221q
Number: JN0-643
Passing Score: 800
Time Limit: 120 min
File Version: 21.4
Version 21.4
JN0-643
QUESTION 1
Which connection method do OSPF routers use to communicate with each other?
A. IP protocol number 89
B. TCP port 179
C. UDP port 179
D. IP protocol number 6
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
QUESTION 2
Which statement is true about default BGP route redistribution behavior?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
In a PIM-SM network, which type of node helps to build a tree towards an unknown multicast source?
A. DIS
B. RP
C. DR
D. BSR
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
Which statement is true about MVRP?
A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maps multiple independent spanning-tree instances onto one physical topology.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/mvrp-mx-series- understanding.html
QUESTION 5
Which statement is true about LLDP?
A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maintains a separate spanning-tree instance for each VLAN.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
Which CoS feature avoids congestion in a device by limiting traffic on ingress interfaces?
A. rewrite rule
B. scheduler
C. drop profile
D. policer
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
-- Exhibit
-- Exhibit --
Which statement is true about the IPv6 network shown in the exhibit?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
-- Exhibit
-- Exhibit --
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
R1 and R2 are ASBRs in the same area, each with an equal cost external path to the same external network prefix. R1 advertises an external route into OSPF with
a Type 1 metric. R2 advertises an external route into OSPF with a Type 2 metric.
A. R1's route is preferred because Type 1 metrics take into account the external cost only.
B. R1's route is preferred because Type 1 metrics take into account the internal and external cost.
C. R2's route is preferred because Type 2 metrics take into account the internal and external cost.
D. R2's route is preferred because Type 2 metrics take into account the external cost only.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
-- Exhibit
-- Exhibit --
Referring to the exhibit, which LSA type will Router R2 inject into Area 1?
A. Type 3 LSA
B. Type 4 LSA
C. Type 5 LSA
D. Type 7 LSA
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
-- Exhibit --
[edit protocols ospf]
user@R2# show
area 0.0.0.6 {
nssa {
default-lsa default-metric 10;
area-range 184.23.12.0/24;
}
interface ge-1/1/4;
}
Referring to the exhibit, which two statements are correct? (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
-- Exhibit
-- Exhibit --
Referring to the exhibit, which type of LSA will be seen on router A for routes originating in Customer A's network?
A. Type 7 LSA
B. Type 2 LSA
C. Type 5 LSA
D. Type 1 LSA
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
Which statement is true regarding OSPF multi-area adjacencies?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
-- Exhibit
-- Exhibit --
Referring to the exhibit, which two statements are correct? (Choose two.)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 15
Which statement is true about using an OSPF import policy?
A. Import policies are not allowed in OSPF, applying the policy will do nothing.
B. Applying an import policy to OSPF may block normal LSA flooding.
C. Import policies are allowed only for external route types.
D. Applying this policy will cause a commit failure.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
Which statement is true regarding the SPF algorithm?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
You are asked to configure graceful restart in your network.
Which OSPF LSA type would you expect to see in the LSDB?
A. Type 8
B. Type 9
C. Type 10
D. Type 11
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 18
-- Exhibit
-- Exhibit --
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 19
-- Exhibit --
user@router> show ospf database network extensive
-- Exhibit --
Referring to the exhibit, which statement is true regarding the OSPF network LSA?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 20
-- Exhibit --
user@router> show log ospf
Sep 19 00:22:13.420315 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge-0/0/2.0 area 0.0.0.0
Sep 19 00:22:14.475671 OSPF periodic xmit from 14.0.0.1 to 224.0.0.5 (IFL 75 area 0.0.0.0) Sep 19 00:22:14.855490 OSPF periodic xmit from 12.0.0.1 to
224.0.0.5 (IFL 84 area 0.0.0.0) Sep 19 00:22:14.857304 OSPF packet ignoreD. no matching interface from 12.0.0.1, IFL 85 Sep 19 00:22:17.386726 OSPF packet
ignoreD. MTU mismatch from 11.0.0.2 on intf ge-0/0/2.0 area 0.0.0.0
Sep 19 00:22:20.855690 OSPF packet ignoreD. subnet mismatch from 10.0.0.2 on intf ge-0/0/1.0 area 0.0.0.0
Sep 19 00:22:20.856108 OSPF rcvd Hello 10.0.0.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 75 area 0.0.0.0) Sep 19 00:22:20.856177 Version 2, length 44, ID 10.0.0.2, area
0.0.0.0 Sep 19 00:22:20.856229 checksum 0x0, authtype 0
Sep 19 00:22:20.856299 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128 Sep 19 00:22:20.856352 dead_ivl 40, DR 0.0.0.0, BDR 0.0.0.0 Sep 19
00:22:21.752438 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge-0/0/2.0 area 0.0.0.0
Sep 19 00:22:22.013285 OSPF packet ignoreD. area mismatch (0.0.0.1) from 12.0.0.2 on intf ge- 0/0/4.0 area 0.0.0.0
Sep 19 00:22:22.013749 OSPF rcvd Hello 12.0.0.2 -> 224.0.0.5 (ge-0/0/4.0 IFL 84 area 0.0.0.0) Sep 19 00:22:22.013804 Version 2, length 44, ID 10.0.0.2, area
0.0.0.1 Sep 19 00:22:22.013890 checksum 0xd51e, authtype 0
Sep 19 00:22:22.013944 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128 Sep 19 00:22:22.014012 dead_ivl 40, DR 12.0.0.2, BDR 0.0.0.0 Sep 19
00:22:22.016909 OSPF packet ignoreD. no matching interface from 12.0.0.2, IFL 85 Sep 19 00:22:22.434956 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0)
absorbed Sep 19 00:22:23.045916 OSPF periodic xmit from 12.0.0.1 to 224.0.0.5 (IFL 84 area 0.0.0.0) Sep 19 00:22:23.047959 OSPF packet ignoreD. no
matching interface from 12.0.0.1, IFL 85 Sep 19 00:22:23.309957 OSPF periodic xmit from 11.0.0.1 to 224.0.0.5 (IFL 83 area 0.0.0.0) Sep 19 00:22:23.528614
OSPF periodic xmit from 14.0.0.1 to 224.0.0.5 (IFL 75 area 0.0.0.0) Sep 19 00:22:25.772835 OSPF packet ignoreD. MTU mismatch from 11.0.0.2 on intf ge-
0/0/2.0 area 0.0.0.0
Sep 19 00:22:29.950015 OSPF hello from 11.0.0.2 (IFL 83, area 0.0.0.0) absorbed Sep 19 00:22:30.622112 OSPF packet ignoreD. MTU mismatch from 11.0.0.2
on intf ge-0/0/2.0 area 0.0.0.0
Sep 19 00:22:30.713279 OSPF packet ignoreD. subnet mismatch from 10.0.0.2 on intf ge-0/0/1.0 area 0.0.0.0
Sep 19 00:22:30.713432 OSPF rcvd Hello 10.0.0.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 75 area 0.0.0.0) Sep 19 00:22:30.713503 Version 2, length 44, ID 10.0.0.2, area
0.0.0.0 Sep 19 00:22:30.713553 checksum 0x0, authtype 0
Sep 19 00:22:30.713622 mask 255.255.255.252, hello_ivl 10, opts 0x12, prio 128 Sep 19 00:22:30.713677 dead_ivl 40, DR 0.0.0.0, BDR 0.0.0.0 -- Exhibit --
Click the Exhibit button.
Referring to the exhibit, what is preventing the OSPF adjacency on interface ge-0/0/4 from forming?
A. area mismatch
B. subnet mismatch
C. MTU mismatch
D. authentication mismatch
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 21
-- Exhibit --
[edit protocols ospf]
user@R2# show
area 0.0.0.3 {
stub default-metric 10 no-summaries;
interface ge-0/1/1.0;
}
-- Exhibit --
A. R2 is an ABR and will send a Type 7 LSA 0/0 route down into the nonbackbone area.
B. R2 is an ABR and will send a Type 3 LSA 0/0 route down into the nonbackbone area.
C. R2 will not send a Type 3 LSA 0/0 route into the nonbackbone area.
D. R2 will add a metric cost of 10 to the existing metric of a 0/0 route it receives from the backbone area and then send it into the nonbackbone area in a Type 5
LSA.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 22
-- Exhibit --
user@router> show ospf route
Topology default Route Table:
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 23
-- Exhibit
-- Exhibit --
Referring to the exhibit, you are asked to prevent the 184.16.1.0/24 route from entering the backbone.
A. On router R1, issue the set protocols ospf area 3 nssa area-range 184.16.1.0/24 restrict command.
B. On router R3, issue the set protocols ospf area 0 area-range 184.16.1.0/24 restrict command.
C. On router R3, issue the set protocols ospf area 3 area-range 184.16.1.0/24 restrict command.
D. On router R3, issue the set protocols ospf area 3 nssa area-range 184.16.1.0/24 restrict command.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 24
-- Exhibit
-- Exhibit --
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 25
-- Exhibit --
[edit protocols ospf]
user@area-1-abr# show
area 0.0.0.1 {
nssa {
default-lsa {
default-metric 10;
metric-type 2;
type-7;
}
no-summaries;
}
interface so-0/1/1.0;
}
-- Exhibit --
A. The ABR will generate a Type 3 summary default route into the NSSA.
B. The ASBR will generate a Type 7 default route into the NSSA.
C. The type-7 parameter allows interoperability with newer versions of the Junos OS.
D. The only LSA types allowed into the area are Type 1, Type 2, Type 3, and Type 7.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 26
-- Exhibit
-- Exhibit --
Referring to the exhibit, you are asked to verify certain routing information within your OSPFv3 routing domain. You must review the prefixes learned from R3.
Which two LSA types from the output shown in the exhibit must be reviewed? (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27
-- Exhibit
-- Exhibit --
Referring to the exhibit, which statement is correct about the 200.0.3.0/24 route?
A. The route is unusable because the next hop is not reachable from R2.
B. The route is unusable because it has not been verified.
C. The route is hidden because R1 is changing the next hop to 192.168.16.1.
D. The route is hidden because R2 has a more preferred route.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
-- Exhibit --
user@router> show route protocol bgp detail
-- Exhibit --
Referring to the exhibit, which two statements are true? (Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 29
-- Exhibit --
user@router# run show route receive-protocol bgp 192.168.4.101 detail
Referring to the exhibit, which AS path regular expression will match only the 10.16.1.0/24 and 10.16.2.0/24 routes?
A. .* (222|111) .*
B. .+ (222|111) .*
C. .(222|111) .*
D. . (.222|.111) .*
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 30
-- Exhibit --
-- Exhibit --
Referring to the exhibit, you must ensure that traffic to the 2001:10:5::/64 network leaves AS 2 through R3.
Given that all BGP attributes are at their default, how would you accomplish this task?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 31
-- Exhibit
-- Exhibit --
On AS1, which two attributes are used to influence inbound traffic from the other ASs shown in the exhibit? (Choose two.)
A. AS path
B. MED
C. local preference
D. origin
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 32
-- Exhibit
-- Exhibit --
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 33
Which set of BGP attributes is preferred by the Junos OS?
A. MED. 100
AS path: 50 50 50
Local preferencE. 50
Origin: I
B. MED. 50
AS path: 50 50 50
Local preferencE. 1
Origin: E
C. MED. 100
AS path: 50 50 50 50
Local preferencE. 50
Origin: I
D. MED. 50
AS path: 50 50 50
Local preferencE. 50
Origin: E
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 34
-- Exhibit
-- Exhibit --
Referring to the exhibit and based on the output below from Sw-1 and Sw-2, which statement is true?
Sw-1> show spanning-tree mstp configuration
MSTP information
Context identifier : 0
Region name : juniper
Revision : 1
Configuration digest : 0x9357ebb7a8d74dd5fef4f2bab50531aa
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 35
-- Exhibit
-- Exhibit --
Click the Exhibit button.
R4 receives BGP prefixes for AS 50 from both R2 and R3. You want to ensure that R4 chooses R3 as the preferred path to reach 50.50.50/24.
Referring to the information shown in the exhibit, where would you apply a policy containing the parameter local-preference 110 to accomplish this task?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
http://www.juniper.net/techpubs/en_US/junos13.2/topics/topic-map/bgp-local-preference.html
QUESTION 36
You want to provide reachability to your data center by advertising its subnet throughout your upstream peer AS. However, you do not want this prefix advertised
any further.
A. no-advertise
B. no-export
C. no-export-subconfed
D. 65512 - 65535
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 37
-- Exhibit
-- Exhibit --
Referring to the exhibit, you want router A to have an EBGP peering with router C. They are both connected through router B, which does not have BGP running,
and has static routes configured.
What must be configured in the EBGP peer groups on routers A and C to make this connection possible?
A. MED
B. multihop
C. multipath
D. next-hop
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 38
-- Exhibit
-- Exhibit --
Referring to the exhibit, your AS is connected to ISP-A and ISP-B using BGP. R1 and R2 are advertising your AS's 172.25/16 prefix upstream to both ISPs, and
both ISPs are providing a full BGP route table. You want to influence traffic flow so that traffic towards your network enters through R1.
A. [edit policy-options]
user@R2# show
policy-statement prefer-for-inbound {
term prepend {
then {
as-path-prepend "100 100";
accept;
}
}
}
Apply the following as an export policy towards ISP-A:
B. [edit policy-options]
user@R1# show
policy-statement prefer-for-inbound {
term prepend {
then {
as-path-prepend "100 100";
accept;
}
}
}
Apply the following as an export policy towards R1 and R3:
C. [edit policy-options]
user@R2# show
policy-statement prefer-for-inbound {
term local-pref {
then {
local-preference 110;
accept;
}
}
}
Apply the following as an export policy towards R2 and R3:
D. [edit policy-options]
user@R1# show
policy-statement prefer-for-inbound {
term local-pref {
then {
local-preference 110;
accept;
}
}
}
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 39
-- Exhibit
-- Exhibit --
R1 is connected to both R2 and R3 and you want to load-balance outbound traffic. You have provided the configuration shown in the exhibit; however, after
checking the links you notice that the traffic is not load-balancing.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 40
-- Exhibit --
[edit policy-options]
user@router# show
policy-statement LB {
term 1 {
then {
load-balance per-packet;
}
}
}
-- Exhibit --
Two routers are joined by redundant BGP connections. You want to load-balance traffic across these links, and have configured the policy shown in the exhibit on
each device.
Which configuration, applied on each device, correctly applies the policy to accomplish this task?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 41
You are asked to create a BGP routing policy that will delete all communities and reject routes with the community 64321:1234.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 42
-- Exhibit --
user@router>show route advertising-protocol bgp 172.16.36.1 inet.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref
ASpath
* 10.200.17.0/24 Self I
* 10.200.19.0/24 Self I
-- Exhibit --
Referring to the exhibit, which three actions would summarize these routes to a BGP peer? (Choose three.)
Explanation/Reference:
QUESTION 43
-- Exhibit
-- Exhibit --
AS4 is using the default path to get to AS1. This path is not modified by any of the ASs shown in the exhibit. AS1 wants to influence this path so that traffic from
AS4 comes through AS3.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 44
-- Exhibit
-- Exhibit --
You are the administrator for the network shown in the exhibit. R1 receives the 196.15.4.0/24 route from routers R2, R3, and R4. Local preference values have not
been modified in this network. You are asked to ensure that R1 prefers the path through AS 3149 for traffic destined to 196.15.4.0/24.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 45
-- Exhibit --
user@R1> show pim join extensive
InstancE. PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Group: 224.50.50.50
SourcE. *
RP: 10.100.100.10
Flags: sparse,rptree,wildcard
Upstream interfacE. ge-0/0/10.0
Upstream neighbor: 172.28.55.5
Upstream statE. Join to RP
UptimE. 00:00:10
Downstream neighbors:
InterfacE. ge-0/0/2.0
172.28.57.5 StatE. Join Flags: SRW Timeout: 209
Group: 224.50.50.50
SourcE. 10.100.10.10
Flags: sparse,spt
Upstream interfacE. ge-0/0/6.0
Upstream neighbor: 172.28.56.5
Upstream statE. Join to Source, Prune to RP
UptimE. 00:00:10
Keepalive timeout: 276
Downstream neighbors:
InterfacE. ge-0/0/2.0
172.18.57.5 StatE. Join Flags: S Timeout: 209
-- Exhibit --
Explanation/Reference:
QUESTION 46
-- Exhibit
-- Exhibit --
What happens if the multicast source connected to R1 starts sending multicast traffic towards R1?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 47
Which two statements are true about the configuration shown below? (Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 48
Which two statements are true about MSDP mesh groups? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 49
-- Exhibit
-- Exhibit --
Referring to the exhibit, the RPs are set up for anycast. Multicast traffic is currently flowing from the source to the receivers.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 50
-- Exhibit
-- Exhibit --
Referring to the exhibit, USER1 wants to only receive multicast traffic for group 225.0.0.1 and USER2 wants to only receive multicast traffic for group 225.0.0.2.
Both users are connected to an EX Series switch and are receiving unwanted multicast traffic.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 51
Which multicast group is used for all PIM routers?
A. 224.0.0.22
B. 224.0.0.13
C. 224.0.0.1
D. 224.0.0.2
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 52
You are configuring PIM-SM for your network, and want to use a statically configured RP.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 53
-- Exhibit
-- Exhibit --
Your company has PIM running on some critical routers in your network, but another engineer has requested that you configure a PIM policy to prevent R2 from
becoming a PIM neighbor of R1 by dropping the hello packets.
Referring to the exhibit, which three commands are necessary for preventing R2 from becoming a PIM neighbor of R1? (Choose three.)
Explanation/Reference:
QUESTION 54
Your company asks you to configure multicast routing on a Junos device. They tell you that the router at IP address 192.168.1.4 is the root of the shared multicast
delivery tree.
Which command allows you to configure the Junos device as a non-RP router for PIM?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 55
-- Exhibit
-- Exhibit --
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 56
When enabling MVRP for dynamic VLAN registration, which three timers would be configured on an interface? (Choose three.)
A. hello-interval
B. join-timer
C. leave-timer
D. max-age
E. leaveall-timer
Explanation/Reference:
QUESTION 57
Which two statements are correct about L2PT? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 58
-- Exhibit
-- Exhibit --
Referring to the exhibit, a customer noticed that the 802.1Q-tunneled packets received on SwitchB are being dropped.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 59
You are a service provider and have multiple customers in a building. You are installing a new switch that can host all of your customers. However, you would like
to ensure that one customer cannot see or broadcast to another customer. You would also like to have them use a common gateway IP address from the building.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 60
What are three types of PVLAN broadcast domains? (Choose three.)
A. primary VLAN
B. dynamic VLAN
C. isolated VLAN
D. community VLAN
E. S-VLAN
Explanation/Reference:
QUESTION 61
Two PCs are attached to a hub, which is attached to port ge-0/0/0 on your EX Series switch. You must separate the incoming traffic from the PCs into two VLANs.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 62
-- Exhibit --
Mar 16 17:54:51.930726 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area 0.0.0.0) Mar 16 17:54:55.566920 ospf_trigger_build_telink_lsas : No peer
found Mar 16 17:54:56.152585 ospf_trigger_build_telink_lsas : No peer found Mar 16 17:54:56.152721 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr
192.168.2.1 state QUIET->GEN_PENDING
Mar 16 17:54:56.153271 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.0 lsa-id 192.168.2.1
Mar 16 17:54:56.157854 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state GEN_PENDING->QUIET
Mar 16 17:54:56.157971 OSPF built router LSA, area 0.0.0.0, link count 2 Mar 16 17:54:56.158300 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69
area 0.0.0.0)
Mar 16 17:54:56.158380 Version 2, length 44, ID 192.168.2.1, area 0.0.0.0 Mar 16 17:54:56.158435 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128 Mar 16
17:54:56.158485 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0 Mar 16 17:54:56.158949 OSPF DR is 192.168.2.1, BDR is 0.0.0.0 Mar 16 17:54:56.159276 OSPF sent
Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.0)
Mar 16 17:54:56.159331 Version 2, length 44, ID 192.168.2.1, area 0.0.0.0 Mar 16 17:54:56.159401 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128 Mar 16
17:54:56.159563 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0 Mar 16 17:54:56.168108 OSPF DR is 192.168.2.1, BDR is 0.0.0.0 Mar 16 17:54:58.237416 OSPF rcvd
Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.0)
Mar 16 17:54:58.237540 Version 2, length 44, ID 192.168.2.1, area 0.0.0.0 Mar 16 17:54:58.237623 checksum 0x0, authtype 0
Mar 16 17:54:58.237698 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128 Mar 16 17:54:58.237751 dead_ivl 40, DR 172.14.10.2, BDR 0.0.0.0 -- Exhibit --
Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 63
-- Exhibit --
{master:0}[edit]
user@switch# show vlans
v1 {
vlan-id 1;
interface {
ge-0/0/1.0;
}
}
v2 {
vlan-id 2;
interface {
ge-0/0/2.0;
}
}
v3 {
vlan-id 3;
interface {
ge-0/0/1.0 {
}
{master:0}[edit]
user@switch# show interfaces ge-0/0/3
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
{master:0}[edit]
user@switch# run show vlans
Name Tag Interfaces
default
None
v1 1
ge-0/0/1.0*, ge-0/0/3.0*
v2 2
ge-0/0/2.0*, ge-0/0/3.0*
v3 3
ge-0/0/1.0*, ge-0/0/3.0*
-- Exhibit --
Referring to the exhibit, what would explain interface ge-0/0/3.0 being active in VLANs v1, v2, and v3?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 64
You are asked to implement a filter-based VLAN assignment. You have created the firewall filter and must apply this filter to the incoming interface.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 65
-- Exhibit --
{master:0}[edit]
user@switch# show vlans
v200 {
vlan-id 200;
interface {
ge-0/0/7.0;
ge-0/0/8.0;
}
dot1q-tunneling {
customer-vlans [ 11 12 ];
layer2-protocol-tunneling {
all {
drop-threshold 800;
shutdown-threshold 700;
}
}
}
}
-- Exhibit --
Referring to the exhibit, you are attempting to configure L2PT for VLAN v200 but the configuration will not commit.
Which three configuration statements would resolve the problem? (Choose three.)
A. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 600
B. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all shutdown-threshold 600
C. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all shutdown-threshold 900
D. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 700
E. set vlans v200 dot1q-tunneling layer2-protocol-tunneling all drop-threshold 900
Explanation/Reference:
QUESTION 66
-- Exhibit
-- Exhibit --
Referring to the exhibit, you are asked to ensure that CE1 can communicate with CE2 using VLAN 150.
A. user@S1# show
customer-a {
vlan-id 200;
dot1q-tunneling {
customer-vlans 150;
}
}
{master:0}[edit vlans]
B. user@S1# show
customer-a {
vlan-id 150;
interface {
ge-0/0/0.0;
ge-0/0/1.0;
}
dot1q-tunneling {
customer-vlans 200;
}
}
{master:0}[edit vlans]
C. user@S1# show
customer-a {
vlan-id 200;
interface {
ge-0/0/0.0;
ge-0/0/1.0;
}
dot1q-tunneling {
customer-vlans 150;
}
}
{master:0}[edit vlans]
D. user@S1# show
customer-a {
vlan-id 150;
interface {
ge-0/0/0.0;
}
}
v200 {
vlan-id 200;
interface {
ge-0/0/1.0;
}
}
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 67
-- Exhibit --
[edit]
user@switch# commit
error: Trunk interface <ge-0/0/10.0> can not be member of both dot1q-tunneling enabled vlan <cust-1>, and a non dot1q-tunneled vlan <v11> when dot1q-tunneling
ethernet-type is not <0x8100>
error: configuration check-out failed
-- Exhibit --
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 68
-- Exhibit
-- Exhibit --
You are asked to separate the human resources group from the finance group on the company network even though they share the same VLAN. You consider
using PVLANs, and you delegate the task to a junior engineer who submits the configuration shown in the exhibit to accomplish this task. After review, you realize
that the PVLAN implementation will not work correctly.
Referring to the exhibit, which three commands must be included to resolve the problem? (Choose three.)
Explanation/Reference:
QUESTION 69
-- Exhibit
-- Exhibit --
You have implemented a firewall-based VLAN filter to map traffic from subnet 192.168.40.0/24 to a VLAN named vlan_40. However, you have not been successful
in getting the traffic mapped correctly. In addition, all traffic must be passed to the Layer 2 network.
Referring to the exhibit, which three commands are required to accomplish this behavior? (Choose three.)
Explanation/Reference:
QUESTION 70
-- Exhibit --
[edit protocols vstp]
'vlan all'
Cannot configure VSTP on all VLANs when more than 253 VLANs are configured. Configure vstp vlan-group along with STP or RSTP to cover all VLANs [edit
protocols]
'vstp'
Failed to configure vstp on all vlans
error: configuration check-out failed
-- Exhibit --
What are two reasons for the commit error shown in the exhibit? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
http://kb.juniper.net/KB18259
QUESTION 71
-- Exhibit
-- Exhibit --
Referring to the exhibit, which two statements are true regarding the MSTP port role and port state of ge-0/0/0 and ge-0/0/1 on SW1?
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 72
Which two statements are correct about MSTP? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 73
You are asked to implement MSTP on all devices in your Layer 2 network.
Which three parameters must match on all devices within the same region? (Choose three.)
A. region name
B. hello timer
C. maximum age
D. revision level
E. VLAN mapping table
Explanation/Reference:
QUESTION 74
You are asked to implement VSTP on all devices in your Layer 2 network.
Explanation/Reference:
QUESTION 75
-- Exhibit --
user@switch> show spanning-tree bridge
Referring to the exhibit, which two statements are correct about the MSTP configuration? (Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 76
-- Exhibit --
user@switch-1> show spanning-tree bridge
A colleague recently implemented MSTP in your Layer 2 network and is having trouble determining why it is not working properly. You are asked to review the
outputs provided in the exhibit to determine the cause.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 77
-- Exhibit --
MSTP information
Context identifier : 0
Region name : Juniper
Revision : 1
Configuration digest : 0xfdbe318c0ae799ae6dfdae4c882c67ee
A network engineer has configured MSTP on several switches for loop protection. You must verify the work and ensure that the appropriate parameters match on
all switches.
Which operational command provides the required output shown in the exhibit?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 78
-- Exhibit --
user@SwitchA# show protocols mstp
configuration-name region1;
bridge-priority 16k;
msti 1 {
bridge-priority 16k;
vlan [10 20];
}
msti 2 {
bridge-priority 8k;
vlan [30 40];
}
Referring to the exhibit, a customer observes that the MSTP instance between SwitchA and SwitchB is not converging correctly.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 79
Your company makes extensive use of VSTP in your network for loop protection. The network is at the VSTP VLAN limit and must protect additional VLANs.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 80
You are asked to set up 802.1X port authentication for all access ports on your EX Series switch. You must ensure that only one user is allowed to authenticate per
port and all other attempts are denied.
A. single mode
B. single-secure mode
C. default mode
D. multiple mode
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 81
You are asked to set up 802.1X port authentication for all access ports on your EX Series switch. You have a device that does not support 802.1X supplicants and
you must ensure this device is authenticated. You must also ensure that no unnecessary delay occurs when authenticating this device.
A. You should enable MAC RADIUS on the interface and use 802.1X multiple mode.
B. You should enable MAC RADIUS on the interface and statically add the MAC address to the 802.1x configuration.
C. You should enable MAC RADIUS on the interface and include the restrict parameter.
D. You should enable MAC RADIUS on the interface and include the disable parameter.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 82
Your company uses 802.1X to authenticate your users. You want to provide access to the Internet when users cannot authenticate on the RADIUS server or when
the RADIUS server becomes unreachable.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 83
Your company recently implemented Layer 2 authentication and access control to secure users accessing the corporate network. You implemented 802.1X, MAC
RADIUS, and a captive portal to support a variety of hosts on the network. Senior management is concerned that valid users might be authenticated incorrectly on
the network and they ask you questions about how these different access technologies are used simultaneously.
A. MAC addresses that are part of a MAC address whitelist or a static MAC list are authenticated before any other authentication protocol is invoked.
B. Captive portal is a supported fallback option for 802.1X.
C. If the authentication server fails to respond to access requests and both a server-fail and guest VLAN are configured correctly, the server-fail VLAN takes
precedence over the guest VLAN.
D. Captive portal can only be configured on Layer 3 interfaces.
E. If a port is configured with 802.1X and the host does not respond to EAP requests, no other authentication protocol can authenticate the host.
Explanation/Reference:
QUESTION 84
In your 802.1X-enabled network, a RADIUS server fails to respond or authenticate a device.
Explanation/Reference:
QUESTION 85
-- Exhibit
-- Exhibit --
A contractor needs to connect a laptop to your company network, but your company has no wireless access and each office has only a single network port for an
employee laptop. You have an IP phone with a data port available and you have access to the switch connected to it. You can also add the contractor's MAC
address to the RADIUS server database.
Referring to the exhibit, which three commands will allow access? (Choose three.)
A. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 mac-radius
B. set interfaces ge-0/0/16.0 family ethernet-switching port-mode trunk
C. set interfaces ge-0/0/16.0 family ethernet-switching vlan members contractor
D. set protocols dot1x authenticator authentication-profile-name radius_profile interface ge- 0/0/16.0 supplicant multiple
E. set interfaces ge-0/0/16.0 family ethernet-switching vlan members all
Explanation/Reference:
QUESTION 86
-- Exhibit --
{master:0}
user@switch> show dot1x interface ge-0/0/15 detail
ge-0/0/15.0
RolE. Authenticator
Administrative statE. Auto
Supplicant modE. Multiple
Number of retries: 3
Quiet perioD. 60 seconds
Transmit perioD. 30 seconds
Mac Radius: Enabled
Mac Radius Restrict: Enabled
Reauthentication: Enabled
Configured Reauthentication interval: 120 seconds
Supplicant timeout: 30 seconds
Server timeout: 30 seconds
Maximum EAPOL requests: 2
Guest VLAN member: guest
Number of connected supplicants: 0
-- Exhibit --
802.1X authentication was recently configured on your ge-0/0/15 port. You issue the command shown in the exhibit.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 87
-- Exhibit --
user@switch> show configuration access
radius_server {
10.1.1.252 {
port 1812;
secret "$9$7gdwgGDkTz6oJz69A1INdb"; ## SECRET-DATA
}
profile radius_server {
authentication-order password;
radius {
authentication-server 10.1.1.252;
}
}
Referring to the exhibit, which two configuration statements are needed on the EX Series switch to resolve this problem? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 88
A non-802.1X printer is connected to ge-0/0/0 on an EX Series switch.
Which configuration statement will authenticate the device against an authentication server?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 89
-- Exhibit --
{master:0}[edit protocols dot1x]
user@switch# show
authenticator {
authentication-profile-name my-profile;
static {
00:21:cc:ba:c7:00/40 {
interface ge-0/0/12.0;
}
}
interface {
ge-0/0/12.0 {
supplicant multiple;
server-fail deny;
}
ge-1/0/14.0 {
reauthentication 120;
server-fail vlan-name local-only;
}
ge-1/0/15.0 {
supplicant multiple;
mac-radius {
restrict;
}
reauthentication 120;
server-fail vlan-name guest;
}
}
}
-- Exhibit --
You just added a device on port ge-0/0/12 with the MAC address 00:21:cc:ba:c7:59. All access ports on this device are members of VLAN v20. The RADIUS server
is currently not reachable.
Referring to the configuration shown in the exhibit, what happens to traffic sent from this device?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 90
An emergency Class 3 IP phone is connected to an EX Series switch. You want to ensure that the IP phone does not have any problems if PoE power demands on
the switch are greater than the PoE power budget.
What should you do to accomplish this task?
A. You must connect the IP phone into one of the ports from ge-0/0/0 to ge-0/0/7.
B. Set the power class on the PoE interface to 3.
C. Set the PoE priority to high.
D. Enable the guard-band parameter.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 91
You are implementing PoE on your EX Series switch to provide power to your VoIP phones. You have a device that does not provide its class information to the
switch.
A. 0
B. 1
C. 2
D. 3
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 92
Which two statements about the voice VLAN feature are correct? (Choose two.)
A. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on an access port.
B. It can be used to assign VoIP traffic into a CoS forwarding class.
C. It can be used to separate untagged data and VLAN tagged VoIP traffic into different VLANs on a trunk port.
D. It can be used to apply a policer to VoIP traffic.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 93
NetBIOS snooping information is stored in which database on EX Series switches?
A. RADIUS database
B. LLDP neighbor database
C. MAC table database
D. routing table database
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 94
Which three PoE power allocation methods are supported on EX Series switches? (Choose three.)
Explanation/Reference:
QUESTION 95
A security camera is connected to an EX Series switch. You are asked to ensure power to the PoE port is maintained if the power budget is exceeded.
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
http://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/poe-overview.html
QUESTION 96
-- Exhibit --
user@switch> show poe controller
Controller Maximum Power Guard Management Status Lldp index power consumption band Priority
0 130.00W 121.00W 0W Class AT_MODE Disabled
-- Exhibit --
A new user's Class 3 IP phone is connected to port ge-0/0/7 on an EX Series switch; however, it is not working.
A. The model of the EX Series switch being used supports PoE only on interfaces ge-0/0/0 through ge-0/0/6.
B. The PoE port is set to class 0.
C. The port has been shut down because the phone's power requirements exceed the PoE power budget for the switch.
D. The guard-band is insufficient.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 97
You are troubleshooting an LLDP neighbor and cannot see the IP address of the neighboring EX Series switch.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 98
A network administrator is configuring CoS on a switch and assigns forwarding classes shown below:
class-of-service {
forwarding-classes {
class best-effort queue-num 0;
class bulk-data queue-num 1;
class critical queue-num 3;
class voice queue-num 6;
class call-signal queue-num 3;
}
}
Based on the configuration, which action prioritizes call-signal traffic over critical traffic?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 99
On SRX Series devices, in which order does CoS process ingress packets?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 100
You just configured an interface as an access port and it is up and passing traffic. However, you notice that all traffic transiting this interface is being classified as
best effort.
A. ieee8021p-default
B. ieee8021p-untrust
C. dscp-default
D. dscp-ipv6-default
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 101
You notice that an interface receiving traffic from multiple devices with no user-configured CoS parameters has been assigned the ieee802.1p-default classifier.
A. access port
B. tagged access port
C. trunk port
D. designated port
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 102
-- Exhibit --
[edit class-of-service]
drop-profiles {
test-drop {
fill-level 20 drop-probability 35;
fill-level 55 drop-probability 60;
fill-level 70 drop-probability 80;
fill-level 95 drop-probability 100;
}
}
-- Exhibit --
A. 25
B. 50
C. 58
D. 60
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 103
You are asked to implement CoS on an EX Series switch. You attempt to configure the priority for the voice and data queue schedulers to medium-high and
medium-low priority, respectively. However, you notice that the only parameters available for the priority is strict high and low.
Why are strict high and low the only available parameters for configuration?
A. The loss priority for the queues must first be set to medium-low and medium-high, respectively.
B. The switch only supports the strict high and low queue priorities.
C. The shared buffer feature must be configured prior to configuring scheduler priority.
D. The scheduler must be applied to an interface prior to configuring scheduler priority.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 104
You are asked to configure a CoS weighted tail drop profile on your EX Series switch that causes all traffic in the best effort queue to drop when the queue is 90
percent full.
A. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
drop-probability 100;
}
}
B. [edit class-of-service]
drop-profiles {
be_dropp {
interpolate {
fill-level 90;
drop-probability 100;
}
}
}
C. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
}
}
D. [edit class-of-service]
drop-profiles {
be_dropp {
fill-level 90;
drop-probability 90;
}
}
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 105
You must configure a multifield classifier on ge-1/0/0. This classifier must match only TCP traffic from port number 79, set the loss priority to high, and classify the
traffic as expedited- forwarding. The inbound traffic has no previous CoS markings.
A. [edit firewall]
user@switch# show filter ef_classifier_mf
term 1 {
from {
protocol tcp;
destination-port 79;
}
then {
loss-priority high;
forwarding-class expedited-forwarding;
}
[...]
}
B. [edit firewall]
user@switch# show filter ef_classifier_mf
term 1 {
from {
protocol tcp;
source-port 79;
}
then {
loss-priority high;
forwarding-class expedited-forwarding;
}
[...]
}
C. [edit firewall]
user@switch# show filter ef_classifier_mf
term 1 {
from {
protocol tcp;
destination-port 79;
}
then {
loss-priority low;
forwarding-class expedited-forwarding;
}
[...]
}
D. [edit firewall]
user@switch# show filter ef_classifier_mf
term 1 {
from {
protocol tcp;
source-port 79;
dscp ef;
}
then {
loss-priority high;
accept;
}
[...]
}
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 106
You are asked to reconfigure a CoS scheduler to limit the assured forwarding queue to a maximum of 75 percent of the available bandwidth. The assured
forwarding queue uses a strict high priority queue.
A. transmit-rate percent 75
B. buffer-size percent 75
C. shaping-rate percent 75
D. shared-buffer percent 75
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 107
You are asked to configure an interface policer. You must ensure when the bandwidth limit and burst size are exceeded, that the packet receives a CoS parameter
which increases the probability that the packet will be dropped if the queues are congested.
A. dscp 0
B. loss-priority high
C. ip-precedence 0
D. loss-priority low
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 108
You must troubleshoot a CoS issue on an Ethernet interface which has been observed to drop packets in the best effort queue. You must determine whether the
dropped packets are tail drops.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 109
What are two benefits of configuring OSPF database protection? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 110
Area 1 is configured as an NSSA with no summaries.
Which three types of LSAs are allowed in Area 1's database? (Choose three.)
A. Type 1
B. Type 2
C. Type 3
D. Type 5
E. Type 7
Explanation/Reference:
QUESTION 111
-- Exhibit
-- Exhibit --
Referring to the exhibit, and given that no other BGP manipulation has been configured, how is traffic influenced from R1 to R3?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 112
You are asked to establish a single EBGP peering across two physical interfaces to your ISP.
A. multipath
B. multihop
C. accept-remote-nexthop
D. allow
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 113
-- Exhibit
-- Exhibit --
Referring to the exhibit, routers A, B, and C are in the same BGP AS 100. Router A prefers to route traffic through Router C.
A. as-path-prepend
B. local-preference
C. metric
D. weight
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 114
Which two statements are true about SSM implementations on Junos devices? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 115
-- Exhibit
-- Exhibit --
You are asked to allow a customer to tunnel STP BPDUs from Customer Switch1 to Customer Switch2 for VLAN 300 on S-VLAN v500. You have administrative
access to SW1 and SW3, but not SW2.
Referring to the exhibit, which three configuration statements must be added to SW1 to allow ingress STP BPDUs on port ge-0/0/16 to pass to SW3 for VLAN 300
only? (Choose three.)
A. set vlans v500 vlan-id 500 interface ge-0/0/16.0 mapping 300 swap
B. set vlans v500 vlan-id 500 dot1q-tunneling layer2-protocol-tunneling stp
C. set vlans v500 vlan-id 500 interface ge-0/0/16.0 mapping 300 push
D. set ethernet-switching-options dot1q-tunneling ether-type 0x8100
E. set vlans v500 vlan-id 500 interface ge-0/0/20.0 mapping 300 push
Explanation/Reference:
QUESTION 116
-- Exhibit --
[edit protocols]
user@switch# commit
[edit protocols ]
'mstp'
Another xSTP protocol is enabled
error : Another xSTP protocol is enabled
error: configuration check-out failed
-- Exhibit --
Referring to the exhibit, a customer is receiving an error while committing the operation on the switch.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 117
-- Exhibit --
user@SwitchA# show protocols mstp
configuration-name region1;
bridge-priority 16k;
msti 1 {
bridge-priority 16k;
vlan [10 20];
}
msti 2 {
bridge-priority 8k;
vlan [30 40];
}
10:36:00.594223 Out 802.1s, Rapid STP, CIST Flags [Forward, Agreement], CIST bridge-id 4000.5c:5e:ab:72:da:41.8215, length 118
message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s CIST root-id 4000.5c:5e:ab:72:da:41, ext-pathcost 0 int-pathcost 0, port-role
Designated CIST regional-root-id 4000.5c:5e:ab:72:da:41
MSTP Configuration Name regio-2, revision 0, digest ca136a235706b316c8db8f921067a68f CIST remaining-hops 20
MSTI 1, Flags [Proposal, Forward, Agreement], port-role Designated MSTI regional-root-id 4001.5c:5e:ab:72:da:41, pathcost 0 MSTI bridge-prio 4, port-prio 8,
hops 20
-- Exhibit --
Referring to the exhibit, a customer notices that MSTP is not converging on MSTI 2. To troubleshoot the problem, the customer captured traffic on the link (xe-
0/0/0) of SwitchA connecting to SwitchB.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 118
You are asked to implement a captive portal on your EX Series switches.
Explanation/Reference:
QUESTION 119
-- Exhibit --
Controller Maximum Power Guard Management Status Lldp index power consumption band Priority
0 792.00W 603.50W 0W Class AT_MODE Disabled
-- Exhibit --
Click the Exhibit button.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 120
You are configuring port ge-0/0/0 on an EX Series switch connected to an IP phone that does not support LLDP-MED.
Which three configuration statements do you need to accomplish this task? (Choose three.)
Explanation/Reference:
QUESTION 121
You are configuring CoS classifiers and want to use both BA and MF classification. After applying the configuration, you realize that the classifiers have a conflict.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 122
On your EX Series switch you must configure a delay buffer for the best effort queue scheduler named BE-sch which restricts the buffer usage to only 25 percent of
the available buffer size.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 123
A user complains about connectivity problems from their IP address (10.1.1.87) to a server (10.65.1.100).
Which Junos command can help verify connectivity in the network? (Choose Two)
A. mroute
B. traceoptions
C. ping
D. clear bgp neighbor
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 124
Port authentication falls back to Captive Portal.
In which two scenarios would the port authentication move back to 802.1X? (Choose two.)
A. if any MAC RADIUS request packet is received on the interface and if there are no sessions in authenticated/authenticating state
B. if Captive Portal is deactivated on the interface
C. if the user gets logged out
D. if the EAP packet is received on the interface and if there are no sessions in authenticated/authenticating state
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 125
A network routes IPv4 traffic only. You want to add IPv6 to the network, but you must use a single IGP for both IPv4 and IPv6 traffic.
A. OSPFv2
B. BGPv4
C. ES-ISv1
D. OSPFv3
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 126
A Layer 2 forwarding loop occurred on your network during a scheduled maintenance period.
You must prevent this behavior in the future.
Which protocol should you enable on the EX Series switch to address this condition in the future?
A. DVMRP
B. L2TPv3
C. STP
D. RSVP
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 127
You have implemented 802.1X authentication in your Layer 2 network and you have only a single RADIUS server. You are asked to ensure that if the RADIUS
server becomes unreachable or fails, users connected to the ge-0/0/0 port are still able to reach the Internet using a predefined guest VLAN.
Which command allows this access?
A. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail vlan guest
B. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 server-fail vlan-name guest
C. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 auth-fail assign-vlan guest
D. [edit]
user@switch# set protocols dot1x authenticator interface ge-0/0/0.0 radius-fail assign guest
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 128
Which option is a valid IPv6 multicast address?
A. fe80::205:8640:471:3200/64
B. ::172.16.0.5/126
C. ff03:365:ba::23
D. ff01:cgfc:345::226:8ff:fee4:bf6f
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 129
A company is deploying a new 802.1X port-based security infrastructure to allow users to access resources through wired Ethernet ports. However they recently
deployed an RSA token-based system for users to connect remotely. The network administrator wants to reuse the same security database for 802.1X port-based
security.
A. EAP-TLS
B. LAN-PEAP
C. RSA-EAP
D. EAP-TTLS
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 130
Which protocol reachability is advertised by OSPFv2?
A. IPv4
B. IPv5
C. IPv6
D. ISO
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 131
Which AS path regular expression matches only routes originated in your AS?
A. "6573.*"
B. ".*"
C. "{"
D. "^$"
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 132
Voice traffic is coming in on UDP port 17689. This traffic must be classified into the expedited- forwarding forwarding class.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 133
Which three attributes must a BGP update contain? (Choose three.)
A. next-hop
B. MED
C. origin
D. AS-path
E. local preference
Explanation/Reference:
QUESTION 134
You must configure your access switch with more than 3000 VLANs and you want the ability to load-balance across them.
A. Configure your access switch with a load-balancing policy and apply it under [edit protocols rstp].
B. Configure your access switch for Rapid-PVST+.
C. Configure your access switch for MSTP, incorporating the use of MSTIs.
D. Configure your access switch for both VSTP and RSTP.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 135
You are implementing MSTP in your network.
Which three values must match on all switches within the MST region? (Choose three)
A. Context identifier
B. Region name
C. VLANs
D. Revision
E. Configuration manifest
Explanation/Reference:
QUESTION 136
You have been asked to implement a private VLAN with two community VLANs. This private VLAN will be confined to a single switch in your Layer 2 network. This
private VLAN, along with other VLANs configured on the switch, will require gateway services provided through a connected router.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 137
During the BGP route-resolution process, the Junos OS must calculate the appropriate next-hop based on the BGP protocol next-hop attribute.
Which two routing tables are checked during this process in a default Junos configuration? (Choose two.)
A. inet.0
B. inet.1
C. inet.2
D. inet.3
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 138
You have a requirement for a device to provide 20 W of power over Ethernet.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 139
R1 has an OSPF adjacency with R2 over a point-to-point link.
Which three statements about the advertisements for this link in the Type 1 (Router) LSA generated by R1 are true? (Choose three.)
Explanation/Reference:
QUESTION 140
What is the significance of the multicast address range 224.0.0.1 through 224.0.0.254?
Explanation/Reference:
QUESTION 141
You must prioritize VoIP packets on your network.
A. RSVP
B. Multicast Routing
C. VPLS
D. Class of Service
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 142
You notice that a number of IGMP leave group messages are passing through a BMA network and are impacting the network's performance.
What would you do to resolve this issue without affecting multicast traffic?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 143
A network administrator is configuring CoS on a switch and assigns forwarding classes call-sig and critical to the same queue number per the configuration below:
class-of-service {
forwarding-classes {
class best-effort queue-num 0;
class bulk-data queue-num 1;
class critical queue-num 3;
class voice queue-num 6;
class call-sig queue-num 3;
}
}
Based on the configuration, which option prioritizes call-sig traffic over critical traffic?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 144
A Layer 2 transparent firewall separates two OSPFv3 routers. For the two OSPFv3 routers to form an adjacency, which protocol must be permitted on the firewall?
A. IPv4 protocol 89
B. IPv6 protocol 89
C. TCP port 89
D. UDP port 89
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 145
In MSTP, which two factors determine the root bridge in each region? (Choose two.)
A. The switch with the higher priority becomes the root bridge.
B. The switch with the lower priority becomes the root bridge.
C. The switch with the lower MAC address becomes the root bridge when priorities are tied.
D. The switch with the higher MAC address becomes the root bridge when priorities are tied.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 146
Which two LSA types are only generated by an ABR router? (Choose two.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 147
Which two statements about MVRP on EX Series switches are true? (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 148
A company's security policy does not allow outside computers or smart phones into their work areas. All company-provided computers are strictly controlled using
802.1X authentication on all of their switches. All computers obtain DHCP IP addresses from centralized servers and all switches have IP spoofing enabled.
However, one of the computers was able to send IP spoofed packets.
Why did the IP spoof feature fail to prevent the spoofed packets from being forwarded?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 149
What is a valid router ID configuration for OSPFv3 in the Junos OS?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 150
You are setting up a new switch in your network that is using MSTP. You have configured all access ports as edge ports, and you want to make sure that the
access ports can never transition to nonedge ports.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 151
When using PIM-SM in ASM mode, which two events trigger the creation of a shortest-path tree? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 152
A coffee shop offering free Internet service to customers wants to implement the following security policies:
1. Every customer must agree to a set of terms and conditions before accessing the Internet.
2. Log out customers that are logged in for more than one hour.
3. Log out customers that are idle for more than 5 minutes.
4. Authenticate employee desktop computers with known hardware addresses in the office of the coffee shop to access the Internet without the above restrictions.
A. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x
authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0
set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services
captive-portal custom-options banner-message "Terms and Conditions of Use"
B. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator authentication-profile-name dot1x set services
captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0
set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services
captive-portal custom-options banner-message "Terms and Conditions of Use"
C. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x
authenticator authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0
set services captive-portal interface ge-0/0/12.0 idle-timeout 300 set services captive-portal interface ge-0/0/12.0 user-timeout 3600 set services captive-portal
secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services captive-portal custom-
options banner-message "Terms and Conditions of Use"
D. set protocols dot1x authenticator interface ge-0/0/12.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/12.0 mac-radius set protocols dot1x
authenticator interface ge-0/0/12.0 idle-timeout 300 set protocols dot1x authenticator interface ge-0/0/12.0 user-timeout 3600 set protocols dot1x authenticator
authentication-profile-name dot1x set services captive-portal authentication-profile-name dot1x set services captive-portal interface ge-0/0/12.0
set services captive-portal secure-authentication https set services captive-portal custom-options header-message "Welcome to Our Coffee Shop" set services
captive-portal custom-options banner-message "Terms and Conditions of Use"
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 153
What is an IP multicast routing protocol?
A. RSVP
B. OSPF
C. PIM
D. CDP
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 154
Which version of BGP would an enterprise use to peer with an ISP?
A. Confederation BGP
B. External BGP
C. Internal BGP
D. Labeled-Unicast
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 155
You are setting up a new switch in your network that is using MSTP. You want to make sure that any port connected to a host starts forwarding traffic immediately.
How can you meet this requirement?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 156
You have been asked to implement 802.1X in your network and to ensure that all authorized users continue to be permitted should the RADIUS server fail.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 157
How does an administrator block IGMP reports for the 239.0.0.0/8 group range?
A. Create a routing policy and apply it to IGMP using the group-policy feature.
B. Create a routing policy and apply it to IGMP using the report-policy feature.
C. Create a routing policy and apply it to IGMP as export.
D. Create a routing policy and apply it to IGMP as import.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 158
You have been asked to implement a private VLAN with two community VLANs. This private VLAN must span multiple switches in your Layer 2 network.
Which two statements about this deployment are true? (Choose two.)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 159
Which configuration parameter causes a router to ignore router ID and peer ID from the BGP route selection algorithm?
A. multihop
B. as-path loops
C. multipath
D. next-hop self
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 160
If your WAN-edge router is multihomed to different ISPs, which two BGP attributes would you modify to affect outbound traffic? (Choose two.)
A. MED
B. origin
C. local preference
D. community
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 161
A medium-sized enterprise has some devices that are 802.1X capable and some that are not. Any device that fails authentication must be provided limited access
through a VLAN called NONAUTH.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 162
When using PIM-SM in SSM mode, which event triggers the creation of a shortest-path tree?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 163
Which statement regarding LLDP update messages is correct?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 164
When 802.1X, MAC-RADIUS, and Captive Portal are enabled on an interface, which authentication sequence occurs?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 165
You are troubleshooting a problem on interface ge-0/0/3.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 166
Which CoS component helps with TCP global synchronization problems?
A. WRR with rewrite rules
B. WRED with drop profiles
C. tail drop profiles with a behavior aggregate classifier
D. exact term with a scheduler
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 167
You want to control bursts of HTTP traffic entering your SRX Series Gateway. To support varying requirements, interfaces ge-0/0/0 through ge-0/0/3 should each
be rate-limited separately, using the same parameters.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 168
You are configuring BGP peering with a neighboring AS. Multiple physical links exist between your edge router and the neighboring edge router, and you want a
configuration that supports the highest degree of redundancy.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 169
An OSPF router is an ABR but not an ASBR.
Which three types of LSAs would you expect this router to generate? (Choose three.)
A. Type 1 LSA
B. Type 3 LSA
C. Type 4 LSA
D. Type 5 LSA
E. Type 6 LSA
Explanation/Reference:
QUESTION 170
-- Exhibit --
inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both
Router R1 in the exhibit is receiving auto-RP announce messages specifying an RP of 192.168.10.1 and BSR messages specifying an RP-set with an RP of
192.168.50.1.
Which address will R1 use as the RP for traffic destined to the 224.1.1.1 multicast group?
A. 192.168.3.1
B. 192.168.5.1
C. 192.168.10.1
D. 192.168.50.1
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 171
-- Exhibit
-- Exhibit --
In the exhibit, customers connected to Area 3 must have access to external prefixes received from the data center connected to the router in Area 1. These
configurations are currently applied to the routers in Area 1:
{master:0}[edit]
user@Area-1-ABR# show protocols ospf
no-nssa-abr;
area 0.0.0.1 {
nssa;
interface ge-1/1/1.100;
}
{master:0}[edit]
user@Area-1-External# show protocols ospf
area 0.0.0.1 {
stub no-summaries;
interface ge-1/1/1.100;
}
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 172
-- Exhibit --
Referring to the output in the exhibit, why does the router prefer the path toward interface ge- 0/0/0.0 for the 20.0.0.0/8 route?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 173
-- Exhibit --
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 174
-- Exhibit --
A. VSTP
B. MSTP
C. RSTP
D. PVST
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 175
-- Exhibit
-- Exhibit --
Given the topology in the exhibit, which two statements related to the Q-in-Q tunneling implementation are true? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 176
-- Exhibit
-- Exhibit --
You are implementing Q-in-Q tunneling to connect R1 and R2 using the configurations shown in the exhibit.
What must be changed on Switch_A to allow both Dot1q-tunneling VLANs and non-Dot1q- tunneling VLANs on the same trunk interface?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 177
-- Exhibit
-- Exhibit --
In the exhibit, Host2 is the only host currently joining group 231.1.1.1, but S1 is still flooding the traffic to all hosts on VLAN 100.
What feature can be configured on S1 to limit the multicast flooding of traffic to only interested hosts on VLAN 100?
A. Multicast scoping
B. IGMP snooping
C. Multicast VLAN registration
D. IGMP immediate leave
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 178
-- Exhibit --
{master:0}[edit]
user@switch# show protocols vstp
vlan 100;
{master:0}[edit]
user@switch# run show spanning-tree bridge
STP bridge parameters
Context ID : 1
Enabled protocol : RSTP
{master:0}[edit]
user@switch# run show spanning-tree interface
{master:0}[edit]
user@switch#
-- Exhibit --
Based on the output shown in the exhibit, why is VSTP not working for VLAN 100?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 179
-- Exhibit
-- Exhibit --
Referring to the exhibit, what is the correct RPF path toward the multicast source from R6?
A. R6-R5
B. R6-R7-R4-R5
C. R6-R4-R5
D. R6-R4-R3-R2-R5
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 180
-- Exhibit --
{master:0}[edit]
user@switch# show ethernet-switching-options voip
interface ge-0/0/16.0 {
vlan phones;
}
{master:0}[edit]
user@switch# show interfaces ge-0/0/16
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members internet;
}
}
}
{master:0}[edit]
user@switch# show vlans
hr {
vlan-id 513;
}
internet {
vlan-id 15;
}
phones {
vlan-id 25;
}
servers {
vlan-id 30;
}
{master:0}[edit]
user@switch# show interfaces ge-0/0/23
description uplink;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ hr internet ];
}
}
}
-- Exhibit --
Click the Exhibit button.
You have recently implemented a Layer 2 network designed to support VoIP. Users have reported that they cannot use their IP phones to make calls.
Based on the switch configuration shown in the exhibit, which command will resolve this issue?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 181
-- Exhibit
-- Exhibit --
Based on the SPF calculation in the exhibit, what is the shortest path to reach R3 from R1?
A. R2-R3
B. R2-R5-R4
C. R3
D. R2-R4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 182
-- Exhibit --
Mar 16 18:39:15.800390 BGP RECV 172.14.10.2+57785 -> 172.14.10.1+179 Mar 16 18:39:15.800932 BGP RECV message type 1 (Open) length 59 Mar 16
18:39:15.800995 BGP RECV version 4 as 2 holdtime 90 id 192.168.5.1 parmlen 30 Mar 16 18:39:15.801064 BGP RECV MP capability AFI=2, SAFI=1 Mar 16
18:39:15.801112 BGP RECV Refresh capability, code=128 Mar 16 18:39:15.801172 BGP RECV Refresh capability, code=2 Mar 16 18:39:15.801224 BGP RECV
Restart capability, code=64, time=120, flags= Mar 16 18:39:15.801289 BGP RECV 4 Byte AS-Path capability (65), as_num 2 Mar 16 18:39:15.801705 advertising
receiving-speaker only capabilty to neighbor 172.14.10.2 (External AS 2)
Mar 16 18:39:15.801787 bgp_senD. sending 59 bytes to 172.14.10.2 (External AS 2) Mar 16 18:39:15.801845
Mar 16 18:39:15.801845 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785 Mar 16 18:39:15.801933 BGP SEND message type 1 (Open) length 59 Mar 16
18:39:15.801991 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen 30 Mar 16 18:39:15.802054 BGP SEND MP capability AFI=1, SAFI=1 Mar 16
18:39:15.802115 BGP SEND Refresh capability, code=128 Mar 16 18:39:15.802176 BGP SEND Refresh capability, code=2 Mar 16 18:39:15.802227 BGP SEND
Restart capability, code=64, time=120, flags= Mar 16 18:39:15.802292 BGP SEND 4 Byte AS-Path capability (65), as_num 1 Mar 16 18:39:15.802615
bgp_process_caps: mismatch NLRI with 172.14.10.2 (External AS 2):
peer: <inet6-unicast>(16) us: <inet-unicast>(1)
Mar 16 18:39:15.802763 bgp_process_caps:2561: NOTIFICATION sent to 172.14.10.2 (External AS 2): code 2 (Open Message Error) subcode 7 (unsupported
capability) value 1 Mar 16 18:39:15.802913 bgp_senD. sending 23 bytes to 172.14.10.2 (External AS 2) Mar 16 18:39:15.802969
Mar 16 18:39:15.802969 BGP SEND 172.14.10.1+179 -> 172.14.10.2+57785 Mar 16 18:39:15.803057 BGP SEND message type 3 (Notification) length 23 Mar 16
18:39:15.803113 BGP SEND Notification code 2 (Open Message Error) subcode 7 (unsupported capability)
Mar 16 18:39:15.803179 BGP SEND Data (2 bytes): 00 01 -- Exhibit --
Click the Exhibit button.
Looking at the traceoptions output in the exhibit, why is the BGP neighbor not in Established state?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 183
-- Exhibit
-- Exhibit --
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 184
-- Exhibit --
user@router> show class-of-service scheduler-map two Scheduler map: two, Index: 56974
Scheduler: sch-best-effort, Forwarding class: best-effort, Index: 26057 Transmit ratE. 1 percent, Rate Limit: exact, Buffer sizE. remainder, Buffer Limit: exact,
Priority: low
Excess Priority: unspecified
Drop profiles:
Loss priority Protocol Index Name
Low any 1 <default-drop-profile>
Medium low any 1 <default-drop-profile>
user@router> show interfaces ge-0/0/1 extensive | find "CoS Information" CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer
Priority Limit
% bps % usec
0 best-effort 1 10000000 r 0
low exact
1 expedited-forwarding 1 10000000 1 0
high none
Logical interface ge-0/0/1.823 (Index 74) (SNMP ifIndex 506) (Generation 139)
Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.823 ] Encapsulation: ENET2 Traffic statistics:
Input bytes : 1820224529
Output bytes : 6505980
Input packets: 1436371
Output packets: 75905
user@router> show interfaces ge-0/0/1 extensive | find "Queue Counters" Queue counters: Queued packets Transmitted packets Dropped packets 0 best-effort
1343970 1343970 7105
1 expedited-fo 53987 53987
2 assured-forw 0 0
3 network-cont 0 0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
Active alarms : None
Active defects : None
(... output truncated ...)
-- Exhibit --
Based on the configuration in the exhibit, why are you seeing drops in the best-effort queue on the SRX Series platform?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 185
-- Exhibit --
inet.0: 9 destinations, 10 routes (7 active, 0 holddown, 2 hidden) + = Active Route, - = Last Active, * = Both
Looking at the output in the exhibit, why is the BGP neighbor not in Established state?
Explanation/Reference:
QUESTION 186
-- Exhibit --
{master:0}[edit]
user@SwitchA# show access
radius-server {
172.27.14.226 {
port 1812;
secret "$9$vqs8xd24Zk.5bs.5QFAtM8X"; ## SECRET-DATA }
}
profile dot1x {
authentication-order radius;
radius {
authentication-server 172.27.14.226;
accounting-server 172.27.14.226;
}
accounting {
order radius;
immediate-update;
}
}
{master:0}[edit]
user@SwitchA#
-- Exhibit --
Referring to the exhibit, which three statements describe correct behavior of Switch A? (Choose three.)
A. Switch A allows complete access to all users connected to port ge-0/0/2 that log in with their correct user credentials.
B. Switch A allows complete access to all users connected to port ge-0/0/0 that log in with their correct user credentials.
C. Switch A allows complete access to the second user that connects to port ge-0/0/1 with its correct credentials only after the first user logs out.
D. Switch A allows complete access to all users connected to port ge-0/0/0 without authentication after the first user has logged in with its correct user credentials.
E. Switch A allows complete access to all users connected to port ge-0/0/1 that securely log in using HTTPS with their correct user credentials.
Explanation/Reference:
QUESTION 187
-- Exhibit --
Mar 16 17:48:06.145257 OSPF periodic xmit from 172.14.10.1 to 224.0.0.5 (IFL 69 area 0.0.0.1) Mar 16 17:48:12.404986 ospf_trigger_build_telink_lsas : No peer
found Mar 16 17:48:13.013420 ospf_trigger_build_telink_lsas : No peer found Mar 16 17:48:13.013555 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr
192.168.2.1 state QUIET->GEN_PENDING
Mar 16 17:48:13.013661 OSPF trigger router LSA 0x156d0f0 build for area 0.0.0.1 lsa-id 192.168.2.1
Mar 16 17:48:13.017494 ospf_set_lsdb_statE. Router LSA 192.168.2.1 adv-rtr 192.168.2.1 state GEN_PENDING->QUIET
Mar 16 17:48:13.017636 OSPF built router LSA, area 0.0.0.1, link count 2 Mar 16 17:48:13.017954 OSPF sent Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69
area 0.0.0.1)
Mar 16 17:48:13.018023 Version 2, length 44, ID 192.168.2.1, area 0.0.0.1 Mar 16 17:48:13.018111 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128 Mar 16
17:48:13.018162 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0 Mar 16 17:48:13.018613 OSPF DR is 192.168.2.1, BDR is 0.0.0.0 Mar 16 17:48:13.018900 OSPF sent
Hello 172.14.10.1 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)
Mar 16 17:48:13.018968 Version 2, length 44, ID 192.168.2.1, area 0.0.0.1 Mar 16 17:48:13.019032 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128 Mar 16
17:48:13.019118 dead_ivl 40, DR 172.14.10.1, BDR 0.0.0.0 Mar 16 17:48:13.028426 OSPF DR is 192.168.2.1, BDR is 0.0.0.0 Mar 16 17:48:13.432025 OSPF
packet ignoreD. area mismatch (0.0.0.0) from 172.14.10.2 on intf ge-0/0/1.0 area 0.0.0.1
Mar 16 17:48:13.432135 OSPF rcvd Hello 172.14.10.2 -> 224.0.0.5 (ge-0/0/1.0 IFL 69 area 0.0.0.1)
Mar 16 17:48:13.432189 Version 2, length 44, ID 192.168.5.1, area 0.0.0.0 Mar 16 17:48:13.432274 checksum 0x8065, authtype 0
Mar 16 17:48:13.432346 mask 255.255.255.0, hello_ivl 10, opts 0x2, prio 128 Mar 16 17:48:13.432398 dead_ivl 40, DR 172.14.10.2, BDR 0.0.0.0 commit complete
-- Exhibit --
Looking at the traceoptions output in the exhibit, why are the OSPF routers stuck in Init state?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 188
-- Exhibit
-- Exhibit --
A customer is trying to configure a router to peer using EBGP to a neighbor. As shown in the exhibit, two links are being used for this configuration. The goal of this
configuration is to load- balance traffic across both EBGP links.
A. {master:0}[edit]
user@router# show protocols bgp
group External {
multihop;
local-address 192.168.2.1;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
{master:0}[edit]
user@router# show routing-options
static {
route 192.168.5.1/32 next-hop 192.168.2.1;
}
autonomous-system 65432;
B. {master:0}[edit]
user@router# show protocols bgp
group External {
multihop;
local-address 192.168.2.1;
peer-as 65532;
neighbor 192.168.5.1;
}
{master:0}[edit]
user@router# show routing-options
static {
route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ]; }
autonomous-system 65432;
forwarding-table {
export load-balance;
}
{master:0}[edit]
user@router# show policy-options policy-statement load-balance term balance {
then {
load-balance per-packet;
accept;
}
}
C. {master:0}[edit]
user@router# show protocols bgp
group External {
multi-path;
local-address 192.168.2.1;
peer-as 65532;
neighbor 192.168.5.1;
}
{master:0}[edit]
user@router# show routing-options
static {
route 192.168.5.1/32 next-hop [ 10.10.2.2 10.20.2.2 ]; }
autonomous-system 65432;
D. {master:0}[edit]
user@router# show protocols bgp
group External {
multipath;
local-address 192.168.2.1;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
{master:0}[edit]
user@router# show routing-options
static {
route 192.168.5.1/32 next-hop 192.168.2.1;
}
autonomous-system 65432;
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 189
-- Exhibit
-- Exhibit --
Click the Exhibit button.
In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them into Area 1 using an export policy. You do not want any of the RIP
routes to be in the routing table of R1.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 190
-- Exhibit
-- Exhibit --
In the exhibit, a customer wants to configure an EBGP connection to two different routers in a neighboring autonomous system. The goal of this configuration is to
use per-prefix load balancing across both EBGP links.
Which configuration accomplishes this goal?
A. {master:0}[edit]
user@router# show protocols bgp
group External {
multihop;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
B. {master:0}[edit]
user@router# show protocols bgp
group External {
multipath;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
C. {master:0}[edit]
user@router# show protocols bgp
group External {
multihop;
local-address 192.168.2.1;
peer-as 65532;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
user@router# show routing-options
static {
route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];
}
autonomous-system 65432;
D. {master:0}[edit]
user@router# show protocols bgp
group External {
multihop;
local-address 192.168.2.1;
peer-as 65532;
multipath;
neighbor 10.10.2.2;
neighbor 10.20.2.2;
}
user@router# show routing-options
static {
route 0.0.0.0 next-hop [ 10.10.2.2 10.20.2.2 ];
}
autonomous-system 65432;
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 191
-- Exhibit
-- Exhibit --
Referring to the exhibit, R4 in AS 100 is sending routes 20.0.0.0/8 and 10.0.0.0/8. R3 sees the routes but R5 does not.
What must be configured on the R3 router for the R5 router to install the routes?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 192
-- Exhibit
-- Exhibit --
You are asked to configure an OSPF virtual link that connects remote Area 4 to the backbone.
Referring to the exhibit, what are two requirements for an OSPF virtual link to operate correctly? (Choose two.)
A. A virtual link configuration on the ABR between Areas 0 and 1 must include transit area 1.
B. The interface of the transit area must be of type vt.
C. A virtual link configuration on the ABR between Areas 0 and 1 must be the interface address of the neighbor on the far end.
D. A virtual link configuration on the ABR between Areas 0 and 1 must be the router ID (RID) of the neighbor on the far end.
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 193
-- Exhibit
-- Exhibit --
In the exhibit, R5 is receiving five 200.1.1.x routes from the RIP router, and is advertising them into Area 1 using an export policy. You want to summarize the RIP
routes into Area 0 with the most specific prefix.
A. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
area-range 200.1.1.0/29;
interface ge-0/0/1.0;
interface ge-0/0/2.0;
interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
}
interface ge-0/0/3.0;
}
}
B. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
interface ge-0/0/1.0;
interface ge-0/0/2.0;
interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
area-range 200.1.1.0/28;
}
interface ge-0/0/3.0;
}
}
C. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
interface ge-0/0/1.0;
interface ge-0/0/2.0;
interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
area-range 200.1.1.0/29;
}
interface ge-0/0/3.0;
}
}
D. [edit protocols]
user@R1# show
ospf {
area 0.0.0.0 {
area-range 200.1.1.0/28;
interface ge-0/0/1.0;
interface ge-0/0/2.0;
interface lo0.0;
}
area 0.0.0.1 {
nssa {
default-lsa type-7;
}
interface ge-0/0/3.0;
}
}
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 194
-- Exhibit --
user@router>
-- Exhibit --
Click the Exhibit button.
Examine the output of the show bgp summary command shown in the exhibit.
A. 10.0.3.5
B. 172.16.0.6
C. 2001:ffff::3:5
D. 2001:ffff:3:5
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 195
-- Exhibit --
user@SwitchA>
-- Exhibit --
Referring to the exhibit, how do you allow Host 3 to authenticate to the network but maintain secure access?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 196
-- Exhibit --
Group: 224.1.1.1
SourcE. *
RP: 192.168.1.1
Flags: sparse,rptree,wildcard
Upstream interfacE. Local
Upstream neighbor: Local
Upstream statE. Local RP
Downstream neighbors:
InterfacE. so-0/0/0.0
10.0.1.2 StatE. Join Flags: SRW Timeout: 176
Group: 224.1.1.1
SourcE. 10.0.5.2
Flags: sparse,spt
Upstream interfacE. unknown (no nexthop)
Upstream neighbor: unknown
Upstream statE. Local RP
Keepalive timeout: 106
Downstream neighbors:
InterfacE. so-0/0/0.0
10.0.1.2 StatE. Join Flags: S Timeout: 176
The CLI output shown in the exhibit was taken from the RP in a PIM-SM network.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 197
-- Exhibit --
A. ID 10.1.1.0
B. ID 10.0.3.4
C. ID 10.0.3.3
D. ID 10.0.2.4
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 198
-- Exhibit --
{master:0}[edit]
user@router# show class-of-service
classifiers {
inet-precedence normal-traffic {
forwarding-class best-effort {
loss-priority low code-points [ my1 my2 ];
}
}
}
code-point-aliases {
inet-precedence {
my1 000;
my2 001;
cs1 010;
cs2 011;
cs3 100;
cs4 101;
cs5 111;
cs6 111;
}
}
-- Exhibit --
In the exhibit, you see a configuration for CoS. Incoming traffic with specific IP precedence bits should be mapped to a forwarding class named best-effort. A
classifier named normal-traffic is defined.
A. Include the option q-pic-large-buffer under the chassis hierarchy to accommodate the new code points.
B. Apply classifier normal traffic to the interface hierarchy under the class-of-service stanza.
C. Configure a rewrite marker on the ingress Gigabit Ethernet interface.
D. Add code point values for the expedited-forwarding forwarding class as well as the best- effort forwarding class.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 199
-- Exhibit --
user@router> show configuration routing-options autonomous-system 65550;
user@router> show configuration protocols bgp
group ibgp {
type internal;
neighbor 10.0.3.5;
}
group ibgpv6 {
type internal;
local-address 2001:ffff::3:4;
neighbor 2001:ffff::3:5;
}
group as65010 {
family inet {
unicast;
}
family inet6 {
unicast;
}
export as65010-out;
peer-as 65010;
neighbor 172.16.0.6;
}
inet.0: 43 destinations, 47 routes (43 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path
* 10.0.2.0/30 Self 7000 I
* 10.0.2.4/30 Self 7000 I
* 10.0.2.8/30 Self 7000 I
* 10.0.2.16/30 Self 7000 I
* 10.0.3.3/32 Self 7000 I
* 10.0.3.4/32 Self 7000 I
* 10.0.3.5/32 Self 7000 I
* 10.0.4.8/30 Self 7000 I
* 10.0.8.8/30 Self 7000 I
* 10.0.9.9/32 Self 7000 I
* 10.255.255.1/32 Self 7000 I
* 64.142.88.0/24 Self 7000 I
* 130.130.0.0/16 Self 6 65222 46375 701 14203 I
* 131.131.131.0/24 Self 6 65222 46375 701 14203 I
* 132.132.0.0/25 Self 6 65222 46375 701 32934 I
* 133.133.0.0/25 Self 6 65222 46375 701 32934 I
* 134.134.0.0/25 Self 65222 46375 14203 I
* 135.135.0.0/25 Self 65222 46375 14203 14203 I
* 172.16.0.4/30 Self 7000 I
* 172.16.0.12/30 Self 7000 I
* 172.16.200.0/30 172.16.0.6 7000 I
* 192.0.2.0/24 172.16.0.6 7000 I
* 192.168.50.0/24 Self 7000 I
* 192.168.253.0/24 Self 7000 I
* 200.200.0.0/16 172.16.0.6 7000 I
* 200.200.0.1/32 172.16.0.6 7000 I
* 200.200.1.1/32 172.16.0.6 7000 I
* 200.200.200.200/32 172.16.0.6 7000 I
inet6.0: 23 destinations, 28 routes (23 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path
* ::172.16.0.4/126 Self 7000 I
* 2001:1:1::/64 Self 7000 I
* 2001:1:2::/64 Self 7000 I
* 2001:ffff::3:3/128 Self 7000 I
* 2001:ffff::3:4/128 Self 7000 I
* 2001:ffff::3:5/128 Self 7000 I
* 2001:ffff::9:7/128 Self 7000 I
user@router>
-- Exhibit --
You are configuring an EBGP peer in a transit environment. You must advertise routes learned from other EBGP peers in your AS. Any routes originated from
within your AS should have a MED of 7000 set. Any routes that originate in AS65222 should be prepended four times. Any routes that transit AS701 should have a
MED set to 6. This scenario results in the unintended advertisement of internal 10.0.0.0/8 networks to your peer.
What caused the accidental advertisement of internal networks to your EBGP peer?
A. Your AS number of 65550 is a private AS number.
B. The BGP group as65010 is configured for both family inet unicast and family inet6 unicast protocol families.
C. The export policy as65010-out is misconfigured.
D. The as-path local-only includes a misconfigured regular expression.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 200
-- Exhibit --
[edit]
user@router# run show ospf database external lsa-id 71.23.48.0 extensive OSPF AS SCOPE link state database
Type ID Adv Rtr Seq Age Opt Cksum Len
Extern 71.23.48.0 67.176.255.5 0x80000001 114 0x22 0x171b 36 mask 255.255.248.0
Topology default (ID 0)
TypE. 2, MetriC. 0, Fwd addr: 0.0.0.0, TaG. 0.0.0.0 Aging timer 00:58:06
Installed 00:01:53 ago, expires in 00:58:06, sent 00:01:53 ago Last changed 00:01:53 ago, Change count: 1
Extern 71.23.48.0 67.176.255.7 0x8000005a 487 0x22 0x587e 36 mask 255.255.248.0
Topology default (ID 0)
TypE. 2, MetriC. 0, Fwd addr: 0.0.0.0, TaG. 0.0.0.0 Aging timer 00:51:52
Installed 00:08:01 ago, expires in 00:51:53, sent 00:07:59 ago Last changed 2d 19:33:58 ago, Change count: 1
Extern 71.23.48.0 67.176.255.8 0x8000005c 540 0x22 0xf73e 36 mask 255.255.248.0
Topology default (ID 0)
TypE. 1, MetriC. 30, Fwd addr: 0.0.0.0, TaG. 0.0.0.0 Aging timer 00:51:00
Installed 00:08:59 ago, expires in 00:51:00, sent 00:08:59 ago Last changed 00:08:59 ago, Change count: 3
-- Exhibit --
As shown in the exhibit, a router is receiving three external LSAs for the prefix 71.23.48.0.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 201
-- Exhibit
-- Exhibit --
In the exhibit, the 10.100/16 prefix is introduced at autonomous system 1 (AS1) and propagated through to AS3. Router A in AS3 receives two different paths to
these prefixes, one through AS2 and the other through AS4. No BGP attributes have been altered.
A. the route with the lowest interface address for the EBGP peering session
B. the route with the lowest local preference
C. the route to the EBGP peer that has the lowest RID
D. the route from the EBGP peer that arrived first
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 202
-- Exhibit --
[edit]
user@R1# show routing-options router-id
router-id 1.1.1.1;
[edit]
user@R1# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/7.0;
}
[edit]
user@R2# show routing-options router-id
router-id 2.2.2.2;
[edit]
user@R2# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/8.0 {
priority 200;
}
}
[edit]
user@R3# show routing-options router-id
router-id 222.255.255.255;
[edit]
user@R3# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/8.0;
}
[edit]
user@R4# show routing-options router-id
router-id 239.255.255.255;
[edit]
user@R4# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/6.0 {
priority 0;
}
}
-- Exhibit --
All four routers in the exhibit are in the same broadcast domain. The routers were powered on at the same time.
Based on the configurations, which devices are the DR and the BDR
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 203
-- Exhibit --
user@router> show interfaces ge-0/0/0 extensive | find "Queue counters" Queue counters: Queued packets Transmitted packets Dropped packets 0 best-effort
35244 35244 0
1 expedited-fo 258963 59852 199111
2 assured-forw 0 0 0
3 network-cont 1625847 1625847 0
...
-- Exhibit --
You recently deployed an SRX Series Gateway in your network. It uses the default class of service configuration.
Based on the output in the exhibit, what reason explains the packet drops in Queue 1?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 204
-- Exhibit --
ar 16 19:12:58.291474 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179 Mar 16 19:12:58.291624 BGP RECV message type 1 (Open) length 59 Mar 16
19:12:58.291688 BGP RECV version 4 as 2 holdtime 90 id 192.168.2.1 parmlen 30 Mar 16 19:12:58.291752 BGP RECV MP capability AFI=1, SAFI=1 Mar 16
19:12:58.291802 BGP RECV Refresh capability, code=128 Mar 16 19:12:58.291850 BGP RECV Refresh capability, code=2 Mar 16 19:12:58.291915 BGP RECV
Restart capability, code=64, time=120, flags= Mar 16 19:12:58.291969 BGP RECV 4 Byte AS-Path capability (65), as_num 2 Mar 16 19:12:58.292385 advertising
receiving-speaker only capabilty to neighbor 172.14.10.2 (External AS 2)
Mar 16 19:12:58.292452 bgp_senD. sending 59 bytes to 172.14.10.2 (External AS 2) Mar 16 19:12:58.292522
Mar 16 19:12:58.292522 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230 Mar 16 19:12:58.292601 BGP SEND message type 1 (Open) length 59 Mar 16
19:12:58.293053 BGP SEND version 4 as 1 holdtime 90 id 192.168.2.1 parmlen 30 Mar 16 19:12:58.293124 BGP SEND MP capability AFI=1, SAFI=1 Mar 16
19:12:58.293173 BGP SEND Refresh capability, code=128 Mar 16 19:12:58.293221 BGP SEND Refresh capability, code=2 Mar 16 19:12:58.293284 BGP SEND
Restart capability, code=64, time=120, flags= Mar 16 19:12:58.293336 BGP SEND 4 Byte AS-Path capability (65), as_num 1 Mar 16 19:12:58.293517 bgp_senD.
sending 19 bytes to 172.14.10.2 (External AS 2) Mar 16 19:12:58.293573
Mar 16 19:12:58.293573 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230 Mar 16 19:12:58.293665 BGP SEND message type 4 (KeepAlive) length 19 Mar 16
19:12:58.296781
Mar 16 19:12:58.296781 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179 Mar 16 19:12:58.296897 BGP RECV message type 4 (KeepAlive) length 19 Mar 16
19:12:58.297451 bgp_senD. sending 19 bytes to 172.14.10.2 (External AS 2) Mar 16 19:12:58.297528
Mar 16 19:12:58.297528 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230 Mar 16 19:12:58.297600 BGP SEND message type 4 (KeepAlive) length 19 Mar 16
19:12:58.298102 bgp_senD. sending 23 bytes to 172.14.10.2 (External AS 2) Mar 16 19:12:58.298185
Mar 16 19:12:58.298185 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230 Mar 16 19:12:58.298273 BGP SEND message type 2 (Update) length 23 Mar 16
19:12:58.298322 BGP SEND End of RIB. AFI 1 SAFI 1 Mar 16 19:12:58.301834
Mar 16 19:12:58.301834 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179 Mar 16 19:12:58.301957 BGP RECV message type 4 (KeepAlive) length 19 Mar 16
19:12:58.302034 bgp_read_v4_messagE. done with 172.14.10.2 (External AS 2) received 19 octets 0 updates 0 routes
Mar 16 19:12:58.304594
Mar 16 19:12:58.304594 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179 Mar 16 19:12:58.304702 BGP RECV message type 2 (Update) length 23 Mar 16
19:12:58.304765 BGP RECV End of RIB. AFI 1 SAFI 1 Mar 16 19:12:58.304848 bgp_read_v4_messagE. done with 172.14.10.2 (External AS 2) received 23 octets
1 update 0 routes
Mar 16 19:13:22.968415 bgp_senD. sending 19 bytes to 172.14.10.2 (External AS 2) Mar 16 19:13:22.968586
Mar 16 19:13:22.968586 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230 Mar 16 19:13:22.968675 BGP SEND message type 4 (KeepAlive) length 19 Mar 16
19:13:26.901339
Mar 16 19:13:26.901339 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179 Mar 16 19:13:26.901464 BGP RECV message type 4 (KeepAlive) length 19 Mar 16
19:13:26.901543 bgp_read_v4_messagE. done with 172.14.10.2 (External AS 2) received 19 octets 0 updates 0 routes
Mar 16 19:13:51.335927 bgp_senD. sending 19 bytes to 172.14.10.2 (External AS 2) Mar 16 19:13:51.348180
Mar 16 19:13:51.348180 BGP SEND 172.14.10.1+179 -> 172.14.10.2+51230 Mar 16 19:13:51.348296 BGP SEND message type 4 (KeepAlive) length 19 Mar 16
19:13:53.844160
Mar 16 19:13:53.844160 BGP RECV 172.14.10.2+51230 -> 172.14.10.1+179 Mar 16 19:13:53.844329 BGP RECV message type 4 (KeepAlive) length 19 Mar 16
19:13:53.844392 bgp_read_v4_messagE. done with 172.14.10.2 (External AS 2) received 19 octets 0 updates 0 routes
-- Exhibit --
Click the Exhibit button.
Looking at the traceoptions output, what is the current keepalive timer set for in BGP?
A. 1 second
B. 10 seconds
C. 30 seconds
D. 90 seconds
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 205
-- Exhibit
-- Exhibit --
As shown in the exhibit, a legacy IP phone is attached to Switch-1. The phone does not support LLDP-MED, but does allow configuration using DHCP. Existing
network CoS policies dictate that VoIP traffic must use VLAN 10.
Which two actions put VoIP traffic onto VLAN 10? (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 206
-- Exhibit
-- Exhibit --
Which statement about the non-ABR router in Area 2 in the exhibit is true?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 207
-- Exhibit
-- Exhibit --
Referring to the exhibit, you want to configure Switch-1 to allow a user on interface ge-0/0/10 to accommodate both voice and data traffic. Your phones and your
switches are LLDP-MED capable.
What is the minimal configuration that allows LLDP-MED to autoconfigure your phone's voice VLAN?
A. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan set
interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set
protocols lldp-med interface ge-0/0/10.0
B. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members voice_vlan set
interfaces ge-0/0/10 unit 0 family ethernet-switching native-vlan-id data_vlan set ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set
protocols lldp interface ge-0/0/10.0
C. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set
ethernet-switching-options voip interface ge-0/0/10.0 forwarding-class assured-forwarding set protocols lldp-med interface ge-0/0/10.0
D. set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members data_vlan set
ethernet-switching-options voip interface ge-0/0/10.0 vlan voice_vlan set protocols lldp-med interface ge-0/0/10.0
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 208
-- Exhibit
-- Exhibit --
Site A is sending voice traffic marked with DSCP code EF. SRX A has the default CoS classifier.
A. best-effort
B. expedited-forwarding
C. network-control
D. assured-forwarding
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 209
-- Exhibit
-- Exhibit --
In the exhibit, the routers in the network have a default PIM sparse mode configuration. R2 shows that R1 is the RPF next hop for the source, and R3 is the RPF
next hop for the RP. Host1 is currently receiving multicast traffic for group 231.1.1.1. Host2 has come online and is attempting to join group 232.1.1.1. R2 has just
received an IGMP message with the source and group addresses.
Which step happens next so that Host2 can join the multicast group?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 210
-- Exhibit
-- Exhibit --
In the exhibit, the provider bridges are using Q-in-Q tunneling to tunnel VLAN 100 traffic over VLAN 200.
What is the correct VLAN configuration for Q-in-Q tunneling on Provider Bridge A?
A. interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members test;
}
}
}
}
}
vlans {
test {
vlan-id 200;
interface {
ge-0/0/0.0;
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
B. interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members test;
}
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
}
vlans {
test {
vlan-id 200;
interface {
ge-0/0/0.0;
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
C. interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members test;
}
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
}
vlans {
test {
vlan-id 200;
interface {
ge-0/0/10.0;
}
dot1q-tunneling {
customer-vlans 100;
}
}
}
D. interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members test;
}
}
}
}
}
vlans {
test {
vlan-id 100;
interface {
ge-0/0/0.0;
}
dot1q-tunneling {
customer-vlans 200;
}
}
}
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 211
-- Exhibit
-- Exhibit --
In the topology shown in the exhibit, which two BGP attributes can AS1 manipulate to influence the path that AS4 takes to reach prefixes originated by AS1?
(Choose two.)
A. Local Preference
B. AS Path
C. Origin
D. MED
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 212
-- Exhibit
-- Exhibit --
Traffic flows through your network, as shown in the exhibit. You have configured a rewrite rule on R1 to mark HTTP traffic with a specific DSCP value.
What must you do to ensure that the HTTP traffic preserves its DSCP value as it leaves your CoS domain?
A. Use behavior aggregate classifiers mapping the HTTP traffic to the specific DSCP value on R1 and R2.
B. Use rewrite rules mapping the HTTP traffic to the specific DSCP value on R2 and R3.
C. Use a rewrite rule mapping the HTTP traffic to the specific DSCP value on R3.
D. Use the default settings already in place on the device.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 213
-- Exhibit
-- Exhibit --
In the exhibit, Switch A is an EX4200. VLAN10 is receiving tagged as well as untagged traffic from different ports. The administrator wants to mirror all tagged and
untagged traffic entering VLAN10 to analyzer port ge-0/0/10. All VLAN tags must be preserved for traffic that is mirrored to the analyzer port.
A. set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface xe- 1/0/0.0
set ethernet-switching-options analyzer vlan10_analyzer input vlan VLAN10 interface ge-0/0/2 set ethernet-switching-options analyzer vlan10_analyzer output
interface ge-0/0/10.0
B. set ethernet-switching-options analyzer vlan10_analyzer input interface xe-1/0/0.0 set ethernet-switching-options analyzer vlan10_analyzer input interface ge-
0/0/2 set ethernet-switching-options analyzer vlan10_analyzer output interface ge-0/0/10.0
C. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10 set ethernet-switching-options analyzer vlan10_analyzer output interface
ge-0/0/10.0 set vlans default interface ge-0/0/10.0
D. set ethernet-switching-options analyzer vlan10_analyzer input ingress vlan VLAN10 set ethernet-switching-options analyzer vlan10_analyzer output interface
ge-0/0/10.0 set vlans VLAN10 interface ge-0/0/10.0
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 214
-- Exhibit
-- Exhibit --
A. R6-R5
B. R6-R4-R5
C. R6-R4-R5-R2
D. R6-R4-R3-R2
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 215
-- Exhibit
-- Exhibit --
Based on the exhibit, which statement about the Layer 2 topology is true?
A. A port on switch 3 or switch 4 towards the CST root (switch 6) is blocking traffic.
B. A total of 64 MST instances for MST region A and region B can be configured.
C. MSTI BPDUs are exchanged between MST regions and the CST root bridge.
D. IST BPDUs are exchanged only between switches 1 and 2, and between switches 6 and 7.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 216
-- Exhibit --
{master:0}[edit]
user@router# run show ospf interface vl-10.20.10.2 extensive Interface State Area DR ID BDR ID Nbrs
vl-10.20.10.2 Down 0.0.0.0 0.0.0.0 0.0.0.0 0
TypE. Virtual, Address: 0.0.0.0, Mask: 0.0.0.0, MTU: 0, Cost: 1 Transit AreA. 0.0.0.1
Adj count: 0
Hello: 10, DeaD. 40, ReXmit: 5, Not Stub
Auth typE. None
Protection typE. None, No eligible backup
Topology default (ID 0) -> Down, Cost: 0
-- Exhibit --
Your company is integrating another OSPF area into your existing OSPF infrastructure. You created a virtual link that spans Area 2 and connects Area 3 to the
backbone area.
A. The interface configured for the virtual link is incorrect. It should be a vt and not a vl interface.
B. No designated router (DR) has been elected.
C. The backup route to Area 2 has not been configured.
D. The wrong transit area is configured.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 217
-- Exhibit
-- Exhibit --
In the exhibit, an EBGP session is currently established between R1 and R2. R2 changes its import policy to accept 10 of the routes it previously denied from R1.
Which BGP capability must be negotiated on the BGP session for R2 to install the routes accepted by the new policy?
A. route refresh
B. AddPath
C. outbound route filtering (ORF)
D. multiprotocol BGP (MBGP)
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 218
-- Exhibit --
inet6.0: 10 destinations, 14 routes (10 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path
2001:1:2::/64 2001:ffff::3:3 100 I
inet6.0: 10 destinations, 14 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both
user@router>
-- Exhibit --
You are using an IBGP route reflector within your network. Your route reflector has received the 2001:1:2::/64 prefix, but it is not advertising the prefix to its cluster
members. After examining the route reflector, you notice the output shown in the exhibit.
Which configuration statement causes the route reflector to transmit the route to its IBGP peers?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 219
-- Exhibit --
{master:0}[edit]
user@router# show class-of-service
classifiers {
inet-precedence normal-traffic {
forwarding-class best-effort {
loss-priority low code-points [ my1 my2 ];
}
}
}
code-point-aliases {
inet-precedence {
my1 000;
my2 001;
}
}
scheduler-maps {
one {
forwarding-class expedited-forwarding scheduler special; forwarding-class best-effort scheduler normal;
}
}
schedulers {
special {
transmit-rate percent 30;
priority strict-high;
}
normal {
transmit-rate percent 70;
priority low;
}
}
-- Exhibit --
The configuration in the exhibit shows incoming traffic with specific IP precedence bits that should be mapped to a forwarding class named best-effort.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 220
-- Exhibit
-- Exhibit --
Based on the exhibit, why is R2 marking the routes coming from AS 200 as hidden?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 221
-- Exhibit --
Based on the configuration in the exhibit, which routing table is used for IPv4 multicast RPF checks?
A. inet.0
B. inet.2
C. foo.inet.0
D. inet.8
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference: