDP neighbor database
C. MAC table database
D. routing table database
Correct Answer: B
Section: (none)
Explanation
Explanation:
The NetBIOS snooping-enabled switch extracts the host details from the NetBIOS name registration packet and stores the details in
the LLDP neighbor database.
QUESTION 156
Which three PoE power allocation methods are supported on EX Series switches? (Choose three.)
A. dynamic PoE management mode

B. static PoE management mode
C. enhanced power negotiation

D. LLDP power negotiation
E. class PoE management mode
Correct Answer: BDE

Section: (none)
Explanation
Explanation:
QUESTION 157
A security camera is connected to an EX Series switch. You are asked to ensure power to the PoE port is maintained if the power budget is exceeded.
Which two actions will accomplish this task? (Choose two.)
A. Set the PoE management mode to static.

B. Set the PoE management mode to class.
C. Set the PoE interface priority to high.
D. Ensure the camera is connected to port ge-0/0/0.
Correct Answer: CD
Section: (none)
Explanation

Explanation:
By default, PoE ports on EX Series switches are set to low power priority. You can configure
a PoE port to have a high power priority setting. If a situation arises where there is not
sufficient power for all the PoE ports, the available power is directed to the higher priority
ports, while power to the lower priority ports is shut down as needed.
Among PoE interfaces that have the same assigned priority, power priority is determined
by the port number, with lower-numbered ports having higher priority.
QUESTION 158
You are troubleshooting an LLDP neighbor and cannot see the IP address of the neighboring EX Series switch.
What is causing the problem?
A. A VLAN interface must be configured under the [edit vlans] hierarchy.

B. IP addresses are not sent in any LLDP TLVs.
C. A management address must be configured under the [edit protocols lldp] hierarchy.
D. You must enable LLDP-MED.
Correct Answer: C
Section: (none)
Explanation
Explanation:
user@switch>show lldp neighbors interface ge-0/0/0.0
LLDP Neighbor Information:

Local Information:
Index: 20 Time to live: 120 Time mark: Thu Apr 15 22:26:22 2010 Age: 16 secs
Local Interface : ge-0/0/0.0
Parent Interface : -
Local Port ID : 517
Ageout Count : 0
Neighbour Information:
Chassis type : Network address

Chassis ID : 0.0.0.0
Port type : Mac address
Port ID : 00:04:0d:fc:55:48
System name : AVAFC5548
System capabilities
Supported : Bridge Telephone
Enabled : Bridge
Management Info
Type : IPv4
Address : 0.0.0.0
Port ID : 1
Subtype : 1
Interface Subtype : ifIndex(2)
OID : 1.3.6.1.2.1.31.1.1.1.1.1
Media endpoint class: Class III Device
MED Hardware revision : 4610D01A

MED Firmware revision : b10d01b2_9.bin
MED Software revision : a10d01b2_9.bin
MED Serial number : 07N510103424
MED Manufacturer name : Avaya
MED Model name : 4610
Organization Info
OUI : 0.18.15
Subtype : 1
Index : 1
Info : 036CA00010
Organization Info
OUI : 0.18.15
Subtype : 1
Index : 2
Info : 002303
Organization Info
OUI : 0.18.15
Subtype : 2
Index : 3
Info : 014001AE
Organization Info

OUI : 0.18.15
Subtype : 5
Index : 4
Info : 3436313044303141
Organization Info
OUI : 0.18.15
Subtype : 6
Index : 5
Info : 62313064303162325F392E62696E
Organization Info
OUI : 0.18.15
Subtype : 7
Index : 6
Info : 61313064303162325F392E62696E
Organization Info
OUI : 0.18.15
Subtype : 8
Index : 7
Info : 30374E353130313033343234
Organization Info
OUI : 0.18.15
Subtype : 9
Index : 8
Info : 4176617961
Organization Info
OUI : 0.18.15
Subtype : 10
Index : 9
Info : 34363130
Organization Info
OUI : 0.18.15
Subtype : 1
Index : 10
Info : 000028003C
Organization Info
OUI : 0.18.15
Subtype : 3

Index : 11
Info : 00000000
Organization Info
OUI : 0.18.15
Subtype : 4
Index : 12
Info : 000000000000000000000000
Organization Info
OUI : 0.18.15
Subtype : 5
Index : 13
Info : 00000000
Organization Info
OUI : 0.18.15
Subtype : 6
Index : 14
Info : 00000000
Organization Info
OUI : 0.18.15
Subtype : 7
Index : 15
Info : 01
QUESTION 159
On SRX Series devices, in which order does CoS process ingress packets?
A. multifield classifier, policer, forwarding policy, behavior aggregate classifier

B. multifield classifier, forwarding policy, policer, behavior aggregate classifier
C. behavior aggregate classifier, policer, multifield classifier, forwarding policy
D. behavior aggregate classifier, multifield classifier, policer, forwarding policy
Correct Answer: D
Section: (none)
Explanation
Explanation:

QUESTION 160

You notice that an interface receiving traffic from multiple devices with no user-configured CoS parameters has been assigned the ieee802.1p-default classifier.
What is the port type assigned to this interface?
A. access port
B. tagged access port
C. trunk port
D. designated port
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 161
You are asked to implement CoS on an EX Series switch. You attempt to configure the priority for the voice and data queue schedulers to medium-high and
medium-low priority, respectively.
However, you notice that the only parameters available for the priority is strict high and low.
Why are strict high and low the only available parameters for configuration?
A. The loss priority for the queues must first be set to medium-low and medium-high, respectively.
B. The switch only supports the strict high and low queue priorities.
C. The shared buffer feature must be configured prior to configuring scheduler priority.
D. The scheduler must be applied to an interface prior to configuring scheduler priority.
Correct Answer: B
Section: (none)
Explanation
Explanation:
Priority scheduling is accomplished through a procedure in which the scheduler examines the priority of the queue. Juniper Networks
Junos operating system (Junos OS) supports two levels of transmission priority:

Low—The scheduler determines whether the individual queue is within its defined bandwidth profile or not. This binary decision, which
is re-evaluated on a regular time cycle, involves comparing the amount of data transmitted by the queue against the bandwidth
allocated to it by the scheduler. If the transmitted amount is less than the allocated amount, the queue is considered to be in profile. A
queue is out of profile when the amount of traffic that it transmits is larger than the queue’s allocated limit. An out-of-profile queue is
transmitted only if bandwidth is available. Otherwise, it is buffered.
On EX Series switches other than EX4300 switches, a queue from a set of queues is selected based on the shaped deficit weighted
round robin (SDWRR) algorithm, which operates within the set. On EX4300 switches, the weighted deficit round-robin (WDRR)
algorithm is used to select a queue from a set of queues.
Strict-high—A strict-high priority queue receives preferential treatment over a low-priority queue. Unlimited bandwidth is assigned to a
strict-high priority queue. On EX Series switches other than EX4300 switches, queues are scheduled according to the queue number,
starting with the highest queue, 7, with decreasing priority down through queue 0. Traffic in higher-numbered queues is always
scheduled prior to traffic in lower-numbered queues. In other words, if there are two high-priority queues, the queue with the higher
queue number is processed first. On EX4300 switches, you can configure multiple strict-high priority queues on an interface and an
EX4300 switch processes these queues in a round-robin method.
Packets in low-priority queues are transmitted only when strict-high priority queues are empty. .
QUESTION 162
You are asked to configure a CoS weighted tail drop profile on your EX Series switch that causes all traffic in the best effort queue to drop when the queue is 90
percent full.
Which configuration will accomplish this request?
A. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
drop-probability 100;
}
}
B. [edit class-of-service]
drop-profiles {
be_dropp {
interpolate {
fill-level 90;
}

}
}
C. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
}
}
D. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
}
}
Correct Answer: C
Section: (none)
Explanation
Explanation:
Field Name
Field Description
Drop profile
Name of a drop profile.
Type
Type of drop profile:
discrete (default)
interpolated (EX8200 switches only)
Index
Internal index of this drop profile.
Fill Level
Percentage fullness of a queue.
Drop probability
Drop probability at this fill level.

QUESTION 163
You are asked to reconfigure a CoS scheduler to limit the assured forwarding queue to a maximum of 75 percent of the available bandwidth. The assured
forwarding queue uses a strict high priority queue.
Which configuration parameter accomplishes this task?
A. transmit-rate percent 75
B. buffer-size percent 75
C. shaping-rate percent 75
D. shared-buffer percent 75
Correct Answer: C
Section: (none)
Explanation
Explanation:

QUESTION 164
You are asked to configure an interface policer. You must ensure when the bandwidth limit and burst size are exceeded, that the packet receives a CoS parameter
which increases the probability that the packet will be dropped if the queues are congested.
Which policer action will accomplish this requirement?
A. dscp 0
B. loss-priority high
C. ip-precedence 0
D. loss-priority low
Correct Answer: B
Section: (none)

Explanation
Explanation:

QUESTION 165
Which connection method do OSPF routers use to communicate with each other?
A. IP protocol number 89
B. TCP port 179
C. UDP port 179
D. IP protocol number 6
Correct Answer: A
Section: (none)
Explanation
Explanation:
Was C but should be A
QUESTION 166
Which statement is true about default BGP route redistribution behavior?
A. IBGP-learned routes are advertised only to other IBGP peers.

B. EBGP-learned routes are redistributed into any IGPs.
C. EBGP-learned routes are advertised only to other EBGP peers.
D. EBGP-learned routes are advertised to other IBGP and EBGP peers.
Correct Answer: B
Section: (none)
Explanation
Explanation:
Redistributing Routes from BGP

If you have redistributed routes from BGP into an IGP, by default only EBGP routes are redistributed. You can issue the bgp
redistribute-internal command followed by clearing all BGP sessions to permit the redistribution of IBGP routes in addition to EBGP
routes.

QUESTION 167
In a PIM-SM network, which type of node helps to build a tree towards an unknown multicast source?
A. DIS
B. RP
C. DR
D. BSR
Correct Answer: C
Section: (none)
Explanation
Explanation:
Answer was A
Network applications that can function with unicast but are better suited for multicast include collaborative groupware,
teleconferencing, periodic or “push” data delivery (stock quotes, sports scores, magazines, newspapers, and
advertisements), server or website replication, and distributed interactive simulation (DIS) such as war simulations or virtual
reality. Any IP network concerned with reducing network resource overhead for one-to-many or many-to-many data or
multimedia applications with multiple receivers benefits from multicast
Should be D
In actual application, many receivers with multiple SPTs are involved in a multicast traffic flow. To illustrate the process, we track the
multicast traffic from the RP router to one receiver. In such a case, the RP router begins sending multicast packets down the RPT
toward the receiver’s DR for delivery to the interested receivers. When the receiver’s DR receives the first packet from the RPT, the DR
sends a PIM join message toward the source DR to start building an SPT back to the source. When the source DR receives the PIM
join message from the receiver’s DR, it starts sending traffic down all SPTs. When the first multicast packet is received by the
receiver’s DR, the receiver’s DR sends a PIM prune message to the RP router to stop duplicate packets from being sent through the
RPT. In turn, the RP router stops sending multicast packets to the receiver’s DR, and sends a PIM prune message for this source over

the RPT toward the source DR to halt multicast packet delivery to the RP router from that particular source.
QUESTION 168
Which statement is true about MVRP?
A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maps multiple independent spanning-tree instances onto one physical topology.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.
Correct Answer: B
Section: (none)
Explanation
Explanation:
Was A should be B
Multiple VLAN Registration Protocol (MVRP) is used to manage dynamic VLAN registration in Carrier Ethernet network. You can use
MVRP on MX Series routers or on EX Series switches.
MVRP is disabled by default on MX Series routers and EX Series switches.
QUESTION 169
Which statement is true about LLDP?
A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maintains a separate spanning-tree instance for each VLAN.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.
Correct Answer: D
Section: (none)
Explanation
Explanation:

Was C but should be D
LLDP (Link Layer Discovery Protocol) is defined in IEEE 802.1AB as a layer 2 protocol which facilitates network and neighbor
discovery. Neighbor discovery is made possible through advertisements sent by each network device participating in LLDP.
Advertisements are sent by LLDP-enabled devices to identify themselves and to announce their capabilities to neighboring devices.
LLDP is somewhat comparable in purpose to Cisco’s CDP. LLDP will operate on both Layer 2 and Layer 3 interfaces. Also for
operability of the protocol, it doesn't matter whether the port is a trunk port or an access port as the LLDP frames are untagged. This
behavior helps the protocol build the network topology regardless of specific configuration parameters assigned to the port
QUESTION 170
Which CoS feature avoids congestion in a device by limiting traffic on ingress interfaces?
A. rewrite rule
B. scheduler
C. drop profile
D. policer
Correct Answer: D
Section: (none)
Explanation
Explanation:
Answer was A
Rewrite Rules
Rewrite rules change the marking of packets based on the forwarding class and loss priority combination as they egress the router.By default, J-series routers will
not change the DSCP/precedence fields of forwarded packets.
Depending on the protocol, the DSCP, IP Precedence, MPLS EXP, 802.1p, DSCP for IPv6 traffic, and Frame Relay discard eligible (DE) bits can be modified.It is
also possible to apply more than one classifier to the same egress queue/drop priority combination whenever the egress packet stacks more than one protocol.For
example, packets exiting a VLAN tagged interface can have both their DSCP and 802.1p bits changed simultaneously.Not every packet encapsulation allows all
possible rewrites.For example, the 802.1p bits can be changed only when the egress packet is a VLAN tagged packet, and the Frame Relay DE bit can only be set
(or unset) for Frame Relay packets.
Configuration consists of defining the bit values to be written (or alias name if an alias has been defined) for each particular forwarding class and drop priority
combination.
But should be D

Policing
Policing refers to the ability of a router to measure data rates and, based on this measurement, to either drop or reclassify the traffic.
J-series routers support single-rate policers that can be applied to traffic matching a particular ingress/egress filter.After MF classification is performed, it is possible
to instruct a J-series router to measure the rate of the traffic matching the classifier, and either drop or change the forwarding class, or drop the priority of the
packet if the measured rate exceeds a configurable threshold.
In simple terms, policers allow the establishment of a data rate, which, if exceeded, results in traffic being either reclassified or dropped.In order to measure traffic
rates, it is important to determine a measurement interval (or burst limits, as we shall see shortly).Traffic always egresses an interface at line rate.To send traffic at
a “lower speed,” bursts have to be followed by idle periods, resulting in an average transmit rate lower than the line rate.
QUESTION 171
R1 and R2 are ASBRs in the same area, each with an equal cost external path to the same external network prefix. R1 advertises an external route into OSPF with
a Type 1 metric. R2 advertises an external route into OSPF with a Type 2 metric.
Which route would be preferred?
A. R1's route is preferred because Type 1 metrics take into account the external cost only.
B. R1's route is preferred because Type 1 metrics take into account the internal and external cost.
C. R2's route is preferred because Type 2 metrics take into account the internal and external cost.
D. R2's route is preferred because Type 2 metrics take into account the external cost only.
Correct Answer: D
Section: (none)
Explanation
Explanation:
The configured metric determines the method used to compute the cost to a destination:
The Type 1 external metric is equivalent to the link-state metric. The path cost uses the advertised external path cost and the path cost
to the AS boundary router (the route is equal to the sum of all internal costs and the external cost).
The Type 2 external metric uses the cost assigned by the AS boundary router (the route is equal to the external cost alone). By default,
OSPF uses the Type 2 external metric.
QUESTION 172

Referring to the exhibit, which LSA type will Router R2 inject into Area 1?
A. Type 3 LSA
B. Type 4 LSA
C. Type 5 LSA
D. Type 7 LSA
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 173
user@R2# show
area 0.0.0.6 {
nssa {

default-lsa default-metric 10;
area-range 184. 23. 12. 0/24;
interface ge-1/1/4;
user@R2# show ospf database
Router *192.168.0.2 192.168.0.2 0x80000004 749 0x22 0x87c2 60
Router 192.168.0.3 192.168.0.3 0x80000004 399 0x22 0x94b5 60
Summary *10.0.0.0 192.168.0.2 0x80000003 19 0x22 0xe2e4 28
Summary *192.168.0.1 192.168.0.2 0x80000002 1100 0x22 0xbda7 28
Router 192.168.0.1 192.168.0.1 0x80000004 404 0x20 0x76db 60
Router *192.168.0.2 192.168.0.2 0x80000003 1802 0x20 0x319b 48
Summary *11.0.0.0 192.168.0.2 0x80000002 2504 0x20 0xf5d3 28
Summary *192.168.0.2 192.168.0.2 0x80000003 2153 0x20 0xc5a0 28
Summary *192.168.0.3 192.168.0.2 0x80000002 398 0x20 0xc79d 28
NSSA *0.0.0.0 192.168.0.2 0x80000001 11 0x20 0xcbf1 36

NSSA 184.23.12.0 192.168.0.1 0x80000002 447 0x28 0xb93f 36
OSPF AS SCOPE link state database
Extern *184.23.12.0 192.168.0.2 0x80000003 11 0x22 0x28d6 36
Referring to the exhibit, which two statements are correct? (Choose two.)
A. R2 injects a Type 3 LSA for 184.23.12.0/24 into the backbone.

B. R2 is an ABR.
C. R2 injects a Type 5 LSA for 184.23.12.0/24 into the backbone.
D. R2 is an ASBR.
Correct Answer: BC
Section: (none)
Explanation
Explanation:
QUESTION 174

Referring to the exhibit, which type of LSA will be seen on router A for routes originating in Customer A's network?
A. Type 7 LSA
B. Type 2 LSA
C. Type 5 LSA
D. Type 1 LSA
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 175
You are asked to configure graceful restart in your network.
Which OSPF LSA type would you expect to see in the LSDB?
A. Type 8
B. Type 9
C. Type 10
D. Type 11
Correct Answer: B
Section: (none)
Explanation
Explanation:
Graceful Restart in OSPF

To understand how GR is implemented in Open Shortest Path First (OSPF), let’s first analyze the basics of OSPF protocol
communications. Neighbor adjacency between two OSPF speaking routers is formed by exchanging OSPF Hello messages. After the
initial Hello messages, OSPF passes through several states and then establishes full neighbor adjacencies. OSPF advertises routing
information using link-state update messages called link-state advertisements (LSAs). For normal routing, OSPF uses standard LSAs.
With the integration of MPLS traffic engineering and GR into OSPF, opaque LSAs were created to carry information for these protocol
extensions. Depending on the scope of advertisement, these LSA updates can be link-local, area-wide, or across the entire OSPF

domain, which is LSA type 9, 10, or 11, respectively. Because GR involves communication between a router and its direct neighbors, it
is implemented using link-local scope messages.
Grace (type 9) LSAs negotiate and exchange restart information between OSPF neighbors. The information relevant to the restarting
event is carried in the body of the message using the type, length, value (TLV) system:
Type (two octets):
1 (grace period)
2 (restart reason)
3 (interface IP address)
Length (two octets):
Grace period (four octets)
Restart reason (one octet)
Interface IP address (four octets)
Value (open)
QUESTION 176
user@R2# show
area 0.0.0.3 {
stub default-metric 10 no-summaries;
Referring to the output in the exhibit, which statement is true?
A. R2 is an ABR and will send a Type 7 LSA 0/0 route down into the nonbackbone area.
B. R2 is an ABR and will send a Type 3 LSA 0/0 route down into the nonbackbone area.
C. R2 will not send a Type 3 LSA 0/0 route into the nonbackbone area.
D. R2 will add a metric cost of 10 to the existing metric of a 0/0 route it receives from the backbone area and then send it into the nonbackbone area in a Type 5
LSA.
Correct Answer: B

Section: (none)
Explanation
Explanation:
QUESTION 177
user@router> show ospf route
Topology default Route Table:
Prefix Path Route NH Metric NextHop Nexthop

Type Type Type Interface addr/label
192.168.1.0/24 Intra Network IP 10 ge-0/0/1.0
Which two configurations result in the output shown in the exhibit? (Choose two.)
A. [edit protocols ospf]

user@router# show
reference-bandwidth 10g;
area 0.0.0.0 {
}
B. [edit protocols ospf]
user@router# show
reference-bandwidth 1g;
area 0.0.0.0 {
}
C. [edit protocols ospf]
user@router# show
reference-bandwidth 1m;
area 0.0.0.0 {
metric 10;
}
}
D. [edit protocols ospf]

user@router# show
reference-bandwidth 100m;
area 0.0.0.0 {
}
Correct Answer: AC
Section: (none)
Explanation
Explanation:
Was just A should be A and C
Set the reference bandwidth used in calculating the default interface cost. The cost is calculated using the following formula:
cost = ref-bandwidth/bandwidth
Configure the metric of the OSPF network segment.

[edit protocols ospf area 0.0.0.0 ]user@host# set interface fe-1/0/1 metric 5
show (ospf | ospf3) route Output Fields

Field Name
Field Description
Output Level
Topology
Name of the topology.
All levels
Prefix
Destination of the route.
All levels
Path type
How the route was learned:
Inter—Interarea route
Ext1—External type 1 route

Ext2—External type 2 route
Intra—Intra-area route
All levels
Route type
The type of routing device from which the route was learned:
AS BR—Route to AS border router.
Area BR—Route to area border router.
Area/AS BR—Route to router that is both an Area BR and AS BR.
Network—Network router.
Router—Route to a router that is neither an Area BR nor an AS BR.
Transit—(OSPFv3 only) Route to a pseudonode representing a transit network, LAN, or nonbroadcast multiaccess (NBMA) link.
Discard—Route to a summary discard.
All levels
NH Type
Next-hop type: LSP or IP.
All levels
Metric
Route's metric value.
All levels
NH-interface
(OSPFv3 only) Interface through which the route's next hop is reachable.
All levels
NH-addr
(OSPFv3 only) IPv6 address of the next hop.
All levels
NextHop Interface
(OSPFv2 only) Interface through which the route's next hop is reachable.
All levels
Nexthop addr/label
(OSPFv2 only) If the NH Type is IP, then it is the address of the next hop. If the NH Type is LSP, then it is the name of the label-
switched path.
All levels
Area
Area ID of the route.
detail

Origin
Router from which the route was learned.
detail
Type 7
Route was learned through a not-so-stubby area (NSSA) link-state advertisement (LSA).
detail
P-bit
Route was learned through NSSA LSA and the propagate bit was set.
detail
Fwd NZ
Forwarding address is nonzero. Fwd NZ is only displayed if the route is learned through an NSSA LSA.
detail
optional-capability
Optional capabilities propagated in the router LSA. This field is in the output for intra-area router routes only (when Route Type is Area
BR, AS BR, Area/AS BR, or Router), not for interarea router routes or network routes. Three bits in this field are defined as follows:
0x4 (V)—Routing device is at the end of a virtual active link.
0x2 (E)—Routing device is an autonomous system boundary router.
0x1 (B)—Routing device is an area border router.
detail
priority
The priority assigned to the prefix:
high
medium
low
Note: The priority field applies only to routes of type Network.
user@host> show ospf route detail

Topology default Route Table:

10.255.14.174 Inter AS BR IP 210 t1-3/0/1.0
area 0.0.0.2, origin 10.255.14.185
10.255.14.178 Intra Router IP 200 t3-3/1/3.0
area 0.0.0.2, origin 10.255.14.178, optional-capability 0x0
10.210.1.0/30 Intra Network IP 10 t3-3/1/2.0

area 0.0.0.2, origin 10.255.14.172, priority medium
100.1.1.1/32 Inter Network IP 210 t1-3/0/1.0
area 0.0.0.2, origin 10.255.14.185, priority low
112.3.1.0/24 Ext2 Network IP 0 t1-3/0/1.0
area 0.0.0.0, origin 10.255.14.174, priority high
200.3.3.0/30 Inter Network IP 220 t1-3/0/1.0
area 0.0.0.2, origin 10.255.14.185, priority high
show ospf route

user@host> show ospf route
10.255.71.12 Intra Router IP 1 fe-0/0/2.0 192.16.22.86
10.255.71.13/32 Intra Network IP 0 lo0.0
192.168.222.84/30 Intra Network LSP 1 fe-0/0/2.0 lsp-ab
QUESTION 178

Referring to the exhibit, you must ensure that traffic to the 2001:10:5::/64 network leaves AS 2 through R3.
Given that all BGP attributes are at their default, how would you accomplish this task?
A. On R1, configure a MED of 50 for the 2001:10:5::/64 route.

B. On R2, configure a MED of 50 for the 2001:10:5::/64 route.
C. On R3, configure a MED of 50 for the 2001:10:5::/64 route.
D. On R4, configure a MED of 50 for the 2001:10:5::/64 route.
Correct Answer: B
Section: (none)
Explanation

Explanation:
Not sure this is the correct exhibit
QUESTION 179
On AS1, which two attributes are used to influence inbound traffic from the other ASs shown in the exhibit? (Choose two.)
A. AS path
B. MED
C. local preference

D. origin
Correct Answer: AB
Section: (none)
Explanation
Explanation:
Answer was A and D changed to A and B
Inbound/Outbound Traffic Tuning

If a site advertises an IP prefix out two or more Internet circuits homed to different ISPs, it is highly unlikely that
there will be a perfect balance of inbound traffic across all circuits. Inbound traffic may come from anywhere in
the worldwide Internet. If a source host is on the same ISP network as the site’s Internet circuit, the traffic will
remain on that ISP’s network and come in on the corresponding circuit. Sources that are more distant may use
a path that is determined by the best ISP peering arrangement (shortest AS path).
To influence inbound traffic, the MED attribute can be used Note that the MED attribute
is nontransitive and will not be passed through to other Autonomous Systems. Another option is AS-path
prepending, where the AS path is made artificially longer to cause a path to be less-preferred. AS path
prepending adds one or more extra AS numbers that will be added to the cumulative AS-path information
passed to peers.
QUESTION 180
[edit policy-options] user@router# show
policy-statement LB {
term 1 {
then {
load-balance per-packet;

}
Two routers are joined by redundant BGP connections. You want to load-balance traffic across these links, and have configured the policy shown in the exhibit on
each device.
Which configuration, applied on each device, correctly applies the policy to accomplish this task?
A. [edit protocols bgp group LB]

02c40561-c381-4dde-a057-56f8f78c8ee1
uesr@router# show
type external;
import LB;
peer-as <peer_as>;
neighbor <neighbor>;
B. [edit protocols bgp group LB]
uesr@router# show
type external;
export LB;
peer-as <peer_AS>;
neighbor <neighbor>;
C. [edit]
aggregate {
route 0.0.0.0/0 policy LB;
}
D. [edit]
forwarding-table {
export LB;
}
Correct Answer: D
Section: (none)
Explanation
Explanation:

QUESTION 181
user@router>show route advertising-protocol bgp 172.16.36.1
inet. 0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref ASpath
* 10.200.17.0/24 Self I
* 10.200.19.0/24 Self I
Referring to the exhibit, which three actions would summarize these routes to a BGP peer? (Choose three.)
A. Create a policy that accepts the more specific contributing routes.

B. Create a route to 10.200.16.0/21 with a next hop of 172.16.36.1 under the [edit routing-options static] hierarchy.
C. Create a policy that rejects the more specific contributing routes.
D. Create a policy to accept aggregate routes.
E. Create a 10.200.16.0/22 route under the [edit routing-options aggregate] hierarchy.

Correct Answer: CDE
Section: (none)
Explanation
Explanation:
QUESTION 182
AS4 is using the default path to get to AS1. This path is not modified by any of the ASs shown in the exhibit. AS1 wants to influence this path so that traffic from
AS4 comes through AS3.

Where do you apply the policy shown in the exhibit?
A. AS1
B. AS2
C. AS3
D. AS4
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 183
user@R1> show pim join extensive
Instance: PIM. master Family: INET
Group: 224.50.50.50
Source: *
RP: 10.100.100.10
Flags: sparse,rptree,wildcard
Upstream interface: ge-0/0/10.0
Upstream neighbor: 172. 28. 55. 5
Upstream state: Join to RP
Uptime: 00:00:10

Interface: ge-0/0/2. 0
172.28.57.5 State: Join Flags: SRW Timeout: 209
Group: 224.50.50.50
Source: 10.100.10.10
Flags: sparse,spt
Upstream interface: ge-0/0/6. 0
Upstream state: Join to Source, Prune to RP
Uptime: 00:00:10
Interface: ge-0/0/2. 0
172.18.57.5 State: Join Flags: S Timeout: 209
Referring to the output shown in the exhibit, which three statements are true about the PIM implementation on R1? (Choose three.)
A. R1 is receiving multicast traffic over the RPT.

B. R1 is receiving multicast traffic over the SPT.
C. Interface ge-0/0/10 provides the shortest path to the source.
D. The multicast stream flows from 10.100.10.10 to 172.18.57.5.
E. Interface ge-0/0/6 provides the shortest path to the source.
Correct Answer: BDE

Section: (none)
Explanation

Explanation:
Source: 10.100.10.10
Flags: sparse,spt
Upstream interface: ge-0/0/6. 0
QUESTION 184
Which two statements are true about the configuration shown below? (Choose two.)
[edit routing-options multicast]
user@router# show
ssm-groups 227.0.0.0/24;
asm-override-ssm;
A. It allows SSM operations in only the 227.0.0.0/24 range.

B. It allows SSM operations in the 227.0.0.0/24 range and the dedicated range.
C. It allows only ASM operations in the dedicated SSM range.
D. It allows both ASM and SSM operations in the dedicated SSM range.
Correct Answer: BD
Section: (none)
Explanation
Explanation:

QUESTION 185
Referring to the exhibit, USER1 wants to only receive multicast traffic for group 225.0.0.1 and USER2 wants to only receive multicast traffic for group 225.0.0.2.
Both users are connected to an EX Series switch and are receiving unwanted multicast traffic.
What will resolve the problem?
A. Create IGMP static groups with the exclude parameter

B. Enable theIGMP immediate-leave parameter
C. Use PIM sparse modeinstead of PIM dense mode
D. Enable IGMP snooping
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 186
You are configuring PIM-SM for your network, and want to use a statically configured RP.
What are two ways to accomplish this task? (Choose two.)
A. [edit protocols pim]

uesr@router# show
rp {
static {
address 10. 10. 10. ;
}
}
interface ge-0/0/0. 0 {
mode sparse;
}
mode sparse;
}
interface lo0. 0 {
mode sparse;
}
B. [edit protocols pim]
user@router# show
rp {
local {
address 223.0.0.1;
}
}
interface lo0. 0;
C. [edit protocols pim]
user@router# show
rp {
static {
address 10.10.10. {
group-ranges {
224.0.0.0/4;
}
}
}
}
interface all {
mode sparse;
}
D. [edit protocols pim]
user@router# show

rp {
local {
address 10.10.10. ;
group-ranges {
233.0.0.0/8;
}
}
}
version 1;
}
version 1;
}
interface lo0.0 {
version 1;
}
Correct Answer: BD
Section: (none)
Explanation
Explanation:

QUESTION 187
You are configuring PIM-SM for your network, and want to use a statically configured RP.
What are two ways to accomplish this task? (Choose two.)
A. [edit protocols pim]

uesr@router# show
rp {
static {
address 10. 10. 10. ;
}
}
mode sparse;
}

mode sparse;
}
interface lo0. 0 {
mode sparse;
}
B.
[edit protocols pim]
user@router# show
rp {
local {
address 223.0.0.1;
}
}
interface lo0. 0;
C. [edit protocols pim]
user@router# show
rp {
static {
address 10.10.10. {
group-ranges {
224.0.0.0/4;
}
}
}
}
interface all {
mode sparse;
}
D. [edit protocols pim]
user@router# show
rp {
local {
address 10.10.10. ;
group-ranges {
233.0.0.0/8;
}
}
}

version 1;
}
version 1;
}
interface lo0.0 {
version 1;
}
Correct Answer: BD
Section: (none)
Explanation
Explanation:
http://www.juniper.net/techpubs/en_US/junos13.3/topics/topic-map/mcast-static-rp.html

QUESTION 188
Which two statements are correct about L2PT? (Choose two.)
A. L2PT requires 802.1Q tunneling enablement to effectively tunnel L2 protocols.

B. 802.1Q tunnels all L2 protocols by default.
C. L2PT encapsulates L2 PDUs by enabling the ingress switch to rewrite the PDUs' source MAC addresses before forwarding them onto the service provider
network.
D. You cannot enable L2PT and VLAN translation on the same VLAN.
Correct Answer: AD
Section: (none)
Explanation

Explanation:
http://www.juniper.net/techpubs/en_US/junos13.2/topics/concept/l2pt-qfx-series.html
QUESTION 189
Two PCs are attached to a hub, which is attached to port ge-0/0/0 on your EX Series switch. You must separate the incoming traffic from the PCs into two VLANs.

What should you use to accomplish this task?
A. dynamic VLAN registration with MVRP

B. private VLAN
C. filter-based VLAN
D. guest VLAN

Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 190
You are asked to implement a filter-based VLAN assignment. You have created the firewall filter and must apply this filter to the incoming interface.
Where must this filter be applied?
A. to the access interface configuration

B. to the interface under the primary VLAN assignment
C. to the interface under the secondary VLAN assignment
D. to the trunk interface configuration
Correct Answer: A
Section: (none)
Explanation

Explanation:
QUESTION 191
{master:0}[edit]
v200 {
vlan-id 200;
interface {
ge-0/0/7. 0;
ge-0/0/8. 0;
dot1q-tunneling {
customer-vlans [ 11 12 ];

layer2-protocol-tunneling {
all {
drop-threshold 800;
shutdown-threshold 700;
Referring to the exhibit, you are attempting to configure L2PT for VLAN v200 but the configuration will not commit.
Which three configuration statements would resolve the problem? (Choose three.)
A. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 600

B. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all shutdown-threshold 600
C. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all shutdown-threshold 900
D. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 700
E. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 900
Correct Answer: ACD

Section: (none)
Explanation
Explanation:

QUESTION 192
[edit]
user@switch# commit
error: Trunk interface <ge-0/0/10.0> can not be member of both dot1q-tunneling enabled vlan <cust-1>, and a non dot1q-tunneled vlan <v11> when dot1q-tunneling
ethernet-type is not <0x8100>
error: configuration check-out failed
When you try to commit your 802.1Q tunneling configuration, you receive the error shown in the exhibit.
Which configuration statement will allow the configuration to commit?
A. set vlans cust-1 interface ge-0/0/10 egress

B. set interfaces ge-0/0/10 ether-options mdi-mode auto
C. set vlans v11 dot1q-tunneling customer-vlans native
D. set ethernet-switching-options dot1q-tunneling ether-type 0x8100
Correct Answer: D
Section: (none)
Explanation
Explanation:

QUESTION 193
[edit protocols vstp]
'vlan all'
Cannot configure VSTP on all VLANs when more than 253 VLANs are configured. Configure vstp vlan-group along with STP or RSTP to cover all VLANs
[edit protocols]
'vstp'
Failed to configure vstp on all vlans
error: configuration check-out failed
What are two reasons for the commit error shown in the exhibit? (Choose two.)
A. The set protocols vstp vlan all configuration is not supported.

B. There are more than 253 VLANs configured on the switch.
C. MSTP is not configured with VSTP.
D. STP or RSTP is not configured along with VSTP on the switch.
Correct Answer: BD
Section: (none)
Explanation
Explanation:
QUESTION 194
Which two statements are correct about MSTP? (Choose two.)
A. It allows you to preprovision VLAN IDs to spanning tree instances.

B. It provides a more scalable solution than VSTP.
C. It is not supported when using MVRP.
D. It allows you to use VLAN groups to simplify configuration tasks when groups of VLANs use the same parameters.

Correct Answer: AB
Section: (none)
Explanation
Explanation:

QUESTION 195

user@switch> show spanning-tree bridge
Context ID : 0
Enabled protocol : MSTP
STP bridge parameters for CIST
Root ID : 32768. 00:19:e2:55:1a:01
Root cost : 0
Root port : ge-0/0/10.0
CIST regional root : 32768. 00:19:e2:55:1a:01
CIST internal root cost : 20000
Hop count : 19
Message age : 0
Time since last topology change : seconds
Topology change initiator : ge-0/0/10.0
Topology change last recvd. from : 00:19:e2:55:24:8c
Local parameters
Bridge ID : 32768. b0:c6:9a:73:27:90

STP bridge parameters for MSTI 1
MSTI regional root : 4097. b0:c6:9a:73:27:90
Topology change last recvd. from : b0:c6:9a:73:39:81
Local parameters
Bridge ID : 4097. b0:c6:9a:73:27:90
Root cost : 20000
Root port : ge-0/0/1.0

Hop count : 19
Local parameters
Bridge ID : 8194. b0:c6:9a:73:27:90
Referring to the exhibit, which two statements are correct about the MSTP configuration? (Choose two.)
A. The local switch is not the root bridge for MSTI 1.

B. The local switch is the root bridge for MSTI 1.
C. The local switch is the root bridge for MSTI 2.
D. The local switch is not the root bridge for MSTI 2.
Correct Answer: BD
Section: (none)
Explanation
Explanation:
QUESTION 196
ser@switch-1> show spanning-tree bridge

Context ID : 0
...
Time since last topology change : 42 seconds
Local parameters
Bridge ID : 4097. b0:c6:9a:73:27:90

Local parameters
Bridge ID : 8194. b0:c6:9a:73:27:90
user@switch-1> show spanning-tree mstp configuration
MSTP information
Region name : my-mstp-config
Revision : 1
Configuration digest : 0x91ee8012e6851d931adae71da4060690
MSTI Member VLANs
0 0,400-4094
1 1-199
2 200-399
user@switch-2> show spanning-tree bridge

Context ID : 0
...
Topology change initiator : ge-0/0/9. 0
Local parameters
Bridge ID : 8193. b0:c6:9a:73:39:90

Topology change initiator : ge-0/0/9. 0
Topology change last recvd. from : 00:19:e2:55:24:8d
Local parameters
Bridge ID : 4098. b0:c6:9a:73:39:90
user@switch-2> show spanning-tree mstp configuration
MSTP information
Region name : my-mstp-config
Revision : 10
Configuration digest : 0x91ee8012e6851d931adae71da4060690
MSTI Member VLANs
0 0,400-4094
1 1-199
2 200-399
A colleague recently implemented MSTP in your Layer 2 network and is having trouble determining why it is not working properly. You are asked to review the

outputs provided in the exhibit to determine the cause.
Referring to the exhibit, what is causing the issue?
A. The region name is configured the same on both devices.

B. The VLAN mapping is configured incorrectly.
C. The MSTP revision is configured incorrectly.
D. The bridge priority has notbeen configured correctly.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 197
You are asked to set up 802.1X port authentication for all access ports on your EX Series switch. You must ensure that only one user is allowed to authenticate per
port and all other attempts are denied.
Which supplicant mode must be used?
A. single mode
B. single-secure mode
C. default mode
D. multiple mode
Correct Answer: B
Section: (none)
Explanation
Explanation:
802.1x Port-Based Network Access Control (PNAC) authentication on EX Series switches provides three types of authentication to
meet the access needs of your enterprise LAN:
Authenticate the first end device (supplicant) on an authenticator port, and allow all others also connecting to have access.
Authenticate only one end device on an authenticator port at one time.

Authenticate multiple end devices on an authenticator port. Multiple supplicant mode is used in VoIP configurations.
QUESTION 198
Your company uses 802.1X to authenticate your users. You want to provide access to the Internet when users cannot authenticate on the RADIUS server or when
the RADIUS server becomes unreachable.
Which two methods accomplish this goal? (Choose two.)
A. using a captive portal

B. using a server fail fallback
C. using MAC RADIUS
D. using a guest VLAN
Correct Answer: BD
Section: (none)
Explanation
Explanation:
Server fail fallback allows you to specify how end devices connected to the switch are supported if the RADIUS authentication server
becomes unavailable or sends a RADIUS access-reject message.
802.1X and MAC RADIUS authentication work by using an authenticator port access entity (the EX Series switch) to block all traffic
to and from an end device at the interface until the end device's credentials are presented and matched on the authentication server
(a RADIUS server). When the end device has been authenticated, the switch stops blocking and opens the interface to the end device.
When you set up 802.1X or MAC RADIUS authentication on the switch, you specify a primary authentication server and one or more
backup authentication servers. If the primary authentication server cannot be reached by the switch and the secondary authentication
servers are also unreachable, a RADIUS server timeout occurs. Because the authentication server grants or denies access to the end
devices awaiting authentication, the switch does not receive access instructions for end devices attempting access to the LAN and
normal authentication cannot be completed. Server fail fallback allows you to configure authentication alternatives that permit the
switch to take appropriate actions toward end devices awaiting authentication or reauthentication.
Guest VLANs can be configured on switches that are using 802.1X authentication to provide limited access—typically only to the
Internet—for:
Corporate guests

End devices that are not 802.1X-enabled
Nonresponsive end devices when MAC RADIUS authentication has not been configured on the switch interfaces to which the hosts
are connected
A guest VLAN is not used for supplicants sending incorrect credentials. Those supplicants are directed to the server-reject VLAN
instead.
For end devices that are not 802.1X-enabled, a guest VLAN can allow limited access to a server from which the non-802.1X-enabled
end device can download the supplicant software and attempt authentication again.
A guest VLAN is not used when MAC RADIUS authentication has been configured on the switch interfaces to which the hosts are
connected. Some end devices, such as a printer, cannot be enabled for 802.1X. The hosts for such devices should be connected to
switch interfaces that are configured for MAC RADIUS authentication. See Configuring MAC RADIUS Authentication (CLI Procedure).
QUESTION 199
user@switch> show configuration access
radius_server {
10.1.1.252 {
port 1812;
secret "$9$7gdwgGDkTz6oJz69A1INdb"; ## SECRET-DATA
profile radius_server {
authentication-order password;
radius {
authentication-server 10.1.1.252;
user@switch> show configuration protocols dot1x

authenticator {
ge-0/0/17. 0 {
user@switch> show configuration vlans
Sales_VLAN {
vlan-id 123;
user@switch> show configuration interfaces ge-0/0/17
unit 0 {
port-mode access;
You are asked to place employees that are in the sales group into their own VLAN called Sales_VLAN with a VLAN ID of 123 on port ge-0/0/17. The VLAN must be
assigned dynamically. After trying an initial configuration, you see that users in the sales group are not assigned to the Sales_VLAN.
Referring to the exhibit, which two configuration statements are needed on the EX Series switch to
resolve this problem? (Choose two.)
A. set access profile radius_server authentication-order radius

B. set vlans Sales_VLAN interface ge-0/0/17. 0
C. set interfaces ge-0/0/17. 0 family ethernet-switching vlan members Sales_VLAN

D. set protocols dot1x authenticator authentication-profile-name radius_server
Correct Answer: AD
Section: (none)
Explanation
Explanation:

QUESTION 200
A non-802.1X printer is connected to ge-0/0/0 on an EX Series switch.
Which configuration statement will authenticate the device against an authentication server?
A. set protocols dot1x authenticator static 22:22:22:22:22:22 interface ge-0/0/0

B. set protocols dot1x authenticator interface ge-0/0/0 supplicant single
C. set protocols dot1x authenticator interface ge-0/0/0 mac-radius restrict
D. set protocols dot1x authenticator interface ge-0/0/0 disable
Correct Answer: C
Section: (none)
Explanation
Explanation:
To permit hosts that are not 802.1X-enabled to access the LAN, you can configure MAC RADIUS authentication on the switch
interfaces to which the non-802.1X-enabled hosts are connected. When MAC RADIUS authentication is configured, the switch will
attempt to authenticate the host with the RADIUS server using the host’s MAC address.
IEEE 802.1X Port-Based Network Access Control (PNAC) authenticates and permits devices access to a LAN if the devices can
communicate with the switch using the 802.1X protocol (are 802.1X-enabled). To permit non-802.1X-enabled end devices to access
the LAN, you can configure MAC RADIUS authentication on the interfaces to which the end devices are connected. When the MAC
address of the end device appears on the interface, the switch consults the RADIUS server to check whether it is a permitted MAC
address. If the MAC address of the end device is configured as permitted on the RADIUS server, the switch opens LAN access to the
end device.
You can configure both MAC RADIUS authentication and 802.1X authentication methods on an interface configured for multiple
supplicants. Additionally, if an interface is only connected to a non-802.1X-enabled host, you can enable MAC RADIUS and not enable
802.1X authentication using the mac-radius restrict option, and thus avoid the delay that occurs while the switch determines that the
device is does not respond to EAP messages
QUESTION 201
An emergency Class 3 IP phone is connected to an EX Series switch. You want to ensure that the IP phone does not have any problems if PoE power demands on
the switch are greater than the PoE power budget.

What should you do to accomplish this task?
A. You must connect the IP phone into one of the ports from ge-0/0/0 to ge-0/0/7.
B. Set the power class on the PoE interface to 3.
C. Set the PoE priority to high.
D. Enable the guard-band parameter.
Correct Answer: C
Section: (none)
Explanation
Sets the priority of individual ports. When it is not possible to maintain power to all connected ports, lower-priority ports are powered off
before higher priority ports. When a new device is connected on a higher-priority port, a lower-priority port will be powered off
automatically if available power is insufficient to power on the higher-priority port. Note that for ports with the same priority
configuration, ports on the left are given higher priority than the ports on the right.

Juniper - Actualtest.jn0 643.vv2014!11!11.by - dd.201q

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Juniper - Actualtest.jn0 643.vv2014!11!11.by - dd.201q

Transféré par

Droits d'auteur :

Formats disponibles

Juniper.Actualtest.JN0-643.v2014-11-11.by-DD.

Exam Code: JN0-643

Exam Name: Enterprise Routing and Switching, Professional (JNCIP-ENT)

Missing exhibits Q 107, 116, 117, 120,123,125,130,132,135, 139,140, 141, 185

www.vceplus.com - Website designed to help IT pros advance their careers.

www.vceplus.com - Website designed to help IT pros advance their careers.

Which Junos command can help verify connectivity in the network?

Fallback of Authentication Methods

www.vceplus.com - Website designed to help IT pros advance their careers.

Which protocol meets this requirement?

www.vceplus.com - Website designed to help IT pros advance their careers.

Which command allows this access?

www.vceplus.com - Website designed to help IT pros advance their careers.

www.vceplus.com - Website designed to help IT pros advance their careers.

Which 802.1X authentication protocol is required?

www.vceplus.com - Website designed to help IT pros advance their careers.

www.vceplus.com - Website designed to help IT pros advance their careers.

Which type of classifier is needed?

A. code point alias

www.vceplus.com - Website designed to help IT pros advance their careers.

Correct Answer: ACD

www.vceplus.com - Website designed to help IT pros advance their careers.

Which spanning-tree approach has the least impact on control-plane performance?

www.vceplus.com - Website designed to help IT pros advance their careers.

www.vceplus.com - Website designed to help IT pros advance their careers.

www.vceplus.com - Website designed to help IT pros advance their careers.

Correct Answer: BCD

Configuring MSTP Regions

Which statement about this deployment is true?

A. All isolated ports must be configured as trunk ports.

www.vceplus.com - Website designed to help IT pros advance their careers.

www.vceplus.com - Website designed to help IT pros advance their careers.

What meets this requirement?

A. Bond two standard PoE ports together to achieve 30.8 W of power.

www.vceplus.com - Website designed to help IT pros advance their careers.

A. It has a value in the link ID field with R2's interface IP address.

Correct Answer: BCE

www.vceplus.com - Website designed to help IT pros advance their careers.

Answer was B, D and E

The OSPF Router LSA [LSA Type 1]

A. They have link-local scope.

There are two well-known scopes:

www.vceplus.com - Website designed to help IT pros advance their careers.

Answer was C/D

A. Apply an import policy to control leave group messages.

www.vceplus.com - Website designed to help IT pros advance their careers.

Responding To Group Membership Queries

class best-effort queue-num 0;

class critical queue-num 3;

class voice queue-num 6;

class call-sig queue-num 3;

A. Assign call-sig and critical to different schedulers.

www.vceplus.com - Website designed to help IT pros advance their careers.

www.vceplus.com - Website designed to help IT pros advance their careers.

A. ASBR summary LSA (Type 4)

www.vceplus.com - Website designed to help IT pros advance their careers.

A. MVRP can add VLANs on access interfaces.

www.vceplus.com - Website designed to help IT pros advance their careers.

How MVRP Works

A. The IP source guard database timeout was set too low.

www.vceplus.com - Website designed to help IT pros advance their careers.

A. set routing-options router-id 2001:1:2::1

How can you meet this requirement?