JN0 643.examcollection - Premium.exam.221q

JN0-643.examcollection.premium.exam.
221q
Number: JN0-643
Passing Score: 800
Time Limit: 120 min
File Version: 21.4
Exam code: JN0-643
Exam name: Enterprise Routing and Switching, Professional (JNCIP-ENT)
Version 21.4
JN0-643
QUESTION 1
Which connection method do OSPF routers use to communicate with each other?
A. IP protocol number 89
B. TCP port 179
C. UDP port 179
D. IP protocol number 6
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
QUESTION 2
Which statement is true about default BGP route redistribution behavior?
A. IBGP-learned routes are advertised only to other IBGP peers.

B. EBGP-learned routes are redistributed into any IGPs.
C. EBGP-learned routes are advertised only to other EBGP peers.
D. EBGP-learned routes are advertised to other IBGP and EBGP peers.
Correct Answer: D
Section: (none)
Explanation
QUESTION 3
In a PIM-SM network, which type of node helps to build a tree towards an unknown multicast source?
A. DIS
B. RP
C. DR
D. BSR
Correct Answer: B
Section: (none)
Explanation
QUESTION 4
Which statement is true about MVRP?
A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maps multiple independent spanning-tree instances onto one physical topology.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.
Correct Answer: B
Section: (none)
Explanation
http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/mvrp-mx-series- understanding.html
QUESTION 5
Which statement is true about LLDP?
A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maintains a separate spanning-tree instance for each VLAN.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.
Correct Answer: D
Section: (none)
Explanation
QUESTION 6
Which CoS feature avoids congestion in a device by limiting traffic on ingress interfaces?
A. rewrite rule
B. scheduler
C. drop profile
D. policer
Correct Answer: A
Section: (none)
Explanation
QUESTION 7
-- Exhibit
-- Exhibit --
Click the Exhibit button.
Which statement is true about the IPv6 network shown in the exhibit?
A. OSPFv2 must be configured to route IPv4 prefixes.

B. Areas 1 and 2 cannot be a stub or NSSA.
C. OSPFv3 can use MD5 authentication.
D. OSPFv3 can route IPv4 prefixes.
Correct Answer: D
Section: (none)
Explanation
QUESTION 8
-- Exhibit
-- Exhibit --
Referring to the exhibit, what is the shortest path from R6 to R5?
A. R6, R4, R2, R1, R3, R5

B. R6, R4, R2, R3, R5
C. R6, R4, R5
D. R6, R5
Correct Answer: D
Section: (none)
Explanation
QUESTION 9
R1 and R2 are ASBRs in the same area, each with an equal cost external path to the same external network prefix. R1 advertises an external route into OSPF with
a Type 1 metric. R2 advertises an external route into OSPF with a Type 2 metric.
Which route would be preferred?
A. R1's route is preferred because Type 1 metrics take into account the external cost only.
B. R1's route is preferred because Type 1 metrics take into account the internal and external cost.
C. R2's route is preferred because Type 2 metrics take into account the internal and external cost.
D. R2's route is preferred because Type 2 metrics take into account the external cost only.
Correct Answer: D
Section: (none)
Explanation
QUESTION 10
-- Exhibit
-- Exhibit --
Referring to the exhibit, which LSA type will Router R2 inject into Area 1?
A. Type 3 LSA
B. Type 4 LSA
C. Type 5 LSA
D. Type 7 LSA
Correct Answer: A
Section: (none)
Explanation
QUESTION 11
-- Exhibit --
[edit protocols ospf]
user@R2# show
area 0.0.0.6 {
nssa {
default-lsa default-metric 10;
area-range 184.23.12.0/24;
}
interface ge-1/1/4;
}

user@R2# show ospf database
OSPF database, Area 0.0.0.0

Type ID Adv Rtr Seq Age Opt Cksum Len
Router *192.168.0.2 192.168.0.2 0x80000004 749 0x22 0x87c2 60 Router 192.168.0.3 192.168.0.3 0x80000004 399 0x22 0x94b5 60 Summary *10.0.0.0
192.168.0.2 0x80000003 19 0x22 0xe2e4 28 Summary *192.168.0.1 192.168.0.2 0x80000002 1100 0x22 0xbda7 28

Router 192.168.0.1 192.168.0.1 0x80000004 404 0x20 0x76db 60 Router *192.168.0.2 192.168.0.2 0x80000003 1802 0x20 0x319b 48 Summary *11.0.0.0
192.168.0.2 0x80000002 2504 0x20 0xf5d3 28 Summary *192.168.0.2 192.168.0.2 0x80000003 2153 0x20 0xc5a0 28 Summary *192.168.0.3 192.168.0.2
0x80000002 398 0x20 0xc79d 28 NSSA *0.0.0.0 192.168.0.2 0x80000001 11 0x20 0xcbf1 36 NSSA 184.23.12.0 192.168.0.1 0x80000002 447 0x28 0xb93f 36
OSPF AS SCOPE link state database
Extern *184.23.12.0 192.168.0.2 0x80000003 11 0x22 0x28d6 36 -- Exhibit --
Referring to the exhibit, which two statements are correct? (Choose two.)
A. R2 injects a Type 3 LSA for 184.23.12.0/24 into the backbone.

B. R2 is an ABR.
C. R2 injects a Type 5 LSA for 184.23.12.0/24 into the backbone.
D. R2 is an ASBR.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 12
-- Exhibit
-- Exhibit --
Referring to the exhibit, which type of LSA will be seen on router A for routes originating in Customer A's network?
A. Type 7 LSA
B. Type 2 LSA
C. Type 5 LSA
D. Type 1 LSA
Correct Answer: C
Section: (none)
Explanation
QUESTION 13
Which statement is true regarding OSPF multi-area adjacencies?
A. A type 3 (stub) link is advertised for a multi-area adjacency.

B. Configuring a multi-area adjacency allows the corresponding link to be considered an interarea link, so it will be less preferred over an intra-area link.
C. One logical interface will be a primary link, and the other configured as a secondary link; the secondary link will be established as an unnumbered point-to-point
interface.
D. A DR and a BDR will be elected over the secondary interface, because it is not point-to-point.
Correct Answer: C
Section: (none)
Explanation
QUESTION 14
-- Exhibit
-- Exhibit --
Referring to the exhibit, which two statements are correct? (Choose two.)
A. Traffic destined for R2 will be blackholed.

B. Transit traffic will follow the R1-R2-R4 path.
C. Traffic destined for R2 will reach R2.
D. Transit traffic will follow the R1-R3-R4 path.
Correct Answer: CD
Section: (none)
Explanation
QUESTION 15
Which statement is true about using an OSPF import policy?
A. Import policies are not allowed in OSPF, applying the policy will do nothing.
B. Applying an import policy to OSPF may block normal LSA flooding.
C. Import policies are allowed only for external route types.
D. Applying this policy will cause a commit failure.
Correct Answer: C
Section: (none)
Explanation
QUESTION 16
Which statement is true regarding the SPF algorithm?
A. The SPF algorithm is run on a per-domain basis.

B. If you apply an import policy to OSPF, it keeps LSAs from being flooded, and the SPF calculation can be affected.
C. There are two databases used in the calculation, the link-state database and the tree database.
D. The SPF calculation is run on a per-area basis on each router.
Correct Answer: D
Section: (none)
Explanation
QUESTION 17
You are asked to configure graceful restart in your network.
Which OSPF LSA type would you expect to see in the LSDB?
A. Type 8
B. Type 9
C. Type 10
D. Type 11
Correct Answer: B
Section: (none)
Explanation
QUESTION 18
-- Exhibit
-- Exhibit --
Referring to the exhibit, which answer is correct?
A. R2 is the DR and R1 is the BDR.

B. R4 is the DR and R2 is the BDR.
C. R2 is the DR and R3 is the BDR.
D. R3 is the DR and R2 is the BDR.
Correct Answer: C
Section: (none)
Explanation
QUESTION 19
-- Exhibit --
user@router> show ospf database network extensive
OSPF link state database, area 0.0.0.1

Network 10.222.1.1 192.168.20.1 0x80000002 813 0x2 0x 32 mask 255.255.255.0
attached router 192.168.20.1
attached router 192.168.40.1
Aging timer 00:46:27
Installed 00:13:32 ago, expires in 00:46:27, sent 1w5d 01:07:09 ago
-- Exhibit --
Referring to the exhibit, which statement is true regarding the OSPF network LSA?
A. The ID field value shows the router ID of the advertising router.

B. The ID field is the local interface IP address from which the LSA will be advertised.
C. The options field indicates this is a Type 2 LSA.
D. The output shows that 192.168.20.1 is the designated router.
Correct Answer: D
Section: (none)
Explanation
QUESTION 20
-- Exhibit --
user@router> show log ospf
Sep 19 00:22:13.420315 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge-0/0/2.0 area 0.0.0.0
Sep 19 00:22:14.475671 OSPF periodic xmit from 14.0.0.1 to 224.0.0.5 (IFL 75 area 0.0.0.0) Sep 19 00:22:14.855490 OSPF periodic xmit from 12.0.0.1 to
224.0.0.5 (IFL 84 area 0.0.0.0) Sep 19 00:22:14.857304 OSPF packet ignoreD. no matching interface from 12.0.0.1, IFL 85 Sep 19 00:22:17.386726 OSPF packet
ignoreD. MTU mismatch from 11.0.0.2 on intf ge-0/0/2.0 area 0.0.0.0
Sep 19 00:22:20.855690 OSPF packet ignoreD. subnet mismatch from 10.0.0.2 on intf ge-0/0/1.0 area 0.0.0.0
Sep 19 00:22:20.856108 OSPF rcvd Hello 10.0.0.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 75 area 0.0.0.0) Sep 19 00:22:20.856177 Version 2, length 44, ID 10.0.0.2, area
0.0.0.0 Sep 19 00:22:20.856229 checksum 0x0, authtype 0
Sep 19 00:22:20.856299 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128 Sep 19 00:22:20.856352 dead_ivl 40, DR 0.0.0.0, BDR 0.0.0.0 Sep 19
00:22:21.752438 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge-0/0/2.0 area 0.0.0.0
Sep 19 00:22:22.013285 OSPF packet ignoreD. area mismatch (0.0.0.1) from 12.0.0.2 on intf ge- 0/0/4.0 area 0.0.0.0
0.0.0.1 Sep 19 00:22:22.013890 checksum 0xd51e, authtype 0
Sep 19 00:22:22.013944 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128 Sep 19 00:22:22.014012 dead_ivl 40, DR 12.0.0.2, BDR 0.0.0.0 Sep 19
00:22:22.016909 OSPF packet ignoreD. no matching interface from 12.0.0.2, IFL 85 Sep 19 00:22:22.434956 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0)
absorbed Sep 19 00:22:23.045916 OSPF periodic xmit from 12.0.0.1 to 224.0.0.5 (IFL 84 area 0.0.0.0) Sep 19 00:22:23.047959 OSPF packet ignoreD. no
matching interface from 12.0.0.1, IFL 85 Sep 19 00:22:23.309957 OSPF periodic xmit from 11.0.0.1 to 224.0.0.5 (IFL 83 area 0.0.0.0) Sep 19 00:22:23.528614
OSPF periodic xmit from 14.0.0.1 to 224.0.0.5 (IFL 75 area 0.0.0.0) Sep 19 00:22:25.772835 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge-
0/0/2.0 area 0.0.0.0
Sep 19 00:22:29.950015 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0) absorbed Sep 19 00:22:30.622112 OSPF packet ignoreD. MTU mismatch from 11.0.0.2
on intf ge-0/0/2.0 area 0.0.0.0
Sep 19 00:22:30.713279 OSPF packet ignoreD. subnet mismatch from 10.0.0.2 on intf ge-0/0/1.0 area 0.0.0.0
0.0.0.0 Sep 19 00:22:30.713553 checksum 0x0, authtype 0
Sep 19 00:22:30.713622 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128 Sep 19 00:22:30.713677 dead_ivl 40, DR 0.0.0.0, BDR 0.0.0.0 -- Exhibit --
Referring to the exhibit, what is preventing the OSPF adjacency on interface ge-0/0/4 from forming?
A. area mismatch
B. subnet mismatch
C. MTU mismatch
D. authentication mismatch
Correct Answer: A
Section: (none)
Explanation
QUESTION 21
-- Exhibit --
user@R2# show
area 0.0.0.3 {
stub default-metric 10 no-summaries;
interface ge-0/1/1.0;
}
-- Exhibit --
Referring to the output in the exhibit, which statement is true?
A. R2 is an ABR and will send a Type 7 LSA 0/0 route down into the nonbackbone area.
B. R2 is an ABR and will send a Type 3 LSA 0/0 route down into the nonbackbone area.
C. R2 will not send a Type 3 LSA 0/0 route into the nonbackbone area.
D. R2 will add a metric cost of 10 to the existing metric of a 0/0 route it receives from the backbone area and then send it into the nonbackbone area in a Type 5
LSA.
Correct Answer: B
Section: (none)
Explanation
QUESTION 22
-- Exhibit --
user@router> show ospf route
Topology default Route Table:
Prefix Path Route NH Metric NextHop Nexthop

Type Type Type Interface Address/LSP
192.168.1.0/24 Intra Network IP 10 ge-0/0/1.0
-- Exhibit --

Which two configurations result in the output shown in the exhibit? (Choose two.)
A. [edit protocols ospf]

user@router# show
reference-bandwidth 10g;
area 0.0.0.0 {
}
B. [edit protocols ospf]
user@router# show
reference-bandwidth 1g;
area 0.0.0.0 {
}
C. [edit protocols ospf]
user@router# show
reference-bandwidth 1m;
area 0.0.0.0 {
interface ge-0/0/1.0 {
metric 10;
}
}
D. [edit protocols ospf]
user@router# show
reference-bandwidth 100m;
area 0.0.0.0 {
}
Correct Answer: AC
Section: (none)
Explanation
QUESTION 23
-- Exhibit
-- Exhibit --
Referring to the exhibit, you are asked to prevent the 184.16.1.0/24 route from entering the backbone.
Which configuration statements would accomplish the task?
A. On router R1, issue the set protocols ospf area 3 nssa area-range 184.16.1.0/24 restrict command.
B. On router R3, issue the set protocols ospf area 0 area-range 184.16.1.0/24 restrict command.
C. On router R3, issue the set protocols ospf area 3 area-range 184.16.1.0/24 restrict command.
D. On router R3, issue the set protocols ospf area 3 nssa area-range 184.16.1.0/24 restrict command.
Correct Answer: D
Section: (none)
Explanation
QUESTION 24
-- Exhibit
-- Exhibit --
You are asked to connect Area 2 to the backbone.
Which configuration would be required on R3?
A. [edit protocols ospf3]

user@R3# show
area 0.0.0.0 {
virtual-link neighbor-id 10.0.10.1 transit-area 0.0.0.1; interface ge-0/0/5.0;
}
B. [edit protocols ospf]
user@R3# show
area 0.0.0.0 {
virtual-link neighbor-id 192.168.1.2 transit-area 0.0.0.1; interface ge-0/0/5.0 {
interface-type p2p;
}
}
C. [edit protocols ospf3]
user@R3# show
area 0.0.0.0 {
}
D. [edit protocols ospf3]
user@R3# show
area 0.0.0.1 {
}
Correct Answer: C
Section: (none)
Explanation
QUESTION 25
-- Exhibit --
user@area-1-abr# show
area 0.0.0.1 {
nssa {
default-lsa {
default-metric 10;
metric-type 2;
type-7;
}
no-summaries;
}
interface so-0/1/1.0;
}
-- Exhibit --
Referring to the exhibit, which statement is true?
A. The ABR will generate a Type 3 summary default route into the NSSA.
B. The ASBR will generate a Type 7 default route into the NSSA.
C. The type-7 parameter allows interoperability with newer versions of the Junos OS.
D. The only LSA types allowed into the area are Type 1, Type 2, Type 3, and Type 7.
Correct Answer: B
Section: (none)
Explanation
QUESTION 26
-- Exhibit
-- Exhibit --
Referring to the exhibit, you are asked to verify certain routing information within your OSPFv3 routing domain. You must review the prefixes learned from R3.
Which two LSA types from the output shown in the exhibit must be reviewed? (Choose two.)
A. the Router LSAs from RID 10.0.0.2

B. the Extern LSAs from RID 10.0.0.2
C. the InterArPfx LSAs from RID 10.0.0.2
D. the Network LSAs from RID 10.0.0.2
Correct Answer: BC
Section: (none)
Explanation
QUESTION 27
-- Exhibit
-- Exhibit --

ISP-A is advertising the 200.0.3.0/24 route to R1. R1 is advertising this BGP route to R2 but the route is hidden on R2.
Referring to the exhibit, which statement is correct about the 200.0.3.0/24 route?
A. The route is unusable because the next hop is not reachable from R2.
B. The route is unusable because it has not been verified.
C. The route is hidden because R1 is changing the next hop to 192.168.16.1.
D. The route is hidden because R2 has a more preferred route.
Correct Answer: A
Section: (none)
Explanation
QUESTION 28
-- Exhibit --
user@router> show route protocol bgp detail
inet6.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) 4444:4444::/32 (1 entry, 1 announced)

*BGP PreferencE. 170/-101
Next hop typE. Router, Next hop index:
Address: 0x934c688
Next-hop reference count: 2
SourcE. 172.27.0.5
Next hop: ::172.27.0.5 via ge-0/0/1.0, selected
StatE.
Local AS: 3 Peer AS: 701
AgE. 3:22
Task: BGP_701.172.27.0.5+52965
Announcement bits (1): 0-KRT
AS path: 701 4 I Aggregator: 4 10.255.1.34
Accepted
LocalpreF. 100
Router ID. 10.255.1.31
-- Exhibit --
Referring to the exhibit, which two statements are true? (Choose two.)
A. The IPv6 route was learned from an IPv6 BGP neighbor.

B. The IPv6 route was learned from an IPv4 BGP neighbor.
C. The IPv6 destination will use IPv4 as the next hop.
D. The IPv6 destination will use IPv6 as the next hop.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 29
-- Exhibit --
user@router# run show route receive-protocol bgp 192.168.4.101 detail
inet.0: 18 destinations, 20 routes (18 active, 0 holddown, 0 hidden)

* 10.16.1.0/24 (1 entry, 1 announced)
Accepted
Nexthop: 192.168.4.101
LocalpreF. 100
AS path: 123 111 I
* 10.16.2.0/24 (1 entry, 1 announced)

Accepted
Nexthop: 192.168.4.101
LocalpreF. 100
AS path: 123 222 312 I
* 10.16.3.0/24 (1 entry, 1 announced)

Accepted
Nexthop: 192.168.4.101
LocalpreF. 100
AS path: 123 231 222 I
* 10.16.4.0/24 (1 entry, 1 announced)

Accepted
Nexthop: 192.168.4.101
LocalpreF. 100
AS path: 123 333 111 I
-- Exhibit --
Referring to the exhibit, which AS path regular expression will match only the 10.16.1.0/24 and 10.16.2.0/24 routes?
A. .* (222|111) .*
B. .+ (222|111) .*
C. .(222|111) .*
D. . (.222|.111) .*
Correct Answer: C
Section: (none)
Explanation
QUESTION 30
-- Exhibit --
-- Exhibit --
Referring to the exhibit, you must ensure that traffic to the 2001:10:5::/64 network leaves AS 2 through R3.
Given that all BGP attributes are at their default, how would you accomplish this task?
A. On R1, configure a MED of 50 for the 2001:10:5::/64 route.

B. On R2, configure a MED of 50 for the 2001:10:5::/64 route.
C. On R3, configure a MED of 50 for the 2001:10:5::/64 route.
D. On R4, configure a MED of 50 for the 2001:10:5::/64 route.
Correct Answer: B
Section: (none)
Explanation
QUESTION 31
-- Exhibit
-- Exhibit --
On AS1, which two attributes are used to influence inbound traffic from the other ASs shown in the exhibit? (Choose two.)
A. AS path
B. MED
C. local preference
D. origin
Correct Answer: AD
Section: (none)
Explanation
QUESTION 32
-- Exhibit
-- Exhibit --
Referring to the exhibit, R2 is sending a route to R1 with a community value.
Which statement is correct?
A. Routes will be accepted without change in the attributes.

B. All routes will be rejected.
C. Routes will be accepted with the community value removed.
D. Routes will be rejected with the community value removed.
Correct Answer: C
Section: (none)
Explanation
QUESTION 33
Which set of BGP attributes is preferred by the Junos OS?
A. MED. 100
AS path: 50 50 50
Local preferencE. 50
Origin: I
B. MED. 50
AS path: 50 50 50
Local preferencE. 1
Origin: E
C. MED. 100
AS path: 50 50 50 50
Origin: I
D. MED. 50
AS path: 50 50 50
Origin: E
Correct Answer: A
Section: (none)
Explanation
QUESTION 34
-- Exhibit
-- Exhibit --
Referring to the exhibit and based on the output below from Sw-1 and Sw-2, which statement is true?
Sw-1> show spanning-tree mstp configuration
MSTP information
Context identifier : 0
Region name : juniper
Revision : 1
Configuration digest : 0x9357ebb7a8d74dd5fef4f2bab50531aa
MSTI Member VLANs

0 0-9,11-19,21-4094
1 10
2 20
Sw-2# run show spanning-tree mstp configuration

MSTP information
Region name : juniper
Revision : 1
Configuration digest : 0x387b5f2ea2394b14e091f0921ee7b9a8
MSTI Member VLANs

0 0-9,11-14,16-19,21-4094
1 10,15
2 20
A. There will be only one MSTI 2 root bridge.

B. There will be only one CST root bridge.
C. Sw-1 and Sw-2 are in different MSTP regions.
D. There will be only one CIST root bridge.
Correct Answer: C
Section: (none)
Explanation
QUESTION 35
-- Exhibit
-- Exhibit --
R4 receives BGP prefixes for AS 50 from both R2 and R3. You want to ensure that R4 chooses R3 as the preferred path to reach 50.50.50/24.
Referring to the information shown in the exhibit, where would you apply a policy containing the parameter local-preference 110 to accomplish this task?
A. on R3, as import from R1

B. on R3, as export towards R4
C. on R2, as import from R1
D. on R2, as export towards R4
Correct Answer: B
Section: (none)
Explanation
http://www.juniper.net/techpubs/en_US/junos13.2/topics/topic-map/bgp-local-preference.html
QUESTION 36
You want to provide reachability to your data center by advertising its subnet throughout your upstream peer AS. However, you do not want this prefix advertised
any further.
Which BGP community value would be used to meet this requirement?
A. no-advertise
B. no-export
C. no-export-subconfed
D. 65512 - 65535
Correct Answer: B
Section: (none)
Explanation
QUESTION 37
-- Exhibit
-- Exhibit --
Referring to the exhibit, you want router A to have an EBGP peering with router C. They are both connected through router B, which does not have BGP running,
and has static routes configured.
What must be configured in the EBGP peer groups on routers A and C to make this connection possible?
A. MED
B. multihop
C. multipath
D. next-hop
Correct Answer: B
Section: (none)
Explanation
QUESTION 38
-- Exhibit
-- Exhibit --
Referring to the exhibit, your AS is connected to ISP-A and ISP-B using BGP. R1 and R2 are advertising your AS's 172.25/16 prefix upstream to both ISPs, and
both ISPs are providing a full BGP route table. You want to influence traffic flow so that traffic towards your network enters through R1.
Which action would meet the requirement?
Apply the following as an export policy towards ISP-B:
A. [edit policy-options]
user@R2# show
policy-statement prefer-for-inbound {
term prepend {
then {
as-path-prepend "100 100";
accept;
}
}
}
Apply the following as an export policy towards ISP-A:
B. [edit policy-options]
user@R1# show
term prepend {
then {
as-path-prepend "100 100";
accept;
}
}
}
Apply the following as an export policy towards R1 and R3:
C. [edit policy-options]
user@R2# show
term local-pref {
then {
local-preference 110;
accept;
}
}
}
Apply the following as an export policy towards R2 and R3:
D. [edit policy-options]
user@R1# show
term local-pref {
then {
local-preference 110;
accept;
}
}
}
Correct Answer: A
Section: (none)
Explanation
QUESTION 39
-- Exhibit
-- Exhibit --
R1 is connected to both R2 and R3 and you want to load-balance outbound traffic. You have provided the configuration shown in the exhibit; however, after
checking the links you notice that the traffic is not load-balancing.
Which configuration must be added?
A. set protocols bgp group external multihop

B. set protocols bgp group external multipath
C. set protocols bgp group external advertise-external
D. set policy-options policy-statement loadbal then accept
Correct Answer: B
Section: (none)
Explanation
QUESTION 40
-- Exhibit --
[edit policy-options]
user@router# show
policy-statement LB {
term 1 {
then {
load-balance per-packet;
}
}
}
-- Exhibit --
Two routers are joined by redundant BGP connections. You want to load-balance traffic across these links, and have configured the policy shown in the exhibit on
each device.
Which configuration, applied on each device, correctly applies the policy to accomplish this task?
A. [edit protocols bgp group LB]

uesr@router# show
type external;
import LB;
peer-as <peer_as>;
neighbor <neighbor>;
B. [edit protocols bgp group LB]
uesr@router# show
type external;
export LB;
peer-as <peer_AS>;
neighbor <neighbor>;
C. [edit]
user@router# show routing-options
aggregate {
route 0.0.0.0/0 policy LB;
}
D. [edit]
forwarding-table {
export LB;
}
Correct Answer: D
Section: (none)
Explanation
QUESTION 41
You are asked to create a BGP routing policy that will delete all communities and reject routes with the community 64321:1234.
Which policy will accomplish this task?
A. user@router# show policy-options

policy-statement filter-on-community {
term remove-AS65001 {
from community AS65001-community;
then {
community delete AS65001-community;
}
}
term nothing-with-1234 {
then reject;
}
}
community AS64321-community members 64321:1234;
B. user@router# show policy-options
term remove-all-communities {
then {
community delete all-communities;
}
}
then reject;
}
}
community all-communities members *:*;
C. user@router#show policy-options
then reject;
}
term remove-all-communities {
then {
community delete all-communities;
}
}
}
community all-communities members *:*;
D. user@router#show policy-options
then reject;
}
term remove-AS65001 {
then {
community delete AS65001-community;
}
}
}
Correct Answer: C
Section: (none)
Explanation
QUESTION 42
-- Exhibit --
user@router>show route advertising-protocol bgp 172.16.36.1 inet.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref
ASpath
* 10.200.17.0/24 Self I
* 10.200.19.0/24 Self I
-- Exhibit --
Referring to the exhibit, which three actions would summarize these routes to a BGP peer? (Choose three.)
A. Create a policy that accepts the more specific contributing routes.

B. Create a route to 10.200.16.0/21 with a next hop of 172.16.36.1 under the [edit routing- options static] hierarchy.
C. Create a policy that rejects the more specific contributing routes.
D. Create a policy to accept aggregate routes.
E. Create a 10.200.16.0/22 route under the [edit routing-options aggregate] hierarchy.
Correct Answer: CDE

Section: (none)
Explanation
QUESTION 43
-- Exhibit
-- Exhibit --
AS4 is using the default path to get to AS1. This path is not modified by any of the ASs shown in the exhibit. AS1 wants to influence this path so that traffic from
AS4 comes through AS3.
Where do you apply the policy shown in the exhibit?

A. AS1
B. AS2
C. AS3
D. AS4
Correct Answer: A
Section: (none)
Explanation
QUESTION 44
-- Exhibit
-- Exhibit --
You are the administrator for the network shown in the exhibit. R1 receives the 196.15.4.0/24 route from routers R2, R3, and R4. Local preference values have not
been modified in this network. You are asked to ensure that R1 prefers the path through AS 3149 for traffic destined to 196.15.4.0/24.
Which two methods will accomplish this task? (Choose two.)
A. Configure a lower local preference on R3.

B. Configure as-path-prepend on R2 and R4.
C. Configure local-as on R3.
D. Configure always-compare-med on R1.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 45
-- Exhibit --
user@R1> show pim join extensive
InstancE. PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Group: 224.50.50.50
SourcE. *
RP: 10.100.100.10
Flags: sparse,rptree,wildcard
Upstream interfacE. ge-0/0/10.0
Upstream neighbor: 172.28.55.5
Upstream statE. Join to RP
UptimE. 00:00:10
Downstream neighbors:
InterfacE. ge-0/0/2.0
172.28.57.5 StatE. Join Flags: SRW Timeout: 209
Group: 224.50.50.50
SourcE. 10.100.10.10
Flags: sparse,spt
Upstream interfacE. ge-0/0/6.0
Upstream neighbor: 172.28.56.5
Upstream statE. Join to Source, Prune to RP
UptimE. 00:00:10
Keepalive timeout: 276
InterfacE. ge-0/0/2.0
172.18.57.5 StatE. Join Flags: S Timeout: 209
-- Exhibit --

Referring to the output shown in the exhibit, which three statements are true about the PIM implementation on R1? (Choose three.)
A. R1 is receiving multicast traffic over the RPT.

B. R1 is receiving multicast traffic over the SPT.
C. Interface ge-0/0/10 provides the shortest path to the source.
D. The multicast stream flows from 10.100.10.10 to 172.18.57.5.
E. Interface ge-0/0/6 provides the shortest path to the source.
Correct Answer: BDE

Section: (none)
Explanation
QUESTION 46
-- Exhibit
-- Exhibit --
Referring to the exhibit, the RPT from R3 towards R2 is established.
What happens if the multicast source connected to R1 starts sending multicast traffic towards R1?
A. R1 encapsulates the multicast packets into a PIM register multicast packet.

B. R1 encapsulates the multicast packets into PIM join unicast messages.
C. R1 forwards the multicast packets on the (S,G) tree towards the RP.
D. R1 tunnels the multicast packets in PIM register messages towards the RP.
Correct Answer: D
Section: (none)
Explanation
QUESTION 47
Which two statements are true about the configuration shown below? (Choose two.)
[edit routing-options multicast]

user@router# show
ssm-groups 227.0.0.0/24;
asm-override-ssm;
A. It allows SSM operations in only the 227.0.0.0/24 range.

B. It allows SSM operations in the 227.0.0.0/24 range and the dedicated range.
C. It allows only ASM operations in the dedicated SSM range.
D. It allows both ASM and SSM operations in the dedicated SSM range.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 48
Which two statements are true about MSDP mesh groups? (Choose two.)
A. The MSDP mesh group was originally designed to limit SA flooding.

B. SA messages received from a mesh group member flood these messages to all peers that are not members of this mesh group.
C. SA messages received from a peer not in any mesh group do not flood to all peers.
D. SA messages received from a peer not in any mesh group perform a peer-RPF check and, if successful, flood to all peers (except the advertising router).
Correct Answer: AB
Section: (none)
Explanation
QUESTION 49
-- Exhibit
-- Exhibit --
Referring to the exhibit, the RPs are set up for anycast. Multicast traffic is currently flowing from the source to the receivers.
Which statement is true when RP2 goes down?
A. Multicast traffic is interrupted for receiver 2 until RP2 recovers.

B. Receiver 2 needs to rejoin RP1.
C. Multicast traffic flows uninterrupted.
D. RP1 starts sending multicast traffic to receiver 2.
Correct Answer: C
Section: (none)
Explanation
QUESTION 50
-- Exhibit
-- Exhibit --
Referring to the exhibit, USER1 wants to only receive multicast traffic for group 225.0.0.1 and USER2 wants to only receive multicast traffic for group 225.0.0.2.
Both users are connected to an EX Series switch and are receiving unwanted multicast traffic.
What will resolve the problem?
A. Create IGMP static groups with the exclude parameter.

B. Enable the IGMP immediate-leave parameter.
C. Use PIM sparse mode instead of PIM dense mode.
D. Enable IGMP snooping.
Correct Answer: D
Section: (none)
Explanation
QUESTION 51
Which multicast group is used for all PIM routers?
A. 224.0.0.22
B. 224.0.0.13
C. 224.0.0.1
D. 224.0.0.2
Correct Answer: B
Section: (none)
Explanation
QUESTION 52
You are configuring PIM-SM for your network, and want to use a statically configured RP.
What are two ways to accomplish this task? (Choose two.)
A. [edit protocols pim]

uesr@router# show
rp {
static {
address 10.10.10. ;
}
}
mode sparse;
}
mode sparse;
}
interface lo0.0 {
mode sparse;
}
B. [edit protocols pim]
user@router# show
rp {
local {
address 223.0.0.1;
}
}
interface lo0.0;
C. [edit protocols pim]
user@router# show
rp {
static {
address 10.10.10. {
group-ranges {
224.0.0.0/4;
}
}
}
}
interface all {
mode sparse;
}
D. [edit protocols pim]
user@router# show
rp {
local {
address 10.10.10. ;
group-ranges {
233.0.0.0/8;
}
}
}
version 1;
}
version 1;
}
interface lo0.0 {
version 1;
}
Correct Answer: BD
Section: (none)
Explanation
QUESTION 53
-- Exhibit
-- Exhibit --
Your company has PIM running on some critical routers in your network, but another engineer has requested that you configure a PIM policy to prevent R2 from
becoming a PIM neighbor of R1 by dropping the hello packets.
Referring to the exhibit, which three commands are necessary for preventing R2 from becoming a PIM neighbor of R1? (Choose three.)
A. set protocols pim interface ge-0/0/1.0 neighbor-policy block-pim

B. set policy-options policy-statement block-pim term 1 from route-filter 227.2.2.2/32 exact
C. set policy-options policy-statement block-pim term 1 from route-filter 10.10.10.2/32 exact
D. set policy-options policy-statement block-pim term 1 then reject
E. set policy-options policy-statement block-pim term 1 from route-filter 10.10.10.1/32 exact
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 54
Your company asks you to configure multicast routing on a Junos device. They tell you that the router at IP address 192.168.1.4 is the root of the shared multicast
delivery tree.
Which command allows you to configure the Junos device as a non-RP router for PIM?
A. set protocols pim rp local family inet disable

B. set protocols pim rp local address 192.168.1.4
C. set protocols pim rp static address 192.168.1.4
D. set protocols pim rp auto-rp announce
Correct Answer: C
Section: (none)
Explanation
QUESTION 55
-- Exhibit
-- Exhibit --
Referring to the configuration shown in the exhibit, which statement is true?
A. RP2 stops sending all SA messages to its peer.

B. RP1 stops sending all SA messages to its peer.
C. RP2 stops sending SA messages for the group 224.7.7.7 from source 192.168.100.10 to RP1.
D. RP1 stops sending SA messages for the group 224.7.7.7 from source 192.168.100.10 to RP2.
Correct Answer: C
Section: (none)
Explanation
QUESTION 56
When enabling MVRP for dynamic VLAN registration, which three timers would be configured on an interface? (Choose three.)
A. hello-interval
B. join-timer
C. leave-timer
D. max-age
E. leaveall-timer
Correct Answer: BCE

Section: (none)
Explanation
QUESTION 57
Which two statements are correct about L2PT? (Choose two.)
A. L2PT requires 802.1Q tunneling enablement to effectively tunnel L2 protocols.

B. 802.1Q tunnels all L2 protocols by default.
C. L2PT encapsulates L2 PDUs by enabling the ingress switch to rewrite the PDUs' source MAC addresses before forwarding them onto the service provider
network.
D. You cannot enable L2PT and VLAN translation on the same VLAN.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 58
-- Exhibit
-- Exhibit --
Referring to the exhibit, a customer noticed that the 802.1Q-tunneled packets received on SwitchB are being dropped.
What is causing this problem?
A. There is an ether-type mismatch on SwitchA and SwitchB.

B. Customer VLANs are not configured on SwitchB.
C. The SwitchB interface connecting to SwitchA is not a trunk port.
D. Customer VLANs are mismatched on both switches.
Correct Answer: A
Section: (none)
Explanation
QUESTION 59
You are a service provider and have multiple customers in a building. You are installing a new switch that can host all of your customers. However, you would like
to ensure that one customer cannot see or broadcast to another customer. You would also like to have them use a common gateway IP address from the building.
What should be used to provide this access?

A. VLAN
B. private VLAN
C. filter-based VLAN
D. Layer 2 tunneling
Correct Answer: B
Section: (none)
Explanation
QUESTION 60
What are three types of PVLAN broadcast domains? (Choose three.)
A. primary VLAN
B. dynamic VLAN
C. isolated VLAN
D. community VLAN
E. S-VLAN
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 61
Two PCs are attached to a hub, which is attached to port ge-0/0/0 on your EX Series switch. You must separate the incoming traffic from the PCs into two VLANs.
What should you use to accomplish this task?
A. dynamic VLAN registration with MVRP

B. private VLAN
C. filter-based VLAN
D. guest VLAN
Correct Answer: C
Section: (none)
Explanation
QUESTION 62
-- Exhibit --
Mar 16 17:54:51.930726 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area 0.0.0.0) Mar 16 17:54:55.566920 ospf_trigger_build_telink_lsas : No peer
found Mar 16 17:54:56.152585 ospf_trigger_build_telink_lsas : No peer found Mar 16 17:54:56.152721 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr
192.168.2.1 state QUIET->GEN_PENDING
Mar 16 17:54:56.153271 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.0 lsa-id 192.168.2.1
Mar 16 17:54:56.157854 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state GEN_PENDING->QUIET
Mar 16 17:54:56.157971 OSPF built router LSA, area 0.0.0.0, link count 2 Mar 16 17:54:56.158300 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69
area 0.0.0.0)
Mar 16 17:54:56.158380 Version 2, length 44, ID 192.168.2.1, area 0.0.0.0 Mar 16 17:54:56.158435 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128 Mar 16
17:54:56.158485 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0 Mar 16 17:54:56.158949 OSPF DR is 192.168.2.1, BDR is 0.0.0.0 Mar 16 17:54:56.159276 OSPF sent
Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.0)
17:54:56.159563 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0 Mar 16 17:54:56.168108 OSPF DR is 192.168.2.1, BDR is 0.0.0.0 Mar 16 17:54:58.237416 OSPF rcvd
Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.0)
Mar 16 17:54:58.237540 Version 2, length 44, ID 192.168.2.1, area 0.0.0.0 Mar 16 17:54:58.237623 checksum 0x0, authtype 0
Mar 16 17:54:58.237698 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128 Mar 16 17:54:58.237751 dead_ivl 40, DR 172.14.10.2, BDR 0.0.0.0 -- Exhibit --
Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?
A. There is an MTU mismatch.

B. There are duplicate router IDs.
C. The routers are in different areas.
D. No BDR has been elected.
Correct Answer: B
Section: (none)
Explanation
QUESTION 63
-- Exhibit --
{master:0}[edit]
user@switch# show vlans
v1 {
vlan-id 1;
interface {
ge-0/0/1.0;
}
}
v2 {
vlan-id 2;
interface {
ge-0/0/2.0;
}
}
v3 {
vlan-id 3;
interface {
ge-0/0/1.0 {
}
{master:0}[edit]
user@switch# show interfaces ge-0/0/3
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
{master:0}[edit]
user@switch# run show vlans
Name Tag Interfaces
default
None
v1 1
ge-0/0/1.0*, ge-0/0/3.0*
v2 2
ge-0/0/2.0*, ge-0/0/3.0*
v3 3
ge-0/0/1.0*, ge-0/0/3.0*
-- Exhibit --
Referring to the exhibit, what would explain interface ge-0/0/3.0 being active in VLANs v1, v2, and v3?
A. You have enabled RSTP for interface ge-0/0/3.0.

B. You have enabled MVRP for interface ge-0/0/3.0.
C. You have enabled MSTP for interface ge-0/0/3.0.
D. You have enabled L2PT for interface ge-0/0/3.0.
Correct Answer: B
Section: (none)
Explanation
QUESTION 64
You are asked to implement a filter-based VLAN assignment. You have created the firewall filter and must apply this filter to the incoming interface.
Where must this filter be applied?
A. to the access interface configuration

B. to the interface under the primary VLAN assignment
C. to the interface under the secondary VLAN assignment
D. to the trunk interface configuration
Correct Answer: A
Section: (none)
Explanation
QUESTION 65
-- Exhibit --
{master:0}[edit]
v200 {
vlan-id 200;
interface {
ge-0/0/7.0;
ge-0/0/8.0;
}
dot1q-tunneling {
customer-vlans [ 11 12 ];
layer2-protocol-tunneling {
all {
drop-threshold 800;
shutdown-threshold 700;
}
}
}
}
-- Exhibit --
Referring to the exhibit, you are attempting to configure L2PT for VLAN v200 but the configuration will not commit.
Which three configuration statements would resolve the problem? (Choose three.)
A. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 600
B. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all shutdown-threshold 600
C. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all shutdown-threshold 900
D. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 700
E. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 900
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 66
-- Exhibit
-- Exhibit --
Referring to the exhibit, you are asked to ensure that CE1 can communicate with CE2 using VLAN 150.
Which configuration meets this requirement on S1?
A. user@S1# show
customer-a {
vlan-id 200;
dot1q-tunneling {
customer-vlans 150;
}
}
{master:0}[edit vlans]
B. user@S1# show
customer-a {
vlan-id 150;
interface {
ge-0/0/0.0;
ge-0/0/1.0;
}
dot1q-tunneling {
customer-vlans 200;
}
}
C. user@S1# show
customer-a {
vlan-id 200;
interface {
ge-0/0/0.0;
ge-0/0/1.0;
}
dot1q-tunneling {
customer-vlans 150;
}
}
D. user@S1# show
customer-a {
vlan-id 150;
interface {
ge-0/0/0.0;
}
}
v200 {
vlan-id 200;
interface {
ge-0/0/1.0;
}
}
Correct Answer: C
Section: (none)
Explanation
QUESTION 67
-- Exhibit --
[edit]
user@switch# commit
error: Trunk interface <ge-0/0/10.0> can not be member of both dot1q-tunneling enabled vlan <cust-1>, and a non dot1q-tunneled vlan <v11> when dot1q-tunneling
ethernet-type is not <0x8100>
error: configuration check-out failed
-- Exhibit --

When you try to commit your 802.1Q tunneling configuration, you receive the error shown in the exhibit.
Which configuration statement will allow the configuration to commit?
A. set vlans cust-1 interface ge-0/0/10 egress

B. set interfaces ge-0/0/10 ether-options mdi-mode auto
C. set vlans v11 dot1q-tunneling customer-vlans native
D. set ethernet-switching-options dot1q-tunneling ether-type 0x8100
Correct Answer: D
Section: (none)
Explanation
QUESTION 68
-- Exhibit
-- Exhibit --
You are asked to separate the human resources group from the finance group on the company network even though they share the same VLAN. You consider
using PVLANs, and you delegate the task to a junior engineer who submits the configuration shown in the exhibit to accomplish this task. After review, you realize
that the PVLAN implementation will not work correctly.
Referring to the exhibit, which three commands must be included to resolve the problem? (Choose three.)
A. set vlans pvlan no-local-switching

B. set vlans hr-group no-local-switching
C. set vlans finance-group no-local-switching
D. set vlans hr-group primary-vlan pvlan
E. set vlans finance-group primary-vlan pvlan
Correct Answer: ADE

Section: (none)
Explanation
QUESTION 69
-- Exhibit
-- Exhibit --
You have implemented a firewall-based VLAN filter to map traffic from subnet 192.168.40.0/24 to a VLAN named vlan_40. However, you have not been successful
in getting the traffic mapped correctly. In addition, all traffic must be passed to the Layer 2 network.
Referring to the exhibit, which three commands are required to accomplish this behavior? (Choose three.)
A. set interfaces ge-0/0/19.0 family ethernet-switching filter output assign_vlan

B. set interfaces ge-0/0/19.0 family ethernet-switching filter input assign_vlan
C. set vlans vlan_40 interface ge-0/0/19.0 mapping policy
D. set vlans vlan_30 interface ge-0/0/19.0 mapping policy
E. set interfaces ge-0/0/20 unit 0 family ethernet-switching port-mode trunk vlan members all
Correct Answer: BCE

Section: (none)
Explanation
QUESTION 70
-- Exhibit --
[edit protocols vstp]
'vlan all'
Cannot configure VSTP on all VLANs when more than 253 VLANs are configured. Configure vstp vlan-group along with STP or RSTP to cover all VLANs [edit
protocols]
'vstp'
Failed to configure vstp on all vlans
-- Exhibit --
What are two reasons for the commit error shown in the exhibit? (Choose two.)
A. The set protocols vstp vlan all configuration is not supported.

B. There are more than 253 VLANs configured on the switch.
C. MSTP is not configured with VSTP.
D. STP or RSTP is not configured along with VSTP on the switch.
Correct Answer: AB
Section: (none)
Explanation
http://kb.juniper.net/KB18259
QUESTION 71
-- Exhibit
-- Exhibit --
Referring to the exhibit, which two statements are true regarding the MSTP port role and port state of ge-0/0/0 and ge-0/0/1 on SW1?
A. Port ge-0/0/0 is a root port and ge-0/0/1 is an alternate port.

B. Both ports are designated ports.
C. Both ports are in a forwarding state.
D. Port ge-0/0/0 is a root port and ge-0/0/1 is in a forwarding state.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 72
Which two statements are correct about MSTP? (Choose two.)
A. It allows you to preprovision VLAN IDs to spanning tree instances.

B. It provides a more scalable solution than VSTP.
C. It is not supported when using MVRP.
D. It allows you to use VLAN groups to simplify configuration tasks when groups of VLANs use the same parameters.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 73
You are asked to implement MSTP on all devices in your Layer 2 network.
Which three parameters must match on all devices within the same region? (Choose three.)
A. region name
B. hello timer
C. maximum age
D. revision level
E. VLAN mapping table
Correct Answer: ADE

Section: (none)
Explanation
QUESTION 74
You are asked to implement VSTP on all devices in your Layer 2 network.
Which three statements are correct? (Choose three.)
A. VSTP supports up to 256 different spanning-tree topologies.

B. A BPDU is sent for each spanning-tree instance.
C. Each VLAN will be assigned to a unique spanning-tree instance.
D. MSTP can be used in addition to VSTP to account for VLANs outside of the supported range.
E. VSTP can be used to load-balance Layer 2 traffic using VLANs.
Correct Answer: BCE

Section: (none)
Explanation
QUESTION 75
-- Exhibit --
user@switch> show spanning-tree bridge
STP bridge parameters

Context ID : 0
Enabled protocol : MSTP
STP bridge parameters for CIST

Root ID : 32768.00:19:e2:55:1a:01
Root cost : 0
Root port : ge-0/0/10.0
CIST regional root : 32768.00:19:e2:55:1a:01
CIST internal root cost : 20000
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
Hop count : 19
Message age : 0
Number of topology changes : 2
Time since last topology change : seconds
Topology change initiator : ge-0/0/10.0
Topology change last recvd. from : 00:19:e2:55:24:8c Local parameters
Bridge ID : 32768.b0:c6:9a:73:27:90
Extended system ID : 0
Internal instance ID : 0
STP bridge parameters for MSTI 1

MSTI regional root : 4097.b0:c6:9a:73:27:90
Topology change last recvd. from : b0:c6:9a:73:39:81 Local parameters
Bridge ID : 4097.b0:c6:9a:73:27:90

Root cost : 20000
Root port : ge-0/0/1.0
Hop count : 19
Bridge ID : 8194.b0:c6:9a:73:27:90
-- Exhibit --
Referring to the exhibit, which two statements are correct about the MSTP configuration? (Choose two.)
A. The local switch is not the root bridge for MSTI 1.

B. The local switch is the root bridge for MSTI 1.
C. The local switch is the root bridge for MSTI 2.
D. The local switch is not the root bridge for MSTI 2.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 76
-- Exhibit --
user@switch-1> show spanning-tree bridge

Context ID : 0

...

Time since last topology change : 42 seconds
Bridge ID : 4097.b0:c6:9a:73:27:90

Bridge ID : 8194.b0:c6:9a:73:27:90
user@switch-1> show spanning-tree mstp configuration MSTP information

Region name : my-mstp-config
Revision : 1
Configuration digest : 0x91ee8012e6851d931adae71da4060690
MSTI Member VLANs

0 0,400-4094
1 1-199
2 200-399
user@switch-2> show spanning-tree bridge

Context ID : 0

...
Bridge ID : 8193.b0:c6:9a:73:39:90

Topology change last recvd. from : 00:19:e2:55:24:8d Local parameters
Bridge ID : 4098.b0:c6:9a:73:39:90
user@switch-2> show spanning-tree mstp configuration MSTP information

Region name : my-mstp-config
Revision : 10
Configuration digest : 0x91ee8012e6851d931adae71da4060690
MSTI Member VLANs

0 0,400-4094
1 1-199
2 200-399
-- Exhibit --
A colleague recently implemented MSTP in your Layer 2 network and is having trouble determining why it is not working properly. You are asked to review the
outputs provided in the exhibit to determine the cause.
Referring to the exhibit, what is causing the issue?
A. The region name is configured the same on both devices.

B. The VLAN mapping is configured incorrectly.
C. The MSTP revision is configured incorrectly.
D. The bridge priority has not been configured correctly.
Correct Answer: C
Section: (none)
Explanation
QUESTION 77
-- Exhibit --
MSTP information
Region name : Juniper
Revision : 1
Configuration digest : 0xfdbe318c0ae799ae6dfdae4c882c67ee
MSTI Member VLANs

0 0,4-4094
1 1-3
-- Exhibit --
A network engineer has configured MSTP on several switches for loop protection. You must verify the work and ensure that the appropriate parameters match on
all switches.
Which operational command provides the required output shown in the exhibit?
A. show spanning-tree interface

B. show spanning-tree mstp configuration
C. show spanning-tree bridge
D. show ethernet-switching interfaces
Correct Answer: B
Section: (none)
Explanation
QUESTION 78
-- Exhibit --
user@SwitchA# show protocols mstp
configuration-name region1;
bridge-priority 16k;
msti 1 {
vlan [10 20];
}
msti 2 {
bridge-priority 8k;
vlan [30 40];
}
user@SwitchB# show protocols mstp

bridge-priority 8k;
msti 1 {
vlan [10 20];
}
msti 2 {
bridge-priority 8k;
vlan [30 40 50];
}
-- Exhibit --
Referring to the exhibit, a customer observes that the MSTP instance between SwitchA and SwitchB is not converging correctly.
What is causing the problem?
A. The bridge priority values of MSTI 2 are the same.

B. There is a VLAN mismatch between the two switches for MSTI 2.
C. There is a bridge priority mismatch.
D. MSTI 1 and MSTI 2 are part of the same the MSTP region.
Correct Answer: B
Section: (none)
Explanation
QUESTION 79
Your company makes extensive use of VSTP in your network for loop protection. The network is at the VSTP VLAN limit and must protect additional VLANs.
Which command allows you to protect additional VLANs?
A. set protocols mstp interface all

B. set protocols vstp vlan all
C. set protocols vstp vlan-group
D. set protocols rstp
Correct Answer: D
Section: (none)
Explanation
QUESTION 80
You are asked to set up 802.1X port authentication for all access ports on your EX Series switch. You must ensure that only one user is allowed to authenticate per
port and all other attempts are denied.
Which supplicant mode must be used?
A. single mode
B. single-secure mode
C. default mode
D. multiple mode
Correct Answer: B
Section: (none)
Explanation
QUESTION 81
You are asked to set up 802.1X port authentication for all access ports on your EX Series switch. You have a device that does not support 802.1X supplicants and
you must ensure this device is authenticated. You must also ensure that no unnecessary delay occurs when authenticating this device.
Which statement is correct?
A. You should enable MAC RADIUS on the interface and use 802.1X multiple mode.
B. You should enable MAC RADIUS on the interface and statically add the MAC address to the 802.1x configuration.
C. You should enable MAC RADIUS on the interface and include the restrict parameter.
D. You should enable MAC RADIUS on the interface and include the disable parameter.
Correct Answer: C
Section: (none)
Explanation
QUESTION 82
Your company uses 802.1X to authenticate your users. You want to provide access to the Internet when users cannot authenticate on the RADIUS server or when
the RADIUS server becomes unreachable.
Which two methods accomplish this goal? (Choose two.)
A. using a captive portal

B. using a server fail fallback
C. using MAC RADIUS
D. using a guest VLAN
Correct Answer: BD
Section: (none)
Explanation
QUESTION 83
Your company recently implemented Layer 2 authentication and access control to secure users accessing the corporate network. You implemented 802.1X, MAC
RADIUS, and a captive portal to support a variety of hosts on the network. Senior management is concerned that valid users might be authenticated incorrectly on
the network and they ask you questions about how these different access technologies are used simultaneously.
Which three statements are correct? (Choose three.)
A. MAC addresses that are part of a MAC address whitelist or a static MAC list are authenticated before any other authentication protocol is invoked.
B. Captive portal is a supported fallback option for 802.1X.
C. If the authentication server fails to respond to access requests and both a server-fail and guest VLAN are configured correctly, the server-fail VLAN takes
precedence over the guest VLAN.
D. Captive portal can only be configured on Layer 3 interfaces.
E. If a port is configured with 802.1X and the host does not respond to EAP requests, no other authentication protocol can authenticate the host.
Correct Answer: ABC

Section: (none)
Explanation
QUESTION 84
In your 802.1X-enabled network, a RADIUS server fails to respond or authenticate a device.
On an EX Series switch, what are three supported actions? (Choose three.)
A. Traffic can be allowed.

B. Traffic can be denied.
C. Traffic can be redirected to another subnet.
D. Traffic can be redirected to another VLAN.
E. Traffic can be redirected to another port.
Correct Answer: ABD

Section: (none)
Explanation
QUESTION 85
-- Exhibit
-- Exhibit --
A contractor needs to connect a laptop to your company network, but your company has no wireless access and each office has only a single network port for an
employee laptop. You have an IP phone with a data port available and you have access to the switch connected to it. You can also add the contractor's MAC
address to the RADIUS server database.
Referring to the exhibit, which three commands will allow access? (Choose three.)
A. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 mac-radius
B. set interfaces ge-0/0/16.0 family ethernet-switching port-mode trunk
C. set interfaces ge-0/0/16.0 family ethernet-switching vlan members contractor
D. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 supplicant multiple
E. set interfaces ge-0/0/16.0 family ethernet-switching vlan members all
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 86
-- Exhibit --
{master:0}
user@switch> show dot1x interface ge-0/0/15 detail
ge-0/0/15.0
RolE. Authenticator
Administrative statE. Auto
Supplicant modE. Multiple
Number of retries: 3
Quiet perioD. 60 seconds
Transmit perioD. 30 seconds
Mac Radius: Enabled
Mac Radius Restrict: Enabled
Reauthentication: Enabled
Configured Reauthentication interval: 120 seconds
Supplicant timeout: 30 seconds
Server timeout: 30 seconds
Maximum EAPOL requests: 2
Guest VLAN member: guest
Number of connected supplicants: 0
-- Exhibit --
802.1X authentication was recently configured on your ge-0/0/15 port. You issue the command shown in the exhibit.
Which two statements are correct? (Choose two.)
A. The reauthentication interval is using the default value.

B. Every user that attempts to connect using this port must be authenticated.
C. Only the first user that connects using this port will be authenticated.
D. Users will only be able to authenticate using MAC RADIUS.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 87
-- Exhibit --
user@switch> show configuration access
radius_server {
10.1.1.252 {
port 1812;
secret "$9$7gdwgGDkTz6oJz69A1INdb"; ## SECRET-DATA
}
profile radius_server {
authentication-order password;
radius {
authentication-server 10.1.1.252;
}
}
user@switch> show configuration protocols dot1x

authenticator {
ge-0/0/17.0 {
supplicant multiple;
}
}
}
user@switch> show configuration vlans

Sales_VLAN {
vlan-id 123;
}
user@switch> show configuration interfaces ge-0/0/17 unit 0 {

port-mode access;
}
}
-- Exhibit --

You are asked to place employees that are in the sales group into their own VLAN called Sales_VLAN with a VLAN ID of 123 on port ge-0/0/17. The VLAN must be
assigned dynamically. After trying an initial configuration, you see that users in the sales group are not assigned to the Sales_VLAN.
Referring to the exhibit, which two configuration statements are needed on the EX Series switch to resolve this problem? (Choose two.)
A. set access profile radius_server authentication-order radius

B. set vlans Sales_VLAN interface ge-0/0/17.0
C. set interfaces ge-0/0/17.0 family ethernet-switching vlan members Sales_VLAN
D. set protocols dot1x authenticator authentication-profile-name radius_server
Correct Answer: AD
Section: (none)
Explanation
QUESTION 88
A non-802.1X printer is connected to ge-0/0/0 on an EX Series switch.
Which configuration statement will authenticate the device against an authentication server?
A. set protocols dot1x authenticator static 22:22:22:22:22:22 interface ge-0/0/0

B. set protocols dot1x authenticator interface ge-0/0/0 supplicant single
C. set protocols dot1x authenticator interface ge-0/0/0 mac-radius restrict
D. set protocols dot1x authenticator interface ge-0/0/0 disable
Correct Answer: C
Section: (none)
Explanation
QUESTION 89
-- Exhibit --
{master:0}[edit protocols dot1x]
user@switch# show
authenticator {
authentication-profile-name my-profile;
static {
00:21:cc:ba:c7:00/40 {
}
}
interface {
ge-0/0/12.0 {
server-fail deny;
}
ge-1/0/14.0 {
reauthentication 120;
server-fail vlan-name local-only;
}
ge-1/0/15.0 {
mac-radius {
restrict;
}
reauthentication 120;
server-fail vlan-name guest;
}
}
}
-- Exhibit --
You just added a device on port ge-0/0/12 with the MAC address 00:21:cc:ba:c7:59. All access ports on this device are members of VLAN v20. The RADIUS server
is currently not reachable.
Referring to the configuration shown in the exhibit, what happens to traffic sent from this device?
A. The traffic is denied.

B. The traffic is accepted and uses the guest VLAN.
C. The traffic is accepted and uses the local-only VLAN.
D. The traffic is accepted and uses the v20 VLAN.
Correct Answer: D
Section: (none)
Explanation
QUESTION 90
An emergency Class 3 IP phone is connected to an EX Series switch. You want to ensure that the IP phone does not have any problems if PoE power demands on
the switch are greater than the PoE power budget.
What should you do to accomplish this task?
A. You must connect the IP phone into one of the ports from ge-0/0/0 to ge-0/0/7.
B. Set the power class on the PoE interface to 3.
C. Set the PoE priority to high.
D. Enable the guard-band parameter.
Correct Answer: C
Section: (none)
Explanation
QUESTION 91
You are implementing PoE on your EX Series switch to provide power to your VoIP phones. You have a device that does not provide its class information to the
switch.
Which power class is assigned for this device?
A. 0
B. 1
C. 2
D. 3
Correct Answer: A
Section: (none)
Explanation
QUESTION 92
Which two statements about the voice VLAN feature are correct? (Choose two.)
A. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on an access port.
B. It can be used to assign VoIP traffic into a CoS forwarding class.
C. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on a trunk port.
D. It can be used to apply a policer to VoIP traffic.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 93
NetBIOS snooping information is stored in which database on EX Series switches?
A. RADIUS database
B. LLDP neighbor database
C. MAC table database
D. routing table database
Correct Answer: B
Section: (none)
Explanation
QUESTION 94
Which three PoE power allocation methods are supported on EX Series switches? (Choose three.)
A. dynamic PoE management mode

B. static PoE management mode
C. enhanced power negotiation
D. LLDP power negotiation
E. class PoE management mode
Correct Answer: BDE

Section: (none)
Explanation
QUESTION 95
A security camera is connected to an EX Series switch. You are asked to ensure power to the PoE port is maintained if the power budget is exceeded.
Which two actions will accomplish this task? (Choose two.)
A. Set the PoE management mode to static.

B. Set the PoE management mode to class.
C. Set the PoE interface priority to high.
D. Ensure the camera is connected to port ge-0/0/0.
Correct Answer: AC
Section: (none)
Explanation
http://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/poe-overview.html
QUESTION 96
-- Exhibit --
user@switch> show poe controller
Controller Maximum Power Guard Management Status Lldp index power consumption band Priority
0 130.00W 121.00W 0W Class AT_MODE Disabled
-- Exhibit --
A new user's Class 3 IP phone is connected to port ge-0/0/7 on an EX Series switch; however, it is not working.
Referring to the exhibit, what is the cause?
A. The model of the EX Series switch being used supports PoE only on interfaces ge-0/0/0 through ge-0/0/6.
B. The PoE port is set to class 0.
C. The port has been shut down because the phone's power requirements exceed the PoE power budget for the switch.
D. The guard-band is insufficient.
Correct Answer: C
Section: (none)
Explanation
QUESTION 97
You are troubleshooting an LLDP neighbor and cannot see the IP address of the neighboring EX Series switch.
What is causing the problem?
A. A VLAN interface must be configured under the [edit vlans] hierarchy.

B. IP addresses are not sent in any LLDP TLVs.
C. A management address must be configured under the [edit protocols lldp] hierarchy.
D. You must enable LLDP-MED.
Correct Answer: C
Section: (none)
Explanation
QUESTION 98
A network administrator is configuring CoS on a switch and assigns forwarding classes shown below:
class-of-service {
forwarding-classes {
class best-effort queue-num 0;
class bulk-data queue-num 1;
class critical queue-num 3;
class voice queue-num 6;
class call-signal queue-num 3;
}
}
Based on the configuration, which action prioritizes call-signal traffic over critical traffic?
A. Assign call-signal traffic and critical traffic to different schedulers.

B. Assign call-signal traffic and critical traffic to different scheduler maps.
C. Assign a loss priority of high to the packets in the critical forwarding class and set priority high in the scheduler configuration.
D. Assign a loss priority of high to the packets in the critical forwarding class and configure drop profiles in the scheduler configuration.
Correct Answer: D
Section: (none)
Explanation
QUESTION 99
On SRX Series devices, in which order does CoS process ingress packets?
A. multifield classifier, policer, forwarding policy, behavior aggregate classifier

B. multifield classifier, forwarding policy, policer, behavior aggregate classifier
C. behavior aggregate classifier, policer, multifield classifier, forwarding policy
D. behavior aggregate classifier, multifield classifier, policer, forwarding policy
Correct Answer: D
Section: (none)
Explanation
QUESTION 100
You just configured an interface as an access port and it is up and passing traffic. However, you notice that all traffic transiting this interface is being classified as
best effort.
Which default BA classifier is causing this behavior?
A. ieee8021p-default
B. ieee8021p-untrust
C. dscp-default
D. dscp-ipv6-default
Correct Answer: B
Section: (none)
Explanation
QUESTION 101
You notice that an interface receiving traffic from multiple devices with no user-configured CoS parameters has been assigned the ieee802.1p-default classifier.
What is the port type assigned to this interface?
A. access port
B. tagged access port
C. trunk port
D. designated port
Correct Answer: C
Section: (none)
Explanation
QUESTION 102
-- Exhibit --
[edit class-of-service]
drop-profiles {
test-drop {
fill-level 20 drop-probability 35;
}
}
-- Exhibit --

According to the configuration shown in the exhibit, what percentage of the traffic will be dropped when the queue fill level reaches 65 percent?
A. 25
B. 50
C. 58
D. 60
Correct Answer: D
Section: (none)
Explanation
QUESTION 103
You are asked to implement CoS on an EX Series switch. You attempt to configure the priority for the voice and data queue schedulers to medium-high and
medium-low priority, respectively. However, you notice that the only parameters available for the priority is strict high and low.
Why are strict high and low the only available parameters for configuration?
A. The loss priority for the queues must first be set to medium-low and medium-high, respectively.
B. The switch only supports the strict high and low queue priorities.
C. The shared buffer feature must be configured prior to configuring scheduler priority.
D. The scheduler must be applied to an interface prior to configuring scheduler priority.
Correct Answer: B
Section: (none)
Explanation
QUESTION 104
You are asked to configure a CoS weighted tail drop profile on your EX Series switch that causes all traffic in the best effort queue to drop when the queue is 90
percent full.
Which configuration will accomplish this request?
A. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
drop-probability 100;
}
}
B. [edit class-of-service]
drop-profiles {
be_dropp {
interpolate {
fill-level 90;
}
}
}
C. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
}
}
D. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
}
}
Correct Answer: C
Section: (none)
Explanation
QUESTION 105
You must configure a multifield classifier on ge-1/0/0. This classifier must match only TCP traffic from port number 79, set the loss priority to high, and classify the
traffic as expedited- forwarding. The inbound traffic has no previous CoS markings.
Which configuration meets these requirements?
A. [edit firewall]
user@switch# show filter ef_classifier_mf
term 1 {
from {
protocol tcp;
destination-port 79;
}
then {
loss-priority high;
forwarding-class expedited-forwarding;
}
[...]
}
B. [edit firewall]
term 1 {
from {
protocol tcp;
source-port 79;
}
then {
loss-priority high;
}
[...]
}
C. [edit firewall]
term 1 {
from {
protocol tcp;
destination-port 79;
}
then {
loss-priority low;
}
[...]
}
D. [edit firewall]
term 1 {
from {
protocol tcp;
source-port 79;
dscp ef;
}
then {
loss-priority high;
accept;
}
[...]
}
Correct Answer: B
Section: (none)
Explanation
QUESTION 106
You are asked to reconfigure a CoS scheduler to limit the assured forwarding queue to a maximum of 75 percent of the available bandwidth. The assured
forwarding queue uses a strict high priority queue.
Which configuration parameter accomplishes this task?
A. transmit-rate percent 75
B. buffer-size percent 75
C. shaping-rate percent 75
D. shared-buffer percent 75
Correct Answer: C
Section: (none)
Explanation
QUESTION 107
You are asked to configure an interface policer. You must ensure when the bandwidth limit and burst size are exceeded, that the packet receives a CoS parameter
which increases the probability that the packet will be dropped if the queues are congested.
Which policer action will accomplish this requirement?
A. dscp 0
B. loss-priority high
C. ip-precedence 0
D. loss-priority low
Correct Answer: B
Section: (none)
Explanation
QUESTION 108
You must troubleshoot a CoS issue on an Ethernet interface which has been observed to drop packets in the best effort queue. You must determine whether the
dropped packets are tail drops.
Which CLI command output accomplishes this task?

A. show class-of-service interface
B. show interfaces queue <interface_name>
C. show interfaces <interface_name> extensive
D. show class-of-service forwarding-class best-effort
Correct Answer: B
Section: (none)
Explanation
QUESTION 109
What are two benefits of configuring OSPF database protection? (Choose two.)
A. Protects the LSDB from being flooded by excessive LSA flooding.

B. Provides intra-area route filtering and route summarization.
C. Allows the device to participate in OSPF routing but not be used for transit traffic.
D. Limits the number of LSAs in the LSDB (excluding those generated by the local router).
Correct Answer: AD
Section: (none)
Explanation
QUESTION 110
Area 1 is configured as an NSSA with no summaries.
Which three types of LSAs are allowed in Area 1's database? (Choose three.)
A. Type 1
B. Type 2
C. Type 3
D. Type 5
E. Type 7
Correct Answer: ABE

Section: (none)
Explanation
QUESTION 111
-- Exhibit
-- Exhibit --
Referring to the exhibit, and given that no other BGP manipulation has been configured, how is traffic influenced from R1 to R3?
A. Traffic is load-balanced across both paths.

B. Traffic is preferred through AS 2493.
C. Traffic is preferred through AS 8841.
D. Traffic prefers the path with the lowest local preference.
Correct Answer: C
Section: (none)
Explanation
QUESTION 112
You are asked to establish a single EBGP peering across two physical interfaces to your ISP.
Which BGP feature should you use?
A. multipath
B. multihop
C. accept-remote-nexthop
D. allow
Correct Answer: B
Section: (none)
Explanation
QUESTION 113
-- Exhibit
-- Exhibit --
Referring to the exhibit, routers A, B, and C are in the same BGP AS 100. Router A prefers to route traffic through Router C.
Which BGP attribute would you configure to ensure this behavior?
A. as-path-prepend
B. local-preference
C. metric
D. weight
Correct Answer: B
Section: (none)
Explanation
QUESTION 114
Which two statements are true about SSM implementations on Junos devices? (Choose two.)
A. There is no need for an RP.

B. The multicast receiver's DR must have IGMPv3 enabled.
C. SSM traffic must use the 232/8 range.
D. ASM and SSM implementations can coexist in the same network.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 115
-- Exhibit
-- Exhibit --
You are asked to allow a customer to tunnel STP BPDUs from Customer Switch1 to Customer Switch2 for VLAN 300 on S-VLAN v500. You have administrative
access to SW1 and SW3, but not SW2.
Referring to the exhibit, which three configuration statements must be added to SW1 to allow ingress STP BPDUs on port ge-0/0/16 to pass to SW3 for VLAN 300
only? (Choose three.)
A. set vlans v500 vlan-id 500 interface ge-0/0/16.0 mapping 300 swap
B. set vlans v500 vlan-id 500 dot1q-tunneling layer2-protocol-tunneling stp
C. set vlans v500 vlan-id 500 interface ge-0/0/16.0 mapping 300 push
D. set ethernet-switching-options dot1q-tunneling ether-type 0x8100
E. set vlans v500 vlan-id 500 interface ge-0/0/20.0 mapping 300 push
Correct Answer: BCD

Section: (none)
Explanation
QUESTION 116
-- Exhibit --
[edit protocols]
user@switch# commit
[edit protocols ]
'mstp'
Another xSTP protocol is enabled
error : Another xSTP protocol is enabled
-- Exhibit --
Referring to the exhibit, a customer is receiving an error while committing the operation on the switch.
What are two reasons for this problem? (Choose two.)
A. VSTP and RSTP are both configured.

B. MSTP and RSTP are both configured.
C. Only STP is configured.
D. MSTP and STP are both configured.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 117
-- Exhibit --
user@SwitchA# show protocols mstp
msti 1 {
vlan [10 20];
}
msti 2 {
bridge-priority 8k;
vlan [30 40];
}
user@SwitchB# show protocols mstp

bridge-priority 8k;
msti 1 {
vlan [10 20];
}
msti 2 {
bridge-priority 8k;
vlan [30 40];
}
user@SwitchA>monitor traffic interface xe-0/0/0 no-resolve extensive

10:36:00.594220 Out STP 802.1s, Rapid STP, CIST Flags [Forward, Agreement], CIST bridge-id 4000.5c:5e:ab:72:da:41.8215, length 118
message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s CIST root-id 4000.5c:5e:ab:72:da:41, ext-pathcost 0 int-pathcost 0, port-role
Designated CIST regional-root-id 4000.5c:5e:ab:72:da:41
MSTP Configuration Name regio-2, revision 0, digest ca136a235706b316c8db8f921067a68f CIST remaining-hops 20
MSTI 1, Flags [Proposal, Forward, Agreement], port-role Designated MSTI regional-root-id 4001.5c:5e:ab:72:da:41, pathcost 0 MSTI bridge-prio 4, port-prio 8,
hops 2010:36:00.594220
10:36:00.594223 Out 802.1s, Rapid STP, CIST Flags [Forward, Agreement], CIST bridge-id 4000.5c:5e:ab:72:da:41.8215, length 118
message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s CIST root-id 4000.5c:5e:ab:72:da:41, ext-pathcost 0 int-pathcost 0, port-role
Designated CIST regional-root-id 4000.5c:5e:ab:72:da:41
MSTP Configuration Name regio-2, revision 0, digest ca136a235706b316c8db8f921067a68f CIST remaining-hops 20
MSTI 1, Flags [Proposal, Forward, Agreement], port-role Designated MSTI regional-root-id 4001.5c:5e:ab:72:da:41, pathcost 0 MSTI bridge-prio 4, port-prio 8,
hops 20
-- Exhibit --
Referring to the exhibit, a customer notices that MSTP is not converging on MSTI 2. To troubleshoot the problem, the customer captured traffic on the link (xe-
0/0/0) of SwitchA connecting to SwitchB.
Which two situations would cause the problem? (Choose two.)
A. MSTI 1 and MSTI 2 are part of the same MSTP region.

B. The bridge priority value of the MSTI 2 is the same on SwitchA and SwitchB.
C. VLAN 30 and VLAN 40 are not configured on SwitchA.
D. VLAN 30 and VLAN 40 are not members of trunk link xe-0/0/0 on SwitchA.
Correct Answer: CD
Section: (none)
Explanation
QUESTION 118
You are asked to implement a captive portal on your EX Series switches.
What are three required steps? (Choose three.)
A. You must create the captive portal login page.

B. You must ensure the Web service is turned on.
C. You must specify the interfaces participating in the captive portal.
D. You must create and apply an authentication profile.
E. You must create an authentication whitelist.
Correct Answer: BCD

Section: (none)
Explanation
QUESTION 119
-- Exhibit --
Controller Maximum Power Guard Management Status Lldp index power consumption band Priority
0 792.00W 603.50W 0W Class AT_MODE Disabled
-- Exhibit --
A. The switch supports PoE+.

B. The switch is protected against spikes in power demand.
C. The switch supports a maximum power draw per PoE port of 15.4 watts.
D. The switch can manually assign priorities per interface.
Correct Answer: A
Section: (none)
Explanation
QUESTION 120
You are configuring port ge-0/0/0 on an EX Series switch connected to an IP phone that does not support LLDP-MED.
Which three configuration statements do you need to accomplish this task? (Choose three.)
A. set interfaces ge-0/0/0 unit 0 family ethernet-switching native-vlan-id voice-vlan

B. set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members voice-vlan
C. set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members data-vlan
D. set interfaces ge-0/0/0 unit 0 family ethernet-switching native-vlan-id data-vlan
E. set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
Correct Answer: BDE

Section: (none)
Explanation
QUESTION 121
You are configuring CoS classifiers and want to use both BA and MF classification. After applying the configuration, you realize that the classifiers have a conflict.
Which statement is true?
A. BA classification overrides MF classification.

B. MF classification overrides BA classification.
C. Neither classification method is applied.
D. Both classifications are applied randomly.
Correct Answer: B
Section: (none)
Explanation
QUESTION 122
On your EX Series switch you must configure a delay buffer for the best effort queue scheduler named BE-sch which restricts the buffer usage to only 25 percent of
the available buffer size.
Which configuration statement will accomplish this task?
A. [edit class-of-service schedulers BE-sch]

user@switch# set buffer-size buffer-size temporal 25
B. [edit class-of-service schedulers BE-sch]
user@switch# set buffer-size buffer-size temporal 25 exact
C. [edit class-of-service schedulers BE-sch]
user@switch# set buffer-size percent 25
D. [edit class-of-service schedulers BE-sch]
user@switch# set buffer-size exact percent 25
Correct Answer: D
Section: (none)
Explanation
QUESTION 123
A user complains about connectivity problems from their IP address (10.1.1.87) to a server (10.65.1.100).
Which Junos command can help verify connectivity in the network? (Choose Two)
A. mroute
B. traceoptions
C. ping
D. clear bgp neighbor
Correct Answer: BC
Section: (none)
Explanation
QUESTION 124
Port authentication falls back to Captive Portal.
In which two scenarios would the port authentication move back to 802.1X? (Choose two.)
A. if any MAC RADIUS request packet is received on the interface and if there are no sessions in authenticated/authenticating state
B. if Captive Portal is deactivated on the interface
C. if the user gets logged out
D. if the EAP packet is received on the interface and if there are no sessions in authenticated/authenticating state
Correct Answer: BD
Section: (none)
Explanation
QUESTION 125
A network routes IPv4 traffic only. You want to add IPv6 to the network, but you must use a single IGP for both IPv4 and IPv6 traffic.
Which protocol meets this requirement?
A. OSPFv2
B. BGPv4
C. ES-ISv1
D. OSPFv3
Correct Answer: D
Section: (none)
Explanation
QUESTION 126
A Layer 2 forwarding loop occurred on your network during a scheduled maintenance period.
You must prevent this behavior in the future.
Which protocol should you enable on the EX Series switch to address this condition in the future?
A. DVMRP
B. L2TPv3
C. STP
D. RSVP
Correct Answer: C
Section: (none)
Explanation
QUESTION 127
You have implemented 802.1X authentication in your Layer 2 network and you have only a single RADIUS server. You are asked to ensure that if the RADIUS
server becomes unreachable or fails, users connected to the ge-0/0/0 port are still able to reach the Internet using a predefined guest VLAN.
Which command allows this access?
A. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail vlan guest
B. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 server-fail vlan-name guest
C. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 auth-fail assign-vlan guest
D. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail assign guest
Correct Answer: B
Section: (none)
Explanation
QUESTION 128
Which option is a valid IPv6 multicast address?
A. fe80::205:8640:471:3200/64
B. ::172.16.0.5/126
C. ff03:365:ba::23
D. ff01:cgfc:345::226:8ff:fee4:bf6f
Correct Answer: C
Section: (none)
Explanation
QUESTION 129
A company is deploying a new 802.1X port-based security infrastructure to allow users to access resources through wired Ethernet ports. However they recently
deployed an RSA token-based system for users to connect remotely. The network administrator wants to reuse the same security database for 802.1X port-based
security.
Which 802.1X authentication protocol is required?
A. EAP-TLS
B. LAN-PEAP
C. RSA-EAP
D. EAP-TTLS
Correct Answer: D
Section: (none)
Explanation
QUESTION 130
Which protocol reachability is advertised by OSPFv2?
A. IPv4
B. IPv5
C. IPv6
D. ISO
Correct Answer: A
Section: (none)
Explanation
QUESTION 131
Which AS path regular expression matches only routes originated in your AS?
A. "6573.*"
B. ".*"
C. "{"
D. "^$"
Correct Answer: D
Section: (none)
Explanation
QUESTION 132
Voice traffic is coming in on UDP port 17689. This traffic must be classified into the expedited- forwarding forwarding class.
Which type of classifier is needed?
A. code point alias

B. rewrite marker
C. multifield
D. behavior aggregate
Correct Answer: C
Section: (none)
Explanation
QUESTION 133
Which three attributes must a BGP update contain? (Choose three.)
A. next-hop
B. MED
C. origin
D. AS-path
E. local preference
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 134
You must configure your access switch with more than 3000 VLANs and you want the ability to load-balance across them.
Which spanning-tree approach has the least impact on control-plane performance?
A. Configure your access switch with a load-balancing policy and apply it under [edit protocols rstp].
B. Configure your access switch for Rapid-PVST+.
C. Configure your access switch for MSTP, incorporating the use of MSTIs.
D. Configure your access switch for both VSTP and RSTP.
Correct Answer: C
Section: (none)
Explanation
QUESTION 135
You are implementing MSTP in your network.
Which three values must match on all switches within the MST region? (Choose three)
A. Context identifier
B. Region name
C. VLANs
D. Revision
E. Configuration manifest
Correct Answer: BCD

Section: (none)
Explanation
QUESTION 136
You have been asked to implement a private VLAN with two community VLANs. This private VLAN will be confined to a single switch in your Layer 2 network. This
private VLAN, along with other VLANs configured on the switch, will require gateway services provided through a connected router.
Which statement about this deployment is true?
A. All isolated ports must be configured as trunk ports.

B. A minimum of one promiscuous trunk port is required.
C. Both community VLANs must have an assigned VLAN IDs.
D. A minimum of one private VLAN trunk port is required.
Correct Answer: B
Section: (none)
Explanation
QUESTION 137
During the BGP route-resolution process, the Junos OS must calculate the appropriate next-hop based on the BGP protocol next-hop attribute.
Which two routing tables are checked during this process in a default Junos configuration? (Choose two.)
A. inet.0
B. inet.1
C. inet.2
D. inet.3
Correct Answer: AD
Section: (none)
Explanation
QUESTION 138
You have a requirement for a device to provide 20 W of power over Ethernet.
What meets this requirement?
A. Bond two standard PoE ports together to achieve 30.8 W of power.

B. Install an external redundant power supply in the switch to increase the total power load.
C. Select a switch that has PoE+ support.
D. Enable LLDP-MED to transfer power from other switches.
Correct Answer: C
Section: (none)
Explanation
QUESTION 139
R1 has an OSPF adjacency with R2 over a point-to-point link.
Which three statements about the advertisements for this link in the Type 1 (Router) LSA generated by R1 are true? (Choose three.)
A. It has a value in the link ID field with R2's interface IP address.

B. It has a value in the link ID field with R2's router ID.
C. It has a link-type of point-to-point (Type 1).
D. It has a link-type of Transit (Type 2).
E. It has a link-type of stub (Type 3).
Correct Answer: BCE

Section: (none)
Explanation
QUESTION 140
What is the significance of the multicast address range 224.0.0.1 through 224.0.0.254?
A. They have link-local scope.

B. They have administrative region scope.
C. They are reserved for future use.
D. They have a scope of two or more hops from a router.
Correct Answer: A
Section: (none)
Explanation
QUESTION 141
You must prioritize VoIP packets on your network.
Which feature will accomplish this goal?
A. RSVP
B. Multicast Routing
C. VPLS
D. Class of Service
Correct Answer: D
Section: (none)
Explanation
QUESTION 142
You notice that a number of IGMP leave group messages are passing through a BMA network and are impacting the network's performance.
What would you do to resolve this issue without affecting multicast traffic?
A. Apply an import policy to control leave group messages.

B. Suppress group-specific queries.
C. Suppress generic IGMP queries.
D. Enable promiscuous-mode in IGMP.
Correct Answer: B
Section: (none)
Explanation
QUESTION 143
A network administrator is configuring CoS on a switch and assigns forwarding classes call-sig and critical to the same queue number per the configuration below:
class-of-service {
forwarding-classes {
class best-effort queue-num 0;
class bulk-data queue-num 1;
class critical queue-num 3;
class voice queue-num 6;
class call-sig queue-num 3;
}
}
Based on the configuration, which option prioritizes call-sig traffic over critical traffic?
A. Assign call-sig and critical to different schedulers.

B. Assign call-sig and critical to different scheduler maps.
C. Assign a loss priority of high to the packets in the critical forwarding class and configure drop profiles in the scheduler configuration.
D. Assign a loss priority of high to the packets in the critical forwarding class and set priority high in the scheduler configuration.
Correct Answer: C
Section: (none)
Explanation
QUESTION 144
A Layer 2 transparent firewall separates two OSPFv3 routers. For the two OSPFv3 routers to form an adjacency, which protocol must be permitted on the firewall?
A. IPv4 protocol 89
B. IPv6 protocol 89
C. TCP port 89
D. UDP port 89
Correct Answer: B
Section: (none)
Explanation
QUESTION 145
In MSTP, which two factors determine the root bridge in each region? (Choose two.)
A. The switch with the higher priority becomes the root bridge.
B. The switch with the lower priority becomes the root bridge.
C. The switch with the lower MAC address becomes the root bridge when priorities are tied.
D. The switch with the higher MAC address becomes the root bridge when priorities are tied.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 146
Which two LSA types are only generated by an ABR router? (Choose two.)
A. ASBR summary LSA (Type 4)

B. ASBR LSA (Type 5)
C. Summary LSA (Type 3)
D. Router LSA (Type 1)
Correct Answer: AC
Section: (none)
Explanation
QUESTION 147
Which two statements about MVRP on EX Series switches are true? (Choose two.)
A. MVRP can add VLANs on access interfaces.

B. MVRP can add VLANs on trunk interfaces.
C. MVRP adds VLANs on MVRP-enabled interfaces by default.
D. MVRP is in transparent mode on MVRP-enabled interfaces by default.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 148
A company's security policy does not allow outside computers or smart phones into their work areas. All company-provided computers are strictly controlled using
802.1X authentication on all of their switches. All computers obtain DHCP IP addresses from centralized servers and all switches have IP spoofing enabled.
However, one of the computers was able to send IP spoofed packets.
Why did the IP spoof feature fail to prevent the spoofed packets from being forwarded?
A. The IP source guard database timeout was set too low.

B. The DHCP snooping feature was not enabled on any of the switches.
C. IP source guard does not prevent IP spoof attacks; you need to configure the Dynamic ARP Inspection feature.
D. 802.1X feature was not enabled on the port that was directly connected to the infected computer.
Correct Answer: B
Section: (none)
Explanation
QUESTION 149
What is a valid router ID configuration for OSPFv3 in the Junos OS?
A. set routing-options router-id 2001:1:2::1

B. set protocols ospf3 router-id fe80:223:2887:ab31::1
C. set routing-options router-id 224.1.0.1
D. set protocols ospf3 router-id 10.8.3.9
Correct Answer: C
Section: (none)
Explanation
QUESTION 150
You are setting up a new switch in your network that is using MSTP. You have configured all access ports as edge ports, and you want to make sure that the
access ports can never transition to nonedge ports.
How can you meet this requirement?
A. Configure the interfaces as shared.

B. Configure the hello-time option as zero.
C. Configure the interfaces as a no-root-port.
D. Configure bpdu-block-on-edge.
Correct Answer: D
Section: (none)
Explanation
QUESTION 151
When using PIM-SM in ASM mode, which two events trigger the creation of a shortest-path tree? (Choose two.)
A. Multicast traffic received at the receiver's designated router (DR).

B. PIM join received at the receiver's designated router (DR).
C. PIM join received at the source designated router (DR).
D. PIM registers received by the rendezvous point (RP).
Correct Answer: AD
Section: (none)
Explanation
QUESTION 152
A coffee shop offering free Internet service to customers wants to implement the following security policies:
1. Every customer must agree to a set of terms and conditions before accessing the Internet.
2. Log out customers that are logged in for more than one hour.
3. Log out customers that are idle for more than 5 minutes.
4. Authenticate employee desktop computers with known hardware addresses in the office of the coffee shop to access the Internet without the above restrictions.
The following configuration has been applied to the switch:
set access radius-server 172.16.14.26 port 1812

set access radius-server 172.16.14.26 secret Am@zingC00f33 set access profile dot1x authentication-order radius set access profile dot1x radius authentication-
server 172.27.14.226
What would you add to implement these policies?
A. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x
authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0
set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services
captive-portal custom-options banner-message "Terms and Conditions of Use"
B. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator authentication-profile-name dot1x set services
captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0
C. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x
authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0
set services captive-portal interface ge-0/0/12.0 idle-timeout 300 set services captive-portal interface ge-0/0/12.0 user-timeout 3600 set services captive-portal
secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-
options banner-message "Terms and Conditions of Use"
D. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x
authenticator interface ge-0/0/12.0 idle-timeout 300 set protocols dot1x authenticator interface ge-0/0/12.0 user-timeout 3600 set protocols dot1x authenticator
authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0
Correct Answer: A
Section: (none)
Explanation
QUESTION 153
What is an IP multicast routing protocol?
A. RSVP
B. OSPF
C. PIM
D. CDP
Correct Answer: C
Section: (none)
Explanation
QUESTION 154
Which version of BGP would an enterprise use to peer with an ISP?
A. Confederation BGP
B. External BGP
C. Internal BGP
D. Labeled-Unicast
Correct Answer: B
Section: (none)
Explanation
QUESTION 155
You are setting up a new switch in your network that is using MSTP. You want to make sure that any port connected to a host starts forwarding traffic immediately.
How can you meet this requirement?
A. Configure the interfaces as point-to-point.

B. Configure the interfaces as edge.
C. Configure the forward-delay option as zero.
D. Configure the interfaces as shared.
Correct Answer: B
Section: (none)
Explanation
QUESTION 156
You have been asked to implement 802.1X in your network and to ensure that all authorized users continue to be permitted should the RADIUS server fail.
Which solution will satisfy this requirement?
A. Implement the persistent MAC feature with the override option.

B. Implement the server fail fallback feature with the use-cache option.
C. Implement the persistent MAC feature with the use-cache option.
D. Implement the server fail fallback feature with the override option.
Correct Answer: B
Section: (none)
Explanation
QUESTION 157
How does an administrator block IGMP reports for the 239.0.0.0/8 group range?
A. Create a routing policy and apply it to IGMP using the group-policy feature.
B. Create a routing policy and apply it to IGMP using the report-policy feature.
C. Create a routing policy and apply it to IGMP as export.
D. Create a routing policy and apply it to IGMP as import.
Correct Answer: A
Section: (none)
Explanation
QUESTION 158
You have been asked to implement a private VLAN with two community VLANs. This private VLAN must span multiple switches in your Layer 2 network.
Which two statements about this deployment are true? (Choose two.)
A. All isolated ports must be configured as trunk ports.

B. A minimum of one promiscuous trunk port is required.
C. Both community VLANs must have assigned VLAN IDs.
D. A minimum of one private VLAN trunk port is required.
Correct Answer: CD
Section: (none)
Explanation
QUESTION 159
Which configuration parameter causes a router to ignore router ID and peer ID from the BGP route selection algorithm?
A. multihop
B. as-path loops
C. multipath
D. next-hop self
Correct Answer: C
Section: (none)
Explanation
QUESTION 160
If your WAN-edge router is multihomed to different ISPs, which two BGP attributes would you modify to affect outbound traffic? (Choose two.)
A. MED
B. origin
C. local preference
D. community
Correct Answer: BC
Section: (none)
Explanation
QUESTION 161
A medium-sized enterprise has some devices that are 802.1X capable and some that are not. Any device that fails authentication must be provided limited access
through a VLAN called NONAUTH.
How do you provide this access?
A. Configure NONAUTH VLAN as the guest VLAN.

B. Configure NONAUTH VLAN as the server-reject VLAN.
C. Configure NONAUTH VLAN as the guest VLAN and the server-reject VLAN.
D. Configure a separate VLAN for each type of user: 802.1X and non-802.1X.
Correct Answer: C
Section: (none)
Explanation
QUESTION 162
When using PIM-SM in SSM mode, which event triggers the creation of a shortest-path tree?
A. Multicast traffic received at the receiver's designated router (DR).

B. An IGMPv3 report received at the receiver's designated router (DR).
C. Multicast traffic received at the rendezvous point (RP).
D. An IGMPv3 report received at the source's designated router (DR).
Correct Answer: B
Section: (none)
Explanation
QUESTION 163
Which statement regarding LLDP update messages is correct?
A. Updates can be secured using the MD5 algorithm.

B. Updates are advertised every 60 seconds by default.
C. Updates require bidirectional communication.
D. Updates can be triggered by local changes.
Correct Answer: D
Section: (none)
Explanation
QUESTION 164
When 802.1X, MAC-RADIUS, and Captive Portal are enabled on an interface, which authentication sequence occurs?
A. The authentication sequence is based on the order of the configuration.

B. If MAC-RADIUS is rejected, Captive Portal will start. If Captive portal is timed out, 802.1X will start.
C. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is timed out by the RADIUS server, then Captive Portal will start.
D. If 802.1X times out, then MAC-RADIUS will start. If MAC-RADIUS is rejected by the RADIUS server, then Captive Portal will start.
Correct Answer: D
Section: (none)
Explanation
QUESTION 165
You are troubleshooting a problem on interface ge-0/0/3.
Which command shows statistics in real time?
A. show interfaces statistics

B. monitor interface statistics ge-0/0/3
C. monitor interface traffic
D. monitor traffic interface ge-0/0/3
Correct Answer: C
Section: (none)
Explanation
QUESTION 166
Which CoS component helps with TCP global synchronization problems?
A. WRR with rewrite rules
B. WRED with drop profiles
C. tail drop profiles with a behavior aggregate classifier
D. exact term with a scheduler
Correct Answer: B
Section: (none)
Explanation
QUESTION 167
You want to control bursts of HTTP traffic entering your SRX Series Gateway. To support varying requirements, interfaces ge-0/0/0 through ge-0/0/3 should each
be rate-limited separately, using the same parameters.
What is the correct way to meet these requirements?
A. Configure a single policer and apply it directly on the appropriate interfaces.

B. Configure four policers and apply each one directly on the appropriate interface.
C. Configure a policer and reference it in a firewall filter that uses the interface-specific option; apply the filter to the appropriate interfaces.
D. Configure four policers and reference them all in a firewall filter; apply the filter to the appropriate interfaces.
Correct Answer: C
Section: (none)
Explanation
QUESTION 168
You are configuring BGP peering with a neighboring AS. Multiple physical links exist between your edge router and the neighboring edge router, and you want a
configuration that supports the highest degree of redundancy.
How can you implement this scenario?
A. Configure multiple peerings between the routers' physical interfaces.

B. Use the multipath feature.
C. Configure multiple peerings between the routers' logical interfaces.
D. Use the multihop feature.
Correct Answer: D
Section: (none)
Explanation
QUESTION 169
An OSPF router is an ABR but not an ASBR.
Which three types of LSAs would you expect this router to generate? (Choose three.)
A. Type 1 LSA
B. Type 3 LSA
C. Type 4 LSA
D. Type 5 LSA
E. Type 6 LSA
Correct Answer: ABC

Section: (none)
Explanation
QUESTION 170
-- Exhibit --
user@R1> show configuration protocols pim rp

local {
address 192.168.3.1;
}
auto-rp discovery;
static {
address 192.168.5.1;
}
user@R1> show route 192.168.0.0/16
inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both
192.168.2.1/32 *[Direct/0] 3w4d 04:58:14

> via lo0.0
192.168.5.1/32 *[OSPF/10] 00:52:25, metric 1
> via lt-0/0/0.0
192.168.10.1/32 *[OSPF/10] 00:48:06, metric 1
> via lt-0/0/0.2
192.168.50.1/32 *[OSPF/10] 00:48:06, metric 1
> via lt-0/0/0.4
-- Exhibit --
Router R1 in the exhibit is receiving auto-RP announce messages specifying an RP of 192.168.10.1 and BSR messages specifying an RP-set with an RP of
192.168.50.1.
Which address will R1 use as the RP for traffic destined to the 224.1.1.1 multicast group?
A. 192.168.3.1
B. 192.168.5.1
C. 192.168.10.1
D. 192.168.50.1
Correct Answer: D
Section: (none)
Explanation
QUESTION 171
-- Exhibit
-- Exhibit --
In the exhibit, customers connected to Area 3 must have access to external prefixes received from the data center connected to the router in Area 1. These
configurations are currently applied to the routers in Area 1:
{master:0}[edit]
user@Area-1-ABR# show protocols ospf
no-nssa-abr;
area 0.0.0.1 {
nssa;
}
{master:0}[edit]
user@Area-1-External# show protocols ospf
area 0.0.0.1 {
stub no-summaries;
}
What must you change for these configurations to work?
A. Configure the ABR router in Area 1 to support a virtual link.

B. Delete no-summary-lsa from the ABR router in Area 1.
C. Configure the external router in Area 1 for NSSA.
D. Configure the ABR in Area 1 for a default LSA with a default-metric of 10 and no- summaries.
Correct Answer: C
Section: (none)
Explanation
QUESTION 172
-- Exhibit --
20.0.0.0/8 *[BGP/170] 01:10:38, localpref 100, from 10.0.0.1 AS path: 100 I

> to 15.0.0.2 via ge-0/0/0.0
[BGP/170] 00:00:59, localpref 100
AS path: 100 ?
> to 35.0.0.2 via ge-0/0/1.0
-- Exhibit --
Referring to the output in the exhibit, why does the router prefer the path toward interface ge- 0/0/0.0 for the 20.0.0.0/8 route?
A. The origin is IGP.

B. The origin is unknown.
C. The AS path is longer.
D. Multihop is enabled.
Correct Answer: A
Section: (none)
Explanation
QUESTION 173
-- Exhibit --
Interface State Area DR ID BDR ID Nbrs

em2.0 DR 0.0.0.2 10.94.164.116 10.1.1.1 1
TypE. LAN, Address: 11.1.1.2, Mask: 255.255.255.252, MTU: 1500, Cost: 1 DR addr: 11.1.1.2, BDR addr: 11.1.1.1, Priority: 128 Adj count: 1
Hello: 10, DeaD. 40, ReXmit: 5, Stub
Auth typE. None
Protection typE. None
Topology default (ID 0) -> Cost: 1
-- Exhibit --
A. The OSPF cost of the interface is 128.

B. The authentication type of the area is MD5.
C. This interface is part of a stub area.
D. This router is the BDR.
Correct Answer: C
Section: (none)
Explanation
QUESTION 174
-- Exhibit --
user@switch# run show spanning-tree statistics interface ge-0/0/0
STP interface statistics for VLAN 10

Interface BPDUs sent BPDUs received Next BPDU
transmission
ge-0/0/0.0 170 3 0
STP interface statistics for VLAN 20

Interface BPDUs sent BPDUs received Next BPDU
transmission
ge-0/0/0.0 171 3 0
-- Exhibit --
Based on the exhibit, which spanning-tree protocol is running on ge-0/0/0?
A. VSTP
B. MSTP
C. RSTP
D. PVST
Correct Answer: A
Section: (none)
Explanation
QUESTION 175
-- Exhibit
-- Exhibit --
Given the topology in the exhibit, which two statements related to the Q-in-Q tunneling implementation are true? (Choose two.)
A. The ge-0/0/0 interface on Provider Bridge A must be configured as an access port.

B. The ge-0/0/0 interface on Provider Bridge A must be configured as a trunk port.
C. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID 100.
D. Provider Bridge B will make forwarding decisions using a MAC table associated with VLAN ID 200.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 176
-- Exhibit
-- Exhibit --
You are implementing Q-in-Q tunneling to connect R1 and R2 using the configurations shown in the exhibit.
What must be changed on Switch_A to allow both Dot1q-tunneling VLANs and non-Dot1q- tunneling VLANs on the same trunk interface?
A. Change the Dot1q-tunneling Ethertype to 0x9100.

B. Change the Dot1q-tunneling Ethertype to 0x88a8.
C. Change the Dot1q-tunneling Ethertype to 0x8100.
D. Change the Dot1q-tunneling Ethertype to 0x98a8.
Correct Answer: C
Section: (none)
Explanation
QUESTION 177
-- Exhibit
-- Exhibit --
In the exhibit, Host2 is the only host currently joining group 231.1.1.1, but S1 is still flooding the traffic to all hosts on VLAN 100.
What feature can be configured on S1 to limit the multicast flooding of traffic to only interested hosts on VLAN 100?
A. Multicast scoping
B. IGMP snooping
C. Multicast VLAN registration
D. IGMP immediate leave
Correct Answer: B
Section: (none)
Explanation
QUESTION 178
-- Exhibit --
{master:0}[edit]
user@switch# show protocols vstp
vlan 100;
{master:0}[edit]
user@switch# run show spanning-tree bridge
Context ID : 1
Enabled protocol : RSTP
STP bridge parameters for VLAN 100

Root ID : 32868.50:c5:8d:ae:94:80
Message age : 0
Local parameters
Bridge ID : 32868.50:c5:8d:ae:94:80
{master:0}[edit]
user@switch# run show spanning-tree interface
{master:0}[edit]
user@switch#
-- Exhibit --
Based on the output shown in the exhibit, why is VSTP not working for VLAN 100?
A. No interfaces are assigned to VLAN 100.

B. Your MSTI is misconfigured.
C. RSTP is configured in addition to VSTP.
D. No native VLAN is configured.
Correct Answer: A
Section: (none)
Explanation
QUESTION 179
-- Exhibit
-- Exhibit --
Referring to the exhibit, what is the correct RPF path toward the multicast source from R6?
A. R6-R5
B. R6-R7-R4-R5
C. R6-R4-R5
D. R6-R4-R3-R2-R5
Correct Answer: A
Section: (none)
Explanation
QUESTION 180
-- Exhibit --
{master:0}[edit]
user@switch# show ethernet-switching-options voip
vlan phones;
}
{master:0}[edit]
unit 0 {
port-mode access;
vlan {
members internet;
}
}
}
{master:0}[edit]
hr {
vlan-id 513;
}
internet {
vlan-id 15;
}
phones {
vlan-id 25;
}
servers {
vlan-id 30;
}
{master:0}[edit]
description uplink;
unit 0 {
port-mode trunk;
vlan {
members [ hr internet ];
}
}
}
-- Exhibit --
You have recently implemented a Layer 2 network designed to support VoIP. Users have reported that they cannot use their IP phones to make calls.
Based on the switch configuration shown in the exhibit, which command will resolve this issue?
A. set interfaces ge-0/0/23 unit 0 family ethernet-switching vlan members phones

B. set interfaces ge-0/0/16 unit 0 family ethernet-switching port-mode trunk
C. set ethernet-switching-options voip interface ge-0/0/23 vlan phones
D. set vlans phones vlan-id 513
Correct Answer: A
Section: (none)
Explanation
QUESTION 181
-- Exhibit
-- Exhibit --
Based on the SPF calculation in the exhibit, what is the shortest path to reach R3 from R1?
A. R2-R3
B. R2-R5-R4
C. R3
D. R2-R4
Correct Answer: C
Section: (none)
Explanation
QUESTION 182
-- Exhibit --
Mar 16 18:39:15.800390 BGP RECV 172.14.10.2+57785 -> 172.14.10.1+179 Mar 16 18:39:15.800932 BGP RECV message type 1 (Open) length 59 Mar 16
18:39:15.800995 BGP RECV version 4 as 2 holdtime 90 id 192.168.5.1 parmlen 30 Mar 16 18:39:15.801064 BGP RECV MP capability AFI=2, SAFI=1 Mar 16
18:39:15.801112 BGP RECV Refresh capability, code=128 Mar 16 18:39:15.801172 BGP RECV Refresh capability, code=2 Mar 16 18:39:15.801224 BGP RECV
Restart capability, code=64, time=120, flags= Mar 16 18:39:15.801289 BGP RECV 4 Byte AS-Path capability (65), as_num 2 Mar 16 18:39:15.801705 advertising
receiving-speaker only capabilty to neighbor 172.14.10.2 (External AS 2)
Mar 16 18:39:15.801787 bgp_senD. sending 59 bytes to 172.14.10.2 (External AS 2) Mar 16 18:39:15.801845
Mar 16 18:39:15.801845 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785 Mar 16 18:39:15.801933 BGP SEND message type 1 (Open) length 59 Mar 16
18:39:15.801991 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen 30 Mar 16 18:39:15.802054 BGP SEND MP capability AFI=1, SAFI=1 Mar 16
18:39:15.802115 BGP SEND Refresh capability, code=128 Mar 16 18:39:15.802176 BGP SEND Refresh capability, code=2 Mar 16 18:39:15.802227 BGP SEND
Restart capability, code=64, time=120, flags= Mar 16 18:39:15.802292 BGP SEND 4 Byte AS-Path capability (65), as_num 1 Mar 16 18:39:15.802615
bgp_process_caps: mismatch NLRI with 172.14.10.2 (External AS 2):
peer: <inet6-unicast>(16) us: <inet-unicast>(1)
Mar 16 18:39:15.802763 bgp_process_caps:2561: NOTIFICATION sent to 172.14.10.2 (External AS 2): code 2 (Open Message Error) subcode 7 (unsupported
capability) value 1 Mar 16 18:39:15.802913 bgp_senD. sending 23 bytes to 172.14.10.2 (External AS 2) Mar 16 18:39:15.802969
Mar 16 18:39:15.802969 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785 Mar 16 18:39:15.803057 BGP SEND message type 3 (Notification) length 23 Mar 16
18:39:15.803113 BGP SEND Notification code 2 (Open Message Error) subcode 7 (unsupported capability)
Mar 16 18:39:15.803179 BGP SEND Data (2 bytes): 00 01 -- Exhibit --
Looking at the traceoptions output in the exhibit, why is the BGP neighbor not in Established state?
A. BGP refresh is not supported.

B. There is a router ID mismatch.
C. IPv6 is not supported on the local peer.
D. The peer AS number is misconfigured.
Correct Answer: C
Section: (none)
Explanation
QUESTION 183
-- Exhibit
-- Exhibit --

In the exhibit, which statement about the ABR between Area 8 and Area 2 is true?
A. The router has connectivity to all areas.

B. The router has connectivity to Area 8 only.
C. The router has connectivity to Area 2 only.
D. The router has connectivity to all routers in Area 8 and Area 2.
Correct Answer: D
Section: (none)
Explanation
QUESTION 184
-- Exhibit --
user@router> show class-of-service scheduler-map two Scheduler map: two, Index: 56974
Scheduler: sch-best-effort, Forwarding class: best-effort, Index: 26057 Transmit ratE. 1 percent, Rate Limit: exact, Buffer sizE. remainder, Buffer Limit: exact,
Priority: low
Excess Priority: unspecified
Drop profiles:
Loss priority Protocol Index Name
Low any 1 <default-drop-profile>
Medium low any 1 <default-drop-profile>
Medium high any 1 <default-drop-profile>

High any 1 <default-drop-profile>
Scheduler: sch-expedited-forwarding, Forwarding class:

expedited-forwarding, Index: 10026
Transmit ratE. 1 percent, Rate Limit: none, Buffer sizE. 1 percent, Buffer Limit: none, Priority: high
Excess Priority: unspecified
Drop profiles:
Loss priority Protocol Index Name
Low any 1 <default-drop-profile>
Medium low any 1 <default-drop-profile>
Medium high any 1 <default-drop-profile>

High any 1 <default-drop-profile>
user@router> show interfaces ge-0/0/1 extensive | find "CoS Information" CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer
Priority Limit
% bps % usec
0 best-effort 1 10000000 r 0
low exact
1 expedited-forwarding 1 10000000 1 0
high none
Logical interface ge-0/0/1.823 (Index 74) (SNMP ifIndex 506) (Generation 139)
Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.823 ] Encapsulation: ENET2 Traffic statistics:
Input bytes : 1820224529
Output bytes : 6505980
Input packets: 1436371
Output packets: 75905
(... output truncated ...)
user@router> show interfaces ge-0/0/1 extensive | find "Queue Counters" Queue counters: Queued packets Transmitted packets Dropped packets 0 best-effort
1343970 1343970 7105
1 expedited-fo 53987 53987
2 assured-forw 0 0
3 network-cont 0 0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
Active alarms : None
Active defects : None
(... output truncated ...)
-- Exhibit --
Based on the configuration in the exhibit, why are you seeing drops in the best-effort queue on the SRX Series platform?
A. The drop-profile fill level is set too low.

B. Packets are dropped by a firewall policy.
C. The best-effort queue is being shaped.
D. The scheduler is not being applied correctly.
Correct Answer: C
Section: (none)
Explanation
QUESTION 185
-- Exhibit --
[edit protocols bgp]

user@router# show
group ext-peer2 {
type external;
peer-as 1;
neighbor 192.168.2.1;
}

user@router# run show route 192.168.2.1
inet.0: 9 destinations, 10 routes (7 active, 0 holddown, 2 hidden) + = Active Route, - = Last Active, * = Both
192.168.2.1/32 *[Static/5] 00:01:56

> to 172.14.10.1 via ge-0/0/1.0

user@router# run show bgp summary
Groups: 1 Peers: 1 Down peers: 1
Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 0 0 0 0 0 0
inet6.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|
#Active/Received/Accepted/Damped...
192.168.2.1 1 0 0 0 0 14 Idle
-- Exhibit --
Looking at the output in the exhibit, why is the BGP neighbor not in Established state?
A. BGP Refresh is not supported.

B. Multihop is not configured.
C. The peer address is not reachable.
D. Authentication is configured.
Correct Answer: B
Section: (none)
Explanation
QUESTION 186
-- Exhibit --
user@SwitchA# show protocols dot1x

authenticator {
authentication-profile-name dot1x;
interface {
ge-0/0/0.0 {
supplicant single;
}
ge-0/0/1.0 {
supplicant single-secure;
}
ge-0/0/2.0 {
}
}
}
{master:0}[edit]
user@SwitchA# show access
radius-server {
172.27.14.226 {
port 1812;
secret "$9$vqs8xd24Zk.5bs.5QFAtM8X"; ## SECRET-DATA }
}
profile dot1x {
authentication-order radius;
radius {
authentication-server 172.27.14.226;
accounting-server 172.27.14.226;
}
accounting {
order radius;
immediate-update;
}
}
{master:0}[edit]
user@SwitchA#
-- Exhibit --
Referring to the exhibit, which three statements describe correct behavior of Switch A? (Choose three.)
A. Switch A allows complete access to all users connected to port ge-0/0/2 that log in with their correct user credentials.
B. Switch A allows complete access to all users connected to port ge-0/0/0 that log in with their correct user credentials.
C. Switch A allows complete access to the second user that connects to port ge-0/0/1 with its correct credentials only after the first user logs out.
D. Switch A allows complete access to all users connected to port ge-0/0/0 without authentication after the first user has logged in with its correct user credentials.
E. Switch A allows complete access to all users connected to port ge-0/0/1 that securely log in using HTTPS with their correct user credentials.
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 187
-- Exhibit --
Mar 16 17:48:06.145257 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area 0.0.0.1) Mar 16 17:48:12.404986 ospf_trigger_build_telink_lsas : No peer
found Mar 16 17:48:13.013420 ospf_trigger_build_telink_lsas : No peer found Mar 16 17:48:13.013555 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr
192.168.2.1 state QUIET->GEN_PENDING
Mar 16 17:48:13.013661 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.1 lsa-id 192.168.2.1
Mar 16 17:48:13.017494 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state GEN_PENDING->QUIET
Mar 16 17:48:13.017636 OSPF built router LSA, area 0.0.0.1, link count 2 Mar 16 17:48:13.017954 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69
area 0.0.0.1)
17:48:13.018162 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0 Mar 16 17:48:13.018613 OSPF DR is 192.168.2.1, BDR is 0.0.0.0 Mar 16 17:48:13.018900 OSPF sent
Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)
17:48:13.019118 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0 Mar 16 17:48:13.028426 OSPF DR is 192.168.2.1, BDR is 0.0.0.0 Mar 16 17:48:13.432025 OSPF
packet ignoreD. area mismatch (0.0.0.0) from 172.14.10.2 on intf ge-0/0/1.0 area 0.0.0.1
Mar 16 17:48:13.432135 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)
Mar 16 17:48:13.432189 Version 2, length 44, ID 192.168.5.1, area 0.0.0.0 Mar 16 17:48:13.432274 checksum 0x8065, authtype 0
Mar 16 17:48:13.432346 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128 Mar 16 17:48:13.432398 dead_ivl 40, DR 172.14.10.2, BDR 0.0.0.0 commit complete
-- Exhibit --
Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?
A. There is an MTU mismatch.

B. There is a network mask mismatch.
C. The routers are in different areas.
D. No BDR has been elected.
Correct Answer: C
Section: (none)
Explanation
QUESTION 188
-- Exhibit
-- Exhibit --
A customer is trying to configure a router to peer using EBGP to a neighbor. As shown in the exhibit, two links are being used for this configuration. The goal of this
configuration is to load- balance traffic across both EBGP links.
Which configuration accomplishes this goal?
A. {master:0}[edit]
user@router# show protocols bgp
group External {
multihop;
local-address 192.168.2.1;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
{master:0}[edit]
static {
route 192.168.5.1/32 next-hop 192.168.2.1;
}
autonomous-system 65432;
B. {master:0}[edit]
group External {
multihop;
peer-as 65532;
neighbor 192.168.5.1;
}
{master:0}[edit]
static {
route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ]; }
forwarding-table {
export load-balance;
}
{master:0}[edit]
user@router# show policy-options policy-statement load-balance term balance {
then {
load-balance per-packet;
accept;
}
}
C. {master:0}[edit]
group External {
multi-path;
peer-as 65532;
neighbor 192.168.5.1;
}
{master:0}[edit]
static {
route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ]; }
D. {master:0}[edit]
group External {
multipath;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
{master:0}[edit]
static {
route 192.168.5.1/32 next-hop 192.168.2.1;
}
Correct Answer: B
Section: (none)
Explanation
QUESTION 189
-- Exhibit
-- Exhibit --
In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them into Area 1 using an export policy. You do not want any of the RIP
routes to be in the routing table of R1.
Which two solutions meet this requirement? (Choose two.)
A. On R1, configure an export policy to reject the routes.

B. On R1, configure an import policy to reject the routes.
C. On R1, configure each address as a martian route.
D. On R1, configure the no-nssa-abr option.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 190
-- Exhibit
-- Exhibit --
In the exhibit, a customer wants to configure an EBGP connection to two different routers in a neighboring autonomous system. The goal of this configuration is to
use per-prefix load balancing across both EBGP links.
Which configuration accomplishes this goal?
A. {master:0}[edit]
group External {
multihop;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
B. {master:0}[edit]
group External {
multipath;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
C. {master:0}[edit]
group External {
multihop;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
static {
route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];
}
D. {master:0}[edit]
group External {
multihop;
peer-as 65532;
multipath;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
static {
route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];
}
Correct Answer: B
Section: (none)
Explanation
QUESTION 191
-- Exhibit
-- Exhibit --
Referring to the exhibit, R4 in AS 100 is sending routes 20.0.0.0/8 and 10.0.0.0/8. R3 sees the routes but R5 does not.
What must be configured on the R3 router for the R5 router to install the routes?
A. a next-hop self policy

B. as-override toward the R5 router
C. as-loops 2
D. local-as 100
Correct Answer: B
Section: (none)
Explanation
QUESTION 192
-- Exhibit
-- Exhibit --
You are asked to configure an OSPF virtual link that connects remote Area 4 to the backbone.
Referring to the exhibit, what are two requirements for an OSPF virtual link to operate correctly? (Choose two.)
A. A virtual link configuration on the ABR between Areas 0 and 1 must include transit area 1.
B. The interface of the transit area must be of type vt.
C. A virtual link configuration on the ABR between Areas 0 and 1 must be the interface address of the neighbor on the far end.
D. A virtual link configuration on the ABR between Areas 0 and 1 must be the router ID (RID) of the neighbor on the far end.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 193
-- Exhibit
-- Exhibit --
In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them into Area 1 using an export policy. You want to summarize the RIP
routes into Area 0 with the most specific prefix.
Which configuration will accomplish goal?
A. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
area-range 200.1.1.0/29;
interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
}
}
}
B. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
area-range 200.1.1.0/28;
}
}
}
C. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
area-range 200.1.1.0/29;
}
}
}
D. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
area-range 200.1.1.0/28;
interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
}
}
}
Correct Answer: C
Section: (none)
Explanation
QUESTION 194
-- Exhibit --
user@router> show bgp summary

inet6.0 4 3 0 0 0 0
10.0.3.5 65550 41 52 0 2 17:45 5/5/5/0 0/0/0/0
172.16.0.6 65010 52 42 0 2 31 Establ
inet.0: 3/5/5/0
inet6.0: 3/4/4/0
2001:ffff::3:5 65550 43 44 0 4 17:53 Establ
inet6.0: 0/0/0/0
user@router>
-- Exhibit --
Examine the output of the show bgp summary command shown in the exhibit.
From which BGP peer is the router receiving IPv6 routes?
A. 10.0.3.5
B. 172.16.0.6
C. 2001:ffff::3:5
D. 2001:ffff:3:5
Correct Answer: B
Section: (none)
Explanation
QUESTION 195
-- Exhibit --
user@SwitchA> show dot1x interface detail ge-0/0/2.0 ge-0/0/2.0

RolE. Authenticator
Administrative statE. Auto
Supplicant modE. Multiple
Number of retries: 3
Quiet perioD. 60 seconds
Transmit perioD. 30 seconds
Mac Radius: Enabled
Mac Radius Restrict: Enabled
Reauthentication: Enabled
Configured Reauthentication interval: 3600 seconds
Supplicant timeout: 30 seconds
Server timeout: 30 seconds
Maximum EAPOL requests: 2
Guest VLAN member: <not configured>
Number of connected supplicants: 2
user@SwitchA>
-- Exhibit --

Host 1, Host 2, and Host 3 are connected to Switch A on interface ge-0/0/2. Host 1 and Host 2 do not support 802.1X. They can authenticate and connect to the
Internet. Host 3 was added and it supports 802.1X; however, it is unable to authenticate.
Referring to the exhibit, how do you allow Host 3 to authenticate to the network but maintain secure access?
A. Enable fallback authentication for 802.1X.

B. Disable MAC RADIUS Restrict option on ge-0/0/2.
C. Disable MAC RADIUS option on ge-0/0/2.
D. Enable Administrative mode for 802.1X.
Correct Answer: B
Section: (none)
Explanation
QUESTION 196
-- Exhibit --
user@RP> show pim join extensive

InstancE. PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Group: 224.1.1.1
SourcE. *
RP: 192.168.1.1
Flags: sparse,rptree,wildcard
Upstream interfacE. Local
Upstream neighbor: Local
Upstream statE. Local RP
InterfacE. so-0/0/0.0
10.0.1.2 StatE. Join Flags: SRW Timeout: 176
Group: 224.1.1.1
SourcE. 10.0.5.2
Flags: sparse,spt
Upstream interfacE. unknown (no nexthop)
Upstream neighbor: unknown
Upstream statE. Local RP
Keepalive timeout: 106
InterfacE. so-0/0/0.0
10.0.1.2 StatE. Join Flags: S Timeout: 176
InstancE. PIM.master Family: INET6

R = Rendezvous Point Tree, S = Sparse, W = Wildcard -- Exhibit --
The CLI output shown in the exhibit was taken from the RP in a PIM-SM network.
Which statement explains the output shown in the exhibit?
A. No tunnel PIC is installed on the RP router.

B. 192.168.1.1 is not a local IP address on the RP router.
C. Multicast traffic is arriving on the so-0/0/0.0 interface.
D. The router does not have a unicast route to 10.0.5.2.
Correct Answer: D
Section: (none)
Explanation
QUESTION 197
-- Exhibit --

Router *10.0.3.4 10.0.3.4 0x8000000d 30 0x22 0x8d11 132 bits 0x0, link count 9
id 10.1.1.0, data 255.255.255.0, Type Stub (3)
Topology count: 0, Default metriC. 1
id 10.0.4.8, data 255.255.255.252, Type Stub (3)
id 10.0.2.10, data 10.0.2.10, Type Transit (2)
id 172.16.0.6, data 172.16.0.5, Type Transit (2)
id 10.0.3.4, data 255.255.255.255, Type Stub (3)
id 10.0.9.7, data 10.0.2.18, Type PointToPoint (1)
id 10.0.2.16, data 255.255.255.252, Type Stub (3)
id 10.0.3.3, data 10.0.2.6, Type PointToPoint (1)
id 10.0.2.4, data 255.255.255.252, Type Stub (3)
Topology default (ID 0)
TypE. PointToPoint, Node ID. 10.0.3.3
MetriC. 2, Bidirectional
TypE. PointToPoint, Node ID. 10.0.9.7
TypE. Transit, Node ID. 172.16.0.6
TypE. Transit, Node ID. 10.0.2.10
-- Exhibit --
The exhibit shows the output of an OSPF router LSA.
Which interface ID represents the router's loopback address?
A. ID 10.1.1.0
B. ID 10.0.3.4
C. ID 10.0.3.3
D. ID 10.0.2.4
Correct Answer: B
Section: (none)
Explanation
QUESTION 198
-- Exhibit --
{master:0}[edit]
user@router# show class-of-service
classifiers {
inet-precedence normal-traffic {
forwarding-class best-effort {
loss-priority low code-points [ my1 my2 ];
}
}
}
code-point-aliases {
inet-precedence {
my1 000;
my2 001;
cs1 010;
cs2 011;
cs3 100;
cs4 101;
cs5 111;
cs6 111;
}
}
-- Exhibit --
In the exhibit, you see a configuration for CoS. Incoming traffic with specific IP precedence bits should be mapped to a forwarding class named best-effort. A
classifier named normal-traffic is defined.
What must you add to complete this configuration?
A. Include the option q-pic-large-buffer under the chassis hierarchy to accommodate the new code points.
B. Apply classifier normal traffic to the interface hierarchy under the class-of-service stanza.
C. Configure a rewrite marker on the ingress Gigabit Ethernet interface.
D. Add code point values for the expedited-forwarding forwarding class as well as the best- effort forwarding class.
Correct Answer: B
Section: (none)
Explanation
QUESTION 199
-- Exhibit --
user@router> show configuration routing-options autonomous-system 65550;
user@router> show configuration protocols bgp
group ibgp {
type internal;
neighbor 10.0.3.5;
}
group ibgpv6 {
type internal;
local-address 2001:ffff::3:4;
neighbor 2001:ffff::3:5;
}
group as65010 {
family inet {
unicast;
}
family inet6 {
unicast;
}
export as65010-out;
peer-as 65010;
neighbor 172.16.0.6;
}
user@router> show configuration policy-options

policy-statement as65010-out {
term locally-originated {
from as-path local-only;
then {
metric 7000;
}
}
term from-as65222 {
from as-path as65222-orig;
then as-path-prepend "65550 65550 65550 65550";
}
term transit-as701 {
from as-path transit-as701;
then {
metric 6;
}
}
then accept;
}
as-path local-only "(.*)";
as-path as65222-orig ".* 65222";
as-path transit-as701 ".* 701 .*";
user@router> show route advertising-protocol bgp 172.16.0.6
inet.0: 43 destinations, 47 routes (43 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path
* 10.0.2.0/30 Self 7000 I
* 10.0.2.4/30 Self 7000 I
* 10.0.2.8/30 Self 7000 I
* 10.0.2.16/30 Self 7000 I
* 10.0.3.3/32 Self 7000 I
* 10.0.3.4/32 Self 7000 I
* 10.0.3.5/32 Self 7000 I
* 10.0.4.8/30 Self 7000 I
* 10.0.8.8/30 Self 7000 I
* 10.0.9.9/32 Self 7000 I
* 10.255.255.1/32 Self 7000 I
* 64.142.88.0/24 Self 7000 I
* 130.130.0.0/16 Self 6 65222 46375 701 14203 I
* 131.131.131.0/24 Self 6 65222 46375 701 14203 I
* 132.132.0.0/25 Self 6 65222 46375 701 32934 I
* 133.133.0.0/25 Self 6 65222 46375 701 32934 I
* 134.134.0.0/25 Self 65222 46375 14203 I
* 135.135.0.0/25 Self 65222 46375 14203 14203 I
* 172.16.0.4/30 Self 7000 I
* 172.16.0.12/30 Self 7000 I
* 172.16.200.0/30 172.16.0.6 7000 I
* 192.0.2.0/24 172.16.0.6 7000 I
* 192.168.50.0/24 Self 7000 I
* 192.168.253.0/24 Self 7000 I
* 200.200.0.0/16 172.16.0.6 7000 I
* 200.200.0.1/32 172.16.0.6 7000 I
* 200.200.1.1/32 172.16.0.6 7000 I
* 200.200.200.200/32 172.16.0.6 7000 I
inet6.0: 23 destinations, 28 routes (23 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path
* ::172.16.0.4/126 Self 7000 I
* 2001:1:1::/64 Self 7000 I
* 2001:1:2::/64 Self 7000 I
* 2001:ffff::3:3/128 Self 7000 I
* 2001:ffff::3:4/128 Self 7000 I
* 2001:ffff::3:5/128 Self 7000 I
* 2001:ffff::9:7/128 Self 7000 I
user@router>
-- Exhibit --
You are configuring an EBGP peer in a transit environment. You must advertise routes learned from other EBGP peers in your AS. Any routes originated from
within your AS should have a MED of 7000 set. Any routes that originate in AS65222 should be prepended four times. Any routes that transit AS701 should have a
MED set to 6. This scenario results in the unintended advertisement of internal 10.0.0.0/8 networks to your peer.
What caused the accidental advertisement of internal networks to your EBGP peer?
A. Your AS number of 65550 is a private AS number.
B. The BGP group as65010 is configured for both family inet unicast and family inet6 unicast protocol families.
C. The export policy as65010-out is misconfigured.
D. The as-path local-only includes a misconfigured regular expression.
Correct Answer: C
Section: (none)
Explanation
QUESTION 200
-- Exhibit --
[edit]
user@router# run show ospf database external lsa-id 71.23.48.0 extensive OSPF AS SCOPE link state database
Extern 71.23.48.0 67.176.255.5 0x80000001 114 0x22 0x171b 36 mask 255.255.248.0
TypE. 2, MetriC. 0, Fwd addr: 0.0.0.0, TaG. 0.0.0.0 Aging timer 00:58:06
Installed 00:01:53 ago, expires in 00:58:06, sent 00:01:53 ago Last changed 00:01:53 ago, Change count: 1
Extern 71.23.48.0 67.176.255.7 0x8000005a 487 0x22 0x587e 36 mask 255.255.248.0
Installed 00:08:01 ago, expires in 00:51:53, sent 00:07:59 ago Last changed 2d 19:33:58 ago, Change count: 1
Extern 71.23.48.0 67.176.255.8 0x8000005c 540 0x22 0xf73e 36 mask 255.255.248.0
Installed 00:08:59 ago, expires in 00:51:00, sent 00:08:59 ago Last changed 00:08:59 ago, Change count: 3
-- Exhibit --
As shown in the exhibit, a router is receiving three external LSAs for the prefix 71.23.48.0.
Which path is preferred?
A. The path through 67.176.255.5 is preferred.

B. The path through 67.176.255.7 is preferred.
C. The path through 67.176.255.8 is preferred.
D. The paths through 67.176.255.7 and 67.176.255.8 become active to allow load-balancing.
Correct Answer: C
Section: (none)
Explanation
QUESTION 201
-- Exhibit
-- Exhibit --
In the exhibit, the 10.100/16 prefix is introduced at autonomous system 1 (AS1) and propagated through to AS3. Router A in AS3 receives two different paths to
these prefixes, one through AS2 and the other through AS4. No BGP attributes have been altered.
Which path would router A prefer for the 10.100/16 prefix?
A. the route with the lowest interface address for the EBGP peering session
B. the route with the lowest local preference
C. the route to the EBGP peer that has the lowest RID
D. the route from the EBGP peer that arrived first
Correct Answer: D
Section: (none)
Explanation
QUESTION 202
-- Exhibit --
[edit]
user@R1# show routing-options router-id
router-id 1.1.1.1;
[edit]
user@R1# show protocols ospf
area 0.0.0.0 {
}
[edit]
router-id 2.2.2.2;
[edit]
area 0.0.0.0 {
priority 200;
}
}
[edit]
router-id 222.255.255.255;
[edit]
area 0.0.0.0 {
}
[edit]
router-id 239.255.255.255;
[edit]
area 0.0.0.0 {
priority 0;
}
}
-- Exhibit --
All four routers in the exhibit are in the same broadcast domain. The routers were powered on at the same time.
Based on the configurations, which devices are the DR and the BDR
A. R4 is the DR and R2 is the BDR.

B. R2 is the DR and R3 is the BDR.
C. R2 is the DR and R1 is the BDR.
D. R3 is the DR and R2 is the BDR.
Correct Answer: B
Section: (none)
Explanation
QUESTION 203
-- Exhibit --
user@router> show interfaces ge-0/0/0 extensive | find "Queue counters" Queue counters: Queued packets Transmitted packets Dropped packets 0 best-effort
35244 35244 0
1 expedited-fo 258963 59852 199111
2 assured-forw 0 0 0
3 network-cont 1625847 1625847 0
...
-- Exhibit --
You recently deployed an SRX Series Gateway in your network. It uses the default class of service configuration.
Based on the output in the exhibit, what reason explains the packet drops in Queue 1?
A. Interface ge-0/0/0 should be used only for management network operations.

B. Queue 0 has higher priority than Queue 1.
C. A policer is reclassifying all traffic into Queue 1.
D. No bandwidth reservation exists on Queue 1.
Correct Answer: D
Section: (none)
Explanation
QUESTION 204
-- Exhibit --
ar 16 19:12:58.291474 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179 Mar 16 19:12:58.291624 BGP RECV message type 1 (Open) length 59 Mar 16
19:12:58.291688 BGP RECV version 4 as 2 holdtime 90 id 192.168.2.1 parmlen 30 Mar 16 19:12:58.291752 BGP RECV MP capability AFI=1, SAFI=1 Mar 16
19:12:58.291802 BGP RECV Refresh capability, code=128 Mar 16 19:12:58.291850 BGP RECV Refresh capability, code=2 Mar 16 19:12:58.291915 BGP RECV
Restart capability, code=64, time=120, flags= Mar 16 19:12:58.291969 BGP RECV 4 Byte AS-Path capability (65), as_num 2 Mar 16 19:12:58.292385 advertising
receiving-speaker only capabilty to neighbor 172.14.10.2 (External AS 2)
Mar 16 19:12:58.292522 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230 Mar 16 19:12:58.292601 BGP SEND message type 1 (Open) length 59 Mar 16
19:12:58.293053 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen 30 Mar 16 19:12:58.293124 BGP SEND MP capability AFI=1, SAFI=1 Mar 16
19:12:58.293173 BGP SEND Refresh capability, code=128 Mar 16 19:12:58.293221 BGP SEND Refresh capability, code=2 Mar 16 19:12:58.293284 BGP SEND
Restart capability, code=64, time=120, flags= Mar 16 19:12:58.293336 BGP SEND 4 Byte AS-Path capability (65), as_num 1 Mar 16 19:12:58.293517 bgp_senD.
sending 19 bytes to 172.14.10.2 (External AS 2) Mar 16 19:12:58.293573
Mar 16 19:12:58.293573 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230 Mar 16 19:12:58.293665 BGP SEND message type 4 (KeepAlive) length 19 Mar 16
19:12:58.296781
Mar 16 19:12:58.296781 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179 Mar 16 19:12:58.296897 BGP RECV message type 4 (KeepAlive) length 19 Mar 16
19:12:58.297451 bgp_senD. sending 19 bytes to 172.14.10.2 (External AS 2) Mar 16 19:12:58.297528
19:12:58.298102 bgp_senD. sending 23 bytes to 172.14.10.2 (External AS 2) Mar 16 19:12:58.298185
Mar 16 19:12:58.298185 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230 Mar 16 19:12:58.298273 BGP SEND message type 2 (Update) length 23 Mar 16
19:12:58.298322 BGP SEND End of RIB. AFI 1 SAFI 1 Mar 16 19:12:58.301834
19:12:58.302034 bgp_read_v4_messagE. done with 172.14.10.2 (External AS 2) received 19 octets 0 updates 0 routes
Mar 16 19:12:58.304594
Mar 16 19:12:58.304594 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179 Mar 16 19:12:58.304702 BGP RECV message type 2 (Update) length 23 Mar 16
19:12:58.304765 BGP RECV End of RIB. AFI 1 SAFI 1 Mar 16 19:12:58.304848 bgp_read_v4_messagE. done with 172.14.10.2 (External AS 2) received 23 octets
1 update 0 routes
19:13:26.901339
19:13:53.844160
-- Exhibit --
Looking at the traceoptions output, what is the current keepalive timer set for in BGP?
A. 1 second
B. 10 seconds
C. 30 seconds
D. 90 seconds
Correct Answer: C
Section: (none)
Explanation
QUESTION 205
-- Exhibit
-- Exhibit --
As shown in the exhibit, a legacy IP phone is attached to Switch-1. The phone does not support LLDP-MED, but does allow configuration using DHCP. Existing
network CoS policies dictate that VoIP traffic must use VLAN 10.
Which two actions put VoIP traffic onto VLAN 10? (Choose two.)
A. Configure protocols cdp on Switch-1.

B. Manually configure the voice VLAN on the IP phone.
C. Configure vlan 1 under forwarding-options bootp.
D. Configure interface ge-0/0/5 under forwarding-options bootp.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 206
-- Exhibit
-- Exhibit --
Which statement about the non-ABR router in Area 2 in the exhibit is true?
A. The router has connectivity to all areas.

B. The router has connectivity to Area 2 only.
C. The router has connectivity to Area 2 and Area 0.
D. The router has connectivity to Area 2 and Area 8.
Correct Answer: D
Section: (none)
Explanation
QUESTION 207
-- Exhibit
-- Exhibit --
Referring to the exhibit, you want to configure Switch-1 to allow a user on interface ge-0/0/10 to accommodate both voice and data traffic. Your phones and your
switches are LLDP-MED capable.
What is the minimal configuration that allows LLDP-MED to autoconfigure your phone's voice VLAN?
A. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan set
interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set
protocols lldp-med interface ge-0/0/10.0
B. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan set
interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set
protocols lldp interface ge-0/0/10.0
C. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set
ethernet-switching-options voip interface ge-0/0/10.0 forwarding-class assured-forwarding set protocols lldp-med interface ge-0/0/10.0
D. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set
ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp-med interface ge-0/0/10.0
Correct Answer: D
Section: (none)
Explanation
QUESTION 208
-- Exhibit
-- Exhibit --
Site A is sending voice traffic marked with DSCP code EF. SRX A has the default CoS classifier.
Into which forwarding class is SRX A classifying traffic?
A. best-effort
B. expedited-forwarding
C. network-control
D. assured-forwarding
Correct Answer: A
Section: (none)
Explanation
QUESTION 209
-- Exhibit
-- Exhibit --
In the exhibit, the routers in the network have a default PIM sparse mode configuration. R2 shows that R1 is the RPF next hop for the source, and R3 is the RPF
next hop for the RP. Host1 is currently receiving multicast traffic for group 231.1.1.1. Host2 has come online and is attempting to join group 232.1.1.1. R2 has just
received an IGMP message with the source and group addresses.
Which step happens next so that Host2 can join the multicast group?
A. R2 sends a PIM join upstream towards R3 to join the shared tree.

B. R2 sends a PIM join upstream towards R3 to join the source tree.
C. R2 sends a PIM join upstream towards R1 to join the shared tree.
D. R2 sends a PIM join upstream towards R1 to join the source tree.
Correct Answer: D
Section: (none)
Explanation
QUESTION 210
-- Exhibit
-- Exhibit --
In the exhibit, the provider bridges are using Q-in-Q tunneling to tunnel VLAN 100 traffic over VLAN 200.
What is the correct VLAN configuration for Q-in-Q tunneling on Provider Bridge A?
A. interfaces {
ge-0/0/0 {
unit 0 {
port-mode access;
}
}
}
ge-0/0/10 {
unit 0 {
port-mode trunk;
vlan {
members test;
}
}
}
}
}
vlans {
test {
vlan-id 200;
interface {
ge-0/0/0.0;
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
B. interfaces {
ge-0/0/0 {
unit 0 {
port-mode trunk;
vlan {
members test;
}
}
}
}
ge-0/0/10 {
unit 0 {
port-mode access;
}
}
}
}
vlans {
test {
vlan-id 200;
interface {
ge-0/0/0.0;
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
C. interfaces {
ge-0/0/0 {
unit 0 {
port-mode trunk;
vlan {
members test;
}
}
}
}
ge-0/0/10 {
unit 0 {
port-mode access;
}
}
}
}
vlans {
test {
vlan-id 200;
interface {
ge-0/0/10.0;
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
D. interfaces {
ge-0/0/0 {
unit 0 {
port-mode access;
}
}
}
ge-0/0/10 {
unit 0 {
port-mode trunk;
vlan {
members test;
}
}
}
}
}
vlans {
test {
vlan-id 100;
interface {
ge-0/0/0.0;
}
dot1q-tunneling {
customer-vlans 200;
}
}
}
Correct Answer: A
Section: (none)
Explanation
QUESTION 211
-- Exhibit
-- Exhibit --
In the topology shown in the exhibit, which two BGP attributes can AS1 manipulate to influence the path that AS4 takes to reach prefixes originated by AS1?
(Choose two.)
A. Local Preference
B. AS Path
C. Origin
D. MED
Correct Answer: BC
Section: (none)
Explanation
QUESTION 212
-- Exhibit
-- Exhibit --
Traffic flows through your network, as shown in the exhibit. You have configured a rewrite rule on R1 to mark HTTP traffic with a specific DSCP value.
What must you do to ensure that the HTTP traffic preserves its DSCP value as it leaves your CoS domain?
A. Use behavior aggregate classifiers mapping the HTTP traffic to the specific DSCP value on R1 and R2.
B. Use rewrite rules mapping the HTTP traffic to the specific DSCP value on R2 and R3.
C. Use a rewrite rule mapping the HTTP traffic to the specific DSCP value on R3.
D. Use the default settings already in place on the device.
Correct Answer: D
Section: (none)
Explanation
QUESTION 213
-- Exhibit
-- Exhibit --
In the exhibit, Switch A is an EX4200. VLAN10 is receiving tagged as well as untagged traffic from different ports. The administrator wants to mirror all tagged and
untagged traffic entering VLAN10 to analyzer port ge-0/0/10. All VLAN tags must be preserved for traffic that is mirrored to the analyzer port.
Which configuration will achieve this?
A. set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface xe- 1/0/0.0
set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface ge-0/0/2 set ethernet-switching-options analyzer vlan10_analyzer output
interface ge-0/0/10.0
B. set ethernet-switching-options analyzer vlan10_analyzer input interface xe-1/0/0.0 set ethernet-switching-options analyzer vlan10_analyzer input interface ge-
0/0/2 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0
C. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10 set ethernet-switching-options analyzer vlan10_analyzer output interface
ge-0/0/10.0 set vlans default interface ge-0/0/10.0
D. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10 set ethernet-switching-options analyzer vlan10_analyzer output interface
ge-0/0/10.0 set vlans VLAN10 interface ge-0/0/10.0
Correct Answer: C
Section: (none)
Explanation
QUESTION 214
-- Exhibit
-- Exhibit --

As shown in the exhibit, the 10.10/16 prefix is redistributed into OSPF through R2 and R5. R2 is advertising the prefix with a Type 1 metric of 100 and R5 is
advertising the prefix with a Type 2 metric of 10.
What is the preferred path to reach 10.10/16 from R6?
A. R6-R5
B. R6-R4-R5
C. R6-R4-R5-R2
D. R6-R4-R3-R2
Correct Answer: D
Section: (none)
Explanation
QUESTION 215
-- Exhibit
-- Exhibit --
Based on the exhibit, which statement about the Layer 2 topology is true?
A. A port on switch 3 or switch 4 towards the CST root (switch 6) is blocking traffic.
B. A total of 64 MST instances for MST region A and region B can be configured.
C. MSTI BPDUs are exchanged between MST regions and the CST root bridge.
D. IST BPDUs are exchanged only between switches 1 and 2, and between switches 6 and 7.
Correct Answer: A
Section: (none)
Explanation
QUESTION 216
-- Exhibit --
{master:0}[edit]
user@router# run show ospf interface vl-10.20.10.2 extensive Interface State Area DR ID BDR ID Nbrs
vl-10.20.10.2 Down 0.0.0.0 0.0.0.0 0.0.0.0 0
TypE. Virtual, Address: 0.0.0.0, Mask: 0.0.0.0, MTU: 0, Cost: 1 Transit AreA. 0.0.0.1
Adj count: 0
Hello: 10, DeaD. 40, ReXmit: 5, Not Stub
Auth typE. None
Protection typE. None, No eligible backup
Topology default (ID 0) -> Down, Cost: 0
-- Exhibit --
Your company is integrating another OSPF area into your existing OSPF infrastructure. You created a virtual link that spans Area 2 and connects Area 3 to the
backbone area.
Based on the exhibit, what is preventing the adjacency?
A. The interface configured for the virtual link is incorrect. It should be a vt and not a vl interface.
B. No designated router (DR) has been elected.
C. The backup route to Area 2 has not been configured.
D. The wrong transit area is configured.
Correct Answer: D
Section: (none)
Explanation
QUESTION 217
-- Exhibit
-- Exhibit --
In the exhibit, an EBGP session is currently established between R1 and R2. R2 changes its import policy to accept 10 of the routes it previously denied from R1.
Which BGP capability must be negotiated on the BGP session for R2 to install the routes accepted by the new policy?
A. route refresh
B. AddPath
C. outbound route filtering (ORF)
D. multiprotocol BGP (MBGP)
Correct Answer: A
Section: (none)
Explanation
QUESTION 218
-- Exhibit --
user@router> show bgp summary

inet6.0 1 0 0 0 0 0
2001:ffff::3:3 65550 43 43 0 0 18:20 Establ
inet6.0: 0/1/1/0
2001:ffff::3:4 65550 42 43 0 0 18:16 Establ
inet6.0: 0/0/0/0
2001:ffff::9:7 65550 42 43 0 0 18:00 Establ
inet6.0: 0/0/0/0
user@router> show route receive-protocol bgp 2001:ffff::3:3
inet.0: 32 destinations, 33 routes (32 active, 0 holddown, 0 hidden)
__juniper_private1__.inet.0: 4 destinations, 4 routes (2 active, 0 holddown, 2 hidden)

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
mpls.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
inet6.0: 10 destinations, 14 routes (10 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path
2001:1:2::/64 2001:ffff::3:3 100 I
user@router> show route 2001:1:2::
inet6.0: 10 destinations, 14 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both
2001:1:2::/64 *[OSPF3/10] 01:54:11, metric 201

> to fe80::217:cb03:2448:bd00 via fe-0/0/1.804
[BGP/170] 00:18:43, localpref 100, from 2001:ffff::3:3 AS path: I
> to fe80::217:cb03:2448:bd00 via fe-0/0/1.804
user@router> show route advertising-protocol bgp 2001:ffff::9:7
user@router> show configuration protocols bgp

group ibgpv6 {
type internal;
local-address 2001:ffff::3:5;
cluster 10.0.3.4;
}
user@router>
-- Exhibit --
You are using an IBGP route reflector within your network. Your route reflector has received the 2001:1:2::/64 prefix, but it is not advertising the prefix to its cluster
members. After examining the route reflector, you notice the output shown in the exhibit.
Which configuration statement causes the route reflector to transmit the route to its IBGP peers?
A. set protocols bgp group ibgpv6 advertise-inactive

B. set protocols bgp group ibgpv6 accept-remote-nexthop
C. set protocols bgp group ibgpv6 multipath
D. set protocols bgp group ibgpv6 include-mp-next-hop
Correct Answer: A
Section: (none)
Explanation
QUESTION 219
-- Exhibit --
{master:0}[edit]
user@router# show class-of-service
classifiers {
inet-precedence normal-traffic {
forwarding-class best-effort {
loss-priority low code-points [ my1 my2 ];
}
}
}
code-point-aliases {
inet-precedence {
my1 000;
my2 001;
}
}
scheduler-maps {
one {
forwarding-class expedited-forwarding scheduler special; forwarding-class best-effort scheduler normal;
}
}
schedulers {
special {
transmit-rate percent 30;
priority strict-high;
}
normal {
transmit-rate percent 70;
priority low;
}
}
-- Exhibit --
The configuration in the exhibit shows incoming traffic with specific IP precedence bits that should be mapped to a forwarding class named best-effort.
What must you add to complete this configuration?
A. defined behaviors to the interfaces stanza in the class-of-service section

B. rewrite-rules for the best-effort forwarding class
C. a WRED drop-profile for the best-effort scheduler
D. a firewall filter that matches and discards the original code point values
Correct Answer: A
Section: (none)
Explanation
QUESTION 220
-- Exhibit
-- Exhibit --
Based on the exhibit, why is R2 marking the routes coming from AS 200 as hidden?
A. R3 has an import policy filtering all routes.

B. R4 is not configured with a next-hop self policy.
C. R2 does not have a route to the peer ID of R4.
D. AS 200 is configured with the advertise-inactive option.
Correct Answer: C
Section: (none)
Explanation
QUESTION 221
-- Exhibit --
user@router> show configuration routing-options

rib-groups {
foo {
import-rib [ inet.8 inet.2 inet.0 ];
}
}
user@router> show configuration protocols pim

rib-group inet foo;
interface all;
-- Exhibit --
Based on the configuration in the exhibit, which routing table is used for IPv4 multicast RPF checks?
A. inet.0
B. inet.2
C. foo.inet.0
D. inet.8
Correct Answer: D
Section: (none)
Explanation

JN0 643.examcollection - Premium.exam.221q

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

JN0 643.examcollection - Premium.exam.221q

Diunggah oleh

Hak Cipta:

Format Tersedia

JN0-643.examcollection.premium.exam.

Exam code: JN0-643

Exam name: Enterprise Routing and Switching, Professional (JNCIP-ENT)

A. IBGP-learned routes are advertised only to other IBGP peers.

Click the Exhibit button.

A. OSPFv2 must be configured to route IPv4 prefixes.

Click the Exhibit button.

Referring to the exhibit, what is the shortest path from R6 to R5?

A. R6, R4, R2, R1, R3, R5

Which route would be preferred?

Click the Exhibit button.

[edit protocols ospf]

OSPF database, Area 0.0.0.0

OSPF database, Area 0.0.0.6

Click the Exhibit button.

A. R2 injects a Type 3 LSA for 184.23.12.0/24 into the backbone.

Click the Exhibit button.

A. A type 3 (stub) link is advertised for a multi-area adjacency.

Click the Exhibit button.

A. Traffic destined for R2 will be blackholed.

A. The SPF algorithm is run on a per-domain basis.

Click the Exhibit button.

Referring to the exhibit, which answer is correct?

A. R2 is the DR and R1 is the BDR.

OSPF link state database, area 0.0.0.1

Type ID Adv Rtr Seq Age Opt Cksum Len

Click the Exhibit button.

A. The ID field value shows the router ID of the advertising router.

Click the Exhibit button.

Referring to the output in the exhibit, which statement is true?

Prefix Path Route NH Metric NextHop Nexthop

Click the Exhibit button.

A. [edit protocols ospf]

Click the Exhibit button.

Which configuration statements would accomplish the task?

Click the Exhibit button.

You are asked to connect Area 2 to the backbone.

Which configuration would be required on R3?

A. [edit protocols ospf3]

Click the Exhibit button.

Referring to the exhibit, which statement is true?

Click the Exhibit button.

A. the Router LSAs from RID 10.0.0.2

Click the Exhibit button.

inet6.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) 4444:4444::/32 (1 entry, 1 announced)

Click the Exhibit button.

A. The IPv6 route was learned from an IPv6 BGP neighbor.

inet.0: 18 destinations, 20 routes (18 active, 0 holddown, 0 hidden)

* 10.16.2.0/24 (1 entry, 1 announced)

* 10.16.3.0/24 (1 entry, 1 announced)

* 10.16.4.0/24 (1 entry, 1 announced)

Click the Exhibit button.

Click the Exhibit button.

A. On R1, configure a MED of 50 for the 2001:10:5::/64 route.

Click the Exhibit button.

Click the Exhibit button.

Referring to the exhibit, R2 is sending a route to R1 with a community value.

Which statement is correct?

A. Routes will be accepted without change in the attributes.

Click the Exhibit button.

MSTI Member VLANs

Sw-2# run show spanning-tree mstp configuration

MSTI Member VLANs